CN104683300A - Access method and access system for internet services - Google Patents
Access method and access system for internet services Download PDFInfo
- Publication number
- CN104683300A CN104683300A CN201310627173.1A CN201310627173A CN104683300A CN 104683300 A CN104683300 A CN 104683300A CN 201310627173 A CN201310627173 A CN 201310627173A CN 104683300 A CN104683300 A CN 104683300A
- Authority
- CN
- China
- Prior art keywords
- user
- online attribute
- amendment
- server
- query
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L47/00—Traffic control in data switching networks
- H04L47/70—Admission control; Resource allocation
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Telephonic Communication Services (AREA)
Abstract
The embodiment of the invention discloses an access method and an access system for internet services. The access method comprises the following steps: a RADIUS (Remote Authentication Dial In User Service) server allocates the corresponding authorization class for a user according to the authorization result of dial for a user PPPOE (Point To Point Protocol Over Ethernet) and informs a policy server; the policy server issues a Portal page corresponding to the authorization class to a user terminal through a Portal server, wherein an internet using attribute query and application modification entry is set on the Portal page; after receiving an internet using attribute query and application modification request transmitted by the user through the internet using attribute query and application modification entry on the Portal page, the Portal server forwards the internet using attribute query and application modification request transmitted by the user to the policy server; the policy server instructs a BRAS (Broadband Remote Access Server) to modify internet using attribute information of the user and opens the access permission corresponding to the internet using attribute requested by the user to query or modify; the user accesses to the internet based on the modified internet using attributes through the user terminal. According to the embodiment of the invention, an internet using attribute interaction channel between an operator and the user can be established after the PPPOE authentication is ended.
Description
Technical field
The present invention relates to the communication technology, especially a kind of cut-in method of Internet service and system.
Background technology
In every application such as routine work and life, user often needs accessing Internet to obtain data resource.In prior art, user is by following flow process accessing Internet:
110, Internet user initiates Ethernet transmission point-to-point protocol (Point-to-Point Protocol over Ethernet, PPPOE) dialing, sends access request, comprising the username and password of this user by PPPOE;
120, remote authentication dial-in user service (Remote Authentication Dial In User Service, the RADIUS) server of operator carries out certification based on the user profile prestored to the username and password in access request.If certification is not passed through, then refuse this user Internet access.If certification is passed through, then allow this user Internet access, then perform the operation of 130;
130, any internet content of user's free access;
140, user surfs the Net end, disconnects PPPOE and connects, send and roll off the production line message to operator.
As shown in Figure 1, be a flow chart of prior art user Internet access.
Realizing in process of the present invention, inventor finds, prior art user Internet access method at least exists following problem:
Operator is merely able to by controlling whether allow user Internet access to the certification of dial user's account number and password.User by after carrier authorization, operator's decoupling just and between user, user can access any website, but can only to carry out network operation from the speed of operator's application in advance, strategy change cannot be carried out in real time to the online attribute (such as, access rate) of user; Meanwhile, for the user of authentification failure, user can only be denied access network, and cannot and operator between set up effective interactive.
Summary of the invention
Embodiment of the present invention technical problem to be solved is: the cut-in method and the system that provide a kind of Internet service, to solve the separate state that prior art PPPOE certification terminates between rear operator and user, set up the online attribute exchange channels between operator and user.
The cut-in method of a kind of Internet service that the embodiment of the present invention provides, comprising:
Remote authentication dial-in user service radius server distributes corresponding authorization mechanism according to the authentication result of user's Ethernet transmission point-to-point protocol PPPOE dialing to this user, and sending to strategic server notification message of reaching the standard grade, this notification message of reaching the standard grade comprises user account number and the authorization mechanism information of described user; The described authentication result dialled to user PPPOE comprises described user by PPPOE dialing authentication and not by PPPOE dialing authentication;
Strategic server issues the Portal page corresponding to described authorization mechanism by door Portal server to the user terminal of described user, the described Portal page comprises online attribute query corresponding to described authorization mechanism and apply for entrance with amendment, so that by described online attribute query and amendment, described user applies for that the online attribute of described user is inquired about and/or revised to entrance;
Click inquiry on the Portal page and amendment by user terminal apply for that entrance initiates to surf the Net attribute query and revising is asked in response to receiving user, the online attribute query that user sends by Portal server and amendment request forward are to strategic server, and described online attribute query asks with amendment the online attribute information comprising described user account number and user's requesting query or amendment;
Strategic server is according to the online attribute information of user's requesting query or amendment, the instruction of online attribute modification is issued to BAS Broadband Access Server BRAS, comprising the online attribute information of user account number and user's requesting query or amendment, the online attribute information of described user is revised by BRAS, open to user's requesting query or the corresponding access rights of the online attribute of amendment;
User passes through user terminal, based on amended online attribute accessing Internet.
In another embodiment of the cut-in method of Internet service of the present invention, the online attribute query that user sends by the socket Socket interface that Portal server specifically calls transmission control protocol TCP and amendment request forward are to strategic server.
In another embodiment of the cut-in method of Internet service of the present invention, click inquiry on the Portal page and amendment by user terminal apply for that entrance initiates to surf the Net attribute query and revising is asked in response to receiving user, also comprise:
The duration that Portal server starts to apply on the Portal page according to preset duration or user carries out timing;
The duration timing applied on the Portal page in response to preset duration or user terminates, or receive user and use this online attribute instruction by the end that the Portal page sends, Portal server counting user this use the duration of amended online attribute, and the Socket interface notification strategic server again calling TCP recovers original online attribute of this user and this user, and this uses the duration of amended online attribute;
Strategic server recording user this use the duration of amended online attribute, and indicate BRAS to recover original online attribute information of this user.
