CN102238547B - User session control method, session server, authentication, authorization and accounting (AAA) server and system - Google Patents
User session control method, session server, authentication, authorization and accounting (AAA) server and system Download PDFInfo
- Publication number
- CN102238547B CN102238547B CN2011102024967A CN201110202496A CN102238547B CN 102238547 B CN102238547 B CN 102238547B CN 2011102024967 A CN2011102024967 A CN 2011102024967A CN 201110202496 A CN201110202496 A CN 201110202496A CN 102238547 B CN102238547 B CN 102238547B
- Authority
- CN
- China
- Prior art keywords
- session
- server
- request
- session information
- conversation
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Images
Landscapes
- Computer And Data Communications (AREA)
Abstract
The embodiment of the invention provides a method, a session server, an authentication, authorization and accounting (AAA) server and a system for controlling user sessions in a plurality of networks. The method for authenticating the user sessions in the plurality of networks comprises the following steps of: managing session information according to the types of session information notices transmitted by a plurality of AAA servers in different networks; and authenticating the user sessions according to the session information managed on the session server. The embodiment of the invention manages the session information from the plurality of networks in a centralized way on the session server, and authenticates the user sessions based on the session information to control the user sessions of the plurality of networks in a cross-network way, thereby realizing session number control among the plurality of AAA servers.
Description
Technical field
The embodiment of the present invention relates to data communication field, and more specifically, relate to a kind of for the method at a plurality of network central controls user conversation processed, conversation server, AAA (Authentication, Authorization and Accounting, authentication,authorization,accounting) server and system.
Background technology
Along with data communication service development for many years, there is at present the several data network, for example fixed network broadband, CDMA (Code Division Multiple Access, code division multiple access), WCDMA (Wideband Code Division Multiple Access, Wideband Code Division Multiple Access (WCDMA)) and WiMAX (Worldwide Interoperability for Microwave Access, worldwide interoperability for microwave access) etc.According to normalized definition, every kind of network all needs to build separately a set of aaa server.
Although the aaa server under heterogeneous networks and NAS be (Network Access System, network access equipment) equipment is all by RADIUS (Remote Authentication Dial In User Service, the remote customer dialing authentication system) protocol communication, but the function difference that it is realized, and between aaa server also without any contact.Current, a set of aaa server can be controlled the user conversation number under book server, but the situation that exists a lot of operators more or less to have multiple network operation licence plates and all require many networks unified account number to access when reality is runed.In addition, under some operation scene, operator also requires an account can only access a kind of network by a user, has the session number control and management between many cover aaa servers simultaneously.But, because the aaa server of operator's construction at present is relatively independent, so be difficult to accomplish session number control between many cover aaa servers.
Summary of the invention
It is a kind of for the method at a plurality of network central controls user conversation processed, conversation server, aaa server and system that the embodiment of the present invention provides, and can manage the user profile of a plurality of networks concentratedly, thereby the session number between many cover aaa servers is now controlled.
The aspect according to the embodiment of the present invention, provide a kind of for the method in the session of a plurality of network authenticated user, the method comprises: the type of the session information notice sent according to a plurality of authentication,authorization,accounting aaa servers from being arranged in heterogeneous networks is carried out managing conversation information; And carry out the authenticated user session according to the session information of managing on conversation server.
Another aspect according to the embodiment of the present invention, provide a kind of for being supported in the method for a plurality of network central controls user conversation processed, having comprised: the type of the session information notice sent according to a plurality of authentication,authorization,accounting aaa servers from being arranged in heterogeneous networks is carried out managing conversation information; And control user conversation according to the request message sent from described aaa server.
According to another aspect of the embodiment of the present invention, provide a kind of for being supported in the method for a plurality of network central controls user conversation processed, comprising: according to the type of the charging message received from network access equipment NAS, to conversation server, send the session information notice; When from described NAS, receiving access request, to described conversation server, send a request message and receive corresponding response message; And the response message sent according to described conversation server is to described NAS transmission access response, so that authen session.
Another aspect according to the embodiment of the present invention, provide a kind of for being supported in the conversation server of a plurality of network central controls user conversation processed, comprise: session management unit, the type of the session information notice sent for a plurality of authentication,authorization,accounting aaa servers according to from being positioned at heterogeneous networks is carried out managing conversation information; And Session Control Unit, control user conversation for the request message according to sending from described aaa server.
Another aspect according to the embodiment of the present invention, provide a kind of for being supported in the authentication,authorization,accounting aaa server of a plurality of network central controls user conversation processed, comprise: the session information notification unit, for the type of the charging message according to receiving from network access equipment NAS, to conversation server transmission session information, notify; And first Session Control Unit, for when from described NAS, receiving access request, to described conversation server, send a request message and receive corresponding response message; And second Session Control Unit, send the access response so that authen session for the response message sent according to described conversation server to described NAS.
Another aspect according to the embodiment of the present invention, provide a kind of communication system, comprises conversation server as above and authentication,authorization,accounting aaa server.
The embodiment of the present invention is managed the session information from a plurality of networks concentratedly on conversation server, and carry out the authenticated user session based on this session information, make and can control the user conversation of a plurality of networks by across a network, thereby realized the session number control between many cover aaa servers.
The accompanying drawing explanation
In order to be illustrated more clearly in the technical scheme of the embodiment of the present invention, below will the accompanying drawing of required use in embodiment or description of the Prior Art be briefly described, apparently, accompanying drawing in the following describes is only some embodiments of the present invention, for those of ordinary skills, under the prerequisite of not paying creative work, can also obtain according to these accompanying drawings other accompanying drawing.
Fig. 1 is the schematic diagram illustrated according to an exemplary cellular systems of the embodiment of the present invention.
Fig. 2 is the exemplary flow chart for the method in the session of a plurality of network authenticated user illustrated according to the embodiment of the present invention.
Fig. 3 is the exemplary flow chart illustrated according to the method for management (create, upgrade and delete) session information of the embodiment of the present invention.
Fig. 4 is the exemplary flow chart for the method that is supported in a plurality of network central controls user conversation processed illustrated according to the embodiment of the present invention.
Fig. 5 is the exemplary flow chart for the other method that is supported in a plurality of network central controls user conversation processed illustrated according to the embodiment of the present invention.
Fig. 6 is the exemplary signal flow graph for the process at a plurality of network central controls user conversation processed illustrated according to first embodiment of the invention.
