WO2006063511A1 - Procede permettant de realiser une authentification synchrone parmi differents dispositifs de commande d'authentification - Google Patents
Procede permettant de realiser une authentification synchrone parmi differents dispositifs de commande d'authentification Download PDFInfo
- Publication number
- WO2006063511A1 WO2006063511A1 PCT/CN2005/002165 CN2005002165W WO2006063511A1 WO 2006063511 A1 WO2006063511 A1 WO 2006063511A1 CN 2005002165 W CN2005002165 W CN 2005002165W WO 2006063511 A1 WO2006063511 A1 WO 2006063511A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- authentication
- user
- control device
- server
- primary
- Prior art date
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0815—Network architectures or network communication protocols for network security for authentication of entities providing single-sign-on or federations
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/321—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3271—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using challenge-response
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/76—Proxy, i.e. using intermediary entity to perform cryptographic operations
Definitions
- the present invention relates to the field of network authentication technologies, and in particular, to a method for implementing synchronous authentication between different authentication control devices.
- ISPs network access service providers
- ICP Internet Content Provider
- each service provider can They are independent and can cooperate with each other to provide various services for access users, and perform independent authentication or accounting processing.
- the typical cooperation mode is to realize operational cooperation through exchange of user authentication and billing information between AAA (authentication, authorization, and billing) systems.
- the networking structure of the AAA system is as shown in FIG. 1.
- the authentication control device is responsible for carrying the identity information of the access user, and initiating the access user for the access user to the AAA server. Access authentication processing.
- PPPoE Ethernet Bearer Point-to-Point Protocol
- WEB World Wide Web
- 802.1X authentication 802.1X
- the networking structure of a cooperation mode adopted by different service providers is as shown in FIG. 2, and PPPoE access authentication is taken as an example.
- the authentication processing process of a specific access user in the networking shown in FIG. 2 is as follows. As shown in Figure 3, the following process is included:
- Step 31 The user terminal sends a PADI packet to the authentication control device (that is, the PPPOE server), that is, the PPPoE activates the initial packet and starts the PPPoE access.
- the authentication control device that is, the PPPOE server
- Step 32 The authentication control device (PPPOE server) sends a PAD packet to the user terminal, that is, the PPPoE activation discovery provides the packet;
- Step 33 The user terminal initiates a PADR request (PPPoE activation discovery request message) to the authentication control device (PPPOE server) according to the response;
- Step 34 The authentication control device (PPPOE server) generates a session id (session identifier), and sends the session id to the user terminal through the PADS (PPPoE activation discovery session message);
- Step 35 Perform LCP (Link Control Protocol) negotiation of PPP between the user terminal and the authentication control device (PPPOE server) to establish link layer communication; at the same time, negotiate to use CHAP (Shield ACK Authentication Protocol) authentication mode. Certified user terminal, providing a 128bit Challenge (challenge code);
- Step 37 After receiving the Challenge message, the user terminal will make the password and challenge message.
- the MD5 algorithm After the MD5 algorithm is encrypted, it is sent to the authentication control device (PPPOE server) in the Response packet (ie, the response packet).
- PPOE server authentication control device
- Step 38 The authentication control device (PPPOE server) sends the Challenge message, Challenge-Password and user name to the RADIUS (Remote User Dial-up Authentication Service) user authentication server of the service provider A for authentication;
- RADIUS Remote User Dial-up Authentication Service
- Step 39 The RADIUS user authentication server of the service provider A identifies the user of the service provider B according to the user name, and then forwards the authentication packet to the service provider B.
- the RADIUS user authentication server performs true authentication; requests an Access-Request message;
- Step 310 The RADIUS user authentication server of the service provider B determines whether the user is legal according to the user information, and then responds to the authentication success/failure message to the RADIUS user authentication server of the service provider A;
- the authentication server of the service provider B sends the access to the authentication server of the service provider A, and the access to the client is Access-Accept/Access-Reject;
- Step 31 The RADIUS user authentication server of the service provider A forwards the authentication success/failure message to the authentication control device (PPPOE server); if successful, carries the negotiation parameter and the user's related service attribute to the user, when the user is obtained.
- the authentication control device PPPoE server
- the authentication control device can perform various control and management on the user's network; if the authentication fails, the process ends.
