WO2011088693A1 - 一种在公共设备上接入网络的方法及系统 - Google Patents
一种在公共设备上接入网络的方法及系统 Download PDFInfo
- Publication number
- WO2011088693A1 WO2011088693A1 PCT/CN2010/077835 CN2010077835W WO2011088693A1 WO 2011088693 A1 WO2011088693 A1 WO 2011088693A1 CN 2010077835 W CN2010077835 W CN 2010077835W WO 2011088693 A1 WO2011088693 A1 WO 2011088693A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- aid
- user
- public device
- asn
- network
- Prior art date
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04M—TELEPHONIC COMMUNICATION
- H04M3/00—Automatic or semi-automatic exchanges
- H04M3/42—Systems providing special services or facilities to subscribers
- H04M3/42229—Personal communication services, i.e. services related to one subscriber independent of his terminal and/or location
- H04M3/42263—Personal communication services, i.e. services related to one subscriber independent of his terminal and/or location where the same subscriber uses different terminals, i.e. nomadism
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04M—TELEPHONIC COMMUNICATION
- H04M3/00—Automatic or semi-automatic exchanges
- H04M3/42—Systems providing special services or facilities to subscribers
- H04M3/42229—Personal communication services, i.e. services related to one subscriber independent of his terminal and/or location
- H04M3/42263—Personal communication services, i.e. services related to one subscriber independent of his terminal and/or location where the same subscriber uses different terminals, i.e. nomadism
- H04M3/42272—Personal communication services, i.e. services related to one subscriber independent of his terminal and/or location where the same subscriber uses different terminals, i.e. nomadism whereby the subscriber registers to the terminals for personalised service provision
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/12—Applying verification of the received information
- H04L63/126—Applying verification of the received information the source of the received data
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/30—Network architectures or network communication protocols for network security for supporting lawful interception, monitoring or retaining of communications or communication related information
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04M—TELEPHONIC COMMUNICATION
- H04M2203/00—Aspects of automatic or semi-automatic exchanges
- H04M2203/60—Aspects of automatic or semi-automatic exchanges related to security aspects in telephonic communication systems
- H04M2203/6081—Service authorization mechanisms
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04M—TELEPHONIC COMMUNICATION
- H04M3/00—Automatic or semi-automatic exchanges
- H04M3/22—Arrangements for supervision, monitoring or testing
- H04M3/2281—Call monitoring, e.g. for law enforcement purposes; Call tracing; Detection or prevention of malicious calls
Definitions
- the present invention relates to the field of mobile communications and the Internet, and more particularly to a method and system for accessing a network on a public device.
- IP Internet Protocol
- a public device accesses a network, it directly uses the IP address of the public device to communicate with other users, and the network supervisor cannot perform access to the user accessing the network on the public device. Tracking and traceability.
- IP Internet Protocol
- the Internet requires an ID card, but many Internet cafes still cannot identify the authenticity of the document, and even if there is no legal document, they can use the public ID provided by the Internet cafe to access the Internet. This has brought great difficulties to the tracking and traceability of network regulators.
- the user can log in to his business account on the public device, such as mail, internet banking, etc., but cannot implement the user network layer IP. Bind to the application layer service, once the account is lost, it will bring great losses to the user. If the user network layer IP is bound to the application layer service on the traditional IP technology, when the user accesses the network on the public device, the application layer service cannot be accessed because the IP address of the network layer is different. For network regulators, the supervision of users is also weakened because account and user IP cannot be bound.
- the ambiguity of the identity and location of the traditional IP address also prevents the user from binding the application layer service with the network layer IP, so that the security of the application layer service cannot be more effectively guaranteed.
- the technical problem to be solved by the present invention is to provide a method and system for accessing a network on a public device, which can effectively trace and trace users accessing the network on a public device in the identity identification and location separation network.
- the present invention provides a method for accessing a network on a public device, which is applied to an identity identification and a location separation network, and the method includes:
- the user inputs an access identity (AID) and authentication information on the public device to initiate an access network request;
- AID access identity
- the access server After receiving the access network request, the access server (ASN) sends an authentication to the authentication center (AC) to verify the validity of the AID information of the user, and forwards the response of the access network returned by the AC to the Public equipment; and
- the public device After the public device receives the response from the access network, if the validity verification of the AID information of the user is passed by the AC, the AID of the user is used as a virtual AID, and the user is performed by using the virtual AID.
- the transmission and reception of ⁇ After the public device receives the response from the access network, if the validity verification of the AID information of the user is passed by the AC, the AID of the user is used as a virtual AID, and the user is performed by using the virtual AID. The transmission and reception of ⁇ .
- the AC is used to store the AID of the user in the network and the authentication information, and after receiving the access network request of the user, verify the validity of the AID information of the user as follows: According to the access network The AID of the user in the request is queried locally to the corresponding authentication information. If the queried authentication information is consistent with the verification information in the access network request, the user is determined to pass the verification; if the queried verification information and the queried If the verification information in the access network request is inconsistent, it is determined that the user fails to pass the verification.
- the AID of the user is included in the returned access network response.
- the ASN receives the response from the access network, if the validity verification of the AID information of the user is passed by the AC, the AID of the user is attached, and the AID of the user is established.
- the ASN After receiving the access network response, the ASN establishes a mapping table between the AID of the user and the AID of the public device if the validity verification of the AID information of the user by the AC is passed.
- the ASN sets the AID attribute of the user to a virtual AID, and sets the virtual AID as a source address or a virtual AID, while establishing a mapping table of the AID of the user and the AID of the public device.
- the mapping table is queried to obtain the AID of the public device, and traffic statistics or charging is performed on the public device.
- the user accesses the network on the public device, after being online in the network, when the user is offline,
- the user sends an offline request on the public device, and the ASN sends the offline request to the AC;
- the AC After deleting the online status of the user in the network, the AC sends an offline request response to the ASN;
- the invention also provides a system for accessing a network on a public device by using an identity identifier, which is applied to an identity identification and a location separation network, the system comprising an access server (ASN), a public device and an authentication center (AC), wherein
- ASN access server
- AC authentication center
- the public device is configured to initiate an access network request to the ASN according to an identity (AID) and authentication information input by the user; and after receiving the access network response, if the AC is valid for the AID information of the user If the authentication is successful, the user's AID is used as the virtual AID, and the user's packet is sent and received using the virtual AID.
- AID identity
- the public device is configured to initiate an access network request to the ASN according to an identity (AID) and authentication information input by the user; and after receiving the access network response, if the AC is valid for the AID information of the user If the authentication is successful, the user's AID is used as the virtual AID, and the user's packet is sent and received using the virtual AID.
- the ASN is configured to: after receiving the access network request, send the response to the AC; and forward the access network response returned by the AC to the public device;
- the AC is configured to verify validity of the AID information of the user, and return an access network response to the ASN.
- the system further includes an identity identifier and an address registration register (ILR), and the ASN is further configured to: after receiving the response from the access network, if the validity verification of the AID information of the user by the AC is passed, And attaching the AID of the user, establishing a mapping relationship between the AID of the user and the RID of the ASN, and collecting the ILR of the user;
- ILR address registration register
- the ILR is configured to: save a mapping relationship between the AID of the user and the RID of the ASN; and, after receiving a mapping relationship query request initiated by another ASN according to the AID of the user, the AID corresponding to the user The RID is returned to the ASN that initiated the query request.
- the ASN is further configured to:
- the ASN is further configured to prohibit the managed public device from accessing a user or device other than the AC.
- the above implementation is based on the identity identification and location separation network, and utilizes the network-wide uniqueness of the user AID to implement the user accessing the network on the public device.
- the above embodiments are used to fully utilize the superiority of the identity identifier and the location identifier to separate the network, and the user accessing the network on the public device can be effectively performed on the basis of the unique AID of the entire network. Tracking and traceability.
- FIG. 1 is a schematic structural diagram of a SILSN according to an embodiment of the present invention.
- FIG. 2 is a schematic flowchart of a user accessing a network on a public device according to an embodiment of the present invention
- FIG. 4 is a schematic flowchart of processing an ASN to process a packet from a public device according to an embodiment of the present invention
- FIG. 5 is a schematic flowchart of processing an ASN to process a packet from another ASN according to an embodiment of the present invention
- FIG. 6 is a schematic flowchart of a user offline according to an embodiment of the present invention.
