CN101355578B - Compatible method and system for mobile IP application based on RADIUS and DIAMETER protocol - Google Patents

Compatible method and system for mobile IP application based on RADIUS and DIAMETER protocol Download PDF

Info

Publication number
CN101355578B
CN101355578B CN 200810119536 CN200810119536A CN101355578B CN 101355578 B CN101355578 B CN 101355578B CN 200810119536 CN200810119536 CN 200810119536 CN 200810119536 A CN200810119536 A CN 200810119536A CN 101355578 B CN101355578 B CN 101355578B
Authority
CN
China
Prior art keywords
server
message
radius
services device
agent services
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Fee Related
Application number
CN 200810119536
Other languages
Chinese (zh)
Other versions
CN101355578A (en
Inventor
申砾
张娇
张玉军
王淼
张翰文
许智君
马超
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shanghai Star Earth Communication Engineering Research Institute
Original Assignee
Institute of Computing Technology of CAS
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Institute of Computing Technology of CAS filed Critical Institute of Computing Technology of CAS
Priority to CN 200810119536 priority Critical patent/CN101355578B/en
Publication of CN101355578A publication Critical patent/CN101355578A/en
Application granted granted Critical
Publication of CN101355578B publication Critical patent/CN101355578B/en
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Abstract

The invention discloses a compatible method and a compatible system for the application of mobile IP based on a RADIUS protocol and a DIAMETER protocol. The method comprises the following steps of communication between a mobile node and an access server; communication between the access server and a translation agent server, wherein the translation agent server carries out mutual translation for message formats of the RADIUS protocol and the DIAMETER protocol; and communication between the translation agent server and a certificate server, wherein one of the access server and the certificate server runs the RADIUS protocol, while the other one of the access server and the certificate server runs the DIAMETER protocol. The method and the system not only can ensure that network entities running different AAA protocols work coordinately, but also ensure the combination of a register flow and a certificate flow of a network entity based on the RADIUS protocol because the register flow adopts the application of the mobile IP based on the DIAMETER protocol, thereby improving efficiency.

Description

The compatibility method and the system that use based on the mobile IP of RADIUS and DIAMETER agreement
Technical field
The present invention relates to network authentication, mandate, book keeping operation (Authentication, Authorization, Accounting based on the DIAMETER agreement; AAA) the mobile IP expanded application of system and based on the mobile IP expanded application of the AAA system of radius protocol is specifically related to compatibility method and system that the mobile IP based on RADIUS and DIAMETER agreement uses.
Background technology
Mobile IP be a kind of on Internet layer Network Based the solution of locomotive function is provided.Mobile IP makes that (Mobile Node in the process that MN) between heterogeneous networks, moves, needn't change the IP address to mobile node, still can keep perhaps not having the continuity of the inter-node communication of mobile IP function with other mobile nodes.
Mobile IP system mainly comprise mobile node (MN), foreign agent services device (Foreign Agent, FA), the home agent services device (Home Agent, HA).Each mobile node all has a home address (Home of Address; HoA); When mobile node leaves home network and gets into field network, it need obtain a Care-of Address (Care of Address, CoA); And pass through foreign agent services device (perhaps direct) to the registration of home agent services device, on the acting server of local, create the related of a HoA and CoA.The packet that mobile node sends to mobile node is routed to the home network of mobile node through normal IP, and the home agent services device is intercepted and captured these packets, and through tunneling technique they is sent to the current location of mobile node.
The safety problem that exists in the mobile IP system mainly is present in registration process and communication process.Be in the registration process of mobile node that on the one hand if do not adopt safety precautions, malicious user can be given local agent through sending false register requirement, causes all packets all to be forwarded to the malicious user there.Be the normal communication process in registration back on the other hand, the assailant can eavesdrop session, the data intercept bag.Therefore fail safe is to guarantee that mobile IP technology plays a role to need the key factor considered, and the integrality of mobile subscriber's authentication, message and confidentiality are one of key problems that moves IP safety in the registration process.For solving the safety issue in the registration process, need to introduce security protocol, and aaa protocol is exactly one of them.
AAA refers to Authentication (authentication), Authorization (mandate), Accounting (book keeping operation).Wherein, authentication is meant through verifying that some information of registering in advance carry out authentication to the user, to confirm user's legitimacy, prevents that the disabled user from using Internet resources; Mandate is meant whether decision authorizes the right that user capture particular network resource perhaps obtains a certain service on the basis of authentication; Book keeping operation is meant network system record and the storage user use information to Internet resources, various services, and according to predetermined rule to user behavior charge, audit etc.
Radius protocol is one of at present the most frequently used aaa protocol, can be used to solve the registration security problem that moves IP.Its network topology structure is shown in accompanying drawing 1; It comprises mobile node 11, foreign agent services device 12, home agent services device 13, nonlocal certificate server (Foreign AAA server; AAAF) 14 with local authentication server (Home AAA server, AAAH) 15.In network topology structure shown in Figure 1, the register flow path of mobile node 11 is:
Step S11, beginning.Before mobile node 11 start-up loggings; Mobile node 11 has only network access Identifier (Network Access Identifier; NAI) and mobile node 11 and nonlocal certificate server 15 (Home AAA server; AAAH) mobile security related (Mobility Security Association, security information MSA).
Step S12, after mobile node 11 start, mobile node 11 outwards acting server 12 send login request message (Registration Request, RRQ).
Step S13; Foreign agent services device 12 is received the registration request (rrq) of mobile node 11; There is not mobile security related (MSA) this moment between foreign agent services device 12 and mobile node 11 and the home agent services device 13; Be this foreign agent services device 12 certificate server 14 (Foreign AAA server outwards then; AAAF) (wherein the MIP-Feature-Vector attribute is provided with FA-HA-Key-Request and MN-FA-Key-Nonce-Request position for RADIUS Access Request, AR) message to send the request of access.
Step S14, nonlocal certificate server 14 are transmitted to nonlocal certificate server 15 after receiving AR message.
Step S15; After other places certificate server 15 is received AR; At first verify the identity of mobile node 11; If, then distribute the key information (FA-HA-Key) between key information (MN-FA-Key), foreign agent services device 12 and the home agent services device 13 between mobile node 11 and the foreign agent services device 12, and send and insert permission (RADIUS Access-Accept through checking; AA) message is given foreign agent services device 12, is used for the MSA that foreign agent services device 12 is set up foreign agent services device 12 and mobile node 11, home agent services device 13; This access grant message (AA) needs to arrive foreign agent services device 12 through nonlocal certificate server 14.
Step S16, AA message arrives foreign agent services device 12 through nonlocal certificate server 14, shows that mobile node 11 is through authentication.Foreign agent services device 12 obtains being used to setting up the security information of the MSA between foreign agent services device 12 and mobile node 11, the home agent services device 13 from AA message, send registration information (RRQ) message to home agent services device 13 then.
Step S17; Home agent services device 13 is received the RRQ from foreign agent services device 12; If judge the MSA that has had foreign agent services device 12 and home agent services device 13 on the home agent services device 13, then home agent services device 13 can be verified foreign agent services device among the RRQ 12 and mobile node 11 information; Otherwise home agent services device 13 will be verified through foreign agent services device among 15 couples of RRQ of nonlocal certificate server 12 and mobile node 11 information; This proof procedure is home agent services device 13 certificate server 15 transmission AR message at first outwards, and nonlocal certificate server 15 checkings are sent the AR message through the back to home agent services device 13.
After foreign agent services device 12 among 13 couples of RRQ of home agent services device passes through with mobile node 11 Information Authentications; The register requirement of 13 pairs of mobile nodes 11 of home agent services device is handled; (Mobile IP Registration Reply, RRP) message is given foreign agent services device 12 to send the registration answer then.
Step S18, foreign agent services device 12 is given mobile node 11 with the RRP forwards, accomplishes registration process.
More than be applied to the main flow process of mobile IP registration process for radius protocol.RADIUS can satisfy the needs of mobile IP for safety problem to a certain extent.
Various in recent years Internet services continue to bring out, and the user who inserts the Internet in every way constantly increases, and make to be difficult to reply based on original AAA technological router and network access server.Aaa protocols such as RADIUS can't satisfy demand under the new situation.Through discussing, the AAA working group of IETF is agreed the DIAMETER agreement as aaa protocol standard of future generation.The DIAMETER agreement has bigger advantage at aspects such as End-to-End Security property, dilatation, transmission reliability, roaming support, failover and autgmentabilities than radius protocol, can satisfy the needs of present stage.
The DIAMETER agreement provides moving the support of IP.Utilize the DIAMETER basic agreement, use a lot of problems among the mobile IP that solved fairly perfectly based on the mobile IP of DIAMETER agreement.In the mobile IP based on the DIAMETER agreement uses; The aaa authentication server is as key distribution center; Be that mobile node, foreign agent services device and home agent services device create and the assign sessions key, thus make mobile node externally network obtain access service.Its network topology structure is shown in accompanying drawing 2.According to network topology shown in Figure 2, the register flow path of mobile node 21 is:
Step S21, beginning.Before mobile node 21 start-up loggings, mobile node 21 has only the information of NAI and mobile node 21 and the mobile security of local authentication server 25 related (MSA).
Step S22, after mobile node 21 starts, mobile node 21 outwards acting server 22 sends register requirement (Registration Request, RRQ) message.
Step S23, after foreign agent services device 22 was received login request message, (AA-Mobile-Node-Request, AMR) message was issued nonlocal certificate server 24 to generate the mobile node request according to wherein information.
Step S24, nonlocal certificate server 24 is transmitted to local authentication server 25 after receiving AMR.
Step S25; After local authentication server 25 is received AMR; For mobile node 21 distributes between mobile nodes 21 and the home agent services device 23, key information between mobile node 21 and the foreign agent services device 22; And the key information between foreign agent services device 22 and the home agent services device 23; And send local agent to home agent services device 23 and move IP request (MIP-Reg-Request AVP wherein comprises mobile IP login request information for Home-Agent-MIP-Request, HAR) message.
Step S26; Home agent services device 23 is received HAR, handles MIP-Reg-Request AVP, generates MIP-Reg-Reply AVP; MIP-Reg-Reply AVP is included in local agent to be moved IP response (Home-Agent-MIP-Answer HAA) sends to local authentication server 25 in the message.
Step S27, after local authentication server 25 was received HAA, (AA-Mobile-Node-Answer, AMA) message sent to nonlocal certificate server 24 to generate the mobile node response.
Step S28, nonlocal certificate server 24 is transmitted to foreign agent services device 22 with AMA.
Step S29; Foreign agent services device 22 keeps the key information between foreign agent services device 22 and the home agent services device 23 after receiving AMA; Key information between foreign agent services device 22 and the mobile node 21, between home agent services device 23 and the mobile node 21 is included in registration reply (Registration-Reply; RRP) in the message, send to mobile node 21, accomplish registration.
