CN101483634A - Method and apparatus for triggering reidentification - Google Patents
Method and apparatus for triggering reidentification Download PDFInfo
- Publication number
- CN101483634A CN101483634A CNA2008100003521A CN200810000352A CN101483634A CN 101483634 A CN101483634 A CN 101483634A CN A2008100003521 A CNA2008100003521 A CN A2008100003521A CN 200810000352 A CN200810000352 A CN 200810000352A CN 101483634 A CN101483634 A CN 101483634A
- Authority
- CN
- China
- Prior art keywords
- host
- authentication
- identification information
- request
- condition
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
Landscapes
- Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Mobile Radio Communication Systems (AREA)
- Telephonic Communication Services (AREA)
Abstract
The invention relating to a communication technology field discloses a recertification triggering method. The method comprises steps of if a condition being satisfied for triggering recertification to a host, obtaining the host identification information; triggering a recertification flow to the host on the basis of obtained host identification information. The invention also discloses a corresponding recertification triggering device comprising a recertification detecting unit for detecting whether the condition is satisfied for triggering recertification to a host or not; an identification information obtaining unit for obtaining host identification information when the condition is detected to be satisfied for triggering recertification; a recertification request sending unit for generating and sending a recertification request carrying the host identification information. By adopting the invention, host-objected recertification can be realized.
Description
Technical field
The present invention relates to communication technical field, relate in particular to a kind of method and device that triggers re-authentication.
Background technology
WiMAX is based on the wireless domains network technology of IEEE802.16 standard.The Organization Chart of the existing WiMAX system that Fig. 1 provides, the WiMAX system mainly comprises travelling carriage (Mobile Station, be called for short MS), access service network (Access Service Network, be called for short ASN) and connection service network (Connectivity Service Network, be called for short CSN), wherein:
MS directly eats dishes without rice or wine towards WiMAX, has the mobile terminal device that inserts the WiMAX network capabilities.
ASN comprises base station (Base Station, be called for short BS) and access service network gateway (Access ServiceNetwork Gate Way, be called for short ASN GW), be mainly used in the network function set that the wireless access service is provided for MS, comprise: be connected with link layer with the physical layer of eating dishes without rice or wine of MS, provide network to find and selection, access authentication, devolution, Radio Resource control and management, charge and add up and the station message recording generation, the link switchover of eating dishes without rice or wine, paging and location management, the proxy-mobile IP function, the QoS of service flow authorizes and carrying control, eat dishes without rice or wine data compression and encryption etc.
CSN is mainly used in the network function set that network connection service is provided for MS, comprising: user signing contract information management, access authentication, authorization control, IP address assignment and management, charging are served with the management of user's ticket, IP mobile management, roaming service is provided, location-based business is provided, Multimedia Broadcast Multicast Service is provided, IP Multimedia System business etc. are provided.
Many main frames (Multi Host) WiMAX system is the evolution on existing WiMAX system architecture.With reference to figure 2, multi-host WiMAX system is on the basis of the existing WiMAX network architecture, MS is separated into two kind equipments, be multi-host system travelling carriage (G-MS) and main frame (Host), wherein, G-MS is the equipment with WiMAX radio open access capability, and can share to a plurality of Host provides the WiMAX radio open to insert; Host is a user terminal, does not have WiMAX radio open access capability, but can insert the WiMAX network by G-MS.User Host still is WiMAX network contraction user, and the WiMAX network need manage the Host of G-MS rear end, and provides services on the Internet at Host.Interconnection technique between Host and G-MS is not limit, and can be wired connection, can be wireless connections yet.
In realizing process of the present invention, the inventor finds that there is following problem at least in the prior art scheme: in existing WiMAX system, determine whether to carry out re-authentication by private key management agreement authentication beginning (PKMv2EAP-Start) message that detects from MS, as long as BS detects cipher-text message summary (the Ciphers-based Message Authentication Keys of this message, be called for short CMAC) authenticate and pass through, then send authentication trunk protocol authentication beginning (AR-EAP-Start) message trigger MS re-authentication to authentication device (Authenticator); And in multi-host WiMAX system, need carry out re-authentication at Host, yet therefore present method can't realize the re-authentication at Host owing to can't make Authenticator determine and need carry out re-authentication to which Host.
Summary of the invention
The technical problem that the embodiment of the invention will solve provides a kind of method and device that triggers re-authentication, can realize the re-authentication at Host.
For solving the problems of the technologies described above, embodiments of the invention provide following technical scheme:
A kind of method that triggers re-authentication comprises:
Meet initiation to the condition that main frame Host carries out re-authentication if detect, then obtain the Host identification information;
Based on the Host identification information that is obtained, trigger the flow process of described Host being carried out re-authentication.
A kind of device of initiating re-authentication comprises:
The re-authentication detecting unit is used to detect re-authentication is carried out in initiation to Host the condition that whether meets;
Identification information obtaining unit is used in the result of described detection obtaining the Host identification information when meeting the re-authentication condition;
The re-authentication request transmitting unit is used to generate and send the re-authentication request of carrying described Host identification information.
A kind of device of initiating re-authentication comprises:
The re-authentication detecting unit is used to detect re-authentication is carried out in initiation to Host the condition that whether meets;
Identification information obtaining unit is used in the result of described detection obtaining the Host identification information when meeting the re-authentication condition;
The re-authentication trigger element is used for based on described Host identification information, triggers the flow process of corresponding Host being carried out re-authentication.
As can be seen from the above technical solutions, by the condition that Host carries out re-authentication being detected,, obtain the Host identification information in the embodiment of the invention detecting when eligible to whether meeting initiation, and then, initiate corresponding Host is carried out the flow process of re-authentication based on this identification information; In the present embodiment, owing to can determine to carry out the Host of re-authentication, therefore can realize re-authentication at Host.
Description of drawings
Fig. 1 is the Organization Chart of existing WiMAX system;
Fig. 2 is the Organization Chart of existing multi-host WiMAX system;
Fig. 3~Fig. 9 is the flow chart of the method embodiment one~embodiment seven of the triggering re-authentication that provides of the embodiment of the invention;
Figure 10 is the structure chart of the device embodiment one of the triggering re-authentication that provides of the embodiment of the invention;
Figure 11 is the structure chart of the device embodiment two of the triggering re-authentication that provides of the embodiment of the invention.
Embodiment
Below in conjunction with accompanying drawing, the method for a kind of re-authentication that the embodiment of the invention is provided and the preferred embodiment of device are described in detail.
The method embodiment one of the triggering re-authentication that the embodiment of the invention provides, with reference to figure 3, the present embodiment method comprises:
A1, detect and whether to meet initiation main frame Host is carried out the condition of re-authentication, if obtain the Host identification information.
Wherein, detecting when whether meeting initiation Host being carried out the condition of re-authentication, can be to detect whether to receive the re-authentication request of carrying the Host identification information, can also be whether the Host context that detects local maintenance meets the condition of initiating re-authentication.
A2, based on the Host identification information that is obtained, trigger the flow process of described Host being carried out re-authentication.
Wherein, described Host is carried out comprising in the flow process of re-authentication the step that sends the re-authentication identification request of carrying the Host identification information to corresponding Host.
As can be seen from the above technical solutions, by the condition that Host carries out re-authentication being detected,, obtain the Host identification information in the embodiment of the invention detecting when eligible to whether meeting initiation, and then, initiate corresponding Host is carried out the flow process of re-authentication based on this identification information; In the present embodiment, owing to can determine to carry out the Host of re-authentication, therefore can realize re-authentication at Host.
The method embodiment two of the triggering re-authentication that the embodiment of the invention provides; In the present embodiment, authentication device/authentication and authorization charging client (Authenticator/AAA Client) is detecting when meeting the condition of initiating re-authentication, initiates the re-authentication to Host; With reference to figure 4, the present embodiment method comprises:
B1, Authenticator/AAAClient detect and whether to meet initiation Host is carried out the condition of re-authentication, if obtain the Host identification information.
In the present embodiment, whether Authenticator/AAA Client can receive the signaling plane re-authentication request of carrying the Host identification information by detection and determine whether to meet re-authentication is carried out in initiation to Host condition: for example, detect the re-authentication request of carrying the Host identification information that receives from BS as Authenticator/AAA Client, as being authentication trunk protocol authentication beginning (AR_EAP_Start) message, then determine to meet re-authentication is carried out in initiation to Host condition, here, described acquisition Host identification information then can be to obtain described Host identification information from described re-authentication request.
In the present embodiment, whether the Host context that Authenticator/AAA Client also can detect local maintenance meets the condition of initiating re-authentication, when detecting the Host context and meet the condition of initiating re-authentication, then determine to meet re-authentication is carried out in initiation to Host condition, here, described acquisition Host identification information then can be to obtain described Host identification information from the Host context of described local maintenance.
B2, based on the Host identification information that is obtained, trigger the flow process of described Host being carried out re-authentication.In the embodiment of the invention, described triggering comprises the flow process that described Host carries out re-authentication: the re-authentication state machine to described Host carries out initialization; And the re-authentication identification request that generates the signaling plane that carries described Host identification information, as sending to BS after authentication trunk protocol authentication transmission (AR_EAP_Transfer) message.
Wherein, if for a plurality of Host, its corresponding Host context all meets the condition of initiating re-authentication, carry a plurality of Host identification informations in the re-authentication request message that is perhaps received, then after obtaining these a plurality of Host identification informations, respectively the re-authentication state machine of each Host is wherein carried out initialization; And send to BS respectively after generating the AR_EAP_Transfer of each Host correspondence.
After B3, BS receive the AR_EAP_Transfer message of carrying the Host identification information, private key management agreement response (PKMv2-Rsp) message or Extensible Authentication Protocol transmission (EAP-Transfer) message of described Host identification information is carried in generation, and sends to G-MS.
Wherein, in described PKMv2-Rsp or EAP-Transfer message, also carry CMAC.
After B4, G-MS receive PKMv2-Rsp or EAP-Transfer message, judge whether the CMAC that wherein carries is legal, if legal,, send Extensible Authentication Protocol identification request (EAP-Request/Identify) message to corresponding Host then according to the Host identification information in the described message.
Authenticator/AAA Client detects the condition that Host carries out re-authentication whether meeting initiation in the embodiment of the invention, detecting when eligible, obtain the Host identification information, and then, trigger the flow process of corresponding Host being carried out re-authentication based on this identification information; In the present embodiment, owing to can determine to carry out the Host of re-authentication, therefore can realize re-authentication at Host.
The method embodiment three of the triggering re-authentication that the embodiment of the invention provides; Present embodiment is applicable to the situation of empty port load-supporting ethernet frame; With reference to figure 5, the present embodiment method comprises:
C1, Authenticator/AAA Client detect and whether to meet initiation Host is carried out the condition of re-authentication, if obtain the Host identification information.
In the present embodiment, whether the Host context that Authenticator/AAA Client can detect local maintenance meets the condition of initiating re-authentication, when detecting the Host context and meet the condition of initiating re-authentication, then determine to meet re-authentication is carried out in initiation to Host condition, here, described acquisition Host identification information then can be to obtain described Host identification information from the Host context of described local maintenance.
In the present embodiment, Authenticator/AAA Client also can be by detecting the re-authentication request of carrying the Host identification information that whether receives, begin (EAPoL-Start) message as the extended authentication that can be based on Ethernet and determine whether to meet re-authentication is carried out in initiation to Host condition, here, described acquisition Host identification information then can be to obtain described Host identification information from described re-authentication request.Wherein, EAPoL-Start message can be anchor data function body/external agent (Anchor DPF/FA) after receiving the EAPoL-Start message of data surface, be to send to Authenticator/AAA Client behind the EAPoL-Start of corresponding signaling plane this message conversion; The EAPoL-Start message of the data surface that Anchor DPF/FA receives then can be that Host sends to Anchor DPF/FA with this message bearing in the data channel that G-MS sets up.
C2, based on the Host identification information that is obtained, trigger the flow process of corresponding Host being carried out re-authentication; Comprise: the re-authentication state machine to corresponding Host carries out initialization; And send to Anchor DPF/FA after generating extended authentication identification request (EAPoL-Request/Identify) message based on Ethernet of the signaling plane carry described Host identification information.
Wherein, if for a plurality of Host, its corresponding Host context all meets the condition of initiating re-authentication, perhaps, carry a plurality of Host identification informations in the EAPoL-Start message that is received, then after obtaining these a plurality of Host identification informations, respectively the re-authentication state machine of each Host is wherein carried out initialization; And send to Anchor DPF/FA respectively after generating the EAPoL-Request/Identify message of each Host correspondence.
After C3, Anchor DPF/FA receive EAPoL-Request/Identify message, be to be carried on behind the corresponding data surface EAPoL-Request/Identify in the data channel that G-MS sets up to send to corresponding Host with this message conversion.
The embodiment of the invention is applicable to the situation of empty port load-supporting ethernet frame, Authenticator/AAAClient detects the condition that Host carries out re-authentication whether meeting initiation, detecting when eligible, obtain the Host identification information, and then, trigger the flow process of corresponding Host being carried out re-authentication based on this identification information; In the present embodiment, owing to can determine to carry out the Host of re-authentication, therefore can realize re-authentication at Host.
The method embodiment four of the triggering re-authentication that the embodiment of the invention provides; In the present embodiment, BS is detecting when meeting the condition of initiating re-authentication, initiates the re-authentication to Host; With reference to figure 6, the present embodiment method comprises:
D1, BS detect and whether to meet initiation Host is carried out the condition of re-authentication, if obtain corresponding Host identification information.
In the present embodiment, whether BS can receive the signaling plane re-authentication request of carrying the Host identification information by detection and determine whether to meet re-authentication is carried out in initiation to Host condition: for example, when BS detects the PKMv2 Req message of carrying the Host identification information that receives from G-MS, then determine to meet re-authentication is carried out in initiation to Host condition; In addition, BS is if the extended authentication protocol that carries the Host identification information that detects from G-MS begins (EAP_Start) message, also can determine to meet re-authentication is carried out in initiation to Host condition, here, described acquisition Host identification information then can be to obtain described Host identification information from described re-authentication request.
In the present embodiment, whether the safe context that BS also can detect the Host of local maintenance meets the condition of initiating re-authentication, when the safe context that detects Host meets the condition of initiating re-authentication, then determine to meet re-authentication is carried out in initiation to Host condition, here, described acquisition Host identification information then can be to obtain described Host identification information from the Host context of described local maintenance.
D2, send to Authenticator/AAA Client after generating the AR_EAP_Start message carry described Host identification information, the re-authentication to corresponding Host is initiated in request.
Wherein, if for a plurality of Host, its corresponding Host context all meets the condition of initiating re-authentication, perhaps, carry a plurality of Host identification informations in PKMv2 Req message that BS received or the EAP_Start message, then after obtaining these a plurality of Host identification informations, in the AR_EAP_Start message that is generated, carry the identification information of described a plurality of Host, like this, only need just can initiate re-authentication by a message at a plurality of Host.
D3, Authenticator/AAA Client obtain the Host identification information that carries in this message after receiving AR_EAP_Start message.
D4, based on the Host identification information that is obtained, trigger the flow process of corresponding Host being carried out re-authentication; Comprise: the re-authentication state machine to corresponding Host carries out initialization; And send to BS after generating the AR_EAP_Transfer that carries described Host identification information.
If carry the identification information of a plurality of Host in the AR_EAP_Start message that is received, Authenticator/AAA Client sends to BS after generating AR_EAP_Transfer at each Host.
After D5, BS receive the AR_EAP_Transfer message of carrying the Host identification information, generate the PKMv2-Rsp or the EAP-Transfer message of carrying described Host identification information, and send to G-MS.
Wherein, in described PKMv2-Rsp or EAP-Transfer message, also carry CMAC.
After D6, G-MS receive PKMv2-Rsp or EAP-Transfer message, judge whether the CMAC that wherein carries is legal,,, send EAP-Request/Identify message to corresponding Host then according to the Host identification information in the described message if legal.
BS detects the condition that Host carries out re-authentication whether meeting initiation in the embodiment of the invention, detecting when eligible, obtain the Host identification information and offer Authenticator/AAAClient, based on this identification information, trigger the flow process of corresponding Host being carried out re-authentication by Authenticator/AAA Client; In the present embodiment, owing to can determine to carry out the Host of re-authentication, therefore can realize re-authentication at Host.
The method embodiment five of the triggering re-authentication that the embodiment of the invention provides; In the present embodiment, G-MS meets when initiating the re-authentication condition detecting, and initiates the re-authentication to Host; With reference to figure 7, the present embodiment method comprises:
E1, G-MS detect and whether to meet initiation Host is carried out the condition of re-authentication, if obtain corresponding Host identification information.
In the present embodiment, whether G-MS can receive the signaling plane re-authentication request of carrying the Host identification information by detection and determine whether to meet re-authentication is carried out in initiation to Host condition: for example, when detecting the re-authentication that carries the Host identification information that receives from Host, BS triggers (Reauth Trigger) request, then determine to meet re-authentication is carried out in initiation to Host condition, here, described acquisition Host identification information then can be to obtain described Host identification information from described re-authentication request message.
In the present embodiment, whether the safe context that G-MS also can detect the Host of local maintenance meets the condition of initiating re-authentication, when the safe context that detects Host meets the condition of initiating re-authentication, then determine to meet re-authentication is carried out in initiation to Host condition, here, described acquisition Host identification information then can be to obtain described Host identification information from the Host context of described local maintenance.
E2, send to BS after generating the PKMv2 Req message carry described Host identification information or EAP_Start message, the re-authentication to corresponding Host is initiated in request.
Wherein, in described PKMv2 Req message or EAP_Start message, also carry CMAC.
Wherein, if for a plurality of Host, all meet the condition of initiating re-authentication, G-MS can carry the identification information of described a plurality of Host in PKMv2 Req message that is generated or EAP_Start message, like this, only need just can initiate re-authentication by a message at a plurality of Host.
After E3, BS receive PKMv2 Req message or EAP_Start message, judge whether the CMAC that wherein carries is legal,, then confirm to meet initiation, obtain corresponding Host identification information the condition that Host carries out re-authentication if legal.
E4, send to Authenticator/AAA Client after generating the AR_EAP_Start message carry described Host identification information, the re-authentication to corresponding Host is initiated in request.
Wherein, if carry a plurality of Host identification informations in PKMv2 Req message that BS received or the EAP_Start message, BS also can carry the identification information of described a plurality of Host in the AR_EAP_Start message that is generated, like this, only need just can initiate re-authentication by a message at a plurality of Host.
E5, Authenticator/AAA Client obtain the Host identification information that carries in this message after receiving AR_EAP_Start message.
E6, based on the Host identification information that is obtained, trigger the flow process of corresponding Host being carried out re-authentication; Comprise: the re-authentication state machine to corresponding Host carries out initialization; And send to BS after generating the AR_EAP_Transfer message of carrying described Host identification information.
If carry the identification information of a plurality of Host in the AR_EAP_Start message that is received, Authenticator/AAA Client sends to BS after generating AR_EAP_Transfer at each Host.
After E7, BS receive the AR_EAP_Transfer message of carrying the Host identification information, generate the PKMv2-Rsp or the EAP-Transfer message of carrying described Host identification information, and send to G-MS.
Wherein, in described PKMv2-Rsp or EAP-Transfer message, also carry CMAC.
After E8, G-MS receive PKMv2-Rsp or EAP-Transfer message, judge whether the CMAC that wherein carries is legal,,, send EAP-Request/Identify message to corresponding Host then according to the Host identification information in the described message if legal.
G-MS detects the condition that Host carries out re-authentication whether meeting initiation in the embodiment of the invention, detecting when eligible, obtain the Host identification information and offer Authenticator/AAAClient, based on this identification information, trigger the flow process of corresponding Host being carried out re-authentication by Authenticator/AAA Client; In the present embodiment, owing to can determine to carry out the Host of re-authentication, therefore can realize re-authentication at Host.
The method embodiment six of the triggering re-authentication that the embodiment of the invention provides; In the present embodiment, Host meets when initiating the re-authentication condition detecting, and initiates re-authentication; With reference to figure 8, the present embodiment method comprises:
F1, Host detect the condition of initiating to carry out re-authentication that whether meets, if obtain self identification information.
In the present embodiment, Host can detect self safe context of local maintenance, meet the condition of initiating re-authentication if detect the safe context of local maintenance, then determine to meet the condition of initiating to carry out re-authentication, here, the identification information of described acquisition self then can be the identification information that obtains self from the Host context of described local maintenance.
F2, send to affiliated G-MS after generating the re-authentication trigger request Reauth Trigger carry described identification information.
F3, G-MS obtain described identification information after receiving the re-authentication trigger request, send to BS after generating the PKMv2 Req message of carrying described identification information or EAP_Start message, and the re-authentication to corresponding Host is initiated in request.
Wherein, in described PKMv2 Req message or EAP_Start message, can also carry CMAC.
After F4, BS receive PKMv2 Req message or EAP_Start message, judge whether the CMAC that wherein carries is legal,, then confirm to meet initiation, obtain corresponding Host identification information the condition that Host carries out re-authentication if legal.
F5, send to Authenticator/AAA Client after generating the AR_EAP_Start message carry described Host identification information, the re-authentication to corresponding Host is initiated in request.
Wherein, if carry a plurality of Host identification informations in PKMv2 Req message that BS received or the EAP_Start message, BS also can carry the identification information of described a plurality of Host in the AR_EAP_Start message that is generated, like this, only need just can initiate re-authentication by a message at a plurality of Host.
F6, Authenticator/AAA Client obtain the Host identification information that carries in this message after receiving AR_EAP_Start message.
F7, based on the Host identification information that is obtained, trigger the flow process of corresponding Host being carried out re-authentication; Comprise: the re-authentication state machine to corresponding Host carries out initialization; And send to BS after generating the AR_EAP_Transfer message of carrying described Host identification information.
If carry the identification information of a plurality of Host in the AR_EAP_Start message that is received, Authenticator/AAAClient sends to BS after generating AR_EAP_Transfer at each Host.
After F8, BS receive the AR_EAP_Transfer message of carrying the Host identification information, generate the PKMv2-Rsp or the EAP-Transfer message of carrying described Host identification information, and send to G-MS.
Wherein, in described PKMv2-Rsp or EAP-Transfer message, also carry CMAC.
After F9, G-MS receive PKMv2-Rsp or EAP-Transfer message, judge whether the CMAC that wherein carries is legal,,, send EAP-Request/Identify message to corresponding Host then according to the Host identification information in the described message if legal.
Host detects the condition of self carrying out re-authentication whether meeting initiation in the embodiment of the invention, detecting when eligible, obtain the Host identification information and offer Authenticator/AAAClient, based on this identification information, trigger the flow process of corresponding Host being carried out re-authentication by Authenticator/AAA Client; In the present embodiment, owing to can determine to carry out the Host of re-authentication, therefore can realize re-authentication at Host.
The method embodiment seven of the triggering re-authentication that the embodiment of the invention provides; In the present embodiment,, provide the function of AAA Client by the Authenticator of G-MS as Host; With reference to figure 9, the present embodiment method comprises:
H1, Host detect the condition of initiating to carry out re-authentication that whether meets, if obtain self identification information.
In the present embodiment, Host can detect self safe context of local maintenance, meet the condition of initiating re-authentication if detect the safe context of local maintenance, then determine to meet the condition of initiating to carry out re-authentication, here, the identification information of described acquisition self then can be the identification information that obtains self from the Host context of described local maintenance.
H2, send to affiliated G-MS after generating the EAP_Start message carry described identification information.
After H3, described G-MS receive EAP_Start message, obtain the Host identification information; Based on the Host identification information that is obtained, trigger the flow process of corresponding Host being carried out re-authentication, comprising: the re-authentication state machine to corresponding Host carries out initialization; And generate the re-authentication identification request of carrying the Host identification information, as sending to Host after the EAP_Request/Identify message.
H4, Host send the response of re-authentication identification request to G-MS, as Extensible Authentication Protocol identification request response (EAP_Response/Identify) message, wherein carry network access Identifier.
H5, G-MS are carried on the data channel of passing through to be set up in remote authentication access request (RadiusAccess Request) message with described re-authentication identification request response and send to Anchor DPF/FA.
H6, Anchor DPF/FA are forwarded to AAA Proxy according to the address of the AAAProxy that self disposes with described RadiusAccess Request.
H7, AAA Proxy are sent to AAA Server according to the address of the authentication and authorization charging server (AAA Server) of network access Identifier and/or self configuration with described Radius Access Request.
Host detects the condition of self carrying out re-authentication whether meeting initiation in the embodiment of the invention, detecting when eligible, obtain the Host identification information and offer G-MS, by as the G-MS of the Authenticator of Host based on this identification information, trigger the flow process of corresponding Host being carried out re-authentication; In the present embodiment, owing to can determine to carry out the Host of re-authentication, therefore can realize re-authentication at Host.
The method embodiment eight of the triggering re-authentication that the embodiment of the invention provides; Present embodiment and the foregoing description seven are similar, and the difference part is, in the present embodiment, G-MS meets when initiating the re-authentication condition detecting, and initiates the re-authentication to Host; Specifically, H1 to H3 is revised as following K1, K2:
K1, G-MS detect and whether to meet initiation Host is carried out the condition of re-authentication, if obtain corresponding Host identification information.
Whether the safe context that G-MS can detect the Host of local maintenance meets the condition of initiating re-authentication, when the safe context that detects Host meets the condition of initiating re-authentication, then determines to meet re-authentication is carried out in initiation to Host condition.
K2, based on the Host identification information that is obtained, trigger the flow process of corresponding Host being carried out re-authentication, comprising: the re-authentication state machine to corresponding Host carries out initialization; And generate the re-authentication identification request of carrying the Host identification information, as sending to Host after the EAP_Request/Identify message.
G-MS detects the condition that Host carries out re-authentication whether meeting initiation in the embodiment of the invention, detecting when eligible, obtains the Host identification information, and based on this identification information, triggers the flow process of corresponding Host being carried out re-authentication; In the present embodiment, owing to can determine to carry out the Host of re-authentication, therefore can realize re-authentication at Host.
One of ordinary skill in the art will appreciate that all or part of step that realizes in the foregoing description method is to instruct relevant hardware to finish by program, described program can be stored in the computer read/write memory medium, this program is when carrying out, can comprise the steps: to meet initiation to the condition that Host carries out re-authentication, then obtain the Host identification information as if detecting; Based on the Host identification information that is obtained, trigger the flow process of corresponding Host being carried out re-authentication.Here the alleged storage medium that gets, as: ROM/RAM, magnetic disc, CD etc.
The device embodiment one of the initiation re-authentication that the embodiment of the invention provides; With reference to Figure 10, comprise re-authentication detecting unit 1010, identification information obtaining unit 1020, re-authentication request transmitting unit 1030:
Identification information obtaining unit 1020 is used in the result of described detection obtaining the Host identification information when meeting the re-authentication condition.
Re-authentication request transmitting unit 1030 is used to generate and send the re-authentication request of carrying described Host identification information.
In the present embodiment, the type of described device can be Host, G-MS or BS etc.
The device of the initiation re-authentication that provides in the embodiment of the invention detects the condition that Host carries out re-authentication whether meeting initiation, detecting when eligible, generates and sends the re-authentication request of carrying described Host identification information; Owing to can carry the Host identification information that need carry out re-authentication in the re-authentication request, therefore, the device that provides in the embodiment of the invention can be initiated the re-authentication to Host.
The device embodiment four of the initiation re-authentication that the embodiment of the invention provides with reference to Figure 11, comprises re-authentication detecting unit 1110, identification information obtaining unit 1120 and re-authentication trigger element 1130:
Re-authentication detecting unit 1110 is used to detect re-authentication is carried out in initiation to Host the condition that whether meets.
Identification information obtaining unit 1120 is used in the result of described detection obtaining the Host identification information when meeting the re-authentication condition.
Re-authentication trigger element 1130 is used for based on described Host identification information, triggers the flow process of corresponding Host being carried out re-authentication.
In the present embodiment, the type of described device can be G-MS or Authenticator/AAAClient.
The device of the initiation re-authentication that provides in the embodiment of the invention detects the condition that Host carries out re-authentication whether meeting initiation, detecting when eligible, obtain the Host identification information, and, trigger the flow process of corresponding Host being carried out re-authentication based on this identification information; In the present embodiment, owing to can determine to carry out the Host of re-authentication, therefore can realize re-authentication at Host.
Among the more embodiment of device of the initiation re-authentication that the embodiment of the invention provides, the re-authentication detecting unit may further include interface unit and detecting unit: interface unit is used to receive the re-authentication request; Detecting unit is used to detect interface unit and whether receives the re-authentication request of carrying the Host identification information.
Among the more embodiment of device of the initiation re-authentication that the embodiment of the invention provides, the re-authentication detecting unit may further include host-context acquiring unit and detecting unit: the host-context acquiring unit is used to obtain the Host context of local maintenance; Detecting unit is used for described Host context is detected, and whether the Host context that detects local maintenance meets the condition of initiating re-authentication.
In various embodiments of the present invention, described Host identification information can be Host physical address sign (Host MAC TLV), also can be other information that can identify Host, as Host NAI address etc.
As can be seen from the above technical solutions, by the condition that Host carries out re-authentication being detected,, obtain the Host identification information in the embodiment of the invention detecting when eligible to whether meeting initiation, and then, initiate corresponding Host is carried out the flow process of re-authentication based on this identification information; In the present embodiment, owing to can determine to carry out the Host of re-authentication, therefore can realize re-authentication at Host.
More than the method and the device of the triggering re-authentication that the embodiment of the invention provided is described in detail, used specific case herein principle of the present invention and execution mode are set forth, the explanation of above embodiment just is used for helping to understand method of the present invention and thought thereof; Simultaneously, for one of ordinary skill in the art, according to thought of the present invention, the part that all can change in specific embodiments and applications, in sum, this description should not be construed as limitation of the present invention.
Claims (20)
1, a kind of method that triggers re-authentication is characterized in that, comprising:
Meet initiation to the condition that main frame Host carries out re-authentication if detect, then obtain the Host identification information;
Based on the Host identification information that is obtained, trigger the flow process of described Host being carried out re-authentication.
2, the method for claim 1 is characterized in that, described detecting meets condition that initiation carries out re-authentication to Host specifically:
Detection receives the re-authentication request of carrying at least one Host identification information, or the context that detects the Host of local maintenance meets the condition of initiating re-authentication.
3, method as claimed in claim 2, it is characterized in that, authentication device/authentication and authorization charging customer end A uthenticator/AAA Client detects and receives the re-authentication request of carrying at least one Host identification information, or the context that Authenticator/AAA Client detects the Host of local maintenance meets the condition of initiating re-authentication.
4, method as claimed in claim 3 is characterized in that, described Authenticator/AAA Client detects and receives the re-authentication request of carrying at least one Host identification information and take a step forward and comprise:
Base station BS the context of the Host that detects local maintenance meet the conditioned disjunction of initiating re-authentication detect receive from multi-host system travelling carriage G-MS carry the re-authentication request of at least one Host identification information the time, send the re-authentication request of carrying at least one Host identification information to described Authenticator/AAA Client.
5, method as claimed in claim 4 is characterized in that, described BS detects the re-authentication request that receives from G-MS and takes a step forward and comprise:
The context that described G-MS detects the Host of local maintenance meet the conditioned disjunction of initiating re-authentication detect receive from Host carry the re-authentication request of Host identification information the time, send the re-authentication request of carrying at least one Host identification information to described BS.
6, method as claimed in claim 5 is characterized in that, described G-MS detects the re-authentication request of carrying the Host identification information that receives from Host and takes a step forward and comprise:
When self the safe context that Host detects local maintenance meets the condition of initiating re-authentication, send the re-authentication request of carrying the Host identification information to described G-MS.
7, method as claimed in claim 3 is characterized in that, described Authenticator/AAA Client detects and receives the re-authentication request of carrying at least one Host identification information and take a step forward and comprise:
Anchor data function body/external agent Anchor DPF/FA sends to described Authenticator/AAA Client after the re-authentication request of described data surface being converted to the re-authentication request of signaling plane when the re-authentication request that receives data surface.
8, method as claimed in claim 7 is characterized in that, described Anchor DPF/FA takes a step forward in the re-authentication request that receives data surface and comprises:
When self the safe context that Host detects local maintenance meets the condition of initiating re-authentication, the re-authentication request of data surface is carried in the data channel that G-MS sets up sends to described AnchorDPF/FA.
9, method as claimed in claim 2 is characterized in that, G-MS detects and to receive the re-authentication request of carrying the Host identification information, or the context that G-MS detects the Host of local maintenance meets the condition of initiating re-authentication.
10, method as claimed in claim 9 is characterized in that, G-MS detects and to receive the re-authentication request of carrying the Host identification information and take a step forward and comprise:
When self the safe context that Host detects local maintenance meets the condition of initiating re-authentication, send the re-authentication request of carrying the Host identification information to described G-MS.
11, method as claimed in claim 10 is characterized in that, described triggering comprises the flow process that described Host carries out re-authentication:
Described G-MS sends the re-authentication identification request of carrying the Host identification information to described Host;
Described G-MS receives the re-authentication identification request response of carrying network access Identifier from described Host;
Described G-MS is carried on described re-authentication identification request response in the data channel of being set up and sends to Anchor DPF/FA;
Described Anchor DPF/FA sends to authentication and authorization charging server AAA Server with described re-authentication identification request response via authentication and authorization charging acting server AAAProxy.
12, as each described method of claim 1-8, it is characterized in that described triggering comprises the flow process that described Host carries out re-authentication:
Send the re-authentication identification request of carrying the Host identification information to described Host.
As each described method of claim 1-11, it is characterized in that 13, described Host identification information specifically is a Host physical address sign.
14, a kind of device of initiating re-authentication is characterized in that, comprising:
The re-authentication detecting unit is used to detect re-authentication is carried out in initiation to Host the condition that whether meets;
Identification information obtaining unit is used in the result of described detection obtaining the Host identification information when meeting the re-authentication condition;
The re-authentication request transmitting unit is used to generate and send the re-authentication request of carrying described Host identification information.
15, device as claimed in claim 14 is characterized in that, described re-authentication detecting unit comprises:
Interface unit is used to receive the re-authentication request;
Detecting unit is used to detect interface unit and whether receives the re-authentication request of carrying the Host identification information.
16, device as claimed in claim 14 is characterized in that, described re-authentication detecting unit comprises:
The host-context acquiring unit is used to obtain the Host context of local maintenance;
Detecting unit is used for described Host context is detected, and whether the Host context that detects local maintenance meets the condition of initiating re-authentication.
17, a kind of device of initiating re-authentication is characterized in that, comprising:
The re-authentication detecting unit is used to detect re-authentication is carried out in initiation to Host the condition that whether meets;
Identification information obtaining unit is used in the result of described detection obtaining the Host identification information when meeting the re-authentication condition;
The re-authentication trigger element is used for based on described Host identification information, triggers the flow process of corresponding Host being carried out re-authentication.
18, device as claimed in claim 17 is characterized in that, described re-authentication detecting unit comprises:
Interface unit is used to receive the re-authentication request;
Detecting unit is used to detect interface unit and whether receives the re-authentication request of carrying the Host identification information.
19, device as claimed in claim 17 is characterized in that, described re-authentication detecting unit comprises:
The host-context acquiring unit is used to obtain the Host context of local maintenance;
Detecting unit is used for described Host context is detected, and whether the Host context that detects local maintenance meets the condition of initiating re-authentication.
As claim 17 or 18 or 19 described devices, it is characterized in that 20, described re-authentication trigger element comprises re-authentication identification request transmitting element, be used for sending the re-authentication identification request of carrying the Host identification information to described Host.
Priority Applications (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 200810000352 CN101483634B (en) | 2008-01-10 | 2008-01-10 | Method and apparatus for triggering reidentification |
| PCT/CN2009/070055 WO2009092308A1 (en) | 2008-01-10 | 2009-01-07 | Method and device for triggering re-authentication |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 200810000352 CN101483634B (en) | 2008-01-10 | 2008-01-10 | Method and apparatus for triggering reidentification |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN101483634A true CN101483634A (en) | 2009-07-15 |
| CN101483634B CN101483634B (en) | 2013-06-26 |
Family
ID=40880564
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN 200810000352 Expired - Fee Related CN101483634B (en) | 2008-01-10 | 2008-01-10 | Method and apparatus for triggering reidentification |
Country Status (2)
| Country | Link |
|---|---|
| CN (1) | CN101483634B (en) |
| WO (1) | WO2009092308A1 (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101790164B (en) * | 2010-01-26 | 2012-10-03 | 华为终端有限公司 | Authentication method, communication system and relevant equipment |
Family Cites Families (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| KR100744782B1 (en) * | 2005-11-15 | 2007-08-02 | 엘지전자 주식회사 | Mobile Terminal and Method for Acquisition Internet Protocol Address thereof |
| CN1972505A (en) * | 2005-11-24 | 2007-05-30 | 华为技术有限公司 | A method and system for acquiring information of configuration mode related to IPv6 home address |
| CN1996911A (en) * | 2006-01-05 | 2007-07-11 | 华为技术有限公司 | A method for controlling the R3 re-anchoring in the multi-host WiMAX system |
| CN101052035B (en) * | 2006-04-27 | 2011-08-03 | 华为技术有限公司 | Multiple hosts safety frame and its empty port key distributing method |
| CN101064605B (en) * | 2006-04-29 | 2011-02-16 | 华为技术有限公司 | AAA framework of multi-host network and authentication method |
| CN101090351B (en) * | 2006-06-14 | 2010-04-21 | 华为技术有限公司 | Transport method for function entity in WiMAX network |
-
2008
- 2008-01-10 CN CN 200810000352 patent/CN101483634B/en not_active Expired - Fee Related
-
2009
- 2009-01-07 WO PCT/CN2009/070055 patent/WO2009092308A1/en active Application Filing
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101790164B (en) * | 2010-01-26 | 2012-10-03 | 华为终端有限公司 | Authentication method, communication system and relevant equipment |
Also Published As
| Publication number | Publication date |
|---|---|
| WO2009092308A1 (en) | 2009-07-30 |
| CN101483634B (en) | 2013-06-26 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101827364B (en) | Dual modem device | |
| US11812496B2 (en) | User group session management method and apparatus | |
| US9426648B2 (en) | Systems and methods of performing link setup and authentication | |
| US20220104018A1 (en) | Cross access login controller | |
| US20080294891A1 (en) | Method for Authenticating a Mobile Node in a Communication Network | |
| US20070213029A1 (en) | System and Method for Provisioning of Emergency Calls in a Shared Resource Network | |
| WO2020029729A1 (en) | Communication method and device | |
| WO2019017837A1 (en) | Network security management method and apparatus | |
| CN101785343B (en) | Method, system and device for fast transitioning resource negotiation | |
| CN1960567A (en) | Communication method for terminal to enter to and exit from idle mode | |
| CN103609154A (en) | Method, apparatus and system for WLAN access authentication | |
| WO2011116713A2 (en) | Method, device and system for machine type communication (mtc) terminal communicating with network through gateway | |
| WO2012094879A1 (en) | Key sharing method and system for machine type communication (mtc) server | |
| CN101711031A (en) | Portal authenticating method during local forwarding and access controller (AC) | |
| US20230275883A1 (en) | Parameter exchange during emergency access using extensible authentication protocol messaging | |
| CN101662768A (en) | Authenticating method and equipment based on user identification module of personal handy phone system | |
| CN103384365A (en) | Method and system for network access, method for processing business and equipment | |
| EP3758401A1 (en) | Method and device for obtaining local domain name | |
| WO2023143244A1 (en) | Terminal management method and core network device | |
| WO2014063626A1 (en) | Group transient key updating method and related apparatus and system | |
| WO2017054102A1 (en) | Method and device for managing user equipment | |
| CN102883265A (en) | Method, equipment and system for sending and receiving position information of access user | |
| CN101483634B (en) | Method and apparatus for triggering reidentification | |
| WO2016134543A1 (en) | Cell access method, convergence terminal and access terminal | |
| CN108540493B (en) | Authentication method, user equipment, network entity and service side server |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20130626 Termination date: 20180110 |
|
| CF01 | Termination of patent right due to non-payment of annual fee |