CN104333855A - Wireless broadband authorization method and system of roaming forwarding - Google Patents
Wireless broadband authorization method and system of roaming forwarding Download PDFInfo
- Publication number
- CN104333855A CN104333855A CN201410602538.XA CN201410602538A CN104333855A CN 104333855 A CN104333855 A CN 104333855A CN 201410602538 A CN201410602538 A CN 201410602538A CN 104333855 A CN104333855 A CN 104333855A
- Authority
- CN
- China
- Prior art keywords
- roaming
- certification
- proxy server
- module
- matching
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W8/00—Network data management
- H04W8/18—Processing of user or subscriber data, e.g. subscribed services, user preferences or user profiles; Transfer of user or subscriber data
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/06—Authentication
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Databases & Information Systems (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
The invention relates to wireless broadband authorization method and system of roaming forwarding. The method comprises the following steps: 1, receiving an authorization request and an authentication package input by a user; 2, sending the authentication request and the authentication package to a proxy server; 3, analyzing the authentication package to obtain a system identity corresponding to the user request; 4, matching the system identity with the system identity of the system of the proxy server, and determining whether the two system identities are matched; if so, determining that the system of the proxy server is the matching system and performing step 6; if not so, performing step 5; 5, respectively matching the system identity with the system identities of a plurality of roaming systems, wherein the roaming systems are the matching systems; 6, responding to the authorization request through an authorization server in the matching system to obtain the authorization result; 7, feeding backing the authorization result to a network access server through the proxy server. With the adoption of the method and system, the corresponding system can be sensed by a user to authorize so as to realize the networking function.
Description
Technical field
The present invention relates to the method and system that a kind of WiMAX certification roaming forwards, belong to field of computer technology.
Background technology
Along with the construction of operator's wireless city focus, does is the colleague much going to other places to go on business faced with the problem of wireless broadband Internet access: the account that I buys in A province can use in B province? traditional roaming is a set of wideband data storehouse of unified construction, the whole nation, the user that all transprovincial (districts and cities) are roamed must arrive this centring system and carry out certification, like this need central database and each province's database to carry out data interaction, very large pressure is produced to network.
Summary of the invention
Technical problem to be solved by this invention is, for the deficiencies in the prior art, provides a kind of roaming for user's cross-system to carry out the method that network access authentication provides the WiMAX certification roaming forwarding of technical solution.
The technical scheme that the present invention solves the problems of the technologies described above is as follows: a kind of method that WiMAX certification roaming forwards, and specifically comprises the following steps:
Step 1: network access server receives authentication request and the certification bag of user's input;
Step 2: authentication request and certification bag are sent to proxy server by network access server;
Step 3: the system banner obtaining respective user request resolved by proxy server to certification bag;
Step 4: mated with the unique system banner in proxy server said system by system banner, judges whether coupling; If coupling, proxy server said system is matching system, performs step 6; Otherwise, perform step 5;
Step 5: the unique system banner in the multiple roaming systems be connected with proxy server by system banner mates respectively, authentication request and certification bag is sent to the roaming system of coupling, described roaming system is matching system;
Step 6: the certificate server in described matching system carries out response to authentication request and obtains authentication result;
Step 7: authentication result is fed back to network access server by proxy server.
The invention has the beneficial effects as follows: the present invention realizes user's unaware and carries out certification to Home System, realizes function of surfing the Net.
On the basis of technique scheme, the present invention can also do following improvement.
Further, described certification bag comprises account information, encrypted message and system identification information.
Further, described each system comprises unique system banner, to identify different system.
The beneficial effect of above-mentioned further technical scheme is adopted to be that different system mark, mainly for system stamps label, is convenient to management.
Further, comprise proxy server in described each system, between proxy server, pass through roaming communication.
Further, described step 5 specifically comprises the following steps:
Step 5.1: the unique system banner in the multiple roaming systems be connected with proxy server by system banner mates respectively, obtains the roaming system that unique and authentication request matches;
Step 5.2: authentication request and certification bag are forwarded to the proxy server of the roaming system matched by roaming;
Step 5.3: described roaming system is matching system.
