CN100579013C

CN100579013C - Access authentication system and method for global access mutual operation network

Info

Publication number: CN100579013C
Application number: CN200510063301A
Authority: CN
Inventors: 赵毅; 高江海
Original assignee: Huawei Technologies Co Ltd
Current assignee: Huawei Technologies Co Ltd
Priority date: 2005-04-06
Filing date: 2005-04-06
Publication date: 2010-01-06
Anticipated expiration: 2025-04-06
Also published as: CN1845490A

Abstract

The disclosed access certification system in internet comprises a device terminal and AS. Besides, it also discloses an access certification method in WiMAX network, which comprises: A. with indication of device terminal, the user terminal sends self identification information to the AS; B. the AS generates certification cipher by received information, and transmits the cipher to user terminal to record the correspondence relation; C. with indication of device terminal, the user terminal sends self identification information and received cipher to the AS for certification. This invention improves the access security.

Description

A kind of access authentication system of global access mutual operation network and method

Technical field

The present invention relates to wireless broad band technology, relate in particular to the access authentication system and the method for a kind of global access mutual operation (WiMAX) network.

Background technology

Flourish along with global communications market, the type of service of the communications field and number of users all increase greatly, and the demand of the network equipment is also improved thereupon.But the anxiety of land resource makes the laying of the communications cable encounter difficulties, and then brings big resistance for the increase of the network equipment.Based on the problem that occurs in the above-mentioned wireline communication network, WiMAX inserts (BWA) technology and arises at the historic moment.In order to accelerate the BWA The Application of Technology, in December calendar year 2001, Institute of Electrical and Electric Engineers (IEEE) has been issued and has been used for providing IEEE 802.16 standards of last kilometer WiMAX access and the WiMAX network that uses this standard at metropolitan area network.

802.16 standard code the WiMAX system comprise physical layer (PHY) and media access control layer (MAC).Wherein, the PHY layer is finished physically to operations such as the modulation of signal and encoding and decoding; The MAC layer is mainly finished the medium access control function of WiMAX system.

As shown in Figure 1, use in the WiMAX network of above-mentioned PHY layer and MAC layer, mainly comprise the base station (BS) and the Access Service Network Gateway (ASN GW) that meet 802.16 series standards, wherein BS is used to and uses the mobile subscriber terminal (MSS) of WiMAX network that wireless access is provided, ASN GW is used for carrying out protocol conversion between WiMAX network and other networks, and control MSS inserts the WiMAX network.When MSS inserts such as core net such as global system for mobile communications (GSM), code division multiple access (CDMA) system and Wideband Code Division Multiple Access (WCDMA) (WCDMA) systems by WiMAX, MSS and BS are by mutual, the physics of finishing between MSS and BS reaches capability negotiation synchronously, and MSS is registered on the BS; Then, MSS is mutual with ASN GW again, makes ASN GW get access to the procotol of this MSS (IP) address, so that after being linked into CN; Then, ASN GW is linked among the CN, realizes that MSS realizes the purpose of wireless access by the WiMAX network; And after this CN by ASN GW and BS, is routed to control information and data message on the IP address of this MSS again.

It is strong and can carry out advantage such as Quality of Service control that the WiMAX network has wide coverage, extensibility.Specific as follows:

1. broadband wireless access, wide coverage.

The WiMAX network is owing to employing OFDM (OFDM) modulation system makes maximum communication distance can reach 50km, and transmission rate is up to 75Mbps.The antenna technologies such as advanced networks topological sum such as beam shaping, STC and antenna diversity of this network using such as mesh network further improve coverage in addition.

2. extensibility is strong

At the PHY layer, 802.16 standards are also supported the test of automatic transmission power control and channel quality except supporting radio-frequency channel bandwidth flexibly and channel multiplexing, therefore can optimize plot planning and deployment, and realize effective use of frequency spectrum.In addition, the WiMAX system is to the support of multichannel bandwidth, makes equipment manufacturers can adapt to national governments and frequency spectrum is used and distributes and unique control way of formulating.

3.QoS control

802.16 the WiMAX network can provide multiple COS and service level according to actual conditions, wherein MAC layer complete face guaranteed professional reliability fully to connecting; In addition, the WiMAX system has guaranteed the demand of different business to different bandwidth and time delay by the dispatching algorithm of optimizing.

Though above-mentioned WiMAX network has so superior performance, because the IEEE802.16 serial protocols does not stipulate in the WiMAX network user terminal (MSS) to be carried out the method and the network architecture of access authentication.Though can adopt fixed-line subscriber name/cipher authentication mode commonly used, but because the change of password is determined by the user fully under this mode, corresponding relation in usemame/password was maintained fixed in long period of time most of users because the frequency of replacing password is lower, so the probability that password is stolen is higher, and fail safe is lower.

Summary of the invention

In view of this, the object of the present invention is to provide a kind of access authentication system of WiMAX network, improve authenticating safety.

Another object of the present invention is to provide a kind of access authentication method of WiMAX network, improve authenticating safety.

For achieving the above object, the invention provides a kind of access authentication system of WiMAX network, this system comprises: equipment end and access server AS; Wherein,

Described equipment end, be used for informing user terminal and submit user totem information to, the user totem information that receives is sent to AS, request AS generates the password of this authentication, and informing user terminal is submitted user totem information and password to, the user totem information and the corresponding password that receive are sent to AS, and request AS authenticates this user terminal;

Described AS, be used for user totem information, generate the password of this authentication, the corresponding relation of record user identifications information and described password at the equipment end submission, and, this user terminal is carried out access authentication according to user totem information and password that equipment end is submitted to.

Wherein, this system further comprises:

The SMSC of short message service center is used to receive the password that AS generates, and the password that receives is sent to user terminal.

Wherein, described equipment end comprises: door Portal server and Access Service Network Gateway ASN GW; Wherein,

Described Portal server, be used to carry out described informing user terminal and submit to user totem information and described informing user terminal to submit user totem information and password to, and the user totem information that receives or user totem information and password are transmitted to described ASN GW;

Described ASN GW, be used for according to the user totem information that comes from Portal server, ask described AS to generate the password of this authentication, and according to user totem information that comes from Portal server and password, request AS carries out access authentication to described user terminal, and receives authentication result from AS.

Wherein, described ASN GW comprises at least: Portal module and insertion authority charging AAA module;

Wherein,

Described Portal module is used to receive the user totem information from Portal server; The user totem information that receives is sent to AAA module among the ASN GW; Reception is from the user totem information and the password of Portal server; The user totem information that receives and password are sent to AAA module among the ASN GW; After AS finishes authentication,, indicate to Portal server and to receive authentication result according to the indication of the AAA module among the ASN GW;

Described AAA module is used for the user totem information that the Portal module with ASN GW sends and sends to AS, and request AS generates the password of this authentication; Portal module specification password in ASN GW has sent to the user; User totem information and password that Portal module among the ASN GW is sent send to AS, and request AS carries out access authentication to user terminal, and receive the authentication result that comes from AS; And the authentication result that receives sent to Portal module among the ASN GW.

Wherein, described AS comprises at least: AAA module, Service Processing Module and short message module; Wherein,

Described AAA module is used to receive the user totem information that comes from ASN GW, indicates to ASN GW and receives described user profile, and the user totem information that receives is sent to Service Processing Module among the AS; Reception comes from user totem information and the password of ASN GW, and the user totem information that receives and password are sent to Service Processing Module among the AS; Receive the authentication result that Service Processing Module draws, and described authentication result is sent to ASN GW;

Described Service Processing Module is used for receiving the user totem information that the AAA module of AS transmits, and generates the password of this authentication, and writes down the corresponding relation between described user totem information and the password; The password that generates is sent to short message module among the AS; Receive the AAA module transmits among the AS user totem information and password, and this user terminal is carried out access authentication; Authentication result is sent to AAA module among the AS;

Described short message module is used for receiving the password that comes from the AS Service Processing Module, and the password that receives is sent to SMSC.

Wherein, further comprise among the described ASN GW: communication module is used for sending between described ASN GW and Portal server, ASN GW and AS and receiving message.

Wherein, it is characterized in that, further comprise among the described AS: communication module is used for sending between AS and ASNGW, AS and SMSC and receiving message.

Described Portal server, be used for informing user terminal and submit user totem information to, request AS generates the password of this authentication, and described informing user terminal is submitted user totem information and password to, request AS carries out access authentication to described user terminal, and receives authentication result from AS;

Described ASN GW is used for the mutual transparent transmission of realizing message at user terminal and Portal server.

Wherein, described ASN GW comprises at least: the Portal module is used to receive the authentication result that comes from Portal server.

Wherein, comprise at least among the described AS: AAA module, Portal module, Service Processing Module and short message module; Wherein,

Described AAA module is used to receive user totem information and the password that Portal server transmits, and the user totem information that receives and password are sent to Service Processing Module among the AS; Receive the authentication result that the Service Processing Module of AS transmits, and authentication result is returned to Portal server;

Described Portal module is used to receive the user totem information that Portal server transmits, and the user totem information that receives is handed to Service Processing Module among the AS;

Described Service Processing Module is used to receive the user totem information of the Portal module that comes from AS, generates the password of this authentication, and writes down the corresponding relation between described user totem information and the password; The password that generates is sent to short message module among the AS; Receive the AAA module transmits among the AS user totem information and password, and this user terminal is carried out access authentication; Authentication result is sent to AAA module among the AS;

Wherein, described ASN GW further comprises: communication module is used for the mutual transparent transmission message at user terminal and Portal server.

Wherein, described AS further comprises: communication module is used for sending between AS and SMSC and receiving message.

Wherein, further comprise among the described ASN GW: the HTTP module is used for user terminal is reoriented to described Portal module.

Wherein, described system further comprises: base station BS is used for transmission information between described user terminal and described equipment end.

The present invention also provides a kind of access authentication method of WiMAX network, and this method may further comprise the steps:

A. user terminal is under the indication of equipment end, and self user totem information is sent to AS;

B.AS generates the required password of this authentication at the user totem information of being received, this password is sent to user terminal, and the corresponding relation of the record user identifications information and the password that generates;

C. user terminal is submitted to AS with user totem information of self and the password that receives under the indication of equipment end, carries out the authentication of this WiMAX network.

Wherein, described equipment end comprises Portal server and ASN GW at least, and then the described user terminal of steps A comprises the method that self user totem information sends to AS:

A11.Portal server notification user terminal is submitted user totem information to, and user terminal sends to Portal server with the user totem information of self;

A12.Portal server notification ASN GW begins to obtain password, and the user totem information that user terminal is submitted to sends to ASN GW simultaneously, and ASN GW makes response to Portal again, indicates the instruction that begins to obtain password that receives from Portal server;

A13.ASN GW is carried on the user totem information that receives and gets in the password request message, sends to AS, and request obtains the required password of this authentication.

Wherein, further comprise between described step B and the described step C:

B13.AS sends to ASN GW and gets the password response message, and indicates that in this message the password that AS generates has sent to user terminal;

B14.ASN GW is by sending the mode of authentication result to Portal server, the password that indicates the AS generation has sent to user terminal, and Portal server returns the response of receiving authentication result to ASN GW again.

Wherein, the described user terminal of step C method that the user totem information of self and the password that receives are submitted to AS comprises:

C11.Portal server notification user terminal is submitted user totem information and password to, and user terminal sends to Portal server together with user totem information of self and the password that receives;

C12.Portal server notification ASN GW begins to initiate authentication, and user totem information and password that user terminal is submitted to send to ASN GW, and ASN GW makes response to Portal again, indicates and receives the described instruction initiating to authenticate of beginning;

C13.ASN GW is carried on the user totem information and the password that receive to insert in the request message, sends to AS.

Wherein, the described method of carrying out the authentication of this WiMAX network of step C comprises:

C14.AS authenticates user terminal according to the user totem information and the password that receive, and authentication result is sent to ASN GW;

C15.ASN GW sends to Portal server with described authentication result, and Portal server indicates to ASNGW and receives authentication result, and authentication result is sent to user terminal.

Wherein, the described user terminal of steps A comprises the method that self user totem information sends to AS:

A21.Porta server notification user terminal is submitted user totem information to, and user terminal sends to Portal server with the user totem information of self;

The A22.Portal server is carried on the user totem information that receives and gets in the password request message, sends to AS.

Wherein, the described AS of step B comprises the method that password sends to user terminal:

B1.AS sends to SMSC by submitting the short message request message to the password that is generated;

B2.SMSC returns to AS and submits the short message response message to, indicates the password of receiving that AS generates, and SMSC sends to user terminal with the password that receives with the form of short message.

Wherein, further comprise between described step B and the described step C:

AS sends to Portal server and gets the password response message, and indicates that in this message password has sent to user terminal.

C21.Portal server notification user terminal is submitted user totem information and password to, and user terminal sends to Portal server together with user totem information of self and the password that receives;

The C22.Portal server is carried on the user totem information and the password that receive in the access request message and sends to AS.

C23.AS authenticates user terminal according to the user totem information and the password that receive, and authentication result is sent to Portal server;

The C24.Portal server sends to user terminal and ASN GW respectively with authentication result.

Wherein, described Portal server informing user terminal submits to the method for user totem information to be:

Portal server is the throw-out collar net Web page under user terminal, and reminding subscriber terminal is imported user totem information in this Web page;

Described user terminal with the method that self user totem information sends to Portal server is:

User terminal is imported the user totem information of self in the described Web page, submit to Portal server.

Wherein, described Portal server informing user terminal submits to the method for user totem information and password to be:

Portal server pushes away the Web page under user terminal, and reminding subscriber terminal is imported user totem information and password in this Web page;

User terminal is imported user totem information of self and the password that receives in the described Web page, submit to Portal server.

Wherein, described Portal server with the method that authentication result sends to user terminal is:

Portal server pushes away the Web page that comprises authentication result under user terminal.

Wherein, described AS according to the user totem information and the password that receive to the method that user terminal authenticates is:

AS is an index with the user totem information that receives, from self finding the password of this user totem information correspondence; Then, judge whether the password that receives is identical with the password that is found, if, then judge authentication success, otherwise, judge authentification failure.

Wherein, described authentication result is an authentication success, and then the described method that authentication result is sent to ASNGW of step C14 is:

AS returns the access success message to ASN GW;

Described authentication result is an authentification failure, and then the described method that authentication result is sent to ASN GW of step C14 is:

AS returns access failure message to ASN GW.

Wherein, described authentication result is an authentication success, and then the described method that authentication result is sent to Portal server of step C23 is:

AS returns the access success message to Portal server;

Described authentication result is an authentification failure, and then the described method that authentication result is sent to Portal server of step C23 is:

AS returns access failure message to Portal server.

Wherein, before the described steps A, this method further comprises:

User terminal by with the Internet protocol IP address that obtains self alternately of ASN GW; And when BS received the request of user terminal access WiMAX network, ASN GW was redirected to Portal server with user terminal.

Wherein, described AS power on and normally the operation after, this method further comprises:

Setting up AS is connected with network between the SMSC;

When described AS no longer communicated by letter with described SMSC, this method further comprised:

Removing the network of having set up between AS and the SMSC is connected.

Wherein, the method for network connection between described AS of foundation and the SMSC is:

AS sends the binding transfer request message to SMSC, and SMSC returns binding transmission response message to AS again;

The method of network connection of having set up between described releasing AS and the SMSC is:

AS sends unbind message to SMSC, and SMSC returns the unbind response message to AS again.

Wherein, comprise Portal module and AAA module among the described ASN GW, comprise AAA module, Service Processing Module and short message module among the described AS, then the described Portal server notice of steps A 12 ASN GW begin to obtain password, and the user totem information that user terminal is submitted to sends to the method for ASNGW and is simultaneously:

Portal server is by the Portal module among the ASN GW, and the AAA module among the notice ASN GW begins to obtain password, and described user totem information is sent to AAA module among the ASN GW;

Steps A 12 described ASN GW make response to Portal, indicate the method for instruction that begins to obtain password that receives from Portal server to be:

AAA module among the ASN GW indicates the instruction that begins to obtain password that receives from Portal server by the Portal module among the ASN GW to Portal server;

The method that steps A 13 described ASN GW requests obtain the required password of this authentication is:

AAA module among the ASN GW will be got password request message and be sent to AAA module among the AS.

Wherein, comprise Portal module and AAA module among the described ASN GW, comprise AAA module, Service Processing Module and short message module among the described AS, then the described AS of step B13 sends the method get the password response message to ASN GW and is:

Under the short message module indication of AAA module among the AS in AS, the described password response message of getting is sent to AAA module among the ASN GW;

The described ASN GW of step B14 indicates the method that password that AS generates sent to user terminal to the Porrtal server:

AAA module among the ASN GW will receive gets the password response message and sends to Portal module among the ASN GW, and the Portal module among the ASN GW reinforms the Portal server password and sent to user terminal;

The described Portal server of step B14 to the method that ASN GW returns the response of receiving authentication result is:

Portal server is by the Portal module among the ASN GW, and described response of receiving authentication result is sent to AAA module among the ASN GW.

Wherein, comprise Portal module and AAA module among the described ASN GW, comprise AAA module, Service Processing Module and short message module among the described AS, then the described Portal server of step C12 notice ASN GW begins to initiate authentication, and the method that the user totem information that user terminal is submitted to and password send to ASN GW is:

Portal server is by the Portal module among the ASN GW, and the AAA module among the notice ASN GW begins to initiate authentication, and described user totem information and password are sent to AAA module among the ASN GW;

The described ASN GW of step C12 makes response to Portal, indicates the method that begins the instruction initiating to authenticate that receives from Portal server to be:

AAA module among the ASN GW is by the Portal module among the ASN GW, indicates the instruction initiating to authenticate of beginning that receives from Portal server to Portal server;

The described ASN GW of step C13 sends the method that inserts request message to AS:

AAA module among the ASN GW will insert request message and send to AAA module among the AS.

Wherein, comprise Portal module and AAA module among the described ASN GW, comprise AAA module, Service Processing Module and short message module among the described AS, then the described AS of step C14 authenticates user terminal according to the user totem information and the password that receive, and with the method that authentication result sends to ASN GW is:

AAA module among the AS sends to Service Processing Module among the AS with user totem information and password, and the Service Processing Module among the AS authenticates user terminal, and by the AAA module among the AS, and authentication result is sent to AAA module among the ASN GW;

The described ASN GW of step C15 sends to Portal server with described authentication result, and Portal server indicates the method for receiving authentication result to ASN GW again and is:

AAA module among the ASN GW sends to Portal server by the Portal module among the ASN GW with described authentication result, and authentication result has been received in the Portal module specification of Portal server in ASN GW.

Wherein, comprise the Portal module among the described ASN GW, comprise AAA module, Portal module and Service Processing Module, short message module among the described AS, then steps A 22 described Portal server are carried on the user totem information that receives and get in the password request message, and the method that sends to AS is:

Portal server will be got password request message and send to Portal module among the AS, and the Portal module among the AS parses the user profile sign from get password request, send to the Service Processing Module among the AS, and request generates the password of this checking.

Wherein, comprise the Portal module among the described ASN GW, comprise AAA module, Portal module, Service Processing Module and short message module among the described AS, then the described AS of step B1 is by submitting the short message request message to, and the method that the password that is generated is sent to SMSC is:

Service Processing Module among the AS sends to short message module among the AS with the password that is generated, and the submission short message request message that the short message module among the AS will carry described password sends to SMSC;

The described SMSC of step B2 returns to AS and submits to the method for short message response message to be: SMSC is by the short message module among the AS, and described submission short message response message is sent to AAA module among the AS.

Wherein, comprise the Portal module among the described ASN GW, comprise AAA module, Portal module, Service Processing Module and short message module among the described AS, then described AS sends the method for getting the password response message to Portal server and is:

Portal module among the AS sends to Portal server with the described password response message of getting.

Wherein, comprise the Portal module among the described ASN GW, comprise AAA module, Portal module, Service Processing Module and short message module among the described AS, then the described Portal server of step C22 is the user totem information and the password that receive, is carried on to insert the method that sends to AS in the request message and be:

Portal server is by the Portal module among the AS, sends to AAA module among the AS with inserting request message, and the AAA module among the AS parses user profile sign and password from insert request message, send to the Service Processing Module among the AS.

Wherein, comprise the Portal module among the described ASN GW, comprise AAA module, Portal module, Service Processing Module and short message module among the described AS, then the described AS of step C23 authenticates user terminal according to the user totem information and the password that receive, and with the method that authentication result sends to Portal server is:

Service Processing Module among the AS authenticates user terminal according to the user totem information and the password that receive, and by the AAA module among the AS, authentication result is sent to Portal server;

The described Portal server of step C24 with the method that authentication result sends to ASN GW is: Portal server sends to Portal module among the AS GW with authentication result.

Wherein, comprise short message module among the described AS at least, then described AS to the method that SMSC sends the binding transfer request message is:

Short message module among the AS will be bound transfer request message and send to SMSC;

SMSC to the method that AS returns binding transmission response message is:

SMSC sends to short message module among the AS with described binding transmission response message;

Described AS to the method that SMSC sends unbind message is:

Short message module among the AS sends to SMSC with unbind message;

Described SMSC to the method that AS returns the unbind response message is:

SMSC sends to short message module among the AS with described unbind response message.

Use the present invention, improved the fail safe that inserts checking in the WiMAX network.Particularly, the present invention has following beneficial effect:

1. the present invention is on the basis of existing WiMAX network, the ASN GW that serves for access authentication and the concrete structure of AS are provided, make the WiMAX network can user terminal carry out the access authentication of OTP mode, strengthened network practicality, improved the fail safe of checking.

2. among the present invention, AS is under the request of equipment end, generate the password of this checking for the user terminal of current access WiMAX network, and when user terminal is submitted up the password of user totem information and AS generation to, AS compares the password that receives and the password of self record, realizes the access authentication to user terminal.Because it is all different that user terminal inserts the password of WiMAX network, therefore is difficult for taking place the stolen situation of password, the fail safe that has improved access authentication at every turn.

Description of drawings

Fig. 1 is the network structure of WiMAX system.

Fig. 2 is the structure chart of WiMAX network access authentication system in the embodiment of the invention 1.

Fig. 3 is the signaling process figure of WiMAX network access verifying method in the embodiment of the invention 1.

Fig. 4 is the structure chart of WiMAX network access authentication system in the embodiment of the invention 2.

Fig. 5 is the signaling process figure of WiMAX network access verifying method in the embodiment of the invention 2.

Embodiment

For making purpose of the present invention, technical scheme clearer, below with reference to the accompanying drawing embodiment that develops simultaneously, the present invention is described in further detail.

Basic thought of the present invention is: the Verification System in a kind of WiMAX network is provided, and this system mainly comprises: equipment end, access server (AS) and short message service center (SMSC).

Basic thought of the present invention also is: the authentication method in a kind of WiMAX network is provided, and this method mainly comprises: the A. user terminal sends to AS by equipment end with self user totem information; B.AS generates the required OTP password of this authentication at the user totem information of being received, and this OTP password is sent to user terminal, indicates the OTP password to equipment end simultaneously and has sent to user terminal; C. user terminal is submitted to AS by equipment end with user totem information of self and the OTP that receives, and carries out the authentication of this WiMAX network.

Among the present invention, can adopt the subscriber equipment (UE) and the SS that meet the 802.16d agreement to constitute user terminal, also can adopt the MSS that meets the 802.16e agreement to constitute user terminal; In addition, the equipment end among the present invention comprises ASN GW and door (Portal) server, and both all can be used as the masters of initiating access authentication.Below, adopting MSS with user terminal is example, introduces ASN GW respectively by two embodiment and initiatively initiates access authentication and Portal server authentication method of the present invention and Verification System when initiatively initiating access authentication.

Embodiment 1: user terminal is that MSS, ASN GW initiatively initiate access authentication.

As shown in Figure 2, WiMAX network access authentication system comprises in the present embodiment: BS, ASN GW, AS, Portal server and SMSC.Wherein, BS is used for transmission information between user terminal and ASN GW; ASN GW is used to ask AS to generate the password of this authentication, and after user terminal receives password, initiates authentication; Portal server is used for informing user terminal and submits user totem information and password to, and the user totem information and the password that receive are handed to ASN GW; AS, be used under the request of ASN GW generating this authentication password, the password that is generated is submitted to SMSC, and user terminal is carried out authentication; SMSC is used to receive the password that comes from AS, and by the mode of short message password is sent to user terminal.

In addition, comprise as lower module among the ASN GW of present embodiment: HTTP(Hypertext Transport Protocol) module, Portal module, authentication and authorization charging (AAA) module and communication module; Comprise among the AS as lower module: AAA module, Service Processing Module, short message module and communication module.

The operation principle of the access authentication system in the present embodiment WiMAX network is:

When BS received the request of MSS access WiMAX network, the HTTP module among the ASN GW was redirected to this MSS on the Portal server by the communication module among the ASN GW.Portal server notice MSS submits user totem information to, and after receiving the user totem information that comes from MSS, by communication module among the ASN GW and Portal module, user totem information is sent to AAA module among the ASN GW, and indicate and to begin to get password; AAA module among the ASN GW is passed through Portal module and the communication module among the ASN GW again, indicates to Portal server and has received user totem information.AAA module among the ASN GW is contained in the user totem information that receives and gets in the password request, and by communication module among the ASN GW and the communication module among the AS, sends to the AAA module among the AS.AAA module among the AS is separated user totem information from getting the password request message of receiving, send the Service Processing Module among the AS to.Service Processing Module among the AS generates password at the user totem information that receives again, and notes after the corresponding relation between user totem information and the password, and this password is sent to short message module among the AS.Short message module among the AS is carried on the password that receives in the message that can discern such as SMSC such as submitting short message request (submit_sm) message to, sends to SMSC by the communication module among the AS.SMSC is by the communication module among the AS, and the short message module in AS returns submits short message response (submit_sm_rsp) message to, indicates and receives password; And the mode by short message sends to MSS with password.After short message module among the AS receives the response of SMSC, by AAA module among the AS and the communication module among the AS, send to communication module among the ASNGW with getting the password response message, communication module among the ASN GW by the AAA module among the ASN GW, is transmitted to Portal module among the ASN GW with the password response message of getting that receives again.Portal module among the ASN GW indicates password by the communication module among the ASN GW to Portal server and has sent to MSS, and by the communication module among the ASN GW, the Portal module in ASN GW is made response to Portal server again.

After MSS sent password, Portal server notice MSS submitted user totem information and password at SMSC, and MSS submits to Portal server with user totem information of self and the password that receives again.Portal server is by communication module and Portal module among the ASN GW, and the user totem information that receives and password are sent to AAA module among the ASN GW, and indicates and can begin to insert; AAA module among the ASN GW is passed through Portal module and the communication module among the ASN GW again, indicates to Portal server and has received user totem information and password.AAA module among the ASN GW is carried on the user totem information that receives and inserts in the request message, and by communication module among the ASN GW and the communication module among the AS, sends to the AAA module among the AS; AAA module among the AS parses user totem information and password again from access request (Access-Requeset) message that receives, submit to the Service Processing Module among the AS.Service Processing Module among the AS carries out access authentication according to the password of this user totem information correspondence of password that receives and self record to this MSS, and authentication result is returned to AAA module among the AS.AAA module among the AS is according to the authentication result that receives, communication module by among communication module among the AS and the ASN GW will insert successfully (Access Accept) message or access failure (Access Reject) message and return to AAA module among the ASN GW.AAA module among the ASN GW sends to Portal server by Portal module among the ASN GW and the communication module among the ASN GW with the authentication result that receives; Portal server is again by communication module and Portal module among the ASN GW, AAA module in ASN GW is made the response of receiving authentication result, so that when after this MSS obtained required business by the WiMAX network, the AAA module among the ASN GW determined whether to allow this MSS to be linked among the ASN GW according to the authentication result that receives.And Portal server also indicates authentication result to MSS.

In addition, power on and normally after the operation at AS, set up with SMSC between network is connected so that AS can submit to SMSC with the password of generation in verification process.Particularly, the short message module among the AS is set up network by the communication module request SMSC among the AS and is connected, and promptly sends binding transmission request (bind_transmitter) message; SMSC is again by the communication module among the AS, will bind transmission response (bind_transmitter_resp) message and return to short message module among the AS, indicates and set up the desired network connection of AS.

Under such as situations such as Equipment Inspection or equipment replacements, if AS no longer communicates by letter with SMSC, then both are by removing the connection of being set up alternately.Particularly, the short message module among the AS sends unbind (unbind) message by the communication module among the AS to SMSC; SMSC returns unbind response (unbind_resp) message by the short message module of the communication module among the AS in AS, indicates and has removed the network connection.

As shown in Figure 3, the access authentication method in the WiMAX network of use said system may further comprise the steps:

When step 301～302. are set up with being connected of WiMAX network as MSS, MSS by with the Internet protocol of obtaining this MSS alternately (IP) address of ASN GW; And when MSS brought into use the WiMAX network, ASN GW was redirected to Portal server with MSS.

This is in MSS when bringing into use the WiMAX network, and during for example by WiMAX access to netwoks portal website, at first by HTTP message, the uniform resource locator that will visit (URL) is submitted to ASN GW to MSS; Because the authentication by the WiMAX network of this MSS this moment, then ASN GW does not return http response message to MSS, and carries an error code and as the Portal server address of Redirect URL in this response message; The browser that MSS uses is initiated HTTP to Portal server and is connected again according to the Redirect URL that receives.

Step 303～304.Portal server notification MSS submits user totem information to, and MSS sends to Portal server with the user totem information of self.

In two steps herein, Portal server passes through the mode of throw-out collar net (Web) page down, and prompting MSS submits user totem information to, so that finish authentication; After MSS receives the page that comes from Portal server, in this page, import the user totem information of self, and send to Portal server by ASN GW.The user totem information here is made up of user name and the domain name of MSS, and adopts the form of user name @ domain name.User name is used to identify the identity of this MSS, and domain name is used to identify this authentication and is the authentication of OTP mode.Usually, domain name adopts the OTP field, certainly, also can adopt other fields as domain name.

Step 305.Portal server notification ASN GW can begin to obtain password, and the user totem information that MSS is submitted to sends to ASN GW simultaneously; ASN GW makes response to Portal again, indicates the instruction that receives from Portal server.

Step 306～307.ASN GW is carried on the user totem information that receives and gets in the password request message, sends to AS, and request obtains the required password of this authentication; AS generates and writes down the password of this authentication according to the user totem information of getting in the password request message.

ASN GW puts into the user totem information that receives and gets in the password request message, and sends to AS.AS receive come from ASN GW get password request message after, therefrom parse user totem information; Then according to the domain name in this user totem information, what determine this MSS is adopted is the OTP authentication mode, then generates a password at random for this MSS, simultaneously the corresponding relation of user totem information and this password is noted.

Step 308～310.AS sends to SMSC by submitting the short message request message to the password that is generated; SMSC returns to AS and submits the short message response message to, indicates and receives password; Simultaneously SMSC sends to MSS with the password that receives with the form of short message.

Step 311.AS sends to ASN GW and gets the password response message, and indicates that in this message password has sent to SMSC.

AS by receive submit to the short message response message determine successfully password is submitted to SMSC after, return and the corresponding password response message of getting of step 306 to ASN GW, and in this message, indicate password and sent to MSS.

Step 312～313.ASN GW indicates password to Portal server and has sent to MSS, and Portal server returns the response that password has been sent to ASN GW again.

So far, finish the OTP password acquisition process of present embodiment.After this, MSS uses accessed password to carry out the authentication of WiMAX network.In order to increase subsequent authentication flexibility in time, can be the password setting effective time that is generated in the step 307, so that MSS can carry out the authentication of subsequent step in any time of this password in effective time.

Step 314～315.Portal server notification MSS submits user totem information and password to, and MSS sends to Portal server together with user totem information of self and the password that receives.

Still by push away the mode of the Web page under MSS, prompting MSS submits user totem information and password to Portal server herein; MSS on the Web page that receives, import the user totem information of self and the password that from short message, receives after, send to Portal server.

Step 316.Portal server notification ASN GW can begin to initiate authentication, and the user totem information that MSS is submitted to sends to ASN GW simultaneously; ASN GW makes response to Portal again, indicates the instruction that receives from Portal server.

Step 317～318.ASN GW is carried on the user totem information and the password that receive to insert in the request message, sends to AS, and request authenticates MSS; AS authenticates MSS according to the user totem information and the password that receive, and authentication result is sent to ASN GW.

AS to the method that MSS authenticates is herein: AS is an index with the user totem information that receives, from self finding the password of this user totem information correspondence; Then, judge whether the password that receives is identical with the password that is found, if, then judge authentication success, otherwise, judge authentification failure.

Under the situation of authentication success, AS returns the access success message to ASN GW; Under the situation of authentification failure, AS returns access failure message to ASN GW.

Step 319～321.ASN GW sends to Portal server with this authentication result, and Portal server indicates to ASN GW and receives authentication result, and authentication result is sent to MSS.

ASN GW by inserting the authentication result that success message or access failure message indicate, sends to Portal server with AS herein; Portal server brings MSS by pushing away the mode of the Web page down with authentication result; Simultaneously, Portal server is also made response to ASN GW, indicates and received authentication result.

Under the situation of authentication success, Portal server is showing such as welcome message in the Web page of MSS, is pointing out the user not close relevant informations such as this page in last network process; Under the situation of authentification failure, Portal server is then indicating authentification failure in the page of MSS.

So far, finish the verification process of WiMAX network in the present embodiment.

Further, because the mode with short message in the access authentication method of present embodiment sends to MSS with the password that AS produces, therefore, after AS powers on and normally moves, set up with SMSC between network is connected so that in verification process AS connect will generation OTP submit to SMSC.The method that present embodiment connects between AS and SMSC is: AS sends binding transmission request (bind_transmitter) message to SMSC, and request is set up AS and is connected with network between the SMSC; SMSC returns binding transmission response (bind_transmitter_resp) message to AS again, indicates and has set up the desired network connection of AS.

In addition, under situations such as Equipment Inspection or equipment replacement, if AS no longer communicates by letter with SMSC, then both are by removing the connection of being set up alternately.Particularly, method of network connection is between present embodiment releasing AS and SMSC: AS sends unbind message to SMSC, and request is removed the network of having set up and connected; SMSC returns the unbind response message to AS, indicates and has removed the network connection.

In the present embodiment, ASN GW is as the masters of initiating access authentication, directly and AS carry out alternately, and Portal server is under the control of ASN GW, by with the mutual acquisition user totem information of MSS and password etc.

Below, the situation of Portal server initiatively being initiated access authentication is described.

Embodiment 2: user terminal is that MSS, Portal server are initiatively initiated access authentication.

As shown in Figure 4, the access authentication system of WiMAX network comprises in the present embodiment: BS, ASNGW, AS, Porta server and SMSC.Wherein, BS is used for transmission information between user terminal and ASN GW; ASN GW is used for the transparent transmission in the reciprocal process realization message of user terminal and Portal server; Portal server, be used for informing user terminal and submit user totem information and password to, generate password according to the user totem information request AS that receives, and according to user totem information that receives and password, request AS carries out authentication to this user terminal; AS, be used under the request of Portal server generating this authentication password, the password that is generated is submitted to SMSC, and user terminal is carried out authentication; SMSC is used to receive the password that comes from AS, and by the mode of short message password is sent to user terminal.

The ASN GW of present embodiment comprises HTTP module, Portal module and communication module, and AS comprises AAA module, Portal module, Service Processing Module, short message module and communication module.

When BS received the request of MSS access WiMAX network, the HTTP module among the ASN GW was redirected to this MSS on the Portal server by the communication module among the ASN GW.Portal server notice MSS submits user totem information to, and after receiving the user totem information that comes from MSS, by the communication module among the AS, the password request message of getting that carries user totem information is sent to Portal module among the AS; Portal module among the AS sends to the Service Processing Module among the AS after getting of receiving parses user totem information the password request.Service Processing Module among the AS generates password at the user totem information that receives again, and notes after the corresponding relation between user totem information and the password, and this password is sent to short message module among the AS.Short message module among the AS is carried on the password that receives in the message that can discern such as SMSC such as submitting the short message request message to, sends to SMSC.SMSC is by the communication module among the AS, and the short message module in AS returns submits the short message response message to, indicates and receives password; And the mode by short message sends to MSS with password.After short message module among the AS receives the response of SMSC,, will get the password response message and return to Portal server by Portal among the AS and the communication module among the AS.

After MSS sent password, Portal server notice MSS submitted user totem information and password at SMSC, and MSS submits to Portal server with user totem information of self and the password that receives again.Portal server is carried on user totem information and the password that receives in the access request message by the communication module among the AS, sends to the AAA module among the AS; AAA module among the AS parses user totem information and password again from the access request message that receives, submit to the Service Processing Module among the AS.Service Processing Module among the AS carries out access authentication according to the password of this user totem information correspondence of password that receives and self record to this MSS, and authentication result is returned to AAA module among the AS.AAA module among the AS is according to the authentication result that receives, and by the communication module among the AS, will insert success message or access failure message returns to Portal server.Portal server is again by the communication module among the ASN GW, authentication result is sent to Portal module among the ASN GW, so that when after this MSS obtained required business by the WiMAX network, the Portal module among the ASN GW determined whether to allow this MSS to be linked among the ASN GW according to the authentication result that receives.And Portal server also sends to MSS with authentication result.

In addition, power on and normally after the operation at AS, set up with SMSC between network is connected so that AS can submit to SMSC with the password of generation in verification process.Particularly, the short message module among the AS is set up network by the communication module request SMSC among the AS and is connected, and promptly sends the binding transfer request message; SMSC is again by the communication module among the AS, and binding transmission response message is returned to short message module among the AS, indicates to have set up the desired network of AS and connect.

Under situations such as Equipment Inspection or equipment replacement, if when AS no longer communicates by letter with SMSC, both are by removing the connection of being set up alternately.Particularly, the short message module among the AS sends unbind message by communication module to SMSC; SMSC returns the unbind response message by the short message module of the communication module among the AS in AS, indicates and has removed the network connection.

As shown in Figure 5, the access authentication method in the WiMAX network of use said system may further comprise the steps:

When step 501～502. are set up with being connected of WiMAX network as MSS, MSS by with ASN GW obtain its own IP address alternately; And when MSS brought into use the WiMAX network, ASN GW was redirected to Portal server with MSS.

Step 503～504.Portal server notification MSS submits user totem information to, and MSS sends to Portal server with the user totem information of self.

In two steps herein, Portal server is by pushing away the mode of the Web page down, and prompting MSS submits user totem information to; After MSS receives the page that comes from Portal server, in this page, import the user totem information of self, and send to Portal server by ASN GW.The user totem information here is made up of user name and the domain name of MSS, and adopts the form of user name @ domain name.User name is used to identify the identity of this MSS, and domain name is used to identify this authentication and is the authentication of OTP mode.Usually, domain name adopts the OTP field, certainly, also can adopt other fields as domain name.

Step 301 among above-mentioned steps 501 to 504 and the embodiment 1 is to 304 identical.

Step 505～506.Portal server is carried on the user totem information that receives and gets in the password request message, sends to AS, and request obtains the required password of this authentication; AS generates and writes down the password of this authentication according to the user totem information that inserts in the request message.

After Portal server receives the user totem information of MSS by the submission of the Web page, this user totem information is put in the access request message that sends to AS.AS receive come from Portal server get password request message after, therefrom parse user totem information; Then according to the domain name in this user totem information, what determine this MSS is adopted is the OTP authentication mode, then generates a password at random for this MSS, simultaneously the corresponding relation of user totem information and this password is noted.

Step 507～509.AS sends to SMSC by submitting the short message request message to the password that is generated; SMSC returns to AS and submits the short message response message to, indicates and receives password; Simultaneously SMSC sends to MSS with the password that receives with the form of short message.

Step 510.AS sends to Portal server and gets the password response message, and indicates that in this message password has sent to MSS.

AS by receive submit the short message response message to after, return and the corresponding password response message of getting of step 305 to Portal server, and in this message, indicate password and sent to MSS.

So far, finish the OTP password acquisition process of present embodiment.After this, MSS uses accessed password to carry out the authentication of WiMAX network.In order to increase subsequent authentication flexibility in time, can be the password setting effective time that is generated in the step 506, so that MSS can carry out the authentication of subsequent step in any time of this password in effective time.

Step 511～512.Portal server notification MSS submits user totem information and password to, and MSS sends to Portal server together with user totem information of self and the password that receives.

Step 513～514.Portal server is carried on the user totem information and the password that receive in the access request message and sends to AS, and request authenticates MSS; AS authenticates MSS according to the user totem information and the password that receive, and authentication result is sent to Portal server.

Under the situation of authentication success, AS returns the access success message to Portal server; Under the situation of authentification failure, AS returns access failure message to Portal server.

Step 515～516.Portal server sends to MSS and ASN GW respectively with authentication result.

Under the situation of authentication success, Portal server indicates authentication success to ASN GW, so that after this MSS obtains required business by ASN GW; In addition, Portal server is also to the Web page of the bright authentication success of MSS push-down list, and shows in this Web page such as welcome message, prompting user do not close relevant informations such as this page in last network process; Under the situation of authentification failure, Portal server indicates authentification failure to ASN GW, and is indicating authentification failure in the page of MSS.

So far, finish the access authentication procedure of WiMAX network in the present embodiment.

Further, because the access authentication method of present embodiment still sends to MSS in the mode of short message with the password that AS produces, therefore, power on and normally after the operation, set up AS by binding transfer request message and binding transmission response message and be connected with network between the SMSC at AS; And, when AS no longer communicates by letter with SMSC, by unbind message with remove the binding response message, remove the network of having set up between AS and SMSC and be connected.Setting up network among said process and the embodiment 1, to connect the process that is connected with the releasing network identical.

The above only is preferred embodiment of the present invention, and is in order to restriction the present invention, within the spirit and principles in the present invention not all, any modification of being made, is equal to replacement, improvement etc., all should be included within protection scope of the present invention.

Claims

1, the access authentication system in a kind of global access mutual operation network is characterized in that, this system comprises: equipment end, access server AS and the SMSC of short message service center; Wherein,

Described AS, be used for user totem information, generate the password of this authentication, the corresponding relation of record user identifications information and described password at the equipment end submission, and, this user terminal is carried out access authentication according to user totem information and password that equipment end is submitted to;

Described SMSC is used to receive the password that AS generates, and the password that receives is sent to user terminal;

Described equipment end comprises: door Portal server and Access Service Network Gateway ASN GW; Wherein,

Described ASN GW, be used for according to the user totem information that comes from Portal server, ask described AS to generate the password of this authentication, and according to user totem information that comes from Portal server and password, request AS carries out access authentication to described user terminal, and receives authentication result from AS;

Described AS comprises at least: AAA module, Service Processing Module and short message module; Wherein,

2, the system as claimed in claim 1 is characterized in that, described ASN GW comprises at least: Portal module and insertion authority charging AAA module; Wherein,

3, system as claimed in claim 2 is characterized in that, further comprises among the described ASN GW: communication module is used for sending between described ASN GW and Portal server, ASN GW and AS and receiving message.

4, the system as claimed in claim 1 is characterized in that, further comprises among the described AS: communication module is used for sending between AS and ASN GW, AS and SMSC and receiving message.

5, system as claimed in claim 2 is characterized in that, further comprises among the described ASN GW: the HTTP module is used for user terminal is reoriented to described Portal module.

6, the system as claimed in claim 1 is characterized in that, described system further comprises: base station BS is used for transmission information between described user terminal and described equipment end.

7, the access authentication system in a kind of global access mutual operation network is characterized in that, this system comprises: equipment end, access server AS and the SMSC of short message service center; Wherein,

Described ASN GW is used for the mutual transparent transmission of realizing message at user terminal and Portal server;

At least comprise among the described AS: AAA module, Portal module, Service Processing Module and short message module; Wherein,

8, system as claimed in claim 7 is characterized in that, described ASN GW comprises at least: the Portal module is used to receive the authentication result that comes from Portal server.

9, system as claimed in claim 8 is characterized in that, described ASN GW further comprises: communication module is used for the mutual transparent transmission message at user terminal and Portal server.

10, system as claimed in claim 7 is characterized in that, described AS further comprises: communication module is used for sending between AS and SMSC and receiving message.

11, system as claimed in claim 8 is characterized in that, further comprises among the described ASN GW: the HTTP module is used for user terminal is reoriented to described Portal module.

12, system as claimed in claim 7 is characterized in that, described system further comprises: base station BS is used for transmission information between described user terminal and described equipment end.

13, the access authentication method in a kind of WiMAX network that uses the described system of claim 1 is characterized in that this method may further comprise the steps:

C. user terminal is submitted to AS with user totem information of self and the password that receives under the indication of equipment end, carries out the authentication of this WiMAX network;

Wherein, described equipment end comprises Portal server and Access Service Network Gateway ASN GW at least, and then the described user terminal of steps A comprises the method that self user totem information sends to AS:

A13.ASN GW is carried on the user totem information that receives and gets in the password request message, sends to AS, and request obtains the required password of this authentication;

The method that the described user terminal of step C is submitted to AS with the user totem information of self and the password that receives comprises:

14, method as claimed in claim 13 is characterized in that, further comprises between described step B and the described step C:

15, method as claimed in claim 13 is characterized in that, the described method of carrying out the authentication of this WiMAX network of step C comprises:

16, method as claimed in claim 13 is characterized in that, the described AS of step B comprises the method that password sends to user terminal:

17, method as claimed in claim 13 is characterized in that, described Portal server informing user terminal submits to the method for user totem information to be:

18, method as claimed in claim 13 is characterized in that, described Portal server informing user terminal submits to the method for user totem information and password to be:

19, method as claimed in claim 15 is characterized in that, described Portal server with the method that authentication result sends to user terminal is:

20, method as claimed in claim 15 is characterized in that, described AS according to the user totem information and the password that receive to the method that user terminal authenticates is:

21, method as claimed in claim 15 is characterized in that, described authentication result is an authentication success, and then the described method that authentication result is sent to ASN GW of step C14 is:

AS returns the access success message to ASN GW;

AS returns access failure message to ASN GW.

22, method as claimed in claim 13 is characterized in that, before the described steps A, this method further comprises:

User terminal by with the Internet protocol IP address that obtains self alternately of ASN GW; And when base station BS received the request of user terminal access WiMAX network, ASN GW was redirected to Portal server with user terminal.

23, method as claimed in claim 13 is characterized in that, described AS power on and normally the operation after, this method further comprises:

Setting up AS is connected with network between the SMSC of short message service center;

Removing the network of having set up between AS and the SMSC is connected.

24, method as claimed in claim 23 is characterized in that, the method for network connection between described AS of foundation and the SMSC is:

25, method as claimed in claim 13, it is characterized in that, comprise Portal module and AAA module among the described ASN GW, comprise AAA module, Service Processing Module and short message module among the described AS, then the described Portal server notice of steps A 12 ASN GW begin to obtain password, and the user totem information that user terminal is submitted to sends to the method for ASN GW and is simultaneously:

26, method as claimed in claim 14, it is characterized in that, comprise Portal module and AAA module among the described ASN GW, comprise AAA module, Service Processing Module and short message module among the described AS, then the described AS of step B13 sends the method get the password response message to ASN GW and is:

27, method as claimed in claim 13, it is characterized in that, comprise Portal module and AAA module among the described ASN GW, comprise AAA module, Service Processing Module and short message module among the described AS, then the described Portal server of step C12 notice ASN GW begins to initiate authentication, and the method that the user totem information that user terminal is submitted to and password send to ASN GW is:

28, method as claimed in claim 15, it is characterized in that, comprise Portal module and AAA module among the described ASN GW, comprise AAA module, Service Processing Module and short message module among the described AS, then the described AS of step C14 authenticates user terminal according to the user totem information and the password that receive, and with the method that authentication result sends to ASN GW is:

29, method as claimed in claim 16, it is characterized in that, comprise the Portal module among the described ASN GW, comprise AAA module, Portal module, Service Processing Module and short message module among the described AS, then the described AS of step B1 is by submitting the short message request message to, and the method that the password that is generated is sent to SMSC is:

30, method as claimed in claim 24 is characterized in that, comprises short message module among the described AS at least, and then described AS to the method that SMSC sends the binding transfer request message is:

SMSC to the method that AS returns binding transmission response message is:

Described AS to the method that SMSC sends unbind message is:

Short message module among the AS sends to SMSC with unbind message;

Described SMSC to the method that AS returns the unbind response message is:

31, the access authentication method in a kind of WiMAX network that uses the described system of claim 7 is characterized in that this method may further comprise the steps:

A21.Portal server notification user terminal is submitted user totem information to, and user terminal sends to Portal server with the user totem information of self;

The A22.Portal server is carried on the user totem information that receives and gets in the password request message, sends to AS;

32, method as claimed in claim 31 is characterized in that, the described AS of step B comprises the method that password sends to user terminal:

33, method as claimed in claim 31 is characterized in that, further comprises between described step B and the described step C:

34, method as claimed in claim 31 is characterized in that, the described method of carrying out the authentication of this WiMAX network of step C comprises:

35, method as claimed in claim 31 is characterized in that, described Portal server informing user terminal submits to the method for user totem information to be:

36, method as claimed in claim 31 is characterized in that, described Portal server informing user terminal submits to the method for user totem information and password to be:

37, method as claimed in claim 34 is characterized in that, described Portal server with the method that authentication result sends to user terminal is:

38, method as claimed in claim 34 is characterized in that, described AS according to the user totem information and the password that receive to the method that user terminal authenticates is:

39, method as claimed in claim 34 is characterized in that, described authentication result is an authentication success, and then the described method that authentication result is sent to Portal server of step C23 is:

AS returns the access success message to Portal server;

AS returns access failure message to Portal server.

40, method as claimed in claim 31 is characterized in that, before the described steps A, this method further comprises:

41, method as claimed in claim 31 is characterized in that, described AS power on and normally the operation after, this method further comprises:

Removing the network of having set up between AS and the SMSC is connected.

42, method as claimed in claim 41 is characterized in that, the method for network connection between described AS of foundation and the SMSC is:

43, method as claimed in claim 41, it is characterized in that, comprise the Portal module among the described ASN GW, comprise AAA module, Portal module and Service Processing Module, short message module among the described AS, then steps A 22 described Portal server are carried on the user totem information that receives and get in the password request message, and the method that sends to AS is:

44, method as claimed in claim 32, it is characterized in that, comprise the Portal module among the described ASN GW, comprise AAA module, Portal module, Service Processing Module and short message module among the described AS, then the described AS of step B1 is by submitting the short message request message to, and the method that the password that is generated is sent to SMSC is:

45, method as claimed in claim 33, it is characterized in that, comprise the Portal module among the described ASN GW, comprise AAA module, Portal module, Service Processing Module and short message module among the described AS, then described AS sends the method for getting the password response message to Portal server and is:

46, method as claimed in claim 31, it is characterized in that, comprise the Portal module among the described ASN GW, comprise AAA module, Portal module, Service Processing Module and short message module among the described AS, then the described Portal server of step C22 is the user totem information and the password that receive, is carried on to insert the method that sends to AS in the request message and be:

47, method as claimed in claim 34, it is characterized in that, comprise the Portal module among the described ASN GW, comprise AAA module, Portal module, Service Processing Module and short message module among the described AS, then the described AS of step C23 authenticates user terminal according to the user totem information and the password that receive, and with the method that authentication result sends to Portal server is:

48, method as claimed in claim 42 is characterized in that, comprises short message module among the described AS at least, and then described AS to the method that SMSC sends the binding transfer request message is:

SMSC to the method that AS returns binding transmission response message is:

Described AS to the method that SMSC sends unbind message is:

Short message module among the AS sends to SMSC with unbind message;

Described SMSC to the method that AS returns the unbind response message is: