CN1553741A - Method and system for providing user network roam - Google Patents
Method and system for providing user network roam Download PDFInfo
- Publication number
- CN1553741A CN1553741A CNA031380441A CN03138044A CN1553741A CN 1553741 A CN1553741 A CN 1553741A CN A031380441 A CNA031380441 A CN A031380441A CN 03138044 A CN03138044 A CN 03138044A CN 1553741 A CN1553741 A CN 1553741A
- Authority
- CN
- China
- Prior art keywords
- roaming
- aaa server
- user
- aaa
- server
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Abstract
A method for providing network roaming service to users and its system set roaming retransmit equipment at each operator network, the roaming retransmit equipment comprises the high layer AAA server of same operator in HCS, the central AAA server star-like network, the boarder AAA gateways of different operator, the boarder AAA gateway among multi operators and the AAA gateway of roaming union. It can configure the connection relationship at several limited equipments.
Description
Invention field
The present invention relates to data communication network, particularly provide netsurfing service method and system for the user.
Background technology
Modern society has entered information-intensive society, and communication network has been applied to the various aspects of entire society as the carrier of information.The communication technology commonly used has Ethernet, Token Ring, FR (frame relay), IP (Internet Protocol), ATM (asynchronous transfer mode) or the like, the local area network (LAN) that communication network commonly used is made up of Ethernet, the wide area network that TCP/IP forms and INTERNET (internet) or the like.
In real network, PC (personal computer) can have multiple mode with being connected of network, for example by LAN Switch (Ethernet switch), AP (WAP (wireless access point)), VDSL (Very-high-speed Digital Subscriber Line road), ADSL mode access networks such as (Asymmetric Digital Subscriber Loop (ADSL)).
In the network of needs management, need to place AAA (authentication) servers such as RADIUS (remote subscriber is dialled in authentication service) certificate server, the legitimacy of coming identifying user identity.In addition, in actual applications, for guaranteeing the fail safe and the managerial demand of network, the general requirement carried out authentication to the client, to guarantee that the client reasonably enjoys the network service that operator provides.Authentification of user means commonly used have a variety of, for example PPPoE (peer-peer protocol of Ethernet bearing) authentication, WEB authentication and 802.1X authentication etc.
In actual applications, a user's information generally all can be stored in the aaa server that this user opens an account, and is called " ownership place " aaa server, and the network that the user opens an account is called " ownership place " network.The user can use in the whole network that network provider NSP/ISP provides after the information of opening an account that obtains online (including but not limited to information such as usemame/password, smart card).Therefore, from geography, the user can be from any one local online on NSP/ISP (Internet Service Provider/network access provider) network.Be not in the user under the situation of belonging area network (i.e. roaming), the network that the user inserts is called " roaming place " network, the place that the user inserts also authenticates, authorizes, charges by aaa server, and this aaa server is called " roaming place " aaa server.
With an ISP (network access provider) who is provided at Beijing and Nanjing access is example.The party A-subscriber is Beijing user, and promptly its ownership place aaa server is in Beijing.When the party A-subscriber need use Network in Nanjing from the same ISP network in Nanjing, during such as accessing WWW website etc., just need provide the netsurfing service for it.
At this moment, for the party A-subscriber, Nanjing is " roaming place ", and the aaa server that Nanjing is inserted is " roaming place " aaa server.Because party A-subscriber's information is in Beijing, therefore, " roaming place " aaa server in Nanjing must can obtain party A-subscriber's information from Pekinese's ownership place aaa server.
Now, there is the roaming service function enterprise and operation commercial city, but its scale is all smaller.Present authentication and accounting server networking all is netted networking.Interconnect between the different operators or not, or be exactly netted networking between limited several the aaa servers).From the physical equipment connection angle, connect by telecommunications network/internet between each aaa server, shown in Fig. 1 (a).Connecting from logic, is mesh network between the actual aaa server, and each aaa server all and between other all aaa servers has connection.Shown in Fig. 1 (b).
When authentification of user, charging, what use all is user name, wherein user account number name composition is " a user name @ domain name ", identification between roaming place and the ownership place all is by the domain name in " user name @ domain name " at present, and for example " chinatelecom.sh.com " in " user@chinatelecom.sh.com " discerns.For example, domain name is that chinatelecom.sh.com represents that this user aaa server of opening an account is the aaa server of Shanghai telecommunications.And " 163.com " in " user@163.com " represents that this user aaa server of opening an account is that the ownership place aaa server is in Guangdong Telecom.
There are the following problems for above-mentioned prior art:
1. because all aaa servers are netted connections, all aaa servers all must be known other, and there is the aaa server of annexation in all, need on each aaa server, be configured, therefore, the increase of domain name, deletion and change often involve all aaa servers of whole net, maintenance is very big, and maintenance difficulties is also very big.
2., must know AAA configuration each other, so fail safe is very poor if adopt netted connection between different operators, the enterprise.And owing to problem of management between the operator, be difficult to synchronously, maintenance difficulties is very big.
3. owing to be netted connection between the aaa server, all authentications, charge information all disperse to carry out, and can't unify clearing between the same operator of zones of different and the different operators.
4. between each operator, the enterprise during intercommunication, all be to decide through consultation bilateral agreements, therefore, when operator or enterprise will be with a plurality of operators or enterprise's intercommunications, repeatedly decide through consultation bilateral agreements.Difference is not only arranged between agreement, very inconvenient, and also difficulty is also bigger technically.
5. because access server or similar access device also need to dispose the relation of all aaa server correspondences, often an access device can only dispose limited domain name relation, and therefore, autgmentability is poor, and maintenance is big.
Summary of the invention
Therefore, purpose of the present invention is exactly will overcome prior art in the above-mentioned defective that realizes that user's roaming service function aspects exists.
According to a first aspect of the invention, provide a kind of method that roaming service is provided for the user in said system, this method comprises:
(1) user profile is obtained in the roaming place access device access request of sending according to roamer's customer terminal equipment;
(2) the roaming place access device is sent to the roaming place aaa server with user profile and authenticates;
(3) the roaming place aaa server is discerned user profile, when being defined as the roamer, this user's authentication information is sent to the roaming retransmission unit, and the aaa server that sends to this user ascription area by the roaming retransmission unit authenticates;
(4) aaa server of this user ascription area judges according to user profile whether the user is legal, then authentication success/failure message is sent to described roaming place aaa server by the roaming retransmission unit;
(5) if the aaa server of this user ascription area sends is the authentication success message, then described roaming place aaa server will notify described roaming place access device to give subscriber authorisation; If what send is the authentification failure message, then refusing provides access service for this user;
(6) after to the success of described authentification of user, described roaming place access device sends to charge to described roaming place aaa server and begins request;
(7) described roaming place aaa server is forwarded to described user ascription area aaa server with charging message by described roaming retransmission unit and charges.
Authentication described in the present invention and charging method can adopt for example usual manner such as PPPoE, 802.1X, WEB authentication.Though it will be understood by those skilled in the art that in the process of various authentication methods, difference slightly between access device and the aaa server does not produce substantial difference in said method of the present invention.
According to a second aspect of the invention, a kind of system that roaming service is provided for the user is provided, this system comprises: client terminal, access device and aaa server, wherein access device is used to client terminal that access service is provided, described aaa server is used for message identifying to the client terminal that inserts device forwards and authenticates and charge to inserting successful client terminal, it is characterized in that, described system also comprises the roaming retransmission unit, is used for transmitting between roamer's roaming place aaa server and ownership place aaa server roamer's authentication and charge information.
In said system of the present invention, the AAA gateway of center aaa server, operator edge when the roaming retransmission unit can comprise the high-rise aaa server in the same carrier network of layering networking, starlike networking.
In said system of the present invention, roaming territory module can be set in described access device or the aaa server, be used for configuration path information, be configured on the roaming retransmission unit that can find the user ascription area aaa server with authentication and charge information the roamer.
The present invention has following advantage:
1, for same operator or enterprise, only need on several limited aaa servers, dispose the annexation of roaming, maintenance is little.
2, pass through aaa server gateway forwards user authentication information and charge information between different operators, the enterprise, thereby interconnected, safe, easy to operate by gateway each other, maintenance is few.In addition, interconnected by the AAA gateway, all authentications, charge information are all unified to carry out, and can unify clearing, statistics between the zones of different of same operator and the different operators.
3, want and when a plurality of operator or enterprise's intercommunication when an operator or enterprise, if decide through consultation agreement can and all operators or enterprise's intercommunication, agreement is in full accord, technical difficulty is low, decides through consultation that the time short.
4, access device or similarly access device do not need to dispose the relation of all aaa server correspondences, as long as relation and a roaming relationships of configuration core, favorable expandability, and can realize that zero dimension protects to access device.
Description of drawings
By detailed explanatory note and in conjunction with the following drawings, above-mentioned purpose of the present invention, feature and the advantage easy to understand more that will become, wherein:
Fig. 1 (a) and (b) be the schematic diagram of explanation existing aaa server netted networking mode;
Fig. 2 is the schematic diagram of explanation aaa server networking mode of same operator in the preferred embodiment of the invention, and wherein Fig. 2 (a) is the layering networking mode; Fig. 2 (b) is starlike networking mode;
Fig. 3 is the flow chart that in the layering networking mode high-rise aaa server is configured;
Fig. 4 is the schematic diagram of explanation according to networking mode between two different operators of the preferred embodiment of the invention;
Fig. 5 is the schematic diagram of explanation according to preferred embodiment of the invention networking mode between a plurality of different operators;
Fig. 6 is that explanation is according to user's roaming authentication of the preferred embodiment of the invention, the flow chart of charging flow;
Fig. 7 is the sequential chart of explanation according to the protocol adaptation process of the preferred embodiment of the invention, and wherein Fig. 7 (a) represents the adaptation procedure between the same protocol, the adaptation procedure between Fig. 7 (b) expression different agreement.
Embodiment
Specify the preferred embodiments of the invention below in conjunction with accompanying drawing.
In the present invention, can adopt PPPoE authentication and charging, WEB authentication and charging and the methods such as 802.1X authentication and charging of aforesaid routine to the method for authentification of user and charging.Be that example illustrates with PPPoE authentication and charging in this manual.
Embodiment 1: the roaming of zones of different in same operator/enterprise
The subject matter of same operator/enterprise is netted connectivity problem, and just therefore the N2 problem of often saying, can adopt other networking modes, includes but not limited to that hierarchical network and star-network address this problem.
In one embodiment of the invention, the layering networking is shown in Fig. 2 (a), and is not interconnected between the bottom aaa server, connects to form mesh network or half-mesh network by the whole net of configuration between the high-rise aaa server, thereby alleviated maintenance workload greatly, generally can reduce an order of magnitude.
Wherein, typical configuration for example is between high-rise aaa server:
[user data part]
User name=lisi@local.com
Attribute=domestic consumer
Next authentication master server=
Next authentication be equipped with server=
Next charging master server=
Next charge be equipped with server=
Here need explanation, the equal sign back does not have next server for empty this user of expression is local aaa authentication user (domain name is local.com) in the top configuration.
User name=zhangsan@beijing.com
Attribute=proxy user
Next authentication master server=10.1.1.1:1812
Next authentication is equipped with server=10.1.1.2:1812
Next charging master server=10.1.1.3:1813
The next charging is equipped with server=10.1.1.4:1813
Share key=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
[domain name part]
Domain name=roaming
Attribute=proxy
Next authentication master server=10.1.1.1:1812
Next authentication is equipped with server=10.1.1.2:1812
Next charging master server=10.1.1.3:1813
The next charging is equipped with server=10.1.1.4:1813
Share key=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
[default (default)]
An attribute=proxy! Perhaps discard (abandoning) etc.
Next authentication master server=10.1.1.1:1812
Next authentication is equipped with server=10.1.1.2:1812
Next charging master server=10.1.1.3:1813
The next charging is equipped with server=10.1.1.4:1813
Share key=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
More than provided a simple exemplary configuration file, so that the method that layering networking aaa server on the middle and senior level is configured to be described.In the middle of reality, generally can pass through text, binary file and database mode storage, carry out above-mentioned configuration by manual edit, configuration interface such as order line or GUI (graphic user interface).Concrete handling process as shown in Figure 3.
Illustrate that below in conjunction with Fig. 3 high-rise aaa server determines process to the processing policy of roamer's message identifying according to above-mentioned configuration:
1) when high-rise aaa server is received user RADIUS message, parses the RADIUS message attribute;
2) according to the strategy of various routines, and exception handles (for example in the code fixedly special data strategy, system manager's data policy or the like), judges whether to be configured searching of data.If change step 3); If not, then change step 8).
3) judge according to the content of user data part, if can find corresponding data from the user data part, then judge that with configured strategy in these data subsequent treatment is to carry out authentication and accounting, still carry out RADIUS Proxy (being the agency that remote subscriber is dialled in authentication service), and other modes are as abandoning, force failure or the like.Simultaneously, also to judge the parameter that some are auxiliary, such as next step authentication and accounting server address, the port numbers of RADIUS Proxy, share key or the like.Be noted that especially sharing key can expressly also can preserve by symmetry/asymmetric cryptosystem mode, as DES, 3DES etc. commonly used.
4) if do not find user data, then change step 5); If find user data, then change step 8).
5) judge according to the content in the numeric field data part, if the numeric field data part can find corresponding data, judge that with this data institute configured strategy next step processing is to carry out authentication and accounting, still carries out RADIUS Proxy, and other modes are forced failure or the like as abandoning.Simultaneously, also to judge the parameter that some are auxiliary, such as next step authentication and accounting server address, the port numbers of RADIUS Proxy, share key or the like.Be noted that especially sharing key can expressly also can preserve by symmetry/asymmetric cryptosystem mode, as DES, 3DES etc. commonly used.
6) if do not find numeric field data, then change step 7); If the numeric field data of finding is then changeed step 8).
7) use the default configuration data.
8) the user's message processing policy has been searched for and has been finished, and the processing policy according to finding is for further processing, and comprises that RADIUS transmits, authenticates, charges, abandons or the like.
According to above-mentioned configuration and processing procedure, all bottom aaa servers need only numeric field data of configuration or default data, thereby can alleviate maintenance workload greatly, generally can reduce an order of magnitude.But between the high-rise aaa server, need dispose completely according to the territory of roaming.For example the A server has 10 roaming territories to the B server, and the A server has 5 roaming territories to the C server, and the A server need dispose 15 roaming territories like this, and other B, C server are too.Be configured as netted as required or the half-mesh network.
The layering network's mode can be two-layer, also can be multilayer.
In another embodiment of the invention, also can adopt star-network to carry out the networking of aaa server, shown in Fig. 2 (b).
Its concrete configuration format is identical with above-mentioned layering network's mode with handling process.
Therefore, when configuration, the edge aaa server on all star-networks needs only numeric field data of configuration or default data, thereby can alleviate maintenance workload greatly, generally can reduce an order of magnitude.And on the aaa server of the Centroid in star-network, similar with the high-rise aaa server in the above-mentioned layering networking, need dispose completely according to the territory of roaming.That is, corresponding configuration all should be found in whole online all roaming territories on the Centroid aaa server.
In actual networking, can be used in combination that netted/half is netted, stratiform, starlike or the like multiple network a certain, perhaps multiple being used in combination.
It is example with the authentication of PPPoE that the user roams access process, as shown in Figure 5.Detailed process is as follows:
1) pppoe client sends a PADI (PPPoE activates and finds initial message) message to the PPPoE server apparatus, and beginning PPPoE inserts.
2) the PPPoE server sends PADO message (PPPoE activates and finds to provide message) to client.
3) client is initiated PADR (PPPoE activates and finds request message) request and is given the PPPoE server according to response.
4) the PPPoE server produces a session id (session identification), issues client by PADS (PPPoE activates and finds the session message).
5) LCP (LCP) that carries out PPP (peer-peer protocol) between client and the PPPoE server consults, and sets up link layer communications.Simultaneously, consult to use CHAP (Challenge Handshake Authentication Protocol) authentication mode.
6) the PPPoE server sends to Authentication Client by Challenge (inquiry) message, and the Challenge (being the random words that server produces) of one 128 bit is provided.
7) after client is received the Challenge message, password and Challenge with known MD5 algorithm process, are sent to the PPPoE server to it then in Response (response) message.
8) the PPPoE server is delivered to roaming place RADIUS (remote subscriber is dialled in authentication service) subscriber authentication server (being aaa server) together with Challenge, Challenge-Password and user name and is authenticated.
9) identification is a roamer to roaming place radius user certificate server according to user name, its ownership place is for example in Beijing, so just earlier this message identifying is forwarded to intermediary aaa server, the central contact aaa server when high-rise aaa server the when aaa server of this centre generally is the layering networking or starlike networking.Intermediary aaa server mainly is a function of finishing Proxy (acting server), for example is the radius proxy server, carries out the typical RADIUS Proxy function of RFC2865, RFC2866, RFC2869 as is well known.The authentication that " roaming place " aaa server is sent thus, charging message dispose the path of seeking " ownership place " aaa server according to domain name, send to next intermediary aaa server then, up to sending to " ownership place " aaa server.Intermediary aaa server can be in the same zone, also can be in zones of different.Intermediary aaa server is not generally directly done authentification of user, billing function, but according to the routing information that various domain names dispose, transmits authentication, charging message.
10) ownership place radius user certificate server judges according to user profile whether the user is legal, will respond authentication success/failure message then and send to roaming place radius user's certificate server by intermediary aaa server resembling in step 9).
11) roaming place radius user certificate server is forwarded to the PPPoE server with authentication success/failure message.If success is then carried consultation parameter and user's related service attribute and is given subscriber authorisation.If authentification failure, then flow process leaves it at that.
12) the PPPoE server returns to client with authentication result.
13) user carries out NCP (Network Control Protocol) (is IP control protocol as IPCP) negotiation, gets access to the parameters such as IP address of planning by the PPPoE server.
14) if authentication is successful, the PPPoE server is initiated to charge and is begun to ask to give roaming place radius user's accounting server.
15) roaming place radius user accounting server finds that the user is the roamer, its ownership place is in Beijing, so just as above-mentioned steps 9) this charging message is forwarded to ownership place radius user accounting server by intermediary aaa server, carry out real charging.
16) ownership place radius user accounting server is responded the beginning response message that charges, and is transmitted to roaming place radius user's accounting server by intermediate server.
17) charging that will respond of roaming place radius user accounting server begins response message and is transmitted to the PPPoE server.
The user passes through authentication at this moment, and has obtained legal authority, can normally accept the network service.
When the user wished to stop Network, equally also can disconnect network by PPPoE and connect, this moment can be according to 14)~17) in process send to charge and stop message.
As mentioned above, in this embodiment, when user's authentication, charging message are transmitted between " roaming place " aaa server and " ownership place " aaa server (mainly in step 9), 10) and 15), 16) in), be through middle a plurality of aaa servers.
Roam between 2: two different operators/enterprises of embodiment
An AAA gateway is set on each operator/enterprise border, and when the user roamed between two operator/enterprises, this gateway was all walked in all each other authentications, the roaming of chargeing.All aaa servers except configuration local user authentication, charge information, all are configured as all roamers' domain name the default path or the roaming path of AAA gateway.The concrete configuration process is with top identical to the configuration in layering networking or the starlike networking.Each aaa server in the network need not to dispose the path of each roaming domain name correspondence.Like this, when safeguarding between two networks, every increase, deletion, new domain name of modification only need carry out corresponding path and revise on this AAA gateway, and the aaa server in the network do not need to do change, thereby reduced maintenance workload.
Simultaneously,, therefore, can on the AAA gateway, carry out protocol adaptation, carry out unified authentication statistics, charge accounting by the AAA gateway mode because the agreement that different operators adopts may be different.Protocol adaptation has RADIUS-RADIUS, RADIUS-DIAMETER etc. at present, and these agreements can be unidirectional adaptive, but generally all be two-way adaptive.
Protocol adaptation has two kinds of methods:
1. when using,, need the process of a conversion, promptly on gateway, carry out the attribute conversion, to satisfy the requirement of gateway both sides because there is different separately requirements the gateway both sides to attributes such as authentication, charging in the agreement with a kind of agreement.Specifically, be example with RADIUS-RADIUS, AAA gateway processes sequential chart is shown in Fig. 7 (a).Below in conjunction with the adaptive flow process of Fig. 7 (a) description protocol:
1) some aaa servers send the RADIUS authentication request message to the AAA gateway, and its content typically comprises password of for example user name " zhangsan@beijing.com ", customer access equipment name, user etc.
2) the AAA gateway identifies and (generally can discern according to domain name simply, also can be in strict accordance with the identification of above-mentioned AAA handling process) message format of the message format of this aaa server and the aaa server of opposite side requires inconsistent, for example the aaa server of opposite side requires all user name capitalization, and require to provide the address of user roaming place aaa server, and the customer access equipment name must provide the digital coding of an access device correspondence, rather than name.At this moment, this AAA gateway is according to the requirement of this opposite side aaa server, all change the user name in the RADIUS message that receives into capitalization, increase the attribute of aaa server address, a user roaming place and insert the IP address of aaa server correspondence, last according to configured in advance good implementor name and digitally coded mapping table, change corresponding digital coding into.RADIUS after will changing then organizes the aaa server that bag sends to this opposite side again.
3) aaa server of above-mentioned opposite side returns to the AAA gateway with the authentication success message behind authentication success.The authentication success message generally comprises user name, customer access equipment name etc.