As the aaa protocol of a new generation, DIAMETER has compared remarkable advantages with RADIUS, and gradually under the situation of all-IP transition, the DIAMETER agreement will be widely used at the future mobile communications net.But currently come; Using radius protocol still is main mode; Nearly all network access server is all supported radius protocol, and therefore can new aaa protocol be promoted smoothly and be applied in and depend on that to a great extent can new agreement compatible radius protocol.The DIAMETER agreement has adopted some mechanism to be beneficial to compatible radius protocol; But because the difference aspect message format, property value and register flow path between the mobile IP application of RADIUS and DIAMETER agreement does not also have concrete method can realize the compatibility that the mobile IP of radius protocol uses and the mobile IP of DIAMETER agreement uses at present.
Summary of the invention
An object of the present invention is to provide the message format compatibility method of RADIUS and DIAMETER agreement.Because DIAMETER has different separately message formats with radius protocol; Also introduced different attribute formats in mobile IP application facet; So compatible for these two kinds mobile IP are used, need make based on changing each other between the message of these two kinds of agreements.
Another object of the present invention provides the compatibility method based on the mobile IP application of RADIUS and DIAMETER agreement.Because the register flow path that the mobile IP of RADIUS and DIAMETER agreement uses has very big-difference, so need a kind of method can make the access server and the certificate server that move these two kinds of agreements can collaborative work under common flow process.
Another purpose of the present invention provides a kind of compatible system of using based on the mobile IP of RADIUS and DIAMETER agreement; Make that the certificate server of access server and RADIUS (or DIAMETER) agreement of DIAMETER (or RADIUS) agreement can be compatible in mobile IP uses, and do not change the function of original network configuration and network entity.
For above-mentioned purpose, the present invention provides following technical scheme;
A kind of compatibility method of using based on the mobile IP of RADIUS and DIAMETER agreement comprises the steps:
Step S1, communication between mobile node and the access server;
Step S2, communication between access server and the translation acting server, said translation acting server is translated the message format of RADIUS and DIAMETER agreement each other;
Step S3, communication between said translation acting server and the certificate server;
Wherein, one of them operation radius protocol of said access server and said certificate server, another operation DIAMETER agreement;
And the said access server among the step S1 is the foreign agent services device, and the said certificate server among the step S3 is nonlocal certificate server; Perhaps, the said access server among the step S1 is the home agent services device, and the said certificate server among the step S3 is the local authentication server; And
Said access server in step S1 is the foreign agent services device, and when the said certificate server among the corresponding step S3 was nonlocal certificate server, this method also comprised the steps:
Step S4, communication between said nonlocal certificate server and the local authentication server;
Step S5, communication between the said local authentication server and the second translation acting server, the said second translation acting server is translated the message format of RADIUS and DIAMETER agreement each other;
Step S6, communication between said second translation acting server and the home agent services device;
Wherein, one of them operation radius protocol of said local authentication server and said home agent services device, another operation DIAMETER agreement; And the said method that the message format of RADIUS and DIAMETER agreement is translated each other comprises:
The mobile node request message of DIAMETER agreement and the access request message of RADIUS are translated mutually;
The mobile node response message of DIAMETER agreement and the access permission of radius protocol and refuse information and registration are replied message and are translated mutually; MIP-MA-Type attribute in wherein said access permission and the refuse information is provided with, be used to represent this message corresponding be the DIAMETER protocol message between local authentication server or nonlocal certificate server and the foreign agent services device;
The home agent request message of DIAMETER agreement and the login request message of radius protocol are translated each other;
The home agent response message of DIAMETER agreement and the access permission/refuse information of radius protocol are replied message with registration and are translated mutually; MIP-MA-Type attribute in wherein said access permission and the refuse information is provided with, be used to represent this message corresponding be the DIAMETER protocol message between home agent services device and the local authentication server;
The interpretation method such as the following table 1 of the related attribute relevant in the wherein above-mentioned message with mobile IP:
Table 1
Figure GSB00000692381800061
Figure GSB00000692381800071
Further, when said home agent services device and said foreign agent services device operation DIAMETER agreement, when said nonlocal certificate server and said local authentication server operation radius protocol, said step S3 also comprises:
Communication between said translation acting server and the said second translation acting server.
Further, the described compatibility method of using based on the mobile IP of RADIUS and DIAMETER agreement also comprises:
In step S4, carry out communication through the 3rd translation acting server between said nonlocal certificate server and the said local authentication server, said the 3rd translation acting server is translated the message format of RADIUS and DIAMETER agreement each other; One of them operation radius protocol of wherein said nonlocal certificate server and said local authentication server, another operation DIAMETER agreement.
Further, the described compatibility method of using based on the mobile IP of RADIUS and DIAMETER agreement also comprises:
Step S7 handles and sends back to mobile node to the registration answer message that the home agent services device sends, and accomplishes the mobile node registration.
The present invention also provides a kind of compatible system of using based on the mobile IP of RADIUS and DIAMETER agreement, comprising:
Access server carries out communication with mobile node, is used for the proxy mobile node access network;
The translation acting server is arranged between said access server and the certificate server, is used for the message format of RADIUS and DIAMETER agreement is translated each other;
Certificate server is used for carrying out communication through said translation acting server and said access server;
Wherein, one of them operation radius protocol of said access server and said certificate server, another operation DIAMETER agreement;
And said access server is the foreign agent services device, and said certificate server is nonlocal certificate server; Perhaps, said access server is the home agent services device, and said certificate server is the local authentication server;
When said access server is the foreign agent services device, when corresponding said certificate server was nonlocal certificate server, this system also comprised:
The local authentication server carries out communication with said nonlocal certificate server;
The home agent services device carries out communication through the second translation acting server and said local authentication server; The said second translation acting server is used for the message format of RADIUS and DIAMETER agreement is translated each other; One of them operation radius protocol of wherein said home agent services device and said local authentication server, another operation DIAMETER agreement;
Wherein, said message format with RADIUS and DIAMETER agreement is translated each other and is comprised:
The mobile node request message of DIAMETER agreement and the access request message of RADIUS are translated mutually;
The mobile node response message of DIAMETER agreement and the access permission of radius protocol and refuse information and registration are replied message and are translated mutually; MIP-MA-Type attribute in wherein said access permission and the refuse information is provided with, be used to represent this message corresponding be the DIAMETER protocol message between local authentication server or nonlocal certificate server and the foreign agent services device;
The home agent request message of DIAMETER agreement and the login request message of radius protocol are translated each other;
The home agent response message of DIAMETER agreement and the access permission/refuse information of radius protocol are replied message with registration and are translated mutually; MIP-MA-Type attribute in wherein said access permission and the refuse information is provided with, be used to represent this message corresponding be the DIAMETER protocol message between home agent services device and the local authentication server;
The interpretation method such as the following table 1 of the related attribute relevant in the wherein above-mentioned message with mobile IP:
Table 1
Figure GSB00000692381800101
Further; When said foreign agent services device and said home agent services device is the server of operation DIAMETER agreement; When said nonlocal certificate server and said local authentication server were the server of operation radius protocol, said translation acting server and the said second translation acting server carried out communication.
Further; The described compatible system of using based on the mobile IP of RADIUS and DIAMETER agreement; Also comprise: one of them the operation radius protocol that when said nonlocal certificate server and said local authentication server is; During another operation DIAMETER agreement, said local authentication server carries out communication through one the 3rd translation acting server and said nonlocal certificate server; Said the 3rd translation acting server is used for the message format of RADIUS and DIAMETER agreement is translated each other.
The invention has the beneficial effects as follows:
Through adopting scheme of the present invention; Not only can make the network entity collaborative work of the different aaa protocols of operation; And owing to adopt register flow path based on the mobile IP application of DIAMETER agreement; Make registration and identifying procedure based on the network entity of RDIUS agreement unite two into one, improved efficient.
The mobile IP that technical scheme of the present invention meets based on RADIUS and DIAMETER agreement fully uses described network configuration; Under the prerequisite that does not change original network configuration and network entity function; Only with the network entity of introducing seldom; Just can realize compatibility based on the network entity of RADIUS and DIAMETER agreement, make move IP use in radius protocol excessively more steady to the DIAMETER agreement.
Description of drawings
Fig. 1 is the mobile IP application network topology diagram based on radius protocol;
Fig. 2 is the mobile IP application network topology diagram based on the DIAMETER agreement;
Fig. 3 is the network topology structure figure of the embodiment of the invention 1;
Fig. 4 is the message interaction process figure of the embodiment of the invention 1;
Fig. 5 is the network topology structure figure of the embodiment of the invention 2;
Fig. 6 is the message interaction process figure of the embodiment of the invention 2;
Fig. 7 is the network topology structure figure of the embodiment of the invention 4;
Fig. 8 is the message interaction process figure of the embodiment of the invention 4.
Wherein:
11,21,31,51,71---mobile node (MN);
12,22,32,2---foreign agent services device (FA);
13,23,33,53,2---home agent services device (HA);
14,24,34,4---other places certificate server (AAAF);
15,25,35,55,4---local authentication server (AAAH);
36, the 6---first translation acting server (TA);
37, the 57---second translation acting server (TA);
3---translates acting server (TA)
RRQ---login request message (Registration Request);
AR---inserts request message (Access Request);
AMR---mobile node request message (AA-Mobile-Node-Request);
HAR---home agent request message (Home Agent Reguest);
RRP---registration reply message (Registration-Reply);
HAA---home agent response message (Home Agent Answer);
AMA---mobile node response message (AA-Moblie-Node-Answer);
AA/AR---inserts permission/refuse information (Access Accept/Reject);
Message (Registration Reply) is replied in the RRP---registration.
Embodiment
In order to make the object of the invention, technical scheme and advantage clearer, below in conjunction with accompanying drawing and embodiment, to compatibility method and system's further explain of using of the present invention based on the mobile IP of RADIUS and DIAMETER agreement.Should be appreciated that specific embodiment described herein only in order to explanation the present invention, and be not used in qualification the present invention.
Embodiment 1
The present invention makes that through introducing translation acting server network entity the mobile IP application of RADIUS and two kinds of aaa protocols of DIAMETER is compatible, has specifically comprised the compatible and agreement flow process compatibility of message format of the different agreement between the network entity.
Compatible in order to realize the message format between the network entity; The present invention is through introducing the translation acting server; Use certain message format conversion method (being interpretation method), can carry out communication between the network entity of the network entity of feasible operation radius protocol and operation DIAMETER agreement.
Compatible in order to realize the agreement flow process between the network entity, the present invention is through above-mentioned translation acting server, makes that the network entity of incompatible operation radius protocol can collaborative work with the network entity that moves the DIAMETER agreement on the flow process.
Translation acting server (Translation-Agent among the present invention; TA) network entity is responsible for the conversion (being the mutual translation of the message format of different agreement) of message format; This network entity is between the network entity of network entity that moves radius protocol and operation DIAMETER agreement, and major function is:
DIAMETER AVP (DIAMETER property value to) is translated as the same or analogous RADIUS Attribute of function (radius attribute);
RADIUS Attribute is translated as the same or analogous DIAMETER AVP of function;
With the DIAMETER message conversion is RADIUS message;
With the RADIUS message conversion is DIAMETER message.
The message conversion scheme of DIAMETER basic agreement and radius protocol is used (DIAMETER Network Access Server Appl ication at the DIAMETER network access server; RFC4005) have in clearly and describe, and the present invention only relates to and relevant message and the attribute of mobile IP application.
Aaa protocol moves the message that relates in the IP application and mainly contains following 6 kinds:
In the DIAMETER agreement: home agent request (Home Agent Reguest; HAR), home agent response (Home Agent Answer; HAA), the mobile node request (AA-Moblie-Node-Request, AMR), mobile node response (AA-Moblie-Node-Answer, AMA);
In the radius protocol: insert request (Access Request, AR), insert permissions/refusal (Access Accept/Reject, AA/AR), register requirement (Registration Request, RRQ), register answer (Registration Reply, RRP).
As a kind of enforceable mode, the mutual interpretation method of above-mentioned 8 kinds of message is:
Translation each other between DIAMETER AMR and the RADIUS Access Request;
DIAMETER AMA is translated as RADIUS Access Accept/Reject (MIP-MA-Type=0) and two RADIUS message of Registration Reply, and two RADIUS message of RADIUS Access Accept/Reject (MIP-MA-Type=0) and Registration Reply are translated as DIAMETER AMA message together;
Translation each other between DIAMETER HAR and the Registration Request;
DIAMETER HAA is translated as RADIUS Access Accept/Reject (MIP-MA-Type=1) and two RADIUS message of Registration Reply, and two RADIUS message of RADIUS Access Accept/Reject (MIP-MA-Type=1) and Registration Reply are translated as DIAMETER HAA message together.
Wherein, MIP-MA-Type attribute through radius protocol message indicate RADIUS message corresponding be DIAMETER message or the DIAMETER message between local authentication server, nonlocal certificate server and the foreign agent services device between home agent services device and the local authentication server; As a kind of embodiment; What MIP-MA-Type=0 represented RADIUS message correspondence here is the DIAMETER message between local authentication server or nonlocal certificate server and the foreign agent services device, and what MIP-MA-Type=1 represented RADIUS message correspondence is the DIAMETER message between home agent services device and the local authentication server.
The interpretation method such as the following table 1 of the related attribute relevant in the above-mentioned message with mobile IP:
Table 1
Figure GSB00000692381800131
Figure GSB00000692381800141
Use and have than big difference based on the mobile IP of radius protocol based on the agreement flow process that the mobile IP of DIAMETER agreement uses.Wherein most important difference is: in radius protocol, the authentication of mobile node and registration are divided into two processes to be carried out, and is through accomplishing in the process in the DIAMETER agreement.So need make that the network entity of operation radius protocol and the network entity of operation DIAMETER agreement can collaborative works with taking a kind of method.
Network configuration involved in the present invention is abideed by Internet engineering duty group (Internet Engineering Task Force; IETF) DIAMETER mobile IPv 4 is used (DIAMETER Mobile IPv4Application; RFC4004) network configuration in; Territory, local, outer region, mobile node (MN), foreign agent services device (FA), home agent services device (HA), nonlocal certificate server (AAAF), local authentication server (AMH) are arranged in this structure; Wherein mobile node is positioned at outer region, and home agent services device and foreign agent services device are the client of AAA system, are network access servers; Other places certificate server and local authentication server are the server of AAA system, network access server and the different aaa protocol of certificate server operation.The present invention is compatible for the flow process that realizes two kinds of agreements, in network configuration, introduces translation acting server (Translation-Agent, TA) network entity.Through the effect of translation acting server, make the network entity of operation radius protocol and the network entity of operation DIAMETER agreement all can carry out according to the flow process of DIAMETER agreement.
For realizing the object of the invention; Needing translate acting server is deployed between the network entity that moves different aaa protocols and (need not disposes between foreign agent services device and the home agent services device; Because according to mobile IP application flow based on the DIAMETER agreement, foreign agent services device and the directly communication of home agent services device).
As shown in Figure 3; The present invention introduces the translation acting server between the AAA client (foreign agent services device 32 and home agent services device 33) of moving different aaa protocols and aaa server (nonlocal certificate server 34 and local authentication server 35); Promptly when foreign agent services device 32 moves different aaa protocols respectively with nonlocal certificate server 34, between nonlocal acting server 32 and nonlocal certificate server 34, introduce the translation acting server; Likewise, when local acting server 33 moves different aaa protocols respectively with local authentication server 35, between local acting server 33 and local authentication server 35, also introduce the translation acting server.
Accompanying drawing 3 is network topological diagrams of an embodiment of realizing the compatibility method of the mobile IP application based on RADIUS and DIAMETER agreement of the present invention; Wherein network access server (foreign agent services device 32) is the client of operation radius protocol; Certificate server (nonlocal certificate server 34) is the server of operation DIAMETER agreement, between nonlocal acting server 32 and nonlocal certificate server 34, introduces the first translation acting server 36.The message flow of present embodiment is seen accompanying drawing 4.With reference to accompanying drawing 3 and 4, the compatibility method of using based on the mobile IP of RADIUS and DIAMETER agreement of the present invention comprises the steps:
Step S101, communication between mobile node 31 and the access server;
Be that mobile node 31 sends rrq message to foreign agent services device 32 (access server);
Step S102, communication between the access server and the first translation acting server 36, the said first translation acting server 36 is translated the message format of RADIUS and DIAMETER agreement each other;
