WO2012142867A1 - Authentication notification method and system - Google Patents

Authentication notification method and system Download PDF

Info

Publication number
WO2012142867A1
WO2012142867A1 PCT/CN2012/071293 CN2012071293W WO2012142867A1 WO 2012142867 A1 WO2012142867 A1 WO 2012142867A1 CN 2012071293 W CN2012071293 W CN 2012071293W WO 2012142867 A1 WO2012142867 A1 WO 2012142867A1
Authority
WO
WIPO (PCT)
Prior art keywords
bng
authentication
address
dhcp
requests
Prior art date
Application number
PCT/CN2012/071293
Other languages
French (fr)
Chinese (zh)
Inventor
尤建洁
Original Assignee
中兴通讯股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 中兴通讯股份有限公司 filed Critical 中兴通讯股份有限公司
Publication of WO2012142867A1 publication Critical patent/WO2012142867A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • H04W12/069Authentication using certificates or pre-shared keys

Definitions

  • the present invention relates to the field of mobile communications, and in particular, to an authentication notification method and system. Background technique
  • multimode terminals can realize seamless connection between different types of wireless access networks, such as cellular universal mobile communication system (UMTS, Universal Mobile Telecommunications System), enhanced data rate GSM evolution technology (EDGE, Enhanced Data Rate for GSM Evolution), a seamless connection between General Packet Radio Service (GPRS) and Wireless Local Area Networks (WLAN) in IEEE 802.11.
  • UMTS Universal Mobile Telecommunications System
  • EDGE enhanced Data rate GSM Evolution
  • GPRS General Packet Radio Service
  • WLAN Wireless Local Area Networks
  • WLANs provide high data rates in a small range of homes and hotspots, while cellular networks offer greater flexibility and ubiquitous coverage, but at lower data rates; if combined with the advantages of both, users will Benefited from.
  • multimode terminals use WLAN for data access and Voice over Internet Protocol (VoIP) applications, while also using overlapping cellular networks for voice calls or media access.
  • VoIP Voice over Internet Protocol
  • the Broadband Forum (BBF, Broadband Forum) defines a fixed network architecture;
  • BBF Broadband Forum
  • UE User Equipment
  • 1 is a schematic flowchart of a method for authentication and address allocation in the prior art.
  • the UE sends an authentication packet to a broadband network gateway control device (BNG, Broadband Network Gatewny), and finally to authentication, authorization, and accounting.
  • BNG broadband network gateway control device
  • AAA Authentication Authorization Accounting
  • DHCP dynamic host configuration protocol
  • the UE initiates a DHCP Discovery (DHCP Discovery) request message to the BNG, and the request message carries a selection field of code 60 (Option 60); the intermediate network device marks the selection field coded as 82 (Option 82) according to the relevant specification; then BNG Receive the request packet from the UE, mark Option 82, and forward the DHCP relay request packet to the DHCP server.
  • the DHCP server extracts the relevant information in the request packet, constructs the user name (User name) and the NAS port identifier (Nas-Port-ID) required for authentication, and sends it to the remote user dial-up authentication system. (RADIUS, Remote Authentication Dial In User Service) for authentication.
  • RADIUS authenticates the UE. If the authentication fails, the ACK message is returned to the DHCP server. The DHCP server replies with a DHCP command to the BNG. If the authentication succeeds, the authentication information is sent back to the DHCP server. And carrying the relevant attributes of the UE; the DHCP server allocates a corresponding IP address to the UE according to different service information of the UE, and then the user can use the service normally; wherein, for different devices, the BNG may be a broadband remote access server (BRAS, Broadband) Remote Access Server) or Service Router (SR).
  • BRAS broadband remote access server
  • SR Service Router
  • FIG. 2 is a schematic flowchart of the authentication of the residential gateway (RG, Residence Gateway) in the prior art.
  • the UE sends the authentication packet to the RG, and the RG encapsulates the authentication packet.
  • the AAA sent to the AAA; if the authentication is passed, the AAA will save the media access control address (MAC, Medium/Media Access Control) of the UE, and in the address allocation phase, the AAA assigns an IP address to the UE according to the MAC address.
  • MAC Media access control
  • the UE sends the authentication packet to the RG.
  • the authentication message is sent to the AAA to complete the UE authentication (ie, the authentication passes through the mode in FIG. 2 without going through the BNG); however, in the address allocation phase, the DHCP server allocates the IP address to the user.
  • the BNG does not know whether the UE is authenticated, the DHCP server cannot be triggered to allocate an IP address to the UE.
  • the main purpose of the present invention is to provide an authentication notification method and system, and the BNG can know in time whether the UE requesting access has passed the authentication.
  • the present invention provides an authentication notification method, including:
  • BBF Broadband Forum
  • AAA BBF Authentication, Authorization, and Accounting Unit
  • the method further includes:
  • the BNG When the UE requests an IP address, and the BNG determines that the UE passes the authentication, the BNG triggers a Dynamic Host Setup Protocol (DHCP) server to assign an IP address to the UE.
  • DHCP Dynamic Host Setup Protocol
  • the requesting IP address of the UE is: the UE requests an IPv6 address by using a Router Solicitation message, or the UE requests an IPv6 address through a DHCP Solicit (DHCP Solicit) request, or the UE discovers through DHCP (DHCP Discover 4) Request an IPv4 address.
  • DHCP Solicit DHCP Solicit
  • DHCP Discover 4 DHCP Discover 4
  • the present invention provides an authentication notification method, including:
  • the BNG checks whether the UE passes the authentication. When the BNG determines that there is no authentication information of the UE, the BNG obtains the authentication information of the UE from the AAA.
  • the method further includes:
  • the BNG After determining that the UE passes the authentication according to the authentication information, the BNG triggers the DHCP server to allocate an IP address for the UE.
  • the UE requests an IP address as:
  • the UE requests the IPv6 address through the Router Solicitation 4, or the UE requests the IPv6 address through the DHCP Solicit, or the UE requests the IPv4 address through the DHCP Discover 4 message.
  • the present invention provides an authentication notification method, including:
  • the residential gateway checks whether the UE passes the authentication. When it is determined that the UE passes the authentication, the RG notifies the BNG that the UE passes the authentication.
  • the method further includes:
  • the BNG triggers the DHCP server to assign an IP address to the UE.
  • the UE requests the IP address as follows: the UE requests the IPv4 address through the DHCP Discover message; the RG notifies the BNG that the UE is authenticated as: The RG sends the DHCP Discover message to the BNG.
  • the invention provides an authentication notification system, including: BBF AAA and BNG; wherein, the BBF AAA is used to send the MAC address of the UE to the BNG when the UE accesses the BBF access network and passes the authentication;
  • BNG used to receive the MAC address of the UE.
  • the BNG is further configured to: when the UE requests an IP address, and determine that the UE passes the authentication, trigger the DHCP server to allocate an IP address to the UE.
  • the present invention provides an authentication notification system, including: BNG and AAA;
  • the BNG is configured to: when the UE accesses the BBF to access the network, and requests the IP address, check whether the UE passes the authentication, and when it is determined that there is no authentication information of the UE, obtain the authentication information of the UE from the AAA;
  • the BNG is further configured to: when determining that the UE passes the authentication according to the authentication information, trigger the DHCP server to allocate an IP address for the UE.
  • the present invention provides an authentication notification system, including: RG and BNG;
  • RG configured to: when the UE accesses the BBF to access the network, and requests the IP address, check whether the UE passes the authentication, and when it is determined that the UE passes the authentication, notify the BNG that the UE passes the authentication;
  • the BNG is configured to receive a notification that the UE passes the authentication.
  • the BNG is further configured to trigger a DHCP server to allocate an IP address to the UE.
  • the BBF AAA when the UE accesses the BBF access network and passes the authentication, the BBF AAA sends the MAC address of the UE to the BNG; or when the UE accesses the BBF access network and requests the IP address, the BNG check Whether the UE passes the authentication, and when the BNG determines that there is no authentication information of the UE, the UE obtains the authentication information of the UE from the AAA; or when the UE accesses the BBF access network and requests the IP address, the RG checks whether the UE passes the authentication.
  • the RG When it is determined that the UE is authenticated, the RG notifies the BNG that the UE passes the authentication, so the BNG may receive the UE's MAC address from the AAA, or query the UE's authentication information, or receive the UE's notification of the UE's authentication through the RG. If the UE is authenticated, the DHCP server can be triggered to allocate an IP address to the UE in time.
  • the authentication packet is sent to the AAA to complete the UE through the RG encapsulation process, that is, the authentication process does not pass through the BNG, and the technical solution proposed in the present invention can still be implemented.
  • the DHCP server allocates an IP address to the UE to further compensate for the deficiencies in the prior art.
  • FIG. 1 is a schematic flow chart of a method for authentication and address allocation in the prior art
  • FIG. 2 is a schematic flow chart of authentication in the prior art via RG
  • FIG. 3 is a schematic flowchart of Embodiment 1 of an authentication notification method according to the present invention
  • 4 is a schematic flowchart of Embodiment 2 of the method for implementing the authentication notification according to the present invention
  • FIG. 5 is a schematic flowchart of Embodiment 3 of the method for implementing the authentication notification according to the present invention
  • Embodiment 4 is a schematic flowchart of Embodiment 4 of implementing an authentication notification method according to the present invention
  • Embodiment 7 is a schematic flowchart of Embodiment 5 of implementing an authentication notification method according to the present invention.
  • Embodiment 8 is a schematic flowchart of Embodiment 6 of the method for implementing authentication in the present invention.
  • Embodiment 9 is a schematic flowchart of Embodiment 7 of the method for implementing authentication in the present invention.
  • FIG. 10 is a schematic flowchart of Embodiment 8 of an authentication notification method according to the present invention.
  • Embodiment 11 is a schematic structural diagram of Embodiment 1 of implementing an authentication notification system according to the present invention.
  • Embodiment 12 is a schematic structural diagram of Embodiment 2 of implementing an authentication notification system according to the present invention.
  • FIG. 13 is a schematic structural diagram of Embodiment 3 of implementing an authentication notification system according to the present invention. detailed description
  • the basic idea of the present invention is: when the UE accesses the BBF access network and passes the authentication, the BBF AAA sends the MAC address of the UE to the BNG; or when the UE accesses the BBF access network and requests the IP address, the BNG checks the UE. Whether the authentication is performed, when the BNG determines that there is no authentication information of the UE, and obtains the authentication information of the UE from the AAA; or when the UE accesses the BBF access network and requests the IP address, the RG checks whether the UE passes the authentication, when determining When the UE passes the authentication, the RG notifies the BNG that the UE passes the authentication.
  • FIG. 3 is a schematic flowchart of the first embodiment of the method for implementing the authentication notification according to the present invention.
  • Step 301 The RG interacts with the BBF AAA to complete the authentication.
  • Step 302 The non-BBF UE sends an authentication protocol start (EAPoL-Start) message to the RG, and performs authentication through the 802.1X protocol.
  • EAPoL-Start authentication protocol start
  • Step 304 After receiving the EAP Identity Request message sent by the RG, the UE sends an EAP Identity Response message to the RG, where the message carries the user name.
  • Step 305 The RG encapsulates the received EAP Identity Response message into a RADIUS Access Request message, and sends the RADIUS Access Request message to the BBF AAA.
  • Step 306 The BBF AAA forwards the RADIUS Access Request message received from the RG to the home AAA according to the Network Address Identifier (NAI).
  • NAI Network Address Identifier
  • Step 307 After receiving the RADIUS Access Request message sent by the BBF AAA, the Home AAA replies to the RADIUS Access Response message to the BBF AAA, where the message carries the EAP Identity Response message.
  • Step 308 The BBF AAA forwards the received RADIUS Access Response packet to the RG.
  • Step 309 The RG unblocks the EAP frame from the received RADIUS Access Response message, and sends the EAP frame to the UE.
  • Step 310 After receiving the EAP frame sent by the RG, the UE sends a packet to the RG, and the packet carries a Challenged Password.
  • Step 311 After receiving the packet replied by the UE, the RG encapsulates the EAP frame obtained by the decapsulation into a RADIUS Access Request message and sends the EAP frame to the BBF AAA, where the received Challenged Password is carried.
  • Step 312 The BBF AAA forwards the received RADIUS Access Request message to the Home AAA.
  • Step 313 If the UE requesting access to the BBF access network passes the authentication, the Home AAA The RADIUS Access Accept message is sent to the BBF AAA. If the UE requesting access to the BBF access network does not pass the authentication, the RADIUS Access Accept message is not returned to the BBF AAA, and the process ends.
  • Step 314 The BBF AAA forwards the RADIUS Access Accept message to the RG.
  • Step 315 the BBF AAA sends the MAC address of the authenticated UE to the BNG, where
  • the BBF AAA sends the MAC address of the authenticated UE to the BNG to inform the BNG that the UE has passed the authentication, so that when the BNG receives the IP address request from the UE, the DHCP server can be triggered to perform IP address allocation.
  • Step 316 The RG decapsulates the EAP frame and sends an EAP Success message to the UE.
  • Embodiment 4 is a schematic flowchart of Embodiment 2 of the method for implementing the authentication notification according to the present invention.
  • the BNG determines that the UE passes the authentication
  • the BNG triggers.
  • Step 401 The UE sends a Router Solicitation message to the BNG, where the MAC address of the UE is carried.
  • Step 402 After receiving the Router Solicitation message, the BNG checks whether the MAC address of the UE is authenticated. If the authentication succeeds, the DHCP Request message is sent to the DHCP server to trigger the DHCP server to allocate an IP address to the UE. If the authentication is not passed, the BNG sends a reject message to the UE, and the process ends.
  • Step 403 after being triggered, DHCP server returns a DHCP response (DHCP the Reply) message to the BNG, packet carries the IPv6 address prefix ⁇ Frame-IPv 6 -Prefix ⁇ .
  • Step 404 After receiving the DHCP Reply message replied by the DHCP server, the BNG sends a Router Advertisement message to the UE, where the IPv6 address prefix ⁇ Frame-IPv6-Prefix ⁇ is carried.
  • Step 405 The BNG sends a RADIUS Accounting Start message to the AAA. After receiving the RADIUS Accounting Start message, the AAA starts charging.
  • the accounting can be used, for example, to count the user online time.
  • FIG. 5 is a schematic flowchart of Embodiment 3 of the method for implementing the authentication notification according to the present invention.
  • the BNG determines that the UE passes the authentication
  • the BNG triggers.
  • Step 501 The UE sends a DHCP Solicit message to the BNG, where the UE carries the MAC address of the UE.
  • Step 502 After receiving the DHCP Solicit message, the BNG checks whether the MAC address of the UE is authenticated. If the authentication is performed, the DHCP Solicit message is sent to the DHCP server. If the authentication fails, the BNG sends a reject message to the UE. Process.
  • Step 503 After receiving the DHCP Solicit message sent by the BNG, the DHCP server returns a DHCP Advertise message to the BNG.
  • Step 504 After receiving the DHCP Advertise message replied by the DHCP server, the BNG forwards the packet to the UE.
  • Step 505 After receiving the DHCP Advertise message sent by the BNG, the UE sends a DHCP Request message to the BNG.
  • Step 506 The BNG sends the DHCP Request message received from the UE to the DHCP server.
  • Step 507 After receiving the DHCP Request message sent by the BNG, the DHCP server sends a DHCP Reply message to the BNG, where the message carries an IPv6 address ⁇ Frame-IPv6-Address ⁇ .
  • the server receives the DHCP reply DHCP Reply messages, the BNG forwards the DHCP Reply message to the UE, the packet is still carries the IPv6 address ⁇ Frame-IPv 6 - Address ⁇ .
  • Step 509 the BNG sends a RADIUS Accounting Start message to the AAA, and receives the packet. After the RADIUS Accounting Start packet, AAA starts accounting.
  • FIG. 6 is a schematic flowchart of Embodiment 4 of the method for implementing an authentication notification according to the present invention.
  • DHCP Discover DHCP Discovery
  • the BNG determines that the UE passes the authentication
  • the BNG is determined.
  • a specific implementation method for triggering a DHCP server to allocate an IPv4 address to the UE is as follows: As shown in FIG. 6, the method includes the following steps:
  • Step 601 The UE sends a broadcast DHCP Discover message on the physical subnet for searching for an available DHCP server.
  • Step 602 The DHCP Discover message is a broadcast message, so the RG can receive the message from the UE, and the RG forwards the received DHCP Discover message to the BNG.
  • Step 603 The BNG checks whether the MAC address of the UE is authenticated. If the authentication is successful, the BNG sends the received DHCP Discover message to the DHCP server. If the authentication fails, the BNG sends the rejected message to the UE through the RG. End the process.
  • Step 604 After receiving the DHCP Discover message, the DHCP server is equivalent to receiving an IP lease request from the BNG for the DHCP server, so the DHCP server provides an IP lease and reserves an IP address for the UE, and then replies to the BNG.
  • DHCP Request message which carries the IPv4 address ⁇ IPv4 Address ⁇ .
  • Step 605 After receiving the DHCP Offer message replied by the DHCP server, the BNG forwards the packet to the RG, which still carries the IPv4 address ⁇ IPv4 Address ⁇ .
  • the IP address returned by the BNG to the UE is an IPv6 address or the IPv4 address is determined according to the protocol type.
  • Step 606 After receiving the DHCP Offer message sent by the BNG, the RG sends a DHCP Offer message to the UE, where the IPv4 address ⁇ IPv4 Address ⁇ is carried.
  • Step 607 The UE sends a DHCP Request message to the RG and all other DHCP servers, where the IP of the DPCH server that provides the IP lease is used to notify all other DHCP servers that they have accepted an IP lease.
  • Step 609 After receiving the DHCP Request message, the BNG sends a DHCP Request message to the DHCP server.
  • Step 610 After receiving the DHCP Request message sent by the BNG, the DHCP server returns a DHCP Ack (DHCP Ack) message to the BNG.
  • DHCP Ack DHCP Ack
  • Step 611 After receiving the DHCP Ack reply from the DHCP server, the BNG replies to the DHCP Ack message to the RG.
  • Step 612 after receiving the DHCP Ack packet, the RG replies to the DHCP Ack packet to the UE.
  • Step 613 The BNG sends a RADIUS Accounting Start packet to the AAA. After receiving the RADIUS Accounting Start packet, the AAA starts charging.
  • a non-BBF UE accesses a BBF access network, and requests an IPv6 address through a Router Solicitation message, and the BNG checks whether the UE passes the authentication.
  • the UE obtains the authentication information of the UE, and obtains the authentication information of the UE from the AAA.
  • the BNG triggers the DHCP server to allocate an IPv6 address to the UE.
  • the method includes the following steps. :
  • Step 701 The UE sends a Router Solicitation message request to the BNG, where the MAC address of the UE is carried.
  • Step 702 After receiving the request for the Router Solicitation message sent by the UE, the BNG checks whether the MAC address of the UE is authenticated. The UE does not pass the authentication in advance, or the UE passes the authentication, but the AAA does not send the MAC address of the UE to the UE. BNG. Therefore, when the BNG checks whether the MAC address of the UE is authenticated, the BNG finds that there is no authentication information of the UE, that is, the BNG does not know whether the UE is authenticated, and the BNG sends an inquiry authentication information packet to the AAA, where the MAC address of the UE is carried. .
  • Step 703 after receiving the query authentication information packet sent by the BNG, the AAA according to the The MAC address is used to query the local authentication information of the UE corresponding to the MAC address, and the authentication information is sent to the BNG.
  • the authentication information is that the UE passes the authentication and the UE does not pass the authentication.
  • Step 704 When the authentication information received by the BNG is that the UE passes the authentication, the BNG sends a DHCP Request message to the DPCH server. If the authentication fails, the BNG replies to the UE and rejects the response.
  • Step 705 After receiving the DHCP Request message sent by the BNG, the DHCP server returns a DHCP Reply message, which carries the IPv6 address prefix ⁇ Frame-IPv6-Prefix ⁇ .
  • Step 706 After receiving the DHCP Reply message replied by the DHCP server, the BNG sends a Router Advertisement message to the UE, where the IPv6 address prefix ⁇ Frame-IPv6-Prefix ⁇ is carried.
  • Step 707 The BNG sends a RADIUS Accounting Start packet to the AAA. After receiving the RADIUS Accounting Start packet, the AAA starts charging.
  • FIG. 8 is a schematic flowchart of Embodiment 6 of the method for implementing the authentication notification according to the present invention.
  • the non-BBF UE accesses the BBF access network, requests the IPv6 address through the DHCP Solicit message, and the BNG checks whether the UE passes the authentication.
  • the UE obtains the authentication information of the UE, and obtains the authentication information of the UE from the AAA.
  • the BNG triggers the DHCP server to allocate an IPv6 address to the UE.
  • the method includes the following steps. :
  • Step 801 The UE sends a DHCP Solicit message to the BNG, where the MAC address of the UE is carried.
  • Step 802 After receiving the Router Solicitation message sent by the UE, the BNG checks whether the MAC address of the UE is authenticated. The UE does not pass the authentication in advance, or the UE passes the authentication, but the AAA does not send the MAC address of the UE to the BNG. Therefore, when the BNG checks whether the MAC address of the UE is authenticated, the BNG finds that there is no authentication information of the UE, that is, the BNG does not know whether the UE is authenticated, and the BNG sends an inquiry authentication information packet to the AAA, where the BNG carries The MAC address of the UE.
  • Step 803 After receiving the query authentication information packet sent by the BNG, the AAA queries the locally stored authentication information of the UE corresponding to the MAC address according to the MAC address, and sends the authentication information to the BNG.
  • the authentication information is the UE. Passed authentication and the UE did not pass the certification.
  • Step 804 When the authentication information received by the BNG is that the UE passes the authentication, the BNG sends a DHCP Solicit message to the DPCH server. If the authentication fails, the BNG replies to the UE rejecting the response message.
  • Step 805 After receiving the DHCP Solicit message sent by the BNG, the DHCP server returns a DHCP Advertise message to the BNG.
  • Step 806 After receiving the DHCP Advertise message replied by the DHCP server, the BNG forwards the DHCP Advertise message to the UE.
  • Step 807 After receiving the DHCP Advertise message sent by the BNG, the UE sends a DHCP Request message to the BNG.
  • Step 808 After receiving the DHCP Request message sent by the UE, the BNG sends the DHCP Request message to the DHCP server.
  • Step 809 After receiving the DHCP Request message sent by the BNG, the DHCP server sends a DHCP Reply message to the BNG, which carries the IPv6 address ⁇ Frame-IPv6-Address ⁇ .
  • Step 810 After receiving the DHCP Reply message replied by the DHCP server, the BNG sends a DHCP Reply message to the UE, which still carries the IPv6 address ⁇ Frame-IPv6-Address ⁇ .
  • Step 811 The BNG sends a RADIUS Accounting Start packet to the AAA. After receiving the RADIUS Accounting Start packet, the AAA starts charging.
  • FIG. 9 is a schematic flowchart of Embodiment 7 of the method for implementing the authentication notification according to the present invention.
  • the non-BBF UE accesses the BBF access network, requests the IPv4 address through the DHCP Discover message, and the BNG checks whether the UE passes the authentication.
  • the authentication information of the UE is obtained, the authentication information of the UE is obtained from the AAA, and after determining that the UE passes the authentication according to the authentication information, the BNG is triggered.
  • Step 901 The UE sends a broadcast DHCP Discover message on the physical subnet for searching for an available DHCP server.
  • Step 902 The DHCP Discover message is a broadcast message, so the RG can receive the message from the UE, and the RG forwards the DHCP Discover message received by the UE to the BNG.
  • Step 903 After receiving the DHCP Discover message sent by the UE, the BNG checks whether the MAC address of the UE is authenticated. The UE does not pass the authentication in advance, or the UE passes the authentication, but the AAA does not send the MAC address of the UE to the BNG. Therefore, when the BNG checks whether the MAC address of the UE is authenticated, the BNG finds that there is no authentication information of the UE, that is, the BNG does not know whether the UE passes the authentication, and the BNG sends a query authentication information packet to the AAA, where the MAC address of the UE is carried.
  • Step 904 After receiving the query authentication information packet sent by the BNG, the AAA queries the locally stored authentication information of the UE corresponding to the MAC address according to the MAC address, and sends the authentication information to the BNG.
  • the authentication information is the UE. Passed authentication and the UE did not pass the certification.
  • Step 905 When the authentication information received by the BNG is that the UE passes the authentication, the BNG sends the DHCP Discover message to the DHCP server. If the authentication fails, the BNG replies to the UE rejecting the response message.
  • Step 906 After receiving the DHCP Discover message, the DHCP server is equivalent to receiving the IP lease request from the BNG for the DHCP server, so the DHCP server provides an IP lease and reserves an IP address for the UE, and then replies to the BNG.
  • DHCP Offer packet carrying the IPv4 address ⁇ IPv4 Address ⁇ .
  • Step 907 After receiving the DHCP Offer message replied by the DHCP server, the BNG forwards the packet to the RG, which still carries the IPv4 address ⁇ IPv4 Address ⁇ .
  • Step 908 after receiving the DHCP Offer message sent by the BNG, the RG replies to the DHCP with the UE. Offer message, which carries the IPv4 address ⁇ IPv4 Address ⁇ .
  • Step 909 The UE sends a DHCP Request message to the RG and all other DHCP servers, where the IP of the DPCH server providing the IP lease is used to notify all other DHCP servers that they have accepted an IP lease.
  • Step 910 The RG forwards the DHCP Request message received by the UE to the BNG.
  • Step 911 After receiving the DHCP Request message, the BNG sends a DHCP Request message to the DHCP server.
  • Step 912 After receiving the DHCP Request message sent by the BNG, the DHCP server returns a DHCP Ack message to the BNG.
  • Step 913 After receiving the DHCP Ack reply from the DHCP server, the BNG replies to the DHCP Ack message to the RG.
  • Step 914 After receiving the DHCP Ack packet, the RG replies to the DHCP Ack packet to the UE.
  • a non-BBF UE accesses a BBF access network, requests an IP address, and the RG checks whether the UE passes the authentication. When it is determined that the UE does not pass the authentication, the refusal is performed. When the UE is authenticated, the RG notifies the BNG that the UE is authenticated, and the BNG triggers the DHCP server to allocate an IP address to the UE. As shown in FIG. 10, the method includes the following steps:
  • Step 1001 The UE sends a broadcast DHCP Discover message on the physical subnet for searching for an available DHCP server.
  • Step 1002 The RG can receive the packet from the UE. After receiving the DHCP Discover message, the RG checks whether the MAC address of the UE passes the authentication. If the authentication fails, the RG does not pass the authentication. The process of rejecting the UE is terminated, and the process ends; if the authentication is passed, the RG sends the DHCP Discover message to the BNG.
  • Step 1003 After receiving the DHCP Discover message sent by the RG, the BNG determines that the UE is authenticated, and can allocate an IP address to the UE. Therefore, the BNG directly forwards the DHCP Discover message to the DHCP server, and triggers the DHCP server to allocate an IP address to the UE. .
  • Step 1004 After receiving the DHCP Discover message, the DHCP server is equivalent to receiving the IP lease request from the BNG for the DHCP server, so the DHCP server provides an IP lease and reserves an IP address for the UE, and then replies to the BNG.
  • DHCP Offer packet carrying the IPv4 address ⁇ IPv4 Address ⁇ .
  • Step 1005 After receiving the DHCP Offer message replied by the DHCP server, the BNG forwards the packet to the RG, which still carries the IPv4 address ⁇ IPv4 Address ⁇ .
  • Step 1006 After receiving the DHCP Offer message sent by the BNG, the RG replies to the UE with DHCP.
  • Offer message which carries the IPv4 address ⁇ IPv4 Address ⁇ .
  • Step 1007 The UE sends a DHCP Request message to the RG and all other DHCP servers, where the IP of the DPCH server providing the IP lease is used to notify all other DHCP servers that they have accepted an IP lease.
  • Step 1008 The RG forwards the DHCP Request message received by the UE to the BNG.
  • Step 1009 After receiving the DHCP Request message, the BNG sends a DHCP Request message to the DHCP server.
  • Step 1010 After receiving the DHCP Request message sent by the BNG, the DHCP server returns a DHCP Ack message to the BNG.
  • Step 1011 After receiving the DHCP Ack replied by the DHCP server, the BNG reply
  • the DHCP Ack packet is sent to the RG.
  • Step 1012 After receiving the DHCP Ack packet, the RG replies to the DHCP Ack packet to the UE.
  • FIG. 11 is a schematic structural diagram of Embodiment 1 of the present invention for implementing an authentication notification system. As shown in FIG. 11, the system includes: BBF AAA111 and BNG112; among them,
  • BBF AAA111 configured to send the MAC address of the UE to the BNG 112 when the UE accesses the BBF access network and passes the authentication
  • the BNG 112 is configured to receive a MAC address of the UE.
  • the BNG 112 is further configured to: when the UE requests an IP address, and determine that the UE passes the authentication, trigger the DHCP server to allocate an IP address to the UE.
  • FIG. 12 is a schematic structural diagram of Embodiment 2 of the present invention for implementing an authentication notification system. As shown in FIG. 12, the system includes: BNG121 and AAA122; among them,
  • the BNG121 is configured to: when the UE accesses the BBF to access the network, and requests the IP address, check whether the UE passes the authentication, and when it is determined that there is no authentication information of the UE, obtain the authentication information of the UE from the AAA 122;
  • the AAA 122 is configured to provide the UE with the authentication information of the BNG.
  • the BNG 121 is further configured to: after determining that the UE passes the authentication according to the authentication information, trigger the DHCP server to allocate an IP address to the UE.
  • FIG. 13 is a schematic structural diagram of Embodiment 3 of the present invention for implementing an authentication notification system.
  • the system includes: RG131 and BNG132; among them,
  • RG131 configured to: when the UE accesses the BBF to access the network, and requests the IP address, check whether the UE passes the authentication, and when it is determined that the UE passes the authentication, notify the BNG 132 that the UE passes the authentication;
  • the BNG 132 is configured to receive a notification that the UE passes the authentication.
  • the BNG 132 is further configured to: trigger a DHCP server to allocate an IP address to the UE.

