CN113472545B - Equipment network access method, device, equipment, storage medium and communication system - Google Patents
Equipment network access method, device, equipment, storage medium and communication system Download PDFInfo
- Publication number
- CN113472545B CN113472545B CN202111014494.5A CN202111014494A CN113472545B CN 113472545 B CN113472545 B CN 113472545B CN 202111014494 A CN202111014494 A CN 202111014494A CN 113472545 B CN113472545 B CN 113472545B
- Authority
- CN
- China
- Prior art keywords
- signaling
- signaling gateway
- terminal equipment
- gateway
- target
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000004891 communication Methods 0.000 title claims abstract description 42
- 238000000034 method Methods 0.000 title claims abstract description 42
- 230000011664 signaling Effects 0.000 claims abstract description 279
- 238000012545 processing Methods 0.000 claims abstract description 8
- 230000006870 function Effects 0.000 claims description 26
- 230000006855 networking Effects 0.000 claims description 14
- 230000002159 abnormal effect Effects 0.000 claims description 5
- 230000004044 response Effects 0.000 claims description 5
- 230000009286 beneficial effect Effects 0.000 abstract description 2
- 230000008569 process Effects 0.000 description 10
- 230000003993 interaction Effects 0.000 description 9
- 238000010586 diagram Methods 0.000 description 5
- 238000012790 confirmation Methods 0.000 description 3
- 238000005516 engineering process Methods 0.000 description 2
- 230000006399 behavior Effects 0.000 description 1
- 230000005540 biological transmission Effects 0.000 description 1
- 238000004590 computer program Methods 0.000 description 1
- 238000010219 correlation analysis Methods 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 238000001514 detection method Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0876—Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Power Engineering (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The embodiment of the invention provides a device network access method, a device, equipment, a storage medium and a communication system, wherein the method comprises the following steps: the first signaling gateway responds to a first registration request sent by the terminal equipment and sends authentication parameters to the terminal equipment; receiving a second registration request sent by the terminal equipment, wherein the second registration request comprises an authentication parameter generated by the terminal equipment according to the authentication parameter; and if the terminal equipment meets the authentication condition according to the authentication parameters, selecting a target second signaling gateway from the plurality of second signaling gateways, and sending the identification information of the target second signaling gateway to the terminal equipment so that the terminal equipment is accessed to the target second signaling gateway. By introducing the uniform first signaling gateway and scheduling the gateways by the first signaling gateway, the terminal equipment can only configure the identification information of the first signaling gateway without paying attention to the information of a plurality of second signaling gateways, thereby simplifying the user operation and being beneficial to improving the processing efficiency of the equipment for accessing the network.
Description
Technical Field
The present invention relates to the field of communications technologies, and in particular, to a device network access method, apparatus, device, storage medium, and communication system.
Background
In the field of communications, communication protocols often involve protocols at both the data plane and the control plane. In brief, a control plane, also commonly referred to as a signaling plane, mainly defines a method for both communication parties to negotiate some parameters and control message transmission. The data plane mainly defines a method for transmitting data such as audio and video, characters, files and the like by two communication parties.
On the network side, the main functional entities involved in the signaling plane include signaling gateways (which may also be referred to as signaling servers), and relatively, the functional entities involved in the data plane may include data servers. Before a device side (also commonly referred to as a user side) wants to perform data interaction with a data server, a signaling gateway corresponding to the data server needs to be accessed first, that is, registration with the signaling gateway needs to be completed.
In practical applications, for example, a set of communication system suitable for some application scenarios is built, and in the communication system, signaling gateways arranged at different places and data servers arranged at different places may be included. For example, when a device in the a site needs to access the network, the user may configure information such as an IP address of the signaling gateway in the a site for the device in advance, so that the device triggers a registration procedure to the signaling gateway in the a site, and access to the network is realized through the signaling gateway. If the signaling gateway of the A place is damaged, the user also needs to configure information of another signaling gateway, such as the information of the signaling gateway of the B place, to the device in advance so as to access the network through the signaling gateway of the B place. Therefore, a user needs to know the relevant information of a plurality of signaling gateways and perform relevant configuration for the device, so that the device can reliably access the network. The network access mode of the device not only deteriorates the usability of the communication system, but also causes inconvenience for the user and low processing efficiency of network access of the device.
Disclosure of Invention
The embodiment of the invention provides a device network access method, a device, equipment, a storage medium and a communication system, which can realize the efficient network access of terminal equipment.
In a first aspect, an embodiment of the present invention provides a device networking method, which is applied to a first signaling gateway, and the method includes:
sending authentication parameters to the terminal equipment in response to a first registration request sent by the terminal equipment;
receiving a second registration request sent by the terminal equipment, wherein the second registration request comprises an authentication parameter generated by the terminal equipment according to the authentication parameter;
if the terminal equipment is determined to meet the authentication condition according to the authentication parameters, selecting a target second signaling gateway from the plurality of second signaling gateways;
and sending the identification information of the target second signaling gateway to the terminal equipment so that the terminal equipment is accessed to the target second signaling gateway.
In a second aspect, an embodiment of the present invention provides an apparatus for accessing a network for a device, where the apparatus is applied to a first signaling gateway, and the apparatus includes:
the terminal equipment comprises a sending module, a receiving module and a sending module, wherein the sending module is used for responding to a first registration request sent by the terminal equipment and sending authentication parameters to the terminal equipment;
a receiving module, configured to receive a second registration request sent by the terminal device, where the second registration request includes an authentication parameter generated by the terminal device according to the authentication parameter;
the selection module is used for selecting a target second signaling gateway from the plurality of second signaling gateways if the terminal equipment is determined to meet the authentication condition according to the authentication parameters;
the sending module is further configured to send the identification information of the target second signaling gateway to the terminal device, so that the terminal device accesses the target second signaling gateway.
In a third aspect, an embodiment of the present invention provides a signaling gateway, including: a memory, a processor, a communication interface; wherein the memory has stored thereon executable code which, when executed by the processor, causes the processor to implement at least the device networking method of the first aspect.
In a fourth aspect, an embodiment of the present invention provides a non-transitory machine-readable storage medium, having stored thereon executable code, which, when executed by a processor of a signaling gateway, causes the processor to implement at least the device networking method according to the first aspect.
In a fourth aspect, an embodiment of the present invention provides a communication system, including:
the system comprises terminal equipment, a first signaling gateway and a plurality of second signaling gateways, wherein the first signaling gateway is used for scheduling the second signaling gateways;
the first signaling gateway is used for responding to a first registration request sent by terminal equipment and sending authentication parameters to the terminal equipment; receiving a second registration request sent by the terminal equipment, wherein the second registration request comprises an authentication parameter generated by the terminal equipment according to the authentication parameter; if the terminal equipment is determined to meet the authentication condition according to the authentication parameters, selecting a target second signaling gateway from the plurality of second signaling gateways; sending the identification information of the target second signaling gateway to the terminal equipment;
the terminal device is configured to send a first registration request to the first signaling gateway, receive the authentication parameter sent by the first signaling gateway, generate the authentication parameter according to the authentication parameter, send the second registration request to the first signaling gateway, where the second registration request includes the authentication parameter, and receive the identification information of the target second signaling gateway sent by the first signaling gateway, so as to access the target second signaling gateway;
and the target second signaling gateway is used for processing the access of the terminal equipment.
In the solution provided in the embodiment of the present invention, a unified signaling gateway, referred to as a first signaling gateway, is introduced for scheduling a plurality of signaling gateways (referred to as second signaling gateways) that have been deployed in a system before. For the terminal device which needs to access the network, i.e. access the communication system, the identification information of the first signaling gateway, such as an IP address, etc., is configured in the terminal device in advance. Therefore, when the terminal equipment needs to access the network, the first registration request is sent to the first signaling gateway, and the first signaling gateway further sends the authentication parameters to the terminal equipment. The terminal equipment generates authentication parameters according to the received authentication parameters and sends a second registration request containing the authentication parameters to the first signaling gateway. And when the first signaling gateway determines that the terminal equipment meets the authentication condition according to the authentication parameters, scheduling the plurality of second signaling gateways to select a target second signaling gateway from the plurality of second signaling gateways and sending the identification information of the target second signaling gateway to the terminal equipment. And the terminal equipment initiates a standard registration process to the target second signaling gateway based on the identification information of the target second signaling gateway so as to access the target second signaling gateway.
In the above scheme, by introducing the unified signaling gateway (i.e., the first signaling gateway), the unified signaling gateway schedules the signaling gateway that the terminal device can access, so that only the identification information of the unified signaling gateway can be configured in the terminal device, and there is no need to pay attention to the relevant information of multiple signaling gateways (i.e., the multiple second signaling gateways) actually deployed in the communication system, thereby simplifying user operation and contributing to improving the processing efficiency of device network access. In addition, the unified signaling gateway performs gateway scheduling on the terminal equipment after the terminal equipment passes authentication, so that the effectiveness of gateway scheduling is ensured.