- the present invention proposes a system architecture of the Subscriber Identifier & Locator Separation Network (SILSN) as shown in FIG.
- the SILSN system consists of an Access Service Node (ASN), a User (User), an Authentication Center (AC) 11 and an Identification and Location Register (Identity & Location Register). Referred to as ILR) 12 and other components.
- ASN Access Service Node
- User User
- AC Authentication Center
- ILR Identification and Location Register
- ASN is mainly responsible for user access, and assumes functions such as billing and switching; ILR is set to assume user's location registration and identity location identification, and location query function; AC is responsible for authenticating user access.
- identifiers in the above-mentioned SILSN architecture network There are two types of identifiers in the above-mentioned SILSN architecture network: Access Identifier (AID) and Routing Identifier (RID).
- AID is the identity of the user, and the identifier is only assigned to the user and is unique to the entire network, and the identity can be uniquely changed in the network transmission, and the AID does not change when the user moves in the network. , the only network.
- the user and the user use the RID of the ASN to which they are attached to route the communication message. It should be noted that the identity and location identifiers may have different names in different SILSN architectures, but the essence is the same.
- the above SILSN network has the following features: Each user in the network can only access after strict authentication, and the user sends the AID in the data packets sent by the various services, and each data packet sent by the user must be After ASN authentication, the data packets sent by the user are carried by their own access identity, and the AID of other users is not impersonated to access the network, and the access identity remains unchanged when transmitted over the network. This logo does not change when a move or switch occurs.
- users Userl and User2 respectively have unique access identifiers AID1 and AID2, and Userl and User2 access the network through ASN1 and ASN2, respectively.
- User2 accesses the network normally, that is, the user equipment (User Equipment, UE for short) is used to access the network.
- the AID of the UE is the AID that User2 uses to bind to the service.
- Userl is in public The device accesses the network. Because the AID of the public device is not the AID owned by User1, it cannot be bound to the application service of the user.
- the basic implementation idea of the present invention is as follows:
- the network administrator stores the user's AID and password in the AC, and the user accesses the network by using his own AID and password; the AC's AID to the user And the password is authenticated. After the user passes the authentication, the user's AID is bound to the public device as a virtual AID.
- the user's AID can be bound to the application service:
- the public device uses the user's AID as the local AID, and the application on the device uses the user's AID when processing network-related events.
- the present invention solves the problem of accessing a network on a public device based on a SILSN network by using the following scheme:
- the user inputs an AID and authentication information on the public device to initiate an access network request;
- the ASN After receiving the access network request, the ASN sends an AC to the AC to verify the validity of the AID information of the user, and forwards the access network response returned by the AC to the public device.
- the public device After receiving the access network response, the public device, if the verification is passed, the AID of the user, wherein the AC can locally store the user's AID and the authentication information when the user accesses the network, and receive the user's access network request.
- the validity of the AID information of the user is verified as follows: the corresponding authentication information is locally queried according to the AID of the user in the access network request, if the queried authentication information and the access network request If the verification information in the agreement is consistent, it is determined that the user passes the verification; otherwise, it is determined that the user has not passed the verification.
- the AC carries the user's in the returned access network response.
- the ASN attaches the AID of the user according to the AID of the user in the access network request or the access network response, and establishes a mapping relationship between the AID of the user and the RID of the ASN. And report to the user's identity and location registration register (IRR). Further, if the verification is passed, the ASN establishes a mapping table of the AID of the user and the AID of the public device; and simultaneously sets the AID attribute of the user as a virtual AID, and receives the virtual AID as a source address. Or the packet of the destination address, querying the mapping table to obtain the AID of the public device, and performing traffic statistics on the public device.
- IRR identity and location registration register
- the ASN will prohibit public devices from accessing users other than the AC.
- Figure 2 shows the flow of a user accessing a network on a public device using an identity.
- the user enters his own AID and password on the public device, requests access to the network, and the access request is sent to the AC for processing.
- the AC verifies the access request from the public device according to the stored AID and password information of the User.
- the process may specifically include the following steps:
- S200 The user inputs an AID on the public device, and then sends an access network request message, where the request message includes the user's AID and the verification information, and the verification information may be a password, a verification code, or other information, which is a password in this example;
- the source AID in the request message is the AID of the public device, and the destination is AC;
- the ASN receives an access network request message from a user of the public device, and forwards the request message to the AC processing.
- the AC receives the access network request information from the public device, and extracts the request message.
- the user's AID and password are compared with the corresponding AID and password stored in the AC. If they are consistent, the full certificate is successful, otherwise the 3 full certificate fails;
- the AC sends an access network request response message to the user through the ASN.
- the AID of the user is carried in the response message;
- the ASN receives the User access network authentication response message from the AC, and if the authentication passes, the ASN is based on the AID in the received authentication response message or the AID in the access network request message received in step S210.
- the AID of the user is attached, and the ⁇ , RID> mapping relationship is established with the RID of the ASN itself, and the form of the User and the public device is ⁇ , AID ⁇
- the AID mapping table optionally, the ASN sets the AID attribute of the User to the User virtual AID; if the authentication fails, the ASN directly forwards the access network authentication response message from the AC;
- the public device After the public device receives the identity information authentication request response message, if the authentication is passed, the public device uses the AID in the received authentication response message or the AID input by the user according to step S200, and the AID of the user is used in the system.
- a virtual AID the network behavior of the User on the public device will use the virtual AID as the source AID;
- the public device will use the AID of the user to send and receive data packets.
- the source AID in the access request message sent is the virtual AID.
- the ASN reports the ⁇ AID, RID> mapping relationship of the User to the ILR.
- the ASN establishes the ⁇ 0,1 10> mapping relationship of the user, and reports to the ILR to explain that the AID of the user is attached to the ASN, so that other ASNs can query the ILR according to the AID of the user to obtain the corresponding RID information. And sending a message to the ASN according to the queried RID information.
- the S270JLR After the S270JLR records or updates the ⁇ , RID> mapping relationship of the User, it returns the report mapping relationship response information to the ASN.
- the ILR After receiving the mapping request of the other ASN to the user, the ILR returns the RID corresponding to the AID of the user to the querying party.
- S260 and S270 can also be implemented before S250.
- the order of implementation depends on the internal implementation of ASN.
- Figure 3 shows the packet forwarding process for users to access the Internet on public devices.
- the user's online behavior on the public device is basically consistent with the user's online behavior on the device. It complies with the network manager and the regulatory agency's tracking and traceability requirements for the user, and also solves the problem between the user network layer AID and the application layer service. Binding problem. The difference is that the ASN needs to count the traffic of the public device to manage the public device.
- the process may specifically include the following steps:
- the public device not only has its own AID, but its system also allows users who successfully access the network on the public device to attach their AID to the public device. That is to say, when the AID of the user is attached to the public device, the AID used by the public device to send and receive messages is the virtual AID of the user, not the AID of the public device. When the user exits the network, the virtual AID will also be deleted. Thereafter, the AID used by the public device to send and receive messages is its own AID.
- the ASN1 receives the packet from the public device, checks the source AID as the virtual AID, and then uses the AID to query the AID of the User1 and the AID mapping table of the public device, query the AID of the public device, and perform traffic on the public device.
- ASN1 queries the ILR according to the destination AID in the communication request message of User1, that is, the AID of User2 to obtain the corresponding RID (RID of ASN2), and can use the RID of ASN1 as the source RID and the RID of ASN2 as the destination RID.
- the route is forwarded to ASN2;
- the ASN2 de-encapsulates the RID and forwards the communication request of the User1 to the User2;
- the ASN2 encapsulates the source RID (the RID of the ASN2) and the destination RID (the RID of the ASN1) in the reply message, and then forwards to the ASN1.
- This example is based on the case where User1 initiates communication with User2. If User2 initiates communication with User1, ASN2 queries the ILR according to the destination address in the communication request packet of User2, that is, the AID of User1, and obtains the RID of the corresponding ASN1. The packet is encapsulated in the packet and forwarded to ASN1.
- the communication process is similar to this example, and is not mentioned here.
- ASN1 receives the 4 ⁇ message from ASN2, checks to obtain the destination AID as the virtual AID, and then uses the AID to query the AID mapping table of the User1 and the public device, obtains the AID of the public device, and performs traffic statistics on the public device.
- the ASN1 forwards the reply message of the user2 to
- ASN1 uses the AID of Userl and the AID mapping table of the public device to check It is only one of the functions of ASN to query the AID of the public device for traffic statistics.
- the functions that ASN1 can have according to the AID mapping table are not limited to traffic statistics, but also include the functions of recording the specific location of Userl access to the network and charging for public devices.
- Figure 4 shows the ASN processing packet flow from the public device.
- the ASN needs to check if the source AID is the AID of the public device. If so, it is necessary to prohibit public devices from directly accessing non-AC destinations.
- the process may specifically include the following steps:
- the ASN receives a message from a public device (such as an Internet cafe PC);
- step S410 The ASN extracts the source AID in the packet, and determines whether it is the AID of the public device. If yes, the process goes to step S420; otherwise, the process branches to step S430.
- the ASN can find the source AID according to the list of all the AIDs on the ASN, and then check whether the source AID is a public device by checking the attributes of the source AID.
- the AID can determine whether the source AID is a public device by using various other methods.
- the ASN can record the AID of all the public devices on the ASN, and separately save the AID list of the public device; Determine whether the source AID is a public device according to the AID list of the public device being filed, and so on. It is not listed here one by one.
- the ASN determines whether the destination of the packet is AC, and if yes, jumps to step S470, and normally forwards "3 ⁇ 4 text; otherwise, jumps to step S460 to discard the text;
- the ASN determines whether the AID attribute is a virtual user, that is, whether the user accesses the virtual AID of the network on the public device, and if so, jumps to step S440; otherwise, jumps to step S470. , normal forwarding;
- Step S440 Query whether there is a corresponding AID mapping table between the public device and the public device AID according to the virtual AID of the user accessing the network on the public device. If there is an AID mapping table, jump to step S450; otherwise, jump to Step S460, discarding the text;
- the ASN performs traffic statistics on the public device according to the queried AID mapping table; go to step 470; S460, discarding the text; ending;
- S470 Forwards the packet normally. It should be noted that S470 is jumped from step S420, S430 or S450.
- the ASN processes the packet flow from the public device.
- Figure 5 shows the flow of ASN processing packets from other ASNs.
- the ASN needs to determine if the destination AID is accessing the user virtual AID of the network on the public device.
- the process may specifically include the following steps:
- the ASN extracts the source AID and the destination AID of the message
- the ASN determines whether the destination AID is a public device AID, and if yes, jumps to step S520; otherwise, jumps to step S530;
- step S520 The ASN determines whether the packet is from the AC, and if yes, the process proceeds to step S570, and the packet is forwarded normally; otherwise, the process proceeds to step S560, and the packet is discarded;
- the ASN determines whether the destination AID of the packet is connected to the user virtual AID of the network on the public device, and if yes, the process proceeds to step S540; otherwise, the process proceeds to step S570, and the packet is forwarded normally;
- the destination AID of the packet is a user virtual AID that accesses the network on the public device, and the ASN queries whether there is an AID mapping table with the public device AID according to the AID, and if yes, jumps to step S550; otherwise, jumps Go to step S560 and discard the packet.
- the ASN calculates the traffic of the public device according to the AID of the public device; go to step 570;
- the ASN processes the message flow from other ASNs.
- Figure 6 shows the flow of the user offline.
- the user has access to the network on the public device. After the user is online, when the user needs to go offline, the offline request is sent to the AC.
- the AC, ILR, and ASN are required. Delete the record associated with this user AID.
- the process specifically includes the following steps:
- the ASN receives the offline request of the User1, and forwards the request to the AC.
- S620 The AC receives an offline request from User1, and deletes the online state of Userl in the network.
- S630 The AC sends an offline request response to the ASN, and notifies the ASN to delete the Userl related information.
- the ASN receives the offline request response message from the AC, releases the AID attachment of the User1, and deletes the AID mapping table between the AID of the Userl and the AID of the public device;
- ASN reports the ⁇ 10, 1 10> mapping relationship update of Userl to the ILR, and requests to delete the ⁇ AID, RID> mapping relationship of Userl;
- the ILR deletes the ⁇ 0, RID> mapping relationship of the User1, and sends a mapping relationship deletion response to the ASN.
- S670 The ASN sends an offline successful response message to the public device, and deletes the virtual AID of the User1 attached to the public device.
- the method and system for accessing a network on a public device utilizes the uniqueness of the entire network of the user AID to realize the user accessing the network on the public device; and fully utilizing the superiority of the identity identifier and the location identifier to separate the network, Based on the unique AID of the whole network, users who access the network on public devices can be effectively tracked and traced.
Landscapes
- Engineering & Computer Science (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
- Mobile Radio Communication Systems (AREA)
- Telephonic Communication Services (AREA)
Abstract
Description
Claims
Priority Applications (3)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
EP10843733.6A EP2512087B1 (en) | 2010-01-20 | 2010-10-18 | Method and system for accessing network through public device |
US13/520,236 US9686256B2 (en) | 2010-01-20 | 2010-10-18 | Method and system for accessing network through public device |
JP2012549233A JP5451901B2 (ja) | 2010-01-20 | 2010-10-18 | 公共設備でネットワークにアクセスする方法及びシステム |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN2010100028507A CN102130975A (zh) | 2010-01-20 | 2010-01-20 | 一种用身份标识在公共设备上接入网络的方法及系统 |
CN201010002850.7 | 2010-01-20 |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2011088693A1 true WO2011088693A1 (zh) | 2011-07-28 |
Family
ID=44268863
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/CN2010/077835 WO2011088693A1 (zh) | 2010-01-20 | 2010-10-18 | 一种在公共设备上接入网络的方法及系统 |
Country Status (6)
Country | Link |
---|---|
US (1) | US9686256B2 (zh) |
EP (1) | EP2512087B1 (zh) |
JP (1) | JP5451901B2 (zh) |
KR (1) | KR20120102765A (zh) |
CN (1) | CN102130975A (zh) |
WO (1) | WO2011088693A1 (zh) |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103108299A (zh) * | 2011-11-10 | 2013-05-15 | 中兴通讯股份有限公司 | 数据通信方法、接入服务路由器、身份位置寄存器及系统 |
CN103108300A (zh) * | 2011-11-10 | 2013-05-15 | 中兴通讯股份有限公司 | 位置更新方法及移动路由器-接入服务路由器 |
Families Citing this family (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102130887B (zh) * | 2010-01-20 | 2019-03-12 | 中兴通讯股份有限公司 | 一种在公共设备上接入网络的方法及系统 |
CN102131197B (zh) * | 2010-01-20 | 2015-09-16 | 中兴通讯股份有限公司 | 一种在公共设备上接入网络的方法及系统 |
CN103095657A (zh) * | 2011-11-03 | 2013-05-08 | 中兴通讯股份有限公司 | 一种用户接入方法、接入服务路由器及用户接入系统 |
CN104579969B (zh) * | 2013-10-29 | 2019-04-23 | 中兴通讯股份有限公司 | 报文发送方法及装置 |
WO2017043179A1 (ja) | 2015-09-09 | 2017-03-16 | ソニー株式会社 | 通信装置および通信方法 |
CN110868446A (zh) * | 2019-08-29 | 2020-03-06 | 北京大学深圳研究生院 | 一种后ip的主权网体系架构 |
CN114143854B (zh) * | 2020-09-04 | 2023-10-20 | 华为技术有限公司 | 一种通信方法及设备 |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101127663A (zh) * | 2007-09-13 | 2008-02-20 | 北京交通大学 | 一种移动自组织网络接入一体化网络的系统及方法 |
CN101217823A (zh) * | 2008-01-18 | 2008-07-09 | 中兴通讯股份有限公司 | 一种实名制的通信方法 |
CN101355564A (zh) * | 2008-09-19 | 2009-01-28 | 广东南方信息安全产业基地有限公司 | 一种实现可信局域网及互联网的方法 |
Family Cites Families (23)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20020007411A1 (en) * | 1998-08-10 | 2002-01-17 | Shvat Shaked | Automatic network user identification |
US6728536B1 (en) * | 2000-05-02 | 2004-04-27 | Telefonaktiebolaget Lm Ericsson | Method and system for combined transmission of access specific access independent and application specific information over public IP networks between visiting and home networks |
AU2002255000A1 (en) * | 2002-05-01 | 2003-11-17 | Telefonaktiebolaget Lm Ericsson (Publ) | System, apparatus and method for sim-based authentication and encryption in wireless local area network access |
CN1243434C (zh) * | 2002-09-23 | 2006-02-22 | 华为技术有限公司 | 基于远程认证的网络中实现eap认证的方法 |
CN100419736C (zh) | 2002-10-16 | 2008-09-17 | 株式会社Ntt都科摩 | 服务验证系统、认证要求终端、服务使用终端及提供方法 |
US20040166874A1 (en) * | 2002-11-14 | 2004-08-26 | Nadarajah Asokan | Location related information in mobile communication system |
CN100362800C (zh) * | 2003-07-11 | 2008-01-16 | 华为技术有限公司 | 一种通过数据报文触发用户终端上线的方法 |
US20050026596A1 (en) * | 2003-07-28 | 2005-02-03 | Oren Markovitz | Location-based AAA system and method in a wireless network |
US20060072541A1 (en) * | 2004-09-28 | 2006-04-06 | Vivian Pecus | Network management system & method |
KR100645512B1 (ko) | 2004-09-30 | 2006-11-15 | 삼성전자주식회사 | 통신 시스템에서 네트워크 접속에 대한 사용자 인증 장치및 그 방법 |
US20090049192A1 (en) * | 2005-03-22 | 2009-02-19 | Feeva Technology Inc. | Systems and methods of network operation and information processing, including use of unique/anonymous identifiers throughout all stages of information processing and delivery |
US8347063B2 (en) * | 2005-08-19 | 2013-01-01 | Intel Corporation | Method and system for device address translation for virtualization |
US20070174429A1 (en) * | 2006-01-24 | 2007-07-26 | Citrix Systems, Inc. | Methods and servers for establishing a connection between a client system and a virtual machine hosting a requested computing environment |
CN1845491A (zh) * | 2006-02-20 | 2006-10-11 | 南京联创通信科技有限公司 | 802.1x的接入认证方法 |
US8151322B2 (en) * | 2006-05-16 | 2012-04-03 | A10 Networks, Inc. | Systems and methods for user access authentication based on network access point |
US20080028445A1 (en) * | 2006-07-31 | 2008-01-31 | Fortinet, Inc. | Use of authentication information to make routing decisions |
TWI348850B (en) * | 2007-12-18 | 2011-09-11 | Ind Tech Res Inst | Packet forwarding apparatus and method for virtualization switch |
JP4993122B2 (ja) | 2008-01-23 | 2012-08-08 | 大日本印刷株式会社 | プラットフォーム完全性検証システムおよび方法 |
US8838488B1 (en) * | 2008-04-16 | 2014-09-16 | Sprint Communication Company L.P. | Maintaining a common identifier for a user session on a communication network |
CN101369893B (zh) * | 2008-10-06 | 2010-08-18 | 中国移动通信集团设计院有限公司 | 一种对临时用户进行局域网络接入认证的方法 |
KR101084769B1 (ko) * | 2008-12-23 | 2011-11-21 | 주식회사 케이티 | 위치자/식별자 분리 기반의 네트워크 이동성 지원 시스템 및 그 방법 |
CN102131197B (zh) * | 2010-01-20 | 2015-09-16 | 中兴通讯股份有限公司 | 一种在公共设备上接入网络的方法及系统 |
CN102130887B (zh) * | 2010-01-20 | 2019-03-12 | 中兴通讯股份有限公司 | 一种在公共设备上接入网络的方法及系统 |
-
2010
- 2010-01-20 CN CN2010100028507A patent/CN102130975A/zh active Pending
- 2010-10-18 JP JP2012549233A patent/JP5451901B2/ja not_active Expired - Fee Related
- 2010-10-18 US US13/520,236 patent/US9686256B2/en active Active
- 2010-10-18 WO PCT/CN2010/077835 patent/WO2011088693A1/zh active Application Filing
- 2010-10-18 KR KR1020127017881A patent/KR20120102765A/ko not_active Application Discontinuation
- 2010-10-18 EP EP10843733.6A patent/EP2512087B1/en not_active Not-in-force
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101127663A (zh) * | 2007-09-13 | 2008-02-20 | 北京交通大学 | 一种移动自组织网络接入一体化网络的系统及方法 |
CN101217823A (zh) * | 2008-01-18 | 2008-07-09 | 中兴通讯股份有限公司 | 一种实名制的通信方法 |
CN101355564A (zh) * | 2008-09-19 | 2009-01-28 | 广东南方信息安全产业基地有限公司 | 一种实现可信局域网及互联网的方法 |
Non-Patent Citations (1)
Title |
---|
See also references of EP2512087A4 * |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103108299A (zh) * | 2011-11-10 | 2013-05-15 | 中兴通讯股份有限公司 | 数据通信方法、接入服务路由器、身份位置寄存器及系统 |
CN103108300A (zh) * | 2011-11-10 | 2013-05-15 | 中兴通讯股份有限公司 | 位置更新方法及移动路由器-接入服务路由器 |
CN103108300B (zh) * | 2011-11-10 | 2018-01-30 | 中兴通讯股份有限公司 | 位置更新方法及移动路由器‑接入服务路由器 |
Also Published As
Publication number | Publication date |
---|---|
EP2512087B1 (en) | 2018-09-19 |
EP2512087A1 (en) | 2012-10-17 |
EP2512087A4 (en) | 2016-11-09 |
JP2013517716A (ja) | 2013-05-16 |
CN102130975A (zh) | 2011-07-20 |
US20120284407A1 (en) | 2012-11-08 |
JP5451901B2 (ja) | 2014-03-26 |
US9686256B2 (en) | 2017-06-20 |
KR20120102765A (ko) | 2012-09-18 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
WO2011088693A1 (zh) | 一种在公共设备上接入网络的方法及系统 | |
US20170295185A1 (en) | System and method to associate a private user identity with a public user identity | |
CN103067337B (zh) | 一种身份联合的方法、IdP、SP及系统 | |
WO2006017979A1 (fr) | Systeme de messages multimedia et procede de transmission de messages multimedia | |
WO2011088694A1 (zh) | 一种在公共设备上接入网络的方法及系统 | |
WO2012034301A1 (zh) | 一种diameter路由方法和系统 | |
WO2011088695A1 (zh) | 一种在公共设备上接入网络的方法及系统 | |
WO2011035667A1 (zh) | 实现网间漫游的方法、系统及查询和网络附着方法及系统 | |
WO2011079650A1 (zh) | 即时通讯控制的实现方法和系统 | |
WO2011082583A1 (zh) | 数据报文分类处理的实现方法、网络、终端及互通服务节点 | |
WO2011047571A1 (zh) | 防范垃圾电子邮件的实现方法和系统 | |
WO2011131002A1 (zh) | 身份管理方法及系统 | |
JP4080402B2 (ja) | 名前解決・認証方法及び装置 | |
JP2010501131A (ja) | 通信ネットワークにおける端末機器の緊急メッセージを転送する方法 | |
US20110035482A1 (en) | Method for Disconnecting Multiple Hosts from Network, and Network Management Device | |
WO2011035577A1 (zh) | 一种实现行业应用平台异地多媒体消息发送的方法及系统 | |
WO2011063657A1 (zh) | 反垃圾邮件的方法与系统 | |
WO2013064000A1 (zh) | 一种获取用户位置信息的系统和方法 | |
JP2004220075A (ja) | ネットワーク認証アクセス制御サーバ、アプリケーション認証アクセス制御サーバ、および統合型認証アクセス制御システム | |
WO2012075770A1 (zh) | 身份位置分离网络的阻断方法和系统 | |
KR20050077976A (ko) | 무선 데이터 서비스를 위한 사용자의 세션 정보 제공 방법및 시스템 | |
KR100986326B1 (ko) | 로밍 사용자 세션 관리 방법 | |
CN103108325A (zh) | 一种信息安全传输方法及系统及接入服务节点 | |
WO2011054230A1 (zh) | 电子公告板管理方法、系统、终端和服务器 |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 10843733 Country of ref document: EP Kind code of ref document: A1 |
|
WWE | Wipo information: entry into national phase |
Ref document number: 13520236 Country of ref document: US |
|
ENP | Entry into the national phase |
Ref document number: 20127017881 Country of ref document: KR Kind code of ref document: A |
|
WWE | Wipo information: entry into national phase |
Ref document number: 2010843733 Country of ref document: EP |
|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
WWE | Wipo information: entry into national phase |
Ref document number: 2012549233 Country of ref document: JP |