Abstract

Disclosed are an authentication notification method and system. The method includes: when user equipment (UE) accesses a broadband forum (BBF) access network and passes authentication, an authentication, authorization and accounting unit (AAA) of the BBF sending the media access control (MAC) address of the UE to a broadband network gateway (BNG) control device; or when the UE accesses the BBF access network and requests an IP address, the BNG checking whether or not the UE has passed authentication, and when determining that there is no authentication information about the UE, the BNG obtaining the authentication information about the UE from the AAA; or when the UE accesses the BBF access network and requests an IP address, a residential gateway (RG) checking whether or not the UE has passed authentication, and when determining that the UE has passed authentication, the RG notifying the BNG that the UE has passed authentication. According to the present solution, the BNG can learn whether or not the UE requesting access has passed authentication in time.

Description

一种认证通知方法及系统 技术领域  Authentication notification method and system
本发明涉及移动通信领域, 尤其涉及一种认证通知方法及系统。 背景技术  The present invention relates to the field of mobile communications, and in particular, to an authentication notification method and system. Background technique
随着网络技术的发展和用户对业务的需求, 终端逐渐多模化, 可以选 择在不同类型的接入网络接入, 以承载多样性的业务。 不同的网络连接具 有不同的特性和传输能力, 以便能够更好地满足用户对业务多样的需求。 目前, 多模终端可以实现不同类型的无线访问网络之间的无缝连接, 如蜂 窝的通用移动通信系统 ( UMTS , Universal Mobile Telecommunications System ), 增强型数据速率 GSM演进技术( EDGE, Enhanced Data Rate for GSM Evolution ), 通用分组无线服务技术(GPRS , General Packet Radio Service )与 IEEE 802.11中的无线局域网络(WLAN, Wireless Local Area Networks )之间的无缝连接。 WLAN可在小范围的家庭和热点区域提供很 高的数据速率, 而蜂窝网络可以提供更高的灵活性和无处不在的覆盖, 但 数据速率较低; 如果能够结合两者的优点, 用户将从中受益。 在 WLAN访 问点的覆盖范围内,多模终端利用 WLAN进行数据访问和网络电话(VoIP, Voice over Internet Protocol ) 的应用, 同时还能使用重叠的蜂窝网络, 进行 语音呼叫或媒体访问。  With the development of network technologies and the demand of users for services, terminals are gradually multi-modeled, and access to different types of access networks can be selected to carry diverse services. Different network connections have different characteristics and transmission capabilities to better meet the diverse needs of users. At present, multimode terminals can realize seamless connection between different types of wireless access networks, such as cellular universal mobile communication system (UMTS, Universal Mobile Telecommunications System), enhanced data rate GSM evolution technology (EDGE, Enhanced Data Rate for GSM Evolution), a seamless connection between General Packet Radio Service (GPRS) and Wireless Local Area Networks (WLAN) in IEEE 802.11. WLANs provide high data rates in a small range of homes and hotspots, while cellular networks offer greater flexibility and ubiquitous coverage, but at lower data rates; if combined with the advantages of both, users will Benefited from. Within the coverage of WLAN access points, multimode terminals use WLAN for data access and Voice over Internet Protocol (VoIP) applications, while also using overlapping cellular networks for voice calls or media access.
目前, 国际标准组织都在进行网络架构标准化的工作, 如第三代合作 伙伴计划 (3GPP, The 3rd Generation Partnership Project )定义移动网络架 构, 宽带论坛( BBF , Broadband Forum )定义固定网络架构; 其中 BBF定 义的固定网络架构中, 主要存在如下两种用户设备 ( UE, User Equipment ) 接入 BBF接入网络后, 认证与地址分配的方法: 图 1是现有技术中认证与地址分配的方法的流程示意图, 如图 1所示, UE将认证报文发送给宽带网络网关控制设备(BNG, Broadband Network Gatewny ),最后到认证、授权和计费单元( AAA, Authentication Authorization Accounting ) 完成认证, 并由动态主机设置协议 (DHCP , Dynamic Host Configuration Protocol )服务器为 UE分配 IP地址, 具体过程如下: At present, the International Standards Organization is working on the standardization of network architecture. For example, the 3rd Generation Partnership Project (3GPP) defines the mobile network architecture. The Broadband Forum (BBF, Broadband Forum) defines a fixed network architecture; In the defined fixed network architecture, there are mainly two methods for authentication and address allocation after the user equipment (UE, User Equipment) accesses the BBF access network: 1 is a schematic flowchart of a method for authentication and address allocation in the prior art. As shown in FIG. 1, the UE sends an authentication packet to a broadband network gateway control device (BNG, Broadband Network Gatewny), and finally to authentication, authorization, and accounting. The AAA (Authentication Authorization Accounting) completes the authentication, and the dynamic host configuration protocol (DHCP) server assigns an IP address to the UE. The specific process is as follows:
UE向 BNG发起 DHCP发现( DHCP Discovery )请求报文, 请求报文 中携带编码为 60的选择字段 ( Option60 ); 中间途经的网络设备根据相关规 范标记编码为 82的选择字段 ( Option82 ); 然后 BNG收到 UE的请求报文, 标记 Option82,并直接将 DHCP中继请求报文转发给 DHCP服务器。 DHCP 服务器收到 UE的请求报文后,提取请求报文中的相关信息,构造认证所需 的用户名 ( User name )和 NAS端口标识( Nas-Port-ID ), 送到远程用户拨 号认证系统 ( RADIUS, Remote Authentication Dial In User Service )进行认 证。 RADIUS对 UE进行认证, 如果认证不通过, 则返回拒绝报文给 DHCP 服务器, DHCP服务器回复 DHCP命令应答不正确 ( DHCP Nack )报文给 BNG; 如果认证通过, 则向 DHCP服务器发回认证通过信息, 其中携带 UE的一些相关属性; DHCP服务器根据 UE不同的业务信息为 UE分配相 应的 IP地址, 然后用户可以正常使用业务; 其中, 对于不同的设备 BNG 可以是宽带远程接入服务器( BRAS, Broadband Remote Access Server )或 业务路由器(SR, Service Router )。  The UE initiates a DHCP Discovery (DHCP Discovery) request message to the BNG, and the request message carries a selection field of code 60 (Option 60); the intermediate network device marks the selection field coded as 82 (Option 82) according to the relevant specification; then BNG Receive the request packet from the UE, mark Option 82, and forward the DHCP relay request packet to the DHCP server. After receiving the request packet from the UE, the DHCP server extracts the relevant information in the request packet, constructs the user name (User name) and the NAS port identifier (Nas-Port-ID) required for authentication, and sends it to the remote user dial-up authentication system. (RADIUS, Remote Authentication Dial In User Service) for authentication. RADIUS authenticates the UE. If the authentication fails, the ACK message is returned to the DHCP server. The DHCP server replies with a DHCP command to the BNG. If the authentication succeeds, the authentication information is sent back to the DHCP server. And carrying the relevant attributes of the UE; the DHCP server allocates a corresponding IP address to the UE according to different service information of the UE, and then the user can use the service normally; wherein, for different devices, the BNG may be a broadband remote access server (BRAS, Broadband) Remote Access Server) or Service Router (SR).
图 2是现有技术中经由住宅网关 ( RG, Residence Gateway ) 的认证的 流程示意图, 如图 2所示, 在认证过程中, UE将认证报文发送给 RG, RG 将认证报文封装处理后, 发送给 AAA; 如果认证通过, AAA将保存 UE的 介质访问控制地址 ( MAC, Medium/Media Access Control ), 并在地址分配 阶段, AAA根据 MAC地址给 UE分配 IP地址。  2 is a schematic flowchart of the authentication of the residential gateway (RG, Residence Gateway) in the prior art. As shown in FIG. 2, in the authentication process, the UE sends the authentication packet to the RG, and the RG encapsulates the authentication packet. , sent to the AAA; if the authentication is passed, the AAA will save the media access control address (MAC, Medium/Media Access Control) of the UE, and in the address allocation phase, the AAA assigns an IP address to the UE according to the MAC address.
现有技术存在如下缺陷: 在认证过程中, UE将认证报文发送给 RG, 经由 RG封装处理后将认证 4艮文发送到 AAA完成 UE的认证 (即认证通过 图 2中的方式, 不经过 BNG ); 但是, 在地址分配阶段, 是由 DHCP服务 器为用户进行 IP地址分配,这种情况下, 由于 BNG并不知道 UE是否通过 认证, 因此无法触发 DHCP服务器为 UE分配 IP地址。 发明内容 The prior art has the following defects: In the authentication process, the UE sends the authentication packet to the RG. After the RG encapsulation process, the authentication message is sent to the AAA to complete the UE authentication (ie, the authentication passes through the mode in FIG. 2 without going through the BNG); however, in the address allocation phase, the DHCP server allocates the IP address to the user. In this case, since the BNG does not know whether the UE is authenticated, the DHCP server cannot be triggered to allocate an IP address to the UE. Summary of the invention
有鉴于此,本发明的主要目的在于提供一种认证通知方法及系统, BNG 能够及时知道请求接入的 UE是否通过认证。  In view of this, the main purpose of the present invention is to provide an authentication notification method and system, and the BNG can know in time whether the UE requesting access has passed the authentication.
为达到上述目的, 本发明的技术方案是这样实现的:  In order to achieve the above object, the technical solution of the present invention is achieved as follows:
本发明提供一种认证通知方法, 包括:  The present invention provides an authentication notification method, including:
UE接入宽带论坛(BBF )接入网络且通过认证时, BBF认证、 授权和 计费单元(AAA )将 UE的 MAC地址发送给宽带网络网关控制设备(BNG )。  When the UE accesses the Broadband Forum (BBF) access network and passes authentication, the BBF Authentication, Authorization, and Accounting Unit (AAA) transmits the MAC address of the UE to the Broadband Network Gateway Control Device (BNG).
上述方法中, 该方法还包括:  In the above method, the method further includes:
当 UE请求 IP地址, 且 BNG确定所述 UE通过认证时, BNG触发动 态主机设置协议 ( DHCP )服务器为所述 UE分配 IP地址。  When the UE requests an IP address, and the BNG determines that the UE passes the authentication, the BNG triggers a Dynamic Host Setup Protocol (DHCP) server to assign an IP address to the UE.
上述方法中, 所述 UE 请求 IP 地址为: UE 通过路由请求 (Router Solicitation )报文请求 IPv6地址, 或 UE通过 DHCP请求( DHCP Solicit ) 才艮文请求 IPv6地址, 或 UE通过 DHCP发现( DHCP Discover ) 4艮文请求 IPv4地址。  In the above method, the requesting IP address of the UE is: the UE requests an IPv6 address by using a Router Solicitation message, or the UE requests an IPv6 address through a DHCP Solicit (DHCP Solicit) request, or the UE discovers through DHCP (DHCP Discover 4) Request an IPv4 address.
本发明提供一种认证通知方法, 包括:  The present invention provides an authentication notification method, including:
UE接入 BBF接入网络 , 并请求 IP地址时 , BNG检查所述 UE是否通 过认证, 当 BNG确定没有该 UE的认证信息时, 从 AAA获取 UE的认证 信息。  When the UE accesses the BBF to access the network and requests the IP address, the BNG checks whether the UE passes the authentication. When the BNG determines that there is no authentication information of the UE, the BNG obtains the authentication information of the UE from the AAA.
上述方法中, 该方法还包括:  In the above method, the method further includes:
当根据所述认证信息确定 UE通过认证后, BNG触发 DHCP服务器为 UE分配 IP地址。 上述方法中, 所述 UE请求 IP地址为: After determining that the UE passes the authentication according to the authentication information, the BNG triggers the DHCP server to allocate an IP address for the UE. In the above method, the UE requests an IP address as:
UE通过 Router Solicitation 4艮文请求 IPv6地址,或 UE通过 DHCP Solicit 才艮文请求 IPv6地址, 或 UE通过 DHCP Discover 4艮文请求 IPv4地址。  The UE requests the IPv6 address through the Router Solicitation 4, or the UE requests the IPv6 address through the DHCP Solicit, or the UE requests the IPv4 address through the DHCP Discover 4 message.
本发明提供一种认证通知方法, 包括:  The present invention provides an authentication notification method, including:
UE接入 BBF接入网络, 并请求 IP地址时 , 住宅网关( RG )检查所述 UE是否通过认证, 当确定所述 UE通过认证时 , RG通知 BNG所述 UE通 过认证。  When the UE accesses the BBF to access the network and requests the IP address, the residential gateway (RG) checks whether the UE passes the authentication. When it is determined that the UE passes the authentication, the RG notifies the BNG that the UE passes the authentication.
上述方法中, 该方法还包括:  In the above method, the method further includes:
BNG触发 DHCP服务器为 UE分配 IP地址。  The BNG triggers the DHCP server to assign an IP address to the UE.
上述方法中,  In the above method,
所述 UE请求 IP地址为: UE通过 DHCP Discover报文请求 IPv4地址; 所述 RG通知 BNG所述 UE通过认证为: RG将所述 DHCP Discover 报文发送给 BNG。  The UE requests the IP address as follows: the UE requests the IPv4 address through the DHCP Discover message; the RG notifies the BNG that the UE is authenticated as: The RG sends the DHCP Discover message to the BNG.
本发明他提供一种认证通知系统, 包括: BBF AAA和 BNG; 其中, BBF AAA,用于 UE接入 BBF接入网络且通过认证时,将 UE的 MAC 地址发送给 BNG;  The invention provides an authentication notification system, including: BBF AAA and BNG; wherein, the BBF AAA is used to send the MAC address of the UE to the BNG when the UE accesses the BBF access network and passes the authentication;
BNG, 用于接收 UE的 MAC地址。  BNG, used to receive the MAC address of the UE.
上述系统中,  In the above system,
所述 BNG还用于, 当 UE请求 IP地址, 且确定所述 UE通过认证时, 触发 DHCP服务器为所述 UE分配 IP地址。  The BNG is further configured to: when the UE requests an IP address, and determine that the UE passes the authentication, trigger the DHCP server to allocate an IP address to the UE.
本发明提供一种认证通知系统, 包括: BNG和 AAA; 其中,  The present invention provides an authentication notification system, including: BNG and AAA;
BNG, 用于 UE接入 BBF接入网络, 并请求 IP地址时, 检查所述 UE 是否通过认证, 并当确定没有该 UE的认证信息时, 从 AAA获取 UE的认 证信息;  The BNG is configured to: when the UE accesses the BBF to access the network, and requests the IP address, check whether the UE passes the authentication, and when it is determined that there is no authentication information of the UE, obtain the authentication information of the UE from the AAA;
AAA, 用于为 BNG提供 UE的认证信息。 上述系统中, 所述 BNG还用于, 当根据所述认证信息确定 UE通过认 证后, 触发 DHCP服务器为 UE分配 IP地址。 AAA, used to provide the UE with authentication information for the BNG. In the above system, the BNG is further configured to: when determining that the UE passes the authentication according to the authentication information, trigger the DHCP server to allocate an IP address for the UE.
本发明提供一种认证通知系统, 包括: RG和 BNG; 其中,  The present invention provides an authentication notification system, including: RG and BNG;
RG, 用于 UE接入 BBF接入网络, 并请求 IP地址时, 检查所述 UE 是否通过认证, 当确定所述 UE通过认证时 ,通知 BNG所述 UE通过认证; RG, configured to: when the UE accesses the BBF to access the network, and requests the IP address, check whether the UE passes the authentication, and when it is determined that the UE passes the authentication, notify the BNG that the UE passes the authentication;
BNG , 用于接收 UE通过认证的通知。 The BNG is configured to receive a notification that the UE passes the authentication.
上述系统中, 所述 BNG还用于, 触发 DHCP服务器为 UE分配 IP地 址。  In the above system, the BNG is further configured to trigger a DHCP server to allocate an IP address to the UE.
本发明提供的认证通知方法及系统, UE接入 BBF接入网络且通过认 证时 , BBF AAA将 UE的 MAC地址发送给 BNG; 或 UE接入 BBF接入网 络, 并请求 IP地址时, BNG检查所述 UE是否通过认证, 当 BNG确定没 有该 UE的认证信息时 , 从 AAA获取 UE的认证信息; 或 UE接入 BBF接 入网络, 并请求 IP地址时, RG检查所述 UE是否通过认证, 当确定所述 UE通过认证时, RG通知 BNG所述 UE通过认证, 因此 BNG可以通过从 AAA收到 UE的 MAC地址, 或查询 UE的认证信息, 或从 RG收到 UE通 过认证的通知的方法,及时获取请求接入的 UE是否通过认证的信息; 当确 定 UE通过认证时, 能够及时触发 DHCP服务器为 UE分配 IP地址。  The authentication notification method and system provided by the present invention, when the UE accesses the BBF access network and passes the authentication, the BBF AAA sends the MAC address of the UE to the BNG; or when the UE accesses the BBF access network and requests the IP address, the BNG check Whether the UE passes the authentication, and when the BNG determines that there is no authentication information of the UE, the UE obtains the authentication information of the UE from the AAA; or when the UE accesses the BBF access network and requests the IP address, the RG checks whether the UE passes the authentication. When it is determined that the UE is authenticated, the RG notifies the BNG that the UE passes the authentication, so the BNG may receive the UE's MAC address from the AAA, or query the UE's authentication information, or receive the UE's notification of the UE's authentication through the RG. If the UE is authenticated, the DHCP server can be triggered to allocate an IP address to the UE in time.
在 UE将认证报文发送给 RG, 经由 RG封装处理后将认证报文发送到 AAA完成 UE的场景中, 即认证过程不经过 BNG的场景中,利用本发明中 提出的技术方案, 仍然能够实现 DHCP服务器为 UE分配 IP地址, 进一步 弥补现有技术中的不足。 附图说明  After the UE sends the authentication packet to the RG, the authentication packet is sent to the AAA to complete the UE through the RG encapsulation process, that is, the authentication process does not pass through the BNG, and the technical solution proposed in the present invention can still be implemented. The DHCP server allocates an IP address to the UE to further compensate for the deficiencies in the prior art. DRAWINGS
图 1是现有技术中认证与地址分配的方法的流程示意图;  1 is a schematic flow chart of a method for authentication and address allocation in the prior art;
图 2是现有技术中经由 RG的认证的流程示意图;  2 is a schematic flow chart of authentication in the prior art via RG;
图 3是本发明实现认证通知方法的实施例一的流程示意图; 图 4是本发明实现认证通知方法的实施例二的流程示意图; 图 5是本发明实现认证通知方法的实施例三的流程示意图; 3 is a schematic flowchart of Embodiment 1 of an authentication notification method according to the present invention; 4 is a schematic flowchart of Embodiment 2 of the method for implementing the authentication notification according to the present invention; FIG. 5 is a schematic flowchart of Embodiment 3 of the method for implementing the authentication notification according to the present invention;
图 6是本发明实现认证通知方法的实施例四的流程示意图;  6 is a schematic flowchart of Embodiment 4 of implementing an authentication notification method according to the present invention;
图 7是本发明实现认证通知方法的实施例五的流程示意图;  7 is a schematic flowchart of Embodiment 5 of implementing an authentication notification method according to the present invention;
图 8是本发明实现认证通知方法的实施例六的流程示意图;  8 is a schematic flowchart of Embodiment 6 of the method for implementing authentication in the present invention;
图 9是本发明实现认证通知方法的实施例七的流程示意图;  9 is a schematic flowchart of Embodiment 7 of the method for implementing authentication in the present invention;
图 10是本发明实现认证通知方法的实施例八的流程示意图;  FIG. 10 is a schematic flowchart of Embodiment 8 of an authentication notification method according to the present invention; FIG.
图 11是本发明实现认证通知系统的实施例一的结构示意图;  11 is a schematic structural diagram of Embodiment 1 of implementing an authentication notification system according to the present invention;
图 12是本发明实现认证通知系统的实施例二的结构示意图;  12 is a schematic structural diagram of Embodiment 2 of implementing an authentication notification system according to the present invention;
图 13是本发明实现认证通知系统的实施例三的结构示意图。 具体实施方式  FIG. 13 is a schematic structural diagram of Embodiment 3 of implementing an authentication notification system according to the present invention. detailed description
本发明的基本思想是: UE接入 BBF接入网络且通过认证时 , BBF AAA 将 UE的 MAC地址发送给 BNG; 或 UE接入 BBF接入网络, 并请求 IP地 址时 , BNG检查所述 UE是否通过认证, 当 BNG确定没有该 UE的认证信 息时 , 从 AAA获取 UE的认证信息; 或 UE接入 BBF接入网络 , 并请求 IP 地址时, RG检查所述 UE是否通过认证, 当确定所述 UE通过认证时, RG 通知 BNG所述 UE通过认证。  The basic idea of the present invention is: when the UE accesses the BBF access network and passes the authentication, the BBF AAA sends the MAC address of the UE to the BNG; or when the UE accesses the BBF access network and requests the IP address, the BNG checks the UE. Whether the authentication is performed, when the BNG determines that there is no authentication information of the UE, and obtains the authentication information of the UE from the AAA; or when the UE accesses the BBF access network and requests the IP address, the RG checks whether the UE passes the authentication, when determining When the UE passes the authentication, the RG notifies the BNG that the UE passes the authentication.
下面通过附图及具体实施例对本发明再做进一步的详细说明。  The invention will be further described in detail below with reference to the drawings and specific embodiments.
本发明提供一种认证通知方法, 图 3是本发明实现认证通知方法的实 施例一的流程示意图 , 是非 BBF的 UE接入 BBF接入网络且通过认证时 , 该方法包括以下步驟:  The present invention provides a method for the authentication notification. FIG. 3 is a schematic flowchart of the first embodiment of the method for implementing the authentication notification according to the present invention. When a UE that is not a BBF accesses the BBF and accesses the network, the method includes the following steps:
步驟 301 , RG与 BBF AAA进行交互, 完成认证。  Step 301: The RG interacts with the BBF AAA to complete the authentication.
步驟 302, 非 BBF的 UE向 RG发送认证协议开始 ( EAPoL-Start )报 文, 通过 802 · 1 X协议进行认证。 步驟 303 , 收到 UE发送的 EAPoL Start报文后, RG向 UE发送认证协 议 ID请求( EAP Identity Request )报文, 用于通知 UE上报用户名。 Step 302: The non-BBF UE sends an authentication protocol start (EAPoL-Start) message to the RG, and performs authentication through the 802.1X protocol. Step 303: After receiving the EAPoL Start message sent by the UE, the RG sends an EAP Identity Request message to the UE, to notify the UE to report the username.
步驟 304, 收到 RG发送的 EAP Identity Request报文后, UE回复认证 协议 ID应答( EAP Identity Response )报文给 RG ,其中报文中携带用户名。  Step 304: After receiving the EAP Identity Request message sent by the RG, the UE sends an EAP Identity Response message to the RG, where the message carries the user name.
步驟 305 , RG将收到的 EAP Identity Response报文封装到认证接入请 求( RADIUS Access Request )报文中, 将 RADIUS Access Request报文发 送给 BBF AAA。  Step 305: The RG encapsulates the received EAP Identity Response message into a RADIUS Access Request message, and sends the RADIUS Access Request message to the BBF AAA.
步驟 306 , BBF AAA 根据网络地址标识 (NAI , Network Address Identifier )将从 RG收到的 RADIUS Access Request报文转发给归属 AAA ( Home AAA )。  Step 306: The BBF AAA forwards the RADIUS Access Request message received from the RG to the home AAA according to the Network Address Identifier (NAI).
步驟 307,收到 BBF AAA发送的 RADIUS Access Request报文后, Home AAA回复认证接入响应( RADIUS Access Response )才艮文给 BBF AAA, 其 中该报文中携带 EAP Identity Response报文。  Step 307: After receiving the RADIUS Access Request message sent by the BBF AAA, the Home AAA replies to the RADIUS Access Response message to the BBF AAA, where the message carries the EAP Identity Response message.
步驟 308, BBF AAA将收到的 RADIUS Access Response报文转发给 RG。  Step 308: The BBF AAA forwards the received RADIUS Access Response packet to the RG.
步驟 309, RG从收到的 RADIUS Access Response报文中,解封出 EAP 帧, 并将该 EAP帧发送给 UE。  Step 309: The RG unblocks the EAP frame from the received RADIUS Access Response message, and sends the EAP frame to the UE.
步驟 310, 收到 RG发送的 EAP帧后, UE回复报文给 RG, 报文中携 带挑战密码 ( Challenged Password )。  Step 310: After receiving the EAP frame sent by the RG, the UE sends a packet to the RG, and the packet carries a Challenged Password.
步驟 311 , 收到 UE回复的报文后, RG将解封装后得到的 EAP帧封装 到 RADIUS Access Request报文中发送给 BBF AAA, 其中携带收到的 Challenged Password。  Step 311: After receiving the packet replied by the UE, the RG encapsulates the EAP frame obtained by the decapsulation into a RADIUS Access Request message and sends the EAP frame to the BBF AAA, where the received Challenged Password is carried.
步驟 312, BBF AAA将收到的 RADIUS Access Request报文转发给 Home AAA。  Step 312: The BBF AAA forwards the received RADIUS Access Request message to the Home AAA.
步驟 313 ,如果请求接入 BBF接入网络的 UE通过认证,则 Home AAA 回复认证接入接受( RADIUS Access Accept )报文给 BBF AAA; 如果请求 接入 BBF接入网络的 UE没有通过认证, 则不回复 RADIUS Access Accept 报文给 BBF AAA, 结束流程。 Step 313: If the UE requesting access to the BBF access network passes the authentication, the Home AAA The RADIUS Access Accept message is sent to the BBF AAA. If the UE requesting access to the BBF access network does not pass the authentication, the RADIUS Access Accept message is not returned to the BBF AAA, and the process ends.
步驟 314, BBF AAA转发 RADIUS Access Accept报文给 RG。  Step 314: The BBF AAA forwards the RADIUS Access Accept message to the RG.
步驟 315, BBF AAA向 BNG发送通过认证的 UE的 MAC地址, 这里 Step 315, the BBF AAA sends the MAC address of the authenticated UE to the BNG, where
BBF AAA向 BNG发送通过认证的 UE的 MAC地址,用于告知 BNG该 UE 已经通过认证, 从而当 BNG收到 UE的 IP地址请求时可以触发 DHCP服 务器进行 IP地址分配。 The BBF AAA sends the MAC address of the authenticated UE to the BNG to inform the BNG that the UE has passed the authentication, so that when the BNG receives the IP address request from the UE, the DHCP server can be triggered to perform IP address allocation.
步驟 316, RG解封出 EAP帧, 发送认证协议成功 ( EAP Success )报 文给 UE。  Step 316: The RG decapsulates the EAP frame and sends an EAP Success message to the UE.
图 4是本发明实现认证通知方法的实施例二的流程示意图, 在实施例 一的基础上, 当 UE通过路由请求( Router Solicitation )报文请求 IPv6地址, 且 BNG确定 UE通过认证时 , BNG触发 DHCP服务器为 UE分配 IPv6地 址的具体实现方法, 如图 4所示, 该方法包括以下步驟:  4 is a schematic flowchart of Embodiment 2 of the method for implementing the authentication notification according to the present invention. On the basis of the first embodiment, when the UE requests an IPv6 address through a Router Solicitation message, and the BNG determines that the UE passes the authentication, the BNG triggers. A specific implementation method for the DHCP server to allocate an IPv6 address to the UE. As shown in FIG. 4, the method includes the following steps:
步驟 401 , UE发送路由请求(Router Solicitation )报文给 BNG, 其中 携带 UE的 MAC地址。  Step 401: The UE sends a Router Solicitation message to the BNG, where the MAC address of the UE is carried.
步驟 402, 收到 Router Solicitation报文后, BNG检查该 UE的 MAC地 址是否通过认证, 如果通过认证, 则发送 DHCP请求(DHCP Request )报 文给 DHCP服务器, 用于触发 DHCP服务器为 UE分配 IP地址; 如果没有 通过认证, 则 BNG发送拒绝报文给 UE, 结束流程。  Step 402: After receiving the Router Solicitation message, the BNG checks whether the MAC address of the UE is authenticated. If the authentication succeeds, the DHCP Request message is sent to the DHCP server to trigger the DHCP server to allocate an IP address to the UE. If the authentication is not passed, the BNG sends a reject message to the UE, and the process ends.
步驟 403 , 受到触发后, DHCP服务器回复 DHCP应答(DHCP Reply ) 报文给 BNG , 报文中携带 IPv6地址前缀 {Frame-IPv6-Prefix}。 Step 403, after being triggered, DHCP server returns a DHCP response (DHCP the Reply) message to the BNG, packet carries the IPv6 address prefix {Frame-IPv 6 -Prefix}.
步驟 404, 收到 DHCP服务器回复的 DHCP Reply报文后, BNG回复 路由宣告 (Router Advertisement )报文给 UE, 其中携带 IPv6 地址前缀 {Frame-IPv6-Prefix}。 步驟 405 , BNG发送认证计费开始( RADIUS Accounting Start )报文给 AAA, 收到 RADIUS Accounting Start报文后, AAA开始计费; 其中, 所述 计费可以例如统计用户上线时间等。 Step 404: After receiving the DHCP Reply message replied by the DHCP server, the BNG sends a Router Advertisement message to the UE, where the IPv6 address prefix {Frame-IPv6-Prefix} is carried. Step 405: The BNG sends a RADIUS Accounting Start message to the AAA. After receiving the RADIUS Accounting Start message, the AAA starts charging. The accounting can be used, for example, to count the user online time.
图 5是本发明实现认证通知方法的实施例三的流程示意图, 在实施例 一的基础上, 当 UE通过 DHCP请求( DHCP Solicit )报文请求 IPv6地址, 且 BNG确定 UE通过认证时 , BNG触发 DHCP服务器为 UE分配 IPv6地 址的具体实现方法, 如图 5所示, 该方法包括以下步驟:  FIG. 5 is a schematic flowchart of Embodiment 3 of the method for implementing the authentication notification according to the present invention. On the basis of the first embodiment, when the UE requests an IPv6 address through a DHCP Solicit message, and the BNG determines that the UE passes the authentication, the BNG triggers. A specific implementation method for the DHCP server to allocate an IPv6 address to the UE. As shown in FIG. 5, the method includes the following steps:
步驟 501 , UE向 BNG发送 DHCP Solicit报文, 其中携带 UE的 MAC 地址。  Step 501: The UE sends a DHCP Solicit message to the BNG, where the UE carries the MAC address of the UE.
步驟 502, 收到 DHCP Solicit报文后, BNG检查该 UE的 MAC地址是 否通过认证, 如果通过认证, 发送 DHCP Solicit报文给 DHCP服务器; 如 果没有通过认证, 则 BNG发送拒绝报文给 UE, 结束流程。  Step 502: After receiving the DHCP Solicit message, the BNG checks whether the MAC address of the UE is authenticated. If the authentication is performed, the DHCP Solicit message is sent to the DHCP server. If the authentication fails, the BNG sends a reject message to the UE. Process.
步驟 503 , 收到 BNG发送的 DHCP Solicit报文后, DHCP服务器回复 DHCP宣告( DHCP Advertise )报文给 BNG。  Step 503: After receiving the DHCP Solicit message sent by the BNG, the DHCP server returns a DHCP Advertise message to the BNG.
步驟 504, 收到 DHCP服务器回复的 DHCP Advertise报文后, BNG将 其转发给 UE。  Step 504: After receiving the DHCP Advertise message replied by the DHCP server, the BNG forwards the packet to the UE.
步驟 505, 收到 BNG发送的 DHCP Advertise报文后, UE向 BNG发送 DHCP Request报文。  Step 505: After receiving the DHCP Advertise message sent by the BNG, the UE sends a DHCP Request message to the BNG.
步驟 506, BNG将从 UE收到的 DHCP Request报文发送给 DHCP服务 器。  Step 506: The BNG sends the DHCP Request message received from the UE to the DHCP server.
步驟 507, 收到 BNG发送的 DHCP Request报文后, DHCP服务器向 BNG回复 DHCP Reply报文,该报文中携带 IPv6地址 {Frame-IPv6-Address}。  Step 507: After receiving the DHCP Request message sent by the BNG, the DHCP server sends a DHCP Reply message to the BNG, where the message carries an IPv6 address {Frame-IPv6-Address}.
步驟 508, 收到 DHCP服务器回复的 DHCP Reply报文后 , BNG向 UE 转发 DHCP Reply报文,该报文中仍然携带 IPv6地址 {Frame-IPv6- Address}。 After step 508, the server receives the DHCP reply DHCP Reply messages, the BNG forwards the DHCP Reply message to the UE, the packet is still carries the IPv6 address {Frame-IPv 6 - Address} .
步驟 509, BNG向 AAA发送 RADIUS Accounting Start报文, 收到 RADIUS Accounting Start报文后 , AAA开始计费。 Step 509, the BNG sends a RADIUS Accounting Start message to the AAA, and receives the packet. After the RADIUS Accounting Start packet, AAA starts accounting.
图 6是本发明实现认证通知方法的实施例四的流程示意图, 在实施例 一的基础上, 当 UE通过 DHCP发现( DHCP Discover )才艮文请求 IPv4地址 , 且 BNG确定 UE通过认证时 , BNG触发 DHCP服务器为 UE分配 IPv4地 址的具体实现方法, 如图 6所示, 该方法包括以下步驟:  FIG. 6 is a schematic flowchart of Embodiment 4 of the method for implementing an authentication notification according to the present invention. On the basis of Embodiment 1, when a UE requests an IPv4 address through DHCP Discovery (DHCP Discover), and the BNG determines that the UE passes the authentication, the BNG is determined. A specific implementation method for triggering a DHCP server to allocate an IPv4 address to the UE is as follows: As shown in FIG. 6, the method includes the following steps:
步驟 601 , UE在物理子网上发送广播的 DHCP Discover报文, 用于寻 找可用的 DHCP服务器。  Step 601: The UE sends a broadcast DHCP Discover message on the physical subnet for searching for an available DHCP server.
步驟 602 , 由于 DHCP Discover报文为广播报文, 因此 RG可以从 UE 收到该报文, RG将收到的 DHCP Discover 4艮文转发给 BNG。  Step 602: The DHCP Discover message is a broadcast message, so the RG can receive the message from the UE, and the RG forwards the received DHCP Discover message to the BNG.
步驟 603 , BNG检查该 UE的 MAC地址是否通过认证,如果通过认证, 则 BNG将收到的 DHCP Discover报文发送给 DHCP服务器;如果没有通过 认证, 则 BNG通过 RG发送拒绝 4艮文给 UE, 结束流程。  Step 603: The BNG checks whether the MAC address of the UE is authenticated. If the authentication is successful, the BNG sends the received DHCP Discover message to the DHCP server. If the authentication fails, the BNG sends the rejected message to the UE through the RG. End the process.
步驟 604, DHCP服务器收到 DHCP Discover报文后 ,对于 DHCP服务 器, 相当于收到来自 BNG的 IP租约请求, 因此 DHCP服务器会提供一个 IP租约,并为该 UE保留一个 IP地址,然后向 BNG回复 DHCP应答( DHCP Offer )报文, 该报文中携带 IPv4地址 {IPv4 Address}。  Step 604: After receiving the DHCP Discover message, the DHCP server is equivalent to receiving an IP lease request from the BNG for the DHCP server, so the DHCP server provides an IP lease and reserves an IP address for the UE, and then replies to the BNG. DHCP Request message, which carries the IPv4 address {IPv4 Address}.
步驟 605, 收到 DHCP服务器回复的 DHCP Offer报文后, BNG将其转 发给 RG , 其中仍然携带 IPv4地址 {IPv4 Address}。  Step 605: After receiving the DHCP Offer message replied by the DHCP server, the BNG forwards the packet to the RG, which still carries the IPv4 address {IPv4 Address}.
这里 , 当 UE请求 IP地址时 , BNG返回给 UE的 IP地址为 IPv6地址 或 IPv4地址是根据协议类型确定的。  Here, when the UE requests an IP address, the IP address returned by the BNG to the UE is an IPv6 address or the IPv4 address is determined according to the protocol type.
步驟 606,收到 BNG发送的 DHCP Offer报文后, RG向 UE回复 DHCP Offer报文 , 其中携带 IPv4地址 {IPv4 Address}。  Step 606: After receiving the DHCP Offer message sent by the BNG, the RG sends a DHCP Offer message to the UE, where the IPv4 address {IPv4 Address} is carried.
步驟 607, UE发送 DHCP Request报文给 RG和其他所有的 DHCP服 务器, 其中携带提供 IP租约的 DPCH服务器的 IP, 用于告知其他所有的 DHCP服务器自身已经接受一个 IP租约。 步驟 608 , RG将从 UE收到的 DHCP Request报文转发给 BNG。 Step 607: The UE sends a DHCP Request message to the RG and all other DHCP servers, where the IP of the DPCH server that provides the IP lease is used to notify all other DHCP servers that they have accepted an IP lease. Step 608: The RG forwards the DHCP Request message received by the UE to the BNG.
步驟 609 , 收到 DHCP Request报文后, BNG发送 DHCP Request报文 给 DHCP服务器。  Step 609: After receiving the DHCP Request message, the BNG sends a DHCP Request message to the DHCP server.
步驟 610, 收到 BNG发送的 DHCP Request报文后, DHCP服务器回 复 DHCP确认( DHCP Ack )报文给 BNG。  Step 610: After receiving the DHCP Request message sent by the BNG, the DHCP server returns a DHCP Ack (DHCP Ack) message to the BNG.
步驟 611 , 收到 DHCP服务器回复的 DHCP Ack才艮文后, BNG回复 DHCP Ack报文给 RG。  Step 611: After receiving the DHCP Ack reply from the DHCP server, the BNG replies to the DHCP Ack message to the RG.
步驟 612 , 收到 DHCP Ack报文后, RG回复 DHCP Ack报文给 UE。 步驟 613 , BNG向 AAA发送 RADIUS Accounting Start报文, 收到 RADIUS Accounting Start报文后, AAA开始计费。  Step 612, after receiving the DHCP Ack packet, the RG replies to the DHCP Ack packet to the UE. Step 613: The BNG sends a RADIUS Accounting Start packet to the AAA. After receiving the RADIUS Accounting Start packet, the AAA starts charging.
图 7是本发明实现认证通知方法的实施例五的流程示意图, 是非 BBF 的 UE接入 BBF接入网络,通过 Router Solicitation报文请求 IPv6地址, BNG 检查该 UE是否通过认证 , 当 BNG确定没有该 UE的认证信息时 , 从 AAA 获取 UE的认证信息, 当根据该认证信息确定 UE通过认证后, BNG触发 DHCP服务器为 UE分配 IPv6地址的具体实现方法, 如图 7所示, 该方法 包括以下步驟:  7 is a schematic flowchart of Embodiment 5 of the method for implementing an authentication notification according to the present invention. A non-BBF UE accesses a BBF access network, and requests an IPv6 address through a Router Solicitation message, and the BNG checks whether the UE passes the authentication. The UE obtains the authentication information of the UE, and obtains the authentication information of the UE from the AAA. After determining that the UE passes the authentication according to the authentication information, the BNG triggers the DHCP server to allocate an IPv6 address to the UE. As shown in FIG. 7, the method includes the following steps. :
步驟 701 , UE发送 Router Solicitation报文请求给 BNG, 其中携带 UE 的 MAC地址。  Step 701: The UE sends a Router Solicitation message request to the BNG, where the MAC address of the UE is carried.
步驟 702, 收到 UE发送的 Router Solicitation报文请求后, BNG检查 该 UE的 MAC地址是否通过认证; 由于该 UE预先没有通过认证, 或该 UE通过认证,但 AAA没有将 UE的 MAC地址发送给 BNG, 因此 BNG在 检查 UE的 MAC地址是否通过认证时 ,发现没有该 UE的认证信息 ,即 BNG 不知道 UE是否通过认证, 则 BNG向 AAA发送查询认证信息报文, 其中 携带该 UE的 MAC地址。  Step 702: After receiving the request for the Router Solicitation message sent by the UE, the BNG checks whether the MAC address of the UE is authenticated. The UE does not pass the authentication in advance, or the UE passes the authentication, but the AAA does not send the MAC address of the UE to the UE. BNG. Therefore, when the BNG checks whether the MAC address of the UE is authenticated, the BNG finds that there is no authentication information of the UE, that is, the BNG does not know whether the UE is authenticated, and the BNG sends an inquiry authentication information packet to the AAA, where the MAC address of the UE is carried. .
步驟 703 , 收到 BNG发送的查询认证信息报文后, AAA根据其中的 MAC地址查询本地保存的与该 MAC地址对应的 UE的认证信息, 将该认 证信息发送给 BNG; 其中, 认证信息为 UE通过认证和 UE没有通过认证。 Step 703, after receiving the query authentication information packet sent by the BNG, the AAA according to the The MAC address is used to query the local authentication information of the UE corresponding to the MAC address, and the authentication information is sent to the BNG. The authentication information is that the UE passes the authentication and the UE does not pass the authentication.
步驟 704,当 BNG收到的认证信息是 UE通过认证时, BNG发送 DHCP Request报文给 DPCH服务器; 如果没有通过认证, 则 BNG回复 UE拒绝 响应^ =艮文。  Step 704: When the authentication information received by the BNG is that the UE passes the authentication, the BNG sends a DHCP Request message to the DPCH server. If the authentication fails, the BNG replies to the UE and rejects the response.
步驟 705 ,收到 BNG发送的 DHCP Request报文后, DHCP服务器回复 DHCP Reply报文, 其中携带 IPv6地址前缀 {Frame-IPv6-Prefix}。  Step 705: After receiving the DHCP Request message sent by the BNG, the DHCP server returns a DHCP Reply message, which carries the IPv6 address prefix {Frame-IPv6-Prefix}.
步驟 706, 收到 DHCP服务器回复的 DHCP Reply报文后, BNG回复 Router Advertisement 报文给 UE , 其 中 携 带 IPv6 地址前缀 {Frame-IPv6-Prefix}。  Step 706: After receiving the DHCP Reply message replied by the DHCP server, the BNG sends a Router Advertisement message to the UE, where the IPv6 address prefix {Frame-IPv6-Prefix} is carried.
步驟 707, BNG向 AAA发送 RADIUS Accounting Start报文, 收到 RADIUS Accounting Start报文后, AAA开始计费。  Step 707: The BNG sends a RADIUS Accounting Start packet to the AAA. After receiving the RADIUS Accounting Start packet, the AAA starts charging.
图 8是本发明实现认证通知方法的实施例六的流程示意图, 是非 BBF 的 UE接入 BBF接入网络, 通过 DHCP Solicit报文请求 IPv6地址, BNG 检查该 UE是否通过认证 , 当 BNG确定没有该 UE的认证信息时 , 从 AAA 获取 UE的认证信息, 当根据该认证信息确定 UE通过认证后, BNG触发 DHCP服务器为 UE分配 IPv6地址的具体实现方法, 如图 8所示, 该方法 包括以下步驟:  FIG. 8 is a schematic flowchart of Embodiment 6 of the method for implementing the authentication notification according to the present invention. The non-BBF UE accesses the BBF access network, requests the IPv6 address through the DHCP Solicit message, and the BNG checks whether the UE passes the authentication. The UE obtains the authentication information of the UE, and obtains the authentication information of the UE from the AAA. After determining that the UE passes the authentication according to the authentication information, the BNG triggers the DHCP server to allocate an IPv6 address to the UE. As shown in FIG. 8, the method includes the following steps. :
步驟 801 , UE发送 DHCP Solicit报文给 BNG, 其中携带 UE的 MAC 地址。  Step 801: The UE sends a DHCP Solicit message to the BNG, where the MAC address of the UE is carried.
步驟 802, 收到 UE发送的 Router Solicitation报文后, BNG检查该 UE 的 MAC地址是否通过认证; 由于该 UE预先没有通过认证, 或该 UE通过 认证,但 AAA没有将 UE的 MAC地址发送给 BNG, 因此 BNG在检查 UE 的 MAC地址是否通过认证时, 发现没有该 UE的认证信息, 即 BNG不知 道 UE是否通过认证, 则 BNG向 AAA发送查询认证信息报文, 其中携带 该 UE的 MAC地址。 Step 802: After receiving the Router Solicitation message sent by the UE, the BNG checks whether the MAC address of the UE is authenticated. The UE does not pass the authentication in advance, or the UE passes the authentication, but the AAA does not send the MAC address of the UE to the BNG. Therefore, when the BNG checks whether the MAC address of the UE is authenticated, the BNG finds that there is no authentication information of the UE, that is, the BNG does not know whether the UE is authenticated, and the BNG sends an inquiry authentication information packet to the AAA, where the BNG carries The MAC address of the UE.
步驟 803 , 收到 BNG发送的查询认证信息报文后, AAA根据其中的 MAC地址查询本地保存的与该 MAC地址对应的 UE的认证信息, 将该认 证信息发送给 BNG; 其中, 认证信息为 UE通过认证和 UE没有通过认证。  Step 803: After receiving the query authentication information packet sent by the BNG, the AAA queries the locally stored authentication information of the UE corresponding to the MAC address according to the MAC address, and sends the authentication information to the BNG. The authentication information is the UE. Passed authentication and the UE did not pass the certification.
步驟 804,当 BNG收到的认证信息是 UE通过认证时, BNG发送 DHCP Solicit报文给 DPCH服务器; 如果没有通过认证, 则 BNG回复 UE拒绝响 应报文。  Step 804: When the authentication information received by the BNG is that the UE passes the authentication, the BNG sends a DHCP Solicit message to the DPCH server. If the authentication fails, the BNG replies to the UE rejecting the response message.
步驟 805 , 收到 BNG发送的 DHCP Solicit报文后, DHCP服务器回复 DHCP Advertise报文给 BNG。  Step 805: After receiving the DHCP Solicit message sent by the BNG, the DHCP server returns a DHCP Advertise message to the BNG.
步驟 806, 收到 DHCP服务器回复的 DHCP Advertise报文后, BNG转 发 DHCP Advertise报文给 UE。  Step 806: After receiving the DHCP Advertise message replied by the DHCP server, the BNG forwards the DHCP Advertise message to the UE.
步驟 807, 收到 BNG发送的 DHCP Advertise报文后, UE发送 DHCP Request报文给 BNG。  Step 807: After receiving the DHCP Advertise message sent by the BNG, the UE sends a DHCP Request message to the BNG.
步驟 808 ,收到 UE发送的 DHCP Request报文后, BNG将 DHCP Request 报文发送给 DHCP服务器。  Step 808: After receiving the DHCP Request message sent by the UE, the BNG sends the DHCP Request message to the DHCP server.
步驟 809,收到 BNG发送的 DHCP Request报文后, DHCP服务器回复 DHCP Reply报文给 BNG , 其中携带 IPv6地址 {Frame-IPv6-Address}。  Step 809: After receiving the DHCP Request message sent by the BNG, the DHCP server sends a DHCP Reply message to the BNG, which carries the IPv6 address {Frame-IPv6-Address}.
步驟 810, 收到 DHCP服务器回复的 DHCP Reply报文后, BNG回复 DHCP Reply报文给 UE , 其中仍然携带 IPv6地址 {Frame-IPv6-Address}。  Step 810: After receiving the DHCP Reply message replied by the DHCP server, the BNG sends a DHCP Reply message to the UE, which still carries the IPv6 address {Frame-IPv6-Address}.
步驟 811 , BNG向 AAA发送 RADIUS Accounting Start报文, 收到 RADIUS Accounting Start报文后, AAA开始计费。  Step 811: The BNG sends a RADIUS Accounting Start packet to the AAA. After receiving the RADIUS Accounting Start packet, the AAA starts charging.
图 9是本发明实现认证通知方法的实施例七的流程示意图, 是非 BBF 的 UE接入 BBF接入网络, 通过 DHCP Discover报文请求 IPv4地址, BNG 检查该 UE是否通过认证 , 当 BNG确定没有该 UE的认证信息时 , 从 AAA 获取 UE的认证信息, 当根据该认证信息确定 UE通过认证后, BNG触发 DHCP服务器为 UE分配 IPv4地址的具体实现方法, 如图 9所示, 该方法 包括以下步驟: FIG. 9 is a schematic flowchart of Embodiment 7 of the method for implementing the authentication notification according to the present invention. The non-BBF UE accesses the BBF access network, requests the IPv4 address through the DHCP Discover message, and the BNG checks whether the UE passes the authentication. When the authentication information of the UE is obtained, the authentication information of the UE is obtained from the AAA, and after determining that the UE passes the authentication according to the authentication information, the BNG is triggered. A specific implementation method for the DHCP server to allocate an IPv4 address to the UE. As shown in FIG. 9, the method includes the following steps:
步驟 901 , UE在物理子网上发送广播的 DHCP Discover报文, 用于寻 找可用的 DHCP服务器。  Step 901: The UE sends a broadcast DHCP Discover message on the physical subnet for searching for an available DHCP server.
步驟 902 , 由于 DHCP Discover报文为广播报文, 因此 RG可以从 UE 收到该报文, RG将从 UE收到的 DHCP Discover报文转发给 BNG。  Step 902: The DHCP Discover message is a broadcast message, so the RG can receive the message from the UE, and the RG forwards the DHCP Discover message received by the UE to the BNG.
步驟 903 , 收到 UE发送的 DHCP Discover报文后 , BNG检查该 UE的 MAC地址是否通过认证; 由于该 UE预先没有通过认证, 或该 UE通过认 证, 但 AAA没有将 UE的 MAC地址发送给 BNG, 因此 BNG在检查 UE 的 MAC地址是否通过认证时, 发现没有该 UE的认证信息, 即 BNG不知 道 UE是否通过认证, 则 BNG向 AAA发送查询认证信息报文, 其中携带 该 UE的 MAC地址。  Step 903: After receiving the DHCP Discover message sent by the UE, the BNG checks whether the MAC address of the UE is authenticated. The UE does not pass the authentication in advance, or the UE passes the authentication, but the AAA does not send the MAC address of the UE to the BNG. Therefore, when the BNG checks whether the MAC address of the UE is authenticated, the BNG finds that there is no authentication information of the UE, that is, the BNG does not know whether the UE passes the authentication, and the BNG sends a query authentication information packet to the AAA, where the MAC address of the UE is carried.
步驟 904, 收到 BNG发送的查询认证信息报文后, AAA根据其中的 MAC地址查询本地保存的与该 MAC地址对应的 UE的认证信息, 将该认 证信息发送给 BNG; 其中, 认证信息为 UE通过认证和 UE没有通过认证。  Step 904: After receiving the query authentication information packet sent by the BNG, the AAA queries the locally stored authentication information of the UE corresponding to the MAC address according to the MAC address, and sends the authentication information to the BNG. The authentication information is the UE. Passed authentication and the UE did not pass the certification.
步驟 905 , 当 BNG收到的认证信息是 UE通过认证时, BNG将 DHCP Discover报文发送给 DHCP服务器; 如果没有通过认证, 则 BNG回复 UE 拒绝响应艮文。  Step 905: When the authentication information received by the BNG is that the UE passes the authentication, the BNG sends the DHCP Discover message to the DHCP server. If the authentication fails, the BNG replies to the UE rejecting the response message.
步驟 906, DHCP服务器收到 DHCP Discover报文后,对于 DHCP服务 器, 相当于收到来自 BNG的 IP租约请求, 因此 DHCP服务器会提供一个 IP租约,并为该 UE保留一个 IP地址,然后给 BNG回复 DHCP Offer报文, 该报文中携带 IPv4地址 {IPv4 Address}。  Step 906: After receiving the DHCP Discover message, the DHCP server is equivalent to receiving the IP lease request from the BNG for the DHCP server, so the DHCP server provides an IP lease and reserves an IP address for the UE, and then replies to the BNG. DHCP Offer packet carrying the IPv4 address {IPv4 Address}.
步驟 907, 收到 DHCP服务器回复的 DHCP Offer报文后, BNG将其转 发给 RG , 其中仍然携带 IPv4地址 {IPv4 Address}。  Step 907: After receiving the DHCP Offer message replied by the DHCP server, the BNG forwards the packet to the RG, which still carries the IPv4 address {IPv4 Address}.
步驟 908,收到 BNG发送的 DHCP Offer报文后, RG向 UE回复 DHCP Offer报文, 其中携带 IPv4地址 {IPv4 Address}。 Step 908, after receiving the DHCP Offer message sent by the BNG, the RG replies to the DHCP with the UE. Offer message, which carries the IPv4 address {IPv4 Address}.
步驟 909, UE发送 DHCP Request报文给 RG和其他所有的 DHCP服 务器,, 其中携带提供 IP租约的 DPCH服务器的 IP, 用于告知其他所有的 DHCP服务器自身已经接受一个 IP租约。  Step 909: The UE sends a DHCP Request message to the RG and all other DHCP servers, where the IP of the DPCH server providing the IP lease is used to notify all other DHCP servers that they have accepted an IP lease.
步驟 910, RG将从 UE收到的 DHCP Request报文转发给 BNG。  Step 910: The RG forwards the DHCP Request message received by the UE to the BNG.
步驟 911 , 收到 DHCP Request报文后, BNG发送 DHCP Request报文 给 DHCP服务器。  Step 911: After receiving the DHCP Request message, the BNG sends a DHCP Request message to the DHCP server.
步驟 912, 收到 BNG发送的 DHCP Request报文后, DHCP服务器回 复 DHCP Ack报文给 BNG。  Step 912: After receiving the DHCP Request message sent by the BNG, the DHCP server returns a DHCP Ack message to the BNG.
步驟 913 , 收到 DHCP服务器回复的 DHCP Ack才艮文后, BNG回复 DHCP Ack报文给 RG。  Step 913: After receiving the DHCP Ack reply from the DHCP server, the BNG replies to the DHCP Ack message to the RG.
步驟 914 , 收到 DHCP Ack报文后, RG回复 DHCP Ack报文给 UE。 步驟 915, BNG向 AAA发送 RADIUS Accounting Start报文, 收到 RADIUS Accounting Star报文后, AAA开始计费。  Step 914: After receiving the DHCP Ack packet, the RG replies to the DHCP Ack packet to the UE. Step 915: The BNG sends a RADIUS Accounting Start packet to the AAA. After receiving the RADIUS Accounting Star packet, the AAA starts charging.
图 10是本发明实现认证通知方法的实施例八的流程示意图,是非 BBF 的 UE接入 BBF接入网络, 请求 IP地址, RG检查该 UE是否通过认证, 当确定该 UE没有通过认证时, 拒绝请求, 当确定该 UE通过认证时, RG 通知 BNG该 UE通过认证, BNG触发 DHCP服务器为 UE分配 IP地址的 具体实现方法, 如图 10所示, 该方法包括以下步驟:  10 is a schematic flowchart of Embodiment 8 of the method for implementing an authentication notification according to the present invention. A non-BBF UE accesses a BBF access network, requests an IP address, and the RG checks whether the UE passes the authentication. When it is determined that the UE does not pass the authentication, the refusal is performed. When the UE is authenticated, the RG notifies the BNG that the UE is authenticated, and the BNG triggers the DHCP server to allocate an IP address to the UE. As shown in FIG. 10, the method includes the following steps:
步驟 1001 , UE在物理子网上发送广播的 DHCP Discover报文, 用于寻 找可用的 DHCP服务器。  Step 1001: The UE sends a broadcast DHCP Discover message on the physical subnet for searching for an available DHCP server.
步驟 1002 , 由于 DHCP Discover报文为广播报文, 因此 RG可以从 UE 收到该报文, 收到 DHCP Discover报文后 , RG检查该 UE的 MAC地址是 否通过认证; 如果没有通过认证, 则 RG拒绝该 UE的请求, 流程结束; 如 果通过认证, 则 RG将 DHCP Discover 4艮文发送给 BNG。 步驟 1003 , 收到 RG发送的 DHCP Discover报文后, BNG确定该 UE 通过认证, 可以为该 UE分配 IP地址, 因此 BNG直接将 DHCP Discover 报文转发给 DHCP服务器, 触发 DHCP服务器为 UE分配 IP地址。 Step 1002: The RG can receive the packet from the UE. After receiving the DHCP Discover message, the RG checks whether the MAC address of the UE passes the authentication. If the authentication fails, the RG does not pass the authentication. The process of rejecting the UE is terminated, and the process ends; if the authentication is passed, the RG sends the DHCP Discover message to the BNG. Step 1003: After receiving the DHCP Discover message sent by the RG, the BNG determines that the UE is authenticated, and can allocate an IP address to the UE. Therefore, the BNG directly forwards the DHCP Discover message to the DHCP server, and triggers the DHCP server to allocate an IP address to the UE. .
步驟 1004, DHCP服务器收到 DHCP Discover报文后 , 对于 DHCP服 务器, 相当于收到来自 BNG的 IP租约请求, 因此 DHCP服务器会提供一 个 IP租约, 并为该 UE保留一个 IP地址, 然后向 BNG回复 DHCP Offer 报文, 该报文中携带 IPv4地址 {IPv4 Address}。  Step 1004: After receiving the DHCP Discover message, the DHCP server is equivalent to receiving the IP lease request from the BNG for the DHCP server, so the DHCP server provides an IP lease and reserves an IP address for the UE, and then replies to the BNG. DHCP Offer packet carrying the IPv4 address {IPv4 Address}.
步驟 1005, 收到 DHCP服务器回复的 DHCP Offer报文后, BNG将其 转发给 RG, 其中仍然携带 IPv4地址 {IPv4 Address}。  Step 1005: After receiving the DHCP Offer message replied by the DHCP server, the BNG forwards the packet to the RG, which still carries the IPv4 address {IPv4 Address}.
步驟 1006,收到 BNG发送的 DHCP Offer报文后, RG向 UE回复 DHCP Step 1006: After receiving the DHCP Offer message sent by the BNG, the RG replies to the UE with DHCP.
Offer报文 , 其中携带 IPv4地址 {IPv4 Address}。 Offer message, which carries the IPv4 address {IPv4 Address}.
步驟 1007, UE发送 DHCP Request报文给 RG和其他所有的 DHCP服 务器, 其中携带提供 IP租约的 DPCH服务器的 IP, 用于告知其他所有的 DHCP服务器自身已经接受一个 IP租约。  Step 1007: The UE sends a DHCP Request message to the RG and all other DHCP servers, where the IP of the DPCH server providing the IP lease is used to notify all other DHCP servers that they have accepted an IP lease.
步驟 1008, RG将从 UE收到的 DHCP Request报文转发给 BNG。  Step 1008: The RG forwards the DHCP Request message received by the UE to the BNG.
步驟 1009, 收到 DHCP Request报文后, BNG发送 DHCP Request报文 给 DHCP服务器。  Step 1009: After receiving the DHCP Request message, the BNG sends a DHCP Request message to the DHCP server.
步驟 1010, 收到 BNG发送的 DHCP Request报文后, DHCP服务器回 复 DHCP Ack报文给 BNG。  Step 1010: After receiving the DHCP Request message sent by the BNG, the DHCP server returns a DHCP Ack message to the BNG.
步驟 1011 , 收到 DHCP服务器回复的 DHCP Ack才艮文后, BNG回复 Step 1011: After receiving the DHCP Ack replied by the DHCP server, the BNG reply
DHCP Ack报文给 RG。 The DHCP Ack packet is sent to the RG.
步驟 1012 , 收到 DHCP Ack报文后, RG回复 DHCP Ack报文给 UE。 步驟 1013 , BNG向 AAA发送 RADIUS Accounting Start报文, 收到 RADIUS Accounting Start报文后, AAA开始计费。  Step 1012: After receiving the DHCP Ack packet, the RG replies to the DHCP Ack packet to the UE. Step 1013: The BNG sends a RADIUS Accounting Start packet to the AAA. After receiving the RADIUS Accounting Start packet, the AAA starts charging.
上述的实施例二至实施例八中的 AAA为 BBF AAA。 为实现实施例一至实施例四中的方法, 本发明还提供一种认证通知系 统, 图 11 是本发明实现认证通知系统的实施例一的结构示意图, 如图 11 所示, 该系统包括: BBF AAA111和 BNG112; 其中, The AAA in the above-described Embodiment 2 to Embodiment 8 is BBF AAA. In order to implement the method in the first embodiment to the fourth embodiment, the present invention further provides an authentication notification system. FIG. 11 is a schematic structural diagram of Embodiment 1 of the present invention for implementing an authentication notification system. As shown in FIG. 11, the system includes: BBF AAA111 and BNG112; among them,
BBF AAA111 , 用于 UE接入 BBF接入网络且通过认证时 , 将 UE的 MAC地址发送给 BNG112;  BBF AAA111, configured to send the MAC address of the UE to the BNG 112 when the UE accesses the BBF access network and passes the authentication;
BNG 112, 用于接收 UE的 MAC地址。  The BNG 112 is configured to receive a MAC address of the UE.
所述 BNG112还用于, 当 UE请求 IP地址, 且确定所述 UE通过认证 时, 触发 DHCP服务器为所述 UE分配 IP地址。  The BNG 112 is further configured to: when the UE requests an IP address, and determine that the UE passes the authentication, trigger the DHCP server to allocate an IP address to the UE.
为实现实施例五至实施例七中的方法, 本发明还提供一种认证通知系 统, 图 12是本发明实现认证通知系统的实施例二的结构示意图, 如图 12 所示, 该系统包括: BNG121和 AAA122; 其中,  In order to implement the method in the fifth embodiment to the seventh embodiment, the present invention further provides an authentication notification system. FIG. 12 is a schematic structural diagram of Embodiment 2 of the present invention for implementing an authentication notification system. As shown in FIG. 12, the system includes: BNG121 and AAA122; among them,
BNG121 , 用于 UE接入 BBF接入网络, 并请求 IP地址时, 检查所述 UE是否通过认证, 并当确定没有该 UE的认证信息时, 从 AAA122获取 UE的认证信息;  The BNG121 is configured to: when the UE accesses the BBF to access the network, and requests the IP address, check whether the UE passes the authentication, and when it is determined that there is no authentication information of the UE, obtain the authentication information of the UE from the AAA 122;
AAA122, 用于为 BNG提供 UE的认证信息。  The AAA 122 is configured to provide the UE with the authentication information of the BNG.
所述 BNG121还用于, 当根据所述认证信息确定 UE通过认证后, 触 发 DHCP服务器为 UE分配 IP地址。  The BNG 121 is further configured to: after determining that the UE passes the authentication according to the authentication information, trigger the DHCP server to allocate an IP address to the UE.
为实现实施例八中的方法, 本发明还提供一种认证通知系统, 图 13是 本发明实现认证通知系统的实施例三的结构示意图, 如图 13所示, 该系统 包括: RG131和 BNG132; 其中,  The present invention further provides an authentication notification system, and FIG. 13 is a schematic structural diagram of Embodiment 3 of the present invention for implementing an authentication notification system. As shown in FIG. 13, the system includes: RG131 and BNG132; among them,
RG131 , 用于 UE接入 BBF接入网络, 并请求 IP地址时, 检查所述 UE是否通过认证, 当确定所述 UE通过认证时 , 通知 BNG132所述 UE通 过认证;  RG131, configured to: when the UE accesses the BBF to access the network, and requests the IP address, check whether the UE passes the authentication, and when it is determined that the UE passes the authentication, notify the BNG 132 that the UE passes the authentication;
BNG132, 用于接收 UE通过认证的通知。  The BNG 132 is configured to receive a notification that the UE passes the authentication.
所述 BNG132还用于, 触发 DHCP服务器为 UE分配 IP地址。 以上所述, 仅为本发明的较佳实施例而已, 并非用于限定本发明的保 护范围, 凡在本发明的精神和原则之内所作的任何修改、 等同替换和改进 等, 均应包含在本发明的保护范围之内。 The BNG 132 is further configured to: trigger a DHCP server to allocate an IP address to the UE. The above description is only for the preferred embodiment of the present invention, and is not intended to limit the scope of the present invention. Any modifications, equivalent substitutions and improvements made within the spirit and principles of the present invention should be included. Within the scope of protection of the present invention.

Claims

权利要求书 Claim
1、 一种认证通知方法, 其特征在于, 该方法包括:  1. An authentication notification method, characterized in that the method comprises:
UE接入宽带论坛(BBF )接入网络且通过认证时, BBF认证、 授权和 计费单元(AAA )将 UE的 MAC地址发送给宽带网络网关控制设^ BNG )。  When the UE accesses the broadband forum (BBF) access network and passes the authentication, the BBF authentication, authorization, and accounting unit (AAA) sends the MAC address of the UE to the broadband network gateway control device (BNG).
2、 根据权利要求 1所述的方法, 其特征在于, 该方法还包括: 当 UE请求 IP地址, 且 BNG确定所述 UE通过认证时, BNG触发动 态主机设置协议 ( DHCP )服务器为所述 UE分配 IP地址。  2. The method according to claim 1, wherein the method further comprises: when the UE requests an IP address, and the BNG determines that the UE passes the authentication, the BNG triggers a Dynamic Host Setup Protocol (DHCP) server as the UE. Assign an IP address.
3、根据权利要求 2所述的方法,其特征在于,所述 UE请求 IP地址为: UE通过路由请求( Router Solicitation )报文请求 IPv6地址,或 UE通过 DHCP 请求( DHCP Solicit )报文请求 IPv6地址, 或 UE通过 DHCP发现( DHCP Discover )才艮文请求 IPv4地址。  The method of claim 2, wherein the UE requests an IP address: the UE requests an IPv6 address through a Router Solicitation message, or the UE requests an IPv6 through a DHCP Solicit message. The address, or the UE, through DHCP Discovery (DHCP Discover), requests the IPv4 address.
4、 一种认证通知方法, 其特征在于, 该方法包括:  4. An authentication notification method, characterized in that the method comprises:
UE接入 BBF接入网络 , 并请求 IP地址时 , BNG检查所述 UE是否通 过认证, 当 BNG确定没有该 UE的认证信息时, 从 AAA获取 UE的认证 信息。  When the UE accesses the BBF to access the network and requests the IP address, the BNG checks whether the UE passes the authentication. When the BNG determines that there is no authentication information of the UE, the BNG obtains the authentication information of the UE from the AAA.
5、 根据权利要求 4所述的方法, 其特征在于, 该方法还包括: 当根据所述认证信息确定 UE通过认证后, BNG触发 DHCP服务器为 UE分配 IP地址。  The method according to claim 4, wherein the method further comprises: after determining that the UE passes the authentication according to the authentication information, the BNG triggers the DHCP server to allocate an IP address to the UE.
6、根据权利要求 4所述的方法,其特征在于,所述 UE请求 IP地址为: UE通过 Router Solicitation 4艮文请求 IPv6地址,或 UE通过 DHCP Solicit 才艮文请求 IPv6地址, 或 UE通过 DHCP Discover 4艮文请求 IPv4地址。  The method according to claim 4, wherein the UE requests the IP address to be: the UE requests the IPv6 address through the Router Solicitation, or the UE requests the IPv6 address through the DHCP Solicit, or the UE passes the DHCP. Discover 4 requests an IPv4 address.
7、 一种认证通知方法, 其特征在于, 该方法包括:  7. An authentication notification method, characterized in that the method comprises:
UE接入 BBF接入网络, 并请求 IP地址时 , 住宅网关( RG )检查所述 UE是否通过认证, 当确定所述 UE通过认证时 , RG通知 BNG所述 UE通 过认证。 When the UE accesses the BBF access network and requests the IP address, the residential gateway (RG) checks whether the UE passes the authentication. When it is determined that the UE passes the authentication, the RG notifies the BNG that the UE passes the authentication.
8、 根据权利要求 7所述的方法, 其特征在于, 该方法还包括: 8. The method according to claim 7, wherein the method further comprises:
BNG触发 DHCP服务器为 UE分配 IP地址。  The BNG triggers the DHCP server to assign an IP address to the UE.
9、 根据权利要求 7所述的方法, 其特征在于,  9. The method of claim 7 wherein:
所述 UE请求 IP地址为: UE通过 DHCP Discover报文请求 IPv4地址; 所述 RG通知 BNG所述 UE通过认证为: RG将所述 DHCP Discover 报文发送给 BNG。  The UE requests the IP address as follows: the UE requests the IPv4 address through the DHCP Discover message; the RG notifies the BNG that the UE is authenticated as: The RG sends the DHCP Discover message to the BNG.
10、一种认证通知系统 ,其特征在于 ,该系统包括: BBF AAA和 BNG; 其中,  10. An authentication notification system, the system comprising: BBF AAA and BNG; wherein
BBF AAA,用于 UE接入 BBF接入网络且通过认证时 ,将 UE的 MAC 地址发送给 BNG;  The BBF AAA is used when the UE accesses the BBF to access the network and passes the authentication, and sends the MAC address of the UE to the BNG.
BNG, 用于接收 UE的 MAC地址。  BNG, used to receive the MAC address of the UE.
11、 根据权利要求 10所述的系统, 其特征在于,  11. The system of claim 10, wherein:
所述 BNG还用于, 当 UE请求 IP地址, 且确定所述 UE通过认证时, 触发 DHCP服务器为所述 UE分配 IP地址。  The BNG is further configured to: when the UE requests an IP address, and determine that the UE passes the authentication, trigger the DHCP server to allocate an IP address to the UE.
12、 一种认证通知系统, 其特征在于, 该系统包括: BNG和 AAA; 其 中,  12. An authentication notification system, characterized in that the system comprises: BNG and AAA;
BNG, 用于 UE接入 BBF接入网络, 并请求 IP地址时, 检查所述 UE 是否通过认证, 并当确定没有该 UE的认证信息时, 从 AAA获取 UE的认 证信息;  The BNG is configured to: when the UE accesses the BBF to access the network, and requests the IP address, check whether the UE passes the authentication, and when it is determined that there is no authentication information of the UE, obtain the authentication information of the UE from the AAA;
AAA, 用于为 BNG提供 UE的认证信息。  AAA, used to provide UE authentication information for BNG.
13、 根据权利要求 12所述的系统, 其特征在于, 所述 BNG还用于, 当根据所述认证信息确定 UE通过认证后, 触发 DHCP服务器为 UE分配 IP地址。  The system according to claim 12, wherein the BNG is further configured to: when determining that the UE passes the authentication according to the authentication information, trigger the DHCP server to allocate an IP address to the UE.
14、 一种认证通知系统, 其特征在于, 该系统包括: RG和 BNG; 其 中, RG, 用于 UE接入 BBF接入网络, 并请求 IP地址时, 检查所述 UE 是否通过认证, 当确定所述 UE通过认证时 ,通知 BNG所述 UE通过认证; BNG , 用于接收 UE通过认证的通知。 14. An authentication notification system, the system comprising: RG and BNG; wherein RG, configured to: when the UE accesses the BBF access network, and requests the IP address, check whether the UE passes the authentication, and when the UE is determined to pass the authentication, notify the BNG that the UE passes the authentication; and the BNG is used to receive the UE. Notification of certification.
15、 根据权利要求 14所述的系统, 其特征在于, 所述 BNG还用于, 触发 DHCP服务器为 UE分配 IP地址。  The system according to claim 14, wherein the BNG is further configured to trigger a DHCP server to allocate an IP address to the UE.
PCT/CN2012/071293 2011-04-21 2012-02-17 Authentication notification method and system WO2012142867A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201110100677.9 2011-04-21
CN201110100677.9A CN102752746B (en) 2011-04-21 2011-04-21 A kind of authentication notification method and system

Publications (1)

Publication Number Publication Date
WO2012142867A1 true WO2012142867A1 (en) 2012-10-26

Family

ID=47032599

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2012/071293 WO2012142867A1 (en) 2011-04-21 2012-02-17 Authentication notification method and system

Country Status (2)

Country Link
CN (1) CN102752746B (en)
WO (1) WO2012142867A1 (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103152332A (en) * 2013-02-17 2013-06-12 中兴通讯股份有限公司 Method and equipment for authenticating extensible authentication protocol (EAP) with WEB service assistance
US20150295929A1 (en) * 2013-01-08 2015-10-15 Zte Corporation Method and system for wireless local area network user to access fixed broadband network

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103796245B (en) * 2012-10-29 2019-01-25 中兴通讯股份有限公司 The management method of data message, apparatus and system
CN106341374B (en) * 2015-07-10 2020-09-29 中兴通讯股份有限公司 Method and device for limiting access of unlicensed user equipment to home gateway

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101369893A (en) * 2008-10-06 2009-02-18 中国移动通信集团设计院有限公司 Method for local area network access authentication of casual user
CN101795449A (en) * 2010-01-07 2010-08-04 杭州华三通信技术有限公司 Wireless network terminal access control method and device thereof

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101355550B (en) * 2007-07-27 2011-12-21 中国电信股份有限公司 Method and system for pushing wideband information combining telecom wideband AAA system

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101369893A (en) * 2008-10-06 2009-02-18 中国移动通信集团设计院有限公司 Method for local area network access authentication of casual user
CN101795449A (en) * 2010-01-07 2010-08-04 杭州华三通信技术有限公司 Wireless network terminal access control method and device thereof

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
"3rd GERERATION PARTNTRSHIP PROJECT.", 3GPP TS 33.402 V8.3.1., March 2009 (2009-03-01) *
ERICSSON.: "FMC10030, FMC Policy Interworking.", 3GPP/BBF WORKSHOP ON FMC, 19 February 2010 (2010-02-19) *

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20150295929A1 (en) * 2013-01-08 2015-10-15 Zte Corporation Method and system for wireless local area network user to access fixed broadband network
US9749320B2 (en) * 2013-01-08 2017-08-29 Zte Corporation Method and system for wireless local area network user to access fixed broadband network
CN103152332A (en) * 2013-02-17 2013-06-12 中兴通讯股份有限公司 Method and equipment for authenticating extensible authentication protocol (EAP) with WEB service assistance
CN103152332B (en) * 2013-02-17 2018-02-16 中兴通讯股份有限公司 A kind of EAP authentication method and apparatus under WEB service assistance

Also Published As

Publication number Publication date
CN102752746A (en) 2012-10-24
CN102752746B (en) 2018-01-19

Similar Documents

Publication Publication Date Title
US10448250B2 (en) Communication system, connection control apparatus, mobile terminal, base station control method, service request method, and program
EP3154306B1 (en) Establishment of network connection
US20080219230A1 (en) Method and system for authentication of WLAN terminal interworking with broadband wireless access network
US9271318B2 (en) Internet protocol address registration
WO2012130085A1 (en) Method and device for establishing connection with network management system, and communication system
US20130267203A1 (en) Sending plmn id at a shared wifi access
WO2016029953A1 (en) User equipment identity valid for heterogeneous networks
JP6063564B2 (en) Method, apparatus and system for accessing a mobile network
US20160241600A1 (en) Lawful interception in a wi-fi / packet core network access
US8830954B2 (en) Protocol for communication between mobile station and WiMAX signaling forwarding function
WO2009152676A1 (en) Aaa server, p-gw, pcrf, method and system for obtaining the ue's id
CN103796281A (en) Management method, device and system for packet-data network type
WO2012130133A1 (en) Access point and terminal access method
WO2007128239A1 (en) System for implementing mobile ipv6 and method for establishing user link in the system
WO2009052723A1 (en) Method for gateway anchor assignment, network side device and user terminal
WO2012142867A1 (en) Authentication notification method and system
US8458773B2 (en) Method, device, and system for authentication
WO2012152102A1 (en) User information notification method and system
US20110107403A1 (en) Communication system, server apparatus, information communication method, and program
WO2014107969A1 (en) Method and system for user address allocation in wireless local area network/fixed network interaction
WO2013023591A1 (en) Method and device for selecting policy server
WO2009089773A1 (en) Multi-host access authentication method and system for wimax network
WO2014121613A1 (en) Method and corresponding device for acquiring location information
WO2014032542A9 (en) Method and system for setting up multiple connections
WO2009129730A1 (en) Method, device and system for registering in universal service interface system

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 12773708

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 12773708

Country of ref document: EP

Kind code of ref document: A1