Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

A method, device and system for access authentication

A technology of access authentication and authenticator, applied in the field of network communication, can solve the problems of not being able to perceive the existence of connected users on the RG, not being able to obtain, and not being able to perform fast channel switching control, etc.

Inactive Publication Date: 2008-02-13
HUAWEI TECH CO LTD
View PDF0 Cites 19 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0017] 1. NSP cannot perceive the existence of connected users on the RG, that is, NSP can only collect statistics on the network traffic on the RG to bill and charge the network services on the RG, but cannot target the users connected to the RG. Different users are billed and charged according to different services;
[0018] 2. Since the NSP does not authenticate the users connected to the RG, the NSP cannot take security precautions against counterfeit users;
[0019] 3. Because only simple line authentication is performed on RG, and no relevant trust authentication is performed on RG, so RG is an untrusted node, so RG cannot obtain the QoS (quality of service) policy of RG from Policy Server (policy server), Therefore, the network system cannot perform resource management control (such as uplink bandwidth control) according to a unified QoS policy.
At the same time, for services based on network connections such as VolP (Voice over Internet Protocol), RG cannot perform AC (Admission Control) for VoIP according to a unified QoS policy;
[0020]4. Since the RG is an untrusted node, the ACL (Admission Control List) related to the RG cannot be obtained from the authentication information, so the multicast authority of the user cannot be checked. control, unable to do fast channel switching control
[0021]5. Since the RG is an untrusted node, it cannot take local service quality monitoring operations on the SLA (Service Level Agreement) nearby, so that the NAS can only The ingress node or AN (Access Node) monitors the service flow of all users, causing the access node or MSAN (Integrated Service Access Network) where the NAS is located to become the bottleneck of network service information
[0023] (3) Corresponding node authentication technical solution 3: set RG as a layer 2 resident gateway; when RG is a layer 2 resident gateway, RG itself does not need authentication, that is, if Users connected to the RG still use the 802.1x authentication protocol, so the RG must support the 802.1x authentication transfer function, but the existing RG equipment generally does not support this authentication transfer function
[0025]Therefore, no matter whether it is for fixed network, mobile network or a mixed network of fixed network and mobile network, there is currently no implementation scheme for network node access authentication, so that the network It is impossible to determine more trusted nodes in the network, which affects the development of communication services in the network. For example, if a user terminal accesses the network through an untrusted node, it cannot be authenticated, or an untrusted node as a user access device cannot implement corresponding admission control functions, etc.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • A method, device and system for access authentication
  • A method, device and system for access authentication
  • A method, device and system for access authentication

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0101] The present invention mainly provides a method, device and system for realizing access authentication, in which a network node initiates an access authentication operation to an authentication server to which it belongs, and the authentication server authenticates the access authentication operation initiated by the network node processing; if the network node that initiates the access authentication operation and the authentication server still needs to pass through the unauthenticated network node (that is, an untrusted node), then the corresponding untrusted node first needs to initiate the access authentication operation, and after passing the authentication After that, it becomes the authenticator (Authenticator) or authentication transfer node of the network node or user connected to it, and can process the messages involved in the access authentication operation initiated by the network node connected to it.

[0102] In the present invention, the network node that...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The present invention relates to a method, a device and a system that can realize the access authentication. A network node initiates an access authentication operation with an authentication server, which performs an authentication processing on the access authentication operation initiated by the network node; after the network passes the authentication and is authorized as a trusted node, a user connected to the trusted node initiates an access authentication operation via the trusted node, and the authentication server performs an authentication processing on the access authentication operation initiated by the user. Meanwhile, the trusted node utilizes the received control information released by a policy server to perform various control operations on the user. The present invention enables service providers to pointedly carry out accounting and charging on different users under a network node according to different service circumstances and prevents sham users; and the network node can perform the corresponding management operations on the policy information and an admission control list and can locally monitor the service level agreement nearby.

Description

technical field [0001] The invention relates to the technical field of network communication, in particular to a method, device and system for realizing access authentication. Background technique [0002] At present, network architecture methods are divided into fixed network architecture, mobile network architecture, and hybrid architecture of fixed network and mobile network. These three network architectures have been widely used in different application scenarios due to their respective advantages. For example, fixed networks are mainly used in homes or places with fixed offices because they cannot be moved and have relatively good signals, such as DSL (Digital Subscriber Line) networks; mobile networks are mainly used in Mobile public transportation such as cars, trains, ships or airplanes; the mixed network of fixed network and mobile network is mainly used in applications that need to comprehensively consider the mobile performance of the network and the quality of ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): H04L9/32H04L12/56H04Q7/38H04W12/08H04W88/08
CPCH04W88/08H04L63/105H04W12/08H04L63/08
Inventor 郑若滨
Owner HUAWEI TECH CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products