WO2012142867A1 - Procédé et système d'authentification de notification - Google Patents

Procédé et système d'authentification de notification Download PDF

Info

Publication number
WO2012142867A1
WO2012142867A1 PCT/CN2012/071293 CN2012071293W WO2012142867A1 WO 2012142867 A1 WO2012142867 A1 WO 2012142867A1 CN 2012071293 W CN2012071293 W CN 2012071293W WO 2012142867 A1 WO2012142867 A1 WO 2012142867A1
Authority
WO
WIPO (PCT)
Prior art keywords
bng
authentication
address
dhcp
requests
Prior art date
Application number
PCT/CN2012/071293
Other languages
English (en)
Chinese (zh)
Inventor
尤建洁
Original Assignee
中兴通讯股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 中兴通讯股份有限公司 filed Critical 中兴通讯股份有限公司
Publication of WO2012142867A1 publication Critical patent/WO2012142867A1/fr

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • H04W12/069Authentication using certificates or pre-shared keys

Definitions

  • the present invention relates to the field of mobile communications, and in particular, to an authentication notification method and system. Background technique
  • multimode terminals can realize seamless connection between different types of wireless access networks, such as cellular universal mobile communication system (UMTS, Universal Mobile Telecommunications System), enhanced data rate GSM evolution technology (EDGE, Enhanced Data Rate for GSM Evolution), a seamless connection between General Packet Radio Service (GPRS) and Wireless Local Area Networks (WLAN) in IEEE 802.11.
  • UMTS Universal Mobile Telecommunications System
  • EDGE enhanced Data rate GSM Evolution
  • GPRS General Packet Radio Service
  • WLAN Wireless Local Area Networks
  • WLANs provide high data rates in a small range of homes and hotspots, while cellular networks offer greater flexibility and ubiquitous coverage, but at lower data rates; if combined with the advantages of both, users will Benefited from.
  • multimode terminals use WLAN for data access and Voice over Internet Protocol (VoIP) applications, while also using overlapping cellular networks for voice calls or media access.
  • VoIP Voice over Internet Protocol
  • the Broadband Forum (BBF, Broadband Forum) defines a fixed network architecture;
  • BBF Broadband Forum
  • UE User Equipment
  • 1 is a schematic flowchart of a method for authentication and address allocation in the prior art.
  • the UE sends an authentication packet to a broadband network gateway control device (BNG, Broadband Network Gatewny), and finally to authentication, authorization, and accounting.
  • BNG broadband network gateway control device
  • AAA Authentication Authorization Accounting
  • DHCP dynamic host configuration protocol
  • the UE initiates a DHCP Discovery (DHCP Discovery) request message to the BNG, and the request message carries a selection field of code 60 (Option 60); the intermediate network device marks the selection field coded as 82 (Option 82) according to the relevant specification; then BNG Receive the request packet from the UE, mark Option 82, and forward the DHCP relay request packet to the DHCP server.
  • the DHCP server extracts the relevant information in the request packet, constructs the user name (User name) and the NAS port identifier (Nas-Port-ID) required for authentication, and sends it to the remote user dial-up authentication system. (RADIUS, Remote Authentication Dial In User Service) for authentication.
  • RADIUS authenticates the UE. If the authentication fails, the ACK message is returned to the DHCP server. The DHCP server replies with a DHCP command to the BNG. If the authentication succeeds, the authentication information is sent back to the DHCP server. And carrying the relevant attributes of the UE; the DHCP server allocates a corresponding IP address to the UE according to different service information of the UE, and then the user can use the service normally; wherein, for different devices, the BNG may be a broadband remote access server (BRAS, Broadband) Remote Access Server) or Service Router (SR).
  • BRAS broadband remote access server
  • SR Service Router
  • FIG. 2 is a schematic flowchart of the authentication of the residential gateway (RG, Residence Gateway) in the prior art.
  • the UE sends the authentication packet to the RG, and the RG encapsulates the authentication packet.
  • the AAA sent to the AAA; if the authentication is passed, the AAA will save the media access control address (MAC, Medium/Media Access Control) of the UE, and in the address allocation phase, the AAA assigns an IP address to the UE according to the MAC address.
  • MAC Media access control
  • the UE sends the authentication packet to the RG.
  • the authentication message is sent to the AAA to complete the UE authentication (ie, the authentication passes through the mode in FIG. 2 without going through the BNG); however, in the address allocation phase, the DHCP server allocates the IP address to the user.
  • the BNG does not know whether the UE is authenticated, the DHCP server cannot be triggered to allocate an IP address to the UE.
  • the main purpose of the present invention is to provide an authentication notification method and system, and the BNG can know in time whether the UE requesting access has passed the authentication.
  • the present invention provides an authentication notification method, including:
  • BBF Broadband Forum
  • AAA BBF Authentication, Authorization, and Accounting Unit
  • the method further includes:
  • the BNG When the UE requests an IP address, and the BNG determines that the UE passes the authentication, the BNG triggers a Dynamic Host Setup Protocol (DHCP) server to assign an IP address to the UE.
  • DHCP Dynamic Host Setup Protocol
  • the requesting IP address of the UE is: the UE requests an IPv6 address by using a Router Solicitation message, or the UE requests an IPv6 address through a DHCP Solicit (DHCP Solicit) request, or the UE discovers through DHCP (DHCP Discover 4) Request an IPv4 address.