Foreign agent services device 32 is clients of operation radius protocol; Receive behind the rrq message among the above-mentioned steps S101 flow process according to radius protocol; Should send AR message to nonlocal certificate server 34, foreign agent services device 32 at first sends to the first translation acting server 36 with AR message for this reason.The AR message translation that the first translation acting server 36 is sent according to foreign agent services device 32 generates AMR message.
Step S103, communication between said first translation acting server 36 and the certificate server; Specifically comprise:
The first translation acting server 36 sends to nonlocal certificate server 34 with AMR message.
When local acting server 33, nonlocal certificate server 34 moved identical aaa protocol with local authentication server 35, the communication between them was operated according to prior art, need not introduce the translation acting server.
Preferably; Execution mode as shown in Figure 3; Wherein network access server (foreign agent services device 32 and home agent services device 33) is the client of radius protocol, and certificate server (nonlocal certificate server 34 and local authentication server 35) is the server of DIAMETER agreement; Because home agent services device 33 moves different aaa protocols respectively with local authentication server 35; Present embodiment is also introduced the second translation acting server 37 between local acting server 33 and local authentication server 35; Message flow is seen accompanying drawing 4, and therefore compatibility method of the present invention also comprises the steps:
Step S104, communication between said nonlocal certificate server 34 and the local authentication server; Particularly, nonlocal certificate server 34 is given local authentication server 35 with the AMR forwards;
Step S105, communication between the said local authentication server 35 and the second translation acting server 37, the said second translation acting server 37 is translated the message format of RADIUS and DIAMETER agreement each other;
Local authentication server 35 is servers of operation DIAMETER agreement; Can verify mobile node 31 according to the information among the AMR after receiving AMR; Checking through after should generate HAR message and send to home agent services device 33; For this reason, local authentication server 35 at first sends to the second translation acting server 37 with HAR message.
The second translation acting server 37 is translated the generation rrq message according to information wherein after receiving HAR message.
Step S106, communication between said second translation acting server 37 and the home agent services device 33.Particularly, the second translation acting server 37 will be translated the rrq message that generates and send to home agent services device 33.
Home agent services device 33 will send registration and reply message, and this message will be handled and will register answer message according to the contrary direction of step S101-S106 and send back to mobile node 31, accomplish registration.Describe this inverse process below in detail.
Preferably, compatibility method of the present invention comprises that also message is replied in the registration of home agent services device 33 carries out processed steps:
Step S107 handles and sends back to mobile node to the registration answer message that the home agent services device sends, and accomplishes registration.Comprise the steps that specifically the message sender of these steps and above-mentioned steps S101-S106 is read the order that adopts step S106 '-S101 ' for ease and described on the contrary:
Step S106 ', home agent services device 33 are clients of operation radius protocol, register requirement are wherein handled after receiving the rrq message in the step 106, send registration then and reply (RRP) message and give second to translate acting server 37.
Step S105 ', the second translation acting server 37 receive after the RRP message of home agent services device 33 according to the information generation HAA message in RRP and the HAR message that obtains before, send to local authentication server 35.
Generation AMA message sent to nonlocal certificate server 34 after step S104 ', local authentication server 35 received HAA.
Step S103 ', nonlocal certificate server 34 should send to foreign agent services device 32 with AMA message, and for this reason, nonlocal certificate server 34 at first sends to the first translation acting server 36 with AMA message.
Step S102 ', after the first translation acting server 36 was received AMA message, information translation generation RRP message and AA message according to wherein sent to foreign agent services device 32.
Step S101 '; Foreign agent services device 32 is received RRP message and AA message; Set up the MSA of foreign agent services device 32 and mobile node 31 and home agent services device 33 according to the information in the AA message, and give mobile node 31, accomplish the registration of mobile node 31 the RRP forwards.
As shown in Figure 3, a kind of system that uses based on the mobile IP of RADIUS and DIAMETER agreement comprises:
Foreign agent services device 32 carries out communication with mobile node 31, is used for proxy mobile node 31 access networks;
The first translation acting server 36 is arranged between said foreign agent services device 32 and the nonlocal certificate server 34, is used for the message format of RADIUS and DIAMETER agreement is translated each other;
Other places certificate server 34 carries out communication through the said first translation acting server 36 with said foreign agent services device 32, is used for pass-along message between said foreign agent services device 32 and local authentication server 35;
Local authentication server 35 carries out communication with said nonlocal certificate server 34.
Preferably, this system also comprises: the second translation acting server 37 is used for the message format of RADIUS and DIAMETER agreement is translated each other; With home agent services device 33, carry out communication with said local authentication server through the said second translation acting server 37.
Said foreign agent services device 32 is client-servers of operation radius protocol with home agent services device 33, and said nonlocal certificate server 34 is the server of operation DIAMETER agreement with the local authentication server.
Embodiment 2
Accompanying drawing 5 is network topological diagrams of another embodiment of realizing the compatibility method of the mobile IP application based on RADIUS and DIAMETER agreement of the present invention; Wherein foreign agent services device 52 and home agent services device 53; These two access servers are the client of operation DIAMETER agreement; Other places certificate server 54 and the server of local authentication server 55 for the operation radius protocol; Between the server of the client of AAA system and AAA system, introduce translation acting server (TA) network entity; Promptly between nonlocal acting server 52 and nonlocal certificate server 54, introduce the first translation acting server 56, between local acting server 53 and local authentication server 55, introduce the second translation acting server 57.The message flow of present embodiment is seen accompanying drawing 6.In conjunction with accompanying drawing 5 and 6, the compatibility method of using based on the mobile IP of RADIUS and DIAMETER agreement of the present invention comprises the steps:
Step S201, communication between mobile node 51 and the access server;
Be that mobile node 51 sends rrq message to foreign agent services device 52.
Step S202, communication between the access server and the first translation acting server 56, the said first translation acting server 56 is translated the message format of RADIUS and DIAMETER agreement each other;
Foreign agent services device 52 is clients of operation DIAMETER agreement, receives that should generate AMR message behind the rrq message sends to nonlocal certificate server 54, and for this reason, foreign agent services device 52 at first sends to the first translation acting server 56 with AMR message.The AMR message that the first translation acting server 56 is sent according to foreign agent services device 52 is the AR message of radius protocol with the AMR message translation.
Step S203, communication between said first translation acting server 56 and the certificate server; Specifically comprise:
The first translation acting server 56 sends to nonlocal certificate server 54 with the AR message of radius protocol; Preferably, step S203 also comprises: be that MIP-Reg-Request AVP among the AMR sends to second and translates acting server 57 with the relevant information of registration among the AMR that the first translation acting server 56 is sent foreign agent services device 52.
Step S204, communication between said nonlocal certificate server 54 and the local authentication server; Particularly, nonlocal certificate server 54 is given local authentication server 55 with the AR forwards;
Step S205, communication between the said local authentication server 55 and the second translation acting server 57, the said second translation acting server 57 is translated the message format of RADIUS and DIAMETER agreement each other;
Local authentication server 55 is servers of operation radius protocol; Mobile node in the AR message 51 and foreign agent services device 52 information are verified, checking through after AA message is issued the second translation acting server 57 (this can realize through the Network Access Point that the second translation acting server 57 is deployed in local authentication server 55);
Above-mentioned steps S203 obtained before the second translation acting server 57 utilized registration relevant information (being MIP-Reg-Request AVP) and AA message generate HAR message.
Preferably, also comprise among the step S205: local authentication server 55 also sends AA message and gives nonlocal certificate server 54 when AA message being issued the second translation acting server 57; Other places certificate server 54 is forwarded to the first translation acting server 56 with it after receiving AA message.
Step S206, communication between said second translation acting server 57 and the home agent services device 53.Particularly, the second translation acting server 57 will be translated the HAR message that generates and send to home agent services device 53.
Home agent services device 53 will send registration and reply message, and this message will be sent back to mobile node 51, accomplish registration.Describe this process below in detail.
Preferably, compatibility method of the present invention comprises that also message is replied in the registration of home agent services device 53 carries out processed steps:
Step S207 handles and sends back to mobile node to the registration answer message that the home agent services device sends, and accomplishes registration.Specifically comprise the steps, read the order that adopts step S205 '-S201 ' for ease and describe:
Step S205 ', home agent services device 53 are clients of operation DIAMETER agreement, and it is handled the register requirement of mobile node 51 according to the HAR breath, reply HAA message then to the second translation acting server 57.