Drawings
In order to more clearly illustrate the technical solutions in the embodiments of the present invention, the drawings needed to be used in the description of the embodiments are briefly introduced below, and it is obvious that the drawings in the following description are some embodiments of the present invention, and it is obvious for those skilled in the art to obtain other drawings based on the drawings without creative efforts.
Fig. 1 is a schematic diagram illustrating a communication system according to an embodiment of the present invention;
fig. 2 is an interaction flowchart of a device networking method according to an embodiment of the present invention;
fig. 3 is an interaction flowchart of another device networking method according to an embodiment of the present invention;
fig. 4 is a schematic structural diagram of an apparatus networking device according to an embodiment of the present invention;
fig. 5 is a schematic structural diagram of a signaling gateway corresponding to the device network access apparatus provided in the embodiment shown in fig. 4.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present invention clearer, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are some, but not all, embodiments of the present invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
In addition, the sequence of steps in each method embodiment described below is only an example and is not strictly limited.
Fig. 1 is a schematic composition diagram of a communication system according to an embodiment of the present invention, and as shown in fig. 1, the communication system includes: the terminal equipment, the first signaling gateway and a plurality of second signaling gateways. In the embodiments of the present invention, the functions provided by the first signaling gateway and the second signaling gateway are different, and in summary, the first signaling gateway is used to schedule a plurality of second signaling gateways.
The communication system provided by the embodiment of the invention can be applied to application scenes of the Internet of things such as security and the like. The terminal device may be different in different application scenarios. For example, in some traffic control application scenarios, the terminal device may be various traffic information acquisition devices and traffic signal control devices deployed on roadsides, such as a camera, a Road Side Unit (Road Side Unit, RSU for short), a speed limit board, a lane controller, and the like. For another example, in some security scenarios, the terminal device may be a camera, a voice player, a fingerprint acquirer, and the like deployed in a desired scenario.
In order to implement online control on these terminal devices, it is necessary to enable these terminal devices to access a network so as to obtain data collected by these terminal devices and perform some control operations on these terminal devices.
The network access of the terminal device can be realized only by a signaling gateway deployed in the communication system. However, in order to acquire data collected by the terminal device and perform correlation analysis, statistics, detection, and other processing on the data, the communication system may further include a data server. Only the embodiment of the present invention focuses on the process of accessing the terminal device to the network, and therefore, the interaction process between the data server and the terminal device is described too much.
In an alternative embodiment, the second signaling gateway may be deployed in a different area, and the data server may be deployed in a different area. For example, in fig. 1, a second signaling gateway is deployed in area 1, and a plurality of data servers are disposed in area 1; another second signaling gateway is deployed in the area 2, and a plurality of data servers are arranged in the area 2; another second signalling gateway is deployed in area 3 and a plurality of data servers are located in area 3. In practical applications, the data server may be a physical machine or a virtual machine.
It should be noted that the functions of the second signaling gateways disposed in different areas are the same, and all the functions provide a complete control plane function, and the control plane-related functions include negotiation of some communication-related parameters between two communication parties and interaction of control information, for example. In addition, the second signaling gateway in the same area has no binding relationship with the data server, that is, it is assumed that a certain terminal device needs to access the data server in the area 2, and when the terminal device accesses the second signaling gateway in the area 1, the second signaling gateway in the area 1 may also transmit the data sent by the terminal device to the data server in the area 2.
In the embodiment of the present invention, in a communication system including a plurality of second signaling gateways, a first signaling gateway is further deployed, and different from the second signaling gateways, the first signaling gateway can provide a complete control plane function, and for the control plane function, the first signaling gateway can only provide a device access function in a control plane.
In practical applications, a plurality of second signaling gateways included in the communication system are all gateways supporting an international communication standard, the first signaling gateway also supports the international communication standard, and if the second signaling gateway is called a common national standard gateway, the first signaling gateway can be called a unified national standard gateway. Wherein "unified" the two words can be understood as: for a plurality of terminal devices needing to access a network, the first signaling gateway is a uniform network access interface, and the device network access can be finally realized only through the control of the first signaling gateway.
It can be understood that, in the embodiment of the present invention, the network access of the device may be understood as that the terminal device finally establishes a connection with a certain second signaling gateway, where the second signaling gateway is used as a network device, and accessing the second signaling gateway indicates that the terminal device is accessed to the network and can perform online communication.
