CN113079181B - Method, terminal and storage medium for accessing internet flow by baseband access domain - Google Patents
Method, terminal and storage medium for accessing internet flow by baseband access domain Download PDFInfo
- Publication number
- CN113079181B CN113079181B CN202110428906.3A CN202110428906A CN113079181B CN 113079181 B CN113079181 B CN 113079181B CN 202110428906 A CN202110428906 A CN 202110428906A CN 113079181 B CN113079181 B CN 113079181B
- Authority
- CN
- China
- Prior art keywords
- user
- security system
- network security
- access server
- broadband access
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/02—Details
- H04L12/14—Charging, metering or billing arrangements for data wireline or wireless communications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/08—Configuration management of networks or network elements
- H04L41/0803—Configuration setting
- H04L41/0823—Configuration setting characterised by the purposes of a change of settings, e.g. optimising configuration for enhancing reliability
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/14—Session management
- H04L67/141—Setup of application sessions
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/14—Session management
- H04L67/143—Termination or inactivation of sessions, e.g. event-controlled end of session
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/14—Session management
- H04L67/148—Migration or transfer of sessions
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Telephonic Communication Services (AREA)
- Mobile Radio Communication Systems (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses a method for accessing an internet flow by a baseband access domain, which is used for a user to safely access the internet in a WIFI access mode and comprises a common user login flow, a fixed IP account login-free and bandwidth control flow, a cross-broadband access server switching flow, a speed changing flow and a shutdown offline flow; the method comprises a common user login process, a fixed IP account login-free and bandwidth control process, a cross-broadband access server switching process, a speed change process and a shutdown offline process, wherein the common user login process is used for managing a user account of a non-fixed IP address to safely access the Internet, the fixed IP account login-free and bandwidth control process is used for managing a user account of a fixed IP address to safely access the Internet and control bandwidth, the cross-broadband access server switching process is used for managing a double-broadband access server and a double-network safety service system to switch so that a user can safely access the Internet, the speed change process is used for managing a user who accesses the Internet without flow for a long time, and the shutdown offline process is used for managing a user who owes when accessing the Internet.
Description
Technical Field
The invention relates to the field of management methods for accessing the internet by a baseband access domain, in particular to a method, a terminal and a storage medium for accessing the internet by the baseband access domain.
Background
The existing internet access management method mainly realizes the management of internet access through software or hardware, and lacks the management of the internet access process of a baseband access domain.
Disclosure of Invention
The technical problem to be solved by the present invention is to provide a method for accessing an internet flow by a baseband access domain, aiming at the above-mentioned defects in the prior art, so as to solve the problem that the prior art is lack of management for accessing the internet flow by the baseband access domain.
The technical scheme adopted by the method for accessing the internet by the baseband access domain is that the method is used for a user to safely access the internet in a WIFI access mode and comprises a common user login process, a fixed IP account login-free and bandwidth control process, a cross-broadband access server switching process, a rate changing process and a shutdown offline process; the ordinary user login process is used for managing a user account of a non-fixed IP address to safely access the Internet, the fixed IP account login-free and bandwidth control process is used for managing a user account of a fixed IP address to safely access the Internet and control bandwidth, the cross-broadband access server switching process is used for managing the double-broadband access server and the double-network safety service system to switch so that a user can safely access the Internet, the rate change process is used for managing a user who accesses the Internet and does not have flow for a long time, and the shutdown offline process is used for managing a user who defaults when accessing the Internet;
the common user login process comprises a terminal, a broadband access server, a network security system, a portal website and the Internet, and comprises the following steps:
s101: a user logs in the broadband access server through the terminal through WIFI;
s102: the broadband access server receives a public account access authentication request of a user;
s103: the broadband access server sends a public account access authentication request to the network security system;
s104: the network security system accesses the authentication request through a public account, and requires that attributes carried by a message sent by the broadband access server include: user IP, Session-ID and AAA do not drop the ticket;
s105: the broadband access server sends a public account billing start request to the network security system, and the carried attributes comprise: user IP, Session-ID and AAA do not drop the ticket;
s106: the broadband access server redirects the browser opened by the user to the portal website, and the user inputs a login user name and a password in the portal website;
s107: after the user clicks login, the portal website sends a user authentication request to the network security system;
s108: the network security system passes user authentication and sends user authentication information to the portal website;
s109: the portal website displays prompt information of successful user authentication to the user through the terminal;
s110: the network security system sends a care-of address COA message to the broadband access server, updates the user IP, the Session-ID and the AAA non-drop call ticket, and enables the user to access the Internet;
s111: the broadband access server sends a public account billing start request to the network security system, wherein the attributes carried by a message of the public account billing start request include: user IP, Session-ID, AAA call ticket;
s112: the network security system generates a starting ticket file;
s113: a user acquires the access right of the internet through the terminal;
s114: the user starts to use the service of the internet through the broadband access server via the terminal;
s115: after 30 seconds of the previous care-of address COA message, the network security system sends a new care-of address COA message to the broadband access server, wherein the new care-of address COA message is completely consistent with the previous care-of address COA message;
s116: the broadband access server sends a charging message of a public account to the network security system, and the carried attributes comprise: user IP, Session-ID;
s117: the network security system generates an intermediate ticket file;
s118: a user clicks a offline button on the portal website through the terminal;
s119: the portal website displays user offline prompt information through the terminal;
s120: the portal website informs the network security system of the Session being offline;
s121: the network security system sends a Device Management (DM) message of the Session to the broadband access server;
s122: the broadband access server sends a charging end message of a public account to the network security system, and the WIFI connection of a user is disconnected;
s123: and the network security system generates a call ticket ending file.
Further, the fixed IP account login-free and bandwidth control process comprises a terminal, a broadband access server, a network security system and the Internet, and comprises the following steps:
s201: a user logs in the broadband access server through the terminal through WIFI;
s202: the broadband access server receives a public account access authentication request of a user;
s203: the broadband access server sends a public account access authentication request to the network security system;
s204: the network security system accesses the authentication request through a public account, and requires that attributes carried by a message sent by the broadband access server include: user IP, Session-ID and AAA do not drop the ticket;
s205: the broadband access server sends a public account billing start request to the network security system, and the carried attributes comprise: user IP, Session-ID and AAA do not drop the ticket;
s206: the network security system sends a care-of address COA message to the broadband access server to update the user IP, Session-ID and AAA non-drop call ticket, so that the user can access the Internet;
s207: the broadband access server sends a public account billing starting request to the network security system, and the carried attributes comprise: user IP, Session-ID, AAA call ticket;
s208: the network security system generates a starting ticket file;
s209: a user acquires the access right of the internet through the terminal;
s210: the user starts to use the service of the internet through the broadband access server via the terminal;
s211: after 30 seconds of the previous care-of address COA message, the network security system sends a new care-of address COA message to the broadband access server, the new care-of address COA message is completely consistent with the previous care-of address COA message, and the new care-of address COA message can carry a speed limit attribute to change the internet access rate of a user;
s212: the broadband access server sends a charging message of a public account to the network security system, and the carried attributes comprise: user IP, Session-ID;
s213: the network security system generates an intermediate ticket file;
s214: the broadband access server sends the charging information of the public account to the network security system, and the carried attributes comprise: user IP, Session-ID;
s215: the user closes WIFI for a long time without flow at the terminal and is kicked off the line by the broadband access server;
s216: the broadband access server judges that the user is disconnected and sends a charging end message of a public account to the network security system;
s217: the network security system sends a Device Management (DM) message of the Session to the broadband access server;
s218: and the network security system generates a call ticket ending file.
Further, the switching process of the cross-broadband access server comprises a terminal, a first broadband access server, a first network security system, a second broadband access server, a second network security system and the internet, and comprises the following steps:
s301: a user acquires the access right of the internet through the terminal;
s302: a user starts to use the service of the internet through the first broadband access server via the terminal;
s303: after 30 seconds from the last time of the care-of address COA message of the available public network, the first network security system sends the care-of address COA message of the available public network to the first broadband access server again;
s304: the first broadband access server sends a charging message of a public account to the first network security system, and the carried attributes comprise: user IP and Session-ID;
s305: the first network security system generates an intermediate ticket file;
s306: a small station supporting the user to log in at the terminal is switched from the first broadband access server to the second broadband access server;
s307: the second broadband access server initiates a public account access authentication request to the second network security system;
s308: the second network security system requests the attributes carried by the message sent by the second broadband access server to include, through a public account authentication request: user IP, Session-ID and AAA do not drop the ticket;
s309: the second broadband access server sends a public account number charging starting request to the second network security system, and the carried attributes comprise: user IP and Session-ID;
s310: the second network security system informs the first network security system that the user is offline from the first broadband access server and that the user has an old session on the first broadband access server;
s311: the first network security system sends a Device Management (DM) message of the old session to the first broadband access server;
s312: the first broadband access server sends a charging end message of a public account to the first network security system, and disconnects the WIFI connection of a user;
s313: the first network security system generates a call ticket ending file;
s314: the second network security system sends a care-of address COA message to the second broadband access server, updates user IP, Session-ID and AAA non-drop call ticket, and enables the user to access the Internet;
s315: the second broadband access server sends a charging message of a public account to the second network security system, and the carried attributes comprise: user IP, Session-ID;
s316: the second network security system generates a start ticket file;
s317: the user starts to access the service of the internet through the second broadband access server via the terminal;
s318: after 30 seconds from the last available care-of-address COA message, the second network security system continuously sends an on-line care-of-address COA message to the second broadband access server, wherein the care-of-address COA message is completely consistent with the previous care-of-address COA message;
s319: the second broadband access server sends a charging message of a public account to the second network security system, and the carried attributes comprise: user IP, Session-ID;
s320: the second network security system generates an intermediate ticket file;
s321: the user turns off WIFI, and when no flow exists for a long time, the second network security system sends a care-of address COA message of an unavailable public network of a public account to the second broadband access server according to a rule that the flow is smaller than a specified threshold value within a certain time period;
s322: the second broadband access server judges that the user is disconnected and sends a charging end message of the public account to the second network security system;
s323: and the second network security system generates a call ticket ending file.
Further, the rate change process comprises a terminal, a broadband access server, a network security system, a charging system and the internet, and comprises the following steps:
s401: the network security system sends a care-of address COA message to the broadband access server, updates user IP, Session-ID and AAA non-dropping call ticket, and enables the user to access the internet;
s402: the broadband access server sends a charging start request of a public account to the network security system, and the carried attributes comprise: user IP, Session-ID, AAA call ticket;
s403: the network security system generates a start ticket file;
s404: a user acquires the access right of the internet through the terminal;
s405: the user starts to use the service of the internet through the broadband access server via the terminal;
s406: after 40 seconds of the previous care-of address COA message, the network security system sends a new care-of address COA message to the broadband access server, wherein the new care-of address COA message is completely consistent with the previous care-of address COA message;
s407: the broadband access server sends a charging message of a public account to the network security system, and the carried attributes comprise: user IP and Session-ID;
s408: the network security system generates an intermediate ticket file;
s409: the rate ordered by the user is changed, and the charging system sends a rate change account opening instruction to the network security system;
s410: the network security system sends a rate-changed non-internet-available care-of address (COA) message to the broadband access server;
s411: the broadband access server sends a public account number charging starting request to the network security system, and the carried attributes comprise: user IP and Session-ID;
s412: and the network security system generates a call ticket ending file.
Further, the shutdown offline process comprises a terminal, a broadband access server, a network security system, a charging system and the internet, and comprises the following steps:
s501: the network security system sends a care-of address COA message to the broadband access server, updates user IP, Session-ID and AAA non-dropping call ticket, and enables the user to access the internet;
s502: the broadband access server sends a charging start request of a public account to the network security system, and the carried attributes comprise: user IP, Session-ID, AAA call ticket;
s503: the network security system generates a starting ticket file;
s504: a user acquires the access right of the internet through the terminal;
s505: the user starts to use the service of the internet through the broadband access server via the terminal;
s506: after 50 seconds of the previous care-of address COA message, the network security system sends a new care-of address COA message to the broadband access server, wherein the new care-of address COA message is completely consistent with the previous care-of address COA message;
s507: the broadband access server sends a charging message of a public account to the network security system, and the carried attributes comprise: user IP and Session-ID;
s508: the network security system generates an intermediate ticket file;
s509: the user is in arrearage, and the charging system sends an account opening and shutdown command to the network security system;
s510: the network security system sends a rate-changed non-internet-available care-of address (COA) message to the broadband access server;
s511: the broadband access server sends a charging message of a public account to the network security system, and the carried attributes comprise: user IP, Session-ID, AAA call ticket;
s512: and the network security system generates a call ticket ending file.
Furthermore, after the care-of address COA message is authenticated by the user, the administrator modifies the authority of the online user through the RADIUS protocol; the care-of address COA message is used to dynamically change the subscriber attributes of a remote dialing subscriber without the subscriber going offline.
Further, the device management DM message is a user offline message, which is a message actively initiated by the RADIUS server to force the user to go offline.
Furthermore, the charging system is used for calculating the account amount of the prepaid user in real time according to the charging standard established by China Mobile and implementing instant halt for the defaulting user.
The present invention also includes a terminal comprising a memory, a processor and a computer program stored in the memory and executable on the processor, wherein the processor implements the steps of the method for accessing the internet procedure by the baseband access domain as described above when executing the computer program.
The present invention also includes a computer readable storage medium storing a computer program, which when executed by a processor implements the steps of a method for a baseband access domain to access the internet process as described above.
Compared with the prior art, the invention has the beneficial effects that: the invention provides a method for accessing internet flow by a baseband access domain, which solves the problem that the prior art is lack of management on the internet flow accessed by the baseband access domain.
Drawings
In order to more clearly illustrate the technical solutions in the embodiments of the present invention, the drawings needed to be used in the embodiments will be briefly described below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and it is obvious for those skilled in the art that other drawings can be obtained according to these drawings without creative efforts.
Fig. 1 is a schematic diagram of a common user login process of a baseband access domain internet access process method according to an embodiment of the present invention.
Fig. 2 is a schematic view of a fixed IP account login-free and bandwidth control process of a baseband access domain internet access process method according to an embodiment of the present invention.
Fig. 3 is a schematic diagram of a handover procedure of a cross-broadband access server of a method for accessing the internet through a baseband access domain according to an embodiment of the present invention.
Fig. 4 is a schematic diagram of a rate change process of a baseband access domain access internet process method according to an embodiment of the present invention.
Fig. 5 is a schematic shutdown and offline flow diagram of a method for a baseband access domain to access the internet according to an embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, the present invention is described in further detail below with reference to the accompanying drawings and embodiments. It should be understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention.
The same or similar reference numerals in the drawings of the present embodiment correspond to the same or similar components; in the description of the present invention, it should be noted that when an element is referred to as being "fixed" to another element, it can be directly on the other element or intervening elements may also be present. When an element is referred to as being "connected" to another element, it can be directly connected to the other element or intervening elements may be present, it is to be understood that the terms "upper", "lower", "left", "right", and the like, if any, refer to an orientation or positional relationship based on that shown in the drawings, that is for convenience in describing and simplifying the description, and that no indication or suggestion that the referenced device or element must have a particular orientation, be constructed and operated in a particular orientation, is therefore depicted in the drawings by the use of positional relationship descriptive terms only for purposes of illustration and not for purposes of limitation, the particular meaning of such terms being interpreted as broadly as will be understood by those skilled in the art based on the particular circumstances.
The technical solution of the present invention is described in detail below with reference to the accompanying drawings and specific embodiments.
The invention provides a method for accessing internet flow by a baseband access domain, which is better implemented as shown in fig. 1 to 5, and is used for a user to safely access the internet through a WIFI access mode, and comprises a common user login flow, a fixed IP account login-free and bandwidth control flow, a cross-broadband access server switching flow, a rate change flow and a shutdown offline flow; the method comprises a common user login process, a fixed IP account login-free and bandwidth control process, a cross-broadband access server switching process, a speed change process and a shutdown offline process, wherein the common user login process is used for managing a user account of a non-fixed IP address to safely access the Internet, the fixed IP account login-free and bandwidth control process is used for managing a user account of a fixed IP address to safely access the Internet and control bandwidth, the cross-broadband access server switching process is used for managing a double-broadband access server and a double-network safety service system to switch so that a user can safely access the Internet, the speed change process is used for managing a user who accesses the Internet without flow for a long time, and the shutdown offline process is used for managing a user who owes when accessing the Internet.
Compared with the prior art, the method for accessing the internet flow by the baseband access domain solves the problem that the prior art is lack of management on the internet flow accessed by the baseband access domain.
The first embodiment is as follows:
referring to fig. 1, a general user login process includes a terminal, a broadband access server, a network security system, a web portal, and the internet, and includes the following steps:
s101: a user logs in a broadband access server through a terminal through WIFI;
s102: the broadband access server receives a public account access authentication request of a user;
s103: the broadband access server sends a public account access authentication request to a network security system;
s104: the network security system accesses the authentication request through the public account, and requires the attributes carried by the message sent by the broadband access server to comprise: user IP, Session-ID and AAA do not drop the ticket;
s105: the broadband access server sends a public account billing starting request to the network security system, and the carried attributes comprise: user IP, Session-ID and AAA do not drop the ticket;
s106: the broadband access server redirects the browser opened by the user to a portal website, and the user inputs a login user name and a password in the portal website;
s107: after the user clicks login, the portal website sends a user authentication request to the network security system;
s108: the network security system passes user authentication and sends user authentication information to a portal website;
s109: the portal website displays prompt information of successful user authentication to the user through the terminal;
s110: the network security system sends a care-of address COA message to the broadband access server, updates the user IP, Session-ID and AAA non-drop call ticket, and enables the user to access the Internet;
s111: the broadband access server sends a public account number charging starting request to a network security system, wherein the attribute carried by a message of the public account number charging starting request comprises: user IP, Session-ID, AAA call ticket;
s112: the network security system generates a starting ticket file;
s113: a user acquires the access right of the Internet through a terminal;
s114: a user starts to use the internet service through a broadband access server via a terminal;
s115: after 30 seconds of the previous care-of address COA message, the network security system sends a new care-of address COA message to the broadband access server, and the new care-of address COA message is completely consistent with the previous care-of address COA message;
s116: the broadband access server sends a charging message of a public account to the network security system, and the carried attributes comprise: user IP, Session-ID;
s117: the network security system generates an intermediate ticket file;
s118: a user clicks an offline button on a portal website through a terminal;
s119: the portal website displays user offline prompt information through the terminal;
s120: the portal website informs the network security system of the Session being offline;
s121: the network security system sends the device management DM message of the Session to the broadband access server;
s122: the broadband access server sends a charging end message of the public account to the network security system, and the WIFI connection of the user is disconnected;
s123: and the network security system generates a call ticket ending file.
Example two:
referring to fig. 2, the fixed IP account login-free and bandwidth control process includes a terminal, a broadband access server, a network security system, and the internet, and includes the following steps:
s201: a user logs in a broadband access server through a terminal through WIFI;
s202: the broadband access server receives a public account access authentication request of a user;
s203: the broadband access server sends a public account access authentication request to a network security system;
s204: the network security system accesses the authentication request through the public account, and requires the attributes carried by the message sent by the broadband access server to comprise: user IP, Session-ID and AAA do not drop the ticket;
s205: the broadband access server sends a public account billing starting request to the network security system, and the carried attributes comprise: user IP, Session-ID and AAA do not drop the ticket;
s206: the network security system sends a care-of address COA message to the broadband access server, updates the user IP, Session-ID and AAA non-drop call ticket, and enables the user to access the Internet;
s207: the broadband access server sends a public account billing start request to the network security system, and the carried attributes comprise: user IP, Session-ID, AAA call ticket;
s208: the network security system generates a starting ticket file;
s209: a user acquires the access right of the internet through a terminal;
s210: a user starts to use the internet service through a broadband access server via a terminal;
s211: after 30 seconds of the previous care-of address COA message, the network security system sends a new care-of address COA message to the broadband access server, the new care-of address COA message is completely consistent with the previous care-of address COA message, and the new care-of address COA message can carry the speed limit attribute to change the internet speed of the user;
s212: the broadband access server sends a charging message of the public account to the network security system, and the carried attributes comprise: user IP, Session-ID;
s213: the network security system generates an intermediate ticket file;
s214: the broadband access server sends the charging information of the public account to the network security system, and the carried attributes comprise: user IP, Session-ID;
s215: the user closes WIFI at the terminal for a long time without flow, and is kicked off the line by the broadband access server;
s216: the broadband access server judges that the user is disconnected and sends a charging end message of the public account to the network security system;
s217: the network security system sends the device management DM message of the Session to the broadband access server;
s218: and the network security system generates a call ticket ending file.
Example three:
referring to fig. 3, the switching process of the cross broadband access server comprises a terminal, a first broadband access server, a first network security system, a second broadband access server, a second network security system and the internet, and comprises the following steps:
s301: a user acquires the access right of the internet through a terminal;
s302: a user starts to use the service of the internet through a first broadband access server via a terminal;
s303: after 30 seconds before the last time of the care-of address COA message of the available public network, the first network security system sends the care-of address COA message of the available public network to the first broadband access server again;
s304: the first broadband access server sends a charging message of a public account to the first network security system, and the carried attributes comprise: user IP and Session-ID;
s305: the first network security system generates an intermediate ticket file;
s306: a small station supporting a user to log in at a terminal is switched from a first broadband access server to a second broadband access server;
s307: the second broadband access server initiates a public account access authentication request to the second network security system;
s308: the second network security system requests the attributes carried by the message sent by the second broadband access server to include, through the public account authentication request: user IP, Session-ID and AAA do not drop the ticket;
s309: the second broadband access server sends a public account number charging starting request to the second network security system, and the carried attributes comprise: user IP and Session-ID;
s310: the second network security system informs the first network security system that the user is offline from the first broadband access server and the old session of the user on the first broadband access server;
s311: the first network security system sends a Device Management (DM) message of the old session to the first broadband access server;
s312: the first broadband access server sends a charging end message of the public account to the first network security system, and disconnects the WIFI connection of the user;
s313: a first network security system generates a call ticket ending file;
s314: the second network security system sends a care-of address COA message to a second broadband access server, updates user IP, Session-ID and AAA non-drop call ticket, and enables the user to access the Internet;
s315: the second broadband access server sends a charging message of the public account to the second network security system, and the carried attributes comprise: user IP, Session-ID;
s316: the second network security system generates a start ticket file;
s317: the user starts to access the service of the internet through the second broadband access server via the terminal;
s318: after 30 seconds from the last available care-of address COA message, the second network security system continues to send an on-line care-of address COA message to the second broadband access server, wherein the care-of address COA message is completely consistent with the previous care-of address COA message;
s319: the second broadband access server sends the charging information of the public account to the second network security system, and the carried attributes comprise: user IP, Session-ID;
s320: the second network security system generates an intermediate ticket file;
s321: the user turns off WIFI, and when no flow exists for a long time, the second network security system sends a care-of address COA message of an unavailable public network of a public account to the second broadband access server according to a rule that the flow is smaller than a specified threshold value within a certain time period;
s322: the second broadband access server judges that the user is disconnected and sends a charging end message of the public account to the second network security system;
s323: and the second network security system generates a call ticket ending file.
Example four:
referring to fig. 4, the rate change process is composed of a terminal, a broadband access server, a network security system, a charging system, and the internet, and includes the following steps:
s401: the network security system sends a care-of address COA message to the broadband access server, updates user IP, Session-ID and AAA non-dropping call ticket, and enables the user to access the Internet;
s402: the broadband access server sends a charging start request of a public account to a network security system, and the carried attributes comprise: user IP, Session-ID, AAA call ticket;
s403: the network security system generates a starting ticket file;
s404: a user acquires the access right of the Internet through a terminal;
s405: a user starts to use the internet service through a broadband access server via a terminal;
s406: after 40 seconds of the previous care-of address COA message, the network security system sends a new care-of address COA message to the broadband access server, and the new care-of address COA message is completely consistent with the previous care-of address COA message;
s407: the broadband access server sends a charging message of a public account to the network security system, and the carried attributes comprise: user IP and Session-ID;
s408: the network security system generates an intermediate ticket file;
s409: the rate ordered by the user is changed, and the charging system sends a rate change account opening instruction to the network security system;
s410: the network security system sends a rate-changed internet access unavailable care-of address (COA) message to the broadband access server;
s411: the broadband access server sends a public account number charging starting request to the network security system, and the carried attributes comprise: user IP and Session-ID;
s412: and the network security system generates a call ticket ending file.
Example five:
referring to fig. 5, the shutdown offline process comprises a terminal, a broadband access server, a network security system, a charging system and the internet, and comprises the following steps:
s501: the network security system sends a care-of address COA message to the broadband access server, updates user IP, Session-ID and AAA non-dropping call ticket, and enables the user to access the Internet;
s502: the broadband access server sends a charging start request of a public account to the network security system, and the carried attributes comprise: user IP, Session-ID, AAA call list;
s503: the network security system generates a starting ticket file;
s504: a user acquires the access right of the internet through a terminal;
s505: a user starts to use the internet service through a broadband access server via a terminal;
s506: after 50 seconds of the previous care-of address COA message, the network security system sends a new care-of address COA message to the broadband access server, and the new care-of address COA message is completely consistent with the previous care-of address COA message;
s507: the broadband access server sends a charging message of a public account to the network security system, and the carried attributes comprise: user IP and Session-ID;
s508: the network security system generates an intermediate ticket file;
s509: the user is owing, and the charging system sends an order of canceling user halt to the network security system;
s510: the network security system sends a rate-changed internet access unavailable care-of address (COA) message to the broadband access server;
s511: the broadband access server sends a charging message of the public account to the network security system, and the carried attributes comprise: user IP, Session-ID, AAA call ticket;
s512: and the network security system generates a call ticket ending file.
As an implementation mode of the invention, after the care-of address COA message is authenticated by a user, an administrator modifies the authority of the online user through an RADIUS protocol; the care-of address COA message is used to dynamically change the subscriber attributes of a remote dialing subscriber without the subscriber going offline.
As an embodiment of the present invention, the device management DM message is a user offline message, which is a message actively initiated by the RADIUS server to force the user to go offline.
As an implementation mode of the invention, the charging system is used for calculating the account amount of the prepaid user in real time according to the charging standard set by China Mobile and implementing instant halt for the defaulting user.
The invention also provides a terminal, which comprises a memory, a processor and a computer program which is stored in the memory and can run on the processor, wherein the processor realizes the steps of the method for accessing the internet flow by the baseband access domain when executing the computer program.
The invention also provides a computer readable storage medium, which stores a computer program, and the computer program realizes the steps of the method for accessing the internet flow by the baseband access domain when being executed by a processor.
Preferably, all computer programs related to the present invention are written and implemented by using existing, public, open-source program codes; the technical solution according to the embodiments of the present invention can be implemented very easily by software programmers in the art.
The above description is intended to be illustrative of the preferred embodiment of the present invention and should not be taken as limiting the invention, but rather, the intention is to cover all modifications, equivalents, and alternatives falling within the spirit and scope of the invention.
Claims (10)
1. A method for accessing Internet flow through a baseband access domain is characterized in that a user can safely access the Internet through a WIFI access mode and comprises a common user login flow, a fixed IP account login-free and bandwidth control flow, a cross-broadband access server switching flow, a rate changing flow and a shutdown offline flow; the ordinary user login process is used for managing a user account of a non-fixed IP address to safely access the Internet, the fixed IP account login-free and bandwidth control process is used for managing a user account of a fixed IP address to safely access the Internet and control bandwidth, the cross-broadband access server switching process is used for managing the double-broadband access server and the double-network safety service system to switch so that a user can safely access the Internet, the rate change process is used for managing a user who accesses the Internet and does not have flow for a long time, and the shutdown offline process is used for managing a user who defaults when accessing the Internet;
the common user login process comprises a terminal, a broadband access server, a network security system, a portal website and the Internet, and comprises the following steps:
s101: a user logs in the broadband access server through the terminal through WIFI;
s102: the broadband access server receives a public account access authentication request of a user;
s103: the broadband access server sends a public account access authentication request to the network security system;
s104: the network security system accesses the authentication request through a public account, and requires that attributes carried by a message sent by the broadband access server include: user IP, Session-ID and AAA do not drop the ticket;
s105: the broadband access server sends a public account billing start request to the network security system, and the carried attributes comprise: user IP, Session-ID and AAA do not drop the ticket;
s106: the broadband access server redirects the browser opened by the user to the portal website, and the user inputs a login user name and a password in the portal website;
s107: after the user clicks login, the portal website sends a user authentication request to the network security system;
s108: the network security system passes user authentication and sends user authentication information to the portal website;
s109: the portal website displays prompt information of successful user authentication to the user through the terminal;
s110: the network security system sends a care-of address COA message to the broadband access server to update the user IP, Session-ID and AAA non-drop call ticket, so that the user can access the Internet;
s111: the broadband access server sends a public account billing start request to the network security system, wherein the attributes carried by a message of the public account billing start request include: user IP, Session-ID, AAA call ticket;
s112: the network security system generates a starting ticket file;
s113: a user acquires the access right of the internet through the terminal;
s114: the user starts to use the service of the internet through the broadband access server via the terminal;
s115: after 30 seconds of the previous care-of address COA message, the network security system sends a new care-of address COA message to the broadband access server, wherein the new care-of address COA message is completely consistent with the previous care-of address COA message;
s116: the broadband access server sends a charging message of a public account to the network security system, and the carried attributes comprise: user IP, Session-ID;
s117: the network security system generates an intermediate ticket file;
s118: a user clicks a offline button on the portal website through the terminal;
s119: the portal website displays user offline prompt information through the terminal;
s120: the portal website informs the network security system of the Session being offline;
s121: the network security system sends a Device Management (DM) message of the Session to the broadband access server;
s122: the broadband access server sends a charging end message of a public account to the network security system, and the WIFI connection of a user is disconnected;
s123: and the network security system generates a call ticket ending file.
2. The method as claimed in claim 1, wherein the fixed IP account login-free and bandwidth control process comprises a terminal, a broadband access server, a network security system, and the internet, and comprises the following steps:
s201: a user logs in the broadband access server through the terminal through WIFI;
s202: the broadband access server receives a public account access authentication request of a user;
s203: the broadband access server sends a public account access authentication request to the network security system;
s204: the network security system accesses the authentication request through a public account, and requires that attributes carried by a message sent by the broadband access server include: user IP, Session-ID and AAA do not drop the ticket;
s205: the broadband access server sends a public account billing start request to the network security system, and the carried attributes comprise: user IP, Session-ID and AAA do not drop the ticket;
s206: the network security system sends a care-of address COA message to the broadband access server, updates the user IP, the Session-ID and the AAA non-drop call ticket, and enables the user to access the Internet;
s207: the broadband access server sends a public account billing starting request to the network security system, and the carried attributes comprise: user IP, Session-ID, AAA call ticket;
s208: the network security system generates a starting ticket file;
s209: a user acquires the access right of the internet through the terminal;
s210: the user starts to use the service of the internet through the broadband access server via the terminal;
s211: after 30 seconds of the previous care-of address COA message, the network security system sends a new care-of address COA message to the broadband access server, the new care-of address COA message is completely consistent with the previous care-of address COA message, and the new care-of address COA message can carry a speed limit attribute to change the internet access rate of a user;
s212: the broadband access server sends a charging message of a public account to the network security system, and the carried attributes comprise: user IP, Session-ID;
s213: the network security system generates an intermediate ticket file;
s214: the broadband access server sends the charging information of the public account to the network security system, and the carried attributes comprise: user IP, Session-ID;
s215: the user closes WIFI for a long time without flow at the terminal and is kicked off the line by the broadband access server;
s216: the broadband access server judges that the user is disconnected and sends a charging end message of a public account to the network security system;
s217: the network security system sends a Device Management (DM) message of the Session to the broadband access server;
s218: and the network security system generates a call ticket ending file.
3. The method for accessing the internet through the baseband access domain as claimed in claim 1, wherein the handover procedure across the broadband access servers is composed of a terminal, a first broadband access server, a first network security system, a second broadband access server, a second network security system, and the internet, and comprises the following steps:
s301: a user acquires the access right of the Internet through the terminal;
s302: a user starts to use the service of the internet through the first broadband access server via the terminal;
s303: after 30 seconds from the last time of the care-of address COA message of the available public network, the first network security system sends the care-of address COA message of the available public network to the first broadband access server again;
s304: the first broadband access server sends a charging message of a public account to the first network security system, wherein the carried attributes comprise: user IP and Session-ID;
s305: the first network security system generates an intermediate ticket file;
s306: a small station supporting the user to log in at the terminal is switched from the first broadband access server to the second broadband access server;
s307: the second broadband access server initiates a public account access authentication request to the second network security system;
s308: the second network security system requests the attributes carried by the message sent by the second broadband access server to include, through a public account authentication request: user IP, Session-ID and AAA do not drop the ticket;
s309: the second broadband access server sends a public account number charging starting request to the second network security system, and the carried attributes comprise: user IP and Session-ID;
s310: the second network security system informs the first network security system that the user is offline from the first broadband access server and that the user has an old session on the first broadband access server;
s311: the first network security system sends a Device Management (DM) message of the old session to the first broadband access server;
s312: the first broadband access server sends a charging end message of a public account to the first network security system, and disconnects the WIFI connection of a user;
s313: the first network security system generates a call ticket ending file;
s314: the second network security system sends a care-of address COA message to the second broadband access server, updates user IP, Session-ID and AAA non-drop call ticket, and enables the user to access the Internet;
s315: the second broadband access server sends a charging message of a public account to the second network security system, and the carried attributes comprise: user IP, Session-ID;
s316: the second network security system generates a start ticket file;
s317: the user starts to access the service of the internet through the second broadband access server via the terminal;
s318: after 30 seconds from the last available care-of address COA message, the second network security system continues to send an on-line care-of address COA message to the second broadband access server, wherein the care-of address COA message is completely consistent with the previous care-of address COA message;
s319: the second broadband access server sends a charging message of a public account to the second network security system, and the carried attributes comprise: user IP, Session-ID;
s320: the second network security system generates an intermediate ticket file;
s321: the user turns off WIFI, and when no flow exists for a long time, the second network security system sends a care-of address COA message of an unavailable public network of a public account to the second broadband access server according to a rule that the flow is smaller than a specified threshold value within a certain time period;
s322: the second broadband access server judges that the user is disconnected and sends a charging end message of the public account to the second network security system;
s323: and the second network security system generates a call ticket ending file.
4. The method as claimed in claim 1, wherein the rate change procedure comprises a terminal, a broadband access server, a network security system, a billing system, and the internet, and comprises the following steps:
s401: the network security system sends a care-of address COA message to the broadband access server, updates user IP, Session-ID and AAA non-dropping call ticket, and enables the user to access the internet;
s402: the broadband access server sends a charging start request of a public account to the network security system, and the carried attributes comprise: user IP, Session-ID, AAA call ticket;
s403: the network security system generates a starting ticket file;
s404: a user acquires the access right of the internet through the terminal;
s405: the user starts to use the service of the internet through the broadband access server via the terminal;
s406: after 40 seconds of interval with the previous care-of address COA message, the network security system sends a new care-of address COA message to the broadband access server, wherein the new care-of address COA message is completely consistent with the previous care-of address COA message;
s407: the broadband access server sends a charging message of a public account to the network security system, and the carried attributes comprise: user IP and Session-ID;
s408: the network security system generates an intermediate ticket file;
s409: the rate ordered by the user is changed, and the charging system sends a rate change account opening instruction to the network security system;
s410: the network security system sends a rate-changed internet-unavailable care-of address (COA) message to the broadband access server;
s411: the broadband access server sends a public account number charging starting request to the network security system, and the carried attributes comprise: user IP and Session-ID;
s412: and the network security system generates a call ticket ending file.
5. The method for accessing the internet through the baseband access domain as claimed in claim 1, wherein the shutdown offline process comprises a terminal, a broadband access server, a network security system, a billing system, and the internet, and comprises the following steps:
s501: the network security system sends a care-of address COA message to the broadband access server, updates user IP, Session-ID and AAA non-dropping call ticket, and enables the user to access the internet;
s502: the broadband access server sends a charging start request of a public account to the network security system, and the carried attributes comprise: user IP, Session-ID, AAA call ticket;
s503: the network security system generates a starting ticket file;
s504: a user acquires the access right of the internet through the terminal;
s505: the user starts to use the service of the internet through the broadband access server via the terminal;
s506: after 50 seconds of the previous care-of address COA message, the network security system sends a new care-of address COA message to the broadband access server, wherein the new care-of address COA message is completely consistent with the previous care-of address COA message;
s507: the broadband access server sends a charging message of a public account to the network security system, and the carried attributes comprise: user IP and Session-ID;
s508: the network security system generates an intermediate ticket file;
s509: the user is in arrearage, and the charging system sends an order of opening account and stopping the machine to the network security system;
s510: the network security system sends a rate-changed non-internet-available care-of address (COA) message to the broadband access server;
s511: the broadband access server sends a charging message of a public account to the network security system, and the carried attributes comprise: user IP, Session-ID, AAA call ticket;
s512: and the network security system generates a call ticket ending file.
6. The method for baseband access domain to access internet flow according to any one of claims 1-5, wherein the care-of address COA message is user authentication, and then the administrator modifies the authority of the on-line user through RADIUS protocol; the care-of address COA message is used to dynamically change the subscriber attributes of a remote dialing subscriber without the subscriber going offline.
7. The method as claimed in any one of claims 1 to 3, wherein the device management DM message is a user offline message, which is a message actively initiated by the RADIUS server to force the user offline.
8. The method as claimed in any one of claims 4 to 5, wherein the charging system is used for calculating the account amount of the prepaid subscriber in real time according to the charging standard established by China Mobile and implementing an instant stop for the subscriber in arrears.
9. A terminal comprising a memory, a processor and a computer program stored in the memory and executable on the processor, wherein the processor when executing the computer program implements the steps of a baseband access domain access to internet procedures method according to any one of claims 1 to 5.
10. A computer-readable storage medium, in which a computer program is stored, which, when being executed by a processor, carries out the steps of a method for a baseband access domain to access the internet procedure as claimed in any one of claims 1 to 5.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202110428906.3A CN113079181B (en) | 2021-04-21 | 2021-04-21 | Method, terminal and storage medium for accessing internet flow by baseband access domain |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202110428906.3A CN113079181B (en) | 2021-04-21 | 2021-04-21 | Method, terminal and storage medium for accessing internet flow by baseband access domain |
Publications (2)
Publication Number | Publication Date |
---|---|
CN113079181A CN113079181A (en) | 2021-07-06 |
CN113079181B true CN113079181B (en) | 2022-06-24 |
Family
ID=76618215
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202110428906.3A Active CN113079181B (en) | 2021-04-21 | 2021-04-21 | Method, terminal and storage medium for accessing internet flow by baseband access domain |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN113079181B (en) |
Citations (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN104683300A (en) * | 2013-11-29 | 2015-06-03 | 中国电信股份有限公司 | Access method and access system for internet services |
Family Cites Families (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101237402B (en) * | 2008-02-02 | 2010-12-08 | 中兴通讯股份有限公司 | AAA service session access control system and method |
CN101848163A (en) * | 2010-06-01 | 2010-09-29 | 中兴通讯股份有限公司 | Method and system for dynamically adjusting bandwidth service and broadband policy system |
CN101888389B (en) * | 2010-07-19 | 2013-04-17 | 中国电信股份有限公司 | Method and system for realizing uniform authentication of ICP union |
CN103841218B (en) * | 2012-11-20 | 2017-02-22 | 中国移动通信集团上海有限公司 | Method for determining duration of public network access by user terminal and net access server |
CN104780121B (en) * | 2015-04-30 | 2018-05-08 | 新华三技术有限公司 | A kind of file transmitting method and device |
US10547614B2 (en) * | 2017-03-30 | 2020-01-28 | Juniper Networks, Inc. | Bulk delivery of change of authorization data via AAA protocols |
CN108282537B (en) * | 2018-01-31 | 2021-02-26 | 新华三技术有限公司 | Portal user offline method and access equipment |
CN110932993A (en) * | 2019-11-21 | 2020-03-27 | 中盈优创资讯科技有限公司 | Bandwidth speed regulation management method and device |
-
2021
- 2021-04-21 CN CN202110428906.3A patent/CN113079181B/en active Active
Patent Citations (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN104683300A (en) * | 2013-11-29 | 2015-06-03 | 中国电信股份有限公司 | Access method and access system for internet services |
Also Published As
Publication number | Publication date |
---|---|
CN113079181A (en) | 2021-07-06 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US20200084627A1 (en) | Internet access authentication method and client, and computer storage medium | |
CN108337677B (en) | Network authentication method and device | |
US9973513B2 (en) | Method and apparatus for communication number update | |
WO2016145742A1 (en) | Virtual sim card switching method and apparatus | |
WO2014139298A1 (en) | Permission management method, device and system for cloud platform service | |
CN110445873A (en) | A kind of cloud platform service cut-in method and Redirect Server | |
CN108712440B (en) | User information management method, device, server and storage medium | |
CN112839331A (en) | User information authentication method for wireless local area network Portal authentication escape | |
CN113271299B (en) | Login method and server | |
CN106878987B (en) | Communication method, system and cloud server | |
CN107682372A (en) | User profile for Portal escapes obtains and authentication method, device and access device | |
CN109302437A (en) | A kind of method and apparatus redirecting website | |
EP3855695A1 (en) | Access authentication | |
CN106254328A (en) | A kind of access control method and device | |
CN110300046A (en) | A kind of business consultation control method, terminal and server | |
CN113079181B (en) | Method, terminal and storage medium for accessing internet flow by baseband access domain | |
CN109743329B (en) | Account processing method and device | |
CN110839050A (en) | Method, system and wireless access point for detecting user offline | |
JP2016126670A (en) | Risk base authentication method and system using portable terminal | |
CN109871220A (en) | Electronic device login state update method and system | |
CN109495602A (en) | A kind of processing method and processing device of network insertion exception | |
CN113746909A (en) | Network connection method, device, electronic equipment and computer readable storage medium | |
KR100542921B1 (en) | Method and system for preventing information utilization fare charge about unfair mobile identity number | |
US8285784B2 (en) | Service creation via presence messaging | |
CN109861892A (en) | A kind of terminal roaming method and device |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |