FR2904503A1 - METHOD OF CUSTOMER ACCESS TO SERVICE THROUGH A NETWORK, BY COMBINED USE OF A DYNAMIC CONFIGURATION PROTOCOL AND POINT-TO-POINT PROTOCOL, CORRESPONDING COMPUTER EQUIPMENT AND PROGRAM - Google Patents

Abstract

A method of client access to a service over a network, by combined use of a dynamic configuration protocol and a point-to-point protocol, equipment and computer program therefor.The invention concerns a method access by a client (1) to a service over a network, said client being able to implement, for the establishment of an access session to said service, a connection protocol of PPP type and According to the invention, such a method comprises the steps of: receiving a request for establishment of a PPP session, sent at the request of said client and intended for an authentication server; in the case of authentication of said client by the authentication server, reception of an authorization issued by said authentication server for said client, and storage of at least one configuration parameter of said point-to-point session; extract from said aut orisation; - reception of a request for establishment of a DHCP session, sent by said client after termination of establishment of said PPP session; - after verifying the authentication of said client, sending said client of said memorized configuration parameter, for establishing a DHCP session.

Description

1 Method of access by a customer to a service through a network, by

  combined use of a dynamic configuration protocol and a point-to-point protocol, equipment and corresponding computer program. FIELD OF THE INVENTION The field of the invention is that of telecommunications, and more particularly fixed access networks. More specifically, the invention relates to a method of accessing a service by a client connected to an IP type network (for "Internet Protocol"). It applies in particular, but not exclusively, to the access of customers with residential gateways to networks of operators and / or Internet access providers, particularly in the context of broadband connections such as ADSL (from the abbreviation "Asymmetric Digital Subscriber Line", or in French "Subscriber Digital Subscriber Line"). 2. PRIOR ART AND ITS DISABILITIES A first known and widely used protocol for access to the Internet by means of a broadband connection is the point-to-point protocol, called a Point-to-Point Protocol (PPP). point "in French). Such a PPP protocol is a connection protocol that provides a method for transporting multi-protocol datagrams over a point-to-point link between two remote elements. It consists of three main components: a method for encapsulating datagrams from several different protocols; a Link Control Protocol (LCP) control phase for setting up, configuring and testing the data link connection, and finally a phase for establishing and configuring several protocols of the Link Link Protocol (LCP). network layer, as defined in the Open Systems Interconnection (OSI) model, called the "Network Control Protocols" (NCPs) In particular, a protocol called IPCP ("Internet Protocol Control Protocol") is used to establish and configure the IP layer and to assign and manage IP addresses. Such a PPP protocol is used on links carrying data packets between two remote elements and allowing bidirectional simultaneous communication. This protocol provides a common solution for easy connection of a wide variety of hosts, bridges and routers. The set of protocols contained in the PPP protocol makes it possible, among other things, access control, of which user authentication is a component, and the assignment of IP addresses to the client terminals, and includes the notion of establishment and termination of sessions 5 between a client and a server. Such a PPP protocol is defined in referenced document RFC 1661 (RFC for Request For Comments) issued by the IETF (group for participation in the standardization of the Internet, abbreviation of the English terms Internet Engineering Task Force) (RFC 1661: "The Point-to-Point Protocol (PPP)" - IETF Network Working Group 10 - Editor: W. Simpson - Date: July 1994). There are two types of PPP protocol namely PPPoA for "PPP over ATM" and PPPoE for "PPP over Ethernet". Referring to FIG. 1, when establishing a PPP-compliant session, called a PPP session, a point-to-point link is established between a PPP client 1 and a PPP server called BAS 2 located in the network (BAS meaning Broadband Remote Access Server, or in French, "remote broadband access server"). Such a client 1 may consist for example of a residential gateway, or a user modem.

The BAS server 2, also more generally called RAS server (RAS meaning Remote Access Server or in French, "server of remote access") fulfills a function of identification of the client PPP 1 by means of authentication mechanisms . The BAS server 2 also performs a function of allocation of IP addresses and DNS (Domain Name Server) settings, as well as a function of establishing and terminating sessions. PPP. The server BAS 2 can also cooperate with an authentication server 3 in charge of the authentication of the client 1. Thus, the server BAS 2 can include a RADIUS client which establishes a dialogue with a RADIUS server 3 (Remote Authentication Dial-ln User Service or in French "remote authentication service of an incoming user") which provides configuration parameters of each PPP client 1 based on the authentication or identification parameters associated with them. Thus, during the establishment of a PPP session, the BAS server 2 interrogates the RADIUS server 3 in order to authenticate the PPP client 1 and, if necessary, to open a PPP session 2904503 3. This authentication phase implements, between client 1 and BAS 2, a PAP (Password Authentication Protocol) or Challenge Handshake Authentication Protocol (CHAP) protocol. 'Challenge Response Authentication').

It will be noted that RADIUS, described in the RFC 2865 issued by the IETF, is one example of authentication protocols that can be implemented in the authentication server 3. The data exchanged between the client 1 and the BAS 2 transit through a node 4, called DSLAM (Digital Subscriber Line Access Multiplexor, or in French "Digital Subscriber Line Multiplexer" or more simply "DSL Access Multiplexer"), constituting a node access to the R network to which the BAS 2 is connected. Closing a PPP session results in the break of the link established between the PPP client 1 and the BAS server 2. Point-to-point protocols such as PPP thus have the advantage of enabling client authentication, which allows for example an Internet service provider to customize the type of access provided depending on the identity of the client considered (for example by providing a specified flow that or nomadic services). The lack of flexibility of the PPP protocol, especially for applications broadcast in multicast and / or requiring distinct service qualities, however, is one of its main drawbacks. In addition, the use of centralized RAS servers does not allow multicast broadcasting of new content or new services because the bandwidth available on the IP collection network is not sufficient. Indeed, by construction, the PPP protocol operates point-to-point between the client and the PPP termination equipment constituted by the BAS server. In this segment, data streams can only be broadcast in unicast mode. Finally, point-to-point protocols such as PPP require management of open connection contexts in clients. It is therefore necessary to have equipment (namely the BAS) in the network which retains all the information (session identification, connection time, etc.) relating to the sessions opened by the clients. These functions are particularly heavy to manage and penalize very significantly the performance of BAS servers, especially as the duration of customer sessions tends to increase more and more. It is therefore necessary to increase the number of BAS servers in the network, to cope with the increasing demand from customers, which is problematic, the BAS servers being expensive equipment.

An alternative to point-to-point protocols such as PPP is the use of dynamic provisioning protocols for configuration parameters, such as DHCP (abbreviation for Dynamic Host Configuration Protocol), or in French, "Dynamic Configuration Protocol" of a host "). Such a DHCP protocol is widely used and deployed in local and private networks. It is used by some telecommunications operators for the deployment of services such as ADSL television or video telephony. DHCP is a client-server protocol that allows equipment that connects over a network to obtain configuration parameters such as an IP address allocated for a given lease time. Such a DHCP protocol is defined in the referenced document RFC 2131 issued by the IETF (RFC 2131: "Dynamic Host Configuration Protocol" - IETF Network Working Group - Editor: R. Droms). With reference to FIG. 2, when a device connects to a network, a link is established between a DHCP client 1, embedded in the equipment, and a DHCP server 6 present in the network.

When implementing the DHCP protocol, the configuration parameters of a DHCP client 1, such as its IP address, are assigned for a specified duration called "lease", after which they are released and become accessible to other users, which optimizes network resources. However, a DHCP client 1 that sees its lease expire can request renewal 25 from the DHCP server 6. If the DHCP server 6 does not receive a lease renewal request from the DHCP client 1 before the expiration of the lease, or if the lease is not extendable, it makes available, at lease expiration, the IP address that it had assigned to this DHCP client 1. In order to initialize a DHCP lease between a DHCP client 1 and a DHCP server 6, the latter must proceed to the assignment of configuration parameters to the DHCP client 1. After assignment, the DHCP server 6 stores the configuration parameters of each DHCP client 1, for the duration of the lease, or even beyond .

As in the case of FIG. 1, the data exchanged between the DHCP client 1 and the DHCP server 6 transit through a node 4, called DSLAM, constituting an access node to the network R to which the server is connected. DHCP 6. Dynamic configuration protocols such as DHCP therefore have the advantage of being lighter to implement, in that they do not require the introduction into the network of equipment (BAS type) intended to manage contexts of open connections and to memorize associated information. In return, this type of protocol has the disadvantage of not managing the aspects of authentication, counting and authorization of client connections, 10 which can be disadvantageous. To overcome this drawback, the IETF published in the document referenced RFC3118 an extension of the DHCP protocol allowing this protocol to offer authentication services through a DHCP option 90 (RFC 3118: "Authentication for DHCP messages" - IETF Network Working Group - Editors: R. Droms, W. Arbaugh).

This protocol extension is based on the use of symmetric cryptographic keys "already shared" and known by the DHCP client and the DHCP server. However, the distribution mechanism of these keys is very complicated since it requires the provision of a key per client. In the case of an operator network with several million customers, the management of these keys is very complicated. Thus, if this DHCP option 90 is interesting in the context of a simple private LAN network, in which a relatively limited number of customers is managed, it is not at all suitable for an operator network gathering a number high number of customers. Some equipment manufacturers, aware of the drawbacks of the DHCP protocol linked to the lack of authentication, offer equipment enabling customers to connect to the network using DHCP, while benefiting from RADIUS authentication. To do this, an access server creates a RADIUS request as soon as it detects that a user has connected to DHCP. This RADIUS request, which contains a set of configurable attributes, is transmitted to a RADIUS authentication server 30 for client authentication. A disadvantage of this technique lies in its lack of security, because the user name and password pass in clear on the network between the client and the network for such authentication is made possible.

In addition, this technique requires significant licensing costs on BAS equipment (solicited to generate RADIUS requests) and often crippling in the context of a generalization of this type of solutions to an operator network with a large number of operators. number of clients.

There is therefore a need for a technique which makes it possible to overcome these disadvantages of the prior art. In particular, there is a need for a technique that combines the performance of a dynamic configuration protocol such as DHCP and the authentication functions of a point-to-point protocol such as PPP, while having a high level of security. Such a technique must be adapted for deployment on a network to which a large number of users are connected. 3. DISCLOSURE OF THE INVENTION The invention responds to this need by proposing a method of access by a customer to a service through a network, said client being able to implement, for the establishment of a an access session to said service, a point-to-point connection protocol (PPP) and a dynamic provisioning protocol of at least one configuration parameter, called dynamic configuration protocol (DHCP). According to the invention, such a method comprises the steps of: receiving a first request for setting up an access session conforming to said point-to-point protocol (PPP), called a point-to-point session, transmitted to the client's request for an authentication server (RADIUS); in case of authentication of said client by said authentication server, reception of an authorization issued by said authentication server to said client, and storage of at least one configuration parameter (@ IP) of said session point point extracted from the said authorization; receiving a second request for establishment of an access session compliant with said dynamic configuration protocol (DHCP), issued by said client after termination of establishment of said point-to-point session; after verifying the authentication of said client, sending said client at least one stored configuration parameter, for establishment of an access session conforming to said dynamic configuration protocol (DHCP). Thus, the invention is based on a completely new and inventive approach to the connection of a client to a network, including an IP type network. Indeed, then, in the prior art, it was still necessary to make a choice between one of the two access methods, namely access to the network through PPP type of connectivity or access to the network. Through DHCP-type connectivity, the invention proposes to cleverly combine these two methods, so as to enable the customer to benefit from the advantages of each. To do this, the invention proposes to allow the client to attempt to establish an access session in point-to-point mode, and thus to be authenticated by an authentication server, which delivers a set of configuration parameters of the point-to-point session in case of successful authentication. The customer thus benefits from all the advantages of PPP type connectivity related to the initial authentication of the client. After termination of the establishment of the point-to-point session, the invention offers the client the possibility of attempting to establish a connection according to a dynamic configuration protocol (for example of the DHCP type), by advantageously reusing the configuration parameters previously obtained from the authentication server 15 as part of the establishment of the point-to-point session. This reuse is of course conditioned by the verification of the authentication of the client, that is to say that it is verified that the client which connects in DHCP mode is the same as the one which was previously authenticated during the attempt to establish a PPP session. The establishment of the point-to-point session having previously failed, the context opened for this client in a BAS type equipment has therefore been closed, thus releasing the resources of the BAS access server, which is therefore not unnecessarily overburdened. . The invention thus also makes it possible to benefit from the advantages of a DHCP type of connectivity, which does not require management of the contexts of the open connections. In addition, the method of the invention has a high security, insofar as the username (or login) and password of the client do not transit in clear between the client and the network (indeed, in the In the particular case of the PPP protocol, the access server can impose on the clients the use of the authentication protocol CHAP, as will be seen in more detail later). Such a method according to the invention is preferably implemented in an intermediate equipment of the network, located between a BAS access server and an authentication server, as will be seen in more detail later in this document. 2904503 8 document. It will be noted that the PPP and DHCP protocols are cited as a simple illustrative and nonlimiting example. The invention could also apply to any other type of protocol having characteristics similar to or similar to those of PPP and DHCP. The invention applies in particular to any point-to-point protocol having client authentication characteristics and to any dynamic configuration protocol that does not require management of the contexts of the connections opened by the clients. Advantageously, the verification of the authentication of said client implements a comparison of a first identifier of said client, extracted from said first request and stored in relation to said at least one configuration parameter, and a second identifier of said client. , extract from said second request. Thus, when the intermediate equipment in which the method of the invention is implemented receives the first access request intended for the authentication server (for example an Access Request for a RADIUS server), it retrieves it an identifier of the client it contains. Similarly, when it receives the authorization issued by the authentication server in the event of successful authentication of the client, it extracts the session configuration parameter (s) allocated by the authentication server to the client. The identifier and the configuration parameters are stored in an open context for this client by the intermediate equipment of the invention. On reception of the second access request, for example of the DHCP type, the intermediate equipment again extracts the client identifier that it contains (which is contained, for example, in option 82 of the DHCP protocol contained in FIG. request). It then compares it with the identifier previously stored in the open context for this client. In the event of compliance, the intermediate equipment is then assured that the second request has been issued by the client previously authenticated by the authentication server, and can therefore transmit the configuration parameter (s) stored in the open context. , and accept the second request. According to an advantageous characteristic of the invention, said first and second identifiers belong to the group comprising: a customer line identifier (CLID for Calling Line Identifier); 2904503 9 a username. Indeed, the CLID can easily be used in the context of the invention because it is inserted in the access requests transmitted by a BAS access server to an authentication server when establishing a PPP session. Also, it is also inserted in DHCP option 82 in DHCP requests forwarded from a DHCP client to a DHCP server. Advantageously, the method of the invention comprises a step of opening a context associated with said client comprising at least said first identifier and said at least one configuration parameter, and an arming step 10 of an associated timer audit context, at the expiration of which said context ceases to be active. The intermediate equipment in which the method of the invention is implemented therefore opens a context containing the first identifier (for example the CLID), the configuration parameter or parameters (for example an IP address), and possibly the name. user name (or login) and password. It then prepares to receive a second request of type DHCP. This context remains active for a predetermined duration, so it is necessary that the second request reaches the intermediate equipment before the end of this predetermined period. Such a delay makes it possible to avoid unnecessary overloading of the intermediate equipment, by avoiding that unused contexts remain open for too long. Advantageously, the method of the invention also comprises a step of filtering said authorization and a step of sending to said client a refusal to establish said point-to-point session, to trigger the transmission by said client of said second request.

Thus, when it receives authorization from the authentication server (for example of the Access Accept type), the intermediate equipment in which the method of the invention is implemented blocks this authorization, and replaces it with a message. refusal (for example Access Reject type) that it sends to the BAS type access server. The latter informs the client of the failure of the establishment of the PPP session, so that the client, lured by the intermediate equipment, then takes the initiative to initiate a DHCP connection attempt. In addition, the BAS server removes the PPP context associated with the client, which allows it to be unloaded. It will be noted that, as variants, the termination of the establishment of the point-to-point session could also be initiated voluntarily by the client, or detected by the client after a certain number of PPP connection attempts remained unanswered, or after expiration of a predetermined time delay. Preferably, said at least one configuration parameter is an IP address allocated to said client for said access session. It is then this IP address, provided by the RADIUS server during the establishment of the PPP session, which is allocated to the client for the duration of the DHCP lease initiated thereafter. These configuration parameters may also include a DNS server address, or any other parameter provided in the DHCP exchanges, such as the data relating to the lease 10 for example. The invention also relates to an equipment of a network for access to a service by a client able to implement, for the establishment of an access session to said service, a point-to-point connection protocol ( PPP) and a dynamic provisioning protocol of at least one configuration parameter, called dynamic configuration protocol (DHCP). According to the invention, such an equipment comprises: means for receiving a first request for establishing an access session conforming to said point-to-point protocol, called a point-to-point session, sent at the request of said client and intended for an authentication server (RADIUS); means for receiving an authorization issued by said authentication server to said client, in case of authentication of said client by said authentication server; means for storing at least one configuration parameter (@ IP) of said point-to-point session extracted from said authorization; means for receiving a second request for establishing an access session conforming to said dynamic configuration protocol, sent by said client after termination of establishment of said point-to-point session; means for verifying the authentication of said client; Means for sending to said client said at least one stored configuration parameter, for establishing an access session conforming to said dynamic configuration protocol (DHCP). In the particular case of application of the invention to the PPP and DHCP protocols, such a device therefore plays the dual role of RADIUS proxy and DHCP server. It is therefore called in the rest of this document PRSD (for Proxy RADIUS DHCP Server). It is located between a point-to-point (BAS) access server and the authentication server (RADIUS).

According to an advantageous characteristic, said means for verifying the authentication of said client comprise means for comparing a first identifier of said client, extracted from said first request and stored in relation to said at least one configuration parameter, and a second identifier of said client, extracted from said second request.

The invention also relates to a residential gateway enabling a client to access a service of a network, said residential gateway comprising means for implementing a point-to-point connection protocol and a protocol. dynamically providing at least one configuration parameter, called dynamic configuration protocol, for establishing an access session to said service. According to the invention, such a residential gateway also comprises: means for transmitting a first request for establishing an access session conforming to said point-to-point protocol, called a point-to-point session; Means, activated after termination of establishment of said point-to-point session, of transmission of a second request for establishment of an access session conforming to said dynamic configuration protocol; means for receiving at least one configuration parameter provided by an authentication server during the establishment of said point-to-point session, for establishing an access session conforming to said dynamic configuration protocol. The residential gateway is therefore configured to first attempt to connect in PPP mode and, in case of failure of this attempt (on receipt of a failure message, or after several unsuccessful attempts for example), for 30 attempt to connect in DHCP mode. Such a residential gateway is therefore new and inventive compared to the gateways of the prior art which still only used one or the other of the two PPP and DHCP access methods. With this new gateway, the customer can therefore benefit from the combined advantages of 2904503 12 each of these two protocols. Note that such a residential gateway may consist of a simple client modem. The invention finally relates to a computer program comprising program code instructions for performing the steps of the method described above when said program is executed on a computer, as well as a computer-readable recording medium on a computer. which is registered such a program. 4. List of Figures 10 Other advantages and features of the invention will appear more clearly on reading the following description of a particular embodiment of the invention, given as a simple illustrative and non-limiting example, and annexed drawings, among which: FIG. 1, already discussed in connection with the prior art, presents the various equipment involved in establishing a PPP type access session; FIG. 2, already commented on in relation to the prior art, illustrates the different equipment involved in setting up a DHCP access session; FIG. 3 illustrates the different data flows exchanged between the devices involved in the implementation of the method of the invention; FIG. 4 illustrates more precisely the message exchanges constituting the flows of FIG. 3; FIG. 5 shows schematically an intermediate equipment of the PRSD type according to the invention. 5. DESCRIPTION OF A PARTICULAR EMBODIMENT OF THE INVENTION The general principle of the invention is based on the sequential use, by a client wishing to set up a service access session, of two protocols, namely a protocol of point-to-point (PPP) type then a dynamic configuration protocol (DHCP), and the reuse of configuration parameters (@ IP), obtained during the establishment of the point-to-point session, for the establishment of the connection according to the dynamic configuration protocol. Although the invention is not limited to the only two PPP and DHCP protocols, hereinafter, only a description of a particular embodiment of the invention in the context of these two is given hereinafter. protocols, for the sake of simplification. We also consider the special case where the authentication of a client is performed using the RADIUS protocol.

With reference to FIG. 3, the invention is therefore based on the introduction of new equipment 7 into the network, which is called PRSD, and which fulfills a dual function of RADIUS Proxy and DHCP server. Such equipment 7 is located between the broadband access server BAS 2 (which also acts as a DHCP relay) and the RADIUS server 3, which intervene in the establishment of the PPP session.

Unlike some so-called "proprietary" solutions proposed by equipment manufacturers, the technique of the invention can therefore be integrated into any existing network, without it being necessary to modify the equipment already in place, and especially the BAS 2 access servers or RADIUS authentication servers 3. Indeed, the technique of the invention relies solely on the addition of a platform PRSD 7, which is independent of the industrial equipment of the network, and the adaptation of the customer connection kit 1, which is configured to first connect in PPP, then, in case of failure, in DHCP. The method of the invention can be summarized by the flow diagram of FIG. 3. Client 1 (modem or residential gateway) initiates a PPP dialogue with the BAS 2 access server, using the PPP and PAP protocols. / CHAP. It should be noted that the BAS 2 preferably uses the CHAP protocol, for security reasons, in order to avoid the transmission of sensitive information in the clear on the network. The BAS 2 then initiates a RADIUS dialog 31, and sends an authentication request to the RADIUS server 3.

This authentication request 31 is intercepted by the PRSD, which extracts the identifier from the CLID client line to save it in a context that it opens 32 for this client. This context is intended to contain at least the following elements: login, password, CLID and @IP. The PRSD 7 is then preparing to process a DHCP request from the same client. The context remains active for a predetermined duration, for example of the order of 60 seconds. The PRSD 7 sends the authentication request 33, in the form of a RADIUS request, to the RADIUS server 3. After authentication of the client 1, the RADIUS server 3 sends a request 34 RADIUS authorization to the PRSD 7. A receiving the authorization, the PRSD 7 stores the IP address proposed by the RADIUS server 3 in the context previously opened for the client 1. It then blocks the access accept and replaces it with a request RADIUS of Rejection (Access Reject) that it then emits towards the BAS 2, to mean to him a failure of the PPP connection attempt.

The BAS 2, which acts as a PPP server, transmits this failure notification to the client 1 in the form of a PPP message 37 of the "PAP / CHAP failure" type. It then removes the PPP context that it had previously opened for that client, thereby offloading this task. During a step referenced 38, the client 1 is informed of the soidisant failure 10 of the PPP connection, and decides to initiate a DHCP connection attempt. It then sends a DHCP request 39 to BAS 2, which now acts as a DHCP relay. This DHCP phase must begin no later than 60 seconds after the failure of its first PPP connection, so that the context of client 1 is still open in PRSD 7.

The BAS 2 merely forward this DHCP request 310 to the PRSD 7, which verifies 311 the line identity of the client 1, comparing the saved CLID 32 in the previously opened context and the elements identifying the customer's line 1 in option 82 of the DHCP request received. If the comparison is successful, the PRSD 7 allocates the saved IP address 35 in the context previously opened. It sends a message 313 of acknowledgment DHCP, which is relayed 314 by the BAS 2 to the client 1. A DHCP connection can therefore be established for the client 1, on the basis of the IP address allocated by the server 34 RADIUS 3. Figure 4 illustrates in more detail the different messages that can be exchanged between the client 1, the BAS 2, the PRSD 7 and the RADIUS server 3 in the context of the method of the invention. These different messages are conventional PPP, DHCP or RADIUS protocols and will not be described here in more detail. According to an implementation, illustrated in FIG. 5, the steps of the method of the invention are determined by the instructions of a computer program 74 incorporated in the PRSD 7. The program 74 includes program instructions which, when the program is executed by the processor 73 of the PRSD 7 whose operation is then controlled by the execution of the program 74, perform the steps of the method according to the invention.

Consequently, the invention also applies to a computer program 74, in particular a computer program recorded on or in a computer-readable information medium and any data processing device, adapted to put into effect. implement the invention. This program can use any programming language, and be in the form of source code, object code, or intermediate code between source code and object code such as in a partially compiled form, or in any other desirable form for implementing the method according to the invention. The information carrier may be any entity or device capable of storing the program. For example, the medium may comprise storage means or recording medium 75 on which the computer program 74 according to the invention, such as a ROM, for example a CD ROM or a microelectronic circuit ROM, is recorded. or a USB key, or a magnetic recording means, for example a floppy disk or a hard disk. On the other hand, the information medium may be a transmissible medium such as an electrical or optical signal, which may be conveyed via an electrical or optical cable, by radio or by other means. The program according to the invention can in particular be downloaded to an Internet type network.

Alternatively, the information carrier may be an integrated circuit in which the program is incorporated, the circuit being adapted to execute or to be used in carrying out the method according to the invention. At initialization, the code instructions of the computer program 74 are for example loaded into a RAM 75 before being executed by the processor of the processing unit 73. The latter controls the modules 71 of proxy radius and 72 DHCP server. As previously indicated, the radius proxy module 71 receives and transmits data to the BAS server 2, and also exchanges data with an authentication server 3. The DHCP server module 72 exchanges data with the client 1 via the DHCP relay constituted by the BAS 2. The memory 75 is also used for the backup of the context associated with the client 1.

Claims (11)

  1. Method of access by a client (1) to a service over a network, said client being able to implement, for the establishment of an access session to said service, a connection protocol of a point-to-point type and a protocol for dynamically providing at least one configuration parameter, called a dynamic configuration protocol, characterized in that it comprises the steps of: receiving a first request (31) for setting up an access session conforming to said point-to-point protocol, called a point-to-point session, sent at the request of said client (1) and intended for an authentication server (3); in case of authentication of said client (1) by said authentication server (3), reception of an authorization (34) issued by said authentication server for said client, and storage (35) of at least one configuration parameter (@ IP) of said point-to-point session extracted from said authorization; receiving a second request (310) for establishing an access session conforming to said dynamic configuration protocol, sent by said client after the establishment of said point-to-point session has been terminated; after verifying (311) the authentication of said client, sending (313, 314) to said client of said at least one stored configuration parameter, for establishing an access session conforming to said dynamic configuration protocol (DHCP).   2. Access method according to claim 1, characterized in that the verification of the authentication of said client implements a comparison of a first identifier of said client, extracted from said first request and stored in relation to said at least one configuration parameter, and a second identifier of said client, extracted from said second request.   3. Access method according to claim 2, characterized in that said first and second identifiers belong to the group comprising: a customer line identifier (CLID); - a user name.   4. Method according to any one of claims 2 and 3, characterized in that it comprises a step of opening a context associated with said client comprising at least said first identifier and said at least one configuration parameter, and a 2904503 17 step of arming a timer associated with said context, at the expiration of which said context ceases to be active.   5. Access method according to any one of claims 1 to 3, characterized in that it also comprises a step of filtering said authorization and a step of sending (36) to said client a refusal of establishment of said point-to-point session, for triggering the transmission by said client of said second request.   6. Access method according to any one of claims 1 to 4, characterized in that said at least one configuration parameter is an IP address allocated to said client for said access session. 10   7. Equipment (7) of a network for access to a service by a client (1) able to implement, for the establishment of an access session to said service, a connection protocol of type point to point (PPP) and a dynamic provisioning protocol of at least one configuration parameter, called dynamic configuration protocol (DHCP), characterized in that it comprises: means for receiving a first establishment request an access session in accordance with said point-to-point protocol, said point-to-point session, sent at the request of said client and intended for an authentication server (RADIUS); means for receiving an authorization issued by said authentication server 20 for said client, in case of authentication of said client by said authentication server; means for storing at least one configuration parameter (@ IP) of said point-to-point session extracted from said authorization; means for receiving a second request for establishing an access session conforming to said dynamic configuration protocol, issued by said client after termination of establishment of said point-to-point session; means for verifying the authentication of said client; means for sending to said client at least one stored configuration parameter, for establishing an access session conforming to said dynamic configuration protocol (DHCP).   8. Equipment according to claim 7, characterized in that said means for verifying the authentication of said client comprise means for comparing a first identifier of said client, extracted from said first request and stored in relation to said at least one configuration parameter, and a second identifier of said client, extracted from said second request.   9. Residential gateway (1) enabling a client to access a service of a network, said residential gateway comprising means for implementing a point-to-point connection protocol and a protocol for dynamic provision of at least one configuration parameter, called dynamic configuration protocol, for establishing an access session to said service, characterized in that it also comprises: means for transmitting a first request establishing an access session according to said point-to-point protocol, said point-to-point session; means, activated after termination of establishment of said point-to-point session, of sending a second request for establishing an access session conforming to said dynamic configuration protocol; Means for receiving at least one configuration parameter provided by an authentication server during the establishment of said point-to-point session, for establishing an access session conforming to said dynamic configuration protocol.   A computer program (74) comprising program code instructions for performing the steps of the method according to any one of claims 1 to 6 when said program is run on a computer.   A computer-readable recording medium on which is recorded a computer program comprising instructions for executing the steps of the access method according to any one of claims 1 to 6.