177 results about "Authentication authorization accounting" patented technology

The invention provides an address allocating method for wideband wireless access system, comprising the steps of: when connecting to network, mobile terminal sends user/equipment authentication request to AAA (Authentication,Authorization and Accounting) server; after the authorization succeeds, the mobile terminal sends registering request to access gateway; the mobile terminal completes registering, the access gateway obtains mobile terminal-supported IP address allocating mode according to the user configuration information returned after the authorization succeeds; the access gateway replaces the mobile terminal as DHCP Client to send IP address allocating request to DHCP server or does not request IP address but waits for the mobile terminal to actively request IP address; the DHCP server allocates IP address to corresponding MAC address, the access gateway transfers the allocated IP address to the mobile terminal and the mobile terminal completes local address binding. And it reduces implementing difficulty and cost, reduces system overhead and speeds up switching.

The invention provides a broadband access method and device. The method comprises the steps that an address application broadcast message of VXLAN packaging carrying QinQ information is received through a VXLAN tunnel; VXLAN packaging is relieved, and the address application broadcast message is transmitted to an authentication authorization billing server; when the address application broadcast message is ensured to be authenticated, the address application broadcast message is converted into an address application unicast message; the address application unicast message carries the QinQ information used for IP address allocation and the identifier of the VXLAN tunnel; the converted address application unicast message is transmitted to an address server; an address response message which is transmitted by the address server and carries the allocated IP address is received; and VXLAN packaging is performed on the address response message according to the VXLAN tunnel, and the address response message of VXLAN packaging is transmitted through the VXLAN tunnel. The cost of the broadband access business can be reduced by the broadband access method and device.

The embodiment of the invention provides an access processing method, a base station and a terminal. The method comprises the following steps of: receiving an access request message, transmitted by the terminal, by the base station; transmitting an access control message to the terminal by the base station if access failure frequency of the terminal reaches a preset threshold value so as not to transmit the access request message to the base station any longer by the terminal in a period of time; or transmitting the access control message to the terminal so as not to transmit the access request message to the base station any loner by the terminal. According to the technical scheme provided by the embodiment of the invention, the access of the terminal with multiple continuous access fails and due and temporarily-defaulting account or other illegal terminals during interaction between the terminal and the base station can be controlled, so that reaccess of the illegal terminals is prevented or interval time of adjacent access requests of the terminal is prolonged; and waste of an air interface and ground link bandwidth in an interactive authentication process between an abnormal user terminal and AAA (Authentication Authorization Accounting) can be reduced, so that uplink bandwidth resources of a normal Wimax (Worldwide Interoperability for Microwave Access) user can be guaranteed.

The invention discloses a packet data web gateway identification saving method and system in multi-access scene. The method includes that: when user equipment simultaneously accesses a packet data network by two access networks, namely a first access network and a second access network, and the identical packet data network connection is established, an affiliation user or authentication charging server saves the identification of the packet data web network; the first access network is a third generation partner plan 3GPP access network, and the second access network is a non-3GPP access network; or the first access network is a non-3GPP access network, and the second access network is a 3GPP access network; when releasing the access of one access network of the two access networks, the affiliation user or authentication charging server saves the identification of the packet data web gateway. The method can reasonably notify HSS/AAA, P-GW identification can be correctly stored or deleted, and the system is ensured to normally operate in related P-GW identification operation in multi-access scene.

The present invention discloses a system of group communication and a method of group call processing based on CDMA2000 high-rate packet data network. The group communication system based on CDMA2000 high-rate packet data network includes: base station, packet control function module, packet data service node and AAA (authentication, authorization, accounting) server. The system further includes: multiple accessing terminals for making or responding the service request of group talk; group dispatching server for providing centralized control of group talk service, implementing the entire group talk service procedure from group user authentication to transmission of voice service package; group dispatch user side, which is an accessing gateway of group communication system, for providing signaling and service link between the base station and the group dispatching server. The present invention realizes the group communication system in the current high-rate packet data network, so that the group communication system satisfies the requirements of third generation communication, and adapts the development of the communication system.

The embodiment of the invention discloses a method for accessing a terminal of a fixed or nomadic user to a network. The method is characterized by comprising the following steps: transmitting an access request message to an authentication, authorization and accounting server AAA; receiving an access granted message from the AAA, wherein the access granted message carries area information which is granted to access the terminal; converting the area information into a base station identification BS ID list which is granted to access the base station; and transmitting an authentication succeeded message to the terminal if the BS ID of the terminal accessed to the base station currently is in a range of the BS ID list so as to ensure that the terminal can carry out a subsequent network accessing process. The method and a device for accessing the terminal of the fixed or nomadic user to the network ensure that the terminal of the fixed or nomadic user can be correctly accessed in an area which is granted to access so as to restrict the area range of the terminal of the fixed or nomadic user accessing to the network.

The invention relates to a method and a system for authentication processing, a 3GPP authentication authorization accounting server and a user device. The method for authentication processing of the embodiment of the invention comprises the following steps: receiving authentication request messages carrying authentication method instruction information; determining the authentication method according to the authentication method instruction information; and carrying out the corresponding authentication processing according to the authentication method. The system for authentication processing comprises a 3GPP authentication authorization accounting server and a network device through which the user device is connected with the 3GPP authentication authorization accounting server. The authentication request messages sent by the user device carry the authentication method instruction information with different parameters, so that the 3GPP authentication authorization accounting server can distinguish between different authentication methods, and carry out the corresponding authentication processing in accordance with the authentication methods determined by the 3GPP authentication authorization accounting server.

The present invention relates to a terminal control system, and more particularly, to a system and a method which allows a user to shift an IP service from a terminal to which the service is currently provided to a user's other terminal, thereby enabling the user to continuously using the IP service without disconnection. The system comprises: an authentication authorization accounting (AAA) interface unit which receives unique information having fixed properties with respect to a terminal authenticated by a subscriber terminal authentication system and a user of the authenticated terminal; a terminal interface unit which receives status information having variable properties with respect to the authorized terminal and a currently used service; a unique information managing unit which stores and manages the unique information; a status information managing unit which stores and manages the status information; and a terminal shift management control unit which provides information regarding terminals available for the current service with reference to the unique information and the status information, when there is a terminal shift request, generates service session information which is required when the currently used service is sent to a terminal selected from the information and sends the generated service session information to the selected terminal to which the service is to be shifted. Accordingly, the user of the terminal can conveniently change the terminal to continuously use the IP service without disconnection while using the IP service.

The method comprises: during authentication process, the authentication, authorization and accounting (AAA) server sends the key information to the anchor authenticator; according to said key information, the authenticator gets the key between the mobile node and the external agent and the key between the external agent and the home agent; when receiving a broadcast message from the external agent, according to the address of the external agent, the terminal figures out the key between the mobile node and the external agent, and triggers the mobile IP registration request; the home agent processes the registration request, and after success of registration, returns the request confirmation; according to ht e received registration confirmation, said terminal gets the address of the home agent, and figures out the key between the mobile node and the home agent.

The invention provides a satellite communication integrated QoS (Quality of Service) safeguard system which comprises a QoS safeguard structure of a ground station system and a QoS safeguard structure of a mobile earth terminal. The QoS safeguard structure of the ground station system comprises a wireless gateway module of the ground station, a certificate authority charging module, an access route module of the ground station, and a beam QoS proxy module. The QoS safeguard structure of the mobile earth terminal comprises a terminal side higher layer protocol stack module and a terminal side hollow interface protocol stack module. The satellite communication integrated QoS safeguard system provided by the invention can provide distinguished services for different types services such as voice or video phone service, real-time stream service, interactive services and background services, thereby ensuring the quality of service of services in various types, optimizing the flow of the network and enhancing the user experience.

The invention discloses a off line charging system and a method thereof; the method includes the following contents that: a grouped data network is additionally provided with a content charging gateway; a grouped data service node analyzes an off line charging user and routes messages of the off line charging user to the content charging gateway; the content charging gateway analyzes the message of the off line charging user and charges analyzed service types according to corresponding charging rules, and the acquired charging information is reported to a certification authorization charging server; the certification authorization charging server generates the off line charging bill according to the information reported by the content charging gateway. The invention adopting the method has the advantages of easily realizing the difference of the non-content charging and the content charging messages and realizing the off line charging of the content charging message.

The invention relates to a method for prompting user terminal about the identification failure reason via net page, wherein it comprises that: when user terminal fail to identify on the identification charge server, the server based on failure reason sends one page address; user terminal connects said address and displays the reason. The invention also provides relative system and charge server.

The invention aims to provide a method for realizing the access to a network. The method comprises the following steps: step 1, the authentication, authorization & accounting server (AAA Server) of an HPLMN (home public land mobile network) sends a notice of the distrust relation between the HPLMN and a non-3GPP access network to the authentication, authorization & accounting proxy (AAA Proxy) of a VPLMN (virtual public land mobile network) when UE authenticates and authorizes; and step 2, the AAA Proxy obtains no trust relation between the HPLMN and the non-3GPP access network and judges a trust relation between the VPLMN and the non-3GPP access network, then the AAA Proxy determines to adopt a chain type access mode to access to the UE to the IP service provided by the HPLMN through the non-3GPP access network. The invention can solve the problem that how of the UE is accessed to the P-GW1 (PDN-GW1: Public Data Network-Gateway1) through the non-3GPP access network when the relation between the HPLMN and the non-3GPP access network is distrusted, the relation between the UPLMN and the Non 3GPP Accesss is trusted, and the VPLMN is not provided with an ePDG (evolved Packet Data Gateway).

A method and system for a wireless local area network user accessing a fixed broadband network, the method includes: a broadband network gateway (BNG) device initiating an identity authenticating process to an authentication authorization accounting (AAA) server for a wireless local area network (WLAN) user; after the AAA server successfully authenticates the WLAN user, the BNG device acquiring a mobility identifier of the WLAN user from the AAA server; after receiving the mobility identifier of the WLAN user, the BNG device allowing the mobility access of the WLAN user.

The invention relates to configuration method and system of a Linux virtual server, wherein the configuration system of the Linux virtual server comprises an LVS (Linux Virtual Server), a user interface module, an AAA (Authentication Authorization Accounting) client and an instruction translating module, wherein the user interface module is used for transmitting received configuration instruction information to the AAA client and then transmitting successfully authorized configuration instruction information to the instruction translation module when receiving an authorization result returned by the AAA client, wherein the authorization result represents that the configuration instruction information is successfully authorized; the AAA client is used for transmitting the configuration instruction information to an AAA server and then transmitting the authorization result returned by the AAA server to the user interface module; and the instruction translating module is used for translating a successfully authorized configuration instruction into an operation instruction supported by the LVS and executing or notifying the LVS to execute configuration operation corresponding to the operation instruction. The invention improves the convenience for users to maintain network systems containing the LVS.