Technical problem to be solved by this invention is, for the deficiencies in the prior art, provides a kind of roaming for user's cross-system to carry out the system that network access authentication provides the WiMAX certification roaming forwarding of technical solution.
The technical scheme that the present invention solves the problems of the technologies described above is as follows: the system that a kind of WiMAX certification roaming forwards, and comprises request receiving module, Forward Proxy module, parsing module, matching module, roaming matching module, authentication result module and feedback module;
Described request receiver module is used for authentication request and the certification bag that net control access server receives user's input;
Described Forward Proxy module is used for net control access server and authentication request and certification bag is sent to proxy server;
Described parsing module is used for control agent server and certification bag is resolved to the system banner obtaining respective user request;
Described matching module is used for system banner to mate with the unique system banner in proxy server said system, judges whether coupling; If coupling, proxy server said system is matching system, authentication request is sent to authentication result module; Otherwise, authentication request is sent to roaming matching module;
Unique system banner that described roaming matching module is used in the multiple roaming systems be connected with proxy server by system banner mates respectively, and authentication request and certification bag are sent to the roaming system of coupling, described roaming system is matching system;
Described authentication result module is carried out response for the certificate server controlled in matching system to authentication request and is obtained authentication result;
Described feedback module is used for authentication result to feed back to network access server by proxy server.
The invention has the beneficial effects as follows: the present invention realizes user's unaware and carries out certification to Home System, realizes function of surfing the Net.
On the basis of technique scheme, the present invention can also do following improvement.
Further, described certification bag comprises account information, encrypted message and system identification information.
Further, described each system comprises unique system banner, to identify different system.
The beneficial effect of above-mentioned further technical scheme is adopted to be that different system mark, mainly for system stamps label, is convenient to management.
Further, comprise proxy server in described each system, between proxy server, pass through roaming communication.
Further, described roaming matching module comprises authentication module and roaming forwarding module;
Unique system banner that described authentication module is used in multiple roaming systems of being connected with proxy server by system banner mates respectively, obtains uniquely and roaming system that authentication request matches;
Described roaming forwarding module is used for authentication request and certification bag to be forwarded to the proxy server of the roaming system matched by roaming, and described roaming system is matching system.
Accompanying drawing explanation
Fig. 1 is the method flow diagram of a kind of rapid batch outgoing call of the present invention;
Fig. 2 is the system architecture diagram of a kind of rapid batch outgoing call of the present invention;
Data structure diagram in the method and system that Fig. 3 is a kind of rapid batch outgoing call described in the specific embodiment of the invention.
In accompanying drawing, the list of parts representated by each label is as follows:
1, request receiving module, 2, Forward Proxy module, 3, parsing module, 4, matching module, 5, roaming matching module, 6, authentication result module, 7, feedback module, 51, authentication module, 52, roaming forwarding module.
Embodiment
Be described principle of the present invention and feature below in conjunction with accompanying drawing, example, only for explaining the present invention, is not intended to limit scope of the present invention.
As shown in Figure 1, be the method that a kind of WiMAX certification roaming of the present invention forwards, specifically comprise the following steps:
Step 1: network access server receives authentication request and the certification bag of user's input;
Step 2: authentication request and certification bag are sent to proxy server by network access server;
Step 3: the system banner obtaining respective user request resolved by proxy server to certification bag;
Step 4: mated with the unique system banner in proxy server said system by system banner, judges whether coupling; If coupling, proxy server said system is matching system, performs step 8; Otherwise, perform step 5;
Step 5: the unique system banner in the multiple roaming systems be connected with proxy server by system banner mates respectively, obtains the roaming system that unique and authentication request matches;
Step 6: authentication request and certification bag are forwarded to the proxy server of the roaming system matched by roaming;
Step 7: described roaming system is matching system;
Step 8: the certificate server in described matching system carries out response to authentication request and obtains authentication result;
Step 9: authentication result is fed back to network access server by proxy server.
Described certification bag comprises account information, encrypted message and system identification information.
Described each system comprises unique system banner, to identify different system.Different system mark, mainly for system stamps label, is convenient to management.
Comprise proxy server in described each system, between proxy server, pass through roaming communication.
As shown in Figure 2, be the system that a kind of WiMAX certification roaming of the present invention forwards, comprise request receiving module 1, Forward Proxy module 2, parsing module 3, matching module 4, roaming matching module 5, authentication result module 6 and feedback module 7;
Described request receiver module 1 receives authentication request and the certification bag of user's input for net control access server;
Authentication request and certification bag are sent to proxy server for net control access server by described Forward Proxy module 2;
Described parsing module 3 resolves the system banner obtaining respective user request to certification bag for control agent server;
Described matching module 4, for being mated with the unique system banner in proxy server said system by system banner, judges whether coupling; If coupling, proxy server said system is matching system, authentication request is sent to authentication result module 6; Otherwise, authentication request is sent to roaming matching module 5;
Described roaming matching module 5 mates respectively for the unique system banner in multiple roaming systems of being connected with proxy server by system banner, and authentication request and certification bag are sent to the roaming system of coupling, described roaming system is matching system;
Described authentication result module 6 is carried out response for the certificate server controlled in matching system to authentication request and is obtained authentication result;
Described feedback module 7 is for feeding back to network access server by authentication result by proxy server.
Described certification bag comprises account information, encrypted message and system identification information.
Described each system comprises unique system banner, to identify different system.Different system mark, mainly for system stamps label, is convenient to management.
Comprise proxy server in described each system, between proxy server, pass through roaming communication.
Described roaming matching module 5 comprises authentication module 51 and roaming forwarding module 52;
Described authentication module 51 mates respectively for the unique system banner in multiple roaming systems of being connected with proxy server by system banner, obtains the roaming system that unique and authentication request matches;
Described roaming forwarding module 52 is for being forwarded to the proxy server of the roaming system matched by authentication request and certification bag by roaming, and described roaming system is matching system.
Following examples take province as boundary, carry out describing using the Verification System in different province as the multiple systems in the present invention:
1. operator's roaming identity take province as boundary, and oneself Verification System is set up in each province.
According to the planning of operator, existence anduniquess mark between each province.Each mark, mainly for label is stamped in province, is convenient to management.
2. each province's Verification System front end newly add proxy server (proxy server Main Function and load-balancing device similar, possess certification forwarding capability) all authentication request of coming from network access server (NAS) all can to forwarding server.
3. proxy server Preliminary Analysis information (resolving takes certification bag, parses account information and the encrypted message of user's request) is according to the province mark of account information face representative, judges which platform certificate server is authentication request send to.If this province of user attaching, authentication request is transmitted to this province certificate server; If other province districts and cities of user attaching, be transmitted to roaming districts and cities server.
4. certificate server responds authentication request, and authentication result is sent to network access server, completes certification.Achieving operator can according to the system banner fast-forwarding user authentication request in certification bag, and in affiliated province, Verification System carries out certification.
For the specific embodiment in province as shown in Figure 3, concrete verification process is as follows in the present invention:
In the Broadband authentication scheme process of construction of A province, add proxy server in certificate server front end;
Configuration A province proxy server, it can be acted on behalf of A and economize certification and the certification of B province;
User ID be the user that economizes of A at A province access authentication, A economizes proxy server parses certification bag, finds that user attaching is that A economizes, request is got to A and economize certificate server certification.
User ID be the user that economizes of B at A province access authentication, A province proxy server parses certification bag, finds that user attaching is that B economizes, request is got to B and economize certificate server certification.
The foregoing is only preferred embodiment of the present invention, not in order to limit the present invention, within the spirit and principles in the present invention all, any amendment done, equivalent replacement, improvement etc., all should be included within protection scope of the present invention.
Claims (10)
1. a method for WiMAX certification roaming forwarding, is characterized in that, specifically comprise the following steps:
Step 1: network access server receives authentication request and the certification bag of user's input;
Step 2: authentication request and certification bag are sent to proxy server by network access server;
Step 3: the system banner obtaining respective user request resolved by proxy server to certification bag;
Step 4: mated with the unique system banner in proxy server said system by system banner, judges whether coupling; If coupling, proxy server said system is matching system, performs step 6; Otherwise, perform step 5;
Step 5: the unique system banner in the multiple roaming systems be connected with proxy server by system banner mates respectively, authentication request and certification bag is sent to the roaming system of coupling, described roaming system is matching system;
Step 6: the certificate server in described matching system carries out response to authentication request and obtains authentication result;
Step 7: authentication result is fed back to network access server by proxy server.
2. the method for a kind of WiMAX certification roaming forwarding according to claim 1, it is characterized in that, described certification bag comprises account information, encrypted message and system identification information.
3. the method for a kind of WiMAX certification roaming forwarding according to claim 1, it is characterized in that, described each system comprises unique system banner, to identify different system.
4. the method for a kind of WiMAX certification roaming forwarding according to claim 1, is characterized in that, comprise proxy server, pass through roaming communication between proxy server in described each system.
5. the method for a kind of WiMAX certification roaming forwarding according to claim 1, it is characterized in that, described step 5 specifically comprises the following steps:
Step 5.1: the unique system banner in the multiple roaming systems be connected with proxy server by system banner mates respectively, obtains the roaming system that unique and authentication request matches;
Step 5.2: authentication request and certification bag are forwarded to the proxy server of the roaming system matched by roaming;
Step 5.3: described roaming system is matching system.
6. a system for WiMAX certification roaming forwarding, comprises request receiving module, Forward Proxy module, parsing module, matching module, roaming matching module, authentication result module and feedback module;
Described request receiver module is used for authentication request and the certification bag that net control access server receives user's input;
Described Forward Proxy module is used for net control access server and authentication request and certification bag is sent to proxy server;
Described parsing module is used for control agent server and certification bag is resolved to the system banner obtaining respective user request;
Described matching module is used for system banner to mate with the unique system banner in proxy server said system, judges whether coupling; If coupling, proxy server said system is matching system, authentication request is sent to authentication result module; Otherwise, authentication request is sent to roaming matching module;
Unique system banner that described roaming matching module is used in the multiple roaming systems be connected with proxy server by system banner mates respectively, and authentication request and certification bag are sent to the roaming system of coupling, described roaming system is matching system;
Described authentication result module is carried out response for the certificate server controlled in matching system to authentication request and is obtained authentication result;
Described feedback module is used for authentication result to feed back to network access server by proxy server.
7. the system of a kind of WiMAX certification roaming forwarding according to claim 6, it is characterized in that, described certification bag comprises account information, encrypted message and system identification information.
8. the system of a kind of WiMAX certification roaming forwarding according to claim 6, it is characterized in that, described each system comprises unique system banner, to identify different system.
9. the system of a kind of WiMAX certification roaming forwarding according to claim 6, is characterized in that further, comprising proxy server, pass through roaming communication between proxy server in described each system.
10. the system of a kind of WiMAX certification roaming forwarding according to claim 6, it is characterized in that, described roaming matching module comprises authentication module and roaming forwarding module;
Unique system banner that described authentication module is used in multiple roaming systems of being connected with proxy server by system banner mates respectively, obtains uniquely and roaming system that authentication request matches;
Described roaming forwarding module is used for authentication request and certification bag to be forwarded to the proxy server of the roaming system matched by roaming, and described roaming system is matching system.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410602538.XA CN104333855B (en) | 2014-10-31 | 2014-10-31 | A kind of method and system of WiMAX certification roaming forwarding |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410602538.XA CN104333855B (en) | 2014-10-31 | 2014-10-31 | A kind of method and system of WiMAX certification roaming forwarding |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN104333855A true CN104333855A (en) | 2015-02-04 |
| CN104333855B CN104333855B (en) | 2018-04-27 |
Family
ID=52408487
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201410602538.XA Active CN104333855B (en) | 2014-10-31 | 2014-10-31 | A kind of method and system of WiMAX certification roaming forwarding |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN104333855B (en) |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1604548A (en) * | 2003-09-30 | 2005-04-06 | 华为技术有限公司 | Rapid interactive method for selection of accessing mobile network by user terminal in WLAN |
| US20070186273A1 (en) * | 2004-02-09 | 2007-08-09 | Celine Carpy | Method and system for managing access authorization for a user in a local administrative domain when the user connects to an ip network |
| CN101616414A (en) * | 2008-06-23 | 2009-12-30 | 中国移动通信集团公司 | Method, system and server that terminal is authenticated |
| CN101945388A (en) * | 2010-10-14 | 2011-01-12 | 杭州华三通信技术有限公司 | Wireless roaming authentication method, wireless roaming method and device thereof |
| CN102843683A (en) * | 2012-08-21 | 2012-12-26 | 北京星网锐捷网络技术有限公司 | Wireless local area network (WLAN) access method, WLAN access device and WLAN access system |
-
2014
- 2014-10-31 CN CN201410602538.XA patent/CN104333855B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1604548A (en) * | 2003-09-30 | 2005-04-06 | 华为技术有限公司 | Rapid interactive method for selection of accessing mobile network by user terminal in WLAN |
| US20070186273A1 (en) * | 2004-02-09 | 2007-08-09 | Celine Carpy | Method and system for managing access authorization for a user in a local administrative domain when the user connects to an ip network |
| CN101616414A (en) * | 2008-06-23 | 2009-12-30 | 中国移动通信集团公司 | Method, system and server that terminal is authenticated |
| CN101945388A (en) * | 2010-10-14 | 2011-01-12 | 杭州华三通信技术有限公司 | Wireless roaming authentication method, wireless roaming method and device thereof |
| CN102843683A (en) * | 2012-08-21 | 2012-12-26 | 北京星网锐捷网络技术有限公司 | Wireless local area network (WLAN) access method, WLAN access device and WLAN access system |
Also Published As
| Publication number | Publication date |
|---|---|
| CN104333855B (en) | 2018-04-27 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| JP2018502471A5 (en) | ||
| CN102624728B (en) | Method and system for carrying out whole-network login authentication by utilizing registered website user information | |
| CN102904865B (en) | A kind of management method, system and equipment of the multiple digital certificates based on mobile terminal | |
| CN103475726A (en) | Virtual desktop management method, server and client side | |
| RU2013143020A (en) | COMMUNICATION SYSTEM, DATABASE, CONTROL DEVICE, COMMUNICATION METHOD AND PROGRAM | |
| MX2021010516A (en) | Proximity based user identification and authentication system and method. | |
| CN101808051A (en) | Application integration gateway and control method thereof | |
| CN104247485A (en) | Network application function authorisation in a generic bootstrapping architecture | |
| WO2012075814A1 (en) | Method and system for application key management for mtc group devices | |
| WO2014180392A1 (en) | M2m-based information processing method and m2m service platform | |
| EP4391445A3 (en) | Provisioning method and system with message conversion | |
| CN103414732B (en) | Application integration device and application integration processing method | |
| CN104270302A (en) | Online order transmitting system and method | |
| WO2016023348A1 (en) | User equipment registration method, entity and system and computer storage medium | |
| CN103051738B (en) | A kind of dhcp address distribution method and system | |
| CN102629345B (en) | Chain type links up collaboration method, Apparatus and system | |
| CN102137102B (en) | Realizing method of service supporting platform for supporting multiclass information publishing modes | |
| CN103546426A (en) | Information sharing method and management server | |
| WO2015117362A1 (en) | Method and device for sharing personal information on terminal | |
| CN104333855A (en) | Wireless broadband authorization method and system of roaming forwarding | |
| CN111061784A (en) | Data interaction method and system | |
| KR102612463B1 (en) | Method and apparatus for managing verifiable credential and device authentication based on decentralized identifier | |
| CN106572453B (en) | Content charging method, charging network element, SP server and charging system | |
| CN109150661A (en) | A kind of method for discovering equipment and device | |
| CN105792196B (en) | MTC grouping management method, device and system, and network entity |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |