CN101472257A - Method ,system and device for triggering authentication - Google Patents
Method ,system and device for triggering authentication Download PDFInfo
- Publication number
- CN101472257A CN101472257A CNA2008100067260A CN200810006726A CN101472257A CN 101472257 A CN101472257 A CN 101472257A CN A2008100067260 A CNA2008100067260 A CN A2008100067260A CN 200810006726 A CN200810006726 A CN 200810006726A CN 101472257 A CN101472257 A CN 101472257A
- Authority
- CN
- China
- Prior art keywords
- authentication
- message
- address
- authentication message
- aaa proxy
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/06—Authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0892—Network architectures or network communication protocols for network security for authentication of entities by using authentication-authorization-accounting [AAA] servers or protocols
Abstract
The embodiment of the invention discloses a method for triggering authentication, which comprises the following steps: a data pathway function entity (DPF) receives an authentication message from a gateway-mobile station (G-MS); the destination IP address of the authentication message is a first IP address; and the DPF selects authentication, authorization and accounting proxy AAA Proxy, and sends the authentication message to the AAA Proxy for triggering the authentication. By using the embodiment of the invention, the DPF selects the AAA Proxy after receiving the authentication message, of which the destination IP address is the first IP address, and sends the authentication message to the selected AAA Proxy; and then the AAA Proxy triggers the process of the authentication to a host computer, therefore, the embodiment of the invention further provides a method for triggering the authentication to the host computer in a multi-host computer system, to enable a network to support triggered authentication and re-authentication.
Description
Technical field
The embodiment of the invention relates to communication technical field, particularly a kind of mthods, systems and devices of triggering authentication.
Background technology
WiMAX (Worldwide Interoperability Microwave Access, micro-wave access to global intercommunication) is a wireless MAN access technology.It is MS (Mobile Subscribe, mobile subscriber), ASN (Access Service Network, access service network) and CSN (Connectivity Service Network, connection service network) that the WiMAX network mainly is made up of three parts.Wherein, ASN comprises BS (Base Station, the base station) and ASN-GW (Access Service Network Gateway, access service network gateway), CSN comprises PF (Policy Function, strategic server), AAA Server (Authorization Authentication Accounting Server, AAA server), AF (Application Function, application server) logic entity such as, the existing network reference model of WiMAX as shown in Figure 1.In the WiMAX network, MS directly eats dishes without rice or wine towards WiMAX, is to have the mobile terminal device that inserts the WiMAX network capabilities.
Multi-host system is the evolution of WiMAX on the existing system framework, its network reference model as shown in Figure 2, multi-host system is separated user terminal from WiMAX network mobile terminal equipment.G-MS (Gateway-Mobile Station, gateway mobile station) is the equipment with WiMAX radio open access capability, and can share to a plurality of user terminal Host provides the WiMAX radio open to insert; Host is a user terminal, does not have WiMAX radio open access capability, but can insert the WiMAX network by G-MS.User Host is the contracted user of WiMAX network, and the WiMAX network need manage the Host of G-MS rear end, and provides services on the Internet at Host.But, in the prior art, lack a kind of method of triggering authentication.
Summary of the invention
The embodiment of the invention provides a kind of mthods, systems and devices of triggering authentication, to be implemented in the multi-host system main frame is authenticated.
For achieving the above object, the embodiment of the invention provides a kind of method of triggering authentication on the one hand, comprising: data channel functional entity DPF receives the authentication message from gateway mobile station G-MS, and the purpose IP address of described authentication message is an IP address; Described DPF selects authentication to act on behalf of AAAProxy, and described authentication message is sent to described AAA Proxy triggering authentication.
On the other hand, the embodiment of the invention also provides a kind of system of triggering authentication, comprising: data channel functional entity DPF, but described data channel functional entity DPF links to each other with AAA Proxy with gateway mobile station G-MS with communication mode; Described data channel functional entity DPF, be used to receive authentication message from described gateway mobile station G-MS, select AAA Proxy, described authentication message is sent to the AAA Proxy triggering authentication of described selection, the purpose IP address of described authentication message is an IP address.
On the one hand, the embodiment of the invention also provides a kind of data channel functional entity DPF, comprising again: receiver module, be used to receive authentication message from G-MS, and the purpose IP address of described authentication message is an IP address; Select module, be used for after described receiver module receives described authentication message, select AAA Proxy; Sending module is used for described authentication message is sent to the AAAProxy that described selection module is selected.
On the one hand, the embodiment of the invention also provides a kind of gateway mobile station G-MS, comprising: receiver module is used to receive the authentication message from main frame again; Message transmission module is used for the authentication message that described receiver module receives is carried to and sends to network side on the authentication message, and the purpose IP address of described authentication message is an IP address.
Compared with prior art, the embodiment of the invention has the following advantages: pass through the embodiment of the invention, receiving after purpose IP address is the authentication message of an IP address, DPF selects AAA Proxy, then this authentication message is sent to the AAA Proxy of selection, and then by the flow process of this AAA Proxy triggering to the main frame authentication, thereby a kind of method that main frame is authenticated that triggers in multi-host system is provided, make network can support triggering authentication or re-authentication.
Description of drawings
Fig. 1 is a prior art WiMAX network reference model;
Fig. 2 is a prior art multisystem network reference model;
The method flow diagram of a kind of triggering authentication that Fig. 3 provides for the embodiment of the invention;
The method flow diagram of a kind of triggering authentication that Fig. 4 provides for the embodiment of the invention one;
The system construction drawing of a kind of triggering authentication that Fig. 5 provides for the embodiment of the invention;
The structure chart of a kind of DPF that Fig. 6 provides for the embodiment of the invention;
The structure chart of a kind of G-MS that Fig. 7 provides for the embodiment of the invention.
Embodiment
The method of a kind of triggering authentication that the embodiment of the invention provides, it is the authentication message of an IP address that gateway mobile station G-MS sends purpose IP address to network side, after receiving this authentication message, DPF (DataPath Function, data channel functional entity) selects AAA Proxy (authentication, authorize and the accounting server agency), then this authentication message is sent to the AAA Proxy of described selection, and then by the flow process of this AAAProxy triggering to the main frame authentication, thereby a kind of method that main frame is authenticated that triggers in multi-host system is provided, has made that network can be supported triggering authentication or re-authentication.Wherein, DPF can be AnchorDPF (anchor point DPF), also can be the functional entity of Serving DPF data surfaces such as (service DPF), and the embodiment of the invention is that example describes with Anchor DPF.
As shown in Figure 3, the flow chart of a kind of authentication method that provides for the embodiment of the invention specifically may further comprise the steps:
Step S301, DPF receives the authentication message that sends from G-MS, and the purpose IP address of described authentication message is an IP address.
In the embodiment of the invention, receive the authentication message that main frame sends, after EAP message, authentication message is carried on the authentication message, and this authentication message is sent to network side at G-MS.When sending authentication message, G-MS uses the purpose IP address of an IP address as this authentication message.The one IP address can be pre-configured on the G-MS, also can obtain an IP address from network side by G-MS.
Step S302 after DPF receives authentication message, selects AAA Proxy, and DPF sends to authentication message the AAA Proxy of selection.
In the embodiment of the invention, after DPF receives the authentication message for this Host from G-MS, be an IP address if detect the purpose IP address of this authentication message, then select AAAProxy, then authentication message is sent to selected AAA Proxy, triggering authentication flow process.
Further, in embodiments of the present invention, when selecting AAA Proxy, DPF can select AAA Proxy according to the configuration information of this DPF self; Perhaps, resolve the authentication message receive, the user totem information in the EAP message of carrying according to authentication message is selected AAA Proxy.
The method of above-mentioned triggering authentication, it is the authentication message of an IP address that G-MS sends purpose IP address to network side, after receiving this authentication message, DPF selects AAA Proxy, and this authentication message is sent to the AAA Proxy of selection, and then trigger flow process by this AAA Proxy to the main frame authentication, thereby can be in multi-host system triggering authentication, make network can support triggering authentication or re-authentication.
Further, in embodiments of the present invention, after selecting AAA Proxy, DPF can also be recorded in the address of selected AAA Proxy in the context of described main frame, further, when handling follow-up authentication message, can read the AAA Proxy address of having write down as forwarding address.
As shown in Figure 4, the flow chart of the method for a kind of triggering authentication that provides for the embodiment of the invention one specifically may further comprise the steps:
Step S401, Host initiates the networking authorizing procedure, sends authentication message to G-MS.
In the embodiment of the invention, can be that Host sends EAP Start information to described G-MS.For example, when between described Host and the described G-MS by Ethernet (Ethernet) when being connected, Host sends EAPoL-Start message to described G-MS, described EAPoL-Start message bearing EAP Start information.The embodiment of the invention is to be that example describes with EAPoL-Start message bearing EAP Start information, and the embodiment of the invention is not limited thereto certainly.
Step S402, described G-MS receives the authentication message from Host, sends the EAP identification request message to described Host.
Step S403, described Host receive the EAP identification request message that G-MS sends, and respond the EAP identification response message and give described G-MS, and wherein, described EAP identification response message carries the user totem information of described Host.
In the embodiment of the invention, the user totem information of described Host can be the NAI (Network Access Identity, network access Identifier) of described Host, also can be the MAC Address of described Host, or other can identify the information of Host.In the following embodiment of the invention, be that the user totem information of described Host is that example describes with the NAI of Host, but be not limited thereto.
Step S404, G-MS receives the EAP identification response message from Host, described EAP identification response message is carried on sends to ASN in the authentication message.
In the embodiment of the invention, described authentication message is based on the IP mode and transmits.The described EAP identification response message is carried on sends to ASN and the EAP identification response message is carried in the Radius message send to ASN in the authentication message, perhaps, also can be described EAP identification response message to be carried in the Diameter message send to ASN, can also be described EAP identification response message to be carried in other message of transmitting based on the IP mode send to described ASN.
Further, can be that the data channel that described authentication message is set up in advance by described G-MS is sent to described ASN, also can be newly to set up data channel, by described newly-established data channel described authentication message is sent to described ASN then.
Because described authentication message is transmitted by the IP mode, in embodiments of the present invention, when G-MS sent described authentication message, G-MS used the purpose IP address of an IP address as described authentication message.
A described IP address can be to dispose on described G-MS in advance, also can be that G-MS obtains from network side, for example: can be that G-MS passes through dhcp process (Dynamic Host ConfigurationProtocol, DHCP) obtains a described IP address from network side, increase AAA Proxy Well-Known IP Address Option Field as passing through in DHCPOption message, network side sends to described G-MS by DHCP Option message with a described IP address; Or also can obtain a described IP address by MIP (Mobile IP, mobile IP) process from network side by G-MS.
Step S405, after anchor point DPF entity A nchor DPF among the described ASN detects described destination address from G-MS and is the authentication message of a described IP address, described Anchor DPF selects AAAProxy, described authentication message is sent to the AAA Proxy of described selection.
In the embodiment of the invention, described Anchor DPF can select AAA Proxy according to the configuration information of this Anchor DPF, Anchor DPF also can resolve described authentication message, and the user totem information of the Host in the EAP identification response message that carries according to described authentication message is selected AAA Proxy.
Further, in the embodiment of the invention, described Anchor DPF can also be recorded in the address of the AAAProxy of described selection in the context of described Host, so that find described AAA Proxy in follow-up authentication message reciprocal process; After Anchor DPF migration, when the Host re-authentication, also can find described AAA Proxy.
Step S406, described AAA Proxy sends to aaa server triggering authentication flow process with described authentication message.
In the embodiment of the invention, described AAA Proxy can be the address according to the aaa server of this AAA Proxy configuration, perhaps according to the H-CSN that describes in the user totem information that carries in the described authentication message (Home-Connectivity Service Network, the ownership connectivity serving network), the EAP identification response message that described authentication message is carried sends to the aaa server of the H-CSN under the Host, and described authentication message may need through visit ground AAA route.
Step S407 carries out verification process.
In embodiments of the present invention, in carrying out verification process, described Anchor DPF is when receiving AAAProxy to message that G-MS returns, and Anchor DPF uses forwards that a described IP address sends AAA Proxy as source IP address to G-MS.After G-MS receives described message, be transferred to Host after using interface protocol between G-MS and the Host to encapsulate the EAP message of its carrying.Again, Host authenticates alternately with the opposite end that aaa server is communicated by letter as EAP, and G-MS and ASN provide transmission channel as the transmission bearer of EAP message for verify data.
The method of above-mentioned triggering authentication, it is the authentication message of an IP address that G-MS sends purpose IP address to Anchor DPF, after receiving this authentication message, Anchor DPF selects AAA Proxy, and this authentication message is sent to the AAA Proxy triggering authentication flow process of selection, thereby can be implemented in triggering authentication in the multi-host system, make network can support triggering authentication or re-authentication.
Further, in the embodiment of the invention, when re-authentication took place Host, the EAP message that Host sends can be transferred to Anchor DPF in the manner described above, and Anchor DPF can be forwarded to described AAA Proxy according to the authentication message that the EAP message will be carried in the address of the AAAProxy that has preserved.
Further, in the embodiment of the invention, when migration takes place in Anchor DPF, the address of this AAA Proxy follows the Host context to move together, when re-authentication took place Host, Anchor DPF can be forwarded on the correct AAA Proxy according to the address of the AAA Proxy that the obtains authorization data with Host.
As shown in Figure 5, the structure chart of the system of a kind of triggering authentication that provides for the embodiment of the invention comprises:
Data channel functional entity DPF51, but described data channel functional entity DPF51 links to each other with AAA Proxy53 with gateway mobile station G-MS52 with communication mode, described data channel functional entity DPF51 is used to receive the authentication message from described gateway mobile station G-MS52, select AAA Proxy53, described authentication message is sent to the AAA Proxy53 triggering authentication of selection.The purpose IP address of described authentication message is an IP address.
Further, in embodiments of the present invention, when selecting AAA Proxy53, DPF51 can select AAA Proxy53 according to the configuration information of this DPF51 self; Perhaps, resolve the authentication message that receives, select AAA Proxy53 according to the user totem information that authentication message is carried.
In the system of above-mentioned triggering authentication, DPF51 is after the authentication message that receives from G-MS52, select AAA Proxy53, and this authentication message is sent to the AAA Proxy53 of selection, and then by the flow process of this AAA Proxy53 triggering to the main frame authentication, thereby can be in multi-host system triggering authentication, make network can support triggering authentication or re-authentication.
Further, in embodiments of the present invention, described data channel functional entity DPF51 also is used for the address of selected AAA Proxy53 is recorded in the context of main frame.
Described gateway mobile station G-MS52 is used for after the authentication message that receives from main frame, described authentication message is carried in the authentication message, described authentication message is sent to described data channel functional entity DPF51, and the purpose IP address of described authentication message is an IP address.
Described AAA Proxy53 is used to receive the authentication message from described data channel functional entity DPF51, and described authentication message is sent to aaa server triggering authentication flow process.
In the embodiment of the invention, described AAA Proxy53 can be the address according to the aaa server of this AAA Proxy53 configuration, perhaps according to the H-CSN that describes in the user totem information that carries in the described authentication message (Home-Connectivity Service Network, the ownership connectivity serving network), the EAP identification response message that described authentication message is carried sends to the aaa server of the H-CSN under the Host, and described authentication message may need through visit ground AAA route.
In the system of above-mentioned triggering authentication, it is the authentication message of an IP address that G-MS52 sends purpose IP address to DPF51, after receiving this authentication message, DPF51 selects AAA Proxy53, and this authentication message is sent to the AAA Proxy53 triggering authentication flow process of selection, thereby can be implemented in triggering authentication in the multi-host system, make network can support triggering authentication or re-authentication.
As shown in Figure 6, the structure chart of a kind of DPF that provides for the embodiment of the invention comprises:
Select module 62, be used for after receiver module 61 receives described authentication message, select AAAProxy;
Like this, described DPF is after the authentication message that receives from G-MS, select AAA Proxy, and this authentication message is sent to the AAA Proxy of selection, and then by the flow process of this AAA Proxy triggering to the main frame authentication, thereby can be in multi-host system triggering authentication, make network can support triggering authentication or re-authentication.
Further, in the embodiment of the invention, described DPF also comprises: logging modle 64 is used for selecting the address of the AAA Proxy that module 62 selects to be recorded in the context of main frame.
Further, in the embodiment of the invention, described selection module 62 comprises: selection of configuration submodule 621 is used for selecting described AAA Proxy according to the configuration information of described DPF; Perhaps,
Sign chooser module 622 is used to resolve described authentication message, selects described AAA Proxy according to the user totem information that described authentication message is carried.
Wherein, described DPF also comprises: message sink module 65, be used for after sending module 63 sends to authentication message described AAA Proxy, and receive message from described AAA Proxy;
Like this, described DPF is after the authentication message that receives from G-MS, select AAA Proxy, and this authentication message is sent to the AAA Proxy of selection, and then by the flow process of this AAA Proxy triggering to the main frame authentication, thereby can be in multi-host system triggering authentication, make network can support triggering authentication or re-authentication.
As shown in Figure 7, the structure chart of a kind of G-MS that provides for the embodiment of the invention comprises:
Like this, described G-MS can be that the authentication message of an IP address sends to network side, the triggering authentication flow process with described purpose IP address.
Through the above description of the embodiments, those skilled in the art can be well understood to the present invention and can realize by the mode that software adds essential general hardware platform, can certainly pass through hardware, but the former is better execution mode under a lot of situation.Based on such understanding, the part that technical scheme of the present invention contributes to prior art in essence in other words can embody with the form of software product, this computer software product is stored in the storage medium, comprise that some instructions are with so that a computer equipment (can be a personal computer, server, the perhaps network equipment etc.) carry out the described method of each embodiment of the present invention.
More than disclosed only be several specific embodiment of the present invention, still, the present invention is not limited thereto, any those skilled in the art can think variation all should fall into protection scope of the present invention.
Claims (17)
1, a kind of method of triggering authentication is characterized in that, comprising:
Data channel functional entity DPF receives the authentication message from gateway mobile station G-MS, and the purpose IP address of described authentication message is an IP address;
Described DPF selects authentication to act on behalf of AAA Proxy, and described authentication message is sent to described AAA Proxy triggering authentication.
2, the method for triggering authentication according to claim 1 is characterized in that described authentication message is Radius message or Diameter message.
3, the method for triggering authentication according to claim 1 is characterized in that, before described DPF receives authentication message from G-MS, also comprises:
Described G-MS receives the Extensible Authentication Protocol EAP message that main frame sends;
Described G-MS on authentication message, sends to described DPF with described authentication message with described EAP message bearing.
4, the method for triggering authentication according to claim 1 is characterized in that, further comprises:
On described G-MS, dispose a described IP address in advance; Perhaps
Described G-MS obtains a described IP address by dhcp process or MIP process from network side.
5, the method for triggering authentication according to claim 1 is characterized in that, further comprises:
Described DPF is recorded in the address of the AAA Proxy of described selection in the context of main frame.
6, as the method for triggering authentication as described in the claim 5, it is characterized in that, further comprise:
If DPF moves, move with the context of described main frame the AAA Proxy address of described selection.
7, the method for triggering authentication according to claim 1 is characterized in that described selection AAA Proxy specifically comprises:
Described data channel functional entity DPF is according to pre-configured Information Selection AAA Proxy; Perhaps,
Described data channel functional entity DPF resolves described authentication message, selects AAA Proxy according to the user totem information that described authentication message is carried.
8, the method for triggering authentication according to claim 1 is characterized in that, after described authentication message is sent to described AAA Proxy, also comprises:
Receive the message that described AAA Proxy returns;
Use a described IP address to give described G-MS with the forwards that described AAA Proxy returns as source IP address.
9, a kind of system of triggering authentication is characterized in that, comprising:
Data channel functional entity DPF, but described data channel functional entity DPF links to each other with AAA Proxy with gateway mobile station G-MS with communication mode;
Described data channel functional entity DPF, be used to receive authentication message from described gateway mobile station G-MS, select AAA Proxy, described authentication message is sent to the AAA Proxy triggering authentication of described selection, the purpose IP address of described authentication message is an IP address.
As the system of triggering authentication as described in the claim 9, it is characterized in that 10, described data channel functional entity DPF is used for the address of selected AAA Proxy is recorded in the context of main frame.
11, as the system of triggering authentication as described in the claim 9, it is characterized in that, described gateway mobile station G-MS, be used for after the authentication message that receives from main frame, described authentication message is carried in the authentication message, described authentication message is sent to described data channel functional entity DPF, and the purpose IP address of described authentication message is an IP address.
12, as the system of triggering authentication as described in the claim 9, it is characterized in that described AAA Proxy is used to receive the authentication message from described data channel functional entity DPF, and described authentication message is sent to aaa server triggering authentication flow process.
13, a kind of data channel functional entity DPF is characterized in that, comprising:
Receiver module is used to receive the authentication message from G-MS, and the purpose IP address of described authentication message is an IP address;
Select module, be used for after described receiver module receives described authentication message, select AAAProxy;
Sending module is used for described authentication message is sent to the AAA Proxy that described selection module is selected.
14, as DPF as described in the claim 13, it is characterized in that, also comprise:
Logging modle, the address that is used for AAA Proxy that described selection module is selected is recorded in the context of main frame.
15, as DPF as described in the claim 13, it is characterized in that described selection module comprises:
The selection of configuration submodule is used for selecting described AAA Proxy according to the configuration information of described DPF; Perhaps,
Sign chooser module is used to resolve described authentication message, selects described AAA Proxy according to the user totem information that described authentication message is carried.
16, as DPF as described in the claim 13, it is characterized in that, also comprise:
The message sink module is used for after described sending module sends to described AAAProxy with described authentication message, receives the message from described AAA Proxy;
Forwarding module is used to use a described IP address to give described G-MS as source IP address with the described forwards from AAA Proxy that described receiver module receives.
17, a kind of gateway mobile subscriber G-MS is characterized in that, comprising:
Receiver module is used to receive the authentication message from main frame;
Message transmission module is used for the authentication message that described receiver module receives is carried to and sends to network side on the authentication message, and the purpose IP address of described authentication message is an IP address.
Priority Applications (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN2008100067260A CN101472257B (en) | 2007-12-27 | 2008-01-29 | Method ,system and device for triggering authentication |
PCT/CN2008/073673 WO2009092261A1 (en) | 2007-12-27 | 2008-12-24 | Method, system and device for triggering authentication |
Applications Claiming Priority (3)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN200710301781 | 2007-12-27 | ||
CN200710301781.8 | 2007-12-27 | ||
CN2008100067260A CN101472257B (en) | 2007-12-27 | 2008-01-29 | Method ,system and device for triggering authentication |
Publications (2)
Publication Number | Publication Date |
---|---|
CN101472257A true CN101472257A (en) | 2009-07-01 |
CN101472257B CN101472257B (en) | 2012-10-17 |
Family
ID=40829309
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN2008100067260A Expired - Fee Related CN101472257B (en) | 2007-12-27 | 2008-01-29 | Method ,system and device for triggering authentication |
Country Status (2)
Country | Link |
---|---|
CN (1) | CN101472257B (en) |
WO (1) | WO2009092261A1 (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103973658A (en) * | 2013-02-04 | 2014-08-06 | 中兴通讯股份有限公司 | Static user terminal authentication processing method and device |
Family Cites Families (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN100512190C (en) * | 2005-05-30 | 2009-07-08 | 中兴通讯股份有限公司 | Intercommunicating system and method between mobile communication network and wireless metropolitan area network |
TWI305462B (en) * | 2005-12-29 | 2009-01-11 | Ind Tech Res Inst | Method and system for secure authentication in a wireless network |
CN101064605B (en) * | 2006-04-29 | 2011-02-16 | 华为技术有限公司 | AAA framework of multi-host network and authentication method |
-
2008
- 2008-01-29 CN CN2008100067260A patent/CN101472257B/en not_active Expired - Fee Related
- 2008-12-24 WO PCT/CN2008/073673 patent/WO2009092261A1/en active Application Filing
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103973658A (en) * | 2013-02-04 | 2014-08-06 | 中兴通讯股份有限公司 | Static user terminal authentication processing method and device |
WO2014117525A1 (en) * | 2013-02-04 | 2014-08-07 | 中兴通讯股份有限公司 | Method and device for handling authentication of static user terminal |
US9948647B2 (en) | 2013-02-04 | 2018-04-17 | Zte Corporation | Method and device for authenticating static user terminal |
Also Published As
Publication number | Publication date |
---|---|
WO2009092261A1 (en) | 2009-07-30 |
CN101472257B (en) | 2012-10-17 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US8077681B2 (en) | Method and system for establishing a connection via an access network | |
US10080170B2 (en) | Network handover method, apparatus, device, and system | |
US8769626B2 (en) | Web authentication support for proxy mobile IP | |
CN105052184B (en) | Method, equipment and controller for controlling user equipment to access service | |
US10432632B2 (en) | Method for establishing network connection, gateway, and terminal | |
US8913516B2 (en) | System and method for delivering push message | |
US8588742B2 (en) | Method and apparatus for providing wireless services to mobile subscribers using existing broadband infrastructure | |
US8676999B2 (en) | System and method for remote authentication dial in user service (RADIUS) prefix authorization application | |
WO2007087608A2 (en) | System, method, and interface for segregation of a session controller and a security gateway | |
WO2011116713A2 (en) | Method, device and system for machine type communication (mtc) terminal communicating with network through gateway | |
US20130191906A1 (en) | Apparatus and method for supporting portable mobile virtual private network service | |
RU2727160C1 (en) | Authentication for next-generation systems | |
CN102388639A (en) | Method and device for accessing mobile network and user device | |
KR102184854B1 (en) | Local network connection methods, devices and systems | |
US20230275883A1 (en) | Parameter exchange during emergency access using extensible authentication protocol messaging | |
WO2014101755A1 (en) | Service data shunting method and system | |
EP3114865B1 (en) | Using services of a mobile packet core network | |
US10219309B2 (en) | D2D service authorizing method and device and home near field communication server | |
WO2014047923A1 (en) | Method and device for accessing network | |
CN101472257B (en) | Method ,system and device for triggering authentication | |
CN103974230B (en) | position information acquisition method and corresponding device | |
CN101483634B (en) | Method and apparatus for triggering reidentification | |
JP4371249B1 (en) | COMMUNICATION SYSTEM, SERVER DEVICE, INFORMATION NOTIFICATION METHOD, PROGRAM | |
JP5775017B2 (en) | Communication device and base station device | |
CN104185303A (en) | Methods and systems for establishing channel in fixed and mobile network convergence case |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
C14 | Grant of patent or utility model | ||
GR01 | Patent grant | ||
CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20121017 Termination date: 20180129 |
|
CF01 | Termination of patent right due to non-payment of annual fee |