Step S204 ', the second translation acting server 57 are transmitted to the first translation acting server 56 with the MIP-Reg-Reply AVP in the HAA message after receiving the HAA breath.
Step S203 ', first translation is after acting server 56 receives MIP-Reg-Reply AVP, the AA message generation AMA message of using MIP-Reg-Reply AVP and step S205 before to receive sends to foreign agent services device 52.
Step S202 ', foreign agent services device 52 use security related information wherein to set up the MSA of foreign agent services device 52 and mobile node 51, foreign agent services device 52 and home agent services device 53 and send RRP message to mobile node 51 after receiving AMA message.
Step S201 ', mobile node 51 is received RRP message, accomplishes registration.
As shown in Figure 5, a kind of system that uses based on the mobile IP of RADIUS and DIAMETER agreement comprises:
Foreign agent services device 52 carries out communication with mobile node 51, is used for proxy mobile node 51 access networks;
The first translation acting server 56 is arranged between said foreign agent services device 52 and the nonlocal certificate server 54, is used for the message format of RADIUS and DIAMETER agreement is translated each other;
Other places certificate server 54 is used for carrying out communication through the said first translation acting server 56 with said foreign agent services device 52.
Preferably, this system comprises that also local authentication server 55 and said nonlocal certificate server 54 carry out communication, are used for said mobile node 51 is verified.
Preferably, this system also comprises: the second translation acting server 57 is used for the message format of RADIUS and DIAMETER agreement is translated each other; With home agent services device 53, carry out communication with said local authentication server through the said second translation acting server 57; Communication between the said first and second translation acting servers.
Said foreign agent services device 52 is client-servers of operation DIAMETER agreement with home agent services device 53, and said nonlocal certificate server 54 is the server of operation radius protocol with the local authentication server.
The method that the said first and second translation acting servers are translated the message format of RADIUS and DIAMETER agreement each other is with embodiment 1.
Embodiment 3
For the purposes of the present invention, when nonlocal certificate server (AAAF) moved different aaa protocols with local authentication server (AAAH), the present invention provided embodiment 3.Embodiments of the invention 3 are that the 3rd translation acting server is being set between nonlocal certificate server and local authentication server on the basis of embodiment 1 (or 2) again; Be used for two kinds of aaa protocol message between nonlocal certificate server and the local authentication server are translated each other, other steps are identical with embodiment 1 (or 2).
Corresponding to the compatibility method of this enforcement, a kind of system that uses based on the mobile IP of RADIUS and DIAMETER agreement comprises:
The foreign agent services device carries out communication with mobile node, is used for the proxy mobile node access network;
The other places certificate server carries out communication with said foreign agent services device;
The local authentication server carries out communication through the 3rd translation acting server and said nonlocal certificate server; Said the 3rd translation acting server is used for the message format of RADIUS and DIAMETER agreement is translated each other.
Preferably, this system also comprises: the home agent services device, carry out communication with said local authentication server.
Preferably; If said foreign agent services device and the different aaa protocol of said nonlocal certificate server operation; Then this system also comprises: the first translation acting server, and said foreign agent services device carries out communication through said first translation acting server and said nonlocal certificate server; The said first translation acting server is used for the message format of RADIUS and DIAMETER agreement is translated each other.
Preferably; If said home agent services device and the different aaa protocol of said local authentication server operation; Then this system also comprises: the second translation acting server; Said home agent services device carries out communication through this second translation acting server and said local authentication server, and the said second translation acting server is used for the message format of RADIUS and DIAMETER agreement is translated each other.
The said method that first, second is translated the message format of RADIUS and DIAMETER agreement with the 3rd translation acting server each other is with embodiment 1.
Embodiment 4
Accompanying drawing 7 is the network topological diagram of another embodiment of realizing the compatibility method of using based on the mobile IP of RADIUS and DIAMETER agreement of the present invention, and the scene of this embodiment is that mobile node 71 is positioned at the territory, local, directly registers to home agent services device 72.Wherein home agent services device 72 is clients of operation radius protocol; Local authentication server 74 is servers of operation DIAMETER agreement; Between the server (local authentication server 74) of the client (being home agent services device 72) of AAA system and AAA system, introduce translation acting server (TA) network entity, promptly between local acting server 72 and local certificate server 74, introduce translation acting server 73.The message flow of present embodiment is seen accompanying drawing 8.In conjunction with accompanying drawing 7 and 8, the compatibility method of using based on the mobile IP of RADIUS and DIAMETER agreement of the present invention comprises the steps:
Step S401, communication between mobile node 71 and the access server 72;
Be that mobile node 71 sends rrq message to home agent services device 72.
Step S402, communication between access server 72 and the translation acting server 73, said translation acting server 73 is translated the message format of RADIUS and DIAMETER agreement each other;
Home agent services device 72 is clients of operation radius protocol, receives that should generate AR message behind the rrq message sends to local authentication server 74, and for this reason, home agent services device 72 at first sends to translation acting server 73 with AR message.The AR message that translation acting server 73 is sent according to home agent services device 72 is the AMR message of DIAMETER agreement with the AR message translation.
Step S403, communication between translation acting server 73 and the certificate server 74;
Promptly translate acting server 73 AMR message is sent to local authentication server 74.Local authentication server 74 is servers of operation DIAMETER agreement, can verify mobile node 71 according to the information among the AMR after receiving AMR, checking through after should generate AMA message and reply to home agent services device 72.For an AMA message that generates replies to home agent services device 72, and accomplish registration, the method for this embodiment also comprises:
Step S404, certificate server 74 sends message to translation acting server 73;
Be that local authentication server 74 sends to translation acting server 73 with the AMA message that generates, described translation acting server 73 is translated the message format of RADIUS and DIAMETER agreement each other;
Because home agent services device 72 is clients of operation radius protocol, therefore translates acting server 73 the AMA message translation of receiving is corresponding RADIUS message AA.
Step S405, translation acting server 73 and 72 communications of home agent services device;
The translation acting server sends to home agent services device 72 with the AA message that generates.Described home agent services device is the client of operation radius protocol, and receiving needs after the AA message to generate RRP message and issue mobile node 71.
Step S406, communication between home agent services device 72 and the mobile node 71;
Home agent services device 72 sends RRP message and gives mobile node 71, accomplishes the registration process of mobile node.
As shown in Figure 7, a kind of system that uses based on the mobile IP of RADIUS and DIAMETER agreement comprises:
Home agent services device 72 carries out communication with mobile node 71, is used for proxy mobile node 71 access networks;
Translation acting server 73 is arranged between said home agent services device 72 and the local authentication server 74, is used for the message format of RADIUS and DIAMETER agreement is translated each other;
Local authentication server 74 carries out communication through said translation acting server 73 with said home agent services device 32.
One of them operation radius protocol of said home agent services device 72 and said local authentication server 74, another operation DIAMETER agreement.For example, said home agent services device 72 is client-servers of operation radius protocol, and said local authentication server 74 is servers of operation DIAMETER agreement.
Detailed description through to above-mentioned execution mode is visible; The present invention can be through being provided with translation acting server network entity in network; Under the situation of the function that does not change original network configuration and network entity, reach the mobile IP application aims of compatible RADIUS and DIAMETER agreement.
Beneficial effect of the present invention:
Through adopting scheme of the present invention; Not only can make the network entity collaborative work of the different aaa protocols of operation; And owing to adopt the DIAMETER agreement to move the flow process of IP, make the registration and the identifying procedure of network entity of radius protocol unite two into one, improved efficient.
Technical scheme of the present invention meets RADIUS and DIAMETER agreement fully and moves IP and use described network configuration; Under the prerequisite that does not change original network configuration and network entity function; Only with the network entity of introducing seldom; Just can realize the compatibility of the network entity of RADIUS and DIAMETER agreement, make radius protocol excessively more steady to the DIAMETER agreement.
The above content; Be merely the concrete execution mode of the present invention, but protection scope of the present invention is not limited thereto, any technical staff who is familiar with the present technique field is in the technical scope that the present invention discloses; The variation that can expect easily or replacement all should be encompassed in protection scope of the present invention.

Claims (7)

1. a compatibility method of using based on the mobile IP of RADIUS and DIAMETER agreement is characterized in that, comprises the steps:
Step S1, communication between mobile node and the access server;
Step S2, communication between access server and the translation acting server, said translation acting server is translated the message format of RADIUS and DIAMETER agreement each other;
Step S3, communication between said translation acting server and the certificate server;
Wherein, one of them operation radius protocol of said access server and said certificate server, another operation DIAMETER agreement; Said access server among the step S1 is the foreign agent services device, and the said certificate server among the step S3 is nonlocal certificate server; Perhaps, the said access server among the step S1 is the home agent services device, and the said certificate server among the step S3 is the local authentication server; And
Said access server in step S1 is the foreign agent services device, and when the said certificate server among the corresponding step S3 was nonlocal certificate server, this method also comprised the steps:
Step S4, communication between said nonlocal certificate server and the local authentication server;
Step S5, communication between the said local authentication server and the second translation acting server, the said second translation acting server is translated the message format of RADIUS and DIAMETER agreement each other;
Step S6, communication between said second translation acting server and the home agent services device;
Wherein, one of them operation radius protocol of said local authentication server and said home agent services device, another operation DIAMETER agreement; And the said method that the message format of RADIUS and DIAMETER agreement is translated each other comprises:
The mobile node request message of DIAMETER agreement and the access request message of RADIUS are translated mutually;
The mobile node response message of DIAMETER agreement and the access permission of radius protocol and refuse information and registration are replied message and are translated mutually; MIP-MA-Type attribute in wherein said access permission and the refuse information is provided with, be used to represent this message corresponding be the DIAMETER protocol message between local authentication server or nonlocal certificate server and the foreign agent services device;
The home agent request message of DIAMETER agreement and the login request message of radius protocol are translated each other;
The home agent response message of DIAMETER agreement and the access permission/refuse information of radius protocol are replied message with registration and are translated mutually; MIP-MA-Type attribute in wherein said access permission and the refuse information is provided with, be used to represent this message corresponding be the DIAMETER protocol message between home agent services device and the local authentication server;
The interpretation method such as the following table 1 of the related attribute relevant in the wherein above-mentioned message with mobile IP:
Table 1
Figure FSB00000692381700021
2. the compatibility method of using based on the mobile IP of RADIUS and DIAMETER agreement according to claim 1; It is characterized in that; When said home agent services device and said foreign agent services device operation DIAMETER agreement; When said nonlocal certificate server and said local authentication server operation radius protocol, said step S3 also comprises:
Communication between said translation acting server and the said second translation acting server.
3. the compatibility method of using based on the mobile IP of RADIUS and DIAMETER agreement according to claim 1 is characterized in that, also comprises:
In step S4, carry out communication through the 3rd translation acting server between said nonlocal certificate server and the said local authentication server, said the 3rd translation acting server is translated the message format of RADIUS and DIAMETER agreement each other; One of them operation radius protocol of wherein said nonlocal certificate server and said local authentication server, another operation DIAMETER agreement.
4. according to each described compatibility method of using based on the mobile IP of RADIUS and DIAMETER agreement of claim 1 to 3, it is characterized in that, also comprise:
Step S7 handles and sends back to mobile node to the registration answer message that the home agent services device sends, and accomplishes the mobile node registration.
5. a compatible system of using based on the mobile IP of RADIUS and DIAMETER agreement is characterized in that, comprises
Access server carries out communication with mobile node, is used for the proxy mobile node access network;
The translation acting server is arranged between said access server and the certificate server, is used for the message format of RADIUS and DIAMETER agreement is translated each other;
Certificate server is used for carrying out communication through said translation acting server and said access server;
Wherein, one of them operation radius protocol of said access server and said certificate server, another operation DIAMETER agreement; Said access server is the foreign agent services device, and said certificate server is nonlocal certificate server; Perhaps, said access server is the home agent services device, and said certificate server is the local authentication server;
When said access server is the foreign agent services device, when corresponding said certificate server was nonlocal certificate server, this system also comprised:
The local authentication server carries out communication with said nonlocal certificate server;
The home agent services device carries out communication through the second translation acting server and said local authentication server; The said second translation acting server is used for the message format of RADIUS and DIAMETER agreement is translated each other; One of them operation radius protocol of wherein said home agent services device and said local authentication server, another operation DIAMETER agreement;
Wherein, said message format with RADIUS and DIAMETER agreement is translated each other and is comprised:
The mobile node request message of DIAMETER agreement and the access request message of RADIUS are translated mutually;
The mobile node response message of DIAMETER agreement and the access permission of radius protocol and refuse information and registration are replied message and are translated mutually; MIP-MA-Type attribute in wherein said access permission and the refuse information is provided with, be used to represent this message corresponding be the DIAMETER protocol message between local authentication server or nonlocal certificate server and the foreign agent services device;
The home agent request message of DIAMETER agreement and the login request message of radius protocol are translated each other;
The home agent response message of DIAMETER agreement and the access permission/refuse information of radius protocol are replied message with registration and are translated mutually; MIP-MA-Type attribute in wherein said access permission and the refuse information is provided with, be used to represent this message corresponding be the DIAMETER protocol message between home agent services device and the local authentication server;
The interpretation method such as the following table 1 of the related attribute relevant in the wherein above-mentioned message with mobile IP:
Table 1
6. the compatible system of using based on the mobile IP of RADIUS and DIAMETER agreement according to claim 5; It is characterized in that; When said foreign agent services device and said home agent services device is the server of operation DIAMETER agreement; When said nonlocal certificate server and said local authentication server were the server of operation radius protocol, the said translation acting server and the second translation acting server carried out communication.
7. the compatible system of using based on the mobile IP of RADIUS and DIAMETER agreement according to claim 5; It is characterized in that; Also comprise: when one of them operation radius protocol of said nonlocal certificate server and said local authentication server; During another operation DIAMETER agreement, said local authentication server carries out communication through the 3rd translation acting server and said nonlocal certificate server; Said the 3rd translation acting server is used for the message format of RADIUS and DIAMETER agreement is translated each other.
CN 200810119536 2008-09-02 2008-09-02 Compatible method and system for mobile IP application based on RADIUS and DIAMETER protocol Expired - Fee Related CN101355578B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN 200810119536 CN101355578B (en) 2008-09-02 2008-09-02 Compatible method and system for mobile IP application based on RADIUS and DIAMETER protocol