4) after above-mentioned AAA gateway receives this message, identify message format and do not match, handle according to the inverse process of above-mentioned protocol adaptation process.User name is kept or become small letter, according to configured in advance good implementor name and digitally coded mapping table, change the customer access equipment name into the corresponding equipment name from digital coding.
Other as RADIUS authentication message, charging message handling process also with the said process basically identical.
In above-mentioned protocol adaptation process, technology at present commonly used is the form mapping, i.e. best property of attribute mapping table between A of operator and the B of operator, thus when conversion, change and inverse conversion according to the conversion method of attribute in the form and regulation.
Certainly, the present invention is not limited to the method that the form seal is penetrated, and also can use method such as the software module or the plug-in method of other extensive uses.For example, the A of operator need and the B of operator between roam, then also can on the AAA gateway, increase a software module or plug-in unit is finished the protocol adaptation function.Wherein, change the AAA gateway software again or increase patch, finishing this function is the simplest method.
2. if use different agreements, for example RADIUS, DIAMETER agreements such as (a kind of enhancement mode aaa protocols of compatible radius protocol) so just needs gateway conversion, is converted into another protocol massages from a kind of protocol massages.With RADIUS-DIAMETER is example, and AAA gateway processes sequential chart is shown in Fig. 7 (b):
1) some aaa servers are initiated the RADIUS authentication request message to the AAA gateway, and content is typically as user name " zhangsan@beijing.com ", customer access equipment name, user's password etc.
2) the AAA gateway identifies (general simple can identification according to domain name, also can be in strict accordance with the identification of above-mentioned AAA handling process) message format of the message format of this aaa server and the aaa server of an other side requires inconsistent, the aaa server of a for example other side requires to use the DIAMETER agreement, and require all user name capitalization, require the address of user roaming place aaa server and the digital coding that the customer access equipment name must provide an access device correspondence are provided, rather than name.At this moment, the AAA gateway as requested, all change the user name in the RADIUS message that receives into capitalization, increase the attribute of aaa server address, a user roaming place and insert the IP address of aaa server correspondence, last according to configured in advance good implementor name and digitally coded mapping table, change corresponding digital coding into.Then new DIAMETER request group bag is sent to the aaa server of this other side.
3) aaa server of an above-mentioned other side returns to the AAA gateway with DIAMETER response message (comprising authentication success message) behind authentication success.The authentication success message generally comprises for example user name, customer access equipment name etc.
4) after the AAA gateway receives this message, identify message format and do not match, handle according to the inverse process of above-mentioned protocol adaptation process.With the DIAMETER protocol conversion is radius protocol, and user name kept or becomes small letter, according to configured in advance good implementor name and digitally coded mapping table, changes the customer access equipment name into the corresponding equipment name from digital coding.
Other as RADIUS authentication message, charging message and DIAMETER handling process also with the said process basically identical.
The adaptation procedure of agreement same as described above is similar, in the adaptation procedure of different agreement, technology at present commonly used is the form mapping, i.e. best property of attribute mapping table between A of operator and the B of operator, thus when conversion, change and inverse conversion according to the conversion method of attribute in the form and regulation.Method such as the software module or the plug-in method that can certainly adopt this area generally to use.Wherein the simplest method is to change the AAA gateway software again or increase patch, finishes this function.
User in this embodiment of the invention roams in the access process, basic identical in the basic and previous embodiment in step (1)-(8).Difference is, in step (9), identification is a roamer if roaming place radius user's certificate server is according to user name, and its ownership place server belongs to another operator, the so just first AAA gateway that this message identifying is forwarded to the roaming place.In the AAA gateway, use the Proxy function (the typical RADIUS Proxy function of RFC2865, RFC2866, RFC2869 as is well known) of standard, be forwarded on the ownership place AAA gateway.Ownership place AAA gateway also uses the Proxy function of standard message identifying to be forwarded on radius user's certificate server of ownership place to carry out real authentication.
In step (10), ownership place radius user certificate server judges according to user profile whether the user is legal, then authentication success/failure message is passed through ownership place AAA gateway and roaming place AAA gateway, is forwarded to roaming place radius user's certificate server.After this process with the step (11) of embodiment 1 to (13).
User's charging process is as follows:
14) if authentication is successful, the PPPoE server is initiated to charge and is begun to ask to give roaming place radius user's accounting server.
15) roaming place radius user accounting server finds that the user is the roamer, so just as above-mentioned steps 9) this charging message is forwarded to ownership place radius user accounting server by middle AAA gateway (roaming place AAA gateway and ownership place AAA gateway), carry out real charging.
16) ownership place radius user accounting server is responded the beginning response message that charges, and is transmitted to roaming place radius user's accounting server by middle AAA gateway (ownership place AAA gateway and roaming place AAA gateway).
17) charging that will respond of roaming place radius user accounting server begins response message and is transmitted to roaming place PPPoE server.
Embodiment 3: the roaming between a plurality of operators
When some specific users roam, can only be two roamings between operator's entity, but when the user who inserts on certain access device roams, will appear at the roaming between a plurality of operators.Judging the roaming between a plurality of operators, in fact is exactly the summation of judging some user's roaming conditions.
During intercommunication, all be to decide through consultation bilateral agreements, therefore between each operator, the enterprise, operator or enterprise in the time of will be with a plurality of operators or enterprise's intercommunication, repeatedly decide through consultation bilateral agreements, and difference is arranged between the agreement, very inconvenient, and technical difficulty is arranged.
By setting up a roaming alliance, in alliance, carry out all roaming data configurations, the operator, the enterprise that make all be linked into roaming alliance can roam mutually.And when operator or enterprise will be with a plurality of operators or enterprise's intercommunications, if with roaming alliance decide through consultation agreement can and all operators or enterprise's intercommunication, agreement is in full accord, technical difficulty is low, decides through consultation that the time short.
Simultaneously, roaming alliance is interconnected with the AAA gateway of each operator, enterprise network by the AAA gateway on border, and protocol adaptation, authentication statistics, charge accounting or the like can be provided.
In order to realize authentication statistics and charge accounting etc., at operator or the AAA of enterprise gateway, and on the AAA gateway of roaming alliance except message is transmitted, the protocol conversion, also authentication information, charge information storage, calculating to be gathered, thereby make the entity (for example between operator and the operator) of two connections can check detailed authentication, charge information (being reconciliation functions), and the statistics of the authentication information that gathers of both sides and the clearing of charge information.For example, between general operator and the operator billing agreements are arranged, suppose that charge information is is to be divided at 3: 7 between roaming place operator and the ownership place operator, the charge information after then basis gathers carries out revenue outturn.Therefore, in the present invention, will authenticate, charge information is stored on the AAA gateway, can adopt conventional authentication statistics, charge accounting and accounting checking method.
" roaming alliance " can refer to a tissue, can also refer to the aaa server of one group of unified configuration, management here.External from " roaming alliance ", just the somewhat similar above-mentioned AAA gateway of these aaa servers, but these aaa servers no longer are point-to-point relations, but the relation of a multi-to-multi.On above-mentioned gateway basis, carry out further requirement, comprise configuration, multi-to-multi adaptive etc. of multi-to-multi.Wherein Pei Zhi form and search procedure are as described in example 2 above, in this example, need in the aaa server that is exactly " roaming alliance " of additional description to need to dispose all relevant roaming relationships between the operator of each intercommunication, and the requirement of protocol adaptation during roaming.