In another embodiment of the cut-in method of Internet service of the present invention, strategic server recording user after this uses the duration of amended online attribute, also comprises:
The duration information of the user account number of described user, this amended online attribute used and this amended online attribute used is sent to accounting server by strategic server, produces corresponding ticket and carry out charging to this user by accounting server.
In another embodiment of the cut-in method of Internet service of the present invention, if authentication result be described user by PPPOE dialing authentication, online attribute query corresponding to corresponding authorization mechanism and amendment apply fors that entrance comprises access control list ACL, access rate, time delay, shake, access permission inquire abouts and revised and apply for entrance;
If authentication result be described user because arrearage is not by PPPOE dialing authentication, online attribute query corresponding to corresponding authorization mechanism and amendment apply for entrance comprise pay the fees, answer a pager's call temporarily, billing query application entrance;
If authentication result be described user because code error is not by PPPOE dialing authentication, with amendment, online attribute query corresponding to corresponding authorization mechanism applies for that entrance comprises password authentification, password is revised to inquire about and applied for entrance.
The connecting system of a kind of Internet service that the embodiment of the present invention provides, comprises radius server, Portal server, strategic server and BRAS; Wherein:
Described radius server, for distributing corresponding authorization mechanism according to the authentication result dialled to user PPPOE to this user, and sending to strategic server notification message of reaching the standard grade, this notification message of reaching the standard grade comprises user account number and the authorization mechanism information of described user; The described authentication result dialled to user PPPOE comprises described user by PPPOE dialing authentication and not by PPPOE dialing authentication;
Described Portal server, for the instruction according to described strategic server, user terminal to described user issues the Portal page corresponding to described authorization mechanism, the described Portal page comprises online attribute query corresponding to described authorization mechanism and apply for entrance with amendment, so that by described online attribute query and amendment, described user applies for that the online attribute of described user is inquired about and/or revised to entrance; And click inquiry on the Portal page and amendment by user terminal apply for that entrance initiates to surf the Net attribute query and revising is asked in response to receiving user, online attribute query user sent and amendment request forward are to strategic server, and described online attribute query asks with amendment the online attribute information comprising described user account number and user's requesting query or amendment;
Described strategic server, for issuing the Portal page corresponding to described authorization mechanism by door Portal server to the user terminal of described user, and according to the online attribute information of user's requesting query or amendment, the instruction of online attribute modification is issued, comprising the online attribute information of user account number and user's requesting query or amendment to BRAS;
Described BRAS, for storing the online attribute information of user, and the online attribute information of described user is revised according to the instruction of described strategic server, open to user's requesting query or the corresponding access rights of the online attribute of amendment, so that user is by user terminal, based on amended online attribute accessing Internet.
In another embodiment of the connecting system of Internet service of the present invention, described Portal server, online attribute query user sent especially by the Socket interface calling TCP and amendment request forward are to strategic server.
In another embodiment of the connecting system of Internet service of the present invention, described Portal server, also for being clicked after inquiry on the Portal page and amendment apply for initiating entrance to surf the Net attribute query and revising asks by user terminal receiving user, the duration starting to apply on the Portal page according to preset duration or user carries out timing; The duration timing applied on the Portal page in response to preset duration or user terminates, or receive user and use this online attribute instruction by the end that the Portal page sends, counting user this use the duration of amended online attribute, and the Socket interface notification strategic server again calling TCP recovers original online attribute of this user and this user, and this uses the duration of amended online attribute;
Described strategic server, also for recording user, this uses the duration of amended online attribute, and indicates BRAS to recover original online attribute information of this user.
In another embodiment of the connecting system of Internet service of the present invention, described strategic server, also for after at recording user, this uses the duration of amended online attribute, the duration information of the user account number of described user, this amended online attribute used and this amended online attribute used is sent to accounting server, produces corresponding ticket by accounting server and charging is carried out to this user.
In another embodiment of the connecting system of Internet service of the present invention, if authentication result be described user by PPPOE dialing authentication, online attribute query corresponding to corresponding authorization mechanism and amendment apply fors that entrance comprises ACL, access rate, time delay, shake, access permission inquire abouts and revised and apply for entrance;
If authentication result be described user because arrearage is not by PPPOE dialing authentication, online attribute query corresponding to corresponding authorization mechanism and amendment apply for entrance comprise pay the fees, answer a pager's call temporarily, billing query application entrance;
If authentication result be described user because code error is not by PPPOE dialing authentication, with amendment, online attribute query corresponding to corresponding authorization mechanism applies for that entrance comprises password authentification, password is revised to inquire about and applied for entrance.
The cut-in method of the Internet service provided based on the above embodiment of the present invention and system, radius server can distribute corresponding authorization mechanism notification strategy server according to the authentication result dialled to user PPPOE to this user, strategic server issues the Portal page corresponding to its authorization mechanism by Portal server to user terminal, the Portal page comprises online attribute query corresponding to its authorization mechanism and apply for entrance with amendment, after user apply for initiating entrance to surf the Net by this inquiry and amendment attribute query and revising asks, the online attribute query that user sends by Portal server and amendment request forward are to strategic server, strategic server instruction BRAS revises the online attribute information of this user, open to user's requesting query or the corresponding access rights of the online attribute of amendment, such user just can based on amended online attribute accessing Internet.The embodiment of the present invention solves the technical problem that PPPOE certification terminates the separate state between rear operator and user, for different PPPOE dialing authentication result users, establish the online attribute exchange channels between operator and user, for the user that certification is passed through, its online attribute, such as ACL, access rate, time delay, shake, access permissions etc. can be revised by this exchange channels; And for the user of authentification failure, also can give its certain authority and carry out interim access permission.
Below by drawings and Examples, technical scheme of the present invention is described in further detail.
Description of the invention provides in order to example with for the purpose of describing, and is not exhaustively or limit the invention to disclosed form.Many modifications and variations are obvious for the ordinary skill in the art.Selecting and describing embodiment is in order to principle of the present invention and practical application are better described, and enables those of ordinary skill in the art understand the present invention thus design the various embodiments with various amendment being suitable for special-purpose.
Accompanying drawing explanation
What form a part for specification drawings describes embodiments of the invention, and is used from explanation principle of the present invention together with description one.
With reference to accompanying drawing, according to detailed description below, clearly the present invention can be understood, wherein:
Fig. 1 is prior art user Internet access flow chart.
Fig. 2 is the flow chart of a cut-in method embodiment of Internet service of the present invention.
Fig. 3 is the flow chart of another embodiment of cut-in method of Internet service of the present invention.
Fig. 4 is the structural representation of a connecting system embodiment of Internet service of the present invention.
Embodiment
Various exemplary embodiment of the present invention is described in detail now with reference to accompanying drawing.It should be noted that: unless specifically stated otherwise, otherwise positioned opposite, the numerical expression of the parts of setting forth in these embodiments and step and numerical value do not limit the scope of the invention.
Meanwhile, it should be understood that for convenience of description, the size of the various piece shown in accompanying drawing is not draw according to the proportionate relationship of reality.
Illustrative to the description only actually of at least one exemplary embodiment below, never as any restriction to the present invention and application or use.
May not discuss in detail for the known technology of person of ordinary skill in the relevant, method and apparatus, but in the appropriate case, described technology, method and apparatus should be regarded as a part for specification.
In all examples with discussing shown here, any occurrence should be construed as merely exemplary, instead of as restriction.Therefore, other example of exemplary embodiment can have different values.
It should be noted that: represent similar terms in similar label and letter accompanying drawing below, therefore, once be defined in an a certain Xiang Yi accompanying drawing, then do not need to be further discussed it in accompanying drawing subsequently.
Fig. 2 is the flow chart of a cut-in method embodiment of Internet service of the present invention.As shown in Figure 2, the cut-in method of the Internet service of this embodiment comprises:
210, radius server distributes corresponding authorization mechanism according to the authentication result dialled to user PPPOE to this user, and send to strategic server notification message of reaching the standard grade, such as, this notification message of reaching the standard grade can be the message of reaching the standard grade of user, and this notification message of reaching the standard grade comprises user account number and the authorization mechanism information of user.
Wherein, user is comprised by PPPOE dialing authentication and not by PPPOE dialing authentication to the authentication result that user PPPOE dials, specifically can not comprised again because arrearage is not by PPPOE dialing authentication, because code error is not by multiple situations such as PPPOE dialing authentications by PPPOE dialing authentication.Such as, radius server according to presetting, can distribute authorization mechanism 1 to the user normally reached the standard grade by PPPOE dialing authentication, represents that this user is by PPPOE dialing authentication; To not distributing authorization mechanism 2 by the user of code error in the user of PPPOE dialing authentication (that is: authentification failure), represent code error; To the defaulting subscriber's authorization mechanism 3 in the user of authentification failure, represent this subscriber arrearage.The user of different authentication result can be divided into specific groups of users based on authorization mechanism.
220, strategic server issues the Portal page corresponding to its authorization mechanism by door (Portal) server to the user terminal of user, the Portal page comprises online attribute query corresponding to its authorization mechanism and apply for entrance with amendment, so that with amendment, user applies for that the online attribute of user is inquired about and/or revised to entrance by online attribute query.
Exemplarily, if authentication result is for user is by PPPOE dialing authentication, with amendment, the online attribute query that corresponding authorization mechanism is corresponding applies for that entrance can include but not limited to that the inquiry of access control list (ACL), access rate, time delay, shake, access permission etc. applies for entrance with amendment.If authentication result is user because arrearage is not by PPPOE dialing authentication, online attribute query corresponding to corresponding authorization mechanism and amendment are applied for that entrance can include but not limited to pay the fees, are answered a pager's call temporarily, billing query application entrance.If authentication result is user because code error is not by PPPOE dialing authentication, with amendment, the online attribute query that corresponding authorization mechanism is corresponding applies for that entrance can include but not limited to password authentification, password is revised to inquire about and applied for entrance.With amendment, inquiry wherein applies for that entrance specifically can be presented as button form on webpage, when user clicks a certain button on webpage, send online attribute query corresponding to this button to Portal server to ask with amendment, such as, click button of temporarily answering a pager's call, just can send to Portal server request of temporarily answering a pager's call.
230, click online attribute query on the Portal page and amendment by user terminal apply for that entrance initiates to surf the Net attribute query and revising is asked in response to receiving user, the online attribute query that user sends by Portal server and amendment request forward are to strategic server, and this online attribute query asks with amendment the online attribute information comprising user account number and user's requesting query or amendment.
Exemplarily, the online attribute query that user sends by socket (Socket) interface that Portal server specifically can call transmission control protocol (TCP) and amendment request forward are to strategic server.
240, strategic server is according to the online attribute information of user's requesting query or amendment, the instruction of online attribute modification is issued to BAS Broadband Access Server (BRAS), comprising the online attribute information of user account number and user's requesting query or amendment, the online attribute information of user is revised by BRAS, open to user's requesting query or the corresponding access rights of the online attribute of amendment.
250, user passes through user terminal, based on amended online attribute accessing Internet.
Based on the cut-in method of the Internet service that the above embodiment of the present invention provides, radius server can distribute corresponding authorization mechanism notification strategy server according to the authentication result dialled to user PPPOE to this user, strategic server issues the Portal page corresponding to its authorization mechanism by Portal server to user terminal, the Portal page comprises online attribute query corresponding to its authorization mechanism and apply for entrance with amendment, after user apply for initiating entrance to surf the Net by this inquiry and amendment attribute query and revising asks, the online attribute query that user sends by Portal server and amendment request forward are to strategic server, strategic server instruction BRAS revises the online attribute information of this user, open to user's requesting query or the corresponding access rights of the online attribute of amendment, such user just can based on amended online attribute accessing Internet.The embodiment of the present invention solves the technical problem that PPPOE certification terminates the separate state between rear operator and user, for different PPPOE dialing authentication result users, establish the online attribute exchange channels between operator and user, for the user that certification is passed through, its online attribute, such as ACL, access rate, time delay, shake, access permissions etc. can be revised by this exchange channels; And for the user of authentification failure, also can give its certain authority and carry out interim access permission.
In another embodiment of the cut-in method of Internet service of the present invention, in operation 230, click inquiry on the Portal page and amendment by user terminal apply for that entrance initiates to surf the Net attribute query and revising is asked in response to receiving user, also comprise:
The duration that Portal server starts to apply on the Portal page according to preset duration or user carries out timing;
The duration timing applied on the Portal page in response to preset duration or user terminates, or receive user and use this online attribute instruction by the end that the Portal page sends, Portal server counting user this use the duration of amended online attribute, and the Socket interface notification strategic server again calling TCP recovers original online attribute of this user and this user, and this uses the duration of amended online attribute;
Strategic server recording user this use the duration of amended online attribute, and indicate BRAS to recover original online attribute information of this user.
Further, in another embodiment of the cut-in method of Internet service of the present invention, strategic server recording user is after this uses the duration of amended online attribute, the duration information of the user account number of user, this amended online attribute used and this amended online attribute used can also be sent to accounting server, produce corresponding ticket by accounting server and charging is carried out to this user.
Fig. 3 is the flow chart of another embodiment of cut-in method of Internet service of the present invention.As shown in Figure 3, the cut-in method of the Internet service of this embodiment comprises:
310, user carries out PPPOE dialing by user terminal and sends access request, comprising user account number and the password of this user.
320, radius server carries out certification based on the user profile prestored (comprising the user account number and password with network insertion authority) to the user account number in access request and password, and distribute corresponding authorization mechanism according to authentication result to this user, the strategic server and message of user being reached the standard grade is made a copy for, such as network company's service deployment system (SDX) strategic server, notification strategy server uses the user of this user account number to reach the standard grade and the authorization mechanism of this user.
In addition, radius server also distributes the parameter such as access rate, bandwidth of its application to the user normally reached the standard grade by certification.
330, strategic server is reached the standard grade according to user the authorization mechanism of message and user, the Portal page is issued to user terminal by Portal server, to provide online attribute exchange channels, the Portal page is wherein provided with the online attribute query corresponding to the authorization mechanism of this user and apply for entrance with amendment, this online attribute can include but not limited to ACL, optionally access rate, time delay, shake, access permission, payment, answers a pager's call temporarily, billing query, password authentification, password amendment etc.
With amendment, inquiry wherein applies for that entrance specifically can be presented as button form.These inquiries on the Portal page apply for entrance with amendment, and the Socket interface of TCP specifically can be adopted to communicate with strategic server.Thus realize backstage real time modifying user and to surf the Net the object of attribute.
340, user by user terminal click inquiry on the Portal page and amendment apply for entrance initiates to surf the Net attribute query and revising ask time, the online attribute query that user sends by the Socket interface that Portal server calls TCP and amendment request forward are to strategic server, comprising the online attribute information of user account number and user's requesting query or amendment, and the duration starting to apply on the Portal page according to preset duration or user carries out timing.
350, strategic server is according to the online attribute information of user's requesting query or amendment, the instruction of online attribute modification is issued to BAS Broadband Access Server (BRAS), comprising the online attribute information of user account number and user's requesting query or amendment, revise by BRAS the user stored to surf the Net the online attribute information of this user in attribute information, open to user's requesting query or the corresponding access rights of the online attribute of amendment, such as, for the user by certification, amendment online attribute can apply for according to user the ACL revising user, access rate, time delay, the online such as shake and access permission attribute, for defaulting subscriber, original online attribute is cannot normal accesses network, but when user is by after clicking the button of answering a pager's call on the portal page temporarily, user property can be revised as the user normally reached the standard grade by certification by amendment online attribute, decontrol ACL simultaneously, user can normally be surfed the Net, for the user of cipher authentication mistake, amendment online attribute can revise the ACL of this user, and this user open, to the access rights of radius server, makes user can access radius server to inquire about or Modify password.
360, user passes through user terminal, based on amended online attribute accessing Internet, and can based on attributes such as amended online attribute restricting user access authority, reference address, access rates.
370, the duration timing applied on the Portal page in response to preset duration or user terminates, or receive user and use this online attribute instruction by the end that the Portal page sends, Portal server sends to user terminal and requires that user confirms the Portal page terminating to use this amended online attribute.
Such as, user applies for that on the Portal page amendment online attribute 5 hours or preset duration are 5 hours, then when 5 hours arrive, Portal server can send to user terminal and require that user confirms the Portal page terminating to use this amended online attribute.
" confirmation " button that user can click after seeing the Portal page on user terminal wherein sends acknowledge message, confirms to terminate to use this amended online attribute.
380, user terminal receives user by clicking the confirmation information and sending of " confirmation " button feedback on the Portal page to Portal server, Portal server counting user uses the duration of this online attribute, and the Socket interface notification strategic server again calling TCP recovers the duration that original online attribute of this user and this user use this online attribute.
390, strategic server recording user uses the duration of this online attribute, and indicates BRAS to recover original online attribute information of this user, such as, recover this user for arrearage state.
400, the user account number of this user, this online attribute used are sent to accounting server with using this duration information of surfing the Net attribute by strategic server, produce corresponding ticket and carry out charging to this user by accounting server.
Fig. 4 is the structural representation of a connecting system embodiment of Internet service of the present invention.The connecting system of the Internet service of this embodiment can be used in the present invention the cut-in method embodiment of above-mentioned each Internet service.As shown in Figure 4, the connecting system of the Internet service of this embodiment comprises radius server, Portal server, strategic server and BRAS.Wherein:
Radius server, for distributing corresponding authorization mechanism according to the authentication result dialled to user PPPOE to this user, and send to strategic server notification message of reaching the standard grade, this notification message of reaching the standard grade comprises user account number and the authorization mechanism information of user; User is comprised by PPPOE dialing authentication and not by PPPOE dialing authentication to the authentication result that user PPPOE dials.
Wherein, user is comprised by PPPOE dialing authentication and not by PPPOE dialing authentication to the authentication result that user PPPOE dials, specifically can not comprised again because arrearage is not by PPPOE dialing authentication, because code error is not by multiple situations such as PPPOE dialing authentications by PPPOE dialing authentication.Such as, radius server according to presetting, can distribute authorization mechanism 1 to the user normally reached the standard grade by PPPOE dialing authentication, represents that this user is by PPPOE dialing authentication; To not distributing authorization mechanism 2 by the user of code error in the user of PPPOE dialing authentication (that is: authentification failure), represent code error; To the defaulting subscriber's authorization mechanism 3 in the user of authentification failure, represent this subscriber arrearage.
Portal server, for the instruction according to strategic server, user terminal to user issues the Portal page corresponding to authorization mechanism, this Portal page comprises online attribute query corresponding to authorization mechanism and apply for entrance with amendment, so that with amendment, user applies for that the online attribute of user is inquired about and/or revised to entrance by online attribute query; And click online attribute query on the Portal page and amendment by user terminal apply for that entrance initiates to surf the Net attribute query and revising is asked in response to receiving user, online attribute query user sent and amendment request forward are to strategic server, and online attribute query asks with amendment the online attribute information comprising user account number and user's requesting query or amendment.
Exemplarily, the Portal server online attribute query that specifically user can be sent by the Socket interface calling TCP and amendment request forward are to strategic server.
Strategic server, for issuing the Portal page corresponding to authorization mechanism by door Portal server to the user terminal of user, and according to the online attribute information of user's requesting query or amendment, the instruction of online attribute modification is issued, comprising the online attribute information of user account number and user's requesting query or amendment to BRAS.
BRAS, for storing the online attribute information of user, and the online attribute information of user is revised according to the instruction of strategic server, open to user's requesting query or the corresponding access rights of the online attribute of amendment, so that user is by user terminal, based on amended online attribute accessing Internet.
Based on the connecting system of the Internet service that the above embodiment of the present invention provides, radius server can distribute corresponding authorization mechanism notification strategy server according to the authentication result dialled to user PPPOE to this user, strategic server issues the Portal page corresponding to its authorization mechanism by Portal server to user terminal, the Portal page comprises online attribute query corresponding to its authorization mechanism and apply for entrance with amendment, after user apply for initiating entrance to surf the Net by this inquiry and amendment attribute query and revising asks, the online attribute query that user sends by Portal server and amendment request forward are to strategic server, strategic server instruction BRAS revises the online attribute information of this user, open to user's requesting query or the corresponding access rights of the online attribute of amendment, such user just can based on amended online attribute accessing Internet.The embodiment of the present invention solves the technical problem that PPPOE certification terminates the separate state between rear operator and user, for different PPPOE dialing authentication result users, establish the online attribute exchange channels between operator and user, for the user that certification is passed through, its online attribute, such as ACL, access rate, time delay, shake, access permissions etc. can be revised by this exchange channels; And for the user of authentification failure, also can give its certain authority and carry out interim access permission.
In another embodiment of the connecting system of Internet service of the present invention, Portal server can also for clicking after inquiry on the Portal page and amendment apply for initiating entrance to surf the Net attribute query and revising asks receiving user by user terminal, the duration starting to apply on the Portal page according to preset duration or user carries out timing; The duration timing applied on the Portal page in response to preset duration or user terminates, or receive user and use this online attribute instruction by the end that the Portal page sends, counting user this use the duration of amended online attribute, and the Socket interface notification strategic server again calling TCP recovers original online attribute of this user and this user, and this uses the duration of amended online attribute.Correspondingly, strategic server also can be used for recording user, and this uses the duration of amended online attribute, and indicates BRAS to recover original online attribute information of this user.
In another embodiment of the connecting system of Internet service of the present invention, after strategic server is also used in recording user this uses the duration of amended online attribute, the duration information of the user account number of user, this amended online attribute used and this amended online attribute used is sent to accounting server, produces corresponding ticket by accounting server and charging is carried out to this user.
The cut-in method of the Internet service provided based on the above embodiment of the present invention and system, the real-time, interactive of user and operator can be realized, answering a pager's call in real time of defaulting subscriber can be realized, that is: the Portal page can selecting whether temporarily to answer a pager's call is provided to defaulting subscriber; Can by provide to former low-rate users comprise ACL, access rate, time delay, shake, access permission button the Portal page this user is had an opportunity real-time experience two-forty bandwidth; The restriction of special user's reference address can be realized, carry out black and white lists filtration; To the user that some public security are paid close attention to, specific ACL can be issued by strategic server and limit its reference address; Simultaneously for operator, real dynamic bandwidth adjustment can be realized.Be similar to the peak-trough electricity system of electric power system, carry out difference rate to the broadband of different time sections, according to the time period of user's application, strategic server stamps different marks on charging message, corresponding expense is collected, real Appropriate application broadband resource according to mark.
In this specification, each embodiment all adopts the mode of going forward one by one to describe, and what each embodiment stressed is the difference with other embodiment, same or analogous part cross-reference between each embodiment.For system embodiment, because itself and embodiment of the method are substantially corresponding, so description is fairly simple, relevant part illustrates see the part of embodiment of the method.
Method of the present invention, system may be realized in many ways.Such as, any combination by software, hardware, firmware or software, hardware, firmware realizes method and system of the present invention.Said sequence for the step of described method is only to be described, and the step of method of the present invention is not limited to above specifically described order, unless specifically stated otherwise.In addition, in certain embodiments, can be also record program in the recording medium by the invention process, these programs comprise the machine readable instructions for realizing according to method of the present invention.Thus, the present invention also covers the recording medium stored for performing the program according to method of the present invention.
One of ordinary skill in the art will appreciate that: all or part of step realizing said method embodiment can have been come by the hardware that program command is relevant, aforesaid program can be stored in a computer read/write memory medium, this program, when performing, performs the step comprising said method embodiment; And aforesaid storage medium comprises: ROM, RAM, magnetic disc or CD etc. various can be program code stored medium.
Compared with prior art, the embodiment of the present invention has following Advantageous Effects:
In currently available technology, the Internet of user and operator is mutual, mainly adopts the carrying out of the online business hall of WEB mode, by online business hall customized user service package, online business hall can only, by user's initiatively access, initiatively cannot be initiated mutual by operator.And the embodiment of the present invention establishes the online attribute exchange channels between operator and user, for the user that certification is passed through, its online attribute, such as ACL, access rate, time delay, shake, access permissions etc. can be revised by this exchange channels; And for the user of authentification failure, also can give its certain authority carries out interim access permission;
The service handling of online business hall needs to walk a series of OSS (OSS) flow process, substantially consuming time at about one day, cannot accomplish to come into force in real time.And the embodiment of the present invention can real time modifying user to be surfed the Net attribute, user is come into force after clicking immediately, really can realize dynamic bandwidth adjustment;
Online business hall can only represent same face to all users.The embodiment of the present invention can carry out Portal page downloading targetedly for different subscriber authorisation grades;
Online business hall cannot realize the work of answering a pager's call of defaulting subscriber.The embodiment of the present invention can allow defaulting subscriber real-time recovery surf the Net, and facilitates user's Emergency use.
Claims (10)
1. a cut-in method for Internet service, is characterized in that, comprising:
Remote authentication dial-in user service radius server distributes corresponding authorization mechanism according to the authentication result of user's Ethernet transmission point-to-point protocol PPPOE dialing to this user, and sending to strategic server notification message of reaching the standard grade, this notification message of reaching the standard grade comprises user account number and the authorization mechanism information of described user; The described authentication result dialled to user PPPOE comprises described user by PPPOE dialing authentication and not by PPPOE dialing authentication;
Strategic server issues the Portal page corresponding to described authorization mechanism by door Portal server to the user terminal of described user, the described Portal page comprises online attribute query corresponding to described authorization mechanism and apply for entrance with amendment, so that by described online attribute query and amendment, described user applies for that the online attribute of described user is inquired about and/or revised to entrance;
Click inquiry on the Portal page and amendment by user terminal apply for that entrance initiates to surf the Net attribute query and revising is asked in response to receiving user, the online attribute query that user sends by Portal server and amendment request forward are to strategic server, and described online attribute query asks with amendment the online attribute information comprising described user account number and user's requesting query or amendment;
Strategic server is according to the online attribute information of user's requesting query or amendment, the instruction of online attribute modification is issued to BAS Broadband Access Server BRAS, comprising the online attribute information of user account number and user's requesting query or amendment, the online attribute information of described user is revised by BRAS, open to user's requesting query or the corresponding access rights of the online attribute of amendment;
User passes through user terminal, based on amended online attribute accessing Internet.
2. method according to claim 1, is characterized in that, the online attribute query that user sends by the socket Socket interface that Portal server specifically calls transmission control protocol TCP and amendment request forward are to strategic server.
3. method according to claim 2, is characterized in that, clicking inquiry on the Portal page and amendment and apply for that entrance initiates to surf the Net attribute query and revising is asked, also comprising in response to receiving user by user terminal:
The duration that Portal server starts to apply on the Portal page according to preset duration or user carries out timing;
The duration timing applied on the Portal page in response to preset duration or user terminates, or receive user and use this online attribute instruction by the end that the Portal page sends, Portal server counting user this use the duration of amended online attribute, and the Socket interface notification strategic server again calling TCP recovers original online attribute of this user and this user, and this uses the duration of amended online attribute;
Strategic server recording user this use the duration of amended online attribute, and indicate BRAS to recover original online attribute information of this user.
4. method according to claim 3, is characterized in that, strategic server recording user after this uses the duration of amended online attribute, also comprises:
The duration information of the user account number of described user, this amended online attribute used and this amended online attribute used is sent to accounting server by strategic server, produces corresponding ticket and carry out charging to this user by accounting server.
5. the method according to Claims 1-4 any one, it is characterized in that, if authentication result be described user by PPPOE dialing authentication, online attribute query corresponding to corresponding authorization mechanism and amendment apply fors that entrance comprises access control list ACL, access rate, time delay, shake, access permission inquire abouts and revised and apply for entrance;
If authentication result be described user because arrearage is not by PPPOE dialing authentication, online attribute query corresponding to corresponding authorization mechanism and amendment apply for entrance comprise pay the fees, answer a pager's call temporarily, billing query application entrance;
If authentication result be described user because code error is not by PPPOE dialing authentication, with amendment, online attribute query corresponding to corresponding authorization mechanism applies for that entrance comprises password authentification, password is revised to inquire about and applied for entrance.
6. a connecting system for Internet service, is characterized in that, comprises radius server, Portal server, strategic server and BRAS; Wherein:
Described radius server, for distributing corresponding authorization mechanism according to the authentication result dialled to user PPPOE to this user, and sending to strategic server notification message of reaching the standard grade, this notification message of reaching the standard grade comprises user account number and the authorization mechanism information of described user; The described authentication result dialled to user PPPOE comprises described user by PPPOE dialing authentication and not by PPPOE dialing authentication;
Described Portal server, for the instruction according to described strategic server, user terminal to described user issues the Portal page corresponding to described authorization mechanism, the described Portal page comprises online attribute query corresponding to described authorization mechanism and apply for entrance with amendment, so that by described online attribute query and amendment, described user applies for that the online attribute of described user is inquired about and/or revised to entrance; And click inquiry on the Portal page and amendment by user terminal apply for that entrance initiates to surf the Net attribute query and revising is asked in response to receiving user, online attribute query user sent and amendment request forward are to strategic server, and described online attribute query asks with amendment the online attribute information comprising described user account number and user's requesting query or amendment;
Described strategic server, for issuing the Portal page corresponding to described authorization mechanism by door Portal server to the user terminal of described user, and according to the online attribute information of user's requesting query or amendment, the instruction of online attribute modification is issued, comprising the online attribute information of user account number and user's requesting query or amendment to BRAS;
Described BRAS, for storing the online attribute information of user, and the online attribute information of described user is revised according to the instruction of described strategic server, open to user's requesting query or the corresponding access rights of the online attribute of amendment, so that user is by user terminal, based on amended online attribute accessing Internet.
7. system according to claim 6, is characterized in that, described Portal server, and online attribute query user sent especially by the Socket interface calling TCP and amendment request forward are to strategic server.
8. system according to claim 7, it is characterized in that, described Portal server, also for being clicked after inquiry on the Portal page and amendment apply for initiating entrance to surf the Net attribute query and revising asks by user terminal receiving user, the duration starting to apply on the Portal page according to preset duration or user carries out timing; The duration timing applied on the Portal page in response to preset duration or user terminates, or receive user and use this online attribute instruction by the end that the Portal page sends, counting user this use the duration of amended online attribute, and the Socket interface notification strategic server again calling TCP recovers original online attribute of this user and this user, and this uses the duration of amended online attribute;
Described strategic server, also for recording user, this uses the duration of amended online attribute, and indicates BRAS to recover original online attribute information of this user.
9. system according to claim 8, it is characterized in that, described strategic server, also for after at recording user, this uses the duration of amended online attribute, the duration information of the user account number of described user, this amended online attribute used and this amended online attribute used is sent to accounting server, produces corresponding ticket by accounting server and charging is carried out to this user.
10. the system according to claim 6 to 9 any one, it is characterized in that, if authentication result be described user by PPPOE dialing authentication, online attribute query corresponding to corresponding authorization mechanism and amendment apply fors that entrance comprises ACL, access rate, time delay, shake, access permission inquire abouts and revised and apply for entrance;
If authentication result be described user because arrearage is not by PPPOE dialing authentication, online attribute query corresponding to corresponding authorization mechanism and amendment apply for entrance comprise pay the fees, answer a pager's call temporarily, billing query application entrance;
If authentication result be described user because code error is not by PPPOE dialing authentication, with amendment, online attribute query corresponding to corresponding authorization mechanism applies for that entrance comprises password authentification, password is revised to inquire about and applied for entrance.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310627173.1A CN104683300B (en) | 2013-11-29 | 2013-11-29 | The cut-in method and system of Internet service |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310627173.1A CN104683300B (en) | 2013-11-29 | 2013-11-29 | The cut-in method and system of Internet service |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN104683300A true CN104683300A (en) | 2015-06-03 |
| CN104683300B CN104683300B (en) | 2018-07-17 |
Family
ID=53317905
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201310627173.1A Active CN104683300B (en) | 2013-11-29 | 2013-11-29 | The cut-in method and system of Internet service |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN104683300B (en) |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107872445A (en) * | 2016-09-28 | 2018-04-03 | 华为技术有限公司 | Access authentication method, equipment and Verification System |
| CN111010377A (en) * | 2019-11-29 | 2020-04-14 | 中国电信股份有限公司云南分公司 | System and method for centralized control of broadband user session attributes |
| CN112910882A (en) * | 2021-01-28 | 2021-06-04 | 山东有人物联网股份有限公司 | Network management method, device, system and computer readable storage medium |
| CN113079181A (en) * | 2021-04-21 | 2021-07-06 | 深圳天源锦合技术有限公司 | Method, terminal and storage medium for accessing internet flow by baseband access domain |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101217567A (en) * | 2008-01-08 | 2008-07-09 | 杭州华三通信技术有限公司 | A webpage push method, system and device |
| CN101222411A (en) * | 2008-01-22 | 2008-07-16 | 华为技术有限公司 | Method, access equipment and system for enterprise user altering service quality parameter |
| CN101309204A (en) * | 2007-05-18 | 2008-11-19 | 中国电信股份有限公司 | Method and system regulating access bandwidth in real-time |
| CN101442793A (en) * | 2008-12-30 | 2009-05-27 | 杭州华三通信技术有限公司 | Access method, apparatus and system for wireless network |
| CN101588257A (en) * | 2008-05-23 | 2009-11-25 | 中兴通讯股份有限公司 | Method for modifying networking business attribute |
| US20120185586A1 (en) * | 2011-01-18 | 2012-07-19 | Nomadix, Inc. | Systems and methods for group bandwidth management in a communication systems network |
-
2013
- 2013-11-29 CN CN201310627173.1A patent/CN104683300B/en active Active
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101309204A (en) * | 2007-05-18 | 2008-11-19 | 中国电信股份有限公司 | Method and system regulating access bandwidth in real-time |
| CN101217567A (en) * | 2008-01-08 | 2008-07-09 | 杭州华三通信技术有限公司 | A webpage push method, system and device |
| CN101222411A (en) * | 2008-01-22 | 2008-07-16 | 华为技术有限公司 | Method, access equipment and system for enterprise user altering service quality parameter |
| CN101588257A (en) * | 2008-05-23 | 2009-11-25 | 中兴通讯股份有限公司 | Method for modifying networking business attribute |
| CN101442793A (en) * | 2008-12-30 | 2009-05-27 | 杭州华三通信技术有限公司 | Access method, apparatus and system for wireless network |
| US20120185586A1 (en) * | 2011-01-18 | 2012-07-19 | Nomadix, Inc. | Systems and methods for group bandwidth management in a communication systems network |
Cited By (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107872445A (en) * | 2016-09-28 | 2018-04-03 | 华为技术有限公司 | Access authentication method, equipment and Verification System |
| CN107872445B (en) * | 2016-09-28 | 2021-01-29 | 华为技术有限公司 | Access authentication method, device and authentication system |
| CN111010377A (en) * | 2019-11-29 | 2020-04-14 | 中国电信股份有限公司云南分公司 | System and method for centralized control of broadband user session attributes |
| CN111010377B (en) * | 2019-11-29 | 2022-02-15 | 中国电信股份有限公司云南分公司 | System for centralized control of broadband user session attributes |
| CN112910882A (en) * | 2021-01-28 | 2021-06-04 | 山东有人物联网股份有限公司 | Network management method, device, system and computer readable storage medium |
| CN112910882B (en) * | 2021-01-28 | 2022-08-12 | 山东有人物联网股份有限公司 | Network management method, device, system and computer readable storage medium |
| CN113079181A (en) * | 2021-04-21 | 2021-07-06 | 深圳天源锦合技术有限公司 | Method, terminal and storage medium for accessing internet flow by baseband access domain |
| CN113079181B (en) * | 2021-04-21 | 2022-06-24 | 深圳天源锦合技术有限公司 | Method, terminal and storage medium for accessing internet flow by baseband access domain |
Also Published As
| Publication number | Publication date |
|---|---|
| CN104683300B (en) | 2018-07-17 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN102196012B (en) | Service opening method, system and service opening server | |
| CN102724647B (en) | Method and system for access capability authorization | |
| CN102573112B (en) | Telecommunication network capability opening method, system and alliance support platform | |
| CN100502307C (en) | Integrated user safety management method and device | |
| CN103039050B (en) | For managing the method for access to protected resource and delegable in a computer network | |
| CN100574194C (en) | A kind of method of safety management maintenance equipment and device | |
| CN102904870B (en) | Server unit and information processing method | |
| CN101990183A (en) | Method, device and system for protecting user information | |
| CN106411825A (en) | WeChat access token acquisition method and system thereof | |
| KR20150137518A (en) | Hybride Cloud-Based ICT Service System and Method thereof | |
| CN104683300A (en) | Access method and access system for internet services | |
| CN102082672A (en) | Radius server as well as system and method for controlling broadband on-line service | |
| CN103281195B (en) | Method and the gateway device of authorization of service are provided | |
| CN112784310A (en) | Certificate management method, certificate authorization center, management node and Internet of vehicles terminal | |
| CN103957189B (en) | Application program interaction method and device | |
| CN104253787A (en) | Service authentication method and system | |
| CN100438622C (en) | Controlled multicast managing method for network interactive television roaming user | |
| CN102045398B (en) | Portal-based distributed control method and equipment | |
| CN103124252A (en) | Client application access authentication processing method and device | |
| CN103888415B (en) | The nomadic control method and device of IMS user | |
| CN104394151A (en) | Method, device and system for accessing campus network into operator network | |
| CN104113511A (en) | IMS network access method, system, and correlative device | |
| CN101827347A (en) | Communication method, communication system and access method to service provider base | |
| EP1657848A1 (en) | System and method for implementing data service prepayment | |
| CN104144060A (en) | Cooperative charging method based on application, device and system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| EXSB | Decision made by sipo to initiate substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |