CN101335647A - Family network access method and family network management system - Google Patents
Family network access method and family network management system Download PDFInfo
- Publication number
- CN101335647A CN101335647A CNA2008101320868A CN200810132086A CN101335647A CN 101335647 A CN101335647 A CN 101335647A CN A2008101320868 A CNA2008101320868 A CN A2008101320868A CN 200810132086 A CN200810132086 A CN 200810132086A CN 101335647 A CN101335647 A CN 101335647A
- Authority
- CN
- China
- Prior art keywords
- home network
- exterior terminal
- management system
- network
- family
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses a home network access method and a home network management system, wherein, the access method includes that: according to the embodiment of the invention, the home network access method includes that: when an external terminal requests the access to a home network, the home network management system acquires the identification information of the external terminal and the identification information is sent to the home network; the home network management system receives an authentication result from the home network, wherein, the authentication result is used for indicating that whether the external terminal has the access authority to the home network; on the condition that the authentication result indicates that the external terminal has the access authority to the home network, the home network management system feeds back related information required by the access to the home network to the external terminal so as to ensure that the external terminal has the access to the home network according to the related information. By adopting the method and the system of the invention, the network security of the home network is improved.
Description
Technical field
The present invention relates to the communications field, in particular to a kind of family network access method and family network management system.
Background technology
Along with internet, mobile network, data network, the fast development of next generation network networks such as (Next GenerationNetwork abbreviate NGN as) and the continuous intensification of social informatization degree, the demand of user access information is increasing.In order to satisfy this demand, public network functions and application are extended to family, therefore home network has appearred.Home network provides functions such as voice, data, multimedia, control and management, and the information that reaches is within the family between portion's terminal and with the abundant circulation of outside public network with share.
The business realizing schematic diagram of home network as shown in Figure 1.Wherein, the home network that user network (Customer Premise Network abbreviates CPN as) is made up of user network gateway, user network equipment, network disjunction (the wired or wireless physical connection that connects the user network element), network adapter (carry out L1/L2 in different network portions and ask conversion) and node (network adapter of band L3 routing capabilities).User network gateway (CustomerNetwork Gateway abbreviates CNG as) is the gateway between CPN and access network, and it carries out from the physical connection to the bridge or the network connecting function of routing function, also carries out relevant business support function.Subscriber equipment (Customer Network Devices abbreviates CND as) is to make the professional physical equipment that can use, and CND can be used for network, talk and voice and video business.
Home network is connected with external network by home gateway, in the one family network, each Terminal Type is interconnected and link to each other with home gateway, wired or wireless network by household internal, realize the self-organizing networking of each information terminal apparatus of home network and intelligent appliance equipment and automatic discovery and configuration feature are provided, provide online to the domestic consumer, IP phone, VOD (Videoon Demand, video request program), mass memory and personalized information service based on ASP (Application Service Provider, application service provider), interactive amusement game, business such as family's control on the telecommunication network and security service management.
At present, when exterior terminal need be visited the information of home network inside, be to adopt direct access modes, promptly by the home network address information or by DNS (Domain NameSystem, domain name system) is resolved to the home network address information, communicates with home network.For exterior terminal, home network is a kind of network of opening.
Can draw by above analysis: there is potential safety hazard in the mode of outside terminal access home network in the prior art.
Summary of the invention
The present invention aims to provide a kind of family network access method and family network management system, has the problem of potential safety hazard in the mode that solves outside terminal access home network in the prior art.
According to an aspect of the present invention, provide a kind of family network access method.
Family network access method according to the present invention comprises: when the exterior terminal request inserted home network, family network management system obtained the identification information of exterior terminal, and identification information is sent to home network; Family network management system receives the authenticating result from home network, and wherein, authenticating result is used to indicate exterior terminal whether to have the authority of visit home network; Have under the situation of the authority of visiting home network at authenticating result indication exterior terminal, family network management system will be visited the required relevant information of home network and be fed back to exterior terminal, so that exterior terminal is visited home network according to relevant information.
Preferably, after family network management system sent to home network with identification information, above-mentioned access method also comprised: home network receives the identification information of exterior terminal; Home network carries out authentication according to identification information to the authority whether exterior terminal has the visit home network, and authenticating result is sent to family network management system.
Preferably, the family network management system identification information that obtains exterior terminal specifically comprises: family network management system and exterior terminal consult to set up first escape way; Family network management system obtains the identification information of exterior terminal by first escape way, wherein, identification information comprise following one of at least: user name, password, response.
Preferably, will visit before the required relevant information of home network feeds back to exterior terminal at family network management system, above-mentioned access method also comprises: family network management system and home network consult to set up second escape way; Family network management system receives the required relevant information of visit home network by second escape way.
Preferably, obtain at family network management system before the identification information of exterior terminal, above-mentioned access method also comprises: exterior terminal is inquired about family network management system, obtains the information of home network to be visited.
Preferably, above-mentioned home network is the registered user of family network management system, and above-mentioned exterior terminal has the authority of visit family network management system.
According to a further aspect in the invention, also provide a kind of family network management system.
Family network management system according to the present invention comprises: information issuing module is used to exterior terminal that the information that inserts home network is provided; Acquisition module is used for obtaining the identification information of exterior terminal when the exterior terminal request inserts home network; Sending module is used for identification information is sent to home network; Receiver module is used to receive the authenticating result from home network, and wherein, authenticating result is used to indicate exterior terminal whether to have the authority of visit home network; Feedback module, be used for having under the situation of the authority of visiting home network at authenticating result indication exterior terminal, the required relevant information of visit home network is fed back to exterior terminal, so that exterior terminal is visited home network according to relevant information, perhaps, indicate described exterior terminal not have under the situation of the authority of visiting described home network in described authenticating result, refuse the access request of described exterior terminal.
Preferably, above-mentioned management system also comprises: first escape way is set up module, is used for consulting to set up first escape way with exterior terminal, and acquisition module and feedback module are mutual by first escape way and exterior terminal.
Preferably, above-mentioned management system also comprises: second escape way is set up module, is used for consulting to set up second escape way with home network, and sending module and receiver module are mutual by second escape way and home network.
Preferably, management system be self-existent physical entity or with the logic entity of other network elements unification.
Because employing the above embodiment of the present invention by increasing family network management system, when exterior terminal is visited the internal information of home network, need be carried out authentication and mandate by family network management system, therefore the fail safe that has improved home network.
Description of drawings
Accompanying drawing described herein is used to provide further understanding of the present invention, constitutes the application's a part, and illustrative examples of the present invention and explanation thereof are used to explain the present invention, do not constitute improper qualification of the present invention.In the accompanying drawings:
Fig. 1 is the schematic diagram of realizing according to the family network service of prior art;
Fig. 2 is the schematic diagram according to the application scenarios of the inventive method embodiment;
Fig. 3 is the flow chart according to the family network access method of the embodiment of the invention;
Fig. 4 is the flow chart of family network access method according to the preferred embodiment of the invention;
Fig. 5 is the cyberrelationship schematic diagram according to the family network management system of the embodiment of the invention;
Fig. 6 is the block diagram according to the family network management system of the embodiment of the invention.
Embodiment
Below in conjunction with accompanying drawing the preferred embodiments of the present invention are described, should be appreciated that preferred embodiment described herein only is used for description and interpretation the present invention, and be not used in qualification the present invention.
Method embodiment
Fig. 2 shows the schematic diagram according to the application scenarios of the embodiment of the invention.On communication network, increase the family network management system logical functional entity, as disclosed home network registration and inquiry door.The position of family network management system in communication network, as shown in Figure 2.
The embodiment of the invention proposes a kind of family network access method, Fig. 3 has provided the flow process according to the family network access method of the embodiment of the invention, in flow process shown in Figure 3, home network is the registered user of family network management system, and the case of external terminal has the authority of visit family network management system.As shown in Figure 3, this access method comprises:
Step S302, when the exterior terminal request inserted home network, family network management system obtained the identification information of exterior terminal, and identification information is sent to home network;
Step S304, family network management system receives the authenticating result from home network, and wherein, authenticating result is used to indicate exterior terminal whether to have the authority of visit home network;
Step S306 has under the situation of the authority of visiting home network at authenticating result indication exterior terminal, and family network management system will be visited the required relevant information of home network and be fed back to exterior terminal, so that exterior terminal is visited home network according to relevant information.
Wherein, after step S302, above-mentioned access method comprises that also home network carries out the processing of authentication to exterior terminal, and it specifically comprises: home network receives the identification information of exterior terminal; Home network carries out authentication according to identification information to the authority whether exterior terminal has the visit home network, and authenticating result is sent to family network management system.
Particularly, the family network management system identification information that obtains exterior terminal comprises: family network management system and exterior terminal consult to set up first escape way; Family network management system obtains the identification information of exterior terminal by first escape way, wherein, identification information comprise following one of at least: user name, password, response.
Preferably, will visit before the required relevant information of home network feeds back to exterior terminal at family network management system, above-mentioned access method also comprises: family network management system and home network consult to set up second escape way; Family network management system receives the required relevant information of visit home network by second escape way.
And before step S302, above-mentioned access method also comprises: exterior terminal is inquired about family network management system, obtains the information of home network to be visited.
By the foregoing description, exterior terminal need carry out authentication and mandate by family network management system when the internal information of visit home network, improved the fail safe of home network.
Fig. 4 has provided the flow process of family network access method according to the preferred embodiment of the invention.As shown in Figure 4, the family network access method that the preferred embodiment of the present invention proposes may further comprise the steps:
Step S402, home network is registered to family network management system.
This register flow path can be that home network user is initiated, and also can be that the family network management system service supplier is initiated, and can also realize by static configuration.In log-on message, need to comprise the address information of home network at least, so that family network management system can carry out with it alternately; In addition, in the time of also may comprising family network management system and household network communication, the security parameter or the escape way that need to adopt are set up information such as mode.
Step S404 when exterior terminal need be visited home network, by disclosed family network management system inquiry home network, determines home network to be visited.
Step S406, if this exterior terminal is not obtained the mandate of using family network management system, then family network management system is refused the request of this exterior terminal; Otherwise family network management system and this exterior terminal carry out alternately, obtain this exterior terminal information of indicating self uniquely in home network safely.According to the security strategy rule, exterior terminal offers the information of home network, may adopt the safety measure processing, so that have only home network to discern.
For example, according to the security strategy rule, family network management system and this external user may at first consult to form escape way, transmit the employed the user name and password of exterior terminal visit home network then in escape way; Again for example, according to the security strategy rule, family network management system at first generates a random number, then this random number is sent to exterior terminal, the employed user name of exterior terminal utilization visit home network, password, information such as random number, with specific algorithm, calculate a response, to visit the employed user name of home network again, information such as response transmit or send family network management system to by escape way, network management system is with user name, random number, information such as response transmit or send home network to by escape way, need not transmit the employed password of exterior terminal visit home network this moment on network.
Step S408, family network management system carries out alternately with home network on the escape way of setting up after receiving the exterior terminal relevant information, utilizes the exterior terminal relevant information that gets access to, this exterior terminal is carried out authentication, legal exterior terminal is authorized.Wherein, escape way can be to set up, and also can be interim foundation.
Step S410, if by mutual with home network, family network management system finds that this exterior terminal do not obtain the mandate of home network, then refuses the visit of this exterior terminal; Otherwise, according to the security strategy rule, need to set up the relevant information of this this visit of exterior terminal on the home network relevant device, for example, admittance control tabulation (Access Control List at this this visit of exterior terminal, abbreviate ACL as), network address translation (NetworkAddress Translation abbreviates NAT as), cryptographic algorithm, encryption key, integral algorithm, Integrity Key etc.
The relevant information that need use when then, home network is visited exterior terminal is transmitted to exterior terminal by family network management system on escape way.According to the security strategy rule, home network offers the information of exterior terminal, may adopt the safety measure processing, so that have only exterior terminal to discern.
Step S412, the home network relevant information that the exterior terminal utilization is obtained communicates between beginning and the home network or begins to communicate flow process.For example, for the NGN network, communication process comprises various resource allocations and reserves flow process.
According to this embodiment, exterior terminal need carry out authentication and mandate by family network management system when visit home network internal information, therefore increased the fail safe of home network.
Device embodiment
The embodiment of the invention also proposes a kind of family network management system, this system both can be used as independent physical entity and had realized, also can be provided with, for example can be positioned at, also can be positioned at service portal with Business Management Platform with other functional entity unification on the network.This domestic network system is the management system of exterior terminal visit home network, and its position with exterior terminal and home network concerns as shown in Figure 5.
Fig. 6 is the block diagram according to the family network management system of the embodiment of the invention.As shown in Figure 6, be used to realize that family network management system of the present invention comprises information issuing module 10, acquisition module 20, sending module 30, receiver module 40, feedback module 50.
Particularly, information issuing module 10 is used to exterior terminal that the information that inserts home network is provided; Acquisition module 20 is connected to information issuing module 10, is used for obtaining when the exterior terminal request inserts home network the identification information of exterior terminal; Sending module 30 is connected to acquisition module 20 and home network, is used for the identification information of exterior terminal is sent to home network; Receiver module 40 is connected to home network, is used to receive the authenticating result from home network, and wherein, authenticating result is used to indicate exterior terminal whether to have the authority of visit home network; Feedback module 50, be connected to receiver module 40 and exterior terminal, be used for having under the situation of the authority of visiting home network at authenticating result indication exterior terminal, the required relevant information of visit home network is fed back to exterior terminal, so that exterior terminal is visited home network according to relevant information, perhaps, do not have under the situation of the authority of visiting home network the access request of refusal exterior terminal at authenticating result indication exterior terminal.
Preferably, above-mentioned management system also comprises: first escape way is set up module, is used for consulting to set up first escape way with exterior terminal, and acquisition module 20 and feedback module 50 are undertaken by first escape way and exterior terminal alternately.
Preferably, above-mentioned management system also comprises: second escape way is set up module, is used for consulting to set up second escape way with home network, and sending module 30 and receiver module 40 are undertaken by second escape way and home network alternately.
Above-mentioned management system can be logic entity or physical entity.For logic system, can be integrated on other physical entity, each module in the management system can be distributed on other physical entity; For physical entity, management system is present on the communication network as independent network element.
In sum, exterior terminal carries out authentication and mandate by the family network management system that increases when the internal information of visit home network, improved the fail safe of home network.
Obviously, those skilled in the art should be understood that, above-mentioned each module of the present invention or each step can realize with the general calculation device, they can concentrate on the single calculation element, perhaps be distributed on the network that a plurality of calculation element forms, alternatively, they can be realized with the executable program code of calculation element, thereby, they can be stored in the storage device and carry out by calculation element, perhaps they are made into each integrated circuit modules respectively, perhaps a plurality of modules in them or step are made into the single integrated circuit module and realize.Like this, the present invention is not restricted to any specific hardware and software combination.
The above is the preferred embodiments of the present invention only, is not limited to the present invention, and for a person skilled in the art, the present invention can have various changes and variation.Within the spirit and principles in the present invention all, any modification of being done, be equal to replacement, improvement etc., all should be included within protection scope of the present invention.
Claims (10)
1. a family network access method is characterized in that, comprising:
When the exterior terminal request inserted home network, family network management system obtained the identification information of described exterior terminal, and described identification information is sent to home network;
Described family network management system receives the authenticating result from described home network, and wherein, described authenticating result is used to indicate described exterior terminal whether to have the authority of the described home network of visit;
Indicate described exterior terminal to have under the situation of the authority of visiting described home network in described authenticating result, described family network management system will be visited the required relevant information of described home network and be fed back to described exterior terminal, so that described exterior terminal is visited described home network according to described relevant information.
2. access method according to claim 1 is characterized in that, after described family network management system sent to described home network with described identification information, described method also comprised:
Described home network receives the identification information of described exterior terminal;
Described home network carries out authentication according to described identification information to the authority whether described exterior terminal has the described home network of visit, and described authenticating result is sent to described family network management system.
3. access method according to claim 2 is characterized in that, the identification information that described family network management system obtains described exterior terminal specifically comprises:
Described family network management system and described exterior terminal consult to set up first escape way;
Described family network management system obtains the identification information of described exterior terminal by described first escape way, wherein, described identification information comprise following one of at least: user name, password, response.
4. access method according to claim 3 is characterized in that, will visit before the required relevant information of described home network feeds back to described exterior terminal at described family network management system, and described method also comprises:
Described family network management system and described home network consult to set up second escape way;
Described family network management system receives the required relevant information of the described home network of visit by described second escape way.
5. access method according to claim 4 is characterized in that, obtains at described family network management system before the identification information of described exterior terminal, and described method also comprises:
Described exterior terminal is inquired about described family network management system, obtains the information of described home network to be visited.
6. according to each described access method in the claim 1 to 5, it is characterized in that described home network is the registered user of described family network management system, and described exterior terminal has the authority of the described family network management system of visit.
7. a family network management system is characterized in that, comprising:
Information issuing module is used to exterior terminal that the information that inserts home network is provided;
Acquisition module is used for obtaining the identification information of described exterior terminal when the exterior terminal request inserts described home network;
Sending module is used for described identification information is sent to home network;
Receiver module is used to receive the authenticating result from described home network, and wherein, described authenticating result is used to indicate described exterior terminal whether to have the authority of the described home network of visit;
Feedback module, be used for indicating described exterior terminal to have under the situation of the authority of visiting described home network in described authenticating result, the required relevant information of the described home network of visit is fed back to described exterior terminal, so that described exterior terminal is visited described home network according to described relevant information, perhaps, indicate described exterior terminal not have under the situation of the authority of visiting described home network in described authenticating result, refuse the access request of described exterior terminal.
8. management system according to claim 7 is characterized in that, also comprises:
First escape way is set up module, is used for consulting to set up described first escape way with described exterior terminal, and described acquisition module and described feedback module are mutual by described first escape way and described exterior terminal.
9. management system according to claim 8 is characterized in that, also comprises:
Second escape way is set up module, is used for consulting to set up described second escape way with described home network, and described sending module and described receiver module are mutual by described second escape way and described home network.
10. according to each described management system in the claim 7 to 9, it is characterized in that, described management system be self-existent physical entity or with the logic entity of other network elements unification.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNA2008101320868A CN101335647A (en) | 2008-07-24 | 2008-07-24 | Family network access method and family network management system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNA2008101320868A CN101335647A (en) | 2008-07-24 | 2008-07-24 | Family network access method and family network management system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN101335647A true CN101335647A (en) | 2008-12-31 |
Family
ID=40197980
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CNA2008101320868A Pending CN101335647A (en) | 2008-07-24 | 2008-07-24 | Family network access method and family network management system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101335647A (en) |
Cited By (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101820344A (en) * | 2010-03-23 | 2010-09-01 | 中国电信股份有限公司 | AAA server, home network access method and system |
| CN103248616A (en) * | 2012-02-14 | 2013-08-14 | 中兴通讯股份有限公司 | Method, device and system for identity verification in DLNA (digital living network alliance) network |
| WO2013143265A1 (en) * | 2012-03-26 | 2013-10-03 | 华为技术有限公司 | Internet access method and device |
| CN103384232A (en) * | 2012-05-02 | 2013-11-06 | 华为终端有限公司 | Identity authentication method and device |
| CN104243250A (en) * | 2014-08-18 | 2014-12-24 | 小米科技有限责任公司 | Access authorization method, device and equipment based on intelligent housing system |
| CN104618391A (en) * | 2015-02-25 | 2015-05-13 | 联想(北京)有限公司 | Access control method and electric device |
| WO2016086739A1 (en) * | 2014-12-03 | 2016-06-09 | 西安西电捷通无线网络通信股份有限公司 | Method for device having wlan function to access network and device for implementing method |
-
2008
- 2008-07-24 CN CNA2008101320868A patent/CN101335647A/en active Pending
Cited By (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101820344A (en) * | 2010-03-23 | 2010-09-01 | 中国电信股份有限公司 | AAA server, home network access method and system |
| CN103248616A (en) * | 2012-02-14 | 2013-08-14 | 中兴通讯股份有限公司 | Method, device and system for identity verification in DLNA (digital living network alliance) network |
| WO2013143265A1 (en) * | 2012-03-26 | 2013-10-03 | 华为技术有限公司 | Internet access method and device |
| CN103384232A (en) * | 2012-05-02 | 2013-11-06 | 华为终端有限公司 | Identity authentication method and device |
| CN103384232B (en) * | 2012-05-02 | 2016-08-24 | 华为终端有限公司 | Identity authentication method and device |
| CN104243250A (en) * | 2014-08-18 | 2014-12-24 | 小米科技有限责任公司 | Access authorization method, device and equipment based on intelligent housing system |
| CN104243250B (en) * | 2014-08-18 | 2017-12-12 | 小米科技有限责任公司 | Access authorization methods, device and equipment based on intelligent domestic system |
| WO2016086739A1 (en) * | 2014-12-03 | 2016-06-09 | 西安西电捷通无线网络通信股份有限公司 | Method for device having wlan function to access network and device for implementing method |
| US10554431B2 (en) | 2014-12-03 | 2020-02-04 | China Iwncomm Co., Ltd. | Method for device having WLAN function to access network and device for implementing method |
| CN104618391A (en) * | 2015-02-25 | 2015-05-13 | 联想(北京)有限公司 | Access control method and electric device |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110800331B (en) | Network verification method, related equipment and system | |
| CN102547680B (en) | System of internet of things and safety management method for system of internet of things | |
| CN101820344B (en) | AAA server, home network access method and system | |
| CN101064628B (en) | Household network appliance safe management system and method | |
| CN105307108B (en) | A kind of Internet of Things information exchange communication means and system | |
| JP4728258B2 (en) | Method and system for managing access authentication for a user in a local management domain when the user connects to an IP network | |
| US9319412B2 (en) | Method for establishing resource access authorization in M2M communication | |
| US9319413B2 (en) | Method for establishing resource access authorization in M2M communication | |
| CN104767715B (en) | Access control method and equipment | |
| CN101267367B (en) | Method, system, authentication server and home device for controlling access to home network | |
| CN101335647A (en) | Family network access method and family network management system | |
| JP2009526418A (en) | Method, system and apparatus for indirect access by communication device | |
| CN102783115A (en) | Method and apparatus for trusted federated identity | |
| KR101765917B1 (en) | Method for authenticating personal network entity | |
| CN101917431A (en) | Method and device for preventing illegal invasion of internal network of intelligent home | |
| US20120331286A1 (en) | Apparatus and method for providing service to heterogeneous service terminals | |
| CN108023883A (en) | A kind of device authorization management method and device | |
| CN101986598A (en) | Authentication method, server and system | |
| CN106790251A (en) | User access method and subscriber access system | |
| CN104604295B (en) | For in a wireless communication system by server management of terminal to the method and its equipment of the access rights of resource | |
| CN103249043B (en) | Methods for SN (sensor node) equipment authentication and state authentication, as well as security protocol method | |
| CN102571328B (en) | The service calling method of user terminal, system and user terminal | |
| CN108599968B (en) | Information broadcasting method for urban Internet of things | |
| JP6155237B2 (en) | Network system and terminal registration method | |
| CN108966218A (en) | A kind of wireless network access method and system based on management terminal control |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C12 | Rejection of a patent application after its publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20081231 |