In the following, the operations involved in the first signaling gateway, the second signaling gateway, and the terminal device during the device network access process are summarized as follows:
the first signaling gateway is used for responding to a first registration request sent by the terminal equipment and sending authentication parameters to the terminal equipment; receiving a second registration request sent by the terminal equipment, wherein the second registration request comprises an authentication parameter generated by the terminal equipment according to the authentication parameter; if the terminal equipment is determined to meet the authentication condition according to the authentication parameters, selecting a target second signaling gateway from the plurality of second signaling gateways; sending the identification information of the target second signaling gateway to the terminal equipment;
the terminal device is used for sending a first registration request to the first signaling gateway, receiving authentication parameters sent by the first signaling gateway, generating authentication parameters according to the authentication parameters, sending a second registration request to the first signaling gateway, wherein the second registration request comprises the authentication parameters, receiving identification information of a target second signaling gateway sent by the first signaling gateway, and accessing the target second signaling gateway;
and the target second signaling gateway is used for processing the access of the terminal equipment.
The following describes the network access execution process of the device in detail with reference to some embodiments.
Fig. 2 is an interaction flowchart of a device networking method according to an embodiment of the present invention, and as shown in fig. 2, the method may include the following steps:
201. the terminal device sends a first registration request to the first signaling gateway.
202. The first signaling gateway sends the authentication parameters to the terminal device.
In an alternative embodiment, each terminal device that is qualified to access the communication system may be assigned a unique identifier within the communication system in advance, and the unique identifier may be carried in the first registration (register) request. Of course, it is understood that the first registration request further includes identification information such as an IP address and a port number of the terminal device, and an IP address and a port number of the first signaling gateway.
After receiving the first registration request, the first signaling gateway may feed back an authentication parameter to the terminal device if it is determined that the unique identifier is valid (exists in the database). The authentication parameters may include, for example, random numbers, authentication regimes, and the like. The authentication system refers to which authentication method, such as digest authentication, is used. Specifically, the first signaling gateway may perform signaling via standard: 401 Unauthorized feeds back authentication parameters to the terminal device.
203. And the terminal equipment sends a second registration request to the first signaling gateway, wherein the second registration request comprises an authentication parameter generated according to the authentication parameter.
And after receiving the authentication parameters, the terminal equipment generates authentication parameters according to the authentication parameters. In the process of generating the authentication parameters, not only the authentication parameters but also some locally stored information, such as a user name and a user password, may be used. The terminal device may encrypt the received authentication parameter, the user name and the user password corresponding to the terminal device by using a set encryption algorithm, so as to obtain a first authentication parameter (denoted as response 1). The set encryption algorithm is, for example, the MD5 algorithm, but not limited thereto.
Then, the terminal device may send a second registration (register) request carrying the first authentication parameter to the first signaling gateway, and in fact, the second registration request may further include the user name, the encryption algorithm identifier, the authentication parameter (such as the random number and the authentication system), and other parameters.
And the first signaling gateway triggers the authentication of the terminal equipment after receiving the second registration request. Specifically, the first signaling gateway may determine, based on a pre-stored user name and a user password of the terminal device, a user password corresponding to the user name in the second registration request, and then encrypt, by using the same encryption algorithm, the user name parsed from the second registration request, the queried user password, and the authentication parameter issued to the terminal device before, to obtain a second authentication parameter (denoted as response 2), and if the response2 is the same as the response1, it is determined that the terminal device passes the authentication, and otherwise, it is determined that the terminal device does not pass the authentication. And when the authentication is not passed, the first signaling gateway sends corresponding error prompt information to the terminal equipment.
204. And if the first signaling gateway determines that the terminal equipment meets the authentication condition according to the authentication parameters, selecting a target second signaling gateway from the plurality of second signaling gateways.
If the first signaling gateway determines that the terminal equipment meets the authentication condition according to the mode, namely passes the authentication, the first signaling gateway triggers the gateway scheduling for the terminal equipment, namely determines one signaling gateway which can be accessed by the terminal equipment from a plurality of second signaling gateways and is called a target second signaling gateway.
As mentioned above, the second signaling gateway is a gateway originally deployed in the communication system, and is a gateway providing a complete control plane function, i.e. a complete control plane function, including both a device access function and a control message interaction function. The purpose of accessing the communication system by the terminal device is to enable communication interaction between the control plane and the data plane, and therefore, the terminal device finally needs to access the communication system through a certain second signaling gateway. And which second signalling gateway the terminal device accesses is scheduled by the first signalling gateway.
It can be seen that, for the terminal device, it can be only pre-configured with the relevant information of the first signaling gateway, such as the IP address, the port number, etc., and the terminal device can communicate with the first signaling gateway without the relevant information of each second signaling gateway. That is, information of the second signaling gateway does not need to be configured for each terminal device.
