CN101895861B - Method and system for realizing generic authentication architecture - Google Patents
Method and system for realizing generic authentication architecture Download PDFInfo
- Publication number
- CN101895861B CN101895861B CN200910202928.7A CN200910202928A CN101895861B CN 101895861 B CN101895861 B CN 101895861B CN 200910202928 A CN200910202928 A CN 200910202928A CN 101895861 B CN101895861 B CN 101895861B
- Authority
- CN
- China
- Prior art keywords
- user
- proxy
- network application
- function
- server function
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Landscapes
- Telephonic Communication Services (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
The invention provides a method and a system for realizing generic authentication architecture. The system comprises a network application function, a Zn interface proxy (Zn-Proxy) and a user home boot server function and is characterized in that: no matter a user is the user of a network to which the network application function belongs or the user of the network to which a non-network application function belongs, the network application function is used for establishing communication with the Zn-Proxy; the Zn-Proxy is used for positioning the user home boot server function of the user after establishing the communication with the network application function, and forwarding communication information between the network application function and the user home boot server function; and the user home boot server function is used for communicating with a network application server through the Zn-Proxy. The method and the system of the invention can realize the generic authentication architecture which is easily maintained, and solve the problem of poor maintenance of the currently available realization of the generic authentication architecture, thereby contributing to the development of communication service.
Description
Technical field
The present invention relates to communication field, relate in particular to a kind of method and system that realize generic authentication architecture.
Background technology
At present, the standard 33.220 of 3GPP has defined a kind of generic authentication architecture, wherein illustrated: 1) NAF (Network Application Function, network application function) by the BSF (Bootstrapping Server Function, boortstrap server function) in Zn interface and this NAF institute home network, be connected; 2) NAF is connected by the Zn-Proxy (Zn interface proxy) in Zn interface and this NAF institute home network; 3) Zn-Proxy is the agency between visited place NAF and user attaching BSF; 4) Zn-Proxy can be the BSF of roamer's consumer positioning ownership.
As everyone knows, in a NAF institute home network, can there are a plurality of NAF of other kinds.These NAF all need to determine to be with this user's BSF Direct Communication or by this agency of Zn-Proxy and this user's the indirect communication of BSF in the time of need to carrying out communication with certain user's BSF, the obvious existent defect of this mode, the rule when rule that whether this user belongs to the user of this NAF institute home network as judged as NAF changes in each NAF all needs to adjust, and this does not obviously utilize the maintenance of system.
In summary,, obviously there is in actual use defect in the technology of existing generic authentication architecture, so be necessary to be improved.
Summary of the invention
The technical problem to be solved in the present invention is to provide a kind of method and system that realize generic authentication architecture, has solved the current existing poor problem of generic authentication architecture maintainability that realizes.
In order to address the above problem, the invention provides a kind of system that realizes generic authentication architecture, comprising: network application function, Zn interface proxy Zn-Proxy and user attaching boortstrap server function; The user no matter user is network application function institute home network is also the user of non-network application function institute home network:
Described network application function is for setting up communication with Zn-Proxy;
Described Zn-Proxy is for orienting described user's user attaching boortstrap server function after communicating by letter with network application function foundation, and the communication information between transmission network application function and user attaching boortstrap server function;
Described user attaching boortstrap server function is for communicating by letter with network application server by Zn-Proxy.
When further, described network application function is communicated by letter with Zn-Proxy foundation, carry user ID;
Described Zn-Proxy orients user attaching boortstrap server function according to user ID.
Further, described Zn-Proxy is also for the corresponding relation between configure user sign and user attaching boortstrap server function, and utilizes user ID to search described corresponding relation and orient user attaching boortstrap server function.
Further, described Zn-Proxy also sends a request message for orienting the backward described user attaching boortstrap server function of user attaching boortstrap server function, and the response message of reception is forwarded to described network application function;
Described user attaching boortstrap server function receives that the backward described Zn-Proxy of described request message returns to response message;
Network application function receives that forwarding and the user attaching boortstrap server function by Zn-Proxy communicates after described notice.
The present invention also provides a kind of method that realizes generic authentication architecture, comprise: the user no matter user is network application function institute home network is also non-network application function institute home network, when network application function need to communicate with described user's user attaching boortstrap server function, described network application function is first set up and is communicated by letter with Zn-Proxy, Zn-Proxy orients user attaching boortstrap server function after communicating by letter with network application function foundation, and described network application function and user attaching boortstrap server function communicate by the forwarding of Zn-Proxy afterwards.
Further, described Zn-Proxy carries user ID while communicating by letter with network application function foundation, and Zn-Proxy orients user attaching boortstrap server function according to user ID.
Further, the corresponding relation between described Zn-Proxy configure user sign and user's ownership boortstrap server function, and utilize user ID to search described corresponding relation and orient user attaching boortstrap server function.
Further, described Zn-Proxy orients the backward described user attaching boortstrap server function of user attaching boortstrap server function and sends a request message, and described user attaching boortstrap server function receives that the backward described Zn-Proxy of described request message returns to response message;
Described Zn-Proxy is forwarded to described network application function by the response message of reception, afterwards network application function and user attaching boortstrap server function take Zn-Proxy as agency communicate.
A kind of method and system that realize generic authentication architecture provided by the present invention, no matter whether user is the user in NAF institute home network, NAF all only need with Zn-Proxy direct correlation, be that NAF is without scene is judged, therefore can realize the generic authentication architecture that is easy to maintenance, solved and existingly realized the poor problem of generic authentication architecture maintainability at present, thereby be conducive to the development of communication traffic.
Accompanying drawing explanation
Fig. 1 realizes the system construction drawing of generic authentication architecture in communication field of the present invention;
Fig. 2 realizes the method flow diagram of generic authentication architecture in communication field of the present invention.
Embodiment
For making the object, technical solutions and advantages of the present invention clearer, below in conjunction with drawings and Examples, the present invention is described in further detail.Should be appreciated that specific embodiment described herein, only in order to explain the present invention, is not intended to limit the present invention.
Fig. 1 shows the system construction drawing of realizing generic authentication architecture in a kind of communication field provided by the invention, and this system 100 mainly comprises NAF10, Zn-Proxy20, user attaching BSF30.The user no matter user is NAF10 institute home network is also non-network application function institute home network,
NAF10, for sending communication information to Zn-Proxy20, as being the message of obtaining authentication information, wherein carries user ID, and receives that Zn-Proxy20 forwards after next response message, communicates by Zn-Proxy20 and user attaching BSF30;
Zn-Proxy20, for receiving the communication information that NAF10 sends, and orient user attaching BSF30 according to user ID wherein, also for sending a request message to user attaching BSF30, and be transmitted to NAF10 after receiving the response message that user attaching BSF30 returns; Also, for the agency as between NAF10 and user attaching BSF30, forward the communication information between NAF10 and user attaching BSF30.
Further, can configure user in Zn-Proxy20 corresponding relation between sign and user attaching BSF30, Zn-Proxy20 utilizes user ID to search this corresponding relation and orients user attaching BSF30.
User attaching BSF30, for receiving that backward its of request message that Zn-Proxy20 sends returns to response message, and the agency using Zn-Proxy20 as NAF10 and between user attaching BSF30, by Zn-Proxy20 and NAF10, communicate.
Fig. 2 shows a kind of method that realizes generic authentication architecture provided by the invention, and the method realizes by the system 100 shown in Fig. 1, specifically comprises that step is as follows:
Step S201, when NAF10 need to communicate with certain user's BSF, NAF10 sends communication information to Zn-Proxy20, wherein at least carries user ID;
This user is the user of NAF10 institute home network or the user of visited network.
Step S202, Zn-Proxy20 receives after above-mentioned communication information, according to user ID, orients user attaching BSF30;
Further, can configure user in Zn-Proxy20 corresponding relation between sign and user attaching BSF30, Zn-Proxy20 utilizes user ID to search this corresponding relation and orients user attaching BSF30.
Step S203, Zn-Proxy20 sends a request message to user attaching BSF30, receives that the user attaching BSF30 of request message returns to response message to Zn-Proxy20, and Zn-Proxy20 is forwarded to NAF10 by the response message of reception;
Step S204, NAF10 and user attaching BSF30 be take Zn-Proxy20 and are communicated as agency, and Zn-Proxy20 forwards the communication information between NAF10 and user attaching BSF30.
In summary, the present invention is by NAF10 and Zn-Proxy20 communication, Zn-Proxy20 orients user attaching BSF30, Zn-Proxy20 is as the agency between NAF10 and user attaching BSF30, thereby can realize the generic authentication architecture that is easy to maintenance, solve the current existing poor problem of method and system maintainability that realizes generic authentication architecture, thereby be conducive to the development of communication traffic.
Described herein is only the preferred embodiments of the present invention, is not limited to the present invention, and for a person skilled in the art, the present invention can have various modifications and variations.Therefore, all any modifications of doing within the spirit and principles in the present invention, be equal to replacement, improve and upgrade etc., within all should being included in protection scope of the present invention.
Claims (8)
1. a system that realizes generic authentication architecture, comprising: network application function, Zn interface proxy Zn-Proxy and user attaching boortstrap server function; It is characterized in that, the user no matter user is network application function institute home network is also the user of non-network application function institute home network:
Described network application function is for setting up communication with Zn-Proxy;
Described Zn-Proxy is for orienting described user's user attaching boortstrap server function after communicating by letter with network application function foundation, and the communication information between transmission network application function and user attaching boortstrap server function;
Described user attaching boortstrap server function is for communicating by letter with network application server by Zn-Proxy.
2. the system as claimed in claim 1, is characterized in that:
Described network application function carries user ID while communicating by letter with Zn-Proxy foundation;
Described Zn-Proxy orients user attaching boortstrap server function according to user ID.
3. system as claimed in claim 1 or 2, is characterized in that:
Described Zn-Proxy is also for the corresponding relation between configure user sign and user attaching boortstrap server function, and utilizes user ID to search described corresponding relation and orient user attaching boortstrap server function.
4. the system as claimed in claim 1, is characterized in that:
Described Zn-Proxy also sends a request message for orienting the backward described user attaching boortstrap server function of user attaching boortstrap server function, and the response message of reception is forwarded to described network application function;
Described user attaching boortstrap server function receives that the backward described Zn-Proxy of described request message returns to response message;
Forwarding and user attaching boortstrap server function by Zn-Proxy after network application function is notified communicate.
5. a method that realizes generic authentication architecture, comprise: the user no matter user is network application function institute home network is also non-network application function institute home network, when network application function need to communicate with described user's user attaching boortstrap server function, described network application function is first set up and is communicated by letter with Zn-Proxy, Zn-Proxy orients user attaching boortstrap server function after communicating by letter with network application function foundation, and described network application function and user attaching boortstrap server function communicate by the forwarding of Zn-Proxy afterwards.
6. method as claimed in claim 5, is characterized in that:
Described Zn-Proxy carries user ID while communicating by letter with network application function foundation, and Zn-Proxy orients user attaching boortstrap server function according to user ID.
7. the method as described in claim 5 or 6, is characterized in that:
Corresponding relation between described Zn-Proxy configure user sign and user's ownership boortstrap server function, and utilize user ID to search described corresponding relation and orient user attaching boortstrap server function.
8. method as claimed in claim 5, is characterized in that:
Described Zn-Proxy orients the backward described user attaching boortstrap server function of user attaching boortstrap server function and sends a request message, and described user attaching boortstrap server function receives that the backward described Zn-Proxy of described request message returns to response message;
Described Zn-Proxy is forwarded to described network application function by the response message of reception, afterwards network application function and user attaching boortstrap server function take Zn-Proxy as agency communicate.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN200910202928.7A CN101895861B (en) | 2009-05-22 | 2009-05-22 | Method and system for realizing generic authentication architecture |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN200910202928.7A CN101895861B (en) | 2009-05-22 | 2009-05-22 | Method and system for realizing generic authentication architecture |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN101895861A CN101895861A (en) | 2010-11-24 |
| CN101895861B true CN101895861B (en) | 2014-11-05 |
Family
ID=43104894
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN200910202928.7A Expired - Fee Related CN101895861B (en) | 2009-05-22 | 2009-05-22 | Method and system for realizing generic authentication architecture |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101895861B (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN117597959A (en) * | 2022-06-17 | 2024-02-23 | 北京小米移动软件有限公司 | Authentication and authorization method, device, communication equipment and storage medium |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1717096A (en) * | 2004-06-28 | 2006-01-04 | 华为技术有限公司 | Method for realizing management of connecting visit network using general weight discrimination frame |
| WO2006085170A1 (en) * | 2005-02-14 | 2006-08-17 | Nokia Corporation | Method and apparatus for optimal transfer of data in a wireless communications system |
| CN101047505A (en) * | 2006-03-27 | 2007-10-03 | 华为技术有限公司 | Method and system for setting safety connection in network application PUSH service |
-
2009
- 2009-05-22 CN CN200910202928.7A patent/CN101895861B/en not_active Expired - Fee Related
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1717096A (en) * | 2004-06-28 | 2006-01-04 | 华为技术有限公司 | Method for realizing management of connecting visit network using general weight discrimination frame |
| WO2006085170A1 (en) * | 2005-02-14 | 2006-08-17 | Nokia Corporation | Method and apparatus for optimal transfer of data in a wireless communications system |
| CN101047505A (en) * | 2006-03-27 | 2007-10-03 | 华为技术有限公司 | Method and system for setting safety connection in network application PUSH service |
Also Published As
| Publication number | Publication date |
|---|---|
| CN101895861A (en) | 2010-11-24 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN115460686B (en) | Base station, access and mobility management functional entity and method thereof | |
| CN103096435B (en) | Connect keeping method, device and mobile terminal | |
| US7693098B2 (en) | Method for controlling paging signaling communication with mobile stations within a WLAN network | |
| CN102917333B (en) | The satellite communication system of extensive ICBM SHF satellite terminal and the cut-in method of ICBM SHF satellite terminal | |
| CN104205667A (en) | Techniques and configurations for triggering a plurality of wireless devices | |
| TW200711501A (en) | Method of supporting media independent handover with resource management function in a mobile communication system | |
| CN101582861B (en) | Method of IM specific customer service call, as well as server, client and system thereof | |
| CN106304289B (en) | A kind of method, apparatus and system of indicating discontinuous dispatching data | |
| CN109548113B (en) | Paging method of user equipment and related equipment | |
| CN101204103B (en) | Method and apparatus for reducing latency during wireless connectivity changes | |
| CN102238498A (en) | Method and system for interacting short messages based on Beidou satellite mobile communication system | |
| CN108200128B (en) | Remote meter reading method and system based on eLTE-IoT technology | |
| CN101808014B (en) | Thin AP architecture-based network management scheme and system thereof | |
| CN105681260A (en) | Cloud storage file transmission method, fusion communication platform, sending end and system | |
| CN101909346A (en) | DHCP (Dynamic Host Configuration Protocol) broadcasting method and wireless access controller | |
| CN101437297B (en) | Method, apparatus and system for processing business | |
| CN114039648B (en) | Coverage extension method and device for satellite network | |
| CN102045654A (en) | Asynchronous socket communication method and mobile phone positioning system using same | |
| CN104994485A (en) | System of intelligently selecting network-service receiving-sending short message and method thereof | |
| WO2017031661A1 (en) | Device association method and related device | |
| CN102131311A (en) | Machine-to-machine communication method and device | |
| CN102065389B (en) | Method for receiving and transmitting short messages by mobile terminal and software for implementing same | |
| CN101895861B (en) | Method and system for realizing generic authentication architecture | |
| CN103997796A (en) | Method for processing service data | |
| CN102143532B (en) | Downlink data transmission method and downlink data transmission system in machine type communication system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CF01 | Termination of patent right due to non-payment of annual fee | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20141105 Termination date: 20200522 |