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN 200810119536 CN101355578B (en) 2008-09-02 2008-09-02 Compatible method and system for mobile IP application based on RADIUS and DIAMETER protocol

Publications (2)

Publication Number Publication Date
CN101355578A CN101355578A (en) 2009-01-28
CN101355578B true CN101355578B (en) 2012-12-19

Family

ID=40308166

Family Applications (1)

Application Number Title Priority Date Filing Date
CN 200810119536 Expired - Fee Related CN101355578B (en) 2008-09-02 2008-09-02 Compatible method and system for mobile IP application based on RADIUS and DIAMETER protocol

Country Status (1)

Country Link
CN (1) CN101355578B (en)

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101594602B (en) * 2009-06-01 2012-06-13 中兴通讯股份有限公司 Method and system for realizing cross-protocol failover
CN101815295B (en) * 2010-03-16 2013-02-27 东南大学 Key distribution method between LMA and MAG in pmip6
CN107396186B (en) * 2017-08-11 2019-11-08 四川长虹电器股份有限公司 Linux equipment WebOS system application management method

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1497903A (en) * 2002-09-26 2004-05-19 ض� Method and system for submitting control and monitoring function for telecommunication exchange area

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1497903A (en) * 2002-09-26 2004-05-19 ض� Method and system for submitting control and monitoring function for telecommunication exchange area

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
P.Calhoun,G.Zorn,etc..《DIAMETER Network Access Server Application》.《RFC4005》.www.ietf.org,2005,54-55页. *

Also Published As

Publication number Publication date
CN101355578A (en) 2009-01-28

Similar Documents

Publication Publication Date Title
Calhoun et al. Diameter mobile IPv4 application
US8213900B2 (en) Switching system and corresponding method for unicast or multicast end-to-end data and/or multimedia stream transmissions between network nodes
CN101156488B (en) Radio communication system and radio communication method
US7079499B1 (en) Internet protocol mobility architecture framework
US6769000B1 (en) Unified directory services architecture for an IP mobility architecture framework
US7346684B2 (en) System and method for control of packet data serving node selection in a mobile internet protocol network
JP4639016B2 (en) Mobile internet access
JP5204219B2 (en) Method and apparatus for providing a proxy mobile key hierarchy in a wireless communication network
KR100450973B1 (en) Method for authentication between home agent and mobile node in a wireless telecommunications system
CN102938890B (en) User's overview, strategy and PMIP key distribution in cordless communication network
US20080198861A1 (en) Method for the routing and control of packet data traffic in a communication system
US9043599B2 (en) Method and server for providing a mobility key
WO2006122226A2 (en) Lan-based uma network controller with local services support
JP2004241976A (en) Mobile communication network system and method for authenticating mobile terminal
JP2004153392A (en) Communication system
CN100571258C (en) The method and system of secure communication between communication networks is provided
CN101355578B (en) Compatible method and system for mobile IP application based on RADIUS and DIAMETER protocol
RU2395921C2 (en) Methods and device for establishment of connections realised by basic station
CN101031133B (en) Method and apparatus for determining mobile-node home agent
CN101848195A (en) Light-weight dual-stack negotiation processing method and device, communication device and communication system
US8908871B2 (en) Mobile internet protocol system and method for updating home agent root key
JP5180085B2 (en) Wireless terminal method and apparatus for establishing a connection
JP2003070068A (en) Authentication section decision method and authentication section decision equipment
CN1949785B (en) Service authorizing method and system of mobile node
Calhoun et al. RFC 4004: Diameter Mobile IPv4 Application

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant
ASS Succession or assignment of patent right

Owner name: SHANGHAI YINGLIAN TIGAN INTELLIGENT TECHNOLOGY CO.

Free format text: FORMER OWNER: INSTITUTE OF COMPUTING TECHNOLOGY, CHINESE ACADEMY OF SCIENCES

Effective date: 20140126

C41 Transfer of patent application or patent right or utility model
COR Change of bibliographic data

Free format text: CORRECT: ADDRESS; FROM: 100080 HAIDIAN, BEIJING TO: 200072 ZHABEI, SHANGHAI

TR01 Transfer of patent right

Effective date of registration: 20140126

Address after: 200072 Shanghai Road, Luochuan, No. 840, room 3, building 104

Patentee after: SHANGHAI YINGLIAN SOMATOSENSORY INTELLIGENT TECHNOLOGY Co.,Ltd.

Address before: 100080 Haidian District, Zhongguancun Academy of Sciences, South Road, No. 6, No.

Patentee before: Institute of Computing Technology, Chinese Academy of Sciences

ASS Succession or assignment of patent right

Owner name: SHANGHAI XINGDI COMMUNICATION ENGINEERING INSTITUT

Free format text: FORMER OWNER: SHANGHAI YINGLIAN TIGAN INTELLIGENT TECHNOLOGY CO., LTD.

Effective date: 20140304

COR Change of bibliographic data

Free format text: CORRECT: ADDRESS; FROM: 200072 ZHABEI, SHANGHAI TO: 201821 JIADING, SHANGHAI

TR01 Transfer of patent right
TR01 Transfer of patent right

Effective date of registration: 20140304

Address after: 201821 No. 1288, Yecheng Road, Jiading District Industrial Development Zone, Shanghai

Patentee after: Shanghai star earth Communication Engineering Research Institute

Address before: 200072 Shanghai Road, Luochuan, No. 840, room 3, building 104

Patentee before: SHANGHAI YINGLIAN SOMATOSENSORY INTELLIGENT TECHNOLOGY Co.,Ltd.

CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20121219

CF01 Termination of patent right due to non-payment of annual fee