CN102752746A - Authentication notifying method and system - Google Patents

Authentication notifying method and system Download PDF

Info

Publication number
CN102752746A
CN102752746A CN2011101006779A CN201110100677A CN102752746A CN 102752746 A CN102752746 A CN 102752746A CN 2011101006779 A CN2011101006779 A CN 2011101006779A CN 201110100677 A CN201110100677 A CN 201110100677A CN 102752746 A CN102752746 A CN 102752746A
Authority
CN
China
Prior art keywords
authentication
bng
address
message
request
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN2011101006779A
Other languages
Chinese (zh)
Other versions
CN102752746B (en
Inventor
尤建洁
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
ZTE Corp
Original Assignee
ZTE Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by ZTE Corp filed Critical ZTE Corp
Priority to CN201110100677.9A priority Critical patent/CN102752746B/en
Priority to PCT/CN2012/071293 priority patent/WO2012142867A1/en
Publication of CN102752746A publication Critical patent/CN102752746A/en
Application granted granted Critical
Publication of CN102752746B publication Critical patent/CN102752746B/en
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • H04W12/069Authentication using certificates or pre-shared keys

Abstract

The invention discloses an authentication notifying method, which comprises the following steps that a BBF (broadband forum) authentication, authorization and accounting (AAA) unit sends the MAC (medium access control) address of UE (user equipment) to broadband network gateway (BNG) control equipment when the UE is accessed to a BBF access network and further passes authentication; or when the UE is accessed to the BBF access network and requests an IP (internet protocol) address, the BNG control equipment checks whether the UE passes the authentication or not, and when the BNG control equipment determines that the authentication information of the UE does not exist, the authentication information of the UE is acquired from the AAA unit; or when the UE is accessed to the BFF access network and requests the IP address, a residence gateway (RG) checks whether the UE passes the authentication or not, and when the UE is determined to pass the authentication, the RG notifies the BNG control equipment that the UE passes the authentication. The invention also provides an authentication notifying system. According to the technical scheme disclosed by the invention, the BNG control equipment can know whether the UE requesting to access passes the authentication or not in time.

