CN100486158C - Subscriber authentication realizing method in broadband access network - Google Patents
Subscriber authentication realizing method in broadband access network Download PDFInfo
- Publication number
- CN100486158C CN100486158C CNB2006100111090A CN200610011109A CN100486158C CN 100486158 C CN100486158 C CN 100486158C CN B2006100111090 A CNB2006100111090 A CN B2006100111090A CN 200610011109 A CN200610011109 A CN 200610011109A CN 100486158 C CN100486158 C CN 100486158C
- Authority
- CN
- China
- Prior art keywords
- user
- physical port
- port information
- broadband access
- authentication
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Abstract
The invention relates to a method for realizing user identification in wideband access network, wherein it uses wideband access device to insert the user accessed physical port information into data report of terminal dynamic request IP address; the identifying platform analyzes the physical port information from report to process user identification. The invention can position the wideband access user port, and complete the mark and identification of dynamic request IP address user.
Description
Technical field
The present invention relates to the implementation method of authentification of user in a kind of broadband access network, relate in particular to and a kind ofly need not to input under the usemame/password condition of (or terminal does not need configure user name/password) the user, the physical port that relies on access device identification to insert the user is realized the method for authentification of user.
Background technology
Along with based on day by day the popularizing of the networking of IP (Internet Protocol, Internet protocol) technology, and the enriching constantly of customer service type, operator need strengthen and carries out meticulousr and control ability flexibly to user service data.At present IP DSLAM (DSL local side apparatus) is as the main access device of DSL, the BAS of its upstream (BAS Broadband Access Server) can't or be difficult to obtain user port information from the Ethernet data bag, thereby can not carry out unified authentication management to user port, it is stolen to take precautions against user account effectively.
Summary of the invention
Technical problem to be solved by this invention is to provide the implementation method of authentification of user in a kind of broadband access network, solve wide band access user port locations problem, and finish sign and authentication to dynamic application IP address user by port locations, simplify the configuration and the input of terminal.
To achieve these goals, the invention provides the implementation method of authentification of user in a kind of broadband access network, its characteristics are, the physical port information of utilizing broadband access equipment that the user is inserted is inserted terminal and is dynamically applied in the data message of IP address, parses this physical port information by authentication platform from association message and carries out authentification of user.
The implementation method of authentification of user in the above-mentioned broadband access network, its characteristics are that this method comprises the steps:
Step 1, user terminal is initiated the user authentication request message;
Step 2, broadband access equipment intercept this request message as relay agent, and insert physical port information in message;
Step 3, the request message that broadband access equipment will insert physical port information is transmitted to server;
Step 4, the authentication platform on the server parse this physical port information from the packet of this request message, and this physical port information delivered in the authentication database authenticate;
The user account that obtains when step 5, authentication platform are opened an account by the user and the binding relationship of physical port information authenticate this physical port information;
Step 6, authentication platform is with the authentication result announcement server;
Step 7 after server is received authentication result, is confirmed authentication result to user terminal, and is terminal distribution IP address.
The implementation method of authentification of user in the above-mentioned broadband access network, its characteristics are that the physical port information of described insertion comprises: one of them in access node sign, access node shelf number, access node frame number, access node slot number and pilot trench item, these information of access node port numbers or the wherein combination of a plurality of information.
The implementation method of authentification of user in the above-mentioned broadband access network, its characteristics are that described broadband access equipment is DSL local side apparatus or BAS Broadband Access Server.
User authen method of the present invention, utilization is dynamically applied in the process of IP address in terminal, in data message, dock the physical port information authentication of access customer simultaneously, overcome the shortcoming that can not realize user and on-position binding in the existing broadband access network in the authentification of user implementation method, solved stolen, the problem that the number of the account multiple spot inserts of present ubiquitous broadband user's number of the account.
Describe the present invention below in conjunction with the drawings and specific embodiments, but not as a limitation of the invention.
Description of drawings
Fig. 1 is an authentification of user schematic flow sheet of the present invention;
Fig. 2 is the handling process schematic diagram of DHCP Option82 module of the present invention.
Embodiment
The implementation method of authentification of user of the present invention mainly solves wide band access user port locations problem, can dynamically apply in the process of IP address in terminal, in the packet of interactive information, increase access link information by access device (BAS Broadband Access Server, DSLAM), finish the sign and the authentication of butt joint access customer by this method.
Authentification of user implementation method of the present invention is that physical port information that broadband access equipment inserts the user inserts terminal and dynamically apply in the data message of IP address, and authentication platform can parse these and carries out authentification of user by information that access device inserts from association message.
The authentification of user implementation method of the present invention and the dynamic protocol-independent of the concrete use of application IP address institute, be that example is elaborated to authentification of user implementation method of the present invention only below to adopt DHCP (Dynamic Host Control Protocol) agreement, not as limitation of the present invention, this method comprises the steps:
(1) user terminal is initiated the DHCP identifying procedure;
(2) broadband access equipment intercepts the DHCP request message, and insert physical port information (Duan Kouhao VLAN ID PVC etc.) in message, as DHCP Option82 Optional Field as the Relay Agent (relay agent) of DHCP;
(3) the access device DHCP request message that will insert physical port information is transmitted to DHCPServer;
(4) DHCP Server termination DHCP obtains physical port information from the option82 Option Field of DHCP packet, these information is delivered in the authentication database together authenticate;
The user account that obtains when (5) authentication platform is opened an account by the user and the binding relationship of physical port information, the physical port information that DHCP Server is sent here authenticates;
(6) authentication platform is notified DHCP Server with authentication result;
(7) after DHCP Server receives authentication result,, and be terminal distribution IP address to the terminal check authentication result.
In the present invention, need the broadband access line identification of insertion can comprise following content: access node sign (as DSLAM equipment), access node shelf number, access node frame number, access node slot number and pilot trench item, access node port numbers.
In the present embodiment, need go up the Relay Agent function that realizes DHCP Option82 at access device (DSLAM or BAS):
(1) realize DHCP Relay Agent function, provide the specifying information of circuit to DHCP server, so as DHCP server in conjunction with this information to distributing IP address and other parameter;
(2) realize DHCP Relay Agent function, transmit the packet of the band Agent information of other Relay Agent transmission.
Wherein, DHCP option82 module mainly realizes the function described among the rfc3046, the user side transmitted DHCP broadcast packet is monitored and is revised, and the additional marking in the DHCP server response packet is removed.In addition, DHCP option82 module should be able to be transmitted the packet of the band DHCP option82 of other DHCP relay agent transmission.As shown in Figure 2, for DHCP option82 module DHCP is asked broadcast packet and response packet handling process, it comprises the steps:
Does step 202 judge whether it is DHCP request broadcast packet? if DHCP request broadcast packet then forwards step 203 to, otherwise forwards step 210 to;
Does step 203 judge that the giaddr field in the DHCP bag is 0? be 0 commentaries on classics step 204, otherwise change step 207;
Is step 204 judged in the DHCP bag to comprise DHCP relay option option? if comprise, then forward step 208 to, otherwise forward step 205 to;
Is step 207 judged the whether IP address of relay agent of giaddr? if then execution in step 208;
Does step 210 judge whether it is the DHCP response packet? if then execution in step 211;
Does step 211 judge that the giaddr field in the DHCP bag is 0? if then execution in step 212;
Certainly; the present invention also can have other various embodiments; under the situation that does not deviate from spirit of the present invention and essence thereof; those of ordinary skill in the art work as can make various corresponding changes and distortion according to the present invention, but these corresponding changes and distortion all should belong to the protection range of the appended claim of the present invention.
Claims (3)
1, the implementation method of authentification of user in a kind of broadband access network, it is characterized in that, the physical port information of utilizing broadband access equipment that the user is inserted is inserted terminal and is dynamically applied in the data message of IP address, parse this physical port information by authentication platform from association message and carry out authentification of user, this method comprises the steps:
Step 1, user terminal is initiated the user authentication request message;
Step 2, broadband access equipment intercept this request message as relay agent, and insert physical port information in message;
Step 3, the request message that broadband access equipment will insert physical port information is transmitted to server;
Step 4, the authentication platform on the server parse this physical port information from the packet of this request message, and this physical port information delivered in the authentication database authenticate;
The user account that obtains when step 5, authentication platform are opened an account by the user and the binding relationship of physical port information authenticate this physical port information;
Step 6, authentication platform is with the authentication result announcement server;
Step 7 after server is received authentication result, is confirmed authentication result to user terminal, and is terminal distribution IP address.
2, the implementation method of authentification of user in the broadband access network according to claim 1, it is characterized in that the physical port information of described insertion comprises: one of them in access node sign, access node shelf number, access node frame number, access node slot number and pilot trench item, these information of access node port numbers or the wherein combination of a plurality of information.
3, the implementation method of authentification of user in the broadband access network according to claim 2 is characterized in that, described broadband access equipment is DSL local side apparatus or BAS Broadband Access Server.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNB2006100111090A CN100486158C (en) | 2006-01-05 | 2006-01-05 | Subscriber authentication realizing method in broadband access network |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNB2006100111090A CN100486158C (en) | 2006-01-05 | 2006-01-05 | Subscriber authentication realizing method in broadband access network |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN1968087A CN1968087A (en) | 2007-05-23 |
| CN100486158C true CN100486158C (en) | 2009-05-06 |
Family
ID=38076660
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CNB2006100111090A Active CN100486158C (en) | 2006-01-05 | 2006-01-05 | Subscriber authentication realizing method in broadband access network |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN100486158C (en) |
Families Citing this family (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101335668B (en) * | 2007-06-27 | 2012-02-08 | 中兴通讯股份有限公司 | Wideband network and user management method based on GPON access |
| CN101374045B (en) * | 2007-08-21 | 2011-07-13 | 中兴通讯股份有限公司 | Method for implementing user port orientation on GPON access equipment |
| CN101374046B (en) * | 2007-08-23 | 2011-01-05 | 中兴通讯股份有限公司 | Method for implementing user port orientation on wideband access equipment |
| CN101141411B (en) * | 2007-10-17 | 2011-09-21 | 中兴通讯股份有限公司 | Method for implementing user port location in passive optical network access equipment |
| CN101888389B (en) * | 2010-07-19 | 2013-04-17 | 中国电信股份有限公司 | Method and system for realizing uniform authentication of ICP union |
| CN104917849B (en) | 2014-03-11 | 2018-09-07 | 华为技术有限公司 | A kind of message treatment method, access controller and network node |
| CN106453680B (en) * | 2016-10-10 | 2020-06-09 | 新华三信息技术有限公司 | IP address allocation method and device |
| CN108377569A (en) * | 2016-10-17 | 2018-08-07 | 华为技术有限公司 | The method and Provider Equipment of distributing user mark |
-
2006
- 2006-01-05 CN CNB2006100111090A patent/CN100486158C/en active Active
Also Published As
| Publication number | Publication date |
|---|---|
| CN1968087A (en) | 2007-05-23 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN100486158C (en) | Subscriber authentication realizing method in broadband access network | |
| CN102726069B (en) | The dynamic Service group of dialogue-based attribute | |
| CN101174952B (en) | Automatic authentication method and device for IPTV service | |
| CN101374045B (en) | Method for implementing user port orientation on GPON access equipment | |
| CN102480399B (en) | Based on multi-service authentication method and the system of IPoE | |
| CN103873449B (en) | Method for network access and system | |
| CN106878483A (en) | A kind of IP address distribution method and device | |
| US20100023603A1 (en) | Method, system and apparatus for provisioning a communication client | |
| CN101834783B (en) | Method and device for forwarding messages and network equipment | |
| US20110129221A1 (en) | method for implementing subscriber port positioning by broadband access equipments | |
| CN108022100B (en) | Cross authentication system and method based on block chain technology | |
| CN103780711A (en) | Address assignment method and address assignment system for intelligent access type decision, and AAA system | |
| CN101567883B (en) | Realization method for preventing MAC address forgery | |
| CN103516760B (en) | A kind of Virtual Networking System cut-in method, apparatus and system | |
| CN100473037C (en) | Method for realizing distributed DHCP relay | |
| CN102098278B (en) | Subscriber access method and system as well as access server and device | |
| CN101834864A (en) | Method and device for preventing attack in three-layer virtual private network | |
| CN107710634B (en) | Communication means and equipment based on optical network system | |
| CN101141411B (en) | Method for implementing user port location in passive optical network access equipment | |
| CN103888435B (en) | For the methods, devices and systems of business admission control | |
| CN103888307A (en) | Method, user side board card and broadband access gateway used for optimizing deep packet detection | |
| CN102546331A (en) | Method and device for transmitting service information | |
| CN107071900A (en) | A kind of user facility positioning method and device | |
| CN106454823A (en) | Authentication method for network security access and authentication system for implementing method | |
| CN102916834A (en) | Service device and implementing method for broadband account password resetting |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| C41 | Transfer of patent application or patent right or utility model | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20161024 Address after: 518057 Nanshan District, Guangdong high tech Industrial Park, science and Technology Industrial Park, ZTE building, block A, layer 6, layer Patentee after: ZTE Corporation Patentee after: China Telecommunication Co., Ltd. Address before: 518057 Nanshan District, Guangdong high tech Industrial Park, science and Technology Industrial Park, ZTE building, block A, layer 6, layer Patentee before: ZTE Corporation Patentee before: Fujian Telecommunication Co., Ltd. |