Optionally, the first signaling gateway may select a target second signaling gateway from the plurality of second signaling gateways according to a preset scheduling policy, where the preset scheduling policy includes any one of: and scheduling according to the distance between the terminal equipment and different second signaling gateways, scheduling based on the load pressure of different second signaling gateways, and scheduling according to the binding relationship between the terminal equipment and the second signaling gateways.
It can be understood that the first signaling gateway may store identification information (such as an IP address, a port number, a domain name, a location, and the like) of each second signaling gateway, and the first signaling gateway may further interact with each second signaling gateway to obtain a load condition of each second signaling gateway, such as the number of terminal devices that are accessed.
The first policy is simply "near scheduling", and for example, if the terminal device that currently triggers the registration request is located at the a site, the second signaling gateway deployed at the a site may be preferentially allocated to the terminal device as the target second signaling gateway corresponding to the terminal device. The second policy is simply "load balancing", for example, if the load pressures of some current second signaling gateways are large, the target second signaling gateway corresponding to the terminal device may be selected as the second signaling gateway with the light load pressure. The third policy is simply "dedicated connection", for example, for some specific terminal devices, the target second signaling gateway corresponding to the terminal device is determined as a specific second signaling gateway.
205. And the first signaling gateway sends the identification information of the target second signaling gateway to the terminal equipment.
Optionally, the first signaling gateway may carry the identification information of the target second signaling gateway in the redirection signaling, so as to send the redirection signaling to the terminal device.
206. The terminal equipment accesses the target second signaling gateway.
The terminal equipment can access the target second signaling gateway through a standard access process. The access flow of the standard is illustrated in connection with fig. 3.
Fig. 3 is an interaction flowchart of another device networking method according to an embodiment of the present invention, and as shown in fig. 3, the method may include the following steps:
301. the terminal device sends a first registration request to the target second signaling gateway.
302. And the target second signaling gateway sends the authentication parameters to the terminal equipment.
303. And the terminal equipment sends a second registration request to the target second signaling gateway, wherein the second registration request comprises an authentication parameter generated according to the authentication parameter.
304. And the target second signaling gateway determines that the terminal equipment meets the authentication condition according to the authentication parameters and sends confirmation information to the terminal equipment.
In this embodiment, the execution process of the above steps is similar to the execution process of the corresponding steps in the embodiment shown in fig. 2, except that the main body interacting with the terminal device becomes the target second signaling gateway, and therefore, the detailed description is not repeated here. And based on the fact that the target second signaling gateway sends the confirmation information to the terminal equipment, namely the confirmation information indicates that the terminal equipment has accessed the target second signaling gateway, the data acquired by the subsequent terminal equipment can be sent to a data server which the terminal equipment wants to communicate through the target second signaling gateway, and the control information sent by the target second signaling gateway can also be received.
In an optional embodiment, after the terminal device accesses the target second signaling gateway, assuming that the target second signaling gateway is abnormal (e.g., crashed) so that the terminal device cannot connect to the target second signaling gateway, the terminal device may cause the first signaling gateway to allocate another available second signaling gateway for the terminal device by performing the method of the embodiment shown in fig. 2 again, so as to access the reallocated second signaling gateway. Or, optionally, the first signaling gateway may detect the states of the second signaling gateways periodically or in real time, and if a certain second signaling gateway is found to be abnormal, a new second signaling gateway may be scheduled for the terminal device accessing the second signaling gateway. That is to say, when the target second signaling gateway is abnormal, the first signaling gateway may select another second signaling gateway from the multiple second signaling gateways, and send the identification information of the another second signaling gateway to the terminal device, so that the terminal device accesses the another second signaling gateway.
To sum up, in the device network access scheme provided in the embodiment of the present invention, a first signaling gateway for scheduling each second signaling gateway that has been deployed in a communication system before is introduced, where the signaling gateway has a single function and is only responsible for a device access function of gateway scheduling and a control plane, so that all terminal devices that need to access the communication system only need to be configured with relevant information of the first signaling gateway, and can automatically access an appropriate second signaling gateway based on a scheduling result of the first signaling gateway, and a user does not need to perform a complex configuration operation, which is beneficial to improving processing efficiency of device network access. In addition, the first signaling gateway schedules the gateway at the time after the terminal device is authenticated, so that the terminal devices for which the gateway schedules are trusted, and the execution of the gateway scheduling behavior is guaranteed to be effective. In addition, the implementation of the scheme does not need to modify each second signaling gateway which is already arranged in the communication system, and the cost is low.
The device networking apparatus according to one or more embodiments of the present invention will be described in detail below. Those skilled in the art will appreciate that these means can each be constructed using commercially available hardware components and by performing the steps taught in this disclosure.