Description

A kind of authentication notification method and system
Technical field
The present invention relates to moving communicating field, relate in particular to a kind of authentication notification method and system.
Background technology
Along with development of internet technology and the user demand to business, the terminal is multimodeization gradually, can be chosen in dissimilar access networks and insert, to carry multifarious business.The various network connection has different characteristic and transmittability, so that can satisfy user's demand various to business better.At present; Multimode terminal can be realized the seamless link between the dissimilar radio access network; UMTS (UMTS like honeycomb; Universal Mobile Telecommunications System), enhanced data rates for gsm evolution technology (EDGE; Enhanced Data Rate for GSM Evolution), the seamless link between the WLAN (WLAN, Wireless Local Area Networks) among general packet radio service technology (GPRS, General Packet Radio Service) and the IEEE 802.11.WLAN can provide very high data rate in family and hot spot region among a small circle, and cellular network can provide higher flexibility and ubiquitous covering, but data rate is lower; If can combine both advantages, the user will benefit from it.In the coverage of wlan access point, multimode terminal utilizes WLAN to carry out the application of the data access and the networking telephone (VoIP, Voice over Internet Protocol), can also use overlapping cellular network simultaneously, carries out audio call or media interviews.
At present; International Standards Organization is all carrying out the standardized work of the network architecture, like third generation partner program (3GPP, The 3rd Generation Partnership Project) definition mobile network architecture; Broadband forum (BBF, Broadband Forum) definition fixed network architectures; Wherein in the fixed network architectures of BBF definition, mainly exist following two kinds of subscriber equipmenies (UE, User Equipment) to insert the BBF access network after, the method for authentication and address assignment:
Fig. 1 is the schematic flow sheet of the method for authentication and address assignment in the prior art; As shown in Figure 1; UE sends to wideband network gateway control appliance (BNG, Broadband NetworkGatewny) with message identifying, arrives authentication unit (AAA at last; Authentication AuthorizationAccounting) accomplishes authentication; And by DynamicHost agreement (DHCP, Dynamic HostConfiguration Protocol) server to be set be UE distributing IP address, and detailed process is following:
UE initiates DHCP Discovery request message to BNG, carries in the request message and is encoded to 60 selection field (Option60); Middle by way of the network equipment be 82 selection field (Option82) according to the related specifications label coding; BNG receives the request message of UE then, mark Option82, and directly the request message relaying is transmitted to Dynamic Host Configuration Protocol server.After Dynamic Host Configuration Protocol server is received the request message of UE; Extract the relevant information in the request message; Required user name (User name) and the NAS port-mark (Nas-Port-ID) of structure authentication; Deliver to remote customer dialing authentication system (RADIUS, RemoteAuthentication Dial In User Service) and carry out authentication.RADIUS carries out authentication to UE, if authentication is not passed through, then returns the refusal message and gives Dynamic Host Configuration Protocol server, and Dynamic Host Configuration Protocol server is replied DHCP command response incorrect (DHCP Nack) message and given BNG; If authentication is passed through, then beam back authentication through information to Dynamic Host Configuration Protocol server, wherein carry some association attributeses of UE; Dynamic Host Configuration Protocol server is that UE distributes corresponding IP address according to UE different service information, and the user can normally use business then; Wherein, can be Broadband Remote Access Server (BRAS, Broadband RemoteAccess Server) or business router (SR, Service Router) for different equipment B NG.
Fig. 2 be in the prior art via the schematic flow sheet of the authentication of residential gateway (RG, Residence Gateway), as shown in Figure 2, in verification process, UE sends to RG with message identifying, RG with the message identifying encapsulation process after, send to AAA; If authentication is passed through, AAA will preserve the Media Access Control address (MAC, Medium/Media Access Control) of UE, and in the address assignment stage, AAA gives UE distributing IP address according to MAC Address.
There is following defective in prior art: in verification process, UE sends to RG with message identifying, via after the RG encapsulation process message identifying being sent to the authentication (authentication authorization and accounting is through the mode among Fig. 2, without BNG) that AAA accomplishes UE; But, in the address assignment stage, be to be that the user carries out IP address assignment by Dynamic Host Configuration Protocol server, in this case, because BNG and whether do not know UE through authentication, so can't to trigger Dynamic Host Configuration Protocol server be UE distributing IP address.
Summary of the invention
In view of this, main purpose of the present invention is to provide a kind of authentication notification method and system, and BNG can know in time that whether the UE of request access is through authentication.
For achieving the above object, technical scheme of the present invention is achieved in that
The present invention provides a kind of authentication notification method, comprising:
UE access band forum (BBF) access network and during through authentication, BBF authentication unit (AAA) sends to wideband network gateway control appliance (BNG) with the MAC Address of UE.
In the said method, this method also comprises:
When UE request IP address, and BNG is when confirming said UE through authentication, and it is said UE distributing IP address that BNG triggering DynamicHost is provided with agreement (DHCP) server.
In the said method; Said UE request IP address is: UE is through route requests (Router Solicitation) message request IPv6 address; Or UE is through DHCP request (DHCP Solicit) message request IPv6 address, or UE finds (DHCP Discover) message request IPv4 address through DHCP.
The present invention provides a kind of authentication notification method, comprising:
UE inserts the BBF access network, and during request IP address, whether BNG checks said UE through authentication, when the authentication information of definite not this UE of BNG, obtains the authentication information of UE from AAA.
In the said method, this method also comprises:
After confirming that according to said authentication information UE is through authentication, it is UE distributing IP address that BNG triggers Dynamic Host Configuration Protocol server.
In the said method, said UE request IP address is:
UE is through Router Solicitation message request IPv6 address, or UE is through DHCP Solicit message request IPv6 address, or UE is through DHCP Discover message request IPv4 address.
The present invention provides a kind of authentication notification method, comprising:
UE inserts the BBF access network, and during request IP address, whether said UE is through authentication in residential gateway (RG) inspection, and as definite said UE during through authentication, RG notifies the said UE of BNG through authentication.
In the said method, this method also comprises:
It is UE distributing IP address that BNG triggers Dynamic Host Configuration Protocol server.
In the said method,
Said UE request IP address is: UE is through DHCP Discover message request IPv4 address;
The said UE of said RG notice BNG through authentication is: RG sends to BNG with said DHCP Discover message.
He provides a kind of authentication notification system the present invention, comprising: BBF AAA and BNG; Wherein,
BBF AAA is used for that UE inserts the BBF access network and during through authentication, and the MAC Address of UE is sent to BNG;
BNG is used to receive the MAC Address of UE.
In the said system,
Said BNG also is used for, and when UE request IP address, and when confirming said UE through authentication, the triggering Dynamic Host Configuration Protocol server is said UE distributing IP address.
The present invention provides a kind of authentication notification system, comprising: BNG and AAA; Wherein,
BNG is used for UE and inserts the BBF access network, and during request IP address, whether checks said UE through authentication, and when the authentication information of definite not this UE, obtains the authentication information of UE from AAA;
AAA is used to the authentication information that BNG provides UE.
In the said system, said BNG also is used for, and after confirming that according to said authentication information UE is through authentication, triggering Dynamic Host Configuration Protocol server is UE distributing IP address.
The present invention provides a kind of authentication notification system, comprising: RG and BNG; Wherein,
RG is used for UE and inserts the BBF access network, and during request IP address, whether checks said UE through authentication, as definite said UE during through authentication, notifies the said UE of BNG through authentication;
BNG is used to receive the notice of UE through authentication.
In the said system, said BNG also is used for, and triggering Dynamic Host Configuration Protocol server is UE distributing IP address.
Authentication notification method and system provided by the invention, UE inserts the BBF access network and during through authentication, BBF AAA sends to BNG with the MAC Address of UE; Or UE inserts the BBF access network, and during request IP address, whether BNG checks said UE through authentication, when the authentication information of definite not this UE of BNG, obtains the authentication information of UE from AAA; Or UE inserts the BBF access network, and during request IP address, RG checks that whether said UE is through authentication; As definite said UE during through authentication; The said UE of RG notice BNG is through authentication, so BNG can be through receiving the MAC Address of UE from AAA, or inquires about the authentication information of UE; Or receive the method for UE through the notice of authentication from RG, whether the UE that the request of in time obtaining inserts information through authentication; As definite UE during through authentication, can in time trigger Dynamic Host Configuration Protocol server is UE distributing IP address.
At UE message identifying is sent to RG; Accomplish in the scene of UE via after the RG encapsulation process message identifying being sent to AAA; The authentication authorization and accounting process is in the scene of BNG; Utilize the technical scheme that proposes among the present invention, can realize that still Dynamic Host Configuration Protocol server is UE distributing IP address, further remedies deficiency of the prior art.
Description of drawings
Fig. 1 is the schematic flow sheet of the method for authentication and address assignment in the prior art;
Fig. 2 is via the schematic flow sheet of the authentication of RG in the prior art;
Fig. 3 is the schematic flow sheet that the present invention realizes the embodiment one of authentication notification method;
Fig. 4 is the schematic flow sheet that the present invention realizes the embodiment two of authentication notification method;
Fig. 5 is the schematic flow sheet that the present invention realizes the embodiment three of authentication notification method;
Fig. 6 is the schematic flow sheet that the present invention realizes the embodiment four of authentication notification method;
Fig. 7 is the schematic flow sheet that the present invention realizes the embodiment five of authentication notification method;
Fig. 8 is the schematic flow sheet that the present invention realizes the embodiment six of authentication notification method;
Fig. 9 is the schematic flow sheet that the present invention realizes the embodiment seven of authentication notification method;
Figure 10 is the schematic flow sheet that the present invention realizes the embodiment eight of authentication notification method;
Figure 11 is the structural representation that the present invention realizes authentication notification system implementation example one;
Figure 12 is the structural representation that the present invention realizes authentication notification system implementation example two;
Figure 13 is the structural representation that the present invention realizes authentication notification system implementation example three.
Embodiment
Basic thought of the present invention is: UE inserts the BBF access network and during through authentication, BBFAAA sends to BNG with the MAC Address of UE; Or UE inserts the BBF access network, and during request IP address, whether BNG checks said UE through authentication, when the authentication information of definite not this UE of BNG, obtains the authentication information of UE from AAA; Or UE inserts the BBF access network, and during request IP address, whether RG checks said UE through authentication, and as definite said UE during through authentication, RG notifies the said UE of BNG through authentication.
Through accompanying drawing and specific embodiment the present invention is done further detailed description more below.
The present invention provides a kind of authentication notification method; Fig. 3 is the schematic flow sheet that the present invention realizes the embodiment one of authentication notification method; The UE of right and wrong BBF inserts the BBF access network and during through authentication; BBF AAA sends to the concrete implementation method of BNG with the MAC Address of UE, and as shown in Figure 3, this method may further comprise the steps:
Step 301, RG and BBFAAA carry out alternately, accomplish authentication.
Step 302, the UE of non-BBF sends authentication protocol to RG and begins (EAPoL-Start) message, carries out authentication through the 802.1x agreement.
Step 303, receive the EAPoL Start message that UE sends after, RG sends authentication protocol ID request (EAP Identity Request) message to UE, is used to notify UE report of user name.
Step 304, receive the EAP Identity Request message that RG sends after, UE replys authentication protocol IE and replys (EAP Identity Response) message and give RG, wherein carries user name in the message.
Step 305, RG is encapsulated into authentication with the EAP Identity Response message of receiving and inserts in request (RADIUS Access Request) message, and RADIUS Access Request message is sent to BBFAAA.
Step 306, BBF AAA will be transmitted to Home AAA from the RADIUS Access Request message that RG receives according to network address sign (NAI, Network Address Identifier).
Step 307, receive the RADIUS Access Request message that BBF AAA sends after, HomeAAA replys authentication and inserts response (RADIUS Access Response) message and give BBF AAA, wherein carries EAP Identity Response message in this message.
Step 308, BBF AAA is transmitted to RG with the RADIUS Access Response message of receiving.
Step 309, RG is from the RADIUS Access Response message of receiving, and deblocking goes out the EAP frame, and this EAP frame is sent to UE.
Step 310, receive the EAP frame that RG sends after, UE replys message and gives RG, carries challenge password (Challenged Password) in the message.
Step 311, receive the message that UE replys after, the EAP frame that RG obtains after with decapsulation is encapsulated in the RADIUS Access Request message and sends to BBF AAA, wherein carries the ChallengedPassword that receives.