- Step 312 The authentication control device (PPPOE server) will verify the result (ie
- Step 313 The user performs NCP (Network Control Protocol) negotiation, such as the IPCP (IP Control Protocol) protocol, and obtains the planned IP address and other parameters through the authentication control device (PPPOE server);
- NCP Network Control Protocol
- Step 314 If the authentication is successful, the authentication control device (PPPOE server) initiates a charging start request to the RADIUS user accounting server of the service provider A;
- the authentication control device can send a charging/starting/stopping message to the service provider A, that is, an Accounting-Response/Start > Stop message;
- Step 315 The RADIUS user accounting server of the service provider A finds that the user is a roaming user, and the service provider is the service provider B. Then, the charging packet is forwarded to the RADIUS user accounting server of the service provider B. Real billing;
- Step 316 The RADIUS user accounting server of the service provider B responds to the charging start response message to the RADIUS user accounting server of the service provider A;
- Step 317 The RADIUS user accounting server of the service provider A forwards the response start response message to the authentication control device (PPPoE server).
- PPPoE server The authentication control device
- the access user passes the authentication and obtains the legal authority to perform the network service normally.
- the network connection can also be disconnected through the PPPoE.
- the accounting termination message can be sent according to the packet format transmitted in steps 314 to 317, thereby implementing the charging termination operation.
- Steps 51 to 58 are the same as the processing of steps 31 to 38 shown in Fig. 3, and will not be described in detail herein;
- Step 59 The RADIUS user authentication server of the service provider A determines whether the user is legal according to the user information, and then proceeds to step 510 to respond to the authentication control device with the authentication success/failure message.
- the authentication control device PPPoE server (authentication control device) (authentication control device) can perform various types on the user's network. Control and management; if the authentication fails, the process ends here.
- Step 511 The user performs an NCP (such as IPCP) negotiation, and obtains a planned IP address and other parameters through the authentication control device (PPPOE server).
- NCP such as IPCP
- Step 512 If the authentication is successful, the authentication control device (PPPOE server) initiates a charging start request to the RADIUS user accounting server of the service provider A;
- Step 513 The RADIUS user accounting server of the service provider A responds to the charging start response message to the authentication control device (PPPoE server).
- Step 514 The authentication control device of the service provider B sends the user information to the RADIUS user authentication server of the service provider B for authentication;
- Step 515 The RADIUS user authentication server of the service provider B determines whether the user is legal according to the user information, and then performs step 516 to respond to the authentication control device of the service provider B with the authentication success/failure message to the authentication control device of the service provider B. ;
- the service provider B's authentication control device can enter the user's network.
- Step 517 The authentication control device of the service provider B returns the authentication result to the user terminal. If the authentication is successful, the process proceeds to step 518;
- Step 518 The authentication control device of the service provider B initiates a charging start request to the RADIUS user accounting server of the service provider B;
- Step 519 The RADIUS user accounting server of the service provider B responds to the charging start response message to the authentication control device of the service provider B.
- the user has passed the authentication and obtained the legal authority of the service provider B network/Xibu network, and the network service can be normally carried out. That is, the user can access Service Provider A, Service Provider B, and the external network through two authentications.
- the object of the present invention is to provide a method for implementing synchronous authentication between different authentication control devices, which simplifies the login authentication process of the user accessing the network, and can ensure access by each service provider. Reliable control management for users.
- a method for implementing synchronous authentication between different authentication control devices includes:
- the user accesses the network and initiates authentication by using the authentication control device.
- the primary authentication control device acquires the authentication information of the user from the authentication control device, and sends the authentication information to the primary authentication server of the primary authentication control device;
- the primary authentication server performs authentication processing according to the authentication information of the user.
- the network controlled by the authentication control device controls access to the external network by the network controlled by the primary authentication control device.
- the step B described includes:
- the primary authentication control device actively listens for and obtains the packet carrying the authentication information sent from the authentication control device, and forwards the packet directly or reassembled to the primary authentication server.
- the step B described includes:
- the authentication information of the user is actively sent from the authentication control device to the primary authentication control device, and the primary authentication control device forwards the authentication information directly or re-grouped to the primary authentication server.
- the primary authentication server stores authentication information of the user controlled by the master and the slave authentication control device.
- the method for implementing synchronous authentication between different authentication control devices further includes:
- the authentication information of the user controlled by the authentication control device is stored in the slave authentication server.
- the step C described includes:
- the primary authentication server After the primary authentication server receives the authentication information of the user, the primary authentication server performs authentication processing on the user, and determines whether the authentication information of the user is saved in the secondary authentication server. If yes, the steps are performed. C2, otherwise, no processing;
- the authentication information of the user is sent to the secondary authentication server, and the authentication server performs authentication processing on the user according to the authentication information.
- the method for implementing synchronous authentication between different authentication control devices further includes:
- the primary authentication server obtains charging information from the primary authentication control device, and charges the access user according to the charging information.
- the step D further includes:
- the accounting information is sent from the authentication control device to the primary authentication server through the primary authentication control device, and the primary authentication server performs charging according to the charging information.
- the step D further includes:
- the primary authentication server also transmits the charging information to the secondary authentication server, and the secondary authentication server performs charging based on the charging information.
- the access user only needs to log in once, and the network rights of multiple service providers can be obtained, and the user accesses the network. Provides greater convenience.
- the present invention can ensure that each service provider effectively controls and manages the accessed users, thereby effectively protecting the interests of the service provider.
- each service provider also enables each service provider to be configured only during system installation. Once, there is no need to provide additional maintenance for the authentication control device and the AAA server. For all the service providers of a single user, only one maintenance is required, that is, the user information only needs to be created, modified, deleted, and various maintenance operations, without As described in the solutions provided by the prior art, each service provider requires a maintenance operation once.
- FIG. 1 is a structural diagram of a network networking provided with an AAA server
- FIG. 2 is a network structure diagram 1 of a prior art in which a user initiates authentication to a multi-service provider;
- FIG. 3 is a flowchart of an authentication process of the network shown in FIG. 2;
- FIG. 4 is a network structure diagram 2 of a network in which a user initiates authentication to a multi-service provider in the prior art
- FIG. 5 is a flowchart of an authentication process of the network shown in FIG.
- FIG. 6 is a network structure diagram of a user initiating authentication to a multi-service provider in the present invention
- FIG. 7 is a flowchart of an authentication process of the network shown in FIG.
- the core of the present invention is to initiate an authentication process to an authentication control device of each service provider based on the identity information of the access user when the user accesses the network under the cooperative service provider.
- each service provider is provided with an independent authentication control device, as shown in FIG. 6, and the authentication control device can correspondingly set its own AAA server.
- the authentication control device in the network directly connected to the external network is referred to as a primary authentication control device, and the authentication control device of the service provider B in FIG. 6 will pass through the network directly connected to the external network.
- the authentication control device in other networks connected to the network is referred to as a secondary authentication control device, such as the authentication control device of the service provider A in FIG. 6;
- the authentication information of the user accessing the primary and secondary authentication control devices in the present invention is stored in the primary authentication server corresponding to the primary authentication control device, and the primary authentication server is the AAA of the service provider B in FIG.
- FIG. 7 the specific implementation manner of the method according to the present invention is as shown in FIG. 7, and includes the following steps:
- Step 71 The user terminal sends a PADI message to the authentication control device (ie, PPPOE server) of the service provider A, and starts PPPoE access.
- the authentication control device ie, PPPOE server
- Step 72 After receiving the PADI message, the authentication control device sends a PADO message to the user terminal.
- Step 73 The user terminal sends a PADR request to the authentication control device according to the PADO packet that the authentication control device responds to;
- Step 74 The authentication control device generates a session id (session identifier), and sends the session id to the user terminal.
- Step 75 Perform LCP negotiation of the PPP between the user terminal and the authentication control device to establish link layer communication, and at the same time, negotiate the CHAP authentication mode.
- Step 76 The authentication control device sends the Challenge message to the authentication user terminal to provide a 128-bit Challenge.
- Step 77 After receiving the challenge packet, the user terminal obtains the corresponding authentication information by performing the MD5 algorithm on the password and the challenge, and sends the authentication information to the service provider A in the Response response message.
- step 71 to step 76 The user access processing procedure from step 71 to step 76 is identical to the corresponding processing procedure in the prior art.
- Step 78 After receiving the authentication information, the authentication control device of the service provider A sends the user identity information (ie, authentication information) such as Challenge, Challenge-Password and user name to the authentication control device of the service provider B, that is, Primary authentication control device;
- authentication information ie, authentication information
- Step 79 The authentication control device of the service provider B sends the user identity information to the RADIUS user authentication server of the service provider B for authentication.
- the RADIUS user authentication server of the service provider B and the corresponding AAA server are called primary authentication. Server
- the RADIUS user authentication server of the service provider B determines whether the user is legal according to the user identity information, and performs step 712 if the user identity information is saved in the service.
- Provider A's AAA service On the top of the device, step 771100 is executed. .
- Step 77 ⁇ 00: Service service provides RRAADDIIUUSS for the merchant BB.
- the user authentication service server will forward the user information to the service service.
- RRAADDIIUUSS of the merchant AA confirms the service server with the user;
- Steps 7711 11 There are:: Service service provides the RRAADDIIUUSS for the merchant AA.
- the user authentication certificate server root determines whether the user is disabled according to the user account information. In accordance with the law of law, and then responding to the response should be recognized as a successful certificate / / failure failure report text;
- step 771122 For example, if the result is successful, the number of parameters is negotiated with the carrier, and the user's relevant business is attributed to the user's authority; [step 771122] ::
- the RADIUS user authentication server of the service provider B determines whether the user is legal according to the user information, and then responds to the authentication success/failure message; if successful, carries the negotiation parameter, and the related service attribute of the user. User authorization;
- step 71 1 the RADIUS user authentication server of the service provider B forwards the packet sent by the RADIUS user authentication server of the service provider A to the authentication control device of the service provider B, if the service provider If the RADIUS server of B has user information, the result is directly authenticated. ;
- Step 713 After the authentication control device of the service provider B receives the authentication success/failure message, if the user authorization is successfully obtained, the network of the service provider B can be variously controlled and managed, and the packet is forwarded to the service.
- Provider A's authentication control device for example, the authentication is successful and authorized, the service provider B's authentication control device can manage the users and traffic entering the B network, and if the authentication fails, the user cannot pass the B authentication control device. Enter the B network.
- Step 714 After receiving the packet, the authentication control device of the service provider A can perform various control and management on the network of the service provider A if the user authorization is successfully obtained.
- step 715 is continued.
- Step 715 The user performs an NCP (such as IPCP) negotiation, and obtains a planned IP address and the like through the authentication control device of the service provider A.
- NCP such as IPCP
- Step 716 The NCP negotiation succeeds, and the authentication control device of the service provider A initiates the charging start request to the authentication control device of the service provider B, that is, sends the charging to the authentication control device.
- Step 717 The authentication control device of the monthly service provider B forwards the request to the RADIUS user accounting server of the service provider B;
- step 720 is performed directly, otherwise, step 718 is performed;
- Step 718 The RADIUS user accounting server of the service provider B forwards the request to the RADIUS user accounting server of the service provider A;
- Step 719 The RADIUS user accounting server of the service provider A responds to the charging start response message to the RADIUS user accounting server of the service provider B.
- Step 720 If the step hops from step 717 to the step, the RADIUS user accounting server of the service provider B responds to the charging response message to the authentication control device of the service provider B;
- step 719 If it is step 719 to jump to this step, the received response message is forwarded to the authentication control device of service provider B.
- Step 721 The authentication control device of the service provider B forwards the response message to the authentication control device of the service provider A;
- the user passes the authentication, and obtains the legal access rights of the service provider A, the service provider B, and the external network, and can perform the network service normally.
- the PPPoE server authentication control device
- the PPPoE server can also disconnect the network.
- the corresponding accounting termination is sent according to the packet format in steps 716 to 721. The message, thereby stopping the corresponding charging process.
- the present invention may also adopt the authentication control device of the service provider A not providing the charging information, but only the processing method of providing the charging information by the authentication control device of the service provider B, and performing the charging processing, that is, omitting Steps 716 and 721 in FIG. If the charging is performed only by the service provider B, and A trusts it, it only needs to be charged once; only in the case of no trust, the service providers A and B are required to perform charging, and then the charging is performed. Reconciliation.
- the present invention is applicable not only to PPPoE, but also to all other authentication methods.
- the AAA protocol includes but is not limited to DIAMETER (a new AAA protocol), TACACS (Terminal Access Control Protocol Control System, Terminal Access Control Device Access Control System, an AAA protocol). )Wait. Since the authentication control device of the service provider B needs to synchronize the authentication and charging information with the authentication control device of the service provider A, the authentication control device of the service provider B must acquire the authentication information of the authentication control device of the service provider A.
- the authentication request packet (such as the RADIUS request packet) initiated by the authentication control device of the service provider A must pass the authentication control device of the service provider B.
- the authentication control device of the service provider B can perform the interception of all data packets.
- the device can also listen to the specified packets or the packets of the specified AAA server. Store first, then forward; can also be re-grouped and forwarded as needed;
- the primary authentication control device acts as a proxy server:
- the authentication control device of the service provider A treats the authentication control device of the service provider B as a RADIUS server (RADIUS server), and all the packets are directly sent to the service provider B.
- RADIUS server RADIUS server
- the authentication control device of the monthly service provider B receives, modifies, and sends authentication packets according to the standard RADIUS proxy function.
- the RADIUS proxy needs to re-group the packet and forward it. The received message is stored and then forwarded directly.
- the present invention can make the user only need You can get the legal network permissions of multiple service providers by entering the user name and password once.
- the present invention can also be extended to interconnect between multiple service providers to implement synchronous authentication between multiple authentication control devices.
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Computer And Data Communications (AREA)
- Mobile Radio Communication Systems (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
- Circuit Arrangement For Electric Light Sources In General (AREA)
- Communication Control (AREA)
- Lock And Its Accessories (AREA)
Description
Claims
Priority Applications (3)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US11/631,098 US8336082B2 (en) | 2004-12-13 | 2005-12-13 | Method for realizing the synchronous authentication among the different authentication control devices |
EP05818662A EP1755271B1 (en) | 2004-12-13 | 2005-12-13 | A method for realizing the synchronous authentication among the different authentication control devices |
DE602005007737T DE602005007737D1 (de) | 2004-12-13 | 2005-12-13 | Verfahren zur ausführung einer synchronen authentifizierung zwischen verschiedenen authentifizierungssteuervorrichtungen |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN200410098489A CN100583759C (zh) | 2004-12-13 | 2004-12-13 | 实现不同认证控制设备间同步认证的方法 |
CN200410098489.7 | 2004-12-13 |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2006063511A1 true WO2006063511A1 (fr) | 2006-06-22 |
Family
ID=36587528
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/CN2005/002165 WO2006063511A1 (fr) | 2004-12-13 | 2005-12-13 | Procede permettant de realiser une authentification synchrone parmi differents dispositifs de commande d'authentification |
Country Status (6)
Country | Link |
---|---|
US (1) | US8336082B2 (zh) |
EP (1) | EP1755271B1 (zh) |
CN (1) | CN100583759C (zh) |
AT (1) | ATE399408T1 (zh) |
DE (1) | DE602005007737D1 (zh) |
WO (1) | WO2006063511A1 (zh) |
Families Citing this family (13)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
FR2905488B1 (fr) * | 2006-09-04 | 2011-04-01 | Baracoda | Architecture d'acces a un flux de donnees au moyen d'un terminal utilisateur |
JP4878006B2 (ja) * | 2007-06-15 | 2012-02-15 | シャープ株式会社 | 通信機器、通信方法、通信プログラムおよびそれを記録したコンピュータ読み取り可能な記録媒体 |
GB2456185A (en) * | 2008-01-04 | 2009-07-08 | Wilico Wireless Networking Sol | Providing selected information in response to an attempt to authenticate a mobile device |
CN101296085B (zh) * | 2008-06-23 | 2011-07-13 | 中兴通讯股份有限公司 | 基于分叉的认证方法、系统以及分叉认证装置 |
US9318917B2 (en) * | 2009-04-09 | 2016-04-19 | Sony Corporation | Electric storage apparatus and power control system |
CN102035815B (zh) * | 2009-09-29 | 2013-04-24 | 华为技术有限公司 | 数据获取方法、接入节点和系统 |
CN102480727B (zh) * | 2010-11-30 | 2015-08-12 | 中兴通讯股份有限公司 | 机器与机器通信中的组认证方法及系统 |
JP6113079B2 (ja) * | 2011-01-20 | 2017-04-12 | コーニンクレッカ フィリップス エヌ ヴェKoninklijke Philips N.V. | 認知無線装置の認証及び認可 |
CN103051626B (zh) * | 2012-12-21 | 2016-09-28 | 华为技术有限公司 | 一种认证方法及网络设备 |
CN104125191B (zh) * | 2013-04-23 | 2017-09-26 | 华为技术有限公司 | 基于以太网的点对点协议的处理方法、设备和系统 |
US9203823B2 (en) | 2013-10-30 | 2015-12-01 | At&T Intellectual Property I, L.P. | Methods and systems for selectively obtaining end user authentication before delivering communications |
CN106027565B (zh) * | 2016-07-07 | 2019-04-09 | 杭州迪普科技股份有限公司 | 一种基于pppoe的内外网统一认证的方法和装置 |
CN115664746A (zh) * | 2022-10-18 | 2023-01-31 | 浪潮思科网络科技有限公司 | 一种堆叠系统的认证同步方法、装置、设备及介质 |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20030084282A1 (en) * | 2001-10-31 | 2003-05-01 | Yamaha Corporation | Method and apparatus for certification and authentication of users and computers over networks |
WO2004054302A1 (en) * | 2002-12-09 | 2004-06-24 | Telefonaktiebolaget Lm Ericsson (Publ) | Simultaneous registrations of a user in different service servers with different directory numbers |
CN1553368A (zh) * | 2003-06-02 | 2004-12-08 | ��Ϊ��������˾ | 网络认证、授权和计帐系统及方法 |
Family Cites Families (12)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5553239A (en) * | 1994-11-10 | 1996-09-03 | At&T Corporation | Management facility for server entry and application utilization in a multi-node server configuration |
US6792337B2 (en) * | 1994-12-30 | 2004-09-14 | Power Measurement Ltd. | Method and system for master slave protocol communication in an intelligent electronic device |
US6011910A (en) * | 1997-04-08 | 2000-01-04 | 3Com Corporation | Supporting authentication across multiple network access servers |
US6311275B1 (en) | 1998-08-03 | 2001-10-30 | Cisco Technology, Inc. | Method for providing single step log-on access to a differentiated computer network |
US6601101B1 (en) * | 2000-03-15 | 2003-07-29 | 3Com Corporation | Transparent access to network attached devices |
US7136999B1 (en) * | 2000-06-20 | 2006-11-14 | Koninklijke Philips Electronics N.V. | Method and system for electronic device authentication |
GB2367213B (en) * | 2000-09-22 | 2004-02-11 | Roke Manor Research | Access authentication system |
JP2003198557A (ja) * | 2001-12-26 | 2003-07-11 | Nec Corp | ネットワーク及びそれに用いる無線lan認証方法 |
US7298847B2 (en) * | 2002-02-07 | 2007-11-20 | Nokia Inc. | Secure key distribution protocol in AAA for mobile IP |
US7266100B2 (en) | 2002-11-01 | 2007-09-04 | Nokia Corporation | Session updating procedure for authentication, authorization and accounting |
CN100346605C (zh) * | 2003-06-26 | 2007-10-31 | 华为技术有限公司 | 一种组播源控制的方法和系统 |
JP4000111B2 (ja) * | 2003-12-19 | 2007-10-31 | 株式会社東芝 | 通信装置および通信方法 |
-
2004
- 2004-12-13 CN CN200410098489A patent/CN100583759C/zh active Active
-
2005
- 2005-12-13 WO PCT/CN2005/002165 patent/WO2006063511A1/zh active IP Right Grant
- 2005-12-13 US US11/631,098 patent/US8336082B2/en active Active
- 2005-12-13 DE DE602005007737T patent/DE602005007737D1/de active Active
- 2005-12-13 EP EP05818662A patent/EP1755271B1/en not_active Not-in-force
- 2005-12-13 AT AT05818662T patent/ATE399408T1/de not_active IP Right Cessation
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20030084282A1 (en) * | 2001-10-31 | 2003-05-01 | Yamaha Corporation | Method and apparatus for certification and authentication of users and computers over networks |
WO2004054302A1 (en) * | 2002-12-09 | 2004-06-24 | Telefonaktiebolaget Lm Ericsson (Publ) | Simultaneous registrations of a user in different service servers with different directory numbers |
CN1553368A (zh) * | 2003-06-02 | 2004-12-08 | ��Ϊ��������˾ | 网络认证、授权和计帐系统及方法 |
Also Published As
Publication number | Publication date |
---|---|
US20070234038A1 (en) | 2007-10-04 |
ATE399408T1 (de) | 2008-07-15 |
EP1755271A1 (en) | 2007-02-21 |
US8336082B2 (en) | 2012-12-18 |
CN1790985A (zh) | 2006-06-21 |
EP1755271B1 (en) | 2008-06-25 |
CN100583759C (zh) | 2010-01-20 |
EP1755271A4 (en) | 2007-08-01 |
DE602005007737D1 (de) | 2008-08-07 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
WO2006063511A1 (fr) | Procede permettant de realiser une authentification synchrone parmi differents dispositifs de commande d'authentification | |
JP4394682B2 (ja) | 非信頼アクセスネットワークを介してシングルサインオン認証を行なう装置及び方法 | |
JP4291213B2 (ja) | 認証方法、認証システム、認証代行サーバ、ネットワークアクセス認証サーバ、プログラム、及び記録媒体 | |
CN101150594B (zh) | 一种移动蜂窝网络和无线局域网的统一接入方法及系统 | |
US9749320B2 (en) | Method and system for wireless local area network user to access fixed broadband network | |
CN101127600A (zh) | 一种用户接入认证的方法 | |
JP2006523412A (ja) | 公共のホット・スポットにおけるクライアント端末の自動設定 | |
WO2009026848A1 (en) | Roaming wi-fi access in fixed network architectures | |
KR20040073329A (ko) | 사용자가 인터넷에 접속하는 동안 네트워크 액세스에서사용자를 인증하기 위한 방법 및 시스템 | |
WO2014101449A1 (zh) | 一种无线局域网中接入节点的控制方法及通信系统 | |
WO2008034319A1 (fr) | Procédé, système et dispositif d'authentification destinés à un dispositif de réseau | |
WO2009026839A1 (en) | Pana for roaming wi-fi access in fixed network architectures | |
EP2894904B1 (en) | Wlan user fixed network access method and system | |
WO2014176964A1 (zh) | 一种通信管理方法及通信系统 | |
WO2006058493A1 (fr) | Procede et systeme d'authentification de domaine et d'autorite de reseau | |
WO2004008715A1 (en) | Eap telecommunication protocol extension | |
KR20070010023A (ko) | 서비스로의 액세스를 위해 가상 네트워크로의 액세스를가능하게 하는 클라이언트에 대한 인가 방법 및 시스템 | |
WO2013056619A1 (zh) | 一种身份联合的方法、IdP、SP及系统 | |
WO2010000157A1 (zh) | 接入设备的配置方法、装置及系统 | |
WO2009082950A1 (fr) | Procédé, dispositif et système de distribution de clés | |
WO2013023475A1 (zh) | 共享网络中用户数据的方法和身份提供服务器 | |
JP4584776B2 (ja) | ゲートウェイ装置およびプログラム | |
WO2007112624A1 (fr) | Procédé d'authentification, procédé de négociation du type d'authentification, et dispositif de fourniture d'accès au réseau | |
CN102282800A (zh) | 一种终端认证方法及装置 | |
WO2009018774A1 (fr) | Procédé, appareil et système de connexion de session dans un système de communication |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
AK | Designated states |
Kind code of ref document: A1 Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BW BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE EG ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KM KN KP KR KZ LC LK LR LS LT LU LV LY MA MD MG MK MN MW MX MZ NA NG NI NO NZ OM PG PH PL PT RO RU SC SD SE SG SK SL SM SY TJ TM TN TR TT TZ UA UG US UZ VC VN YU ZA ZM ZW |
|
AL | Designated countries for regional patents |
Kind code of ref document: A1 Designated state(s): BW GH GM KE LS MW MZ NA SD SL SZ TZ UG ZM ZW AM AZ BY KG KZ MD RU TJ TM AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IS IT LT LU LV MC NL PL PT RO SE SI SK TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG |
|
121 | Ep: the epo has been informed by wipo that ep was designated in this application | ||
WWE | Wipo information: entry into national phase |
Ref document number: 2005818662 Country of ref document: EP |
|
WWE | Wipo information: entry into national phase |
Ref document number: 2007234038 Country of ref document: US Ref document number: 11631098 Country of ref document: US |
|
WWP | Wipo information: published in national office |
Ref document number: 2005818662 Country of ref document: EP |
|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
WWP | Wipo information: published in national office |
Ref document number: 11631098 Country of ref document: US |
|
WWG | Wipo information: grant in national office |
Ref document number: 2005818662 Country of ref document: EP |