Fig. 4 is a schematic structural diagram of an apparatus for accessing a network according to an embodiment of the present invention, where the apparatus is located in the first signaling gateway. As shown in fig. 4, the apparatus includes: a sending module 11, a receiving module 12 and a selecting module 13.
A sending module 11, configured to send, in response to a first registration request sent by a terminal device, an authentication parameter to the terminal device.
A receiving module 12, configured to receive a second registration request sent by the terminal device, where the second registration request includes an authentication parameter generated by the terminal device according to the authentication parameter.
And the selecting module 13 is configured to select a target second signaling gateway from the plurality of second signaling gateways if it is determined that the terminal device satisfies the authentication condition according to the authentication parameter.
The sending module 11 is further configured to send the identification information of the target second signaling gateway to the terminal device, so that the terminal device accesses the target second signaling gateway.
Optionally, the second signaling gateway is a gateway providing a complete control plane function; the first signaling gateway is a gateway providing a gateway scheduling function and a device access function in a control plane.
Optionally, the sending module 11 is specifically configured to: and carrying the identification information of the target second signaling gateway in a redirection signaling so as to send the redirection signaling to the terminal equipment.
Optionally, the selecting module 13 is specifically configured to: selecting a target second signaling gateway from the plurality of second signaling gateways according to a preset scheduling policy, wherein the preset scheduling policy comprises any one of the following: and scheduling according to the distance between the terminal equipment and different second signaling gateways, scheduling based on the load pressure of different second signaling gateways, and scheduling according to the binding relationship between the terminal equipment and the second signaling gateways.
Optionally, the authentication parameters generated by the terminal device according to the authentication parameters include: and the terminal equipment generates a first authentication parameter according to the authentication parameter, the user name corresponding to the terminal equipment and the user password. Based on this, the selection module 13 is further configured to: encrypting a user name, a user password and the authentication parameter which are stored in advance and correspond to the terminal equipment according to a set encryption algorithm to obtain a second authentication parameter; and if the second authentication parameter is the same as the first authentication parameter, determining that the terminal equipment meets the authentication condition.
Optionally, the selecting module 13 is further configured to: if the target second signaling gateway is detected to be abnormal, selecting another second signaling gateway from the multiple second signaling gateways; and sending the identification information of the other second signaling gateway to the terminal equipment so as to enable the terminal equipment to access the other second signaling gateway.
The apparatus shown in fig. 4 may perform the steps performed by the first signaling gateway in the foregoing embodiment, and the detailed performing process and technical effect refer to the description in the foregoing embodiment, which are not described herein again.
In a possible design, the structure of the device networking apparatus shown in fig. 4 may be implemented as a signaling gateway, corresponding to the first signaling gateway in the foregoing, as shown in fig. 5, where the signaling gateway may include: a processor 21, a memory 22, and a communication interface 23. Wherein the memory 22 has stored thereon executable code which, when executed by the processor 21, makes the processor 21 at least to implement the device networking method as provided in the previous embodiments.
In addition, an embodiment of the present invention provides a non-transitory machine-readable storage medium, which stores executable codes thereon, and when the executable codes are executed by a processor of a signaling gateway, the processor is enabled to implement at least the device network entry method as provided in the foregoing embodiment.
The above-described apparatus embodiments are merely illustrative, wherein the units described as separate components may or may not be physically separate. Some or all of the modules may be selected according to actual needs to achieve the purpose of the solution of the present embodiment. One of ordinary skill in the art can understand and implement it without inventive effort.
Through the above description of the embodiments, those skilled in the art will clearly understand that each embodiment can be implemented by adding a necessary general hardware platform, and of course, can also be implemented by a combination of hardware and software. With this understanding in mind, the above-described aspects and portions of the present technology which contribute substantially or in part to the prior art may be embodied in the form of a computer program product, which may be embodied on one or more computer-usable storage media having computer-usable program code embodied therein, including without limitation disk storage, CD-ROM, optical storage, and the like.
Finally, it should be noted that: the above examples are only intended to illustrate the technical solution of the present invention, but not to limit it; although the present invention has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some technical features may be equivalently replaced; and such modifications or substitutions do not depart from the spirit and scope of the corresponding technical solutions of the embodiments of the present invention.