Fig. 7 is the exemplary signal flow graph for the process at a plurality of network central controls user conversation processed illustrated according to second embodiment of the invention.
Fig. 8 illustrates to carry out the exemplary signal flow graph of the process of inquiry session information according to the embodiment of the present invention for external system.
Fig. 9 illustrates to carry out the exemplary signal flow graph of another process of inquiry session information according to the embodiment of the present invention for external system.
Figure 10 is the exemplary block diagram illustrated according to the structure of the conversation server of the embodiment of the present invention.
Figure 11 is the exemplary block diagram illustrated according to the concrete structure of the session management unit of the embodiment of the present invention.
Figure 12 is the exemplary block diagram illustrated according to the concrete structure of the Session Control Unit of the embodiment of the present invention.
Figure 13 is the exemplary block diagram illustrated according to the structure of the aaa server of the embodiment of the present invention.
Embodiment
Below in conjunction with the accompanying drawing in the embodiment of the present invention, the technical scheme in the embodiment of the present invention is clearly and completely described, obviously, described embodiment is the present invention's part embodiment, rather than whole embodiment.Embodiment based in the present invention, those of ordinary skills, not making under the creative work prerequisite the every other embodiment obtained, belong to the scope of protection of the invention.
Technical scheme of the present invention, can be applied to various communication systems, such as: fixed network broadband, CDMA, WCDMA, WiMAX etc.But, the invention is not restricted to this, those skilled in the art can apply the present invention to any suitable network as required.
Can only be controlled at the number of sessions within its scope for a set of aaa server in correlation technique, when many cover AAA exist and during shared user account simultaneously, because do not have any contact between current each aaa server so that can't realize the problem that the number of sessions between many cover aaa servers is controlled, the embodiment of the present invention comprises conversation server at network, for the user session information of centralized stores, management and a plurality of aaa servers of control.
Fig. 1 is the schematic diagram illustrated according to an exemplary cellular systems of the embodiment of the present invention.This network system comprises conversation server 10, by this conversation server 10, the session information of a plurality of networks such as fixed network broadband, CDMA, WCDMA, WiMAX etc. is carried out to centralized stores and management.First interface in Fig. 1 (Int1) creates/upgrades/the deletion user session information for each aaa server announcement session server 10, the embodiment of the present invention does not limit the interface protocol of first interface, when application, can define flexibly as required, such as RADIUS, SOAP (Simple Object Access Protocol, Simple Object Access Protocol) etc.The second interface (Int2) in Fig. 1 for conversation server 10 to each aaa server authen session and each aaa server or external system to conversation server 10 inquiry session information, the embodiment of the present invention does not limit the interface protocol of the second interface yet, when application, can define flexibly as required, such as HTTP (Hyper Text Transfer Protocol, HTML (Hypertext Markup Language)), SOAP etc.
Below, describe with reference to the accompanying drawings the embodiment of the present invention in detail.
Fig. 2 is the exemplary flow chart for the method 20 in the session of a plurality of network authenticated user illustrated according to the embodiment of the present invention.
As shown in Figure 2, in 201 of method 20, the type of the session information notice sent according to a plurality of aaa servers from being arranged in heterogeneous networks is carried out managing conversation information.202, according to the session information of managing, carry out the authenticated user session on conversation server.
The embodiment of the present invention is managed the session information from a plurality of networks concentratedly on conversation server, and carry out the authenticated user session based on this session information, make and can control the user conversation of a plurality of networks by across a network, thereby realized the session number control between many cover aaa servers.
According to the embodiment of the present invention, when the user access a kind of network, during such as one in fixed network broadband, CDMA, WCDMA, WiMAX, aaa server in this network sends the session information notice to conversation server, notify managing conversation information by conversation server according to this session information, specifically create, upgrade and delete session information.
Fig. 3 is the exemplary flow chart illustrated according to the method 30 for management (create, upgrade and delete) session information of the embodiment of the present invention.Can carry out manner of execution 30 by conversation server.
As shown in Figure 3, method 30 301 in, the type of the session information notice that judgement receives from aaa server.
When receiving establishment session information notice from aaa server, in 302, create with this subscriber-related session information and also stored.
When receiving renewal session information notice from aaa server, in 303, upgrade this session information.
When receiving deletion session information notice from described aaa server, in 304, delete this session information.
It should be noted that, in some cases, for example, in very short situation of the time that session is maintained, may not can from aaa server, receive and upgrade the session information notice, but create after session information notifies and created session receiving, receive deletion session information notice through after a while and directly, thereby do not carry out the renewal of session information, only carry out establishment and the deletion of session information.Therefore, 303 in method 30 can be omitted (as shown in phantom in Figure 3).
Below, in connection with object lesson, different embodiments of the invention are described in more detail.In the description of following examples, manage the session information in (create, upgrade and delete) a plurality of networks concentratedly by conversation server, all conversation servers as shown in Figure 1 10, and when carrying out the control of session information, by aaa server, sent a request message, then conversation server is controlled session information according to this request message.In example embodiment of the present invention, the request message that aaa server sends can comprise in session authentication request and session inquiry request, and correspondingly, can carry out the session authentication function by conversation server or aaa server.But the embodiment of the present invention is not limited to this.
Fig. 4 is the exemplary flow chart for the method 40 that is supported in a plurality of network central controls user conversation processed illustrated according to the embodiment of the present invention.Can carry out manner of execution 40 by conversation server (such as the conversation server 10 in Fig. 1).
As shown in Figure 4, method 40 401 in, the type of the session information notice sent according to a plurality of aaa servers from being arranged in heterogeneous networks is carried out managing conversation information, particularly, can create, upgrade and delete session information according to method as shown in Figure 3.
In 402, according to the request message sent from described aaa server, control user conversation.
The embodiment of the present invention by managing the session information from a plurality of networks concentratedly on conversation server, can control the user conversation in a plurality of networks by across a network, thereby realized when user under multi-network environment carrys out access network with same login name, the session number between many cover aaa servers is controlled.
Fig. 5 is the exemplary flow chart for the other method 50 that is supported in a plurality of network central controls user conversation processed illustrated according to the embodiment of the present invention.Can for example, by aaa server (any in fixed network aaa server shown in Figure 1, CDMAAAA server, WCDMAAAA server and WiMAX aaa server), carry out implementation method 50.
As shown in Figure 5, method 50 501 in, send the session information notice according to the type of the charging message received from network access equipment NAS to conversation server.For example, particularly, when the charging message received is while starting accounting request Accounting-Request (Start) message, to conversation server, send and create the session information notice; When described charging message is Intermediate Charging ICH request Accounting-Request (Interim) message, sends and upgrade the session information notice; And when described charging message be while stopping accounting request Accounting-Request (Stop) message, send to delete the session information notice.But, the invention is not restricted to this, can also send corresponding session information notice according to other charging messages.
In 502, when from described NAS, receiving access request, to described conversation server, send a request message and receive corresponding response message.Those skilled in the art can understand, if what send is the session authentication request, receive the session authentication response, and if what send is the session inquiry request, receive the session inquiry response with session information, wherein session information is the session information with session of the login name that the login name of the session corresponding with the session inquiry request is identical.
In 503, the response message sent according to described conversation server sends the access response to described NAS, so that authen session.
The embodiment of the present invention by managing the session information from a plurality of networks concentratedly on conversation server, can control the user conversation in a plurality of networks by across a network, thereby realized when user under multi-network environment carrys out access network with same login name, the session number between many cover aaa servers is controlled.
After this, describe with reference to the accompanying drawings according to more detailed example embodiment of the present invention.
Fig. 6 is the exemplary signal flow graph for the process 60 at a plurality of network central control systems (particularly, being authentication) user conversation illustrated according to first embodiment of the invention.In the first embodiment of the present invention, for example, by conversation server (conversation server in Fig. 1 10), carry out the authenticated user session.In Fig. 6, user A, aaa server (A) and NAS (A) belong to network A, and user B, aaa server (B) and NAS (B) belong to network B.Communication standard interface between its corresponding NAS of each aaa server can be RADIUS.
As shown in Figure 6, in 601, the user A that is arranged in network A is used for example login name of zhangshan domain to initiate access network A.
In 602, NAS (A) sends access request Access-Request message to aaa server (A) after receiving access request.
In 603, aaa server (A) sends a request message to conversation server, is the session authentication request here.
In 604, the conversation server authen session.For example, conversation server determines whether the current sessions quantity of the session with login zhangshan domain by name reaches predetermined maximum number of sessions, and wherein current sessions refers to the session of the login name that existing, as to have the session corresponding with this session authentication request login name (for example zhangshan domain) is identical.What can on conversation server, define flexibly that each session allows should predetermined maximum number of sessions, and for example 1.
In 605, conversation server sends the session authentication response to aaa server (A).When described current sessions quantity is less than described predetermined maximum number of sessions, conversation server sends the session authentication success response to aaa server (A), otherwise, when described current sessions quantity is equal to or greater than described predetermined maximum number of sessions, conversation server sends the session authentication failure response to described aaa server.
In the first embodiment of the present invention, suppose that login name zhangshan@domain is that access network and predetermined maximum number of sessions are 1 first, so current sessions quantity is 0, be less than predetermined maximum number of sessions, thereby conversation server sends the session authentication success response to aaa server (A).Therefore, 606, aaa server (A) sends and accepts Access-Accept message to NAS (A).
Afterwards, in 607, NAS (A) sends Accounting-Request (Start) message to aaa server (A).
In 608, aaa server (A) sends and creates the session information notice to conversation server, and, in 609, conversation server creates the session information relevant with this login name zhangshan@domain.
In 610, aaa server (A) returns and starts charging response Accounting-Response (Start) message to NAS (A).
Here, although described herein, be aaa server in 608 (A) to conversation server send create the session information notice and in 610 aaa server (A) return and start charging response Accounting-Response (Start) message to NAS (A), but it will be appreciated by those skilled in the art that, these two processes are in time without carrying out successively according to described time sequencing, but can walk abreast or carry out with any order.
Through a predetermined amount of time (this predetermined amount of time can above configure at NAS (A)) afterwards, in 611, NAS (A) sends Accounting-Request (Interim) message to aaa server (A).
In 612, aaa server (A) sends and upgrades the session information notice to conversation server, and, in 613, conversation server notifies to upgrade session information according to this renewal session information.
In 614, aaa server (A) returns to Intermediate Charging ICH response Accounting-Response (Interim) message to NAS (A).
Equally, although described herein, be aaa server in 612 (A) to conversation server send upgrade the session information notice and in 614 aaa server (A) return to Intermediate Charging ICH response Accounting-Response (Interim) message to NAS (A), but it will be appreciated by those skilled in the art that, these two processes are in time without carrying out successively according to described time sequencing, but can walk abreast or carry out with any order.
In the situation that user A request is rolled off the production line, in 615, NAS (A) sends Accounting-Request (Stop) message to aaa server (A).
In 616, aaa server (A) sends and deletes the session information notice to conversation server, and, in 617, conversation server is deleted the session information relevant with this login name zhangshan@domain.
In 618, aaa server (A) returns and stops charging response Accounting-Response (Stop) message to NAS (A).
Similarly, although described herein, be aaa server in 616 (A) to conversation server send delete the session information notice and in 618 aaa server (A) return and stop charging response Accounting-Response (Stop) message to NAS (A), but it will be appreciated by those skilled in the art that, these two processes are in time without carrying out successively according to described time sequencing, but can walk abreast or carry out with any order.
Those skilled in the art it should be noted in the discussion above that the step in 611-614 can repeat repeatedly.In addition, if the time of this session persistence is shorter, may when also not passing through described predetermined amount of time, receive Accounting-Request (Stop) message by aaa server (A), thereby conversation server can be deleted session information in the situation that do not upgrade session information.Thereby the step in 611-614 also can be omitted.
In 619, the user B that is arranged in network B is used same login name (zhangshan@domain) to initiate access online request from the B network.
In 620, NAS (B) sends Access-Request message to aaa server (B).
Similarly, in 621, aaa server (B) is to conversation server initiation session authentication request.
In 622, the conversation server authen session.In the situation that user A does not roll off the production line, conversation server finds that the user of login zhangshan domain by name is online, and due to predetermined maximum number of sessions be 1 and current sessions quantity be 1, so, in 623, conversation server returns to the session authentication failure response to aaa server (B).
In 624, aaa server (B) sends admission reject Access-Reject message to NAS (B).
In the first embodiment of the present invention, can only be accessed a kind of demand of network by a user in order to meet login name of Carrier Requirements simultaneously, predetermined maximum number of sessions allowed on conversation server is set to 1, still, the invention is not restricted to this.Those skilled in the art can understand, can on conversation server, define flexibly and should be scheduled to maximum number of sessions, can it be set to arbitrary integer or not do any restriction.For example, in the situation that should be scheduled to maximum number of sessions, be set to 2, the access request of user B also can be accepted.But, if exist user C (not shown) also with same login name zhangshan domain, to initiate network insertion, the access request of user C will be rejected.
In addition, Accounting (Start/Interim/Stop) message is the standard message that the aaa server of heterogeneous networks is supported, the aaa server of heterogeneous networks utilizes these three kinds of standard message to come the trigger notice conversation server to create/upgrade/the deletion session information.Thereby, without using extra trigger notice message.
In the first embodiment of the present invention, aaa server (aaa server (A) and aaa server (B)) sends the session information notice by the first interface on conversation server (Int1 as shown in Figure 6) to conversation server, to create/to upgrade/the deletion session information.The interface protocol of this first interface does not limit, and can define flexibly as required such as RADIUS, SOAP etc. during application.In addition, carry out the transmission of the authentication message between aaa server and conversation server by the second interface on conversation server (Int2 as shown in Figure 6).The interface protocol of this second interface does not limit, and can define flexibly as required such as HTTP, SOAP etc. during application.
Fig. 7 is the exemplary signal flow graph for the process 70 at a plurality of network central control systems (particularly, being authentication) user conversation illustrated according to second embodiment of the invention.In the second embodiment of the present invention, for example, by aaa server (any in fixed network aaa server shown in Figure 1, CDMA aaa server, WCDMA aaa server and WiMAX aaa server), carry out the authenticated user session.With Fig. 6 similarly, in Fig. 7, user A, aaa server (A) and NAS (A) belong to network A, and user B, aaa server (B) and NAS (B) belong to network B.Communication standard interface between its corresponding NAS of each aaa server can be RADIUS.
As shown in Figure 7, in 701, the user A that is arranged in network A is used for example login name of zhangshan domain to initiate access network A.
In 702, NAS (A) sends access request Access-Request message to aaa server (A).
Different from the first embodiment of the present invention, in 703, aaa server (A) sends session inquiry request rather than session authentication request to conversation server.
In 704, conversation server inquiry has the session information of the session of the login name that the login name (zhangshan@domain) of the session corresponding with this session inquiry request is identical, that is to say the session information of the session that the conversation server inquiry is relevant with the login name that will consult comprised in the session inquiry request.
In 705, conversation server sends the session inquiry response to aaa server (A), at this session inquiry response, comprises inquired session information.
In 706, aaa server (A) carrys out authen session according to the session inquiry response received from conversation server, the session information specifically comprised at this session inquiry response.For example, aaa server (A) determines whether the current sessions quantity of the session with login zhangshan domain by name reaches predetermined maximum number of sessions, and wherein current sessions refers to the session of the login name that existing, as to have the session corresponding with this session authentication request login name (for example zhangshan domain) is identical.What can on each aaa server, define flexibly that each session allows should predetermined maximum number of sessions, and can it be set to arbitrary integer or not do any restriction, and for example 1.
In 707, aaa server (A) sends the access response message to NAS (A).Wherein, when described current sessions quantity is less than described predetermined maximum number of sessions, this aaa server (A) sends and accepts message to NAS, and, when described current sessions quantity is equal to or greater than described predetermined maximum number of sessions, to NAS, sends access-reject message.
With the first embodiment similarly, in the second embodiment of the present invention, suppose that login name zhangshan@domain is that access network and predetermined maximum number of sessions are 1 first, so current sessions quantity is 0, be less than predetermined maximum number of sessions, thereby, in 707, aaa server (A) sends and accepts Access-Accept message to NAS (A).
Afterwards, in 708, NAS (A) sends Accounting-Request (Start) message to aaa server (A).
In 709, aaa server (A) sends and creates the session information notice to conversation server, and, in 710, conversation server creates the session information relevant with this login name zhangshan@domain.
In 711, aaa server (A) returns and starts charging response Accounting-Response (Start) message to NAS (A).
Through a predetermined amount of time (this predetermined amount of time can above configure at NAS (A)) afterwards, in 712, NAS (A) sends Accounting-Request (Interim) message to aaa server (A).
In 713, aaa server (A) sends and upgrades the session information notice to conversation server, and, in 714, conversation server notifies to upgrade session information according to this renewal session information.
In 715, aaa server (A) returns to Intermediate Charging ICH response Accounting-Response (Interim) message to NAS (A).
In the situation that user A request is rolled off the production line, in 716, NAS (A) sends Accounting-Request (Stop) message to aaa server (A).
In 717, aaa server (A) sends and deletes the session information notice to conversation server, and, in 718, conversation server is deleted the session information relevant with this login name zhangshan@domain.
In 719, aaa server (A) returns and stops charging response Accounting-Response (Stop) message to NAS (A).
Equally, the step in 712-715 can repeat repeatedly, or also can be omitted in some cases.And, with process in Fig. 6 similarly, can be not according to described time sequencing, but carry out the step in 709 and 711,713 and 715 and 717 and 719 with the word order walked abreast or other are suitable.
In 720, the user B that is arranged in network B is used same login name (zhangshan@domain) to initiate access online request from the B network.
In 721, NAS (B) sends Access-Request message to aaa server (B).
In 722, aaa server (B) is to conversation server initiation session inquiry request.
In 723, the conversation server inquiry session, and send to NAS (B) the session inquiry response that comprises session information in 724.
Then, in 725, aaa server (B) carrys out authen session according to the session inquiry response received from conversation server.For example, in the situation that user A does not roll off the production line, conversation server finds that the user of login zhangshan domain by name is online, and due to predetermined maximum number of sessions be 1 and current sessions quantity be 1, so, in 726, aaa server (B) sends admission reject Access-Reject message to NAS (B).
Can see, the step in 703-706 and 722-725, the signal stream in Fig. 7 is identical with the corresponding signal stream in Fig. 6.
In the second embodiment of the present invention, aaa server (aaa server (A) and aaa server (B)) sends the session information notice by the first interface on conversation server (Int1 as shown in Figure 7) to conversation server, to create/to upgrade/the deletion session information.The interface protocol of this first interface does not limit, and can define flexibly as required such as RADIUS, SOAP etc. during application.In addition, carry out the transmission of the query messages between aaa server and conversation server by the second interface on conversation server (Int2 as shown in Figure 7).The interface protocol of this second interface does not limit, and can define flexibly as required such as HTTP, SOAP etc. during application.
The difference of the second embodiment of the present invention and the first embodiment is, the second embodiment controls (authentication) function by session and is advanced on aaa server and realizes, thereby can take full advantage of the aaa server existed in existing network substantially all supports the characteristics of the function that session number is controlled to realize the conversation control function of many networks, and without carrying out too large change, thereby structurally be easier to integrated and realize.But, if there is the specific demand of revising verification process, operator need to all modify on every cover aaa server, workload is larger, at this moment, the scheme of first embodiment of the invention more easily realizes, because as long as revise and once can complete on conversation server.
According to the embodiment of the present invention, by concentrate the session information of preserving a plurality of networks on conversation server, solved when the next user of many network A AA server scene uses same login name access online the control problem to session number, and the embodiment of the present invention can utilize existing charging message (Accounting (Start/Interim/Stop)) to come the trigger notice conversation server to create/upgrade/the deletion session information, and, without extra triggering signaling, saved Internet resources.
In addition, according to the embodiment of the present invention, described the second interface is except can, for session authentication function and session query function between conversation server and aaa server, inquiring about for the session between conversation server and external system.
Fig. 8 illustrates to carry out the exemplary signal flow graph of the process 80 of inquiry session information according to the embodiment of the present invention for external system.
As shown in Figure 8,801, the user uses login name (for example zhangshan@domain) to initiate the network insertion request, and by success identity.Here, omitted the concrete steps about the session authentication process, those skilled in the art can adopt the method in the first embodiment of the present invention or the second embodiment as required, or can also adopt other suitable methods to carry out the authenticated user session.
In 802, NAS sends Accounting-Request (Start) message to aaa server.
In 803, aaa server sends and creates the session information notice to conversation server by first interface Int1, and, in 804, conversation server creates the session information relevant with this user's login name.
In 805, aaa server returns and starts charging response Accounting-Response (Start) message to NAS.
In 806, external system sends the session inquiry request by the second interface Int2 to conversation server.
In 807, conversation server inquiry has the session information of the session of the login name that the login name of the session corresponding with received session inquiry request is identical.
In 808, conversation server sends the session inquiry response by the second interface Int2 to described external system, and this session inquiry response comprises the session information inquired.
Through a predetermined amount of time (this predetermined amount of time can configure on NAS) afterwards, in 809, NAS sends Accounting-Request (Interim) message to aaa server.
In 810, aaa server sends and upgrades the session information notice to conversation server by first interface Int1, and, in 811, conversation server upgrades session information.
In 812, aaa server returns to Intermediate Charging ICH response Accounting-Response (Interim) message to NAS.
In 813, NAS sends Accounting-Request (Stop) message to aaa server.
In 814, aaa server sends and deletes the session information notice to conversation server by first interface Int1, and, in 815, conversation server is deleted the session information relevant with this login name zhangshan@domain.
In 816, aaa server returns and stops charging response Accounting-Response (Stop) message to NAS.And, with process in Fig. 6 and Fig. 7 similarly, can be not according to described time sequencing, but carry out the step in 803 and 805,810 and 812 and 814 and 816 with the word order walked abreast or other are suitable.
Equally, the step in 809-812 can repeat repeatedly, or also can be omitted in some cases.
In the process 80 shown in Fig. 8, external system sends the session inquiry request after session information creates and before upgrading, thereby the session information inquired is the raw information created.Those skilled in the art can understand, external system can at any time send inquiry request, for example, after session information is updated.
Fig. 9 be illustrate according to the embodiment of the present invention carry out the exemplary signal flow graph of another process 90 of inquiry session information for external system, wherein, external system sends inquiry request after session information is updated, thus the session information after being upgraded.In addition, the process 90 in Fig. 9 is substantially similar with the process 80 in Fig. 8, so here other guide is repeated no more.
In addition, external system sends the session inquiry request before also may or creating session information after deleting session information, and at this moment conversation server can send the non-existent session inquiry response of indication session information to external system.
According to the embodiment of the present invention, additionally provide the query function of the session between conversation server and external system by the second interface, so that external system is at some necessary inquiry under condition users' session information, such as inquiring user whether positional information, the inquiring user of online, inquiring user access way, according to the counter login name of looking into the user in IP (Internet Protocol, Internet Protocol) address or phone number information, etc.Thereby external system, by only to conversation server, sending the session inquiry request, can simply and easily obtain the session information of the user in a plurality of networks.
Figure 10 is the exemplary block diagram illustrated according to the structure of the conversation server 10 of the embodiment of the present invention.
As shown in figure 10, conversation server 10 can comprise session management unit 1001 and Session Control Unit 1002.
The type of the session information notice that session management unit 1001 sends for a plurality of authentication,authorization,accounting aaa servers according to from being positioned at heterogeneous networks is carried out managing conversation information.Session Control Unit 1002 is controlled user conversation for the request message according to sending from described aaa server.
The embodiment of the present invention by managing the session information from a plurality of networks concentratedly on conversation server, can control the user conversation in a plurality of networks by across a network, thereby realized when user under multi-network environment carrys out access network with same login name, the session number between many cover aaa servers is controlled.
Figure 11 is the exemplary block diagram illustrated according to the concrete structure of the session management unit 1001 of the embodiment of the present invention.
As shown in figure 11, session management unit 1001 can comprise conversation establishing device 1101, session updates device 1102 and session canceller 1103.
Conversation establishing device 1101, for when receiving establishment session information notice from described aaa server, creates session information and is also stored.Session updates device 1102, for when receiving renewal session information notice from described aaa server, upgrades this session information.Session canceller 1103, for when receiving deletion session information notice from described aaa server, is deleted this session information.
The each several part of session management unit 1001 can be carried out as the correlation step in Fig. 6-Fig. 9, for for simplicity, repeats no more here.
Figure 12 is the exemplary block diagram illustrated according to the concrete structure of the Session Control Unit 1002 of the embodiment of the present invention.
As shown in figure 12, Session Control Unit 1002 can comprise session authentication module 1201 and session enquiry module 1202.
Session authentication module 1201 for: receive the session authentication request from described aaa server; Authen session; And send the session authentication response to described aaa server.Session enquiry module 1202 for: receive the session inquiry request from described aaa server; Inquiry has the session information of the session of the login name that the login name of the session corresponding with this session inquiry request is identical; And the session inquiry response that there is session information to described aaa server transmission.In addition, session enquiry module 1202 can also for: receive the session inquiry request from external system; Inquiry has the session information of the session of the login name that the login name of the session corresponding with this session inquiry request is identical; And the session inquiry response that there is session information to described external system transmission.
Session authentication module 1201 can be carried out session authentication according to the described authentication method of reference Fig. 6, and session enquiry module 1202 can according to the described querying method of reference Fig. 7-Fig. 8 carry out and aaa server or external system between session inquiry.
It should be noted in the discussion above that when by aaa server, carrying out authentication function, Session Control Unit 1002 can only comprise session enquiry module 1202,, in this case, can omit session authentication module 1201 that is.
In addition, conversation server 10 can also comprise first interface and the second interface (not shown), wherein, first interface is for communicating by letter between the session management unit of described conversation server and described a plurality of aaa servers, and communicating by letter between the second interface Session Control Unit of being used for described conversation server and described a plurality of aaa servers or external system.Described first interface and the second interface correspond respectively to Int1 and the Int2 in Fig. 6-Figure 10.
Figure 13 is the exemplary block diagram illustrated according to the structure of the aaa server 1300 of the embodiment of the present invention.The non-limitative example of this aaa server 1300 can be any in the fixed network aaa server shown in Fig. 1, CDMAAAA server, WCDMAAAA server and WiMAX aaa server.
As shown in figure 13, aaa server 1300 can comprise session information notification unit 1301, the first Session Control Unit 1302 and the second Session Control Unit 1303.
Session information notification unit 1301 sends the session information notice for the type of the charging message according to receiving from network access equipment NAS to conversation server.The first Session Control Unit 1302, for when from described NAS, receiving access request, sends a request message and receives corresponding response message to described conversation server.The second Session Control Unit 1303 sends the access response so that authen session for the response message sent according to described conversation server to described NAS.
The embodiment of the present invention by managing the session information from a plurality of networks concentratedly on conversation server, can control the user conversation in a plurality of networks by across a network, thereby realized when user under multi-network environment carrys out access network with same login name, the session number between many cover aaa servers is controlled.
The each several part of aaa server 1300 can be carried out relative process as described in reference to Figure 5, repeats no more here.For example, session information notification unit 1301 sends and creates the session information notice when the charging message received from NAS is Accounting-Request (Start) message, send when charging message is Accounting-Request (Interim) message and upgrade the session information notice, and send deletion session information notice when charging message is Accounting-Request (Stop) message.
In addition, when described aaa server 1300 is not carried out session authentication, when aaa server 1300 receives access request from NAS, described the first Session Control Unit 1302 for example, sends the session authentication request and receives the session authentication response from described conversation server to conversation server (conversation server 10), and, when the session authentication response received from described conversation server is the session authentication success response, send and accept message to described NAS by described the second Session Control Unit 1303, and when the session authentication response received from described conversation server is the session authentication failure response, described the second Session Control Unit 1303 sends access-reject message to described NAS.
On the other hand, when by described aaa server 1300, carrying out session authentication, when from described NAS, receiving access request, described the first Session Control Unit 1302 sends the session inquiry request and receives the session inquiry response with session information from described conversation server to described conversation server, and, by described the second Session Control Unit 1303, according to the session information comprised at described session inquiry response, carry out authen session.The second Session Control Unit 1303 can adopt as with reference to the described method of Fig. 7, carried out verification process.
In addition, can comprise above-mentioned conversation server and aaa server according to the communication system of the embodiment of the present invention.
Those of ordinary skills can recognize, unit and the algorithm steps of each example of describing in conjunction with embodiment disclosed herein, can realize with electronic hardware, computer software or the combination of the two, for the interchangeability of hardware and software clearly is described, composition and the step of each example described according to function in the above description in general manner.These functions are carried out with hardware or software mode actually, depend on application-specific and the design constraint of technical scheme.The professional and technical personnel can specifically should be used for realizing described function with distinct methods to each, but this realization should not thought and exceeds scope of the present invention.
The those skilled in the art can be well understood to, and for convenience and simplicity of description, the specific works process of the system of foregoing description, device and unit, can, with reference to the corresponding process in preceding method embodiment, not repeat them here.
In the several embodiment that provide in the application, should be understood that disclosed system, apparatus and method can realize in other way.For example, device embodiment described above is only schematic, for example, the division of described unit, be only that a kind of logic function is divided, during actual the realization, other dividing mode can be arranged, for example a plurality of unit or assembly can in conjunction with or can be integrated into another system, or some features can ignore, or do not carry out.Another point, shown or discussed coupling each other or direct-coupling or communication connection can be by some interfaces, indirect coupling or the communication connection of device or unit can be electrically, machinery or other form.
The described unit as the separating component explanation can or can not be also physically to separate, and the parts that show as unit can be or can not be also physical locations, both can be positioned at a place, or also can be distributed on a plurality of network element.Can select according to the actual needs some or all of unit wherein to realize the purpose of the present embodiment scheme.
In addition, each functional unit in each embodiment of the present invention can be integrated in a processing unit, can be also that the independent physics of unit exists, and also can be integrated in a unit two or more unit.Above-mentioned integrated unit both can adopt the form of hardware to realize, also can adopt the form of SFU software functional unit to realize.
If the form of SFU software functional unit of usining described integrated unit realizes and during as production marketing independently or use, can be stored in a computer read/write memory medium.Understanding based on such, the all or part of of the part that technical scheme of the present invention contributes to prior art in essence in other words or this technical scheme can embody with the form of software product, this computer software product is stored in a storage medium, comprise that some instructions are with so that a computer equipment (can be personal computer, server, or the network equipment etc.) carry out all or part of step of the described method of each embodiment of the present invention.And aforesaid storage medium comprises: USB flash disk, portable hard drive, read-only memory (ROM, Read-Only Memory), the various media that can be program code stored such as random access memory (RAM, Random Access Memory), magnetic disc or CD.
Also it is pointed out that in apparatus and method of the present invention, obviously, each parts or each step can decompose and/or reconfigure.These decomposition and/or reconfigure and should be considered as equivalents of the present invention.And, carry out the step of above-mentioned series of processes and can order naturally following the instructions carry out in chronological order, but do not need necessarily to carry out according to time sequencing.Some step can walk abreast or carry out independently of one another, for example, the session authentication process between conversation server and aaa server can and conversation server and external system between the session query script sequentially, carry out independently concurrently or with any order.
The above; be only the specific embodiment of the present invention, but protection scope of the present invention is not limited to this, anyly is familiar with those skilled in the art in the technical scope that the present invention discloses; can expect easily changing or replacing, within all should being encompassed in protection scope of the present invention.Therefore, protection scope of the present invention should be as the criterion by the described protection range with claim.
Claims (10)
1. one kind for the method in the session of a plurality of network authenticated user, it is characterized in that, the method comprises:
The type of the session information notice sent according to a plurality of authentication,authorization,accounting aaa servers from being arranged in heterogeneous networks is carried out managing conversation information;
Carry out the authenticated user session according to the session information of managing on conversation server,
The session authentication information that wherein said basis is managed on conversation server comes the authenticated user session to comprise:
Send the session authentication request to described conversation server, by described conversation server authen session, to described aaa server, send the session authentication response,
Wherein saidly by described conversation server authen session, comprised: determine whether current sessions quantity reaches predetermined maximum number of sessions, wherein current sessions is the session of the login name that login name existing, that have the session corresponding with this session authentication request is identical, describedly send the session authentication response to described aaa server and comprise: when described current sessions quantity is less than described predetermined maximum number of sessions, to described aaa server, send the session authentication success response; And, when described current sessions quantity is equal to or greater than described predetermined maximum number of sessions, to described aaa server, send the session authentication failure response.
2. method according to claim 1, is characterized in that, the type of the session information notice that described basis sends from aaa server come managing conversation information comprise following operation at least one:
When receiving establishment session information notice from described aaa server, create session information and also stored;
When receiving renewal session information notice from described aaa server, upgrade this session information; And
When receiving deletion session information notice from described aaa server, delete this session information.
3. method according to claim 1 and 2, is characterized in that, also comprises:
Receive the session inquiry request from external system;
Inquiry has the session information of the session of the login name that the login name of the session corresponding with this session inquiry request is identical; And
Send the session inquiry response with session information to described external system.
4. one kind for being supported in the method for a plurality of network central controls user conversation processed, it is characterized in that, comprising:
Send the session information notice according to the type of the charging message received from network access equipment NAS to conversation server;
When from described NAS, receiving access request, send a request message and receive corresponding response message to described conversation server, wherein, described send a request message and receive corresponding response message to described conversation server comprise: send the session inquiry request to described conversation server, the session information of the session of the login name that the login name that has the session corresponding with this session inquiry request by described conversation server inquiry is identical; And the session inquiry response that there is session information from described conversation server reception; And
The response message sent according to described conversation server sends the access response to described NAS, so that authen session, the wherein said response message sent according to described conversation server sends the access response so that authen session comprises to described NAS: according to the session information comprised at described session inquiry response, carry out authen session, wherein said authen session comprises: determine whether current sessions quantity reaches predetermined maximum number of sessions, wherein current sessions is existing, session with login name that the login name of the session corresponding with this session authentication request is identical, and when described current sessions quantity is less than described predetermined maximum number of sessions, send and accept message to NAS, and when described current sessions quantity is equal to or greater than described predetermined maximum number of sessions, send access-reject message to NAS.
5. method according to claim 4, is characterized in that, the type of the charging message that described basis receives from network access equipment NAS sends the session information notice to conversation server and comprises:
When described charging message is while starting accounting request Accounting-Request (Start) message, send and create the session information notice;
When described charging message is Intermediate Charging ICH request Accounting-Request (Interim) message, sends and upgrade the session information notice; And
When described charging message is while stopping accounting request Accounting-Request (Stop) message, send and delete the session information notice.
6. one kind for being supported in the conversation server of a plurality of network central controls user conversation processed, it is characterized in that, comprising:
Session management unit, the type of the session information notice sent for a plurality of authentication,authorization,accounting aaa servers according to from being positioned at heterogeneous networks is carried out managing conversation information; And
Session Control Unit, control user conversation for the request message according to sending from described aaa server, wherein said Session Control Unit, specifically for from described aaa server, receiving the session authentication request, determine whether current sessions quantity reaches predetermined maximum number of sessions, wherein current sessions is existing, session with login name that the login name of the session corresponding with this session authentication request is identical, when described current sessions quantity is less than described predetermined maximum number of sessions, send the session authentication success response to described aaa server, when described current sessions quantity is equal to or greater than described predetermined maximum number of sessions, send the session authentication failure response to described aaa server.
7. conversation server according to claim 6, is characterized in that,
Described session management unit, specifically for when receiving establishment session information notice from described aaa server, create session information and stored, when receiving renewal session information notice from described aaa server, upgrade this session information, and, when receiving deletion session information notice from described aaa server, delete this session information.
8. according to the described conversation server of claim 6 or 7, it is characterized in that,
Described Session Control Unit, also for from external system, receiving the session inquiry request, inquiry has the session information of the session of the login name that the login name of the session corresponding with this session inquiry request is identical, and sends the session inquiry response with session information to described external system.
9. one kind for being supported in the authentication,authorization,accounting aaa server of a plurality of network central controls user conversation processed, it is characterized in that, comprising:
The session information notification unit, notify to conversation server transmission session information for the type of the charging message according to receiving from network access equipment NAS; And
The first Session Control Unit, for when from described NAS, receiving access request, send a request message and receive corresponding response message to described conversation server, wherein said the first Session Control Unit, specifically for to described conversation server, sending the session inquiry request, receive the session inquiry response with session information from described conversation server; And
The second Session Control Unit, send the access response so that authen session for the response message sent according to described conversation server to described NAS, wherein said the second Session Control Unit, carry out authen session specifically for the session information according to comprising at described session inquiry response, wherein said authen session comprises: determine whether current sessions quantity reaches predetermined maximum number of sessions, wherein current sessions is existing, session with login name that the login name of the session corresponding with this session authentication request is identical, and when described current sessions quantity is less than described predetermined maximum number of sessions, send and accept message to NAS, and when described current sessions quantity is equal to or greater than described predetermined maximum number of sessions, send access-reject message to NAS.
10. aaa server according to claim 9, is characterized in that,
Described session information notification unit, specifically for being while starting accounting request Accounting-Request (Start) message when described charging message, sending and create the session information notice; When described charging message is Intermediate Charging ICH request Accounting-Request (Interim) message, sends and upgrade the session information notice; And when described charging message be while stopping accounting request Accounting-Request (Stop) message, send to delete the session information notice.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2011102024967A CN102238547B (en) | 2011-07-19 | 2011-07-19 | User session control method, session server, authentication, authorization and accounting (AAA) server and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2011102024967A CN102238547B (en) | 2011-07-19 | 2011-07-19 | User session control method, session server, authentication, authorization and accounting (AAA) server and system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN102238547A CN102238547A (en) | 2011-11-09 |
| CN102238547B true CN102238547B (en) | 2013-12-04 |
Family
ID=44888649
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2011102024967A Expired - Fee Related CN102238547B (en) | 2011-07-19 | 2011-07-19 | User session control method, session server, authentication, authorization and accounting (AAA) server and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102238547B (en) |
Families Citing this family (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2015013685A1 (en) | 2013-07-25 | 2015-01-29 | Convida Wireless, Llc | End-to-end m2m service layer sessions |
| CN103490935B (en) * | 2013-09-30 | 2017-04-12 | 华为技术有限公司 | User conversation monitoring method and device |
| WO2017218785A1 (en) | 2016-06-15 | 2017-12-21 | Convida Wireless, Llc | Grant-less uplink transmission for new radio |
| EP3482566B1 (en) | 2016-07-08 | 2024-02-28 | InterDigital Madison Patent Holdings, SAS | Systems and methods for region-of-interest tone remapping |
| WO2018097947A2 (en) | 2016-11-03 | 2018-05-31 | Convida Wireless, Llc | Reference signals and control channels in nr |
| CN108347449B (en) * | 2017-01-23 | 2021-05-07 | 阿里巴巴集团控股有限公司 | Method and equipment for managing remote login |
| US11765406B2 (en) | 2017-02-17 | 2023-09-19 | Interdigital Madison Patent Holdings, Sas | Systems and methods for selective object-of-interest zooming in streaming video |
| EP3858023A1 (en) | 2018-09-27 | 2021-08-04 | Convida Wireless, Llc | Sub-band operations in unlicensed spectrums of new radio |
| CN112653653B (en) * | 2019-10-11 | 2023-08-22 | 中兴通讯股份有限公司 | Communication circuit management method, network equipment and storage medium |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1553741A (en) * | 2003-05-30 | 2004-12-08 | ��Ϊ��������˾ | Method and system for providing user network roam |
| CN101069382A (en) * | 2004-09-30 | 2007-11-07 | 株式会社Kt | Apparatus and method for integrated billing management by real-time session management in wire/wireless integrated service network |
| CN101150853A (en) * | 2007-10-29 | 2008-03-26 | 华为技术有限公司 | A network system, policy management control server and policy management control method |
| CN101442473A (en) * | 2007-11-23 | 2009-05-27 | 华为技术有限公司 | Method, equipment and system for managing access session control policy |
| CN101820606A (en) * | 2010-04-21 | 2010-09-01 | 中兴通讯股份有限公司 | Authentication and authorization charging server and message processing method |
| CN102036270A (en) * | 2010-12-16 | 2011-04-27 | 中兴通讯股份有限公司 | AAA implementation method and AAA server |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7562393B2 (en) * | 2002-10-21 | 2009-07-14 | Alcatel-Lucent Usa Inc. | Mobility access gateway |
-
2011
- 2011-07-19 CN CN2011102024967A patent/CN102238547B/en not_active Expired - Fee Related
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1553741A (en) * | 2003-05-30 | 2004-12-08 | ��Ϊ��������˾ | Method and system for providing user network roam |
| CN101069382A (en) * | 2004-09-30 | 2007-11-07 | 株式会社Kt | Apparatus and method for integrated billing management by real-time session management in wire/wireless integrated service network |
| CN101150853A (en) * | 2007-10-29 | 2008-03-26 | 华为技术有限公司 | A network system, policy management control server and policy management control method |
| CN101442473A (en) * | 2007-11-23 | 2009-05-27 | 华为技术有限公司 | Method, equipment and system for managing access session control policy |
| CN101820606A (en) * | 2010-04-21 | 2010-09-01 | 中兴通讯股份有限公司 | Authentication and authorization charging server and message processing method |
| CN102036270A (en) * | 2010-12-16 | 2011-04-27 | 中兴通讯股份有限公司 | AAA implementation method and AAA server |
Also Published As
| Publication number | Publication date |
|---|---|
| CN102238547A (en) | 2011-11-09 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN102238547B (en) | User session control method, session server, authentication, authorization and accounting (AAA) server and system | |
| CN110516007B (en) | Deployment control method, device, equipment and medium of block chain network | |
| CN103746812B (en) | A kind of access authentication method and system | |
| CN102629929B (en) | Method and system and device for obtaining data | |
| CN110493184B (en) | Method and device for processing login page in client and electronic device | |
| EP3386167B1 (en) | Cloud operation interface sharing method, related device and system | |
| CN112188493B (en) | Authentication method, system and related equipment | |
| CN112800411B (en) | Multi-protocol and multi-mode supporting safe and reliable identity authentication method and device | |
| US9521187B2 (en) | Managed filed transfer utilizing dynamic horizontal and vertical scaling | |
| KR20190017997A (en) | Security configuration of cloud computing nodes | |
| CN106453576B (en) | A kind of exchange method, system and control centre based on mixing cloud platform | |
| CN105227321A (en) | Information processing method, server and client | |
| CN103501344A (en) | Method and system for realizing single sign-on of plurality of applications | |
| CN111935110B (en) | Method and device for controlling permission of tenant to access container instance | |
| CN105323237A (en) | Authority delegation system, method and authentication server system | |
| CN105812479A (en) | Request and device of permission and acquisition method and device | |
| CN109597643A (en) | Using gray scale dissemination method, device, electronic equipment and storage medium | |
| CN103581111A (en) | Communication method and system | |
| CN102571446A (en) | Method, device and system for upgrading network device | |
| CN113568970A (en) | Application service data management method, device, equipment and storage medium | |
| CN103179080A (en) | Cloud computer system for internet users and cloud computer connection method | |
| CN102523220A (en) | Web authentication method, and client and access layer device used for web authentication | |
| CN105991610A (en) | Method and device for logging into application server | |
| CN101588359A (en) | Software on-demand update method based on network and system thereof | |
| CN103138961B (en) | server control method, controlled server and central control server |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20131204 Termination date: 20170719 |