Step 312, BBF AAA is transmitted to HomeAAA with the RADIUS Access Request message of receiving.
Step 313, if request inserts the UE of BBF access network through authentication, then Home AAA replys authentication access acceptance (RADIUS Access Accept) message and gives BBF AAA; If request inserts the UE of BBF access network not through authentication, then do not reply RADIUS Access Accept message and give BBF AAA, process ends.
Step 314, BBF AAA transmits RADIUS Access Accept message and gives RG.
Step 315; BBFAAA sends the MAC Address through the UE of authentication to BNG; Here BBFAAA sends the MAC Address through the UE of authentication to BNG, is used to inform that this UE of BNG through authentication, carries out IP address assignment thereby when BNG receives the IP Address requests of UE, can trigger Dynamic Host Configuration Protocol server.
Step 316, the RG deblocking goes out the EAP frame, sends authentication protocol success (EAP Success) message and gives UE.
Fig. 4 is the schematic flow sheet that the present invention realizes the embodiment two of authentication notification method; On the basis of embodiment one; When UE through route requests (Router Solicitation) message request IPv6 address, and BNG is when confirming UE through authentication, it is the concrete implementation method of UE distributing IP v6 address that BNG triggers Dynamic Host Configuration Protocol server; As shown in Figure 4, this method may further comprise the steps:
Step 401, UE sends route requests (Router Solicitation) message and gives BNG, wherein carries the MAC Address of UE.
Step 402; After receiving Router Solicitation message, whether the MAC Address of this UE of BNG inspection is through authentication, if through authentication; Then send DHCP request (DHCP Request) message and give Dynamic Host Configuration Protocol server, being used to trigger Dynamic Host Configuration Protocol server is UE distributing IP address; If not through authentication, then BNG sends the refusal message and gives UE, process ends.
Step 403, after being triggered, Dynamic Host Configuration Protocol server is replied DHCP and is replied (DHCP Reply) message to BNG, carries the address prefix { Frame-IPv6-Prefix} of IPv6 in the message.
Step 404, receive the DHCP Reply message that Dynamic Host Configuration Protocol server replys after, BNG replys route announcement (Router Advertisement) message and gives UE, wherein carries the address prefix { Frame-IPv6-Prefix} of IPv6.
Step 405, BNG sends authentication and accounting to begin (RADIUS Acounting Start) message and gives AAA, receive RADIUS Acounting Start message after, AAA begins to charge; Wherein, said charging statistics of user's on-line time etc. for example.
Fig. 5 is the schematic flow sheet that the present invention realizes the embodiment three of authentication notification method; On the basis of embodiment one; When UE through DHCP request (DHCP Solicit) message request IPv6 address, and BNG is when confirming UE through authentication, it is the concrete implementation method of UE distributing IP v6 address that BNG triggers Dynamic Host Configuration Protocol server; As shown in Figure 5, this method may further comprise the steps:
Step 501, UE sends DHCP Solicit message to BNG, wherein carries the MAC Address of UE.
Step 502, receive DHCP Solicit message after, whether the MAC Address of this UE of BNG inspection through authentication, if through authentication, transmission DHCP Solicit message is to Dynamic Host Configuration Protocol server; If not through authentication, then BNG sends the refusal message and gives UE, process ends.
Step 503, receive the DHCP Solicit message that BNG sends after, Dynamic Host Configuration Protocol server is replied DHCP declaration (DHCP Advertise) message and is given BNG.
Step 504, receive the DHCP Advertise message that Dynamic Host Configuration Protocol server replys after, BNG is transmitted to UE with it.
Step 505, receive the DHCP Advertise message that BNG sends after, UE sends the DHCPRequest message to BNG.
Step 506, BNG will send to Dynamic Host Configuration Protocol server from the DHCP Request message that UE receives.
Step 507, receive the DHCP Request message that BNG sends after, Dynamic Host Configuration Protocol server is replied DHCP Reply message to BNG, carries the address prefix { Frame-IPv6-Address} of IPv6 in this message.
Step 508, receive the DHCP Reply message that Dynamic Host Configuration Protocol server replys after, BNG transmits DHCP Reply message to UE, still carries the address prefix { Frame-IPv6-Address} of IPv6 in this message.
Step 509, BNG sends RADIUS Acounting Start message to AAA, receive RADIUSAcounting Start message after, AAA begins to charge.
Fig. 6 is the schematic flow sheet that the present invention realizes the embodiment four of authentication notification method; On the basis of embodiment one; When UE finds (DHCP Discover) message request IPv4 address through DHCP, and BNG is when confirming UE through authentication, and it is the concrete implementation method of UE distributing IP v4 address that BNG triggers Dynamic Host Configuration Protocol server; As shown in Figure 6, this method may further comprise the steps:
Step 601, UE sends the DHCP Discover message of broadcasting on physical subnets, be used to seek available Dynamic Host Configuration Protocol server.
Step 602, because DHCP Discover message is broadcasting packet, so RG can receive this message from UE, RG is transmitted to BNG with the DHCP Discover message of receiving.
Step 603, whether the MAC Address of this UE of BNG inspection is through authentication, if through authentication, then BNG sends to Dynamic Host Configuration Protocol server with the DHCP Discover message of receiving; If not through authentication, then BNG sends the refusal message through RG and gives UE, process ends.
Step 604; After Dynamic Host Configuration Protocol server is received DHCP Discover message,, be equivalent to receive IP lease request from BNG for Dynamic Host Configuration Protocol server; Therefore Dynamic Host Configuration Protocol server can provide an IP lease; And for this UE keeps an IP address, reply DHCP to BNG then and reply (DHCP Offer) message, carry IPv4 address { IPv4Address} in this message.
Step 605, receive the DHCP Offer message that Dynamic Host Configuration Protocol server replys after, BNG is transmitted to RG with it, wherein still carries IPv4 address { IPv4Address}.
Here, when UE request IP address, the IP address that BNG returns to UE is that address prefix or the IPv4 address of IPv6 confirmed according to protocol type.
Step 606, receive the DHCP Offer message that BNG sends after, RG replys DHCP Offer message to UE, wherein carries IPv4 address { IPv4Address}.
Step 607, UE sends DHCP Request message and gives RG and other all Dynamic Host Configuration Protocol server, and wherein carrying provides the DPCH of IP lease the IP of server, is used to inform that other all Dynamic Host Configuration Protocol server self have been accepted an IP lease.
Step 608, RG will be transmitted to BNG from the DHCP Request message that UE receives.
Step 609, receive DHCP Request message after, BNG sends DHCP Request message and gives Dynamic Host Configuration Protocol server.
Step 610, receive the DHCP Request message that BNG sends after, Dynamic Host Configuration Protocol server is replied DHCP and is confirmed that (DHCPAck) message gives BNG.
Step 611, receive the DHCPAck message that Dynamic Host Configuration Protocol server replys after, BNG replys the DHCPAck message and gives RG.
Step 612, receive the DHCPAck message after, RG replys the DHCPAck message and gives UE.
Step 613, BNG sends RADIUS Acounting Start message to AAA, receive RADIUSAcounting Start message after, AAA begins to charge.
Fig. 7 is the schematic flow sheet that the present invention realizes the embodiment five of authentication notification method; The UE of right and wrong BBF inserts the BBF access network, and through Router Solicitation message request IPv6 address, whether this UE is through authentication in the BNG inspection; When BNG confirms the authentication information of this UE not; Obtain the authentication information of UE from AAA, after confirming that according to this authentication information UE is through authentication, it is the concrete implementation method of UE distributing IP v6 address that BNG triggers Dynamic Host Configuration Protocol server; As shown in Figure 7, this method may further comprise the steps:
Step 701, UE sends Router Solicitation message request and gives BNG, wherein carries the MAC Address of UE.
Step 702, receive the Router Solicitation message request that UE sends after, whether the MAC Address of this UE of BNG inspection through authentication; Because this UE is not in advance through authentication; Or this UE is through authentication, but AAA does not send to BNG with the MAC Address of UE, so whether BNG is at the MAC Address of inspection UE during through authentication; Find the not authentication information of this UE; Be whether BNG does not know UE through authentication, then BNG sends the authentication query infomational message to AAA, wherein carries the MAC Address of this UE.
Step 703, receive the authentication query infomational message that BNG sends after, AAA sends to BNG according to the authentication information of wherein the local UE corresponding with this MAC Address that preserves of MAC Address inquiry with this authentication information; Wherein, authentication information is UE through authentication and UE not through authentication.
Step 704, the authentication information of receiving as BNG are UE during through authentication, and BNG sends the DHCPRequest message and gives the DPCH server; If not through authentication, then BNG replys UE refusal response message.
Step 705, receive the DHCP Request message that BNG sends after, Dynamic Host Configuration Protocol server is replied the DHCPReply message, wherein carries the address prefix { Frame-IPv6-Prefix} of IPv6.
Step 706, receive the DHCP Reply message that Dynamic Host Configuration Protocol server replys after, BNG replys the RouterAdvertisement message and gives UE, wherein carries the address prefix { Frame-IPv6-Prefix} of IPv6.
Step 707, BNG sends RADIUS Acounting Start message to AAA, receive RADIUSAcounting Start message after, AAA begins to charge.
Fig. 8 is the schematic flow sheet that the present invention realizes the embodiment six of authentication notification method, and the UE of right and wrong BBF inserts the BBF access network, through DHCP Solicit message request IPv6 address; Whether this UE of BNG inspection through authentication, when the authentication information of definite not this UE of BNG, obtains the authentication information of UE from AAA; After confirming that according to this authentication information UE is through authentication; BNG triggers Dynamic Host Configuration Protocol server and is the concrete implementation method of UE distributing IP v6 address, and as shown in Figure 8, this method may further comprise the steps:
Step 801, UE sends DHCP Solicit message and gives BNG, wherein carries the MAC Address of UE.
Step 802, receive the Router Solicitation message that UE sends after, whether the MAC Address of this UE of BNG inspection through authentication; Because this UE is not in advance through authentication; Or this UE is through authentication, but AAA does not send to BNG with the MAC Address of UE, so whether BNG is at the MAC Address of inspection UE during through authentication; Find the not authentication information of this UE; Be whether BNG does not know UE through authentication, then BNG sends the authentication query infomational message to AAA, wherein carries the MAC Address of this UE.
Step 803, receive the authentication query infomational message that BNG sends after, AAA sends to BNG according to the authentication information of wherein the local UE corresponding with this MAC Address that preserves of MAC Address inquiry with this authentication information; Wherein, authentication information is UE through authentication and UE not through authentication.
Step 804, the authentication information of receiving as BNG are UE during through authentication, and BNG sends the DHCPSolicit message and gives the DPCH server; If not through authentication, then BNG replys UE refusal response message.
Step 805, receive the DHCP Solicit message that BNG sends after, Dynamic Host Configuration Protocol server is replied the DHCPAdvertise message and is given BNG.
Step 806, receive the DHCP Advertise message that Dynamic Host Configuration Protocol server replys after, BNG transmits DHCP Advertise message and gives UE.
Step 807, receive the DHCP Advertise message that BNG sends after, UE sends DHCP Request message and gives BNG.
Step 808, receive the DHCP Request message that UE sends after, BNG sends to Dynamic Host Configuration Protocol server with DHCP Request message.
Step 809, receive the DHCP Request message that BNG sends after, Dynamic Host Configuration Protocol server is replied the DHCPReply message and is given BNG, wherein carries the address prefix { Frame-IPv6-Address} of IPv6.
Step 810, receive the DHCP Reply message that Dynamic Host Configuration Protocol server replys after, BNG replys the DHCPReply message and gives UE, wherein still carries the address prefix { Frame-IPv6-Address} of IPv6.
Step 811, BNG sends RADIUS Acounting Start message to AAA, receive RADIUSAcounting Start message after, AAA begins to charge.
Fig. 9 is the schematic flow sheet that the present invention realizes the embodiment seven of authentication notification method, and the UE of right and wrong BBF inserts the BBF access network, through DHCP Discover message request IPv4 address; Whether this UE of BNG inspection through authentication, when the authentication information of definite not this UE of BNG, obtains the authentication information of UE from AAA; After confirming that according to this authentication information UE is through authentication; BNG triggers Dynamic Host Configuration Protocol server and is the concrete implementation method of UE distributing IP v4 address, and as shown in Figure 9, this method may further comprise the steps:
Step 901, UE sends the DHCP Discover message of broadcasting on physical subnets, be used to seek available Dynamic Host Configuration Protocol server.
Step 902, because DHCP Discover message is broadcasting packet, so RG can receive this message from UE, RG will be transmitted to BNG from the DHCP Discover message that UE receives.
Step 903, receive the DHCP Discover message that UE sends after, whether the MAC Address of this UE of BNG inspection through authentication; Because this UE is not in advance through authentication; Or this UE is through authentication, but AAA does not send to BNG with the MAC Address of UE, so whether BNG is at the MAC Address of inspection UE during through authentication; Find the not authentication information of this UE; Be whether BNG does not know UE through authentication, then BNG sends the authentication query infomational message to AAA, wherein carries the MAC Address of this UE.
Step 904, receive the authentication query infomational message that BNG sends after, AAA sends to BNG according to the authentication information of wherein the local UE corresponding with this MAC Address that preserves of MAC Address inquiry with this authentication information; Wherein, authentication information is UE through authentication and UE not through authentication.
Step 905, the authentication information of receiving as BNG are UE during through authentication, and BNG sends to Dynamic Host Configuration Protocol server with the DHCPDiscover message; If not through authentication, then BNG replys UE refusal response message.
Step 906; After Dynamic Host Configuration Protocol server is received DHCP Discover message,, be equivalent to receive IP lease request from BNG for Dynamic Host Configuration Protocol server; Therefore Dynamic Host Configuration Protocol server can provide an IP lease; And, reply DHCP Offer message to BNG then for this UE keeps an IP address, carry IPv4 address { IPv4Address} in this message.
Step 907, receive the DHCP Offer message that Dynamic Host Configuration Protocol server replys after, BNG is transmitted to RG with it, wherein still carries IPv4 address { IPv4Address}.
Step 908, receive the DHCP Offer message that BNG sends after, RG replys DHCP Offer message to UE, wherein carries IPv4 address { IPv4Address}.
Step 909, UE sends DHCP Request message and gives RG and other all Dynamic Host Configuration Protocol server,, wherein carrying provides the DPCH of IP lease the IP of server, is used to inform that other all Dynamic Host Configuration Protocol server self have been accepted an IP lease.
Step 910, RG will be transmitted to BNG from the DHCP Request message that UE receives.
Step 911, receive DHCP Request message after, BNG sends DHCP Request message and gives Dynamic Host Configuration Protocol server.
Step 912, receive the DHCP Request message that BNG sends after, Dynamic Host Configuration Protocol server is replied DHCP Ack message and is given BNG.
Step 913, receive the DHCP Ack message that Dynamic Host Configuration Protocol server replys after, BNG replys the DHCPAck message and gives RG.
Step 914, receive the DHCPAck message after, RG replys the DHCPAck message and gives UE.
Step 915, BNG sends RADIUS Acounting Start message to AAA, receive RADIUSAcounting Star message after, AAA begins to charge.
Figure 10 is the schematic flow sheet that the present invention realizes the embodiment eight of authentication notification method, and the UE of right and wrong BBF inserts the BBF access network, request IP address; Whether this UE of RG inspection through authentication, as definite this UE during not through authentication, refuses to ask; As definite this UE during through authentication, this UE of RG notice BNG is through authentication, and BNG triggering Dynamic Host Configuration Protocol server is the concrete implementation method of UE distributing IP address; Shown in figure 10, this method may further comprise the steps:
Step 1001, UE sends the DHCP Discover message of broadcasting on physical subnets, be used to seek available Dynamic Host Configuration Protocol server.
Step 1002 because DHCP Discover message is broadcasting packet, so RG can receive this message from UE, receive DHCP Discover message after, whether the MAC Address of this UE of RG inspection through authentication; If not through authentication, the then request of this UE of RG refusal, flow process finishes; If through authentication, then RG sends to BNG with DHCP Discover message.
Step 1003, receive the DHCP Discover message that RG sends after, BNG confirms this UE through authentication, can be this UE distributing IP address, so BNG directly is transmitted to Dynamic Host Configuration Protocol server with DHCP Discover message, the triggering Dynamic Host Configuration Protocol server is UE distributing IP address.
Step 1004; After Dynamic Host Configuration Protocol server is received DHCP Discover message,, be equivalent to receive IP lease request from BNG for Dynamic Host Configuration Protocol server; Therefore Dynamic Host Configuration Protocol server can provide an IP lease; And, reply DHCP Offer message to BNG then for this UE keeps an IP address, carry IPv4 address { IPv4Address} in this message.
Step 1005, receive the DHCP Offer message that Dynamic Host Configuration Protocol server replys after, BNG is transmitted to RG with it, wherein still carries IPv4 address { IPv4Address}.
Step 1006, receive the DHCP Offer message that BNG sends after, RG replys DHCP Offer message to UE, wherein carries IPv4 address { IPv4Address}.
Step 1007, UE sends DHCP Request message and gives RG and other all Dynamic Host Configuration Protocol server, and wherein carrying provides the DPCH of IP lease the IP of server, is used to inform that other all Dynamic Host Configuration Protocol server self have been accepted an IP lease.
Step 1008, RG will be transmitted to BNG from the DHCP Request message that UE receives.
Step 1009, receive DHCP Request message after, BNG sends DHCP Request message and gives Dynamic Host Configuration Protocol server.
Step 1010, receive the DHCP Request message that BNG sends after, Dynamic Host Configuration Protocol server is replied DHCP Ack message and is given BNG.
Step 1011, receive the DHCP Ack message that Dynamic Host Configuration Protocol server replys after, BNG replys the DHCPAck message and gives RG.
Step 1012, receive DHCP Ack message after, RG replys DHCP Ack message and gives UE.
Step 1013, BNG sends RADIUS Acounting Start message to AAA, receive RADIUSAcounting Start message after, AAA begins to charge.
AAA in the above embodiments two to embodiment eight is BBF AAA.
Be to realize the method among the embodiment one to embodiment four, the present invention also provides a kind of authentication notification system, and Figure 11 is the structural representation that the present invention realizes authentication notification system implementation example one, and shown in figure 11, this system comprises: BBF AAA111 and BNG112; Wherein,
BBF AAA111 is used for that UE inserts the BBF access network and during through authentication, and the MAC Address of UE is sent to BNG112;
BNG112 is used to receive the MAC Address of UE.
Said BNG112 also is used for, and when UE request IP address, and when confirming said UE through authentication, the triggering Dynamic Host Configuration Protocol server is said UE distributing IP address.
Be to realize the method among the embodiment five to embodiment seven, the present invention also provides a kind of authentication notification system, and Figure 12 is the structural representation that the present invention realizes authentication notification system implementation example two, and shown in figure 12, this system comprises: BNG121 and AAA122; Wherein,
BNG121 is used for UE and inserts the BBF access network, and during request IP address, whether checks said UE through authentication, and when the authentication information of definite not this UE, obtains the authentication information of UE from AAA122;
AAA122 is used to the authentication information that BNG provides UE.
Said BNG121 also is used for, and after confirming that according to said authentication information UE is through authentication, triggering Dynamic Host Configuration Protocol server is UE distributing IP address.
Be to realize the method among the embodiment eight, the present invention also provides a kind of authentication notification system, and Figure 13 is the structural representation that the present invention realizes authentication notification system implementation example three, and shown in figure 13, this system comprises: RG131 and BNG132; Wherein,
RG131 is used for UE and inserts the BBF access network, and during request IP address, whether checks said UE through authentication, as definite said UE during through authentication, notifies the said UE of BNG132 through authentication;
BNG132 is used to receive the notice of UE through authentication.
Said BNG132 also is used for, and triggering Dynamic Host Configuration Protocol server is UE distributing IP address.
The above is merely preferred embodiment of the present invention, is not to be used to limit protection scope of the present invention, all any modifications of within spirit of the present invention and principle, being done, is equal to replacement and improvement etc., all should be included within protection scope of the present invention.

Claims (15)

1. an authentication notification method is characterized in that, this method comprises:
UE access band forum (BBF) access network and during through authentication, BBF authentication unit (AAA) sends to wideband network gateway control appliance (BNG) with the MAC Address of UE.
2. method according to claim 1 is characterized in that, this method also comprises:
When UE request IP address, and BNG is when confirming said UE through authentication, and it is said UE distributing IP address that BNG triggering DynamicHost is provided with agreement (DHCP) server.
3. method according to claim 2; It is characterized in that; Said UE request IP address is: UE is through route requests (Router Solicitation) message request IPv6 address; Or UE is through DHCP request (DHCP Solicit) message request IPv6 address, or UE finds (DHCPDiscover) message request IPv4 address through DHCP.
4. an authentication notification method is characterized in that, this method comprises:
UE inserts the BBF access network, and during request IP address, whether BNG checks said UE through authentication, when the authentication information of definite not this UE of BNG, obtains the authentication information of UE from AAA.
5. method according to claim 4 is characterized in that, this method also comprises:
After confirming that according to said authentication information UE is through authentication, it is UE distributing IP address that BNG triggers Dynamic Host Configuration Protocol server.
6. method according to claim 4 is characterized in that, said UE request IP address is:
UE is through Router Solicitation message request IPv6 address, or UE is through DHCP Solicit message request IPv6 address, or UE is through DHCP Discover message request IPv4 address.
7. an authentication notification method is characterized in that, this method comprises:
UE inserts the BBF access network, and during request IP address, whether said UE is through authentication in residential gateway (RG) inspection, and as definite said UE during through authentication, RG notifies the said UE of BNG through authentication.
8. method according to claim 7 is characterized in that, this method also comprises:
It is UE distributing IP address that BNG triggers Dynamic Host Configuration Protocol server.
9. method according to claim 7 is characterized in that,
Said UE request IP address is: UE is through DHCP Discover message request IPv4 address;
The said UE of said RG notice BNG through authentication is: RG sends to BNG with said DHCP Discover message.
10. an authentication notification system is characterized in that, this system comprises: BBF AAA and BNG; Wherein,
BBF AAA is used for that UE inserts the BBF access network and during through authentication, and the MAC Address of UE is sent to BNG;
BNG is used to receive the MAC Address of UE.
11. system according to claim 10 is characterized in that,
Said BNG also is used for, and when UE request IP address, and when confirming said UE through authentication, the triggering Dynamic Host Configuration Protocol server is said UE distributing IP address.
12. an authentication notification system is characterized in that, this system comprises: BNG and AAA; Wherein,
BNG is used for UE and inserts the BBF access network, and during request IP address, whether checks said UE through authentication, and when the authentication information of definite not this UE, obtains the authentication information of UE from AAA;
AAA is used to the authentication information that BNG provides UE.
13. system according to claim 12 is characterized in that, said BNG also is used for, and after confirming that according to said authentication information UE is through authentication, triggering Dynamic Host Configuration Protocol server is UE distributing IP address.
14. an authentication notification system is characterized in that, this system comprises: RG and BNG; Wherein,
RG is used for UE and inserts the BBF access network, and during request IP address, whether checks said UE through authentication, as definite said UE during through authentication, notifies the said UE of BNG through authentication;
BNG is used to receive the notice of UE through authentication.
15. system according to claim 14 is characterized in that, said BNG also is used for, and triggering Dynamic Host Configuration Protocol server is UE distributing IP address.
CN201110100677.9A 2011-04-21 2011-04-21 A kind of authentication notification method and system Expired - Fee Related CN102752746B (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CN201110100677.9A CN102752746B (en) 2011-04-21 2011-04-21 A kind of authentication notification method and system
PCT/CN2012/071293 WO2012142867A1 (en) 2011-04-21 2012-02-17 Authentication notification method and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201110100677.9A CN102752746B (en) 2011-04-21 2011-04-21 A kind of authentication notification method and system

Publications (2)

Publication Number Publication Date
CN102752746A true CN102752746A (en) 2012-10-24
CN102752746B CN102752746B (en) 2018-01-19

Family

ID=47032599

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201110100677.9A Expired - Fee Related CN102752746B (en) 2011-04-21 2011-04-21 A kind of authentication notification method and system

Country Status (2)

Country Link
CN (1) CN102752746B (en)
WO (1) WO2012142867A1 (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2014067334A1 (en) * 2012-10-29 2014-05-08 中兴通讯股份有限公司 Data packet management method, device and system
CN103916854A (en) * 2013-01-08 2014-07-09 中兴通讯股份有限公司 Wireless local area network user access fixed broadband network method and system
WO2016131297A1 (en) * 2015-07-10 2016-08-25 中兴通讯股份有限公司 Method and device for limiting non-permissive user equipment on access to home gateway

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103152332B (en) * 2013-02-17 2018-02-16 中兴通讯股份有限公司 A kind of EAP authentication method and apparatus under WEB service assistance

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101355550A (en) * 2007-07-27 2009-01-28 中国电信股份有限公司 Method and system for pushing wideband information combining telecom wideband AAA system
CN101369893A (en) * 2008-10-06 2009-02-18 中国移动通信集团设计院有限公司 Method for local area network access authentication of casual user
CN101795449A (en) * 2010-01-07 2010-08-04 杭州华三通信技术有限公司 Wireless network terminal access control method and device thereof

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101355550A (en) * 2007-07-27 2009-01-28 中国电信股份有限公司 Method and system for pushing wideband information combining telecom wideband AAA system
CN101369893A (en) * 2008-10-06 2009-02-18 中国移动通信集团设计院有限公司 Method for local area network access authentication of casual user
CN101795449A (en) * 2010-01-07 2010-08-04 杭州华三通信技术有限公司 Wireless network terminal access control method and device thereof

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
ERICSSON: "《3GPP/BBF Workshop on FMC》", 19 February 2010 *

Cited By (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2014067334A1 (en) * 2012-10-29 2014-05-08 中兴通讯股份有限公司 Data packet management method, device and system
CN103796245A (en) * 2012-10-29 2014-05-14 中兴通讯股份有限公司 Data message management method, device and system
CN103796245B (en) * 2012-10-29 2019-01-25 中兴通讯股份有限公司 The management method of data message, apparatus and system
CN103916854A (en) * 2013-01-08 2014-07-09 中兴通讯股份有限公司 Wireless local area network user access fixed broadband network method and system
WO2014107974A1 (en) * 2013-01-08 2014-07-17 中兴通讯股份有限公司 Method and system for wireless local area network user to access fixed broadband network
US9749320B2 (en) 2013-01-08 2017-08-29 Zte Corporation Method and system for wireless local area network user to access fixed broadband network
WO2016131297A1 (en) * 2015-07-10 2016-08-25 中兴通讯股份有限公司 Method and device for limiting non-permissive user equipment on access to home gateway
CN106341374A (en) * 2015-07-10 2017-01-18 中兴通讯股份有限公司 Method and device for restricting access of unlicensed user device to home gateway
CN106341374B (en) * 2015-07-10 2020-09-29 中兴通讯股份有限公司 Method and device for limiting access of unlicensed user equipment to home gateway

Also Published As

Publication number Publication date
CN102752746B (en) 2018-01-19
WO2012142867A1 (en) 2012-10-26

Similar Documents

Publication Publication Date Title
US7236781B2 (en) Method for roaming between networks
US6959009B2 (en) Address acquisition
US8300637B1 (en) Attribute assignment for IP dual stack devices
US8189567B2 (en) Method and nodes for registering a terminal
CN106576242B (en) User equipment identification valid for heterogeneous networks
US20070245007A1 (en) Automatic selection of a home agent
US20130267203A1 (en) Sending plmn id at a shared wifi access
CN101686191A (en) Method for accessing packet data network service, system, gateway and terminal
CN102695236A (en) Method and system of data routing
CN103796281A (en) Management method, device and system for packet-data network type
CN101631354A (en) Method, device and system for selecting packet data network
US8688808B1 (en) Assignment of domain name system (DNS) servers
US8780748B1 (en) IPV4 and IPV6 single session on a home agent
CN102143559A (en) Method for realizing connection of plurality of grouped data networks, access gateway and system
CN102752746A (en) Authentication notifying method and system
US20100146088A1 (en) Apparatus And Method For Effective IPV6 Address In Dial-Up Networking
CN102781093B (en) The Notification Method and system of a kind of user profile
CN101778373B (en) Method, device and system for selecting grounding data network
US8184618B2 (en) Methods and apparatus for use in a packet data network
KR100619385B1 (en) Method for forming and transmitting network/ip imformation for interworking network between portable internet and mobile communication network
CN101635915B (en) Method and device for selecting packet data network (PDN)
CN103582159A (en) Method and system for establishing multiple connections in fixed and mobile convergence scene
CN103095860A (en) User address distribution method and system
CN103428779B (en) Transmission method, system and the fixed network access gateway of quality of service information
CN102857585A (en) Method and system for distributing address and executing strategy of BBF (Broadband Forum) network

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
CF01 Termination of patent right due to non-payment of annual fee
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20180119

Termination date: 20210421