CN101483634B - Method and apparatus for triggering reidentification - Google Patents
Method and apparatus for triggering reidentification Download PDFInfo
- Publication number
- CN101483634B CN101483634B CN 200810000352 CN200810000352A CN101483634B CN 101483634 B CN101483634 B CN 101483634B CN 200810000352 CN200810000352 CN 200810000352 CN 200810000352 A CN200810000352 A CN 200810000352A CN 101483634 B CN101483634 B CN 101483634B
- Authority
- CN
- China
- Prior art keywords
- authentication
- host
- identification information
- request
- initiating
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
Landscapes
- Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Mobile Radio Communication Systems (AREA)
- Telephonic Communication Services (AREA)
Abstract
The invention relating to a communication technology field discloses a recertification triggering method. The method comprises steps of if a condition being satisfied for triggering recertification to a host, obtaining the host identification information; triggering a recertification flow to the host on the basis of obtained host identification information. The invention also discloses a corresponding recertification triggering device comprising a recertification detecting unit for detecting whether the condition is satisfied for triggering recertification to a host or not; an identification information obtaining unit for obtaining host identification information when the condition is detected to be satisfied for triggering recertification; a recertification request sending unit for generating and sending a recertification request carrying the host identification information. By adopting the invention, host-objected recertification can be realized.
Description
Technical field
The present invention relates to communication technical field, relate in particular to a kind of method and device that triggers re-authentication.
Background technology
WiMAX is based on the wireless domains network technology of IEEE802.16 standard.The Organization Chart of Fig. 1 provides existing WiMAX system, the WiMAX system mainly comprises travelling carriage (Mobile Station, be called for short MS), access service network (Access Service Network, be called for short ASN) and connection service network (Connectivity Service Network, be called for short CSN), wherein:
MS directly eats dishes without rice or wine towards WiMAX, has the mobile terminal device of access WiMAX network capabilities.
ASN comprises base station (Base Station, be called for short BS) and access service network gateway (Access ServiceNetwork Gate Way, be called for short ASN GW), be mainly used in providing for MS the network function set of wireless access service, comprise: be connected with link layer with the physical layer of eating dishes without rice or wine of MS, Network finding and selection are provided, access authentication, devolution, the Radio Resource control and management, charging statistics and station message recording generate, the link switching of eating dishes without rice or wine, paging and location management, the proxy-mobile IP function, the QoS of service flow authorizes and Bearer Control, eat dishes without rice or wine data compression and encryption etc.
CSN is mainly used in providing for MS the network function set of network connection service, comprising: user signing contract information management, access authentication, authorization control, IP address assignment and management, billing of services and the management of user's ticket, IP mobile management, roaming service is provided, location-based business is provided, Multimedia Broadcast Multicast Service is provided, IP Multimedia System business etc. is provided.
Many main frames (Multi Host) WiMAX system is the evolution on existing WiMAX system architecture.With reference to figure 2, multi-host WiMAX system is on the basis of the existing WiMAX network architecture, MS is separated into two kind equipments, be multi-host system travelling carriage (G-MS) and main frame (Host), wherein, G-MS is the equipment with WiMAX radio open access capability, can share to a plurality of Host the access of WiMAX radio open is provided; Host is user terminal, does not have WiMAX radio open access capability, but can access the WiMAX network by G-MS.User Host or WiMAX network contraction user, the WiMAX network need to manage the Host of G-MS rear end, and provides services on the Internet for Host.Interconnection technique between Host and G-MS is not limit, and can be wired connection, can be wireless connections yet.
in realizing process of the present invention, the inventor finds that there is following problem at least in the prior art scheme: in existing WiMAX system, begin (PKMv2EAP-Start) message and determine whether to carry out re-authentication by detecting Private key management protocol authentication from MS, as long as BS detects cipher-text message summary (the Ciphers-based Message Authentication Keys of this message, be called for short CMAC) authenticate and pass through, send authentication trunk protocol authentication beginning (AR-EAP-Start) message trigger MS re-authentication to authentication device (Authenticator), and in multi-host WiMAX system, need to carry out re-authentication for Host, yet therefore present method can't realize the re-authentication for Host owing to can't making Authenticator determine to carry out re-authentication to which Host.
Summary of the invention
The technical problem that the embodiment of the present invention will solve is to provide a kind of method and device that triggers re-authentication, can realize the re-authentication for Host.
For solving the problems of the technologies described above, embodiments of the invention provide following technical scheme:
A kind of method that triggers re-authentication comprises:
Meet if detect the condition of initiating main frame Host is carried out re-authentication, obtain the Host identification information;
Based on the Host identification information that obtains, trigger the flow process of described Host being carried out re-authentication.
A kind of device of initiating re-authentication comprises:
The re-authentication detecting unit is for detection of whether meeting the condition of initiating Host is carried out re-authentication;
Identification information obtaining unit is used in the result of described detection obtaining the Host identification information when meeting the re-authentication condition;
The re-authentication request transmitting unit is used for generating and sending the re-authentication request of carrying described Host identification information.
A kind of device of initiating re-authentication comprises:
The re-authentication detecting unit is for detection of whether meeting the condition of initiating Host is carried out re-authentication;
Identification information obtaining unit is used in the result of described detection when meeting the re-authentication condition acquisition Host identification information;
The re-authentication trigger element is used for based on described Host identification information, triggers the flow process of corresponding Host being carried out re-authentication.