  • DHCP Solicit DHCP Solicit
  • DHCP Discover 4 DHCP Discover 4
  • the present invention provides an authentication notification method, including:
  • the BNG checks whether the UE passes the authentication. When the BNG determines that there is no authentication information of the UE, the BNG obtains the authentication information of the UE from the AAA.
  • the method further includes:
  • the BNG After determining that the UE passes the authentication according to the authentication information, the BNG triggers the DHCP server to allocate an IP address for the UE.
  • the UE requests an IP address as:
  • the UE requests the IPv6 address through the Router Solicitation 4, or the UE requests the IPv6 address through the DHCP Solicit, or the UE requests the IPv4 address through the DHCP Discover 4 message.
  • the present invention provides an authentication notification method, including:
  • the residential gateway checks whether the UE passes the authentication. When it is determined that the UE passes the authentication, the RG notifies the BNG that the UE passes the authentication.
  • the method further includes:
  • the BNG triggers the DHCP server to assign an IP address to the UE.
  • the UE requests the IP address as follows: the UE requests the IPv4 address through the DHCP Discover message; the RG notifies the BNG that the UE is authenticated as: The RG sends the DHCP Discover message to the BNG.
  • the invention provides an authentication notification system, including: BBF AAA and BNG; wherein, the BBF AAA is used to send the MAC address of the UE to the BNG when the UE accesses the BBF access network and passes the authentication;
  • BNG used to receive the MAC address of the UE.
  • the BNG is further configured to: when the UE requests an IP address, and determine that the UE passes the authentication, trigger the DHCP server to allocate an IP address to the UE.
  • the present invention provides an authentication notification system, including: BNG and AAA;
  • the BNG is configured to: when the UE accesses the BBF to access the network, and requests the IP address, check whether the UE passes the authentication, and when it is determined that there is no authentication information of the UE, obtain the authentication information of the UE from the AAA;
  • the BNG is further configured to: when determining that the UE passes the authentication according to the authentication information, trigger the DHCP server to allocate an IP address for the UE.
  • the present invention provides an authentication notification system, including: RG and BNG;
  • RG configured to: when the UE accesses the BBF to access the network, and requests the IP address, check whether the UE passes the authentication, and when it is determined that the UE passes the authentication, notify the BNG that the UE passes the authentication;
  • the BNG is configured to receive a notification that the UE passes the authentication.
  • the BNG is further configured to trigger a DHCP server to allocate an IP address to the UE.
  • the BBF AAA when the UE accesses the BBF access network and passes the authentication, the BBF AAA sends the MAC address of the UE to the BNG; or when the UE accesses the BBF access network and requests the IP address, the BNG check Whether the UE passes the authentication, and when the BNG determines that there is no authentication information of the UE, the UE obtains the authentication information of the UE from the AAA; or when the UE accesses the BBF access network and requests the IP address, the RG checks whether the UE passes the authentication.
  • the RG When it is determined that the UE is authenticated, the RG notifies the BNG that the UE passes the authentication, so the BNG may receive the UE's MAC address from the AAA, or query the UE's authentication information, or receive the UE's notification of the UE's authentication through the RG. If the UE is authenticated, the DHCP server can be triggered to allocate an IP address to the UE in time.
  • the authentication packet is sent to the AAA to complete the UE through the RG encapsulation process, that is, the authentication process does not pass through the BNG, and the technical solution proposed in the present invention can still be implemented.
  • the DHCP server allocates an IP address to the UE to further compensate for the deficiencies in the prior art.
  • FIG. 1 is a schematic flow chart of a method for authentication and address allocation in the prior art
  • FIG. 2 is a schematic flow chart of authentication in the prior art via RG
  • FIG. 3 is a schematic flowchart of Embodiment 1 of an authentication notification method according to the present invention
  • 4 is a schematic flowchart of Embodiment 2 of the method for implementing the authentication notification according to the present invention
  • FIG. 5 is a schematic flowchart of Embodiment 3 of the method for implementing the authentication notification according to the present invention
  • Embodiment 4 is a schematic flowchart of Embodiment 4 of implementing an authentication notification method according to the present invention
  • Embodiment 7 is a schematic flowchart of Embodiment 5 of implementing an authentication notification method according to the present invention.
  • Embodiment 8 is a schematic flowchart of Embodiment 6 of the method for implementing authentication in the present invention.
  • Embodiment 9 is a schematic flowchart of Embodiment 7 of the method for implementing authentication in the present invention.
  • FIG. 10 is a schematic flowchart of Embodiment 8 of an authentication notification method according to the present invention.
  • Embodiment 11 is a schematic structural diagram of Embodiment 1 of implementing an authentication notification system according to the present invention.
  • Embodiment 12 is a schematic structural diagram of Embodiment 2 of implementing an authentication notification system according to the present invention.
  • FIG. 13 is a schematic structural diagram of Embodiment 3 of implementing an authentication notification system according to the present invention. detailed description
  • the basic idea of the present invention is: when the UE accesses the BBF access network and passes the authentication, the BBF AAA sends the MAC address of the UE to the BNG; or when the UE accesses the BBF access network and requests the IP address, the BNG checks the UE. Whether the authentication is performed, when the BNG determines that there is no authentication information of the UE, and obtains the authentication information of the UE from the AAA; or when the UE accesses the BBF access network and requests the IP address, the RG checks whether the UE passes the authentication, when determining When the UE passes the authentication, the RG notifies the BNG that the UE passes the authentication.
  • FIG. 3 is a schematic flowchart of the first embodiment of the method for implementing the authentication notification according to the present invention.
  • Step 301 The RG interacts with the BBF AAA to complete the authentication.
  • Step 302 The non-BBF UE sends an authentication protocol start (EAPoL-Start) message to the RG, and performs authentication through the 802.1X protocol.
  • EAPoL-Start authentication protocol start
  • Step 304 After receiving the EAP Identity Request message sent by the RG, the UE sends an EAP Identity Response message to the RG, where the message carries the user name.
  • Step 305 The RG encapsulates the received EAP Identity Response message into a RADIUS Access Request message, and sends the RADIUS Access Request message to the BBF AAA.
  • Step 306 The BBF AAA forwards the RADIUS Access Request message received from the RG to the home AAA according to the Network Address Identifier (NAI).
  • NAI Network Address Identifier
  • Step 307 After receiving the RADIUS Access Request message sent by the BBF AAA, the Home AAA replies to the RADIUS Access Response message to the BBF AAA, where the message carries the EAP Identity Response message.
  • Step 308 The BBF AAA forwards the received RADIUS Access Response packet to the RG.
  • Step 309 The RG unblocks the EAP frame from the received RADIUS Access Response message, and sends the EAP frame to the UE.
  • Step 310 After receiving the EAP frame sent by the RG, the UE sends a packet to the RG, and the packet carries a Challenged Password.
  • Step 311 After receiving the packet replied by the UE, the RG encapsulates the EAP frame obtained by the decapsulation into a RADIUS Access Request message and sends the EAP frame to the BBF AAA, where the received Challenged Password is carried.
  • Step 312 The BBF AAA forwards the received RADIUS Access Request message to the Home AAA.
  • Step 313 If the UE requesting access to the BBF access network passes the authentication, the Home AAA The RADIUS Access Accept message is sent to the BBF AAA. If the UE requesting access to the BBF access network does not pass the authentication, the RADIUS Access Accept message is not returned to the BBF AAA, and the process ends.
  • Step 314 The BBF AAA forwards the RADIUS Access Accept message to the RG.
  • Step 315 the BBF AAA sends the MAC address of the authenticated UE to the BNG, where
  • the BBF AAA sends the MAC address of the authenticated UE to the BNG to inform the BNG that the UE has passed the authentication, so that when the BNG receives the IP address request from the UE, the DHCP server can be triggered to perform IP address allocation.
  • Step 316 The RG decapsulates the EAP frame and sends an EAP Success message to the UE.
  • Embodiment 4 is a schematic flowchart of Embodiment 2 of the method for implementing the authentication notification according to the present invention.
  • the BNG determines that the UE passes the authentication
  • the BNG triggers.
  • Step 401 The UE sends a Router Solicitation message to the BNG, where the MAC address of the UE is carried.
  • Step 402 After receiving the Router Solicitation message, the BNG checks whether the MAC address of the UE is authenticated. If the authentication succeeds, the DHCP Request message is sent to the DHCP server to trigger the DHCP server to allocate an IP address to the UE. If the authentication is not passed, the BNG sends a reject message to the UE, and the process ends.
  • Step 403 after being triggered, DHCP server returns a DHCP response (DHCP the Reply) message to the BNG, packet carries the IPv6 address prefix ⁇ Frame-IPv 6 -Prefix ⁇ .
  • Step 404 After receiving the DHCP Reply message replied by the DHCP server, the BNG sends a Router Advertisement message to the UE, where the IPv6 address prefix ⁇ Frame-IPv6-Prefix ⁇ is carried.
  • Step 405 The BNG sends a RADIUS Accounting Start message to the AAA. After receiving the RADIUS Accounting Start message, the AAA starts charging.
  • the accounting can be used, for example, to count the user online time.
  • FIG. 5 is a schematic flowchart of Embodiment 3 of the method for implementing the authentication notification according to the present invention.
  • the BNG determines that the UE passes the authentication
  • the BNG triggers.
  • Step 501 The UE sends a DHCP Solicit message to the BNG, where the UE carries the MAC address of the UE.
  • Step 502 After receiving the DHCP Solicit message, the BNG checks whether the MAC address of the UE is authenticated. If the authentication is performed, the DHCP Solicit message is sent to the DHCP server. If the authentication fails, the BNG sends a reject message to the UE. Process.
  • Step 503 After receiving the DHCP Solicit message sent by the BNG, the DHCP server returns a DHCP Advertise message to the BNG.
  • Step 504 After receiving the DHCP Advertise message replied by the DHCP server, the BNG forwards the packet to the UE.
  • Step 505 After receiving the DHCP Advertise message sent by the BNG, the UE sends a DHCP Request message to the BNG.
  • Step 506 The BNG sends the DHCP Request message received from the UE to the DHCP server.
  • Step 507 After receiving the DHCP Request message sent by the BNG, the DHCP server sends a DHCP Reply message to the BNG, where the message carries an IPv6 address ⁇ Frame-IPv6-Address ⁇ .
  • the server receives the DHCP reply DHCP Reply messages, the BNG forwards the DHCP Reply message to the UE, the packet is still carries the IPv6 address ⁇ Frame-IPv 6 - Address ⁇ .
  • Step 509 the BNG sends a RADIUS Accounting Start message to the AAA, and receives the packet. After the RADIUS Accounting Start packet, AAA starts accounting.
  • FIG. 6 is a schematic flowchart of Embodiment 4 of the method for implementing an authentication notification according to the present invention.
  • DHCP Discover DHCP Discovery
  • the BNG determines that the UE passes the authentication
  • the BNG is determined.
  • a specific implementation method for triggering a DHCP server to allocate an IPv4 address to the UE is as follows: As shown in FIG. 6, the method includes the following steps:
  • Step 601 The UE sends a broadcast DHCP Discover message on the physical subnet for searching for an available DHCP server.
  • Step 602 The DHCP Discover message is a broadcast message, so the RG can receive the message from the UE, and the RG forwards the received DHCP Discover message to the BNG.
  • Step 603 The BNG checks whether the MAC address of the UE is authenticated. If the authentication is successful, the BNG sends the received DHCP Discover message to the DHCP server. If the authentication fails, the BNG sends the rejected message to the UE through the RG. End the process.
  • Step 604 After receiving the DHCP Discover message, the DHCP server is equivalent to receiving an IP lease request from the BNG for the DHCP server, so the DHCP server provides an IP lease and reserves an IP address for the UE, and then replies to the BNG.
  • DHCP Request message which carries the IPv4 address ⁇ IPv4 Address ⁇ .
  • Step 605 After receiving the DHCP Offer message replied by the DHCP server, the BNG forwards the packet to the RG, which still carries the IPv4 address ⁇ IPv4 Address ⁇ .
  • the IP address returned by the BNG to the UE is an IPv6 address or the IPv4 address is determined according to the protocol type.
  • Step 606 After receiving the DHCP Offer message sent by the BNG, the RG sends a DHCP Offer message to the UE, where the IPv4 address ⁇ IPv4 Address ⁇ is carried.
  • Step 607 The UE sends a DHCP Request message to the RG and all other DHCP servers, where the IP of the DPCH server that provides the IP lease is used to notify all other DHCP servers that they have accepted an IP lease.
  • Step 609 After receiving the DHCP Request message, the BNG sends a DHCP Request message to the DHCP server.
  • Step 610 After receiving the DHCP Request message sent by the BNG, the DHCP server returns a DHCP Ack (DHCP Ack) message to the BNG.
  • DHCP Ack DHCP Ack
  • Step 611 After receiving the DHCP Ack reply from the DHCP server, the BNG replies to the DHCP Ack message to the RG.
  • Step 612 after receiving the DHCP Ack packet, the RG replies to the DHCP Ack packet to the UE.
  • Step 613 The BNG sends a RADIUS Accounting Start packet to the AAA. After receiving the RADIUS Accounting Start packet, the AAA starts charging.
  • a non-BBF UE accesses a BBF access network, and requests an IPv6 address through a Router Solicitation message, and the BNG checks whether the UE passes the authentication.
  • the UE obtains the authentication information of the UE, and obtains the authentication information of the UE from the AAA.
  • the BNG triggers the DHCP server to allocate an IPv6 address to the UE.
  • the method includes the following steps. :
  • Step 701 The UE sends a Router Solicitation message request to the BNG, where the MAC address of the UE is carried.
  • Step 702 After receiving the request for the Router Solicitation message sent by the UE, the BNG checks whether the MAC address of the UE is authenticated. The UE does not pass the authentication in advance, or the UE passes the authentication, but the AAA does not send the MAC address of the UE to the UE. BNG. Therefore, when the BNG checks whether the MAC address of the UE is authenticated, the BNG finds that there is no authentication information of the UE, that is, the BNG does not know whether the UE is authenticated, and the BNG sends an inquiry authentication information packet to the AAA, where the MAC address of the UE is carried. .
  • Step 703 after receiving the query authentication information packet sent by the BNG, the AAA according to the The MAC address is used to query the local authentication information of the UE corresponding to the MAC address, and the authentication information is sent to the BNG.
  • the authentication information is that the UE passes the authentication and the UE does not pass the authentication.
  • Step 704 When the authentication information received by the BNG is that the UE passes the authentication, the BNG sends a DHCP Request message to the DPCH server. If the authentication fails, the BNG replies to the UE and rejects the response.
  • Step 705 After receiving the DHCP Request message sent by the BNG, the DHCP server returns a DHCP Reply message, which carries the IPv6 address prefix ⁇ Frame-IPv6-Prefix ⁇ .
  • Step 706 After receiving the DHCP Reply message replied by the DHCP server, the BNG sends a Router Advertisement message to the UE, where the IPv6 address prefix ⁇ Frame-IPv6-Prefix ⁇ is carried.
