CN101635632A - Method, system and device for authentication and configuration - Google Patents
Method, system and device for authentication and configuration Download PDFInfo
- Publication number
- CN101635632A CN101635632A CN200810132263A CN200810132263A CN101635632A CN 101635632 A CN101635632 A CN 101635632A CN 200810132263 A CN200810132263 A CN 200810132263A CN 200810132263 A CN200810132263 A CN 200810132263A CN 101635632 A CN101635632 A CN 101635632A
- Authority
- CN
- China
- Prior art keywords
- iptv
- user
- authentication
- configuration information
- network
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The embodiment of the invention discloses a method, a system and a device for authentication and configuration, and belongs to the field of communication. The method comprises the following steps: after receiving IP address request message of an IPTV user, triggering an IPTV authentication device to authenticate the IPTV user; receiving an authentication result after the IPTV authentication device authenticates the IPTV user, wherein the authentication result carries IPTV service configuration information when the IPTV user passes the authentication; and configuring network side equipment according to the IPTV service configuration information. The system comprises an authentication trunking device, a network configuration device and the IPTV authentication device. The device comprises a triggering module and a configuration module. By triggering the IPTV authentication device to authenticate the user, the embodiment of the invention realizes integration of user network access and service authentication and simplifies operator network deployment.
Description
Technical field
The present invention relates to the communications field, particularly a kind of authentication and collocation method, system and device.
Background technology
Broadband access popularize and the bandwidth of user access network constantly promotes, make IP-based miscellaneous service, especially multimedia service fast development.From the network design framework, the entity that broadband-based Network relates to comprises:
(1) UE (User Equipment, subscriber equipment)/user terminal is the user of diverse network business;
(2) NSP (Network Service Provider, network provider) entity, be responsible for providing the IP Connection Service of user to the service provider, make and between ASP (Application Service Provider, application/business service provider) and user, carry out IP-based data interaction;
(3) ASP entity is the producer and the supplier of various application, business.
In the middle of the business that ASP provides, IPTV is a most noticeable current business.IPTV not only can provide in the past based on the common broadcast type business of coaxial cable, and the user experience mode that time-moving television etc. are new can also be provided such as video request program.Referring to Fig. 1, the schematic network structure based on broadband raising IPTV business for prior art provides comprises: UE, NSP and IPTVASP, and under this pattern, a UE wants to use the IPTV business, needs following process to finish:
The first step: UE wants to be linked into network, needing to obtain an IP who is linked into network connects, when obtaining the IP connection, need carry out network access authentication by NSP, preserve user's network insertion CAMEL-Subscription-Information on the NSP, and the user who initiates to insert is carried out access authentication, mandate, set up and safeguard the IP connection.
Second the step: UE be connected with the IP of network build up after, UE will initiate the authentication of IPTV operation layer to IPTV ASP on this connects, preserve service profile on the IPTVASP with the user, for example: the channel of user-accessible, program category (high definition, SD), whether select video request program, time shifted TV business or the like, IPTV ASP authenticates UE according to the service profile of preserving.
The 3rd step: UE can select oneself signatory service after authenticating by IPTV ASP operation layer.In IPTV business based on multicast, user's business game (user's added channel, access time control, the channel coding type) etc. information can be handed down to NSP after the business authentication success, NSP is configured network access equipment according to business game, follow-uply like this can carry out business game, improve reaction speed to user's operation to reach best user experience at network access equipment based on the user.
Above-mentioned network access authentication has multiple authentication mode, PPP (Point-to-Point Protocol for example, point-to-point protocol), 802.1x agreement, PANA (Protocol for Carrying Authentication for Network Access, network access authentication carries agreement), DHCP (Dynamic host configuration protocol, DHCP) etc.
In realizing process of the present invention, the inventor finds that there is following problem at least in prior art:
Prior art generally is that the pattern that adopts business authentication to separate with network access authentication authenticates user/UE, and after authentication was passed through, user/UE just can visit the IPTV business, the network design complexity, and cost is than higher.
Summary of the invention
In order to make the efficient that improves authenticated user, reduce the cost of network design, the embodiment of the invention provides a kind of authentication and collocation method, system and device.Described technical scheme is as follows:
A kind of authentication and collocation method, described method comprises:
After receiving IPTV user's IP address request message, trigger the IPTV authenticate device described IPTV user is authenticated;
Receive the authentication result that obtains after described IPTV authenticate device authenticates described IPTV user, when described IPTV user passes through authentication, carry the IPTV service configuration information in the described authentication result; When described IPTV user does not pass through authentication, no IPTV service configuration information in the described authentication result;
If carried the IPTV service configuration information in the described authentication result, network equipment is configured according to described IPTV service configuration information.
A kind of authentication and configuration-system, described system comprises: authentication relay device, network configuration device and IPTV authenticate device;
Described authentication relay device, be used to receive IPTV user's IP address request message after, described IP address request is transmitted to described network configuration device; And after confirming that according to the authentication result that described IPTV authenticate device returns described IPTV user is legal, network equipment is configured according to described IPTV service configuration information;
Described network configuration device after being used to receive the IP address request of described authentication relay device forwarding, triggers described IPTV authenticate device described IPTV user is authenticated;
Described IPTV authenticate device, after being used to receive the triggering of described network configuration device, described IPTV user is authenticated, authentication result is sent to described authentication relay device, when described IPTV user passes through authentication, carry the IPTV service configuration information in the described authentication result; When described IPTV user does not pass through authentication, no IPTV service configuration information in the described authentication result.
A kind of authentication and configuration-system, described system comprises: authentication relay device and IPTV authenticate device;
Described authentication relay device, be used to receive IPTV user's IP address request message after, trigger the IPTV authenticate device described IPTV user authenticated; And after confirming that according to the authentication result that described IPTV authenticate device returns described IPTV user is legal, network equipment is configured according to described IPTV service configuration information;
Described IPTV authenticate device, after being used to receive the triggering of described authentication relay device, described IPTV user is authenticated, authentication result is sent to described authentication relay device, when described IPTV user passes through authentication, carry the IPTV service configuration information in the described authentication result; When described IPTV user does not pass through authentication, no IPTV service configuration information in the described authentication result.
A kind of authentication and inking device, described device comprises:
Trigger module, be used to receive IPTV user's IP address request message after, trigger the IPTV authenticate device described IPTV user authenticated;
Configuration module is used to receive the authentication result that obtains after described IPTV authenticate device authenticates described IPTV user, when described IPTV user passes through authentication, carries the IPTV service configuration information in the described authentication result; When described IPTV user does not pass through authentication, no IPTV service configuration information in the described authentication result; If carried the IPTV service configuration information in the described authentication result, network equipment is configured according to described IPTV service configuration information.
The beneficial effect of the technical scheme that the embodiment of the invention provides is:
The embodiment of the invention authenticates IPTV user by triggering the IPTV authenticate device, realized the integrated of user network access, business authentication, simplified the carrier network deployment, reduced cost, and is simultaneously safe and reliable, is beneficial to service management.
Description of drawings
Fig. 1 is the schematic network structure based on broadband raising IPTV business that prior art provides;
Fig. 2 is the schematic network structure based on broadband raising IPTV business that the embodiment of the invention 1 provides;
Fig. 3 is the authentication that provides of the embodiment of the invention 1 and the Signalling exchange figure of collocation method;
Fig. 4 is the authentication that provides of the embodiment of the invention 2 and the Signalling exchange figure of collocation method;
Fig. 5 is the authentication that provides of the embodiment of the invention 3 and the structural representation of configuration-system;
Fig. 6 is the authentication that provides of the embodiment of the invention 4 and the structural representation of configuration-system;
Fig. 7 is the authentication that provides of the embodiment of the invention 5 and the structural representation of inking device.
Embodiment
For making the purpose, technical solutions and advantages of the present invention clearer, embodiment of the present invention is described further in detail below in conjunction with accompanying drawing.
The embodiment of the invention by the request that receives IPTV user applies IP address after, triggering is to this user's business authentication, and confirm that according to service authentication result this user whether can access network and use the IPTV business, if can, relevant access node is carried out this user-dependent configuration, network access authentication and business authentication are integrated, and have simplified user-dependent IPTV configuration, and then simplified the network and the service deployment of operator.
Embodiment 1
Present embodiment provides a kind of authentication and collocation method, and this method comprises:
After receiving IPTV user's IP address request message, trigger the IPTV authenticate device IPTV user is authenticated;
Receive the authentication result that obtains after the IPTV authenticate device authenticates IPTV user, when IPTV user passes through authentication, carry the IPTV service configuration information in this authentication result; When IPTV user does not pass through authentication, no IPTV service configuration information in this authentication result;
If carried the IPTV service configuration information in the authentication result, network equipment is configured according to the IPTV service configuration information.
Wherein, network equipment comprises access node, broad access network gate BRAS etc.;
The equipment of carrying out above-mentioned authentication and collocation method can be the network configuration device, for example, and Dynamic Host Configuration Protocol server; Also can be the authentication relay device, for example: DHCP and authentication relay device.
When the above-mentioned authentication of execution directly links to each other with the IPTV authenticate device with the equipment of collocation method, triggering IPTV authenticate device authenticates IPTV user can adopt the mode triggering authentication of direct transmission IP address request to the IPTV authenticate device: correspondingly, authentication result is also directly returned by the IPTV authenticate device;
When the above-mentioned authentication of execution links to each other by third party device with the IPTV authenticate device with the equipment of collocation method, triggering IPTV authenticate device authenticates can adopt to third party device to IPTV user and sends the IP address request, transmit the mode triggering authentication that this IP address request is given the IPTV authenticate device by third party device: correspondingly, authentication result also is to send to third party device by the IPTV authenticate device, by third party device authentication result is returned then.
It is that example describes to the IPTV authentification of user that present embodiment triggers the IPTV authenticate device with the network configuration device, provide the schematic network structure of IPTV business referring to what Fig. 2 provided based on the broadband, comprise: UE, NSP and ASP, wherein, NSP comprises: access node, DHCP and authentication relay device, network configuration device, AAA client, user insert repository; IPTVASP comprises: aaa server, customer service repository.The function of each networking component is briefly described as follows:
UE:, be the hardware supporting body that the user uses the IPTV business as user terminal.The user obtains the IPTV business by this equipment access network;
Access node: be responsible for the access function of UE, for the user provides up loop.For the IPTV business, access node can be realized service control function, experiences with the response that improves the user, such as the switching that realizes the IPTV channel at access node; The adding of channel, withdraw from processing etc., processing, the operating lag that can avoid signaling to go upward to the ASP side like this bringing;
DHCP and authentication relay device: belong to one of network equipment of NSP, it transmits message alternately for the dhcp message between UE and the network configuration device, comprises DHCP IP address request (DHCP Discovery message) and DHCP IP address choice message (DHCP Request message) or the like; It also for the authentication message between UE and the IPTV authenticate device plays the message relay function, comprises the authentication request of transmitting UE, Security Association negotiation message between UE and the IPTV authenticate device and authentication result message etc. in addition.
The network configuration device: belong to one of network equipment of NSP, it is mutual that it and UE pass through dhcp message, the IP address of configuration UE; In addition, it can also be used to configure application server agency's address, and application server proxy can be P-CSCF (Proxy Call Session Control Funciton, a call session control agent function) entity etc.;
IPTV authenticate device: be used for the user is authenticated, and authentication result returned to DHCP and authentication relay device, if IPTV authenticate device and UE be not in same network domains, this IPTV authenticate device specifically can comprise client and server, and the embodiment of the invention is specially AAA client and aaa server; If IPTV authenticate device and UE are in same network domains, this IPTV authenticate device can be a server with authentication function;
The user inserts repository: preserve user's access authentication and insert configuration data, such as the signatory network bandwidth, the qos parameter of network etc.
Customer service repository: the service contracting authentication and the business configuration data of preserving the user, concerning the IPTV business, comprise signatory channel, the medium types of channel etc., the user of NSP side inserts repository can be used for the user's that buffer memory obtains from the ASP side business configuration.
Present embodiment is an example with the schematic network structure that Fig. 2 was provided, and referring to Fig. 3, this authentication and collocation method comprise:
S201:UE powers in the time of will using IPTV professional, sends DHCPDiscovery message by access node to DHCP and authentication relay device, request application IP address;
Wherein, the sign that comprises the user among the OPTION of DHCPDiscovery message.OPTION field in the embodiment of the invention is mainly OPTION60 and OPTION82.Wherein have Vendor and Service Option information among the OPTION60, the information of carrying when being UE initiation DHCP request, the network equipment only needs transparent transmission to get final product, its effect in application is to be used for discerning the UE type, thereby identification customer service type, the network configuration device can rely on the different service IP address of this information distribution; And OPTION82 information is to be inserted in the DHCPDiscovery message that UE sends by the network equipment (such as access node), is mainly used to identify the on-position of UE.
S202: after access node receives DHCP Discovery message, give DHCP and authentication relay device with DHCP Discovery forwards;
Access node may insert some information in some OPTION of DHCP when receiving DHCP Discovery message, such as insert link information etc. in OPTION82.
After S203:DHCP and authentication relay device receive DHCP Discovery message, with DHCP Discovery forwards to the network configuration device.
S204: after the network configuration device receives DHCP Discovery message, user bound sign and user go up line position, and distributing IP address (the IP address of perhaps after authentication success, reallocating), and the IPTV service authentication request message that will carry user ID sends to the AAA client, triggers this user's the authentication of reaching the standard grade.
NSP in the present embodiment and ASP are clastotype, and NSP and ASP have aaa authentication device separately respectively, and the aaa authentication device of NSP is the network access authentication device, and promptly the AAA client is generally used for Control Network user's access.The aaa authentication device of ASP is an aaa server, is used to control user's Operational Visit.In embodiments of the present invention, NSP and ASP have aaa authentication device separately respectively, are the role that aaa server plays authentication by the aaa authentication device among the ASP still, and the aaa authentication device of NSP is agency's effect that the AAA client plays an authentication signaling.
After the S205:AAA client receives authentication request message, send the authentication request response message to the network configuration device;
For avoiding the bigger modification to existing network configuration device, the verification process that the embodiment of the invention is follow-up and without the network configuration device promptly need not the network configuration device and handles.
S206: after the network configuration device receives the authentication request response message, send DHCP offer message, carry institute's IP address allocated among the DHCP offer to DHCP and authentication relay device.
The aaa authentication agreement of S207:AAA customer end adopted standard sends authentication request at above-mentioned user ID indication user to aaa server;
Wherein, the aaa authentication agreement comprises Radius (Remote Authentication Dial In User Service, remote user dialing authentication protocol), Diameter agreements such as (upgraded versions of Radius agreement).
After the S208:AAA server receives the user authentication request of AAA client transmission, aaa server is inquired about the information relevant with authentification of user in the customer service repository, such as user key etc., aaa server sends authentication informations such as the first authentication challenge word to the AAA client then.
After the S209:AAA client receives authentication information, authentication information is sent to DHCP and authentication relay device.
After S210:DHCP and authentication relay device are received authentication information, authentication information is added in the DHCP offer message of network configuration device transmission, and interpolation DHCP offer message is returned to UE.
After DHCP in the present embodiment and authentication relay device are received the DHCP offer message that the network configuration device sends among the S206, can at once DHCP offer message not returned to UE, after receiving the authentication information that sends from the AAA client, again DHCP offer message is returned to UE.
After S211:UE receives the DHCP offer message of DHCP and the transmission of authentication relay device, UE obtains the relevant information of authentication such as the first challenge word, identifying algorithm from DHCP offer message, confirm algorithm according to these authentication corresponding informations, algorithm computation after use confirming goes out the second challenge word, and the second challenge word is carried on as authentication response information sends to DHCP and authentication relay device in the DHCP Request message.
After S212:DHCP and authentication relay device receive DHCP Request message, peel off the authentication response information OPTION (field information) in the DHCP Request message, and amended DHCP Request message is sent to the network configuration device.
S213: after the network configuration device receives DHCP Request message, carry out relevant IP address assignment flow process, return DHCPACK message then and give DHCP and authentication relay device.
S214:DHCP and authentication relay device are carried on the authentication response information in the DHCP Request message in the authentication message (such as Diameter Authentication Access Request) and send to the AAA client.
After the S215:AAA client receives authentication message, authentication message is sent to aaa server.
After the S216:AAA server receives authentication message, whether according to this user of validation of information in identifying algorithm and the authentication message that receives is validated user, if, aaa server obtains the configuration data relevant with this user's business from the customer service repository, for example, service configuration information (profile) comprises signatory channel, medium type, channel bandwidth demand etc.; Aaa server return authentication success message is given the AAA client then, and carries user's service configuration information in authentication success message.
After the S217:AAA client receives authentication success message, authentication success message is sent to DHCP and authentication relay device.
After S218:DHCP and authentication relay device receive authentication success message, the configuration of execution customer service, promptly the IP of UE is connected and be configured according to user's service configuration information, such as total bandwidth, IPTV multicast bandwidth, unicast bandwidth ratio arrangement etc., and configuration access node, the content of configuration comprises: according to user's service configuration information, set up the binding relationship between IP address and user ID or the access line line, and the user is joined in the designated multicast copy table;
When DHCP and authentication relay device configuration access node, can pass through ANCP realizations such as (Access Node ConfigurationProtocol, access node configuration protocols), be about to configuration information and be handed down to access node by ANCP.
S219:DHCP and authentication relay device send DHCPACK message to UE, carry authentication result information in DHCP OPTION.
After DHCP in the present embodiment and authentication relay device are received DHCP ACK message, do not send DHCP ACK message at once, need to wait for that authentication result information sends DHCPACK message again to UE when arriving to UE.
If aaa server authentication UE failure, then only send authentification failure message, this authentification failure message is not carried service configuration information, after the AAA client is received authentification failure message, this authentification failure message is sent to DHCP and authentication relay device, after DHCP and authentication relay device are received authentification failure message, will in DHCPACK message, carry authentication failure message and give UE, and the distribution of informing network inking device cancellation IP address finishes then.
The not free sequencing relation of S205 and S207 in the embodiment of the invention can be carried out S207 earlier after that is to say S204, carries out S205 again.
In addition, the not free sequencing relation of S219 and S218 can be carried out S219 earlier in the embodiment of the invention, carries out S218 again.
S211 to S217 is described to be typical authentication Signalling exchange between UE and the IPTV authenticate device, according to the difference of the authentication protocol of concrete employing, UE and and the IPTV certificate server between mutual round, interactive information can have difference.
The network configuration device of the embodiment of the invention has adopted the method for first distributing IP address in S204, according to actual needs, the network configuration device also can receive by the time this UE by the message of authentication after again for this UE distributing IP address, at this moment, need the IPTV authenticate device that authentication result is sent to the network configuration device;
The embodiment of the invention is carried out business configuration by DHCP and authentication relay device, according to actual needs, the IPTV authenticate device also can be after UE be by authentication, service configuration information is sent to the network configuration device, finish the corresponding business configuration by the network configuration device, the concrete configuration content is identical with the deploy content of the embodiment of the invention, no longer describes in detail here.
In embodiments of the present invention, the business authentication function of NSP and not responsible UE and IPTV is carried out concrete authentication function in the ASP side.Simultaneously, present embodiment is provided with the AAA client in the NSP side, in order to transmitting signaling, according to actual needs, the NSP side also can not be provided with the AAA client, but directly message is sent to the aaa server of ASP side by DHCP and authentication relay device or network configuration device.
The embodiment of the invention is by the authentication of network configuration device triggering to the user, and alone the user is authenticated by aaa server, what adopt is the mode of single authentication, IPTV user network access, business authentication and integrated based on user's business configuration have been realized, simplified the carrier network deployment, reduced cost, compared with prior art, by expansion, realized safe and reliable, IPTV service deployment and service management efficiently to relevant network node.
Embodiment 2
Present embodiment provides a kind of authentication and collocation method, it is that example describes to authentification of user that this method triggers aaa server with DHCP and authentication relay device, present embodiment is an example with the schematic network structure that Fig. 2 was provided still, and referring to Fig. 4, this authentication and collocation method comprise:
S301:UE powers in the time of will using IPTV professional, sends DHCPDiscovery message by access node to DHCP and authentication relay device, request application IP address;
S302: after access node receives DHCP Discovery message, give DHCP and authentication relay device with DHCP Discovery forwards;
After S303:DHCP and authentication relay device receive DHCP Discovery message, extract the user ID (being about to the user ID deletion in the DHCP Discovery message) of carrying in the DHCP Discovery message, again DHCP Discovery message is sent the network configuration device.
S304: after the network configuration device receives DHCP Discovery message, the IP address assignment flow process of operative norm (being IP address assignment flow process of the prior art).Return the DHCP offer message of carrying the IP address then and give DHCP and authentication relay device.
S305:DHCP and authentication relay device carry this user's user ID to the authentication request message of AAA client initiation to this user in the authentication request message;
Wherein, authentication request message can realize by the aaa protocol of standard.
The sequencing that S305 and S303 are not free can be carried out S305 earlier after that is to say S302, carries out S303, S304 again.
The subsequent authentication procedure of S306-S318 is identical with S207~S219 of embodiment 1, repeats no more herein.
After the embodiment of the invention detects the user's IP address request message by DHCP and authentication relay device, triggering is to user's authentication, and alone the user is authenticated by aaa server, what adopt is the mode of single authentication, realized that the IPTV user network inserts, business authentication integrated, simplified the carrier network deployment, reduced cost, compared with prior art, by expansion, realized safe and reliable, IPTV service deployment and service management efficiently to relevant network node.Be in the embodiment of the invention by DHCP and the request of authentication relay device triggering authentication with the difference of embodiment 1, promptly do not need mutual through with the network configuration device, by DHCP and the direct triggering authentication request of authentication relay device, simplified verification process, easier realization.
Embodiment 3
Referring to Fig. 5, present embodiment provides a kind of authentication and configuration-system, comprising: authentication relay device 401, network configuration device 402 and IPTV authenticate device 403;
IPTV authenticate device 403 after being used to receive the triggering of network configuration device 402, authenticates IPTV user, and authentication result is sent to authentication relay device 401, when IPTV user passes through authentication, carries the IPTV service configuration information in the authentication result; When IPTV user does not pass through authentication, no IPTV service configuration information in the authentication result.
The user ID acquisition module, be used to receive IPTV user's IP address request message after, the secondary IP address request message obtains IPTV user's user ID;
Sending module is used for sending the IPTV authentication request to IPTV authenticate device 403, and the IPTV authentication request is carried the IPTV user's that the user ID acquisition module obtains user ID, and IPTV authenticate device 403 can be authenticated IPTV user according to user ID.
Wherein, authentication relay device 401 is specifically as follows DHCP and authentication relay device among the embodiment 1.
The embodiment of the invention triggers 403 pairs of IPTV authentification of users of IPTV authenticate device by network configuration device 402, IPTV authenticate device 403 authenticates IPTV user alone, it is the mode of single authentication, IPTV user network access, business authentication and integrated based on user's business configuration have been realized, simplified the carrier network deployment, reduced cost, compared with prior art, by expansion, realized safe and reliable, IPTV service deployment and service management efficiently to relevant network node.
Embodiment 4
Referring to Fig. 6, present embodiment provides a kind of authentication and configuration-system, it is characterized in that, this system comprises: authentication relay device 501 and IPTV authenticate device 502;
Authentication relay device 501, be used to receive IPTV user's IP address request message after, trigger 502 couples of IPTV users of IPTV authenticate device and authenticate; And after the authentication result of returning according to IPTV authenticate device 502 confirms that IPTV user is legal, network equipment is configured according to the IPTV service configuration information;
IPTV authenticate device 502 after being used to receive the triggering of authentication relay device 501, authenticates IPTV user, and authentication result is sent to DHCP and authentication relay device 501, when IPTV user passes through authentication, carries the IPTV service configuration information in the authentication result; When IPTV user does not pass through authentication, no IPTV service configuration information in the authentication result.
Authentication relay device 501 specifically comprises:
The user ID acquisition module, be used to receive IPTV user's IP address request message after, the secondary IP address request message obtains described IPTV user's user ID;
Sending module is used for sending the IPTV authentication request to IPTV authenticate device 502, and the IPTV authentication request is carried the IPTV user's that the user ID acquisition module obtains user ID, and IPTV authenticate device 502 can be authenticated IPTV user according to user ID;
Configuration module, the authentication result that is used for returning according to IPTV authenticate device 502 is configured network equipment according to the IPTV service configuration information after confirming that IPTV user is legal.
Wherein, authentication relay device 501 is specifically as follows DHCP and authentication relay device among the embodiment 2.
The embodiment of the invention triggers 502 pairs of IPTV authentification of users of IPTV authenticate device by authentication relay device 501, the IPTV authenticate device authenticates IPTV user alone, it is the mode of single authentication, realized that the IPTV user network inserts, business authentication integrated, simplified the carrier network deployment, reduced cost, compared with prior art, by expansion, realized safe and reliable, IPTV service deployment and service management efficiently to relevant network node.Be in the embodiment of the invention by the 501 triggering authentication requests of authentication relay device with the difference of embodiment 3, promptly do not need mutual through with the network configuration device,, simplified verification process, easier realization by the 501 direct triggering authentication requests of authentication relay device.
Embodiment 5
Referring to Fig. 7, present embodiment provides a kind of authentication and inking device, and this device comprises:
The authentication of the embodiment of the invention and inking device are by triggering the IPTV authenticate device to the IPTV authentification of user, this IPTV authenticate device is a single authentication to IPTV user's authentication, this authentication has realized that the IPTV user network inserts, business authentication integrated, simplified the carrier network deployment, reduced cost, compared with prior art, by expansion, realized safe and reliable, IPTV service deployment and service management efficiently to relevant network node.
One of ordinary skill in the art will appreciate that all or part of flow process that realizes in the foregoing description method, be to instruct relevant hardware to finish by computer program, described program can be stored in the computer read/write memory medium, this program can comprise the flow process as the embodiment of above-mentioned each side method when carrying out.Wherein, described storage medium can be magnetic disc, CD, read-only storage memory body (Read-Only Memory, ROM) or at random store memory body (Random Access Memory, RAM) etc.
The above only is preferred embodiment of the present invention, and is in order to restriction the present invention, within the spirit and principles in the present invention not all, any modification of being done, is equal to replacement, improvement etc., all should be included within protection scope of the present invention.
Claims (10)
1. one kind authenticates and collocation method, it is characterized in that described method comprises:
After receiving IPTV user's IP address request message, trigger the IPTV authenticate device described IPTV user is authenticated;
Receive the authentication result that obtains after described IPTV authenticate device authenticates described IPTV user, when described IPTV user passes through authentication, carry the IPTV service configuration information in the described authentication result; When described IPTV user does not pass through authentication, no IPTV service configuration information in the described authentication result;
If carried the IPTV service configuration information in the described authentication result, network equipment is configured according to described IPTV service configuration information.
2. authentication as claimed in claim 1 and collocation method is characterized in that, carry described IPTV user's user ID in the described IP address request;
Described receive IPTV user's IP address request message after, trigger the IPTV authenticate device described IPTV user authenticated, comprising:
After receiving IPTV user's IP address request message, obtain described IPTV user's user ID from described IP address request;
Send the IPTV authentication request to the IPTV authenticate device, described IPTV authentication request is carried described IPTV user's user ID, and described IPTV authenticate device can be authenticated described IPTV user according to described user ID.
3. authentication as claimed in claim 1 and collocation method, it is characterized in that, described triggering IPTV authenticate device authenticates described IPTV user and comprises: directly send or authenticate to described IPTV authenticate device by third party device forwarding IP address request, the authentication result of wherein said IPTV authenticate device also directly or by third party device is returned.
4. authentication as claimed in claim 1 and collocation method is characterized in that, described method also comprises:
After receiving IPTV user's IP address request message, be described IPTV user's distributing IP address;
Describedly network equipment is configured, comprises according to described IPTV service configuration information:
Described IPTV user sends the IP address response message according to described IPTV service configuration information to described IPTV user, described IP address response message carried terminal configuration information and described IP address by after authenticating.
5. authentication as claimed in claim 1 and collocation method is characterized in that, describedly according to described IPTV service configuration information network equipment are configured, and specifically comprise:
According to described IPTV service configuration information described IPTV user is carried out network and connect configuration, described network connects configuration and comprises a kind of in the following information at least: the ratio of total bandwidth, IPTV multicast bandwidth, unicast bandwidth and the channel list that allows the user to add;
According to described IPTV service configuration information described access node is configured, the content of configuration comprises a kind of in the following information at least: described user's sign, described access line line, described user's IP address, described user is joined the designated multicast copy table.
6. one kind authenticates and configuration-system, it is characterized in that described system comprises: authentication relay device, network configuration device and IPTV authenticate device;
Described authentication relay device, be used to receive IPTV user's IP address request message after, described IP address request is transmitted to described network configuration device; And after confirming that according to the authentication result that described IPTV authenticate device returns described IPTV user is legal, network equipment is configured according to described IPTV service configuration information;
Described network configuration device after being used to receive the IP address request of described authentication relay device forwarding, triggers described IPTV authenticate device described IPTV user is authenticated;
Described IPTV authenticate device, after being used to receive the triggering of described network configuration device, described IPTV user is authenticated, authentication result is sent to described authentication relay device, when described IPTV user passes through authentication, carry the IPTV service configuration information in the described authentication result; When described IPTV user does not pass through authentication, no IPTV service configuration information in the described authentication result.
7. authentication as claimed in claim 6 and configuration-system is characterized in that, described network configuration device specifically comprises:
The user ID acquisition module, be used to receive IPTV user's IP address request message after, obtain described IPTV user's user ID from described IP address request;
Sending module, be used for sending the IPTV authentication request to the IPTV authenticate device, described IPTV authentication request is carried the IPTV user's that described user ID acquisition module obtains user ID, and described IPTV authenticate device can be authenticated described IPTV user according to described user ID.
8. one kind authenticates and configuration-system, it is characterized in that described system comprises: authentication relay device and IPTV authenticate device;
Described authentication relay device, be used to receive IPTV user's IP address request message after, trigger the IPTV authenticate device described IPTV user authenticated; And after confirming that according to the authentication result that described IPTV authenticate device returns described IPTV user is legal, network equipment is configured according to described IPTV service configuration information;
Described IPTV authenticate device, after being used to receive the triggering of described authentication relay device, described IPTV user is authenticated, authentication result is sent to described authentication relay device, when described IPTV user passes through authentication, carry the IPTV service configuration information in the described authentication result; When described IPTV user does not pass through authentication, no IPTV service configuration information in the described authentication result.
9. authentication as claimed in claim 6 and configuration-system is characterized in that, described authentication relay device specifically comprises:
The user ID acquisition module, be used to receive IPTV user's IP address request message after, obtain described IPTV user's user ID from described IP address request;
Sending module, be used for sending the IPTV authentication request to the IPTV authenticate device, described IPTV authentication request is carried the IPTV user's that described user ID acquisition module obtains user ID, and described IPTV authenticate device can be authenticated described IPTV user according to described user ID;
Configuration module after being used for confirming that according to the authentication result that described IPTV authenticate device returns described IPTV user is legal, is configured network equipment according to described IPTV service configuration information.
10. one kind authenticates and inking device, it is characterized in that described device comprises:
Trigger module, be used to receive IPTV user's IP address request message after, trigger the IPTV authenticate device described IPTV user authenticated;
Configuration module is used to receive the authentication result that obtains after described IPTV authenticate device authenticates described IPTV user, when described IPTV user passes through authentication, carries the IPTV service configuration information in the described authentication result; When described IPTV user does not pass through authentication, no IPTV service configuration information in the described authentication result; If carried the IPTV service configuration information in the described authentication result, network equipment is configured according to described IPTV service configuration information.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 200810132263 CN101635632B (en) | 2008-07-22 | 2008-07-22 | Method, system and device for authentication and configuration |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 200810132263 CN101635632B (en) | 2008-07-22 | 2008-07-22 | Method, system and device for authentication and configuration |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN101635632A true CN101635632A (en) | 2010-01-27 |
| CN101635632B CN101635632B (en) | 2013-08-07 |
Family
ID=41594701
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN 200810132263 Expired - Fee Related CN101635632B (en) | 2008-07-22 | 2008-07-22 | Method, system and device for authentication and configuration |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101635632B (en) |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102368828A (en) * | 2011-12-01 | 2012-03-07 | 青岛海信宽带多媒体技术有限公司 | Network configuration method and system of internetwork digital television |
| CN104349190A (en) * | 2013-08-01 | 2015-02-11 | 普罗通信股份有限公司 | Television box and method for controlling display to display video and audio |
| CN108566451A (en) * | 2014-03-11 | 2018-09-21 | 华为技术有限公司 | A kind of message treatment method, access controller and network node |
| CN112653605A (en) * | 2018-04-09 | 2021-04-13 | 华为技术有限公司 | Method and communication device for accessing service network |
Family Cites Families (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1992735A (en) * | 2005-12-28 | 2007-07-04 | 中兴通讯股份有限公司 | Implementation method for IPTV set-top box access network and service fulfillment |
| CN101174952B (en) * | 2006-10-31 | 2010-05-19 | 中兴通讯股份有限公司 | Automatic authentication method and device for IPTV service |
-
2008
- 2008-07-22 CN CN 200810132263 patent/CN101635632B/en not_active Expired - Fee Related
Cited By (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102368828A (en) * | 2011-12-01 | 2012-03-07 | 青岛海信宽带多媒体技术有限公司 | Network configuration method and system of internetwork digital television |
| CN104349190A (en) * | 2013-08-01 | 2015-02-11 | 普罗通信股份有限公司 | Television box and method for controlling display to display video and audio |
| CN104349190B (en) * | 2013-08-01 | 2017-09-08 | 普罗通信股份有限公司 | Television box and method for controlling display to display video and audio |
| CN108566451A (en) * | 2014-03-11 | 2018-09-21 | 华为技术有限公司 | A kind of message treatment method, access controller and network node |
| US11665134B2 (en) | 2014-03-11 | 2023-05-30 | Huawei Technologies Co., Ltd. | Message processing method, access controller, and network node |
| CN112653605A (en) * | 2018-04-09 | 2021-04-13 | 华为技术有限公司 | Method and communication device for accessing service network |
| CN112653605B (en) * | 2018-04-09 | 2022-05-10 | 华为技术有限公司 | Method and communication device for accessing service network |
| US11553339B2 (en) | 2018-04-09 | 2023-01-10 | Huawei Technologies Co., Ltd. | Method for accessing serving network and communications apparatus |
Also Published As
| Publication number | Publication date |
|---|---|
| CN101635632B (en) | 2013-08-07 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| JP5477807B2 (en) | Personal token with improved signal capability | |
| US6317584B1 (en) | Controlling communication in wireless and satellite networks | |
| US9967738B2 (en) | Methods and arrangements for enabling data transmission between a mobile device and a static destination address | |
| CN102546559B (en) | The method, apparatus and system of end-to-end transmission data in limited network | |
| EP3720100A1 (en) | Service request processing method and device | |
| CN101179603B (en) | Method and device for controlling user network access in IPv6 network | |
| CN102480399B (en) | Based on multi-service authentication method and the system of IPoE | |
| EP1936883B1 (en) | Service provisioning method and system thereof | |
| CN101977187B (en) | Firewall policy distribution method, client, access server and system | |
| AU2001247590A1 (en) | Method and apparatus for coordinating a change in service provider between a client and a server | |
| CN101160920A (en) | Method and system for authenticating user terminal | |
| US20090089431A1 (en) | System and method for managing resources in access network | |
| US7117258B2 (en) | Method and apparatus for assigning IP address using agent in zero configuration network | |
| CN101600224A (en) | Wireless data card is supported the implementation method and the wireless data card of a plurality of PDP Contexts | |
| CN101610177A (en) | System and method based on the business configuration of DHCP Server mechanism | |
| CN108429773B (en) | Authentication method and authentication system | |
| CN102474722B (en) | Method and equipment for authenticating subscriber terminal | |
| CN101635632B (en) | Method, system and device for authentication and configuration | |
| CN101442800B (en) | Method, system and terminal for discharging terminal business | |
| CN103973648B (en) | Application data method for pushing, apparatus and system | |
| CN102546331B (en) | Method and device for transmitting service information | |
| CN101873330B (en) | Access control method and server for supporting IPv6/IPv4 dual stack access | |
| CN110446277B (en) | VoWiFi service access method for dual-card terminal and terminal | |
| CN101631142A (en) | Sip server and communication system | |
| CN102308622B (en) | Method, device and system for interworking between WiFi network and WiMAX network |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20130807 Termination date: 20160722 |
|
| CF01 | Termination of patent right due to non-payment of annual fee |