CN113079181B - Method, terminal and storage medium for accessing internet flow by baseband access domain - Google Patents

Method, terminal and storage medium for accessing internet flow by baseband access domain Download PDF

Info

Publication number
CN113079181B
CN113079181B CN202110428906.3A CN202110428906A CN113079181B CN 113079181 B CN113079181 B CN 113079181B CN 202110428906 A CN202110428906 A CN 202110428906A CN 113079181 B CN113079181 B CN 113079181B
Authority
CN
China
Prior art keywords
user
security system
network security
access server
broadband access
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202110428906.3A
Other languages
Chinese (zh)
Other versions
CN113079181A (en
Inventor
黄丽娟
陈锌奇
柳颖
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shenzhen Tianyuan Jinhe Technology Co ltd
Original Assignee
Shenzhen Tianyuan Jinhe Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shenzhen Tianyuan Jinhe Technology Co ltd filed Critical Shenzhen Tianyuan Jinhe Technology Co ltd
Priority to CN202110428906.3A priority Critical patent/CN113079181B/en
Publication of CN113079181A publication Critical patent/CN113079181A/en
Application granted granted Critical
Publication of CN113079181B publication Critical patent/CN113079181B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/02Details
    • H04L12/14Charging, metering or billing arrangements for data wireline or wireless communications
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/08Configuration management of networks or network elements
    • H04L41/0803Configuration setting
    • H04L41/0823Configuration setting characterised by the purposes of a change of settings, e.g. optimising configuration for enhancing reliability
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/14Session management
    • H04L67/141Setup of application sessions
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/14Session management
    • H04L67/143Termination or inactivation of sessions, e.g. event-controlled end of session
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/14Session management
    • H04L67/148Migration or transfer of sessions

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Telephonic Communication Services (AREA)
  • Mobile Radio Communication Systems (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention discloses a method for accessing an internet flow by a baseband access domain, which is used for a user to safely access the internet in a WIFI access mode and comprises a common user login flow, a fixed IP account login-free and bandwidth control flow, a cross-broadband access server switching flow, a speed changing flow and a shutdown offline flow; the method comprises a common user login process, a fixed IP account login-free and bandwidth control process, a cross-broadband access server switching process, a speed change process and a shutdown offline process, wherein the common user login process is used for managing a user account of a non-fixed IP address to safely access the Internet, the fixed IP account login-free and bandwidth control process is used for managing a user account of a fixed IP address to safely access the Internet and control bandwidth, the cross-broadband access server switching process is used for managing a double-broadband access server and a double-network safety service system to switch so that a user can safely access the Internet, the speed change process is used for managing a user who accesses the Internet without flow for a long time, and the shutdown offline process is used for managing a user who owes when accessing the Internet.

Description

Method, terminal and storage medium for accessing internet flow by baseband access domain
Technical Field
The invention relates to the field of management methods for accessing the internet by a baseband access domain, in particular to a method, a terminal and a storage medium for accessing the internet by the baseband access domain.
Background
The existing internet access management method mainly realizes the management of internet access through software or hardware, and lacks the management of the internet access process of a baseband access domain.
Disclosure of Invention
The technical problem to be solved by the present invention is to provide a method for accessing an internet flow by a baseband access domain, aiming at the above-mentioned defects in the prior art, so as to solve the problem that the prior art is lack of management for accessing the internet flow by the baseband access domain.
The technical scheme adopted by the method for accessing the internet by the baseband access domain is that the method is used for a user to safely access the internet in a WIFI access mode and comprises a common user login process, a fixed IP account login-free and bandwidth control process, a cross-broadband access server switching process, a rate changing process and a shutdown offline process; the ordinary user login process is used for managing a user account of a non-fixed IP address to safely access the Internet, the fixed IP account login-free and bandwidth control process is used for managing a user account of a fixed IP address to safely access the Internet and control bandwidth, the cross-broadband access server switching process is used for managing the double-broadband access server and the double-network safety service system to switch so that a user can safely access the Internet, the rate change process is used for managing a user who accesses the Internet and does not have flow for a long time, and the shutdown offline process is used for managing a user who defaults when accessing the Internet;
the common user login process comprises a terminal, a broadband access server, a network security system, a portal website and the Internet, and comprises the following steps:
s101: a user logs in the broadband access server through the terminal through WIFI;
s102: the broadband access server receives a public account access authentication request of a user;
s103: the broadband access server sends a public account access authentication request to the network security system;
s104: the network security system accesses the authentication request through a public account, and requires that attributes carried by a message sent by the broadband access server include: user IP, Session-ID and AAA do not drop the ticket;
s105: the broadband access server sends a public account billing start request to the network security system, and the carried attributes comprise: user IP, Session-ID and AAA do not drop the ticket;
s106: the broadband access server redirects the browser opened by the user to the portal website, and the user inputs a login user name and a password in the portal website;
s107: after the user clicks login, the portal website sends a user authentication request to the network security system;
s108: the network security system passes user authentication and sends user authentication information to the portal website;
s109: the portal website displays prompt information of successful user authentication to the user through the terminal;
s110: the network security system sends a care-of address COA message to the broadband access server, updates the user IP, the Session-ID and the AAA non-drop call ticket, and enables the user to access the Internet;
s111: the broadband access server sends a public account billing start request to the network security system, wherein the attributes carried by a message of the public account billing start request include: user IP, Session-ID, AAA call ticket;
s112: the network security system generates a starting ticket file;
s113: a user acquires the access right of the internet through the terminal;
s114: the user starts to use the service of the internet through the broadband access server via the terminal;
s115: after 30 seconds of the previous care-of address COA message, the network security system sends a new care-of address COA message to the broadband access server, wherein the new care-of address COA message is completely consistent with the previous care-of address COA message;
s116: the broadband access server sends a charging message of a public account to the network security system, and the carried attributes comprise: user IP, Session-ID;
s117: the network security system generates an intermediate ticket file;
s118: a user clicks a offline button on the portal website through the terminal;
s119: the portal website displays user offline prompt information through the terminal;
s120: the portal website informs the network security system of the Session being offline;
s121: the network security system sends a Device Management (DM) message of the Session to the broadband access server;
s122: the broadband access server sends a charging end message of a public account to the network security system, and the WIFI connection of a user is disconnected;
s123: and the network security system generates a call ticket ending file.
Further, the fixed IP account login-free and bandwidth control process comprises a terminal, a broadband access server, a network security system and the Internet, and comprises the following steps:
s201: a user logs in the broadband access server through the terminal through WIFI;
s202: the broadband access server receives a public account access authentication request of a user;
s203: the broadband access server sends a public account access authentication request to the network security system;
s204: the network security system accesses the authentication request through a public account, and requires that attributes carried by a message sent by the broadband access server include: user IP, Session-ID and AAA do not drop the ticket;
s205: the broadband access server sends a public account billing start request to the network security system, and the carried attributes comprise: user IP, Session-ID and AAA do not drop the ticket;
s206: the network security system sends a care-of address COA message to the broadband access server to update the user IP, Session-ID and AAA non-drop call ticket, so that the user can access the Internet;
s207: the broadband access server sends a public account billing starting request to the network security system, and the carried attributes comprise: user IP, Session-ID, AAA call ticket;
s208: the network security system generates a starting ticket file;
s209: a user acquires the access right of the internet through the terminal;
s210: the user starts to use the service of the internet through the broadband access server via the terminal;
s211: after 30 seconds of the previous care-of address COA message, the network security system sends a new care-of address COA message to the broadband access server, the new care-of address COA message is completely consistent with the previous care-of address COA message, and the new care-of address COA message can carry a speed limit attribute to change the internet access rate of a user;
s212: the broadband access server sends a charging message of a public account to the network security system, and the carried attributes comprise: user IP, Session-ID;
s213: the network security system generates an intermediate ticket file;
s214: the broadband access server sends the charging information of the public account to the network security system, and the carried attributes comprise: user IP, Session-ID;
s215: the user closes WIFI for a long time without flow at the terminal and is kicked off the line by the broadband access server;
s216: the broadband access server judges that the user is disconnected and sends a charging end message of a public account to the network security system;
s217: the network security system sends a Device Management (DM) message of the Session to the broadband access server;
s218: and the network security system generates a call ticket ending file.
Further, the switching process of the cross-broadband access server comprises a terminal, a first broadband access server, a first network security system, a second broadband access server, a second network security system and the internet, and comprises the following steps:
s301: a user acquires the access right of the internet through the terminal;
s302: a user starts to use the service of the internet through the first broadband access server via the terminal;
s303: after 30 seconds from the last time of the care-of address COA message of the available public network, the first network security system sends the care-of address COA message of the available public network to the first broadband access server again;
s304: the first broadband access server sends a charging message of a public account to the first network security system, and the carried attributes comprise: user IP and Session-ID;
s305: the first network security system generates an intermediate ticket file;
s306: a small station supporting the user to log in at the terminal is switched from the first broadband access server to the second broadband access server;
s307: the second broadband access server initiates a public account access authentication request to the second network security system;
s308: the second network security system requests the attributes carried by the message sent by the second broadband access server to include, through a public account authentication request: user IP, Session-ID and AAA do not drop the ticket;
s309: the second broadband access server sends a public account number charging starting request to the second network security system, and the carried attributes comprise: user IP and Session-ID;
s310: the second network security system informs the first network security system that the user is offline from the first broadband access server and that the user has an old session on the first broadband access server;
s311: the first network security system sends a Device Management (DM) message of the old session to the first broadband access server;
s312: the first broadband access server sends a charging end message of a public account to the first network security system, and disconnects the WIFI connection of a user;
s313: the first network security system generates a call ticket ending file;
s314: the second network security system sends a care-of address COA message to the second broadband access server, updates user IP, Session-ID and AAA non-drop call ticket, and enables the user to access the Internet;
s315: the second broadband access server sends a charging message of a public account to the second network security system, and the carried attributes comprise: user IP, Session-ID;
s316: the second network security system generates a start ticket file;
s317: the user starts to access the service of the internet through the second broadband access server via the terminal;
s318: after 30 seconds from the last available care-of-address COA message, the second network security system continuously sends an on-line care-of-address COA message to the second broadband access server, wherein the care-of-address COA message is completely consistent with the previous care-of-address COA message;
s319: the second broadband access server sends a charging message of a public account to the second network security system, and the carried attributes comprise: user IP, Session-ID;
s320: the second network security system generates an intermediate ticket file;
s321: the user turns off WIFI, and when no flow exists for a long time, the second network security system sends a care-of address COA message of an unavailable public network of a public account to the second broadband access server according to a rule that the flow is smaller than a specified threshold value within a certain time period;
s322: the second broadband access server judges that the user is disconnected and sends a charging end message of the public account to the second network security system;
s323: and the second network security system generates a call ticket ending file.
Further, the rate change process comprises a terminal, a broadband access server, a network security system, a charging system and the internet, and comprises the following steps:
s401: the network security system sends a care-of address COA message to the broadband access server, updates user IP, Session-ID and AAA non-dropping call ticket, and enables the user to access the internet;
s402: the broadband access server sends a charging start request of a public account to the network security system, and the carried attributes comprise: user IP, Session-ID, AAA call ticket;
s403: the network security system generates a start ticket file;
s404: a user acquires the access right of the internet through the terminal;
s405: the user starts to use the service of the internet through the broadband access server via the terminal;
s406: after 40 seconds of the previous care-of address COA message, the network security system sends a new care-of address COA message to the broadband access server, wherein the new care-of address COA message is completely consistent with the previous care-of address COA message;
s407: the broadband access server sends a charging message of a public account to the network security system, and the carried attributes comprise: user IP and Session-ID;
s408: the network security system generates an intermediate ticket file;
s409: the rate ordered by the user is changed, and the charging system sends a rate change account opening instruction to the network security system;
s410: the network security system sends a rate-changed non-internet-available care-of address (COA) message to the broadband access server;
s411: the broadband access server sends a public account number charging starting request to the network security system, and the carried attributes comprise: user IP and Session-ID;
s412: and the network security system generates a call ticket ending file.
Further, the shutdown offline process comprises a terminal, a broadband access server, a network security system, a charging system and the internet, and comprises the following steps:
s501: the network security system sends a care-of address COA message to the broadband access server, updates user IP, Session-ID and AAA non-dropping call ticket, and enables the user to access the internet;
s502: the broadband access server sends a charging start request of a public account to the network security system, and the carried attributes comprise: user IP, Session-ID, AAA call ticket;
s503: the network security system generates a starting ticket file;
s504: a user acquires the access right of the internet through the terminal;
s505: the user starts to use the service of the internet through the broadband access server via the terminal;
s506: after 50 seconds of the previous care-of address COA message, the network security system sends a new care-of address COA message to the broadband access server, wherein the new care-of address COA message is completely consistent with the previous care-of address COA message;
s507: the broadband access server sends a charging message of a public account to the network security system, and the carried attributes comprise: user IP and Session-ID;
s508: the network security system generates an intermediate ticket file;
s509: the user is in arrearage, and the charging system sends an account opening and shutdown command to the network security system;
s510: the network security system sends a rate-changed non-internet-available care-of address (COA) message to the broadband access server;
s511: the broadband access server sends a charging message of a public account to the network security system, and the carried attributes comprise: user IP, Session-ID, AAA call ticket;
s512: and the network security system generates a call ticket ending file.
Furthermore, after the care-of address COA message is authenticated by the user, the administrator modifies the authority of the online user through the RADIUS protocol; the care-of address COA message is used to dynamically change the subscriber attributes of a remote dialing subscriber without the subscriber going offline.
Further, the device management DM message is a user offline message, which is a message actively initiated by the RADIUS server to force the user to go offline.
Furthermore, the charging system is used for calculating the account amount of the prepaid user in real time according to the charging standard established by China Mobile and implementing instant halt for the defaulting user.
The present invention also includes a terminal comprising a memory, a processor and a computer program stored in the memory and executable on the processor, wherein the processor implements the steps of the method for accessing the internet procedure by the baseband access domain as described above when executing the computer program.
The present invention also includes a computer readable storage medium storing a computer program, which when executed by a processor implements the steps of a method for a baseband access domain to access the internet process as described above.
Compared with the prior art, the invention has the beneficial effects that: the invention provides a method for accessing internet flow by a baseband access domain, which solves the problem that the prior art is lack of management on the internet flow accessed by the baseband access domain.
Drawings
In order to more clearly illustrate the technical solutions in the embodiments of the present invention, the drawings needed to be used in the embodiments will be briefly described below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and it is obvious for those skilled in the art that other drawings can be obtained according to these drawings without creative efforts.
Fig. 1 is a schematic diagram of a common user login process of a baseband access domain internet access process method according to an embodiment of the present invention.
Fig. 2 is a schematic view of a fixed IP account login-free and bandwidth control process of a baseband access domain internet access process method according to an embodiment of the present invention.
Fig. 3 is a schematic diagram of a handover procedure of a cross-broadband access server of a method for accessing the internet through a baseband access domain according to an embodiment of the present invention.
Fig. 4 is a schematic diagram of a rate change process of a baseband access domain access internet process method according to an embodiment of the present invention.
Fig. 5 is a schematic shutdown and offline flow diagram of a method for a baseband access domain to access the internet according to an embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, the present invention is described in further detail below with reference to the accompanying drawings and embodiments. It should be understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention.
The same or similar reference numerals in the drawings of the present embodiment correspond to the same or similar components; in the description of the present invention, it should be noted that when an element is referred to as being "fixed" to another element, it can be directly on the other element or intervening elements may also be present. When an element is referred to as being "connected" to another element, it can be directly connected to the other element or intervening elements may be present, it is to be understood that the terms "upper", "lower", "left", "right", and the like, if any, refer to an orientation or positional relationship based on that shown in the drawings, that is for convenience in describing and simplifying the description, and that no indication or suggestion that the referenced device or element must have a particular orientation, be constructed and operated in a particular orientation, is therefore depicted in the drawings by the use of positional relationship descriptive terms only for purposes of illustration and not for purposes of limitation, the particular meaning of such terms being interpreted as broadly as will be understood by those skilled in the art based on the particular circumstances.
The technical solution of the present invention is described in detail below with reference to the accompanying drawings and specific embodiments.
The invention provides a method for accessing internet flow by a baseband access domain, which is better implemented as shown in fig. 1 to 5, and is used for a user to safely access the internet through a WIFI access mode, and comprises a common user login flow, a fixed IP account login-free and bandwidth control flow, a cross-broadband access server switching flow, a rate change flow and a shutdown offline flow; the method comprises a common user login process, a fixed IP account login-free and bandwidth control process, a cross-broadband access server switching process, a speed change process and a shutdown offline process, wherein the common user login process is used for managing a user account of a non-fixed IP address to safely access the Internet, the fixed IP account login-free and bandwidth control process is used for managing a user account of a fixed IP address to safely access the Internet and control bandwidth, the cross-broadband access server switching process is used for managing a double-broadband access server and a double-network safety service system to switch so that a user can safely access the Internet, the speed change process is used for managing a user who accesses the Internet without flow for a long time, and the shutdown offline process is used for managing a user who owes when accessing the Internet.
Compared with the prior art, the method for accessing the internet flow by the baseband access domain solves the problem that the prior art is lack of management on the internet flow accessed by the baseband access domain.
The first embodiment is as follows:
referring to fig. 1, a general user login process includes a terminal, a broadband access server, a network security system, a web portal, and the internet, and includes the following steps:
s101: a user logs in a broadband access server through a terminal through WIFI;
s102: the broadband access server receives a public account access authentication request of a user;
s103: the broadband access server sends a public account access authentication request to a network security system;
s104: the network security system accesses the authentication request through the public account, and requires the attributes carried by the message sent by the broadband access server to comprise: user IP, Session-ID and AAA do not drop the ticket;
s105: the broadband access server sends a public account billing starting request to the network security system, and the carried attributes comprise: user IP, Session-ID and AAA do not drop the ticket;
s106: the broadband access server redirects the browser opened by the user to a portal website, and the user inputs a login user name and a password in the portal website;
s107: after the user clicks login, the portal website sends a user authentication request to the network security system;
s108: the network security system passes user authentication and sends user authentication information to a portal website;
s109: the portal website displays prompt information of successful user authentication to the user through the terminal;
s110: the network security system sends a care-of address COA message to the broadband access server, updates the user IP, Session-ID and AAA non-drop call ticket, and enables the user to access the Internet;
s111: the broadband access server sends a public account number charging starting request to a network security system, wherein the attribute carried by a message of the public account number charging starting request comprises: user IP, Session-ID, AAA call ticket;
s112: the network security system generates a starting ticket file;
s113: a user acquires the access right of the Internet through a terminal;
s114: a user starts to use the internet service through a broadband access server via a terminal;
s115: after 30 seconds of the previous care-of address COA message, the network security system sends a new care-of address COA message to the broadband access server, and the new care-of address COA message is completely consistent with the previous care-of address COA message;
s116: the broadband access server sends a charging message of a public account to the network security system, and the carried attributes comprise: user IP, Session-ID;
s117: the network security system generates an intermediate ticket file;
s118: a user clicks an offline button on a portal website through a terminal;
s119: the portal website displays user offline prompt information through the terminal;
s120: the portal website informs the network security system of the Session being offline;
s121: the network security system sends the device management DM message of the Session to the broadband access server;
s122: the broadband access server sends a charging end message of the public account to the network security system, and the WIFI connection of the user is disconnected;
s123: and the network security system generates a call ticket ending file.
Example two:
referring to fig. 2, the fixed IP account login-free and bandwidth control process includes a terminal, a broadband access server, a network security system, and the internet, and includes the following steps:
s201: a user logs in a broadband access server through a terminal through WIFI;
s202: the broadband access server receives a public account access authentication request of a user;
s203: the broadband access server sends a public account access authentication request to a network security system;
s204: the network security system accesses the authentication request through the public account, and requires the attributes carried by the message sent by the broadband access server to comprise: user IP, Session-ID and AAA do not drop the ticket;
s205: the broadband access server sends a public account billing starting request to the network security system, and the carried attributes comprise: user IP, Session-ID and AAA do not drop the ticket;
s206: the network security system sends a care-of address COA message to the broadband access server, updates the user IP, Session-ID and AAA non-drop call ticket, and enables the user to access the Internet;
s207: the broadband access server sends a public account billing start request to the network security system, and the carried attributes comprise: user IP, Session-ID, AAA call ticket;
s208: the network security system generates a starting ticket file;
s209: a user acquires the access right of the internet through a terminal;
s210: a user starts to use the internet service through a broadband access server via a terminal;
s211: after 30 seconds of the previous care-of address COA message, the network security system sends a new care-of address COA message to the broadband access server, the new care-of address COA message is completely consistent with the previous care-of address COA message, and the new care-of address COA message can carry the speed limit attribute to change the internet speed of the user;
s212: the broadband access server sends a charging message of the public account to the network security system, and the carried attributes comprise: user IP, Session-ID;
s213: the network security system generates an intermediate ticket file;
s214: the broadband access server sends the charging information of the public account to the network security system, and the carried attributes comprise: user IP, Session-ID;
s215: the user closes WIFI at the terminal for a long time without flow, and is kicked off the line by the broadband access server;
s216: the broadband access server judges that the user is disconnected and sends a charging end message of the public account to the network security system;
s217: the network security system sends the device management DM message of the Session to the broadband access server;
s218: and the network security system generates a call ticket ending file.
Example three:
referring to fig. 3, the switching process of the cross broadband access server comprises a terminal, a first broadband access server, a first network security system, a second broadband access server, a second network security system and the internet, and comprises the following steps:
s301: a user acquires the access right of the internet through a terminal;
s302: a user starts to use the service of the internet through a first broadband access server via a terminal;
s303: after 30 seconds before the last time of the care-of address COA message of the available public network, the first network security system sends the care-of address COA message of the available public network to the first broadband access server again;
s304: the first broadband access server sends a charging message of a public account to the first network security system, and the carried attributes comprise: user IP and Session-ID;
s305: the first network security system generates an intermediate ticket file;
s306: a small station supporting a user to log in at a terminal is switched from a first broadband access server to a second broadband access server;
s307: the second broadband access server initiates a public account access authentication request to the second network security system;
s308: the second network security system requests the attributes carried by the message sent by the second broadband access server to include, through the public account authentication request: user IP, Session-ID and AAA do not drop the ticket;
s309: the second broadband access server sends a public account number charging starting request to the second network security system, and the carried attributes comprise: user IP and Session-ID;
s310: the second network security system informs the first network security system that the user is offline from the first broadband access server and the old session of the user on the first broadband access server;
s311: the first network security system sends a Device Management (DM) message of the old session to the first broadband access server;
s312: the first broadband access server sends a charging end message of the public account to the first network security system, and disconnects the WIFI connection of the user;
s313: a first network security system generates a call ticket ending file;
s314: the second network security system sends a care-of address COA message to a second broadband access server, updates user IP, Session-ID and AAA non-drop call ticket, and enables the user to access the Internet;
s315: the second broadband access server sends a charging message of the public account to the second network security system, and the carried attributes comprise: user IP, Session-ID;
s316: the second network security system generates a start ticket file;
s317: the user starts to access the service of the internet through the second broadband access server via the terminal;
s318: after 30 seconds from the last available care-of address COA message, the second network security system continues to send an on-line care-of address COA message to the second broadband access server, wherein the care-of address COA message is completely consistent with the previous care-of address COA message;
s319: the second broadband access server sends the charging information of the public account to the second network security system, and the carried attributes comprise: user IP, Session-ID;
s320: the second network security system generates an intermediate ticket file;
s321: the user turns off WIFI, and when no flow exists for a long time, the second network security system sends a care-of address COA message of an unavailable public network of a public account to the second broadband access server according to a rule that the flow is smaller than a specified threshold value within a certain time period;
s322: the second broadband access server judges that the user is disconnected and sends a charging end message of the public account to the second network security system;
s323: and the second network security system generates a call ticket ending file.
Example four:
referring to fig. 4, the rate change process is composed of a terminal, a broadband access server, a network security system, a charging system, and the internet, and includes the following steps:
s401: the network security system sends a care-of address COA message to the broadband access server, updates user IP, Session-ID and AAA non-dropping call ticket, and enables the user to access the Internet;
s402: the broadband access server sends a charging start request of a public account to a network security system, and the carried attributes comprise: user IP, Session-ID, AAA call ticket;
s403: the network security system generates a starting ticket file;
s404: a user acquires the access right of the Internet through a terminal;
s405: a user starts to use the internet service through a broadband access server via a terminal;
s406: after 40 seconds of the previous care-of address COA message, the network security system sends a new care-of address COA message to the broadband access server, and the new care-of address COA message is completely consistent with the previous care-of address COA message;
s407: the broadband access server sends a charging message of a public account to the network security system, and the carried attributes comprise: user IP and Session-ID;
s408: the network security system generates an intermediate ticket file;
s409: the rate ordered by the user is changed, and the charging system sends a rate change account opening instruction to the network security system;
s410: the network security system sends a rate-changed internet access unavailable care-of address (COA) message to the broadband access server;
s411: the broadband access server sends a public account number charging starting request to the network security system, and the carried attributes comprise: user IP and Session-ID;
s412: and the network security system generates a call ticket ending file.
Example five:
referring to fig. 5, the shutdown offline process comprises a terminal, a broadband access server, a network security system, a charging system and the internet, and comprises the following steps:
s501: the network security system sends a care-of address COA message to the broadband access server, updates user IP, Session-ID and AAA non-dropping call ticket, and enables the user to access the Internet;
s502: the broadband access server sends a charging start request of a public account to the network security system, and the carried attributes comprise: user IP, Session-ID, AAA call list;
s503: the network security system generates a starting ticket file;
s504: a user acquires the access right of the internet through a terminal;
s505: a user starts to use the internet service through a broadband access server via a terminal;
s506: after 50 seconds of the previous care-of address COA message, the network security system sends a new care-of address COA message to the broadband access server, and the new care-of address COA message is completely consistent with the previous care-of address COA message;
s507: the broadband access server sends a charging message of a public account to the network security system, and the carried attributes comprise: user IP and Session-ID;
s508: the network security system generates an intermediate ticket file;
s509: the user is owing, and the charging system sends an order of canceling user halt to the network security system;
s510: the network security system sends a rate-changed internet access unavailable care-of address (COA) message to the broadband access server;
s511: the broadband access server sends a charging message of the public account to the network security system, and the carried attributes comprise: user IP, Session-ID, AAA call ticket;
s512: and the network security system generates a call ticket ending file.
As an implementation mode of the invention, after the care-of address COA message is authenticated by a user, an administrator modifies the authority of the online user through an RADIUS protocol; the care-of address COA message is used to dynamically change the subscriber attributes of a remote dialing subscriber without the subscriber going offline.
As an embodiment of the present invention, the device management DM message is a user offline message, which is a message actively initiated by the RADIUS server to force the user to go offline.
As an implementation mode of the invention, the charging system is used for calculating the account amount of the prepaid user in real time according to the charging standard set by China Mobile and implementing instant halt for the defaulting user.
The invention also provides a terminal, which comprises a memory, a processor and a computer program which is stored in the memory and can run on the processor, wherein the processor realizes the steps of the method for accessing the internet flow by the baseband access domain when executing the computer program.
The invention also provides a computer readable storage medium, which stores a computer program, and the computer program realizes the steps of the method for accessing the internet flow by the baseband access domain when being executed by a processor.
Preferably, all computer programs related to the present invention are written and implemented by using existing, public, open-source program codes; the technical solution according to the embodiments of the present invention can be implemented very easily by software programmers in the art.
The above description is intended to be illustrative of the preferred embodiment of the present invention and should not be taken as limiting the invention, but rather, the intention is to cover all modifications, equivalents, and alternatives falling within the spirit and scope of the invention.

Claims (10)

1. A method for accessing Internet flow through a baseband access domain is characterized in that a user can safely access the Internet through a WIFI access mode and comprises a common user login flow, a fixed IP account login-free and bandwidth control flow, a cross-broadband access server switching flow, a rate changing flow and a shutdown offline flow; the ordinary user login process is used for managing a user account of a non-fixed IP address to safely access the Internet, the fixed IP account login-free and bandwidth control process is used for managing a user account of a fixed IP address to safely access the Internet and control bandwidth, the cross-broadband access server switching process is used for managing the double-broadband access server and the double-network safety service system to switch so that a user can safely access the Internet, the rate change process is used for managing a user who accesses the Internet and does not have flow for a long time, and the shutdown offline process is used for managing a user who defaults when accessing the Internet;
the common user login process comprises a terminal, a broadband access server, a network security system, a portal website and the Internet, and comprises the following steps:
s101: a user logs in the broadband access server through the terminal through WIFI;
s102: the broadband access server receives a public account access authentication request of a user;
s103: the broadband access server sends a public account access authentication request to the network security system;
s104: the network security system accesses the authentication request through a public account, and requires that attributes carried by a message sent by the broadband access server include: user IP, Session-ID and AAA do not drop the ticket;
s105: the broadband access server sends a public account billing start request to the network security system, and the carried attributes comprise: user IP, Session-ID and AAA do not drop the ticket;
s106: the broadband access server redirects the browser opened by the user to the portal website, and the user inputs a login user name and a password in the portal website;
s107: after the user clicks login, the portal website sends a user authentication request to the network security system;
s108: the network security system passes user authentication and sends user authentication information to the portal website;
s109: the portal website displays prompt information of successful user authentication to the user through the terminal;
s110: the network security system sends a care-of address COA message to the broadband access server to update the user IP, Session-ID and AAA non-drop call ticket, so that the user can access the Internet;
s111: the broadband access server sends a public account billing start request to the network security system, wherein the attributes carried by a message of the public account billing start request include: user IP, Session-ID, AAA call ticket;
s112: the network security system generates a starting ticket file;
s113: a user acquires the access right of the internet through the terminal;
s114: the user starts to use the service of the internet through the broadband access server via the terminal;
s115: after 30 seconds of the previous care-of address COA message, the network security system sends a new care-of address COA message to the broadband access server, wherein the new care-of address COA message is completely consistent with the previous care-of address COA message;
s116: the broadband access server sends a charging message of a public account to the network security system, and the carried attributes comprise: user IP, Session-ID;
s117: the network security system generates an intermediate ticket file;
s118: a user clicks a offline button on the portal website through the terminal;
s119: the portal website displays user offline prompt information through the terminal;
s120: the portal website informs the network security system of the Session being offline;
s121: the network security system sends a Device Management (DM) message of the Session to the broadband access server;
s122: the broadband access server sends a charging end message of a public account to the network security system, and the WIFI connection of a user is disconnected;
s123: and the network security system generates a call ticket ending file.
2. The method as claimed in claim 1, wherein the fixed IP account login-free and bandwidth control process comprises a terminal, a broadband access server, a network security system, and the internet, and comprises the following steps:
s201: a user logs in the broadband access server through the terminal through WIFI;
s202: the broadband access server receives a public account access authentication request of a user;
s203: the broadband access server sends a public account access authentication request to the network security system;
s204: the network security system accesses the authentication request through a public account, and requires that attributes carried by a message sent by the broadband access server include: user IP, Session-ID and AAA do not drop the ticket;
s205: the broadband access server sends a public account billing start request to the network security system, and the carried attributes comprise: user IP, Session-ID and AAA do not drop the ticket;
s206: the network security system sends a care-of address COA message to the broadband access server, updates the user IP, the Session-ID and the AAA non-drop call ticket, and enables the user to access the Internet;
s207: the broadband access server sends a public account billing starting request to the network security system, and the carried attributes comprise: user IP, Session-ID, AAA call ticket;
s208: the network security system generates a starting ticket file;
s209: a user acquires the access right of the internet through the terminal;
s210: the user starts to use the service of the internet through the broadband access server via the terminal;
s211: after 30 seconds of the previous care-of address COA message, the network security system sends a new care-of address COA message to the broadband access server, the new care-of address COA message is completely consistent with the previous care-of address COA message, and the new care-of address COA message can carry a speed limit attribute to change the internet access rate of a user;
s212: the broadband access server sends a charging message of a public account to the network security system, and the carried attributes comprise: user IP, Session-ID;
s213: the network security system generates an intermediate ticket file;
s214: the broadband access server sends the charging information of the public account to the network security system, and the carried attributes comprise: user IP, Session-ID;
s215: the user closes WIFI for a long time without flow at the terminal and is kicked off the line by the broadband access server;
s216: the broadband access server judges that the user is disconnected and sends a charging end message of a public account to the network security system;
s217: the network security system sends a Device Management (DM) message of the Session to the broadband access server;
s218: and the network security system generates a call ticket ending file.
3. The method for accessing the internet through the baseband access domain as claimed in claim 1, wherein the handover procedure across the broadband access servers is composed of a terminal, a first broadband access server, a first network security system, a second broadband access server, a second network security system, and the internet, and comprises the following steps:
s301: a user acquires the access right of the Internet through the terminal;
s302: a user starts to use the service of the internet through the first broadband access server via the terminal;
s303: after 30 seconds from the last time of the care-of address COA message of the available public network, the first network security system sends the care-of address COA message of the available public network to the first broadband access server again;
s304: the first broadband access server sends a charging message of a public account to the first network security system, wherein the carried attributes comprise: user IP and Session-ID;
s305: the first network security system generates an intermediate ticket file;
s306: a small station supporting the user to log in at the terminal is switched from the first broadband access server to the second broadband access server;
s307: the second broadband access server initiates a public account access authentication request to the second network security system;
s308: the second network security system requests the attributes carried by the message sent by the second broadband access server to include, through a public account authentication request: user IP, Session-ID and AAA do not drop the ticket;
s309: the second broadband access server sends a public account number charging starting request to the second network security system, and the carried attributes comprise: user IP and Session-ID;
s310: the second network security system informs the first network security system that the user is offline from the first broadband access server and that the user has an old session on the first broadband access server;
s311: the first network security system sends a Device Management (DM) message of the old session to the first broadband access server;
s312: the first broadband access server sends a charging end message of a public account to the first network security system, and disconnects the WIFI connection of a user;
s313: the first network security system generates a call ticket ending file;
s314: the second network security system sends a care-of address COA message to the second broadband access server, updates user IP, Session-ID and AAA non-drop call ticket, and enables the user to access the Internet;
s315: the second broadband access server sends a charging message of a public account to the second network security system, and the carried attributes comprise: user IP, Session-ID;
s316: the second network security system generates a start ticket file;
s317: the user starts to access the service of the internet through the second broadband access server via the terminal;
s318: after 30 seconds from the last available care-of address COA message, the second network security system continues to send an on-line care-of address COA message to the second broadband access server, wherein the care-of address COA message is completely consistent with the previous care-of address COA message;
s319: the second broadband access server sends a charging message of a public account to the second network security system, and the carried attributes comprise: user IP, Session-ID;
s320: the second network security system generates an intermediate ticket file;
s321: the user turns off WIFI, and when no flow exists for a long time, the second network security system sends a care-of address COA message of an unavailable public network of a public account to the second broadband access server according to a rule that the flow is smaller than a specified threshold value within a certain time period;
s322: the second broadband access server judges that the user is disconnected and sends a charging end message of the public account to the second network security system;
s323: and the second network security system generates a call ticket ending file.
4. The method as claimed in claim 1, wherein the rate change procedure comprises a terminal, a broadband access server, a network security system, a billing system, and the internet, and comprises the following steps:
s401: the network security system sends a care-of address COA message to the broadband access server, updates user IP, Session-ID and AAA non-dropping call ticket, and enables the user to access the internet;
s402: the broadband access server sends a charging start request of a public account to the network security system, and the carried attributes comprise: user IP, Session-ID, AAA call ticket;
s403: the network security system generates a starting ticket file;
s404: a user acquires the access right of the internet through the terminal;
s405: the user starts to use the service of the internet through the broadband access server via the terminal;
s406: after 40 seconds of interval with the previous care-of address COA message, the network security system sends a new care-of address COA message to the broadband access server, wherein the new care-of address COA message is completely consistent with the previous care-of address COA message;
s407: the broadband access server sends a charging message of a public account to the network security system, and the carried attributes comprise: user IP and Session-ID;
s408: the network security system generates an intermediate ticket file;
s409: the rate ordered by the user is changed, and the charging system sends a rate change account opening instruction to the network security system;
s410: the network security system sends a rate-changed internet-unavailable care-of address (COA) message to the broadband access server;
s411: the broadband access server sends a public account number charging starting request to the network security system, and the carried attributes comprise: user IP and Session-ID;
s412: and the network security system generates a call ticket ending file.
5. The method for accessing the internet through the baseband access domain as claimed in claim 1, wherein the shutdown offline process comprises a terminal, a broadband access server, a network security system, a billing system, and the internet, and comprises the following steps:
s501: the network security system sends a care-of address COA message to the broadband access server, updates user IP, Session-ID and AAA non-dropping call ticket, and enables the user to access the internet;
s502: the broadband access server sends a charging start request of a public account to the network security system, and the carried attributes comprise: user IP, Session-ID, AAA call ticket;
s503: the network security system generates a starting ticket file;
s504: a user acquires the access right of the internet through the terminal;
s505: the user starts to use the service of the internet through the broadband access server via the terminal;
s506: after 50 seconds of the previous care-of address COA message, the network security system sends a new care-of address COA message to the broadband access server, wherein the new care-of address COA message is completely consistent with the previous care-of address COA message;
s507: the broadband access server sends a charging message of a public account to the network security system, and the carried attributes comprise: user IP and Session-ID;
s508: the network security system generates an intermediate ticket file;
s509: the user is in arrearage, and the charging system sends an order of opening account and stopping the machine to the network security system;
s510: the network security system sends a rate-changed non-internet-available care-of address (COA) message to the broadband access server;
s511: the broadband access server sends a charging message of a public account to the network security system, and the carried attributes comprise: user IP, Session-ID, AAA call ticket;
s512: and the network security system generates a call ticket ending file.
6. The method for baseband access domain to access internet flow according to any one of claims 1-5, wherein the care-of address COA message is user authentication, and then the administrator modifies the authority of the on-line user through RADIUS protocol; the care-of address COA message is used to dynamically change the subscriber attributes of a remote dialing subscriber without the subscriber going offline.
7. The method as claimed in any one of claims 1 to 3, wherein the device management DM message is a user offline message, which is a message actively initiated by the RADIUS server to force the user offline.
8. The method as claimed in any one of claims 4 to 5, wherein the charging system is used for calculating the account amount of the prepaid subscriber in real time according to the charging standard established by China Mobile and implementing an instant stop for the subscriber in arrears.
9. A terminal comprising a memory, a processor and a computer program stored in the memory and executable on the processor, wherein the processor when executing the computer program implements the steps of a baseband access domain access to internet procedures method according to any one of claims 1 to 5.
10. A computer-readable storage medium, in which a computer program is stored, which, when being executed by a processor, carries out the steps of a method for a baseband access domain to access the internet procedure as claimed in any one of claims 1 to 5.
CN202110428906.3A 2021-04-21 2021-04-21 Method, terminal and storage medium for accessing internet flow by baseband access domain Active CN113079181B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110428906.3A CN113079181B (en) 2021-04-21 2021-04-21 Method, terminal and storage medium for accessing internet flow by baseband access domain

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110428906.3A CN113079181B (en) 2021-04-21 2021-04-21 Method, terminal and storage medium for accessing internet flow by baseband access domain

Publications (2)

Publication Number Publication Date
CN113079181A CN113079181A (en) 2021-07-06
CN113079181B true CN113079181B (en) 2022-06-24

Family

ID=76618215

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110428906.3A Active CN113079181B (en) 2021-04-21 2021-04-21 Method, terminal and storage medium for accessing internet flow by baseband access domain

Country Status (1)

Country Link
CN (1) CN113079181B (en)

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104683300A (en) * 2013-11-29 2015-06-03 中国电信股份有限公司 Access method and access system for internet services

Family Cites Families (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101237402B (en) * 2008-02-02 2010-12-08 中兴通讯股份有限公司 AAA service session access control system and method
CN101848163A (en) * 2010-06-01 2010-09-29 中兴通讯股份有限公司 Method and system for dynamically adjusting bandwidth service and broadband policy system
CN101888389B (en) * 2010-07-19 2013-04-17 中国电信股份有限公司 Method and system for realizing uniform authentication of ICP union
CN103841218B (en) * 2012-11-20 2017-02-22 中国移动通信集团上海有限公司 Method for determining duration of public network access by user terminal and net access server
CN104780121B (en) * 2015-04-30 2018-05-08 新华三技术有限公司 A kind of file transmitting method and device
US10547614B2 (en) * 2017-03-30 2020-01-28 Juniper Networks, Inc. Bulk delivery of change of authorization data via AAA protocols
CN108282537B (en) * 2018-01-31 2021-02-26 新华三技术有限公司 Portal user offline method and access equipment
CN110932993A (en) * 2019-11-21 2020-03-27 中盈优创资讯科技有限公司 Bandwidth speed regulation management method and device

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104683300A (en) * 2013-11-29 2015-06-03 中国电信股份有限公司 Access method and access system for internet services

Also Published As

Publication number Publication date
CN113079181A (en) 2021-07-06

Similar Documents

Publication Publication Date Title
US20200084627A1 (en) Internet access authentication method and client, and computer storage medium
CN108337677B (en) Network authentication method and device
US9973513B2 (en) Method and apparatus for communication number update
WO2016145742A1 (en) Virtual sim card switching method and apparatus
WO2014139298A1 (en) Permission management method, device and system for cloud platform service
CN110445873A (en) A kind of cloud platform service cut-in method and Redirect Server
CN108712440B (en) User information management method, device, server and storage medium
CN112839331A (en) User information authentication method for wireless local area network Portal authentication escape
CN113271299B (en) Login method and server
CN106878987B (en) Communication method, system and cloud server
CN107682372A (en) User profile for Portal escapes obtains and authentication method, device and access device
CN109302437A (en) A kind of method and apparatus redirecting website
EP3855695A1 (en) Access authentication
CN106254328A (en) A kind of access control method and device
CN110300046A (en) A kind of business consultation control method, terminal and server
CN113079181B (en) Method, terminal and storage medium for accessing internet flow by baseband access domain
CN109743329B (en) Account processing method and device
CN110839050A (en) Method, system and wireless access point for detecting user offline
JP2016126670A (en) Risk base authentication method and system using portable terminal
CN109871220A (en) Electronic device login state update method and system
CN109495602A (en) A kind of processing method and processing device of network insertion exception
CN113746909A (en) Network connection method, device, electronic equipment and computer readable storage medium
KR100542921B1 (en) Method and system for preventing information utilization fare charge about unfair mobile identity number
US8285784B2 (en) Service creation via presence messaging
CN109861892A (en) A kind of terminal roaming method and device

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant