A method, device and system for implementing access authentication

Abstract

The present invention relates to a method, device and system for implementing access authentication, comprising: a network node initiates an access authentication operation to an authentication server to which it belongs, and the authentication server performs authentication processing on the access authentication operation initiated by the network node; After the network node is authorized as a trusted node through authentication, a user connected to the trusted node initiates an access authentication operation through the trusted node, and the authentication server performs authentication processing on the access authentication operation initiated by the user. At the same time, the trusted node uses the received control information issued by the policy server to perform various control operations on the user. The present invention enables the service provider to charge and charge different users under the network node according to different service conditions in a targeted manner and to take security precautions against counterfeit users; Manage operations and enable local monitoring of SLAs nearby.

Description

technical field [0001] The invention relates to the technical field of network communication, in particular to a method, device and system for realizing access authentication. Background technique [0002] At present, network architecture methods are divided into fixed network architecture, mobile network architecture, and hybrid architecture of fixed network and mobile network. These three network architectures have been widely used in different application scenarios due to their respective advantages. For example, fixed networks are mainly used in homes or places with fixed offices because they cannot be moved and have relatively good signals, such as DSL (Digital Subscriber Line) networks; mobile networks are mainly used in Mobile public transportation such as cars, trains, ships or airplanes; the mixed network of fixed network and mobile network is mainly used in applications that need to comprehensively consider the mobile performance of the network and the quality of ...

AI Technical Summary

Problems solved by technology

[0017]1. The NSP cannot perceive the existence of connected users on the RG, that is, the NSP can only collect statistics on the network traffic on the RG to calculate the network services on the RG Fees and charges, but it is impossible to bill and charge different users connected to the RG according to different services in a targeted manner;

[0018]2. Since the NSP does not authenticate the users connected to the RG, the NSP cannot take security precautions against counterfeit users;

[0019]3. Because only simple line authentication is performed on RG, and no related trust authentication is performed on RG, RG is an untrusted node, so RG cannot receive information from the Policy Server ( The QoS (quality of service) policy of the RG is obtained from the policy server), so that the network system cannot perform resource management control (such as uplink bandwidth control) according to a unified QoS policy

At the same time, for services based on network connections such as VolP (Internet telephony), RG cannot perform AC (admission control) for VolP according to a unified QoS policy;

[0020]4. Since the RG is an untrusted node, the ACL (Admission Control List) related to the RG cannot be obtained from the authentication information, so the multicast authority of the user cannot be checked. control, unable to do fast channel switching control

[0021]5. Since the RG is an untrusted node, it cannot take local service quality monitoring operations on the SLA (Service Level Agreement) nearby, so that the NAS can only The ingress node or AN (Access Node) monitors the service flow of all users, causing the access node or MSAN (Integrated Service Access Network) where the NAS is located to become the bottleneck of network service information

[0023] (3) Corresponding node authentication technical solution 3: set RG as a layer 2 resident gateway; when RG is a layer 2 resident gateway, RG itself does not need authentication, that is, if Users connected to the RG still use the 802.1x authentication protocol, so the RG must support the 802.1x authentication transfer function, but the existing RG equipment generally does not support this authentication transfer function

[0025]Therefore, no matter whether it is for fixed network, mobile network or a mixed network of fixed network and mobile network, there is currently no implementation scheme for network node access authentication, so that the network It is impossible to determine more trusted nodes in the network, which affects the development of communication services in the network. For example, if a user terminal accesses the network through an untrusted node, it cannot be authenticated, or an untrusted node as a user access device cannot implement corresponding admission control functions, etc.

Images