Claims (9)
1. A device networking method is applied to a first signaling gateway, and comprises the following steps:
sending authentication parameters to the terminal equipment in response to a first registration request sent by the terminal equipment;
receiving a second registration request sent by the terminal equipment, wherein the second registration request comprises an authentication parameter generated by the terminal equipment according to the authentication parameter;
if the terminal equipment is determined to meet the authentication condition according to the authentication parameters, selecting a target second signaling gateway from the plurality of second signaling gateways;
sending the identification information of the target second signaling gateway to the terminal equipment so that the terminal equipment is accessed to the target second signaling gateway;
the second signaling gateway is a gateway providing a complete control plane function; the first signaling gateway is a gateway providing a gateway scheduling function and a device access function in a control plane.
2. The method of claim 1, wherein sending the identification information of the target second signaling gateway to the terminal device comprises:
and carrying the identification information of the target second signaling gateway in a redirection signaling so as to send the redirection signaling to the terminal equipment.
3. The method of claim 1, wherein selecting the target second signaling gateway from the plurality of second signaling gateways comprises:
selecting a target second signaling gateway from the plurality of second signaling gateways according to a preset scheduling policy, wherein the preset scheduling policy comprises any one of the following: and scheduling according to the distance between the terminal equipment and different second signaling gateways, scheduling based on the load pressure of different second signaling gateways, and scheduling according to the binding relationship between the terminal equipment and the second signaling gateways.
4. The method of claim 1, wherein the authentication parameters generated by the terminal device according to the authentication parameters comprise: the terminal equipment generates a first authentication parameter according to the authentication parameter, a user name corresponding to the terminal equipment and a user password;
the method further comprises the following steps:
encrypting a user name, a user password and the authentication parameter which are stored in advance and correspond to the terminal equipment according to a set encryption algorithm to obtain a second authentication parameter;
and if the second authentication parameter is the same as the first authentication parameter, determining that the terminal equipment meets the authentication condition.
5. The method of claim 1, further comprising:
if the target second signaling gateway is detected to be abnormal, selecting another second signaling gateway from the multiple second signaling gateways;
and sending the identification information of the other second signaling gateway to the terminal equipment so as to enable the terminal equipment to access the other second signaling gateway.
6. An apparatus for accessing a network, located at a first signaling gateway, includes:
the terminal equipment comprises a sending module, a receiving module and a sending module, wherein the sending module is used for responding to a first registration request sent by the terminal equipment and sending authentication parameters to the terminal equipment;
a receiving module, configured to receive a second registration request sent by the terminal device, where the second registration request includes an authentication parameter generated by the terminal device according to the authentication parameter;
the selection module is used for selecting a target second signaling gateway from the plurality of second signaling gateways if the terminal equipment is determined to meet the authentication condition according to the authentication parameters;
the sending module is further configured to send the identification information of the target second signaling gateway to the terminal device, so that the terminal device accesses the target second signaling gateway; the second signaling gateway is a gateway providing a complete control plane function; the first signaling gateway is a gateway providing a gateway scheduling function and a device access function in a control plane.
7. A signaling gateway, comprising: a memory, a processor, a communication interface; wherein the memory has stored thereon executable code which, when executed by the processor, causes the processor to perform the device networking method of any of claims 1-5.
8. A non-transitory machine-readable storage medium having stored thereon executable code, which when executed by a processor of a signaling gateway, causes the processor to perform the device networking method of any of claims 1-5.
9. A communication system, comprising:
the system comprises terminal equipment, a first signaling gateway and a plurality of second signaling gateways, wherein the first signaling gateway is used for scheduling the second signaling gateways; the second signaling gateway is a gateway providing a complete control plane function; the first signaling gateway is a gateway providing a gateway scheduling function and a device access function in a control plane;
the first signaling gateway is used for responding to a first registration request sent by terminal equipment and sending authentication parameters to the terminal equipment; receiving a second registration request sent by the terminal equipment, wherein the second registration request comprises an authentication parameter generated by the terminal equipment according to the authentication parameter; if the terminal equipment is determined to meet the authentication condition according to the authentication parameters, selecting a target second signaling gateway from the plurality of second signaling gateways; sending the identification information of the target second signaling gateway to the terminal equipment;
the terminal device is configured to send a first registration request to the first signaling gateway, receive the authentication parameter sent by the first signaling gateway, generate the authentication parameter according to the authentication parameter, send the second registration request to the first signaling gateway, where the second registration request includes the authentication parameter, and receive the identification information of the target second signaling gateway sent by the first signaling gateway, so as to access the target second signaling gateway;
and the target second signaling gateway is used for processing the access of the terminal equipment.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111014494.5A CN113472545B (en) | 2021-08-31 | 2021-08-31 | Equipment network access method, device, equipment, storage medium and communication system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111014494.5A CN113472545B (en) | 2021-08-31 | 2021-08-31 | Equipment network access method, device, equipment, storage medium and communication system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN113472545A CN113472545A (en) | 2021-10-01 |
| CN113472545B true CN113472545B (en) | 2022-02-01 |
Family
ID=77866979
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111014494.5A Active CN113472545B (en) | 2021-08-31 | 2021-08-31 | Equipment network access method, device, equipment, storage medium and communication system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113472545B (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114143730B (en) * | 2022-01-29 | 2022-09-16 | 阿里巴巴达摩院(杭州)科技有限公司 | Signaling processing method, communication system, electronic device, and storage medium |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108683735A (en) * | 2018-05-15 | 2018-10-19 | 北京字节跳动网络技术有限公司 | Apparatus control method and device |
| CN112039909A (en) * | 2020-09-03 | 2020-12-04 | 平安科技(深圳)有限公司 | Authentication method, device, equipment and storage medium based on unified gateway |
| CN112135293A (en) * | 2019-06-24 | 2020-12-25 | 华为技术有限公司 | Method for accessing mobile core network through fixed access equipment |
Family Cites Families (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP3678161B2 (en) * | 2001-04-11 | 2005-08-03 | 日本電気株式会社 | Gateway system and management management method used therefor |
| US9515995B2 (en) * | 2013-12-27 | 2016-12-06 | Futurewei Technologies, Inc. | Method and apparatus for network address translation and firewall traversal |
| EP3823218A1 (en) * | 2016-12-22 | 2021-05-19 | Huawei Technologies Co., Ltd. | Gateway selection method, device, and system |
| CN110012107B (en) * | 2019-04-15 | 2022-07-26 | 深圳市网心科技有限公司 | Data communication method, equipment, device, system and storage medium |
| CN110838991B (en) * | 2019-11-05 | 2023-05-16 | 达闼机器人股份有限公司 | Gateway connection method, device, storage medium, electronic equipment and gateway equipment |
-
2021
- 2021-08-31 CN CN202111014494.5A patent/CN113472545B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108683735A (en) * | 2018-05-15 | 2018-10-19 | 北京字节跳动网络技术有限公司 | Apparatus control method and device |
| CN112135293A (en) * | 2019-06-24 | 2020-12-25 | 华为技术有限公司 | Method for accessing mobile core network through fixed access equipment |
| CN112039909A (en) * | 2020-09-03 | 2020-12-04 | 平安科技(深圳)有限公司 | Authentication method, device, equipment and storage medium based on unified gateway |
Also Published As
| Publication number | Publication date |
|---|---|
| CN113472545A (en) | 2021-10-01 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| JP2020080530A (en) | Data processing method, device, terminal, and access point computer | |
| CN110414268A (en) | Access control method, device, equipment and storage medium | |
| RU2676896C2 (en) | Method and system related to authentication of users for accessing data networks | |
| CN107122674B (en) | Access method of oracle database applied to operation and maintenance auditing system | |
| WO2014048749A1 (en) | Inter-domain single sign-on | |
| CN102710640A (en) | Authorization requesting method, device and system | |
| CN110069909B (en) | Method and device for login of third-party system without secret | |
| CN111131416A (en) | Business service providing method and device, storage medium and electronic device | |
| US20170070486A1 (en) | Server public key pinning by url | |
| CN104753674A (en) | Application identity authentication method and device | |
| CN114995214A (en) | Method, system, device, equipment and storage medium for remotely accessing application | |
| CA3127882A1 (en) | Short message sending method, device, and computer system | |
| CN110602130B (en) | Terminal authentication system and method, equipment terminal and authentication server | |
| CN112968910A (en) | Replay attack prevention method and device | |
| CN109218334A (en) | Data processing method, device, access control equipment, certificate server and system | |
| CN109088890A (en) | A kind of identity identifying method, relevant apparatus and system | |
| CN102045310B (en) | Industrial Internet intrusion detection as well as defense method and device | |
| CN113472545B (en) | Equipment network access method, device, equipment, storage medium and communication system | |
| CN111431957B (en) | File processing method, device, equipment and system | |
| CN108462681B (en) | Communication method, device and system of heterogeneous network | |
| US20080022004A1 (en) | Method And System For Providing Resources By Using Virtual Path | |
| US9071596B2 (en) | Securely establishing a communication channel between a switch and a network-based application using a unique identifier for the network-based application | |
| CN109587134A (en) | Method, apparatus, equipment and the medium of the safety certification of interface bus | |
| CN107045603A (en) | Control method and device are called in a kind of application | |
| CN108768987B (en) | Data interaction method, device and system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |