CN101355578A - Compatible method and system for mobile IP application based on RADIUS and DIAMETER protocol - Google Patents

Compatible method and system for mobile IP application based on RADIUS and DIAMETER protocol Download PDF

Info

Publication number
CN101355578A
CN101355578A CNA200810119536XA CN200810119536A CN101355578A CN 101355578 A CN101355578 A CN 101355578A CN A200810119536X A CNA200810119536X A CN A200810119536XA CN 200810119536 A CN200810119536 A CN 200810119536A CN 101355578 A CN101355578 A CN 101355578A
Authority
CN
China
Prior art keywords
server
radius
message
services device
diameter agreement
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CNA200810119536XA
Other languages
Chinese (zh)
Other versions
CN101355578B (en
Inventor
申砾
张娇
张玉军
王淼
张翰文
许智君
马超
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shanghai Star Earth Communication Engineering Research Institute
Original Assignee
Institute of Computing Technology of CAS
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Institute of Computing Technology of CAS filed Critical Institute of Computing Technology of CAS
Priority to CN 200810119536 priority Critical patent/CN101355578B/en
Publication of CN101355578A publication Critical patent/CN101355578A/en
Application granted granted Critical
Publication of CN101355578B publication Critical patent/CN101355578B/en
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Landscapes

  • Mobile Radio Communication Systems (AREA)

Abstract

The invention discloses a compatible method and a compatible system for the application of mobile IP based on a RADIUS protocol and a DIAMETER protocol. The method comprises the following steps of communication between a mobile node and an access server; communication between the access server and a translation agent server, wherein the translation agent server carries out mutual translation for message formats of the RADIUS protocol and the DIAMETER protocol; and communication between the translation agent server and a certificate server, wherein one of the access server and the certificate server runs the RADIUS protocol, while the other one of the access server and the certificate server runs the DIAMETER protocol. The method and the system not only can ensure that network entities running different AAA protocols work coordinately, but also ensure the combination of a register flow and a certificate flow of a network entity based on the RADIUS protocol because the register flow adopts the application of the mobile IP based on the DIAMETER protocol, thereby improving efficiency.

Description

The compatibility method and the system that use based on the mobile IP of RADIUS and DIAMETER agreement
Technical field
The present invention relates to network authentication, mandate, book keeping operation (Authentication, Authorization, Accounting based on the DIAMETER agreement, AAA) the mobile IP expanded application of system and based on the mobile IP expanded application of the AAA system of radius protocol is specifically related to compatibility method and system that the mobile IP based on RADIUS and DIAMETER agreement uses.
Background technology
Mobile IP be a kind of on Internet layer Network Based the solution of locomotive function is provided.Mobile IP makes that (Mobile Node MN) in the process that moves, needn't change the IP address to mobile node between heterogeneous networks, still can keep with other mobile nodes or do not have the continuity of the inter-node communication of mobile IP function.
Mobile IP system mainly comprise mobile node (MN), foreign agent services device (Foreign Agent, FA), the home agent services device (Home Agent, HA).Each mobile node all has a home address (Home of Address, HoA), when mobile node leaves home network and enters field network, it need obtain a Care-of Address (Care of Address, CoA), and pass through foreign agent services device (perhaps direct) to the registration of home agent services device, on the acting server of local, create the related of a HoA and CoA.The packet that mobile node sends to mobile node is routed to the home network of mobile node by normal IP, and the home agent services device is intercepted and captured these packets, and by tunneling technique they is sent to the current location of mobile node.
The safety problem that exists in the mobile IP system mainly is present in registration process and communication process.Be in the registration process of mobile node that on the one hand if do not adopt safety precautions, malicious user can cause all packets all to be forwarded to the malicious user there by sending false register requirement to local agent.Be the normal communication process in registration back on the other hand, the assailant can eavesdrop session, the data intercept bag.Therefore fail safe is to guarantee that mobile IP technology plays a role to need the key factor considered, and the integrality of mobile subscriber's authentication, message and confidentiality are one of key problems of mobile IP safety in the registration process.For solving the safety issue in the registration process, need to introduce security protocol, and aaa protocol is exactly one of them.
AAA refers to Authentication (authentication), Authorization (mandate), Accounting (book keeping operation).Wherein, authentication is meant by verifying that some information of registering in advance carry out authentication to the user, to determine user's legitimacy, prevents that the disabled user from using Internet resources; Mandate is meant whether decision is authorized user capture particular network resource or obtained the right of a certain service on the basis of authentication; Book keeping operation is meant network system record and the storage user use information to Internet resources, various services, and according to predetermined rule to user behavior charge, audit etc.
Radius protocol is one of at present the most frequently used aaa protocol, can be used to solve the registration security problem of mobile IP.Its network topology structure as shown in Figure 1, it comprises mobile node 11, foreign agent services device 12, home agent services device 13, nonlocal certificate server (Foreign AAA server, AAAF) 14 and local authentication server (Home AAA server, AAAH) 15.In network topology structure shown in Figure 1, the register flow path of mobile node 11 is:
Step S11, beginning.Before mobile node 11 start-up loggings, mobile node 11 has only network access Identifier (Network Access Identifier, NAI) and mobile node 11 and nonlocal certificate server 15 (Home AAA server, AAAH) mobile security association (Mobility Security Association, security information MSA).
Step S12, after mobile node 11 start, mobile node 11 outwards acting server 12 send login request message (Registration Request, RRQ).
Step S13, foreign agent services device 12 is received the registration request (rrq) of mobile node 11, do not have mobile security association (MSA) between foreign agent services device 12 and mobile node 11 and the home agent services device 13 this moment, be this foreign agent services device 12 certificate server 14 (Foreign AAAserver outwards then, AAAF) send access request (RADIUS Access Request, AR) message, wherein the MIP-Feature-Vector attribute is provided with FA-HA-Key-Request and MN-FA-Key-Nonce-Request position.
Step S14, nonlocal certificate server 14 are transmitted to nonlocal certificate server 15 after receiving AR message.
Step S15, after other places certificate server 15 is received AR, at first verify the identity of mobile node 11, if by checking, then distribute the key information (FA-HA-Key) between key information (MN-FA-Key), foreign agent services device 12 and the home agent services device 13 between mobile node 11 and the foreign agent services device 12, and transmission inserts permission (RADIUS Access-Accept, AA) message is given foreign agent services device 12, is used for the MSA that foreign agent services device 12 is set up foreign agent services device 12 and mobile node 11, home agent services device 13; This access grant message (AA) needs to arrive foreign agent services device 12 through nonlocal certificate server 14.
Step S16, AA message arrives foreign agent services device 12 through nonlocal certificate server 14, shows that mobile node 11 is by authentication.Foreign agent services device 12 obtains being used to setting up the security information of the MSA between foreign agent services device 12 and mobile node 11, the home agent services device 13 from AA message, send registration information (RRQ) message to home agent services device 13 then.
Step S17, home agent services device 13 is received the RRQ from foreign agent services device 12, if judge the MSA that has had foreign agent services device 12 and home agent services device 13 on the home agent services device 13, then home agent services device 13 can be verified foreign agent services device 12 among the RRQ and mobile node 11 information; Otherwise home agent services device 13 will be verified by foreign agent services device 12 among 15 couples of RRQ of nonlocal certificate server and mobile node 11 information, this proof procedure is home agent services device 13 certificate server 15 transmission AR message at first outwards, and nonlocal certificate server 15 checkings send the AR message by the back to home agent services device 13.
After foreign agent services device 12 among 13 couples of RRQ of home agent services device and mobile node 11 Information Authentications are passed through, the register requirement of 13 pairs of mobile nodes 11 of home agent services device is handled, (Mobile IP Registration Reply, RRP) message is given foreign agent services device 12 to send the registration answer then.
Step S18, foreign agent services device 12 is given mobile node 11 with the RRP forwards, finishes registration process.
More than be applied to the main flow process of mobile IP registration process for radius protocol.RADIUS can satisfy the needs of mobile IP for safety problem to a certain extent.
Various in recent years Internet services continue to bring out, and the user who inserts the Internet in every way constantly increases, and feasible router and network access server based on original AAA technology is difficult to reply.Aaa protocols such as RADIUS can't satisfy demand under the new situation.Through discussing, the AAA working group of IETF is agreed the DIAMETER agreement as aaa protocol standard of future generation.The DIAMETER agreement has bigger advantage at aspects such as End-to-End Security, dilatation, transmission reliability, roaming support, failover and autgmentabilities than radius protocol, can satisfy the needs of present stage.
The DIAMETER agreement provides the support to mobile IP.Utilize the DIAMETER basic agreement, use a lot of problems that solved among the mobile IP fairly perfectly based on the mobile IP of DIAMETER agreement.In the mobile IP based on the DIAMETER agreement uses, the aaa authentication server is as key distribution center, be that mobile node, foreign agent services device and home agent services device create and the assign sessions key, thus make mobile node externally network obtain access service.Its network topology structure as shown in Figure 2.According to network topology shown in Figure 2, the register flow path of mobile node 21 is:
Step S21, beginning.Before mobile node 21 start-up loggings, mobile node 21 has only the information of NAI and mobile node 21 and the mobile security of local authentication server 25 related (MSA).
Step S22, after mobile node 21 starts, mobile node 21 outwards acting server 22 sends register requirement (Registration Request, RRQ) message.
Step S23, after foreign agent services device 22 was received login request message, (AA-Mobile-Node-Request, AMR) message was issued nonlocal certificate server 24 to generate the mobile node request according to wherein information.
Step S24, nonlocal certificate server 24 is transmitted to local authentication server 25 after receiving AMR.
Step S25, after local authentication server 25 is received AMR, for mobile node 21 distributes between mobile nodes 21 and the home agent services device 23, key information between mobile node 21 and the foreign agent services device 22, and the key information between foreign agent services device 22 and the home agent services device 23, and send local agent to home agent services device 23 and move IP request (Home-Agent-MIP-Request, HAR) message, MIP-Reg-Request AVP wherein comprises mobile IP login request information.
Step S26, home agent services device 23 is received HAR, handles MIP-Reg-Request AVP, generates MIP-Reg-Reply AVP, MIP-Reg-Reply AVP is included in local agent to be moved IP response (Home-Agent-MIP-Answer HAA) sends to local authentication server 25 in the message.
Step S27, after local authentication server 25 was received HAA, (AA-Mobile-Node-Answer, AMA) message sent to nonlocal certificate server 24 to generate the mobile node response.
Step S28, nonlocal certificate server 24 is transmitted to foreign agent services device 22 with AMA.
Step S29, foreign agent services device 22 is received the key information that keeps behind the AMA between foreign agent services device 22 and the home agent services device 23, key information between foreign agent services device 22 and the mobile node 21, between home agent services device 23 and the mobile node 21 is included in registration reply (Registration-Reply, RRP) in the message, send to mobile node 21, finish registration.
As the aaa protocol of a new generation, DIAMETER has compared remarkable advantages with RADIUS, and gradually under the situation of all-IP transition, the DIAMETER agreement will be widely used at the future mobile communications net.But currently come, using radius protocol still is main mode, nearly all network access server is all supported radius protocol, and therefore can new aaa protocol be promoted smoothly and be applied in and depend on that to a great extent can new agreement compatible radius protocol.The DIAMETER agreement has adopted some mechanism to be beneficial to compatible radius protocol, but because the difference aspect message format, property value and register flow path between the mobile IP application of RADIUS and DIAMETER agreement does not also have concrete method can realize the compatibility that the mobile IP of radius protocol uses and the mobile IP of DIAMETER agreement uses at present.
Summary of the invention
An object of the present invention is to provide the message format compatibility method of RADIUS and DIAMETER agreement.Because DIAMETER has different separately message formats with radius protocol, also introduced different attribute formats in mobile IP application facet, so compatible for these two kinds mobile IP are used, need make based on changing mutually between the message of these two kinds of agreements.
Another object of the present invention provides the compatibility method based on the mobile IP application of RADIUS and DIAMETER agreement.Because the register flow path that the mobile IP of RADIUS and DIAMETER agreement uses has very big-difference, so need a kind of method can make the access server and the certificate server of these two kinds of agreements of operation can collaborative work under common flow process.
Another purpose of the present invention provides a kind of compatible system of using based on the mobile IP of RADIUS and DIAMETER agreement, make that the certificate server of the access server of DIAMETER (or RADIUS) agreement and RADIUS (or DIAMETER) agreement can be compatible in mobile IP uses, and do not change the function of original network configuration and network entity.
For above-mentioned purpose, the invention provides following technical scheme;
A kind of compatibility method of using based on the mobile IP of RADIUS and DIAMETER agreement comprises the steps:
Step S1, communication between mobile node and the access server;
Step S2, communication between access server and the translation acting server, described translation acting server is translated the message format of RADIUS and DIAMETER agreement mutually;
Step S3, communication between described translation acting server and the certificate server;
Wherein, one of them operation radius protocol of described access server and described certificate server, another operation DIAMETER agreement.
Further, the described access server among the step S1 is the foreign agent services device, and correspondingly the described certificate server among the step S3 is nonlocal certificate server; Perhaps, the described access server among the step S1 is the home agent services device, and correspondingly the described certificate server among the step S3 is the local authentication server.
Further, the compatibility method that the above-mentioned mobile IP based on RADIUS and DIAMETER agreement uses, described access server in step S1 is the foreign agent services device, when correspondingly the described certificate server among the step S3 is nonlocal certificate server, also comprises:
Step S4, communication between described nonlocal certificate server and the local authentication server;
Step S5, communication between the described local authentication server and the second translation acting server, the described second translation acting server is translated the message format of RADIUS and DIAMETER agreement mutually;
Step S6, communication between described second translation acting server and the home agent services device;
Wherein, one of them operation radius protocol of described local authentication server and described home agent services device, another operation DIAMETER agreement.
Further, when described home agent services device and described foreign agent services device operation DIAMETER agreement, when described nonlocal certificate server and described local authentication server operation radius protocol, described step S3 also comprises:
Communication between described translation acting server and the described second translation acting server.
Further, the described compatibility method of using based on the mobile IP of RADIUS and DIAMETER agreement also comprises:
In step S4, carry out communication by the 3rd translation acting server between described nonlocal certificate server and the described local authentication server, described the 3rd translation acting server is translated the message format of RADIUS and DIAMETER agreement mutually; One of them operation radius protocol of wherein said nonlocal certificate server and described local authentication server, another operation DIAMETER agreement.
Further, the described compatibility method of using based on the mobile IP of RADIUS and DIAMETER agreement also comprises:
Step S7 handles and sends back to mobile node to the registration answer message that the home agent services device sends, and finishes the mobile node registration.
Further, the described compatibility method of using based on the mobile IP of RADIUS and DIAMETER agreement, in step S2, the method that described translation acting server is translated the message format of RADIUS and DIAMETER agreement mutually comprises:
The mobile node request message of DIAMETER agreement and the access request message of RADIUS are translated mutually;
The mobile node response message of DIAMETER agreement and the access permission of radius protocol and refuse information and registration are replied message and are translated mutually; MIP-MA-Type attribute in wherein said access permission and the refuse information is provided with, and what be used to represent this message correspondence is DIAMETER protocol message between local authentication server or nonlocal certificate server and the foreign agent services device;
The home agent request message of DIAMETER agreement and the login request message of radius protocol are translated mutually;
The home agent response message of DIAMETER agreement and the access permission/refuse information of radius protocol and registration are replied message and are translated mutually; MIP-MA-Type attribute in wherein said access permission and the refuse information is provided with, and what be used to represent this message correspondence is DIAMETER protocol message between home agent services device and the local authentication server.
The present invention also provides a kind of compatible system of using based on the mobile IP of RADIUS and DIAMETER agreement, comprising:
Access server carries out communication with mobile node, is used for the proxy mobile node access network;
The translation acting server is arranged between described access server and the certificate server, is used for the message format of RADIUS and DIAMETER agreement is translated mutually;
Certificate server is used for carrying out communication by described translation acting server and described access server;
Wherein, one of them operation radius protocol of described access server and described certificate server, another operation DIAMETER agreement.
Further, described access server is the foreign agent services device, and correspondingly described certificate server is nonlocal certificate server; Perhaps, described access server is the home agent services device, and correspondingly described certificate server is the local authentication server.
Further, the described compatible system of using based on the mobile IP of RADIUS and DIAMETER agreement, when described access server is the foreign agent services device, when correspondingly described certificate server is nonlocal certificate server, also comprise: the local authentication server, carry out communication with described nonlocal certificate server.
Further, the described compatible system of using based on the mobile IP of RADIUS and DIAMETER agreement also comprises: the home agent services device, carry out communication by the second translation acting server and described local authentication server; The described second translation acting server is used for the message format of RADIUS and DIAMETER agreement is translated mutually, one of them operation radius protocol of wherein said home agent services device and described local authentication server, another operation DIAMETER agreement.
Further, when described foreign agent services device and described home agent services device is the server of operation DIAMETER agreement, when described nonlocal certificate server and described local authentication server were the server of operation radius protocol, described translation acting server and the described second translation acting server carried out communication.
Further, the described compatible system of using based on the mobile IP of RADIUS and DIAMETER agreement, also comprise: one of them the operation radius protocol that when described nonlocal certificate server and described local authentication server is, during another operation DIAMETER agreement, described local authentication server carries out communication by one the 3rd translation acting server and described nonlocal certificate server; Described the 3rd translation acting server is used for the message format of RADIUS and DIAMETER agreement is translated mutually.
Further, the described compatible system of using based on the mobile IP of RADIUS and DIAMETER agreement is characterized in that described translation acting server is translated the message format of RADIUS and DIAMETER agreement mutually and comprised:
The mobile node request message of DIAMETER agreement and the access request message of RADIUS are translated mutually;
The mobile node response message of DIAMETER agreement and the access permission of radius protocol and refuse information and registration are replied message and are translated mutually; MIP-MA-Type attribute in wherein said access permission and the refuse information is provided with, and what be used to represent this message correspondence is DIAMETER protocol message between local authentication server or nonlocal certificate server and the foreign agent services device;
The home agent request message of DIAMETER agreement and the login request message of radius protocol are translated mutually;
The home agent response message of DIAMETER agreement and the access permission/refuse information of radius protocol and registration are replied message and are translated mutually; MIP-MA-Type attribute in wherein said access permission and the refuse information is provided with, and what be used to represent this message correspondence is DIAMETER protocol message between home agent services device and the local authentication server.
The invention has the beneficial effects as follows:
By adopting scheme of the present invention, not only can make the network entity collaborative work of the different aaa protocols of operation, and owing to the register flow path that adopts based on the mobile IP application of DIAMETER agreement, make registration and identifying procedure based on the network entity of radius protocol unite two into one, improved efficient.
The mobile IP that technical scheme of the present invention meets fully based on RADIUS and DIAMETER agreement uses described network configuration, under the prerequisite that does not change original network configuration and network entity function, only with the network entity of introducing seldom, just can realize compatibility, make excessively more steady to the DIAMETER agreement of in mobile IP uses radius protocol based on the network entity of RADIUS and DIAMETER agreement.
Description of drawings
Fig. 1 is the mobile IP application network topology diagram based on radius protocol;
Fig. 2 is the mobile IP application network topology diagram based on the DIAMETER agreement;
Fig. 3 is the network topology structure figure of the embodiment of the invention 1;
Fig. 4 is the message interaction process figure of the embodiment of the invention 1;
Fig. 5 is the network topology structure figure of the embodiment of the invention 2;
Fig. 6 is the message interaction process figure of the embodiment of the invention 2;
Fig. 7 is the network topology structure figure of the embodiment of the invention 4;
Fig. 8 is the message interaction process figure of the embodiment of the invention 4.
Wherein:
11,21,31,51,71---mobile node (MN);
12,22,32,52---foreign agent services device (FA);
13,23,33,53,72---home agent services device (HA);
14,24,34,54---other places certificate server (AAAF);
15,25,35,55,74---local authentication server (AAAH);
36, the 56---first translation acting server (TA);
37, the 57---second translation acting server (TA);
73---translates acting server (TA)
RRQ---login request message (Registration Request);
AR---inserts request message (Access Request);
AMR---mobile node request message (AA-Mobile-Node-Request);
HAR---home agent request message (Home Agent Reguest);
RRP---registration reply message (Registration-Reply);
HAA---home agent response message (Home Agent Answer);
AMA---mobile node response message (AA-Moblie-Node-Answer);
AA/AR---inserts permission/refuse information (Access Accept/Reject);
Message (Registration Reply) is replied in the RRP---registration.
Embodiment
In order to make purpose of the present invention, technical scheme and advantage clearer,, compatibility method and the system that uses based on the mobile IP of RADIUS and DIAMETER agreement of the present invention further described below in conjunction with drawings and Examples.Should be appreciated that specific embodiment described herein only in order to explanation the present invention, and be not used in qualification the present invention.
Embodiment 1
The present invention makes that by introducing translation acting server network entity the mobile IP application of RADIUS and two kinds of aaa protocols of DIAMETER is compatible, has specifically comprised the compatible and agreement flow process compatibility of message format of the different agreement between the network entity.
In order to realize the message format compatibility between the network entity, the present invention is by introducing the translation acting server, use certain message format conversion method (being interpretation method), can carry out communication between the network entity of the network entity of feasible operation radius protocol and operation DIAMETER agreement.
In order to realize the agreement flow process compatibility between the network entity, the present invention is by above-mentioned translation acting server, makes that the network entity of the network entity of incompatible operation radius protocol on the flow process and operation DIAMETER agreement can collaborative work.
Translation acting server (Translation-Agent among the present invention, TA) network entity is responsible for the conversion (being the mutual translation of the message format of different agreement) of message format, this network entity is between the network entity of network entity that moves radius protocol and operation DIAMETER agreement, and major function is:
DIAMETER AVP (DIAMETER property value to) is translated as the same or analogous RADIUSAttribute of function (radius attribute);
RADIUS Attribute is translated as the same or analogous DIAMETER AVP of function;
With the DIAMETER message conversion is RADIUS message;
With the RADIUS message conversion is DIAMETER message.
The message conversion scheme of DIAMETER basic agreement and radius protocol is used (DIAMETER Network Access Server Application at the DIAMETER network access server, RFC4005) have in clearly and describe, and the present invention only relates to and relevant message and the attribute of mobile IP application.
Aaa protocol moves the message that relates in the IP application and mainly contains following 6 kinds:
In the DIAMETER agreement: home agent request (Home Agent Reguest, HAR), home agent response (Home Agent Answer, HAA), the mobile node request (AA-Moblie-Node-Request, AMR), mobile node response (AA-Moblie-Node-Answer, AMA);
In the radius protocol: insert request (Access Request, AR), insert permissions/refusal (AccessAccept/Reject, AA/AR), register requirement (Registration Request, RRQ), register answer (Registration Reply, RRP).
As a kind of enforceable mode, the mutual interpretation method of above-mentioned 8 kinds of message is:
Translation mutually between DIAMETER AMR and the RADIUS Access Request;
DIAMETER AMA is translated as RADIUS Access Accept/Reject (MIP-MA-Type=0) and two RADIUS message of Registration Reply, and two RADIUS message of RADIUS Access Accept/Reject (MIP-MA-Type=0) and Registration Reply are translated as DIAMETER AMA message together;
Translation mutually between DIAMETER HAR and the Registration Request;
DIAMETER HAA is translated as RADIUS Access Accept/Reject (MIP-MA-Type=1) and two RADIUS message of Registration Reply, and two RADIUS message of RADIUS Access Accept/Reject (MIP-MA-Type=1) and Registration Reply are translated as DIAMETER HAA message together.
Wherein, MIP-MA-Type attribute by radius protocol message indicates RADIUS message correspondence is DIAMETER message or local authentication server between home agent services device and the local authentication server, DIAMETER message between other places certificate server and the foreign agent services device, as a kind of embodiment, MIP-MA-Type=0 represents RADIUS message correspondence herein is DIAMETER message between local authentication server or nonlocal certificate server and the foreign agent services device, and MIP-MA-Type=1 represents RADIUS message correspondence is DIAMETER message between home agent services device and the local authentication server.
The interpretation method such as the following table 1 of the related attribute relevant in the above-mentioned message with mobile IP:
Table 1
Figure A20081011953600171
Use and have than big difference based on the mobile IP of radius protocol based on the agreement flow process that the mobile IP of DIAMETER agreement uses.Wherein most important difference is: in radius protocol, the authentication of mobile node and registration are divided into two processes to be carried out, and is by finishing in the process in the DIAMETER agreement.So need make that the network entity of operation radius protocol and the network entity of operation DIAMETER agreement can collaborative works with taking a kind of method.
Network configuration involved in the present invention is abideed by Internet engineering duty group (InternetEngineering Task Force, IETF) DIAMETER mobile IPv 4 is used (DIAMETER MobileIPv4 Application, RFC4004) network configuration in, the territory, local is arranged in this structure, outer region, mobile node (MN), foreign agent services device (FA), home agent services device (HA), other places certificate server (AAAF), local authentication server (AAAH), wherein mobile node is positioned at outer region, home agent services device and foreign agent services device are the client of AAA system, it is network access server, other places certificate server and local authentication server are the server of AAA system, network access server and the different aaa protocol of certificate server operation.The present invention introduces translation acting server (Translation-Agent, TA) network entity in order to realize the flow process compatibility of two kinds of agreements in network configuration.By the effect of translation acting server, make the network entity of operation radius protocol and the network entity of operation DIAMETER agreement all can carry out according to the flow process of DIAMETER agreement.
For realizing purpose of the present invention, the translation acting server need be deployed between the network entity that moves different aaa protocols and (need not dispose between foreign agent services device and the home agent services device, because according to mobile IP application flow based on the DIAMETER agreement, foreign agent services device and the directly communication of home agent services device).
As shown in Figure 3, the present invention introduces the translation acting server between the AAA client (foreign agent services device 32 and home agent services device 33) of moving different aaa protocols and aaa server (nonlocal certificate server 34 and local authentication server 35), promptly when foreign agent services device 32 moves different aaa protocols respectively with nonlocal certificate server 34, between nonlocal acting server 32 and nonlocal certificate server 34, introduce the translation acting server; Similarly, when local acting server 33 moves different aaa protocols respectively with local authentication server 35, between local acting server 33 and local authentication server 35, also introduce the translation acting server.
Accompanying drawing 3 is network topological diagrams of realizing an embodiment of the compatibility method of using based on the mobile IP of RADIUS and DIAMETER agreement of the present invention, wherein network access server (foreign agent services device 32) is the client of operation radius protocol, certificate server (nonlocal certificate server 34) is the server of operation DIAMETER agreement, introduces the first translation acting server 36 between nonlocal acting server 32 and nonlocal certificate server 34.The message flow of present embodiment is seen accompanying drawing 4.With reference to the accompanying drawings 3 and 4, the compatibility method of using based on the mobile IP of RADIUS and DIAMETER agreement of the present invention comprises the steps:
Step S101, communication between mobile node 31 and the access server;
Be that mobile node 31 sends rrq message to foreign agent services device 32 (access server);
Step S102, communication between the access server and the first translation acting server 36, the described first translation acting server 36 is translated the message format of RADIUS and DIAMETER agreement mutually;
Foreign agent services device 32 is clients of operation radius protocol, receive behind the rrq message among the above-mentioned steps S101 flow process according to radius protocol, should send AR message to nonlocal certificate server 34, foreign agent services device 32 at first sends to AR message the first translation acting server 36 for this reason.The AR message translation that the first translation acting server 36 is sent according to foreign agent services device 32 generates AMR message.
Step S103, communication between described first translation acting server 36 and the certificate server; Specifically comprise:
The first translation acting server 36 sends to nonlocal certificate server 34 with AMR message.
When local acting server 33, nonlocal certificate server 34 moved identical aaa protocol with local authentication server 35, the communication between them was operated according to prior art, did not need to introduce the translation acting server.
Preferably, execution mode as shown in Figure 3, wherein network access server (foreign agent services device 32 and home agent services device 33) is the client of radius protocol, and certificate server (nonlocal certificate server 34 and local authentication server 35) is the server of DIAMETER agreement; Because home agent services device 33 moves different aaa protocols respectively with local authentication server 35, present embodiment is also introduced the second translation acting server 37 between local acting server 33 and local authentication server 35, message flow is seen accompanying drawing 4, and therefore compatibility method of the present invention also comprises the steps:
Step S104, communication between described nonlocal certificate server 34 and the local authentication server; Particularly, nonlocal certificate server 34 is given local authentication server 35 with the AMR forwards;
Step S105, communication between the described local authentication server 35 and the second translation acting server 37, the described second translation acting server 37 is translated the message format of RADIUS and DIAMETER agreement mutually;
Local authentication server 35 is servers of operation DIAMETER agreement, can verify mobile node 31 according to the information among the AMR after receiving AMR, checking by after should generate HAR message and send to home agent services device 33, for this reason, local authentication server 35 at first sends to HAR message the second translation acting server 37.
The second translation acting server 37 is translated the generation rrq message according to information wherein after receiving HAR message.
Step S106, communication between described second translation acting server 37 and the home agent services device 33.Particularly, the second translation acting server 37 will be translated the rrq message that generates and send to home agent services device 33.
Home agent services device 33 will send registration and reply message, and this message will be handled and will register answer message according to the contrary direction of step S101-S106 and send back to mobile node 31, finish registration.Describe this inverse process below in detail.
Preferably, compatibility method of the present invention also comprises the step that the registration answer message of home agent services device 33 is handled:
Step S107 handles and sends back to mobile node to the registration answer message that the home agent services device sends, and finishes registration.Comprise the steps that specifically the message sender of these steps and above-mentioned steps S101-S106 is read the order that adopts step S106 '-S101 ' for convenience and described to opposite:
Step S106 ', home agent services device 33 are clients of operation radius protocol, register requirement are wherein handled after receiving the rrq message in the step 106, send registration then and reply (RRP) message and give second to translate acting server 37.
Step S105 ', the second translation acting server 37 receive after the RRP message of home agent services device 33 according to the information generation HAA message in RRP and the HAR message that obtains before, send to local authentication server 35.
Generation AMA message sent to nonlocal certificate server 34 after step S104 ', local authentication server 35 received HAA.
Step S103 ', nonlocal certificate server 34 should send to AMA message foreign agent services device 32, and for this reason, nonlocal certificate server 34 at first sends to AMA message the first translation acting server 36.
Step S102 ', after the first translation acting server 36 was received AMA message, information translation generation RRP message and AA message according to wherein sent to foreign agent services device 32.
Step S101 ', foreign agent services device 32 is received RRP message and AA message, set up the MSA of foreign agent services device 32 and mobile node 31 and home agent services device 33 according to the information in the AA message, and give mobile node 31, finish the registration of mobile node 31 the RRP forwards.
As shown in Figure 3, a kind of system that uses based on the mobile IP of RADIUS and DIAMETER agreement comprises:
Foreign agent services device 32 carries out communication with mobile node 31, is used for proxy mobile node 31 access networks;
The first translation acting server 36 is arranged between described foreign agent services device 32 and the nonlocal certificate server 34, is used for the message format of RADIUS and DIAMETER agreement is translated mutually;
Other places certificate server 34 carries out communication by the described first translation acting server 36 with described foreign agent services device 32, is used for pass-along message between described foreign agent services device 32 and local authentication server 35;
Local authentication server 35 carries out communication with described nonlocal certificate server 34.
Preferably, this system also comprises: the second translation acting server 37 is used for the message format of RADIUS and DIAMETER agreement is translated mutually; With home agent services device 33, carry out communication with described local authentication server by the described second translation acting server 37.
Described foreign agent services device 32 and home agent services device 33 are client-servers of operation radius protocol, and described nonlocal certificate server 34 and local authentication server are the servers of operation DIAMETER agreement.
Embodiment 2
Accompanying drawing 5 is network topological diagrams of realizing another embodiment of the compatibility method of using based on the mobile IP of RADIUS and DIAMETER agreement of the present invention, wherein foreign agent services device 52 and home agent services device 53, these two access servers are the client of operation DIAMETER agreement, other places certificate server 54 and local authentication server 55 are the server of operation radius protocol, between the server of the client of AAA system and AAA system, introduce translation acting server (TA) network entity, promptly between nonlocal acting server 52 and nonlocal certificate server 54, introduce the first translation acting server 56, between local acting server 53 and local authentication server 55, introduce the second translation acting server 57.The message flow of present embodiment is seen accompanying drawing 6.In conjunction with the accompanying drawings 5 and 6, the compatibility method of using based on the mobile IP of RADIUS and DIAMETER agreement of the present invention comprises the steps:
Step S201, communication between mobile node 51 and the access server;
Be that mobile node 51 sends rrq message to foreign agent services device 52.
Step S202, communication between the access server and the first translation acting server 56, the described first translation acting server 56 is translated the message format of RADIUS and DIAMETER agreement mutually;
Foreign agent services device 52 is clients of operation DIAMETER agreement, receives that should generate AMR message behind the rrq message sends to nonlocal certificate server 54, and for this reason, foreign agent services device 52 at first sends to AMR message the first translation acting server 56.The AMR message that the first translation acting server 56 is sent according to foreign agent services device 52 is the AR message of radius protocol with the AMR message translation.
Step S203, communication between described first translation acting server 56 and the certificate server; Specifically comprise:
The first translation acting server 56 sends to nonlocal certificate server 54 with the AR message of radius protocol; Preferably, step S203 also comprises: the information relevant with registration is that MIP-Reg-Request AVP among the AMR sends to second and translates acting server 57 among the AMR that the first translation acting server 56 is sent foreign agent services device 52.
Step S204, communication between described nonlocal certificate server 54 and the local authentication server; Particularly, nonlocal certificate server 54 is given local authentication server 55 with the AR forwards;
Step S205, communication between the described local authentication server 55 and the second translation acting server 57, the described second translation acting server 57 is translated the message format of RADIUS and DIAMETER agreement mutually;
Local authentication server 55 is servers of operation radius protocol, mobile node in the AR message 51 and foreign agent services device 52 information are verified, checking by after AA message is issued the second translation acting server 57 (this can realize by the Network Access Point that the second translation acting server 57 is deployed in local authentication server 55);
Above-mentioned steps S203 obtained before the second translation acting server 57 utilized registration relevant information (being MIP-Reg-Request AVP) and AA message generate HAR message.
Preferably, also comprise among the step S205: local authentication server 55 also sends AA message to nonlocal certificate server 54 when AA message being issued the second translation acting server 57; Other places certificate server 54 is forwarded to the first translation acting server 56 with it after receiving AA message.
Step S206, communication between described second translation acting server 57 and the home agent services device 53.Particularly, the second translation acting server 57 will be translated the HAR message that generates and send to home agent services device 53.
Home agent services device 53 will send registration and reply message, and this message will be sent back to mobile node 51, finish registration.Describe this process below in detail.
Preferably, compatibility method of the present invention also comprises the step that the registration answer message of home agent services device 53 is handled:
Step S207 handles and sends back to mobile node to the registration answer message that the home agent services device sends, and finishes registration.Specifically comprise the steps, read the order that adopts step S205 '-S201 ' for convenience and describe:
Step S205 ', home agent services device 53 are clients of operation DIAMETER agreement, and it is handled the register requirement of mobile node 51 according to the HAR breath, reply HAA message then to the second translation acting server 57.
Step S204 ', the second translation acting server 57 are transmitted to the first translation acting server 56 with the MIP-Reg-Reply AVP in the HAA message after receiving the HAA breath.
Step S203 ', first translation is after acting server 56 receives MIP-Reg-Reply AVP, uses MIP-Reg-Reply AVP and the AA message generation AMA message received of step S205 before, sends to foreign agent services device 52.
Step S202 ', foreign agent services device 52 use security related information wherein to set up the MSA of foreign agent services device 52 and mobile node 51, foreign agent services device 52 and home agent services device 53 and send RRP message to mobile node 51 after receiving AMA message.
Step S201 ', mobile node 51 is received RRP message, finishes registration.
As shown in Figure 5, a kind of system that uses based on the mobile IP of RADIUS and DIAMETER agreement comprises:
Foreign agent services device 52 carries out communication with mobile node 51, is used for proxy mobile node 51 access networks;
The first translation acting server 56 is arranged between described foreign agent services device 52 and the nonlocal certificate server 54, is used for the message format of RADIUS and DIAMETER agreement is translated mutually;
Other places certificate server 54 is used for carrying out communication by the described first translation acting server 56 with described foreign agent services device 52.
Preferably, this system comprises that also local authentication server 55 and described nonlocal certificate server 54 carry out communication, are used for described mobile node 51 is verified.
Preferably, this system also comprises: the second translation acting server 57 is used for the message format of RADIUS and DIAMETER agreement is translated mutually; With home agent services device 53, carry out communication with described local authentication server by the described second translation acting server 57; Communication between the described first and second translation acting servers.
Described foreign agent services device 52 and home agent services device 53 are client-servers of operation DIAMETER agreement, and described nonlocal certificate server 54 and local authentication server are the servers of operation radius protocol.
The method that the described first and second translation acting servers are translated the message format of RADIUS and DIAMETER agreement mutually is with embodiment 1.
Embodiment 3
For the purposes of the present invention, when nonlocal certificate server (AAAF) moves different aaa protocols with local authentication server (AAAH), the invention provides embodiment 3.Embodiments of the invention 3 are that the 3rd translation acting server is being set between nonlocal certificate server and local authentication server on the basis of embodiment 1 (or 2) again, be used for two kinds of aaa protocol message between nonlocal certificate server and the local authentication server are translated mutually, other steps are identical with embodiment 1 (or 2).
Corresponding to the compatibility method of this enforcement, a kind of system that uses based on the mobile IP of RADIUS and DIAMETER agreement comprises:
The foreign agent services device carries out communication with mobile node, is used for the proxy mobile node access network;
The other places certificate server carries out communication with described foreign agent services device;
The local authentication server carries out communication by the 3rd translation acting server and described nonlocal certificate server; Described the 3rd translation acting server is used for the message format of RADIUS and DIAMETER agreement is translated mutually.
Preferably, this system also comprises: the home agent services device, carry out communication with described local authentication server.
Preferably, if described foreign agent services device and the different aaa protocol of described nonlocal certificate server operation, then this system also comprises: the first translation acting server, and described foreign agent services device carries out communication by described first translation acting server and described nonlocal certificate server; The described first translation acting server is used for the message format of RADIUS and DIAMETER agreement is translated mutually.
Preferably, if described home agent services device and the different aaa protocol of described local authentication server operation, then this system also comprises: the second translation acting server, described home agent services device carries out communication by this second translation acting server and described local authentication server, and the described second translation acting server is used for the message format of RADIUS and DIAMETER agreement is translated mutually.
The method that described first, second and the 3rd translation acting server are translated the message format of RADIUS and DIAMETER agreement mutually is with embodiment 1.
Embodiment 4
Accompanying drawing 7 is the network topological diagram of another embodiment of realizing the compatibility method of using based on the mobile IP of RADIUS and DIAMETER agreement of the present invention, and the scene of this embodiment is that mobile node 71 is positioned at the territory, local, directly to 72 registrations of home agent services device.Wherein home agent services device 72 is clients of operation radius protocol, local authentication server 74 is servers of operation DIAMETER agreement, between the server (local authentication server 74) of the client (being home agent services device 72) of AAA system and AM system, introduce translation acting server (TA) network entity, promptly between local acting server 72 and local certificate server 74, introduce translation acting server 73.The message flow of present embodiment is seen accompanying drawing 8.In conjunction with the accompanying drawings 7 and 8, the compatibility method of using based on the mobile IP of RADIUS and DIAMETER agreement of the present invention comprises the steps:
Step S401, communication between mobile node 71 and the access server 72;
Be that mobile node 71 sends rrq message to home agent services device 72.
Step S402, communication between access server 72 and the translation acting server 73, described translation acting server 73 is translated the message format of RADIUS and DIAMETER agreement mutually;
Home agent services device 72 is clients of operation radius protocol, receives that should generate AR message behind the rrq message sends to local authentication server 74, and for this reason, home agent services device 72 at first sends to AR message translation acting server 73.The AR message that translation acting server 73 is sent according to home agent services device 72 is the AMR message of DIAMETER agreement with the AR message translation.
Step S403, communication between translation acting server 73 and the certificate server 74;
Promptly translate acting server 73 AMR message is sent to local authentication server 74.Local authentication server 74 is servers of operation DIAMETER agreement, can verify mobile node 71 according to the information among the AMR after receiving AMR, checking by after should generate AMA message and reply to home agent services device 72.For an AMA message that generates replies to home agent services device 72, and finish registration, the method for this embodiment also comprises:
Step S404, certificate server 74 sends message to translation acting server 73;
Be that local authentication server 74 sends to translation acting server 73 with the AMA message that generates, described translation acting server 73 is translated the message format of RADIUS and DIAMETER agreement mutually;
Because home agent services device 72 is clients of operation radius protocol, therefore translates acting server 73 the AMA message translation of receiving is corresponding RADIUS message AA.
Step S405, translation acting server 73 and 72 communications of home agent services device;
The translation acting server sends to home agent services device 72 with the AA message that generates.Described home agent services device is the client of operation radius protocol, needs to generate RRP message and issues mobile node 71 after receiving AA message.
Step S406, communication between home agent services device 72 and the mobile node 71;
Home agent services device 72 sends RRP message to mobile node 71, finishes the registration process of mobile node.
As shown in Figure 7, a kind of system that uses based on the mobile IP of RADIUS and DIAMETER agreement comprises:
Home agent services device 72 carries out communication with mobile node 71, is used for proxy mobile node 71 access networks;
Translation acting server 73 is arranged between described home agent services device 72 and the local authentication server 74, is used for the message format of RADIUS and DIAMETER agreement is translated mutually;
Local authentication server 74 carries out communication by described translation acting server 73 with described home agent services device 32.
One of them operation radius protocol of described home agent services device 72 and described local authentication server 74, another operation DIAMETER agreement.For example, described home agent services device 72 is client-servers of operation radius protocol, and described local authentication server 74 is servers of operation DIAMETER agreement.
By as seen to the detailed description of above-mentioned execution mode, the present invention can be by being provided with translation acting server network entity in network, under the situation of the function that does not change original network configuration and network entity, reach the mobile IP application aims of compatible RADIUS and DIAMETER agreement.
Beneficial effect of the present invention:
By adopting scheme of the present invention, not only can make the network entity collaborative work of the different aaa protocols of operation, and owing to adopt the DIAMETER agreement to move the flow process of IP, make the registration and the identifying procedure of network entity of radius protocol unite two into one, improved efficient.
Technical scheme of the present invention meets RADIUS and DIAMETER agreement fully and moves IP and use described network configuration, under the prerequisite that does not change original network configuration and network entity function, only with the network entity of introducing seldom, just can realize the compatibility of the network entity of RADIUS and DIAMETER agreement, make radius protocol excessively more steady to the DIAMETER agreement.
Above said content; only for the concrete execution mode of the present invention, but protection scope of the present invention is not limited thereto, and anyly is familiar with those skilled in the art in the technical scope that the present invention discloses; the variation that can expect easily or replacement all should be encompassed in protection scope of the present invention.

Claims (14)

1, a kind of compatibility method of using based on the mobile IP of RADIUS and DIAMETER agreement is characterized in that, comprises the steps:
Step S1, communication between mobile node and the access server;
Step S2, communication between access server and the translation acting server, described translation acting server is translated the message format of RADIUS and DIAMETER agreement mutually;
Step S3, communication between described translation acting server and the certificate server;
Wherein, one of them operation radius protocol of described access server and described certificate server, another operation DIAMETER agreement.
2, the compatibility method of using based on the mobile IP of RADIUS and DIAMETER agreement according to claim 1, it is characterized in that, described access server among the step S1 is the foreign agent services device, and correspondingly the described certificate server among the step S3 is nonlocal certificate server; Perhaps, the described access server among the step S1 is the home agent services device, and correspondingly the described certificate server among the step S3 is the local authentication server.
3, the compatibility method of using based on the mobile IP of RADIUS and DIAMETER agreement according to claim 2, it is characterized in that, described access server in step S1 is the foreign agent services device, when correspondingly the described certificate server among the step S3 is nonlocal certificate server, also comprises:
Step S4, communication between described nonlocal certificate server and the local authentication server;
Step S5, communication between the described local authentication server and the second translation acting server, the described second translation acting server is translated the message format of RADIUS and DIAMETER agreement mutually;
Step S6, communication between described second translation acting server and the home agent services device;
Wherein, one of them operation radius protocol of described local authentication server and described home agent services device, another operation DIAMETER agreement.
4, the compatibility method of using based on the mobile IP of RADIUS and DIAMETER agreement according to claim 3, it is characterized in that, when described home agent services device and described foreign agent services device operation DIAMETER agreement, when described nonlocal certificate server and described local authentication server operation radius protocol, described step S3 also comprises:
Communication between described translation acting server and the described second translation acting server.
5, the compatibility method of using based on the mobile IP of RADIUS and DIAMETER agreement according to claim 3 is characterized in that, also comprises:
In step S4, carry out communication by the 3rd translation acting server between described nonlocal certificate server and the described local authentication server, described the 3rd translation acting server is translated the message format of RADIUS and DIAMETER agreement mutually; One of them operation radius protocol of wherein said nonlocal certificate server and described local authentication server, another operation DIAMETER agreement.
6, according to the described compatibility method of using based on the mobile IP of RADIUS and DIAMETER agreement of claim 3 to 5, it is characterized in that, also comprise:
Step S7 handles and sends back to mobile node to the registration answer message that the home agent services device sends, and finishes the mobile node registration.
7, the compatibility method of using based on the mobile IP of RADIUS and DIAMETER agreement according to claim 1, it is characterized in that, in step S2, the method that described translation acting server is translated the message format of RADIUS and DIAMETER agreement mutually comprises:
The mobile node request message of DIAMETER agreement and the access request message of RADIUS are translated mutually;
The mobile node response message of DIAMETER agreement and the access permission of radius protocol and refuse information and registration are replied message and are translated mutually; MIP-MA-Type attribute in wherein said access permission and the refuse information is provided with, and what be used to represent this message correspondence is DIAMETER protocol message between local authentication server or nonlocal certificate server and the foreign agent services device;
The home agent request message of DIAMETER agreement and the login request message of radius protocol are translated mutually;
The home agent response message of DIAMETER agreement and the access permission/refuse information of radius protocol and registration are replied message and are translated mutually; MIP-MA-Type attribute in wherein said access permission and the refuse information is provided with, and what be used to represent this message correspondence is DIAMETER protocol message between home agent services device and the local authentication server.
8, a kind of compatible system of using based on the mobile IP of RADIUS and DIAMETER agreement is characterized in that, comprises
Access server carries out communication with mobile node, is used for the proxy mobile node access network;
The translation acting server is arranged between described access server and the certificate server, is used for the message format of RADIUS and DIAMETER agreement is translated mutually;
Certificate server is used for carrying out communication by described translation acting server and described access server;
Wherein, one of them operation radius protocol of described access server and described certificate server, another operation DIAMETER agreement.
9, the compatible system of using based on the mobile IP of RADIUS and DIAMETER agreement according to claim 8 is characterized in that described access server is the foreign agent services device, and correspondingly described certificate server is nonlocal certificate server; Perhaps, described access server is the home agent services device, and correspondingly described certificate server is the local authentication server.
10, the compatible system of using based on the mobile IP of RADIUS and DIAMETER agreement according to claim 9, it is characterized in that, when described access server is the foreign agent services device, when correspondingly described certificate server is nonlocal certificate server, also comprise: the local authentication server, carry out communication with described nonlocal certificate server.
11, the compatible system of using based on the mobile IP of RADIUS and DIAMETER agreement according to claim 10 is characterized in that, also comprises: the home agent services device, carry out communication by the second translation acting server and described local authentication server; The described second translation acting server is used for the message format of RADIUS and DIAMETER agreement is translated mutually, one of them operation radius protocol of wherein said home agent services device and described local authentication server, another operation DIAMETER agreement.
12, the compatible system of using based on the mobile IP of RADIUS and DIAMETER agreement according to claim 11, it is characterized in that, when described foreign agent services device and described home agent services device is the server of operation DIAMETER agreement, when described nonlocal certificate server and described local authentication server were the server of operation radius protocol, the described translation acting server and the second translation acting server carried out communication.
13, the compatible system of using based on the mobile IP of RADIUS and DIAMETER agreement according to claim 10, it is characterized in that, also comprise: when one of them operation radius protocol of described nonlocal certificate server and described local authentication server, during another operation DIAMETER agreement, described local authentication server carries out communication by the 3rd translation acting server and described nonlocal certificate server; Described the 3rd translation acting server is used for the message format of RADIUS and DIAMETER agreement is translated mutually.
14, the compatible system of using based on the mobile IP of RADIUS and DIAMETER agreement according to claim 8 is characterized in that described translation acting server is translated the message format of RADIUS and DIAMETER agreement mutually and comprised:
The mobile node request message of DIAMETER agreement and the access request message of RADIUS are translated mutually;
The mobile node response message of DIAMETER agreement and the access permission of radius protocol and refuse information and registration are replied message and are translated mutually; MIP-MA-Type attribute in wherein said access permission and the refuse information is provided with, and what be used to represent this message correspondence is DIAMETER protocol message between local authentication server or nonlocal certificate server and the foreign agent services device;
The home agent request message of DIAMETER agreement and the login request message of radius protocol are translated mutually;
The home agent response message of DIAMETER agreement and the access permission/refuse information of radius protocol and registration are replied message and are translated mutually; MIP-MA-Type attribute in wherein said access permission and the refuse information is provided with, and what be used to represent this message correspondence is DIAMETER protocol message between home agent services device and the local authentication server.
CN 200810119536 2008-09-02 2008-09-02 Compatible method and system for mobile IP application based on RADIUS and DIAMETER protocol Expired - Fee Related CN101355578B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN 200810119536 CN101355578B (en) 2008-09-02 2008-09-02 Compatible method and system for mobile IP application based on RADIUS and DIAMETER protocol

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN 200810119536 CN101355578B (en) 2008-09-02 2008-09-02 Compatible method and system for mobile IP application based on RADIUS and DIAMETER protocol

Publications (2)

Publication Number Publication Date
CN101355578A true CN101355578A (en) 2009-01-28
CN101355578B CN101355578B (en) 2012-12-19

Family

ID=40308166

Family Applications (1)

Application Number Title Priority Date Filing Date
CN 200810119536 Expired - Fee Related CN101355578B (en) 2008-09-02 2008-09-02 Compatible method and system for mobile IP application based on RADIUS and DIAMETER protocol

Country Status (1)

Country Link
CN (1) CN101355578B (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101815295A (en) * 2010-03-16 2010-08-25 东南大学 Key distribution method between LMA and MAG in pmip6
WO2010139220A1 (en) * 2009-06-01 2010-12-09 中兴通讯股份有限公司 Method and system for realizing cross-protocol failover
CN107396186A (en) * 2017-08-11 2017-11-24 四川长虹电器股份有限公司 Linux equipment WebOS system application management methods

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20040062271A1 (en) * 2002-09-26 2004-04-01 Oliver Neal C. Method and system for providing control and monitoring functionality for a telecommunication switching domain

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2010139220A1 (en) * 2009-06-01 2010-12-09 中兴通讯股份有限公司 Method and system for realizing cross-protocol failover
CN101594602B (en) * 2009-06-01 2012-06-13 中兴通讯股份有限公司 Method and system for realizing cross-protocol failover
CN101815295A (en) * 2010-03-16 2010-08-25 东南大学 Key distribution method between LMA and MAG in pmip6
CN107396186A (en) * 2017-08-11 2017-11-24 四川长虹电器股份有限公司 Linux equipment WebOS system application management methods
CN107396186B (en) * 2017-08-11 2019-11-08 四川长虹电器股份有限公司 Linux equipment WebOS system application management method

Also Published As

Publication number Publication date
CN101355578B (en) 2012-12-19

Similar Documents

Publication Publication Date Title
US8213900B2 (en) Switching system and corresponding method for unicast or multicast end-to-end data and/or multimedia stream transmissions between network nodes
US7346684B2 (en) System and method for control of packet data serving node selection in a mobile internet protocol network
CN101156488B (en) Radio communication system and radio communication method
Calhoun et al. Diameter mobile IPv4 application
EP1465385B1 (en) Method for common authentication and authorization across disparate networks
JP5204219B2 (en) Method and apparatus for providing a proxy mobile key hierarchy in a wireless communication network
US6769000B1 (en) Unified directory services architecture for an IP mobility architecture framework
JP4639016B2 (en) Mobile internet access
US7079499B1 (en) Internet protocol mobility architecture framework
US7809003B2 (en) Method for the routing and control of packet data traffic in a communication system
US9043599B2 (en) Method and server for providing a mobility key
US20040157585A1 (en) Mobile communication network system and mobile terminal authentication method
CN102318381A (en) Method for secure network based route optimization in mobile networks
KR20030038915A (en) Method for authentication between home agent and mobile node in a wireless telecommunications system
CN101088265A (en) Domain name system (DNS) IP address distribution in a telecommunications network using the protocol for carrying authentication for network access (PANA)
EP1875707A2 (en) Utilizing generic authentication architecture for mobile internet protocol key distribution
Ohba et al. Extensible authentication protocol (EAP) early authentication problem statement
CN101355578B (en) Compatible method and system for mobile IP application based on RADIUS and DIAMETER protocol
CN101031133B (en) Method and apparatus for determining mobile-node home agent
CN101848195A (en) Light-weight dual-stack negotiation processing method and device, communication device and communication system
US8908871B2 (en) Mobile internet protocol system and method for updating home agent root key
JP4230683B2 (en) Security judgment method and security judgment device
CN1949785B (en) Service authorizing method and system of mobile node
CN101198157A (en) Method for modifying local proxy of mobile node
CN101388786B (en) Multicast and broadcast service implementing method, implementing system and home proxy entity

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant
ASS Succession or assignment of patent right

Owner name: SHANGHAI YINGLIAN TIGAN INTELLIGENT TECHNOLOGY CO.

Free format text: FORMER OWNER: INSTITUTE OF COMPUTING TECHNOLOGY, CHINESE ACADEMY OF SCIENCES

Effective date: 20140126

C41 Transfer of patent application or patent right or utility model
COR Change of bibliographic data

Free format text: CORRECT: ADDRESS; FROM: 100080 HAIDIAN, BEIJING TO: 200072 ZHABEI, SHANGHAI

TR01 Transfer of patent right

Effective date of registration: 20140126

Address after: 200072 Shanghai Road, Luochuan, No. 840, room 3, building 104

Patentee after: SHANGHAI YINGLIAN SOMATOSENSORY INTELLIGENT TECHNOLOGY Co.,Ltd.

Address before: 100080 Haidian District, Zhongguancun Academy of Sciences, South Road, No. 6, No.

Patentee before: Institute of Computing Technology, Chinese Academy of Sciences

ASS Succession or assignment of patent right

Owner name: SHANGHAI XINGDI COMMUNICATION ENGINEERING INSTITUT

Free format text: FORMER OWNER: SHANGHAI YINGLIAN TIGAN INTELLIGENT TECHNOLOGY CO., LTD.

Effective date: 20140304

COR Change of bibliographic data

Free format text: CORRECT: ADDRESS; FROM: 200072 ZHABEI, SHANGHAI TO: 201821 JIADING, SHANGHAI

TR01 Transfer of patent right

Effective date of registration: 20140304

Address after: 201821 No. 1288, Yecheng Road, Jiading District Industrial Development Zone, Shanghai

Patentee after: Shanghai star earth Communication Engineering Research Institute

Address before: 200072 Shanghai Road, Luochuan, No. 840, room 3, building 104

Patentee before: SHANGHAI YINGLIAN SOMATOSENSORY INTELLIGENT TECHNOLOGY Co.,Ltd.

TR01 Transfer of patent right
CF01 Termination of patent right due to non-payment of annual fee
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20121219