Simultaneously, roaming alliance internal structure can be the netted interconnected of these aaa servers of roaming the alliance edges, and the networking of its inside also can be arranged, can be used in combination that netted/half is netted, stratiform, starlike or the like multiple network a certain, perhaps multiple being used in combination.Need explanation, the network that refers to here all is meant the direct logical network of aaa server, is not meant the physical connection network.
Whenever increasing, delete, revise a roaming client's information, for example domain name and ownership place aaa server information, roaming alliance inside will be configured modification, and inner all the edge aaa servers that link to each other with the roaming client of feasible roaming alliance are all known the information after the change.According to the inner networking structure difference of roaming alliance, roaming alliance internal configurations is changed also different.If netted/half-mesh network then needs each relevant edge aaa server all to revise; If the stratiform network then needs high-rise aaa server to revise; If star-network then needs the Centroid aaa server to revise.Other networks too, principle is exactly to provide correct AAA path after can guaranteeing to revise.
The protocol fitting method that the AAA gateway of roaming alliance is configured and is implemented between the AAA gateway between the concrete grammar that carries out protocol adaptation on the AAA gateway of roaming alliance and two the operator/enterprises is identical.
The user roams access process substantially as previously mentioned, and unique different place is that the user passes through to arrive between " roaming place " aaa server behind " ownership place " aaa server, also needs the AAA gateway through each middle entity, and the AAA gateway of roaming alliance.
Specifically, be the border with the AAA gateway exactly, intermediate entities generally is (roaming place aaa server →) AAA of this operator network → AAA of this operator gateway → roaming alliance → AAA of the opposite end operator gateway → AAA of opposite end operator network (→ ownership place aaa server).On each intermediate entities, all realize conventional Proxy function, for example RADIUS Proxy function.On the edge aaa server of roaming alliance, need do protocol adaptation.Illustrated identical among adaptation procedure and the embodiment 2, repeat no more.
The aaa server or the AAA gateway of roaming alliance are independent of each operator in logic, generally can be networks that independent body provides.But, also can cooperate between the operator, aaa server in the current own network or AAA gateway are marked the aaa server use that is used as roaming alliance.In addition, roaming alliance even can not be hardware independently, and only realize its function by a software module.On roaming alliance's gateway and the operator's gateway logic function is independently, but can for example realize on operator's gateway at same physical entity.
User at this embodiment 3 roams in the access process, basic identical in the basic and previous embodiment in step (1)-(8).Difference is, in step (9), identification is a roamer if roaming place radius user's certificate server is according to user name, and its ownership place server belongs to another operator, the so just first AAA gateway that this message identifying is forwarded to the roaming place.Each entity in the middle of passing through again.With the AAA gateway is the border, and intermediate entities generally is (roaming place aaa server →) AAA of this operator network → AAA of this operator gateway → roaming alliance → AAA of the opposite end operator gateway → AAA of opposite end operator network (→ ownership place aaa server)).In the AAA gateway, all use the Proxy function (the typical RADIUS Proxy function of RFC2865, RFC2866, RFC2869 as is well known) of standard, be forwarded on the ownership place AAA gateway.Ownership place AAA gateway also uses the Proxy function of standard message identifying to be forwarded on radius user's certificate server of ownership place to carry out real authentication.
In step (10), ownership place radius user certificate server judges according to user profile whether the user is legal, then with authentication success/failure message from the AAA gateway of ownership place AAA gateway through each middle entity, and the AAA gateway of roaming alliance is to roaming place radius user's certificate server.After this process with the step (11) of embodiment 1 to (13).
User's charging process is as follows:
14) if authentication is successful, roaming place PPPoE server is initiated to charge and is begun to ask to give roaming place radius user's accounting server.
15) roaming place radius user accounting server finds that the user is the roamer, so just as above-mentioned steps 9) (the AAA gateway of ownership place is through the AAA gateway of each middle entity by middle internetwork roaming retransmission unit with this charging message, and the AAA gateway of roaming alliance) is forwarded to ownership place radius user accounting server, carries out real charging.
16) ownership place radius user accounting server is responded the beginning response message that charges, be transmitted to roaming place radius user's accounting server by middle internetwork roaming retransmission unit (the AAA gateway of ownership place is through the AAA gateway of each middle entity, and the AAA gateway ownership place AAA gateway and the roaming place AAA gateway of roaming alliance).
17) charging that will respond of roaming place radius user accounting server begins response message and is transmitted to roaming place PPPoE server.
Embodiment 4: access device and aaa server roaming insert
Because when the user that access device (for example access server) inserts need roam, all be to know the ownership place aaa server that the user is connected to by the domain name that disposes on the access device, perhaps corresponding relations such as AAA gateway of Xiang Lianing, but often an access device can only dispose limited domain name relation, generally about tens, typical in 32, autgmentability is poor, when needs dispose the domain name of roaming, can't satisfy the needs of operation or management certainly.And ownership place of every increase in the roaming will increase the domain name of new roaming on all access devices of the whole network, and therefore, maintenance is very big.
In this embodiment of the present invention, by a roaming territory module is set on access device, make except that the relation of this access device core for example the aaa server etc. of local home network, other roamers walk to roam the territory, make all roamers all receive corresponding high-rise aaa server or directly receive the AAA gateway, again roaming information is forwarded to ownership place by them.
In the module of roaming territory, the aaa server of the direct configure user correspondence in the capital of all local authentications (authentication, charging); All have the also direct aaa server of configure user correspondence (authentication, charging) of specific (special) requirements (for example certain inserts the aaa server that enterprise requires configuration enterprise, and this aaa server is not the local authentication user, then needs particular arrangement).
Consider that each roaming territory block configuration full maintenance amount is too big, therefore, " roaming territory " configuration item is set, in this configuration item, the user of all non-this locality, non-specific (special) requirements, the aaa server of all walking to roam territory configuration authenticates and charges, and this aaa server can be above-mentioned AAA gateway, and perhaps any one can find the aaa server in user ascription area aaa server path.
When configuration roaming territory, can utilize all domain-name informations in " user name @ domain name " above-mentioned, also can be the part in the domain-name information.For example zhangsan@telecom.beijing.com can just roam configuration process according to domain name " telecom.beijing.com ", also can just roam configuration process according to domain name " beijing.com ".Identical in collocation method and the previous embodiment.
Usually, aaa server also can be provided with roaming territory module, and all roamers are directly forwarded on other aaa servers or the AAA gateway by the roaming territory.Its implementation provides the method in roaming territory identical with access device.
Like this, access server or similar access device and aaa server do not need to dispose the relation of all aaa server correspondences, as long as relation and a roaming relationships of configuration core.That is to say, increase, during the change of netsurfing relations such as modification, deletion, only need in some AAA gateways or roaming alliance, dispose once, owing to all disposed roaming relationships on all access devices and roaming place or the intermediary aaa server, therefore, need not on all devices and roaming place or intermediary aaa server, to revise, just can use at once.Its favorable expandability can accomplish that the zero dimension of roaming protects.
The user roams the same substantially precedent of access process, just optimizes in access device, aaa server roaming configuration and control.
Its detailed process is, step (1) is after (7) in process the foregoing description, in step (8), if it is the roamer that roaming place access server (PPPoE access server) identifies according to for example user name, then directly find corresponding AAA gateway or roaming alliance by roaming territory module, or find the path of ownership place aaa server, this message identifying is forwarded to the AAA gateway of roaming place.Perhaps, when in aaa server (being radius user's certificate server in this example), being provided with roaming territory module when roaming territory module is not set in the access server, in step (9), identification is a roamer to radius user's certificate server according to user name, then also can find corresponding AAA gateway or roaming alliance by the roaming territory module of its configuration, or find the path of ownership place aaa server, this message identifying is forwarded to the AAA gateway of roaming place.In the AAA gateway, use the Proxy function (the typical RADIUS Proxy function of RFC2865, RFC2866, RFC2869 as is well known) of standard, be forwarded on the ownership place AAA gateway.Ownership place AAA gateway also uses the Proxy function of standard message identifying to be forwarded on radius user's certificate server of ownership place to carry out real authentication.
In step (10), ownership place radius user certificate server judges according to user profile whether the user is legal, then authentication success/failure message is found corresponding AAA gateway or roaming alliance by the roaming territory module that disposes in the ownership place radius user certificate server equally according to the method described above, thereby be forwarded to roaming place radius user's certificate server.After this process with the step (11) of embodiment 1 to (13).
User's charging process is as follows:
14) if authentication is successful, the PPPoE server is initiated to charge and is begun to ask to give roaming place radius user's accounting server.
15) roaming place radius user accounting server finds that the user is the roamer, so just as above-mentioned steps 9) this charging message is found corresponding AAA gateway or roaming alliance by the roaming territory module that disposes in the radius user's certificate server of roaming place, thereby be forwarded to ownership place radius user accounting server, carry out real charging.
16) ownership place radius user accounting server is responded the beginning response message that charges, and finds the AAA gateway or the roaming alliance of correspondence by the roaming territory module of configuration, thereby is forwarded to roaming place radius user's accounting server.
17) charging that will respond of roaming place radius user accounting server begins response message and is transmitted to roaming place PPPoE server.
Although describe the present invention in conjunction with a plurality of embodiment above, these illustrative purposes are just for the ease of having more clear and complete understanding rather than limitation of the invention to the present invention.For example, in these embodiment of the present invention, be that example illustrates with the PPPoE authentication mode, obviously the present invention can be used for also that for example WEB except that PPPoE authenticates, 802.1X authenticates and other conventional network user's authentication method.In addition, the present invention's agreements such as RADIUS, DIAMETER of also being not limited to mention in specification provide roaming service for the user.Therefore, obviously can carry out various modifications and adopt the various alternative means that are equal to, these modifications and be equal to substitute and still belong to scope of the present invention each details of the embodiment of the invention.
Claims (12)
1. method that roaming service is provided for the user in network system, described network system comprises client terminal; Access device comprises roaming place access device and described roamer's ownership place access device; Aaa server comprises roaming place aaa server and described roamer's ownership place aaa server; And the roaming retransmission unit, be connected between described roaming place aaa server and the ownership place aaa server, be used to transmit roamer's authentication and charge information,
Described method comprises:
(1) user profile is obtained in the roaming place access device access request of sending according to roamer's customer terminal equipment;
(2) the roaming place access device is sent to the roaming place aaa server with described user profile and authenticates;
(3) the roaming place aaa server is discerned user profile, when being defined as the roamer, this user's authentication information is sent to the roaming retransmission unit, and the aaa server that sends to this user ascription area by the roaming retransmission unit authenticates;
(4) aaa server of this user ascription area judges according to user profile whether the user is legal, then authentication success/failure message is sent to described roaming place aaa server by the roaming retransmission unit;
(5) if the aaa server of this user ascription area sends is the authentication success message, then described roaming place aaa server will notify described roaming place access device to give subscriber authorisation; If what send is the authentification failure message, then refusing provides access service for this user;
(6) after to the success of described authentification of user, described roaming place access device sends to charge to described roaming place aaa server and begins request;
(7) described roaming place aaa server is forwarded to described user ascription area aaa server with charging message by described roaming retransmission unit and charges.
2. method according to claim 1, it is characterized in that, described step (3) further comprises: described roaming retransmission unit carries out the conversion of protocol adaptation and message format according to the protocol type of roaming place aaa server and described ownership place aaa server and to the requirement of message format.
3. method according to claim 2 is characterized in that, the conversion that described roaming retransmission unit carries out protocol adaptation and message format is to carry out according to implementor name and digitally coded mapping table that described roaming retransmission unit disposes.
4. according to claim 1,2 or 3 described methods, it is characterized in that, described authentication mode be PPPoE recognize levy, WEB authentication or 802.1X authentication.
5. method according to claim 4 is characterized in that, further is included in to determine in the described roaming retransmission unit that described process comprises to the process of the processing policy of authentification of user message:
When receiving user's message identifying, parse the message identifying attribute;
Judge whether to be configured searching of data, if, then according to the definite strategy that this message identifying is handled of the content of user data part;
If do not find user data, then according to the definite strategy that this message identifying is handled of the content in the numeric field data part;
If do not find numeric field data, then use the default configuration data; And
Processing policy according to determining is for further processing.
6. method according to claim 5 is characterized in that, further is included in roaming and preserves the authentification of user transmitted and the step of charge information in the retransmission unit.
7. network system that provides roaming service for the roamer comprises:
Client terminal;
Access device, described access device is used to client terminal that access service is provided, and comprises the roaming place access device at roamer place and described roamer's ownership place access device;
Aaa server is used for user profile to the client terminal that inserts device forwards and authenticates and charge to inserting successful client terminal, comprises the roaming place aaa server at roamer place and described roamer's ownership place aaa server,
It is characterized in that described system also comprises the roaming retransmission unit, be connected between described roamer's the roaming place aaa server and ownership place aaa server, be used to transmit roamer's authentication and charge information.
8. system according to claim 7, it is characterized in that, belong to and adopt between the described aaa server of consolidated network operator or enterprise that layering networking mode, starlike networking mode or layering networking and starlike networking and netted/partly the compound mode of netted networking mode is connected.
9. system according to claim 8, it is characterized in that, described roaming retransmission unit comprises the high-rise aaa server in the network of the same operator of described network of described layering networking or enterprise, described consolidated network operator's local area network (LAN) or the aaa server of the Centroid in the enterprise or the combination of described these two kinds of aaa servers of described starlike networking, is used to described a plurality of operator or enterprise to carry out the forwarding of protocol adaptation and message identifying.
10. system according to claim 7, it is characterized in that, described roaming retransmission unit comprises the AAA gateway that is connected between two or more Virtual network operators or the enterprise, is used to described a plurality of operator or enterprise to carry out the forwarding of protocol adaptation and message identifying.
11. system according to claim 7, it is characterized in that, described roaming retransmission unit further comprise with a plurality of operators or enterprise by the interconnected roaming alliance of AAA gateway, be used to described a plurality of operator or enterprise to carry out the forwarding of protocol adaptation and message identifying.
12. require each described system according to aforesaid right, it is characterized in that, be provided with roaming territory module in described access device or the aaa server, be used for configuration path information, be configured on the roaming retransmission unit that can find the user ascription area aaa server with authentication and charge information with the roamer.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNB031380441A CN100370869C (en) | 2003-05-30 | 2003-05-30 | Method and system for providing user network roam |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNB031380441A CN100370869C (en) | 2003-05-30 | 2003-05-30 | Method and system for providing user network roam |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN1553741A true CN1553741A (en) | 2004-12-08 |
| CN100370869C CN100370869C (en) | 2008-02-20 |
Family
ID=34323637
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CNB031380441A Expired - Lifetime CN100370869C (en) | 2003-05-30 | 2003-05-30 | Method and system for providing user network roam |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN100370869C (en) |
Cited By (30)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2006116908A1 (en) * | 2005-04-30 | 2006-11-09 | Huawei Technologies Co., Ltd. | A method and interface apparatus for authentication and charging |
| WO2006131898A2 (en) * | 2005-06-09 | 2006-12-14 | Utstarcom Telecom Co., Ltd. | Controllable multicast management method for downstream users of internet protocol television (iptv) |
| WO2007087744A1 (en) * | 2006-01-26 | 2007-08-09 | Huawei Technologies Co., Ltd. | A system, device and method for realizing terminal roaming control |
| WO2007131426A1 (en) * | 2006-04-29 | 2007-11-22 | Huawei Technologies Co., Ltd. | Aaa system and authentication method of multi-hosts network |
| CN100370734C (en) * | 2006-03-13 | 2008-02-20 | 华为技术有限公司 | WAP service charging method |
| CN100372327C (en) * | 2005-01-11 | 2008-02-27 | 华为技术有限公司 | Service cell based network access system and method |
| CN100426930C (en) * | 2006-04-30 | 2008-10-15 | 中国联合通信有限公司 | Wireless data communication monitoring system and method |
| WO2008122233A1 (en) * | 2007-04-04 | 2008-10-16 | Huawei Technologies Co., Ltd. | Charging network, charging method and gateway |
| CN100444688C (en) * | 2005-08-08 | 2008-12-17 | 中兴通讯股份有限公司 | Automatic roaming area entry method under mobile limit |
| CN100461958C (en) * | 2006-04-30 | 2009-02-11 | 中国联合通信有限公司 | Mobile communication access system and method |
| WO2009056010A1 (en) * | 2007-11-01 | 2009-05-07 | Zte Corporation | Method of obtaining proxy call session control function address while roaming |
| CN101184336B (en) * | 2007-12-05 | 2010-04-21 | 中兴通讯股份有限公司 | Method of implementing content charging user roaming |
| CN101151856B (en) * | 2005-03-28 | 2010-10-13 | 松下电器产业株式会社 | Mobile router, home agent, and terminal position management method |
| CN101917722A (en) * | 2010-08-31 | 2010-12-15 | 广州杰赛科技股份有限公司 | Method for identifying non-attributive place access identity of terminal in wireless local area network |
| CN101925061A (en) * | 2010-08-31 | 2010-12-22 | 广州杰赛科技股份有限公司 | Method for non-home domain accessing identity authentication in wireless metropolitan area network terminal |
| US7869803B2 (en) | 2002-10-15 | 2011-01-11 | Qualcomm Incorporated | Profile modification for roaming in a communications environment |
| CN101958846A (en) * | 2010-11-03 | 2011-01-26 | 北京北信源软件股份有限公司 | Method for client roaming across servers |
| US7882346B2 (en) | 2002-10-15 | 2011-02-01 | Qualcomm Incorporated | Method and apparatus for providing authentication, authorization and accounting to roaming nodes |
| US7895145B2 (en) | 2006-07-31 | 2011-02-22 | Huawei Technologies Co., Ltd. | Method, system and device for controlling policy information required by a requested service |
| CN102238547A (en) * | 2011-07-19 | 2011-11-09 | 华为软件技术有限公司 | User session control method, session server, authentication, authorization and accounting (AAA) server and system |
| CN102355650A (en) * | 2011-07-15 | 2012-02-15 | 华为软件技术有限公司 | Service processing method and system thereof |
| CN101136861B (en) * | 2006-09-01 | 2012-07-04 | 阿尔卡特朗讯 | Method of providing an IPTV service and network unit |
| CN1859167B (en) * | 2005-11-04 | 2012-08-08 | 华为技术有限公司 | Exciting method for network telephone terminal configuration |
| CN101203036B (en) * | 2006-12-15 | 2012-09-05 | 华为技术有限公司 | Tactics coordination system and tactics coordination method |
| CN101447973B (en) * | 2007-11-27 | 2014-02-12 | 开曼晨星半导体公司 | Managing method for switching in mobile communication home use indoor base station |
| CN103813327A (en) * | 2012-11-09 | 2014-05-21 | 华为技术有限公司 | Authentication mode indicating method |
| US9313784B2 (en) | 2005-09-19 | 2016-04-12 | Qualcomm Incorporated | State synchronization of access routers |
| WO2016107148A1 (en) * | 2014-12-31 | 2016-07-07 | 中兴通讯股份有限公司 | Authentication and authorization method combining radius and diameter |
| CN109981574A (en) * | 2019-02-21 | 2019-07-05 | 深圳优仕康通信有限公司 | A kind of networking encryption method, network relay equipment and computer readable storage medium |
| CN114629683A (en) * | 2022-02-11 | 2022-06-14 | 亚信科技(成都)有限公司 | Access method, device, equipment and storage medium of management server |
Family Cites Families (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| EP1350151A2 (en) * | 2000-11-13 | 2003-10-08 | Ecutel, Inc. | System and method for secure network mobility |
| CN1134201C (en) * | 2001-11-13 | 2004-01-07 | 西安西电捷通无线网络通信有限公司 | Cross-IP internet roaming method for mobile terminal |
-
2003
- 2003-05-30 CN CNB031380441A patent/CN100370869C/en not_active Expired - Lifetime
Cited By (41)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7882346B2 (en) | 2002-10-15 | 2011-02-01 | Qualcomm Incorporated | Method and apparatus for providing authentication, authorization and accounting to roaming nodes |
| US7869803B2 (en) | 2002-10-15 | 2011-01-11 | Qualcomm Incorporated | Profile modification for roaming in a communications environment |
| CN100372327C (en) * | 2005-01-11 | 2008-02-27 | 华为技术有限公司 | Service cell based network access system and method |
| CN101151856B (en) * | 2005-03-28 | 2010-10-13 | 松下电器产业株式会社 | Mobile router, home agent, and terminal position management method |
| WO2006116908A1 (en) * | 2005-04-30 | 2006-11-09 | Huawei Technologies Co., Ltd. | A method and interface apparatus for authentication and charging |
| WO2006131898A2 (en) * | 2005-06-09 | 2006-12-14 | Utstarcom Telecom Co., Ltd. | Controllable multicast management method for downstream users of internet protocol television (iptv) |
| WO2006131898A3 (en) * | 2005-06-09 | 2007-07-05 | Utstarcom Telecom Co Ltd | Controllable multicast management method for downstream users of internet protocol television (iptv) |
| CN100438622C (en) * | 2005-06-09 | 2008-11-26 | Ut斯达康通讯有限公司 | Controlled multicast managing method for network interactive television roaming user |
| CN100444688C (en) * | 2005-08-08 | 2008-12-17 | 中兴通讯股份有限公司 | Automatic roaming area entry method under mobile limit |
| US9313784B2 (en) | 2005-09-19 | 2016-04-12 | Qualcomm Incorporated | State synchronization of access routers |
| CN1859167B (en) * | 2005-11-04 | 2012-08-08 | 华为技术有限公司 | Exciting method for network telephone terminal configuration |
| WO2007087744A1 (en) * | 2006-01-26 | 2007-08-09 | Huawei Technologies Co., Ltd. | A system, device and method for realizing terminal roaming control |
| CN100370734C (en) * | 2006-03-13 | 2008-02-20 | 华为技术有限公司 | WAP service charging method |
| WO2007131426A1 (en) * | 2006-04-29 | 2007-11-22 | Huawei Technologies Co., Ltd. | Aaa system and authentication method of multi-hosts network |
| CN100461958C (en) * | 2006-04-30 | 2009-02-11 | 中国联合通信有限公司 | Mobile communication access system and method |
| CN100426930C (en) * | 2006-04-30 | 2008-10-15 | 中国联合通信有限公司 | Wireless data communication monitoring system and method |
| US7895145B2 (en) | 2006-07-31 | 2011-02-22 | Huawei Technologies Co., Ltd. | Method, system and device for controlling policy information required by a requested service |
| CN101136861B (en) * | 2006-09-01 | 2012-07-04 | 阿尔卡特朗讯 | Method of providing an IPTV service and network unit |
| CN101203036B (en) * | 2006-12-15 | 2012-09-05 | 华为技术有限公司 | Tactics coordination system and tactics coordination method |
| WO2008122233A1 (en) * | 2007-04-04 | 2008-10-16 | Huawei Technologies Co., Ltd. | Charging network, charging method and gateway |
| US8453211B2 (en) | 2007-11-01 | 2013-05-28 | ZTECorporation | Method of obtaining proxy call session control function address while roaming |
| WO2009056010A1 (en) * | 2007-11-01 | 2009-05-07 | Zte Corporation | Method of obtaining proxy call session control function address while roaming |
| CN101447973B (en) * | 2007-11-27 | 2014-02-12 | 开曼晨星半导体公司 | Managing method for switching in mobile communication home use indoor base station |
| CN101184336B (en) * | 2007-12-05 | 2010-04-21 | 中兴通讯股份有限公司 | Method of implementing content charging user roaming |
| CN101925061A (en) * | 2010-08-31 | 2010-12-22 | 广州杰赛科技股份有限公司 | Method for non-home domain accessing identity authentication in wireless metropolitan area network terminal |
| CN101917722A (en) * | 2010-08-31 | 2010-12-15 | 广州杰赛科技股份有限公司 | Method for identifying non-attributive place access identity of terminal in wireless local area network |
| CN101925061B (en) * | 2010-08-31 | 2013-02-13 | 广州杰赛科技股份有限公司 | Method for non-home domain accessing identity authentication in wireless metropolitan area network terminal |
| CN101917722B (en) * | 2010-08-31 | 2013-05-08 | 广州杰赛科技股份有限公司 | Method for identifying non-attributive place access identity of terminal in wireless local area network |
| CN101958846A (en) * | 2010-11-03 | 2011-01-26 | 北京北信源软件股份有限公司 | Method for client roaming across servers |
| CN101958846B (en) * | 2010-11-03 | 2015-04-15 | 北京北信源软件股份有限公司 | Method for client roaming across servers |
| CN102355650B (en) * | 2011-07-15 | 2016-08-17 | 华为软件技术有限公司 | A kind of method for processing business and system |
| CN102355650A (en) * | 2011-07-15 | 2012-02-15 | 华为软件技术有限公司 | Service processing method and system thereof |
| CN102238547B (en) * | 2011-07-19 | 2013-12-04 | 华为软件技术有限公司 | User session control method, session server, authentication, authorization and accounting (AAA) server and system |
| CN102238547A (en) * | 2011-07-19 | 2011-11-09 | 华为软件技术有限公司 | User session control method, session server, authentication, authorization and accounting (AAA) server and system |
| CN103813327A (en) * | 2012-11-09 | 2014-05-21 | 华为技术有限公司 | Authentication mode indicating method |
| CN103813327B (en) * | 2012-11-09 | 2017-11-17 | 华为技术有限公司 | A kind of method for indicating authentication mode |
| WO2016107148A1 (en) * | 2014-12-31 | 2016-07-07 | 中兴通讯股份有限公司 | Authentication and authorization method combining radius and diameter |
| CN109981574A (en) * | 2019-02-21 | 2019-07-05 | 深圳优仕康通信有限公司 | A kind of networking encryption method, network relay equipment and computer readable storage medium |
| CN109981574B (en) * | 2019-02-21 | 2023-02-28 | 深圳优仕康通信有限公司 | Networking encryption method, network relay equipment and computer readable storage medium |
| CN114629683A (en) * | 2022-02-11 | 2022-06-14 | 亚信科技(成都)有限公司 | Access method, device, equipment and storage medium of management server |
| CN114629683B (en) * | 2022-02-11 | 2023-09-05 | 亚信科技(成都)有限公司 | Access method, device, equipment and storage medium of management server |
Also Published As
| Publication number | Publication date |
|---|---|
| CN100370869C (en) | 2008-02-20 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN1553741A (en) | Method and system for providing user network roam | |
| CN1163029C (en) | Method for making data interchange by data network user and its network system | |
| CN1193565C (en) | RSVP handling in 3G networks | |
| JP4782139B2 (en) | Method and system for transparently authenticating mobile users and accessing web services | |
| CN1403952A (en) | Ethernet confirming access method | |
| CN1762129A (en) | Service in wlan inter-working, address management system, and method | |
| CN1750508A (en) | Packet forwarding apparatus and access network system | |
| CN1197297C (en) | A platform information switch | |
| CN1957566A (en) | Server for routing connection to client device | |
| CN1713623A (en) | Network connection system, network connection method, and switch used therefor | |
| CN1523811A (en) | System and method for user authentication at the level of the access network during a connection of the user to the internet | |
| CN101076976A (en) | Authentication system, authentication method, and authentication information generation program | |
| CN1794676A (en) | Method of user access radio communication network and radio network cut in control device | |
| CN1625275A (en) | Address acquisition | |
| CN101040556A (en) | Callback services in a communication system | |
| CN1411207A (en) | Communication apparatus | |
| CN1901448A (en) | Connecting identification system in communication network and realizing method | |
| CN1809072A (en) | Network architecture of backward compatible authentication, authorization and accounting system and implementation method | |
| CN1870812A (en) | Method for selecting safety mechanism of IP multimedia subsystem acess field | |
| CN1805396A (en) | Method for implementing network access through broadband router | |
| WO2006111078A1 (en) | A method for obtaining the user access information in the next generation network | |
| CN1863113A (en) | System and method for implementing multi-user access in LAN terminal | |
| CN100340089C (en) | System and method for network connection | |
| CN101052032A (en) | Business entity certifying method and device | |
| CN1870636A (en) | Method and system for client redirection |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CX01 | Expiry of patent term | ||
| CX01 | Expiry of patent term |
Granted publication date: 20080220 |