  • Step 707 The BNG sends a RADIUS Accounting Start packet to the AAA. After receiving the RADIUS Accounting Start packet, the AAA starts charging.
  • FIG. 8 is a schematic flowchart of Embodiment 6 of the method for implementing the authentication notification according to the present invention.
  • the non-BBF UE accesses the BBF access network, requests the IPv6 address through the DHCP Solicit message, and the BNG checks whether the UE passes the authentication.
  • the UE obtains the authentication information of the UE, and obtains the authentication information of the UE from the AAA.
  • the BNG triggers the DHCP server to allocate an IPv6 address to the UE.
  • the method includes the following steps. :
  • Step 801 The UE sends a DHCP Solicit message to the BNG, where the MAC address of the UE is carried.
  • Step 802 After receiving the Router Solicitation message sent by the UE, the BNG checks whether the MAC address of the UE is authenticated. The UE does not pass the authentication in advance, or the UE passes the authentication, but the AAA does not send the MAC address of the UE to the BNG. Therefore, when the BNG checks whether the MAC address of the UE is authenticated, the BNG finds that there is no authentication information of the UE, that is, the BNG does not know whether the UE is authenticated, and the BNG sends an inquiry authentication information packet to the AAA, where the BNG carries The MAC address of the UE.
  • Step 803 After receiving the query authentication information packet sent by the BNG, the AAA queries the locally stored authentication information of the UE corresponding to the MAC address according to the MAC address, and sends the authentication information to the BNG.
  • the authentication information is the UE. Passed authentication and the UE did not pass the certification.
  • Step 804 When the authentication information received by the BNG is that the UE passes the authentication, the BNG sends a DHCP Solicit message to the DPCH server. If the authentication fails, the BNG replies to the UE rejecting the response message.
  • Step 805 After receiving the DHCP Solicit message sent by the BNG, the DHCP server returns a DHCP Advertise message to the BNG.
  • Step 806 After receiving the DHCP Advertise message replied by the DHCP server, the BNG forwards the DHCP Advertise message to the UE.
  • Step 807 After receiving the DHCP Advertise message sent by the BNG, the UE sends a DHCP Request message to the BNG.
  • Step 808 After receiving the DHCP Request message sent by the UE, the BNG sends the DHCP Request message to the DHCP server.
  • Step 809 After receiving the DHCP Request message sent by the BNG, the DHCP server sends a DHCP Reply message to the BNG, which carries the IPv6 address ⁇ Frame-IPv6-Address ⁇ .
  • Step 810 After receiving the DHCP Reply message replied by the DHCP server, the BNG sends a DHCP Reply message to the UE, which still carries the IPv6 address ⁇ Frame-IPv6-Address ⁇ .
  • Step 811 The BNG sends a RADIUS Accounting Start packet to the AAA. After receiving the RADIUS Accounting Start packet, the AAA starts charging.
  • FIG. 9 is a schematic flowchart of Embodiment 7 of the method for implementing the authentication notification according to the present invention.
  • the non-BBF UE accesses the BBF access network, requests the IPv4 address through the DHCP Discover message, and the BNG checks whether the UE passes the authentication.
  • the authentication information of the UE is obtained, the authentication information of the UE is obtained from the AAA, and after determining that the UE passes the authentication according to the authentication information, the BNG is triggered.
  • Step 901 The UE sends a broadcast DHCP Discover message on the physical subnet for searching for an available DHCP server.
  • Step 902 The DHCP Discover message is a broadcast message, so the RG can receive the message from the UE, and the RG forwards the DHCP Discover message received by the UE to the BNG.
  • Step 903 After receiving the DHCP Discover message sent by the UE, the BNG checks whether the MAC address of the UE is authenticated. The UE does not pass the authentication in advance, or the UE passes the authentication, but the AAA does not send the MAC address of the UE to the BNG. Therefore, when the BNG checks whether the MAC address of the UE is authenticated, the BNG finds that there is no authentication information of the UE, that is, the BNG does not know whether the UE passes the authentication, and the BNG sends a query authentication information packet to the AAA, where the MAC address of the UE is carried.
  • Step 904 After receiving the query authentication information packet sent by the BNG, the AAA queries the locally stored authentication information of the UE corresponding to the MAC address according to the MAC address, and sends the authentication information to the BNG.
  • the authentication information is the UE. Passed authentication and the UE did not pass the certification.
  • Step 905 When the authentication information received by the BNG is that the UE passes the authentication, the BNG sends the DHCP Discover message to the DHCP server. If the authentication fails, the BNG replies to the UE rejecting the response message.
  • Step 906 After receiving the DHCP Discover message, the DHCP server is equivalent to receiving the IP lease request from the BNG for the DHCP server, so the DHCP server provides an IP lease and reserves an IP address for the UE, and then replies to the BNG.
  • DHCP Offer packet carrying the IPv4 address ⁇ IPv4 Address ⁇ .
  • Step 907 After receiving the DHCP Offer message replied by the DHCP server, the BNG forwards the packet to the RG, which still carries the IPv4 address ⁇ IPv4 Address ⁇ .
  • Step 908 after receiving the DHCP Offer message sent by the BNG, the RG replies to the DHCP with the UE. Offer message, which carries the IPv4 address ⁇ IPv4 Address ⁇ .
  • Step 909 The UE sends a DHCP Request message to the RG and all other DHCP servers, where the IP of the DPCH server providing the IP lease is used to notify all other DHCP servers that they have accepted an IP lease.
  • Step 910 The RG forwards the DHCP Request message received by the UE to the BNG.
  • Step 911 After receiving the DHCP Request message, the BNG sends a DHCP Request message to the DHCP server.
  • Step 912 After receiving the DHCP Request message sent by the BNG, the DHCP server returns a DHCP Ack message to the BNG.
  • Step 913 After receiving the DHCP Ack reply from the DHCP server, the BNG replies to the DHCP Ack message to the RG.
  • Step 914 After receiving the DHCP Ack packet, the RG replies to the DHCP Ack packet to the UE.
  • a non-BBF UE accesses a BBF access network, requests an IP address, and the RG checks whether the UE passes the authentication. When it is determined that the UE does not pass the authentication, the refusal is performed. When the UE is authenticated, the RG notifies the BNG that the UE is authenticated, and the BNG triggers the DHCP server to allocate an IP address to the UE. As shown in FIG. 10, the method includes the following steps:
  • Step 1001 The UE sends a broadcast DHCP Discover message on the physical subnet for searching for an available DHCP server.
  • Step 1002 The RG can receive the packet from the UE. After receiving the DHCP Discover message, the RG checks whether the MAC address of the UE passes the authentication. If the authentication fails, the RG does not pass the authentication. The process of rejecting the UE is terminated, and the process ends; if the authentication is passed, the RG sends the DHCP Discover message to the BNG.
  • Step 1003 After receiving the DHCP Discover message sent by the RG, the BNG determines that the UE is authenticated, and can allocate an IP address to the UE. Therefore, the BNG directly forwards the DHCP Discover message to the DHCP server, and triggers the DHCP server to allocate an IP address to the UE. .
  • Step 1004 After receiving the DHCP Discover message, the DHCP server is equivalent to receiving the IP lease request from the BNG for the DHCP server, so the DHCP server provides an IP lease and reserves an IP address for the UE, and then replies to the BNG.
  • DHCP Offer packet carrying the IPv4 address ⁇ IPv4 Address ⁇ .
  • Step 1005 After receiving the DHCP Offer message replied by the DHCP server, the BNG forwards the packet to the RG, which still carries the IPv4 address ⁇ IPv4 Address ⁇ .
  • Step 1006 After receiving the DHCP Offer message sent by the BNG, the RG replies to the UE with DHCP.
  • Offer message which carries the IPv4 address ⁇ IPv4 Address ⁇ .
  • Step 1007 The UE sends a DHCP Request message to the RG and all other DHCP servers, where the IP of the DPCH server providing the IP lease is used to notify all other DHCP servers that they have accepted an IP lease.
  • Step 1008 The RG forwards the DHCP Request message received by the UE to the BNG.
  • Step 1009 After receiving the DHCP Request message, the BNG sends a DHCP Request message to the DHCP server.
  • Step 1010 After receiving the DHCP Request message sent by the BNG, the DHCP server returns a DHCP Ack message to the BNG.
  • Step 1011 After receiving the DHCP Ack replied by the DHCP server, the BNG reply
  • the DHCP Ack packet is sent to the RG.
  • Step 1012 After receiving the DHCP Ack packet, the RG replies to the DHCP Ack packet to the UE.
  • FIG. 11 is a schematic structural diagram of Embodiment 1 of the present invention for implementing an authentication notification system. As shown in FIG. 11, the system includes: BBF AAA111 and BNG112; among them,
  • BBF AAA111 configured to send the MAC address of the UE to the BNG 112 when the UE accesses the BBF access network and passes the authentication
  • the BNG 112 is configured to receive a MAC address of the UE.
  • the BNG 112 is further configured to: when the UE requests an IP address, and determine that the UE passes the authentication, trigger the DHCP server to allocate an IP address to the UE.
  • FIG. 12 is a schematic structural diagram of Embodiment 2 of the present invention for implementing an authentication notification system. As shown in FIG. 12, the system includes: BNG121 and AAA122; among them,
  • the BNG121 is configured to: when the UE accesses the BBF to access the network, and requests the IP address, check whether the UE passes the authentication, and when it is determined that there is no authentication information of the UE, obtain the authentication information of the UE from the AAA 122;
  • the AAA 122 is configured to provide the UE with the authentication information of the BNG.
  • the BNG 121 is further configured to: after determining that the UE passes the authentication according to the authentication information, trigger the DHCP server to allocate an IP address to the UE.
  • FIG. 13 is a schematic structural diagram of Embodiment 3 of the present invention for implementing an authentication notification system.
  • the system includes: RG131 and BNG132; among them,
  • RG131 configured to: when the UE accesses the BBF to access the network, and requests the IP address, check whether the UE passes the authentication, and when it is determined that the UE passes the authentication, notify the BNG 132 that the UE passes the authentication;
  • the BNG 132 is configured to receive a notification that the UE passes the authentication.
  • the BNG 132 is further configured to: trigger a DHCP server to allocate an IP address to the UE.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

L'invention concerne un procédé et un système de notification d'authentification. Le procédé comprend les étapes suivantes : lorsqu'un équipement utilisateur (UE) accède à un réseau d'accès Broadband Forum (BBF) et réussit une authentification, une unité d'authentification, d'autorisation et de comptabilisation (AAA) de BBF envoie l'adresse de commande d'accès au support (MAC) de l'UE à un dispositif de commande de passerelle de réseau à large bande (BNG); ou lorsque l'UE accède au réseau d'accès BBF et demande une adresse IP, la BNG vérifie ou non que l'UE a réussi une authentification, et une fois déterminé qu'il n'existe pas d'informations d'authentification relatives à l'UE, la BNG obtient les informations d'authentification relatives à l'UE provenant de l'AAA; ou lorsque l'UE accède au réseau d'accès BBF et demande une adresse IP, une passerelle résidentielle (RG) vérifie si l'UE a réussi une authentification, et une fois déterminé que l'UE a réussi une authentification, le RG notifie à la BNG que l'UE a réussi une authentification. Cette solution permet au BNG de savoir si l'accès demandant l'UE a réussi ou non une authentification à temps.
PCT/CN2012/071293 2011-04-21 2012-02-17 Procédé et système d'authentification de notification WO2012142867A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201110100677.9A CN102752746B (zh) 2011-04-21 2011-04-21 一种认证通知方法及系统
CN201110100677.9 2011-04-21

Publications (1)

Publication Number Publication Date
WO2012142867A1 true WO2012142867A1 (fr) 2012-10-26

Family

ID=47032599

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2012/071293 WO2012142867A1 (fr) 2011-04-21 2012-02-17 Procédé et système d'authentification de notification

Country Status (2)

Country Link
CN (1) CN102752746B (fr)
WO (1) WO2012142867A1 (fr)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103152332A (zh) * 2013-02-17 2013-06-12 中兴通讯股份有限公司 一种web服务协助下的eap认证方法和设备
US20150295929A1 (en) * 2013-01-08 2015-10-15 Zte Corporation Method and system for wireless local area network user to access fixed broadband network

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103796245B (zh) * 2012-10-29 2019-01-25 中兴通讯股份有限公司 数据报文的管理方法、装置及系统
CN106341374B (zh) * 2015-07-10 2020-09-29 中兴通讯股份有限公司 一种限制非许可用户设备接入家庭网关的方法和装置

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101369893A (zh) * 2008-10-06 2009-02-18 中国移动通信集团设计院有限公司 一种对临时用户进行局域网络接入认证的方法
CN101795449A (zh) * 2010-01-07 2010-08-04 杭州华三通信技术有限公司 一种无线网络中终端的接入控制方法和设备

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101355550B (zh) * 2007-07-27 2011-12-21 中国电信股份有限公司 配合电信宽带aaa系统作宽带信息推送的方法和系统

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101369893A (zh) * 2008-10-06 2009-02-18 中国移动通信集团设计院有限公司 一种对临时用户进行局域网络接入认证的方法
CN101795449A (zh) * 2010-01-07 2010-08-04 杭州华三通信技术有限公司 一种无线网络中终端的接入控制方法和设备

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
"3rd GERERATION PARTNTRSHIP PROJECT.", 3GPP TS 33.402 V8.3.1., March 2009 (2009-03-01) *
ERICSSON.: "FMC10030, FMC Policy Interworking.", 3GPP/BBF WORKSHOP ON FMC, 19 February 2010 (2010-02-19) *

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20150295929A1 (en) * 2013-01-08 2015-10-15 Zte Corporation Method and system for wireless local area network user to access fixed broadband network
US9749320B2 (en) * 2013-01-08 2017-08-29 Zte Corporation Method and system for wireless local area network user to access fixed broadband network
CN103152332A (zh) * 2013-02-17 2013-06-12 中兴通讯股份有限公司 一种web服务协助下的eap认证方法和设备
CN103152332B (zh) * 2013-02-17 2018-02-16 中兴通讯股份有限公司 一种web服务协助下的eap认证方法和设备

Also Published As

Publication number Publication date
CN102752746B (zh) 2018-01-19
CN102752746A (zh) 2012-10-24

Similar Documents

Publication Publication Date Title
US10448250B2 (en) Communication system, connection control apparatus, mobile terminal, base station control method, service request method, and program
EP3154306B1 (fr) Établissement d'une connexion de réseau
US20080219230A1 (en) Method and system for authentication of WLAN terminal interworking with broadband wireless access network
US9271318B2 (en) Internet protocol address registration
WO2012130085A1 (fr) Procédé et dispositif destinés à établir une connexion avec un système de gestion de réseau, et système de communication
US20130267203A1 (en) Sending plmn id at a shared wifi access
WO2016029953A1 (fr) Identité d'équipement utilisateur valide pour des réseaux hétérogènes
JP6063564B2 (ja) モバイル・ネットワークにアクセスするための方法、装置、及びシステム
US20160241600A1 (en) Lawful interception in a wi-fi / packet core network access
WO2009152676A1 (fr) Serveur aaa, p-gw, pcrf, procédé et système d'obtention de l'identifiant d'un équipement utilisateur
CN103796281A (zh) 分组数据网络类型的管理方法、装置及系统
US8830954B2 (en) Protocol for communication between mobile station and WiMAX signaling forwarding function
WO2012130133A1 (fr) Point d'accès et procédé d'accès par un terminal
WO2007128239A1 (fr) Système d'implémentation d'ipv6 mobile et procédé d'établissement de lien utilisateur dans le système
WO2009052723A1 (fr) Procédé d'attribution de pointeur de passerelle, dispositif côté réseau et terminal utilisateur
WO2012142867A1 (fr) Procédé et système d'authentification de notification
US8458773B2 (en) Method, device, and system for authentication
WO2012152102A1 (fr) Procédé et système de notification d'informations d'utilisateur
US20110107403A1 (en) Communication system, server apparatus, information communication method, and program
WO2014107969A1 (fr) Procédé et système d'allocation d'adresses d'utilisateur dans une interaction de réseau local sans fil/réseau fixe
WO2013023591A1 (fr) Procédé et dispositif pour sélectionner un serveur de règles
WO2009089773A1 (fr) Procédé et système d'authentification d'accès multi-hôte pour réseau wimax
WO2014121613A1 (fr) Procédé et dispositif correspondant pour acquérir des informations de localisation
WO2014032542A9 (fr) Procédé et système pour la configuration d'une pluralité de connexions
WO2009129730A1 (fr) Procédé, dispositif et système d'enregistrement dans un système d'interface de service universelle

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 12773708

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 12773708

Country of ref document: EP

Kind code of ref document: A1