As can be seen from the above technical solutions, by detecting whether meeting the condition of initiating Host is carried out re-authentication, detecting when eligible, obtain the Host identification information in the embodiment of the present invention, and then based on this identification information, initiate corresponding Host is carried out the flow process of re-authentication; In the present embodiment, due to the Host that can determine to carry out re-authentication, therefore can realize the re-authentication for Host.
Description of drawings
Fig. 1 is the Organization Chart that has the WiMAX system now;
Fig. 2 is the Organization Chart of existing multi-host WiMAX system;
Fig. 3~Fig. 9 is the flow chart of the embodiment of the method one~embodiment seven of the triggering re-authentication that provides of the embodiment of the present invention;
Figure 10 is the structure chart of the device embodiment one of the triggering re-authentication that provides of the embodiment of the present invention;
Figure 11 is the structure chart of the device embodiment two of the triggering re-authentication that provides of the embodiment of the present invention.
Embodiment
Below in conjunction with accompanying drawing, the method for a kind of re-authentication that the embodiment of the present invention is provided and the preferred embodiment of device are described in detail.
The embodiment of the method one of the triggering re-authentication that the embodiment of the present invention provides, with reference to figure 3, the present embodiment method comprises:
Whether A1, detection meet the condition of initiating main frame Host is carried out re-authentication, if obtain the Host identification information.
Wherein, whether detection meets when initiating Host is carried out the condition of re-authentication, can be to detect whether to receive the re-authentication request of carrying the Host identification information, can also be whether the Host context that detects local maintenance meets the condition of initiating re-authentication.
A2, based on the Host identification information that obtains, trigger the flow process of described Host being carried out re-authentication.
The flow process of wherein, described Host being carried out re-authentication comprises the step that sends the re-authentication identification request of carrying the Host identification information to corresponding Host.
As can be seen from the above technical solutions, by detecting whether meeting the condition of initiating Host is carried out re-authentication, detecting when eligible, obtain the Host identification information in the embodiment of the present invention, and then based on this identification information, initiate corresponding Host is carried out the flow process of re-authentication; In the present embodiment, due to the Host that can determine to carry out re-authentication, therefore can realize the re-authentication for Host.
The embodiment of the method two of the triggering re-authentication that the embodiment of the present invention provides; In the present embodiment, authentication device/authentication and authorization charging client (Authenticator/AAA Client) is detecting when meeting the condition of initiating re-authentication, initiates the re-authentication to Host; With reference to figure 4, the present embodiment method comprises:
B1, Authenticator/AAA Client detect the condition of initiating Host is carried out re-authentication that whether meets, if obtain the Host identification information.
in the present embodiment, whether Authenticator/AAA Client can receive the modern face re-authentication of the letter request of carrying the Host identification information by detection and determine whether to meet the condition of initiating Host is carried out re-authentication: for example, the re-authentication request of carrying the Host identification information that receives from BS detected as Authenticator/AAA Client, as being authentication trunk protocol authentication beginning (AR_EAP_Start) message, determine to meet the condition of initiating Host is carried out re-authentication, here, described acquisition Host identification information can be to obtain described Host identification information from described re-authentication request.
In the present embodiment, whether the Host context that Authenticator/AAA Client also can detect local maintenance meets the condition of initiating re-authentication, when the Host context being detected and meet the condition of initiating re-authentication, determine to meet the condition of initiating Host is carried out re-authentication, here, described acquisition Host identification information can be to obtain described Host identification information from the Host context of described local maintenance.
B2, based on the Host identification information that obtains, trigger the flow process of described Host being carried out re-authentication.In the embodiment of the present invention, described triggering comprises the flow process that described Host carries out re-authentication: the re-authentication state machine to described Host carries out initialization; And the re-authentication identification request that generates the signaling plane that carries described Host identification information, backward BS sends as authentication trunk protocol authentication transmission (AR_EAP_Transfer) message.
Wherein, if for a plurality of Host, its corresponding Host context all meets the condition of initiating re-authentication, carry a plurality of Host identification informations in the re-authentication request message that perhaps receives, after obtaining these a plurality of Host identification informations, respectively the re-authentication state machine of each Host is wherein carried out initialization; And send to BS respectively after generating AR_EAP_Transfer corresponding to each Host.
After B3, BS receive the AR_EAP_Transfer message of carrying the Host identification information, Private key management protocol responses (PKMv2-Rsp) message or Extensible Authentication Protocol transmission (EAP-Transfer) message of described Host identification information are carried in generation, and send to G-MS.
Wherein, also carry CMAC in described PKMv2-Rsp or EAP-Transfer message.
After B4, G-MS receive PKMv2-Rsp or EAP-Transfer message, whether the CMAC that judgement is wherein carried is legal, if legal, according to the Host identification information in described message, send Extensible Authentication Protocol identification request (EAP-Request/Identify) message to corresponding Host.
In the embodiment of the present invention, Authenticator/AAA Client detects whether meeting the condition of initiating Host is carried out re-authentication, detecting when eligible, obtain the Host identification information, and then based on this identification information, trigger the flow process of corresponding Host being carried out re-authentication; In the present embodiment, due to the Host that can determine to carry out re-authentication, therefore can realize the re-authentication for Host.
The embodiment of the method three of the triggering re-authentication that the embodiment of the present invention provides; The present embodiment is applicable to the situation of empty port load-supporting ethernet frame; With reference to figure 5, the present embodiment method comprises:
C1, Authenticator/AAA Client detect the condition of initiating Host is carried out re-authentication that whether meets, if obtain the Host identification information.
In the present embodiment, whether the Host context that Authenticator/AAA Client can detect local maintenance meets the condition of initiating re-authentication, when the Host context being detected and meet the condition of initiating re-authentication, determine to meet the condition of initiating Host is carried out re-authentication, here, described acquisition Host identification information can be to obtain described Host identification information from the Host context of described local maintenance.
In the present embodiment, Authenticator/AAA Client also can be by detecting the re-authentication request of carrying the Host identification information that whether receives, begin (EAPoL-Start) message as the extended authentication that can be based on Ethernet and determine whether to meet the condition of initiating Host is carried out re-authentication, here, described acquisition Host identification information can be to obtain described Host identification information from described re-authentication request.Wherein, EAPoL-Start message can be anchor data function body/external agent (Anchor DPF/FA) after receiving the EAPoL-Start message of data surface, be that the backward Authenticator/AAA Client of the EAPoL-Start of corresponding signaling plane sends with this message conversion; The EAPoL-Start message of the data surface that Anchor DPF/FA receives can be that Host sends to Anchor DPF/FA with this message bearing in the data channel that G-MS sets up.
C2, based on the Host identification information that obtains, trigger the flow process of corresponding Host being carried out re-authentication; Comprise: the re-authentication state machine to corresponding Host carries out initialization; And the backward Anchor DPF/FA of extended authentication identification request (EAPoL-Request/Identify) message based on Ethernet that generates the signaling plane that carries described Host identification information sends.
Wherein, if for a plurality of Host, its corresponding Host context all meets the condition of initiating re-authentication, perhaps, carry a plurality of Host identification informations in the EAPoL-Start message that receives, after obtaining these a plurality of Host identification informations, respectively the re-authentication state machine of each Host is wherein carried out initialization; And send to Anchor DPF/FA respectively after generating EAPoL-Request/Identify message corresponding to each Host.
After C3, Anchor DPF/FA receive EAPoL-Request/Identify message, be to be carried on after corresponding data surface EAPoL-Request/Identify in the data channel that G-MS sets up to send to corresponding Host with this message conversion.
The embodiment of the present invention is applicable to the situation of empty port load-supporting ethernet frame, Authenticator/AAAClient detects whether meeting the condition of initiating Host is carried out re-authentication, detecting when eligible, obtain the Host identification information, and then based on this identification information, trigger the flow process of corresponding Host being carried out re-authentication; In the present embodiment, due to the Host that can determine to carry out re-authentication, therefore can realize the re-authentication for Host.
The embodiment of the method four of the triggering re-authentication that the embodiment of the present invention provides; In the present embodiment, BS is detecting when meeting the condition of initiating re-authentication, initiates the re-authentication to Host; With reference to figure 6, the present embodiment method comprises:
D1, BS detect whether meet the condition of initiating Host is carried out re-authentication, if obtain corresponding Host identification information.
In the present embodiment, whether BS can receive the signaling plane re-authentication request of carrying the Host identification information by detection and determine whether to meet the condition of initiating Host is carried out re-authentication: for example, the PKMv2 Req message of carrying the Host identification information that receives from G-MS detected as BS, determine to meet the condition of initiating Host is carried out re-authentication; In addition, if the extended authentication protocol that carries the Host identification information that BS detects from G-MS begins (EAP_Start) message, also can determine to meet the condition of initiating Host is carried out re-authentication, here, described acquisition Host identification information can be to obtain described Host identification information from described re-authentication request.
In the present embodiment, whether the safe context that BS also can detect the Host of local maintenance meets the condition of initiating re-authentication, when the safe context that Host detected meets the condition of initiating re-authentication, determine to meet the condition of initiating Host is carried out re-authentication, here, described acquisition Host identification information can be to obtain described Host identification information from the Host context of described local maintenance.
The backward Authenticator/AAA Client of AR_EAP_Start message that described Host identification information is carried in D2, generation sends, and the re-authentication to corresponding Host is initiated in request.
Wherein, if for a plurality of Host, its corresponding Host context all meets the condition of initiating re-authentication, perhaps, carry a plurality of Host identification informations in the PKMv2 Req message that BS receives or EAP_Start message, after obtaining these a plurality of Host identification informations, carry the identification information of described a plurality of Host in the AR_EAP_Start message that generates, like this, only need to just can initiate re-authentication for a plurality of Host by a message.
D3, Authenticator/AAA Client obtain the Host identification information that carries in this message after receiving AR_EAP_Start message.
D4, based on the Host identification information that obtains, trigger the flow process of corresponding Host being carried out re-authentication; Comprise: the re-authentication state machine to corresponding Host carries out initialization; And the backward BS transmission of AR_EAP_Transfer of described Host identification information is carried in generation.
If carry the identification information of a plurality of Host in the AR_EAP_Start message that receives, Authenticator/AAA Client generates the backward BS of AR_EAP_Transfer for each Host and sends.
After D5, BS receive the AR_EAP_Transfer message of carrying the Host identification information, generate and carry PKMv2-Rsp or the EAP-Transfer message of described Host identification information, and send to G-MS.
Wherein, also carry CMAC in described PKMv2-Rsp or EAP-Transfer message.
After D6, G-MS received PKMv2-Rsp or EAP-Transfer message, whether the CMAC that judgement is wherein carried was legal, if legal, according to the Host identification information in described message, sent EAP-Request/Identify message to corresponding Host.
In the embodiment of the present invention, BS detects whether meeting the condition of initiating Host is carried out re-authentication, detecting when eligible, obtain the Host identification information and offer Authenticator/AAAClient, based on this identification information, trigger the flow process of corresponding Host being carried out re-authentication by Authenticator/AAA Client; In the present embodiment, due to the Host that can determine to carry out re-authentication, therefore can realize the re-authentication for Host.
The embodiment of the method five of the triggering re-authentication that the embodiment of the present invention provides; In the present embodiment, G-MS meets when initiating the re-authentication condition detecting, and initiates the re-authentication to Host; With reference to figure 7, the present embodiment method comprises:
E1, G-MS detect whether meet the condition of initiating Host is carried out re-authentication, if obtain corresponding Host identification information.
In the present embodiment, whether G-MS can receive the signaling plane re-authentication request of carrying the Host identification information by detection and determine whether to meet the condition of initiating Host is carried out re-authentication: for example, when detecting the re-authentication that carries the Host identification information that receives from Host, BS triggers (Reauth Trigger) request, determine to meet the condition of initiating Host is carried out re-authentication, here, described acquisition Host identification information can be to obtain described Host identification information from described re-authentication request message.
In the present embodiment, whether the safe context that G-MS also can detect the Host of local maintenance meets the condition of initiating re-authentication, when the safe context that Host detected meets the condition of initiating re-authentication, determine to meet the condition of initiating Host is carried out re-authentication, here, described acquisition Host identification information can be to obtain described Host identification information from the Host context of described local maintenance.
PKMv2 Req message or the backward BS of EAP_Start message that described Host identification information is carried in E2, generation send, and the re-authentication to corresponding Host is initiated in request.
Wherein, also carry CMAC in described PKMv2 Req message or EAP_Start message.
Wherein, if for a plurality of Host, all meet the condition of initiating re-authentication, G-MS can carry the identification information of described a plurality of Host in the PKMv2 Req message that generates or EAP_Start message, like this, only need to just can initiate re-authentication for a plurality of Host by a message.
After E3, BS received PKMv2 Req message or EAP_Start message, whether the CMAC that judgement is wherein carried was legal, if legal, confirmed to meet the condition of initiating Host is carried out re-authentication, obtained corresponding Host identification information.
The backward Authenticator/AAA Client of AR_EAP_Start message that described Host identification information is carried in E4, generation sends, and the re-authentication to corresponding Host is initiated in request.
Wherein, if carry a plurality of Host identification informations in the PKMv2 Req message that BS receives or EAP_Start message, BS also can carry the identification information of described a plurality of Host in the AR_EAP_Start message that generates, like this, only need to just can initiate re-authentication for a plurality of Host by a message.
E5, Authenticator/AAA Client obtain the Host identification information that carries in this message after receiving AR_EAP_Start message.
E6, based on the Host identification information that obtains, trigger the flow process of corresponding Host being carried out re-authentication; Comprise: the re-authentication state machine to corresponding Host carries out initialization; And the backward BS transmission of AR_EAP_Transfer message of described Host identification information is carried in generation.
If carry the identification information of a plurality of Host in the AR_EAP_Start message that receives, Authenticator/AAA Client generates the backward BS of AR_EAP_Transfer for each Host and sends.
After E7, BS receive the AR_EAP_Transfer message of carrying the Host identification information, generate and carry PKMv2-Rsp or the EAP-Transer message of described Host identification information, and send to G-MS.
Wherein, also carry CMAC in described PKMv2-Rsp or EAP-Transfer message.
After E8, G-MS received PKMv2-Rsp or EAP-Transfer message, whether the CMAC that judgement is wherein carried was legal, if legal, according to the Host identification information in described message, sent EAP-Request/Identify message to corresponding Host.
In the embodiment of the present invention, G-MS detects whether meeting the condition of initiating Host is carried out re-authentication, detecting when eligible, obtain the Host identification information and offer Authenticator/AAAClient, based on this identification information, trigger the flow process of corresponding Host being carried out re-authentication by Authenticator/AAA Client; In the present embodiment, due to the Host that can determine to carry out re-authentication, therefore can realize the re-authentication for Host.
The embodiment of the method six of the triggering re-authentication that the embodiment of the present invention provides; In the present embodiment, Host meets when initiating the re-authentication condition detecting, and initiates re-authentication; With reference to figure 8, the present embodiment method comprises:
F1, Host detect the condition of initiating to carry out re-authentication that whether meets, if obtain self identification information.
In the present embodiment, Host can detect self safe context of local maintenance, meet if the safe context of local maintenance detected the condition of initiating re-authentication, determine to meet the condition of initiating to carry out re-authentication, here, the identification information of described acquisition self can be to obtain the identification information of self from the Host context of described local maintenance.
The backward affiliated G-MS of re-authentication trigger request Reauth Trigger that described identification information is carried in F2, generation sends.
F3, G-MS obtain described identification information after receiving the re-authentication trigger request, generate the PKMv2 Req message or the backward BS of EAP_Start message that carry described identification information and send, and the re-authentication to corresponding Host is initiated in request.
Wherein, can also carry CMAC in described PKMv2 Req message or EAP_Start message.
After F4, BS received PKMv2 Req message or EAP_Start message, whether the CMAC that judgement is wherein carried was legal, if legal, confirmed to meet the condition of initiating Host is carried out re-authentication, obtained corresponding Host identification information.
The backward Authenticator/AAA Client of AR_EAP_Start message that described Host identification information is carried in F5, generation sends, and the re-authentication to corresponding Host is initiated in request.
Wherein, if carry a plurality of Host identification informations in the PKMv2 Req message that BS receives or EAP_Start message, BS also can carry the identification information of described a plurality of Host in the AR_EAP_Start message that generates, like this, only need to just can initiate re-authentication for a plurality of Host by a message.
F6, Authenticator/AAA Client obtain the Host identification information that carries in this message after receiving AR_EAP_Start message.
F7, based on the Host identification information that obtains, trigger the flow process of corresponding Host being carried out re-authentication; Comprise: the re-authentication state machine to corresponding Host carries out initialization; And the backward BS transmission of AR_EAP_Transfer message of described Host identification information is carried in generation.
If carry the identification information of a plurality of Host in the AR_EAP_Start message that receives, Authenticator/AAA Client generates the backward BS of AR_EAP_Transfer for each Host and sends.
After F8, BS receive the AR_EAP_Transfer message of carrying the Host identification information, generate and carry PKMv2-Rsp or the EAP-Transfer message of described Host identification information, and send to G-MS.
Wherein, also carry CMAC in described PKMv2-Rsp or EAP-Transfer message.
After F9, G-MS received PKMv2-Rsp or EAP-Transfer message, whether the CMAC that judgement is wherein carried was legal, if legal, according to the Host identification information in described message, sent EAP-Request/Identify message to corresponding Host.
In the embodiment of the present invention, whether Host initiates the condition of self carrying out re-authentication is detected to meeting, detecting when eligible, obtain the Host identification information and offer Authenticator/AAAClient, based on this identification information, trigger the flow process of corresponding Host being carried out re-authentication by Authenticator/AAA Client; In the present embodiment, due to the Host that can determine to carry out re-authentication, therefore can realize the re-authentication for Host.
The embodiment of the method seven of the triggering re-authentication that the embodiment of the present invention provides; In the present embodiment, by the Authenticator of G-MS as Host, provide the function of AAA Client; With reference to figure 9, the present embodiment method comprises:
H1, Host detect the condition of initiating to carry out re-authentication that whether meets, if obtain self identification information.
In the present embodiment, Host can detect self safe context of local maintenance, meet if the safe context of local maintenance detected the condition of initiating re-authentication, determine to meet the condition of initiating to carry out re-authentication, here, the identification information of described acquisition self can be to obtain the identification information of self from the Host context of described local maintenance.
The backward affiliated G-MS of EAP_Start message that described identification information is carried in H2, generation sends.
After H3, described G-MS receive EAP_Start message, obtain the Host identification information; Based on the Host identification information that obtains, trigger the flow process of corresponding Host being carried out re-authentication, comprising: the re-authentication state machine to corresponding Host carries out initialization; And generating the re-authentication identification request of carrying the Host identification information, Host as backward in EAP_Request/Identify message sends.
H4, Host send the response of re-authentication identification request to G-MS, as Extensible Authentication Protocol identification request response (EAP_Response/Identify) message, wherein carry network access Identifier.
H5, G-MS are carried on described re-authentication identification request response the data channel of passing through to set up in remote authentication access request (RadiusAccess Request) message and send to Anchor DPF/FA.
H6, Anchor DPF/FA are forwarded to AAA Proxy according to the address of the AAAProxy that self configures with described RadiusAccess Request.
H7, AAA Proxy are sent to AAA Server according to the address of the authentication and authorization charging server (AAA Server) of network access Identifier and/or self configuration with described Radius Access Request.
In the embodiment of the present invention, whether Host initiates the condition of self carrying out re-authentication is detected to meeting, detecting when eligible, obtain the Host identification information and offer G-MS, by as the G-MS of the Authenticator of Host based on this identification information, trigger the flow process of corresponding Host being carried out re-authentication; In the present embodiment, due to the Host that can determine to carry out re-authentication, therefore can realize the re-authentication for Host.
The embodiment of the method eight of the triggering re-authentication that the embodiment of the present invention provides; The present embodiment and above-described embodiment seven are similar, and the difference part is, in the present embodiment, G-MS meets when initiating the re-authentication condition detecting, and initiates the re-authentication to Host; Specifically, H1 to H3 is revised as following K1, K2:
K1, G-MS detect whether meet the condition of initiating Host is carried out re-authentication, if obtain corresponding Host identification information.
Whether the safe context that G-MS can detect the Host of local maintenance meets the condition of initiating re-authentication, when the safe context that Host detected meets the condition of initiating re-authentication, determines to meet the condition of initiating Host is carried out re-authentication.
K2, based on the Host identification information that obtains, trigger the flow process of corresponding Host being carried out re-authentication, comprising: the re-authentication state machine to corresponding Host carries out initialization; And generating the re-authentication identification request of carrying the Host identification information, Host as backward in EAP_Request/Identify message sends.
In the embodiment of the present invention, G-MS detects whether meeting the condition of initiating Host is carried out re-authentication, detecting when eligible, obtains the Host identification information, and based on this identification information, triggers the flow process of corresponding Host being carried out re-authentication; In the present embodiment, due to the Host that can determine to carry out re-authentication, therefore can realize the re-authentication for Host.
One of ordinary skill in the art will appreciate that all or part of step that realizes in above-described embodiment method is to come the relevant hardware of instruction to complete by program, described program can be stored in computer read/write memory medium, this program is when carrying out, meet if can comprise the steps: to detect the condition of initiating Host is carried out re-authentication, obtain the Host identification information; Based on the Host identification information that obtains, trigger the flow process of corresponding Host being carried out re-authentication.Here alleged storage medium, as: ROM/RAM, magnetic disc, CD etc.
The device embodiment one of the initiation re-authentication that the embodiment of the present invention provides; With reference to Figure 10, comprise re-authentication detecting unit 1010, identification information obtaining unit 1020, re-authentication request transmitting unit 1030:
Re-authentication detecting unit 1010 is for detection of whether meeting the condition of initiating Host is carried out re-authentication.
Identification information obtaining unit 1020 is used in the result of described detection obtaining the Host identification information when meeting the re-authentication condition.
Re-authentication request transmitting unit 1030 is used for generating and sending the re-authentication request of carrying described Host identification information.
In the present embodiment, the type of described device can be Host, G-MS or BS etc.
The device of the initiation re-authentication that provides in the embodiment of the present invention detects whether meeting the condition of initiating Host is carried out re-authentication, detecting when eligible, generates and sends the re-authentication request of carrying described Host identification information; Owing to can carry the Host identification information that need to carry out re-authentication in the re-authentication request, therefore, the device that provides in the embodiment of the present invention can be initiated the re-authentication to Host.
The device embodiment four of the initiation re-authentication that the embodiment of the present invention provides with reference to Figure 11, comprises re-authentication detecting unit 1110, identification information obtaining unit 1120 and re-authentication trigger element 1130:
Re-authentication detecting unit 1110 is for detection of whether meeting the condition of initiating Host is carried out re-authentication.
Identification information obtaining unit 1120 is used in the result of described detection when meeting the re-authentication condition acquisition Host identification information.
Re-authentication trigger element 1130 is used for based on described Host identification information, triggers the flow process of corresponding Host being carried out re-authentication.
In the present embodiment, the type of described device can be G-MS or Authenticator/AAAClient.
The device of the initiation re-authentication that provides in the embodiment of the present invention detects whether meeting the condition of initiating Host is carried out re-authentication, detecting when eligible, obtain the Host identification information, and based on this identification information, trigger the flow process of corresponding Host being carried out re-authentication; In the present embodiment, due to the Host that can determine to carry out re-authentication, therefore can realize the re-authentication for Host.
In the more embodiment of device of the initiation re-authentication that the embodiment of the present invention provides, the re-authentication detecting unit may further include interface unit and detecting unit: interface unit is used for receiving the re-authentication request; Whether detecting unit receives the re-authentication request of carrying the Host identification information for detection of interface unit.
In the more embodiment of device of the initiation re-authentication that the embodiment of the present invention provides, the re-authentication detecting unit may further include host-context acquiring unit and detecting unit: the host-context acquiring unit, for the Host context that obtains local maintenance; Detecting unit is used for described Host context is detected, and whether the Host context that detects local maintenance meets the condition of initiating re-authentication.
In various embodiments of the present invention, described Host identification information can be Host physical address sign (Host MAC TLV), can be also other information that can identify Host, as Host NAI address etc.
As can be seen from the above technical solutions, by detecting whether meeting the condition of initiating Host is carried out re-authentication, detecting when eligible, obtain the Host identification information in the embodiment of the present invention, and then based on this identification information, initiate corresponding Host is carried out the flow process of re-authentication; In the present embodiment, due to the Host that can determine to carry out re-authentication, therefore can realize the re-authentication for Host.
Method and the device of the above triggering re-authentication that the embodiment of the present invention is provided are described in detail, used specific case herein principle of the present invention and execution mode are set forth, the explanation of above embodiment just is used for helping to understand method of the present invention and thought thereof; Simultaneously, for one of ordinary skill in the art, according to thought of the present invention, all will change in specific embodiments and applications, in sum, this description should not be construed as limitation of the present invention.
Claims (13)
1. a method that triggers re-authentication, is characterized in that, comprising:
Meet if detect the condition of initiating the main frame Host in multi-host WiMAX system is carried out re-authentication, obtain the Host identification information, described detecting meets the condition initiating Host is carried out re-authentication specifically:
Authentication device/authentication and authorization charging customer end A uthenticator/AAA Client detects the re-authentication request of carrying at least one Host identification information that receives,
Or the context that Authenticator/AAA Client detects the Host of local maintenance meets the condition of initiating re-authentication,
Or multi-host system travelling carriage G-MS detects the re-authentication request of carrying the Host identification information that receives,
Or the context that G-MS detects the Host of local maintenance meets the condition of initiating re-authentication;
Based on the Host identification information that obtains, trigger the flow process of described Host being carried out re-authentication, described triggering comprises the flow process that described Host carries out re-authentication: the re-authentication state machine to described Host carries out initialization; And the re-authentication identification request that generates the signaling plane that carries described Host identification information, send to BS; Or the flow process of re-authentication is carried out in described triggering to corresponding Host; Comprise: the re-authentication state machine to corresponding Host carries out initialization; And the backward Anchor DPF/FA of the extended authentication identification request EAPoL-Request/Identify message based on Ethernet that generates the signaling plane that carries described Host identification information sends.
2. the method for claim 1, is characterized in that, described Authenticator/AAA Client detects and receives the re-authentication request of carrying at least one Host identification information and take a step forward and comprise:
Base station BS the context of the Host that local maintenance detected meet the conditioned disjunction of initiating re-authentication detect receive from multi-host system travelling carriage G-MS carry the re-authentication request of at least one Host identification information the time, send the re-authentication request of carrying at least one Host identification information to described Authenticator/AAA Client.
3. method as claimed in claim 2, is characterized in that, described BS detects the re-authentication request that receives from G-MS and takes a step forward and comprise:
The context that described G-MS detects the Host of local maintenance meet the conditioned disjunction of initiating re-authentication detect receive from Host carry the re-authentication request of Host identification information the time, send the re-authentication request of carrying at least one Host identification information to described BS.
4. method as claimed in claim 3, is characterized in that, described G-MS detects the re-authentication request of carrying the Host identification information that receives from Host and takes a step forward and comprise:
When self the safe context that Host detects local maintenance meets the condition of initiating re-authentication, send the re-authentication request of carrying the Host identification information to described G-MS.
5. the method for claim 1, is characterized in that, described Authenticator/AAA Client detects and receives the re-authentication request of carrying at least one Host identification information and take a step forward and comprise:
Anchor data function body/external agent Anchor DPF/FA sends to described Authenticator/AAA Client after the re-authentication request of described data surface being converted to the re-authentication request of signaling plane when the re-authentication request that receives data surface.
6. method as claimed in claim 5, is characterized in that, described Anchor DPF/FA takes a step forward in the re-authentication request that receives data surface and comprises:
When self the safe context that Host detects local maintenance meets the condition of initiating re-authentication, the re-authentication request of data surface is carried in the data channel that G-MS sets up sends to described Anchor DPF/FA.
7. the method for claim 1, is characterized in that, G-MS detects and to receive the re-authentication request of carrying the Host identification information and take a step forward and comprise:
When self the safe context that Host detects local maintenance meets the condition of initiating re-authentication, send the re-authentication request of carrying the Host identification information to described G-MS.
8. method as claimed in claim 7, is characterized in that, described triggering comprises the flow process that described Host carries out re-authentication:
Described G-MS sends the re-authentication identification request of carrying the Host identification information to described Host;
Described G-MS receives the re-authentication identification request response of carrying network access Identifier from described Host;
Described G-MS is carried on described re-authentication identification request response in the data channel of setting up and sends to Anchor DPF/FA;
Described Anchor DPF/FA sends to authentication and authorization charging server AAA Server with described re-authentication identification request response via authentication and authorization charging acting server AAA Proxy.
9. as the described method of claim 1-6 any one, it is characterized in that, described triggering comprises the flow process that described Host carries out re-authentication:
Send the re-authentication identification request of carrying the Host identification information to described Host.
10. as the described method of claim 1-6 any one, it is characterized in that, described Host identification information is Host physical address sign specifically.
11. a device of initiating re-authentication is characterized in that, comprising:
The re-authentication detecting unit is for detection of whether meeting the condition of initiating the Host in multi-host WiMAX system is carried out re-authentication;
Identification information obtaining unit is used in the result of described detection obtaining the Host identification information when meeting the re-authentication condition;
The re-authentication request transmitting unit, be used for generating and sending the re-authentication request of carrying described Host identification information, the re-authentication to corresponding Host is initiated in request, make described Authenticator/AAA Client obtain described Host identification information, and based on described Host identification information, trigger the flow process of corresponding Host being carried out re-authentication;
Described triggering comprises the flow process that described Host carries out re-authentication: the re-authentication state machine to described Host carries out initialization; And the re-authentication identification request that generates the signaling plane that carries described Host identification information, send to BS; Or the flow process of re-authentication is carried out in described triggering to corresponding Host; Comprise: the re-authentication state machine to corresponding Host carries out initialization; And the backward Anchor DPF/FA of the extended authentication identification request EAPoL-Request/Identify message based on Ethernet that generates the signaling plane that carries described Host identification information sends;
Described re-authentication detecting unit comprises:
Interface unit is used for receiving the re-authentication request;
Whether detecting unit receives the re-authentication request of carrying the Host identification information for detection of interface unit;
Or described re-authentication detecting unit comprises:
The host-context acquiring unit is for the Host context that obtains local maintenance;
Detecting unit is used for described Host context is detected, and whether the Host context that detects local maintenance meets the condition of initiating re-authentication.
12. a device of initiating re-authentication is characterized in that, comprising:
The re-authentication detecting unit is for detection of whether meeting the condition of initiating the Host in multi-host WiMAX system is carried out re-authentication;
Identification information obtaining unit is used in the result of described detection when meeting the re-authentication condition acquisition Host identification information;
The re-authentication trigger element is used for based on described Host identification information, triggers the flow process of corresponding Host being carried out re-authentication, and described triggering comprises the flow process that described Host carries out re-authentication: the re-authentication state machine to described Host carries out initialization; And the re-authentication identification request that generates the signaling plane that carries described Host identification information, send to BS; Or the flow process of re-authentication is carried out in described triggering to corresponding Host; Comprise: the re-authentication state machine to corresponding Host carries out initialization; And the backward Anchor DPF/FA of the extended authentication identification request EAPoL-Request/Identify message based on Ethernet that generates the signaling plane that carries described Host identification information sends;
Described re-authentication detecting unit comprises:
Interface unit is used for receiving the re-authentication request;
Whether detecting unit receives the re-authentication request of carrying the Host identification information for detection of interface unit;
Or described re-authentication detecting unit comprises:
The host-context acquiring unit is for the Host context that obtains local maintenance;
Detecting unit is used for described Host context is detected, and whether the Host context that detects local maintenance meets the condition of initiating re-authentication.
13. device as claimed in claim 12 is characterized in that, described re-authentication trigger element comprises re-authentication identification request transmitting element, is used for sending the re-authentication identification request of carrying the Host identification information to described Host.
Priority Applications (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 200810000352 CN101483634B (en) | 2008-01-10 | 2008-01-10 | Method and apparatus for triggering reidentification |
| PCT/CN2009/070055 WO2009092308A1 (en) | 2008-01-10 | 2009-01-07 | Method and device for triggering re-authentication |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 200810000352 CN101483634B (en) | 2008-01-10 | 2008-01-10 | Method and apparatus for triggering reidentification |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN101483634A CN101483634A (en) | 2009-07-15 |
| CN101483634B true CN101483634B (en) | 2013-06-26 |
Family
ID=40880564
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN 200810000352 Expired - Fee Related CN101483634B (en) | 2008-01-10 | 2008-01-10 | Method and apparatus for triggering reidentification |
Country Status (2)
| Country | Link |
|---|---|
| CN (1) | CN101483634B (en) |
| WO (1) | WO2009092308A1 (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101790164B (en) * | 2010-01-26 | 2012-10-03 | 华为终端有限公司 | Authentication method, communication system and relevant equipment |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1972505A (en) * | 2005-11-24 | 2007-05-30 | 华为技术有限公司 | A method and system for acquiring information of configuration mode related to IPv6 home address |
| CN1996911A (en) * | 2006-01-05 | 2007-07-11 | 华为技术有限公司 | A method for controlling the R3 re-anchoring in the multi-host WiMAX system |
| CN101064605A (en) * | 2006-04-29 | 2007-10-31 | 华为技术有限公司 | AAA framework of multi-host network and authentication method |
Family Cites Families (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| KR100744782B1 (en) * | 2005-11-15 | 2007-08-02 | 엘지전자 주식회사 | Mobile Terminal and Method for Acquisition Internet Protocol Address thereof |
| CN101052035B (en) * | 2006-04-27 | 2011-08-03 | 华为技术有限公司 | Multiple hosts safety frame and its empty port key distributing method |
| CN101090351B (en) * | 2006-06-14 | 2010-04-21 | 华为技术有限公司 | Transport method for function entity in WiMAX network |
-
2008
- 2008-01-10 CN CN 200810000352 patent/CN101483634B/en not_active Expired - Fee Related
-
2009
- 2009-01-07 WO PCT/CN2009/070055 patent/WO2009092308A1/en active Application Filing
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1972505A (en) * | 2005-11-24 | 2007-05-30 | 华为技术有限公司 | A method and system for acquiring information of configuration mode related to IPv6 home address |
| CN1996911A (en) * | 2006-01-05 | 2007-07-11 | 华为技术有限公司 | A method for controlling the R3 re-anchoring in the multi-host WiMAX system |
| CN101064605A (en) * | 2006-04-29 | 2007-10-31 | 华为技术有限公司 | AAA framework of multi-host network and authentication method |
Also Published As
| Publication number | Publication date |
|---|---|
| WO2009092308A1 (en) | 2009-07-30 |
| CN101483634A (en) | 2009-07-15 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| JP5613324B2 (en) | Secure registration of a group of clients using a single registration procedure | |
| KR101800659B1 (en) | Method and apparatus for setting terminal in mobile telecommunication system | |
| US8577414B2 (en) | Method and apparatus for creating security context and managing communication in mobile communication network | |
| US20080294891A1 (en) | Method for Authenticating a Mobile Node in a Communication Network | |
| US20070213029A1 (en) | System and Method for Provisioning of Emergency Calls in a Shared Resource Network | |
| WO2019017837A1 (en) | Network security management method and apparatus | |
| CN1835436B (en) | General power authentication frame and method of realizing power auttientication | |
| US9226153B2 (en) | Integrated IP tunnel and authentication protocol based on expanded proxy mobile IP | |
| CN101785343B (en) | Method, system and device for fast transitioning resource negotiation | |
| US20160302058A1 (en) | Methods and nodes for updating of mac address | |
| CN106105134A (en) | Improved end-to-end data protection | |
| CN1960567A (en) | Communication method for terminal to enter to and exit from idle mode | |
| EP3076695B1 (en) | Method and system for secure transmission of small data of mtc device group | |
| WO2012094879A1 (en) | Key sharing method and system for machine type communication (mtc) server | |
| WO2011116713A2 (en) | Method, device and system for machine type communication (mtc) terminal communicating with network through gateway | |
| US20230275883A1 (en) | Parameter exchange during emergency access using extensible authentication protocol messaging | |
| CN103384365A (en) | Method and system for network access, method for processing business and equipment | |
| WO2023143244A1 (en) | Terminal management method and core network device | |
| CN101483634B (en) | Method and apparatus for triggering reidentification | |
| WO2017054102A1 (en) | Method and device for managing user equipment | |
| CN108540493B (en) | Authentication method, user equipment, network entity and service side server | |
| CN101472257B (en) | Method ,system and device for triggering authentication | |
| US20240048384A1 (en) | Method and apparatus for providing strong mutual authentication, encryption, and integrity for constraint devices without secure storage and pki support | |
| WO2024060894A1 (en) | Communication method and apparatus | |
| WO2024067619A1 (en) | Communication method and communication apparatus |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20130626 Termination date: 20180110 |
|
| CF01 | Termination of patent right due to non-payment of annual fee |