CN101925062A - Network access method, device and system - Google Patents
Network access method, device and system Download PDFInfo
- Publication number
- CN101925062A CN101925062A CN2009100866249A CN200910086624A CN101925062A CN 101925062 A CN101925062 A CN 101925062A CN 2009100866249 A CN2009100866249 A CN 2009100866249A CN 200910086624 A CN200910086624 A CN 200910086624A CN 101925062 A CN101925062 A CN 101925062A
- Authority
- CN
- China
- Prior art keywords
- network
- access
- network terminal
- duration
- authenticating
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Landscapes
- Mobile Radio Communication Systems (AREA)
- Telephonic Communication Services (AREA)
Abstract
The invention relates to a network access method, device and system; and the method comprises the following steps: a network terminal sends access request message of requesting to access to the network to the network access device so as to request an authentication charging center to perform authentication charging operation on the access operation of the network terminal through the network access device, wherein the access request message comprises cellphone number and password information of cellphone user; the network terminal receives the access allow message sent back by the authentication charging centre through the network access device to access to the wideband internet. The embodiment of the invention enables the user to obtain the network access service by accessing to the internet through the cellphone number if the network terminal accessing to the network has neither data card nor radio wireless network card on the network terminal accessing to the network or if the network access occasion has no radio signal cover.
Description
Technical field
The present invention relates to communication technical field, relate in particular to a kind of technical scheme of access network.
Background technology
Along with the fast development of the network communications technology, getting in touch of people's work and life and the Internet is also more and more tightr.People insert the Internet through regular meeting, to obtain abundant information from the Internet.
In fixing office or life area, it is very convenient and easy that Internet service provides.But,, then be not very easily by the online of portable terminal device strange land when the user goes on business or travels outside.For example on the airport, places such as station, cafe, need service point advance payment cash application access network before the user surfs the Net, after online finishes, also to arrive the service point application and check up and return the amount of money of not consumed, the feasible process of obtaining service on net is comparatively loaded down with trivial details.And the service fee of the broadband provider in these places is also higher relatively.
In order to make the user can conveniently realize the strange land broadband access network, then SIM (client identification module) card information can be made wireless Internet card or data card, be linked on the portable terminal device.When the user surfs the Net, at first mutual by portable terminal device and BAS (BAS Broadband Access Server), SIM card information in the wireless Internet card is issued AAA (authentication, authentication, charging) server, finish authentication alternately by the HLR in aaa server and the cordless communication network (attaching position register), surf the Net by back aaa server authorized user in authentication, and finish corresponding billing operation by aaa server, the consumption record of also will surfing the Net is simultaneously issued wireless communication system and is carried out actual payment and clearing.
In realizing process of the present invention, the inventor finds that there are the following problems at least in the prior art:
On the network terminal that is used to surf the Net, need to install corresponding data card or wireless Internet card, if no corresponding data card or wireless Internet card, then can't accesses network.
Summary of the invention
Embodiments of the invention provide a kind of method, equipment and system of access network, so that the user can insert the internet easily.
A kind of method of access network comprises:
The network terminal sends the access request message of asking access network by cable network or wireless network to network access equipment, comprises user's phone number and encrypted message in the described access request message;
After the network terminal receives the message that permission that network access equipment returns inserts, access network.
A kind of network terminal comprises:
Insert request transmitting unit, be used for sending the access request message of asking access network to network access equipment, comprise user's phone number and encrypted message in the described access request message by cable network or wireless network;
The network insertion unit is used for after receiving the message that permission that described network access equipment returns inserts access network.
A kind of access control method comprises:
After receiving the access request message that the network terminal sends by cable network or wireless network, described access request message is sent to the authenticating and charging center, comprise user's phone number and encrypted message in the described access request message;
After receiving the authenticating result of returning at the authenticating and charging center, determine whether to allow network terminal access network according to described authenticating result;
After determining to allow network terminal access network, notify described network terminal access network.
A kind of network access equipment comprises:
Dispatch Unit, be used for behind the access request message that the reception network terminal sends by cable network or wireless network, described access request message is sent to the authenticating and charging center, comprise user's phone number and encrypted message in the described access request message;
The authenticating result processing unit after being used to receive the authenticating result of returning at the authenticating and charging center, determines whether to allow network terminal access network according to described authenticating result;
The authenticating result notification unit is used for notifying described network terminal access network after described authenticating result processing unit determines to allow network terminal access network.
A kind of network access management method comprises:
Receive the access request message of the network terminal, comprise user's phone number and encrypted message in the described access request message by the request access network of cable network or wireless network transmission;
According to the phone number and the encrypted message that insert in the request message authentication operations is carried out in the access request of the described network terminal, and send the authenticating result that whether allows network terminal access network.
A kind of network management device comprises:
The message sink unit is used to receive the access request message of the network terminal by the request access network of cable network or wireless network transmission, comprises user's phone number and encrypted message in the described access request message;
The authentication process unit, the phone number and the encrypted message that are used for the access request message that receives according to described message sink unit carry out authentication operations to the access request of the described network terminal, and send the authenticating result that whether allows network terminal access network.
A kind of network insertion management system comprises above-mentioned network access equipment and above-mentioned network management device.
The technical scheme that is provided by the embodiment of the invention described above as can be seen, it specifically is based on the mobile phone account number and inserts the Internet by cable network or wireless network, thereby making does not have under the situation of data card or wireless Internet card at the network terminal that is used for accesses network, the user still can obtain the network insertion service based on mobile phone account number access internet.
Description of drawings
In order to be illustrated more clearly in the technical scheme of the embodiment of the invention, the accompanying drawing of required use is done to introduce simply in will describing embodiment below, apparently, accompanying drawing in describing below only is some embodiments of the present invention, for those of ordinary skills, under the prerequisite of not paying creative work, can also obtain other accompanying drawing according to these accompanying drawings.
Fig. 1 is the application scenarios schematic diagram of the embodiment of the invention;
The network insertion process schematic diagram that Fig. 2 provides for the embodiment of the invention;
Fig. 3 obtains flow chart for the random cipher that the embodiment of the invention provides;
Charging flow schematic diagram in the network insertion process that Fig. 4 provides for the embodiment of the invention;
The device structure schematic diagram that Fig. 5 provides for the embodiment of the invention.
Embodiment
Below in conjunction with the accompanying drawing in the embodiment of the invention, the technical scheme in the embodiment of the invention is clearly and completely described, obviously, described embodiment only is the present invention's part embodiment, rather than whole embodiment.Based on the embodiment among the present invention, those of ordinary skills belong to the scope of protection of the invention not making the every other embodiment that is obtained under the creative work prerequisite.
The network insertion scheme that the embodiment of the invention provides specifically is to realize by the communication between the network terminal, three entities of network access equipment and authenticating and charging center.The processing procedure that to finish separately each entity respectively is described below.
On the network terminal, it can send the access request message of request access network by cable network or wireless network to network access equipment, comprise the user phone number and the encrypted message of (or claiming the cellphone subscriber) in the request message corresponding the access, so that network side can be determined corresponding mobile phone account according to phone number that obtains and encrypted message, and the network insertion process is carried out authenticating and charging based on corresponding mobile phone account; After the network terminal receives the message that permission that network access equipment returns inserts, just can access network, obtain the network insertion service.
The encrypted message that the corresponding network terminal sends both can be the service password of phone number correspondence in the mobile operator system, perhaps, and also can be for being the network insertion password of cellphone subscriber's generation in real time by mobile operator system (as sms center etc.), or the like.
After the access request message that the network terminal sends arrives network access equipment, be after network access equipment receives the access request message that the network terminal sends by cable network or wireless network, to insert request message accordingly and send to the authenticating and charging center, so that the authenticating and charging center is carried out the authenticating and charging processing according to phone number that inserts the cellphone subscriber who comprises in the request message and encrypted message to the process of this access network of this network terminal; After receiving the authenticating result of returning at the authenticating and charging center when network access equipment, just can determine whether to allow network terminal access network according to this authenticating result, if after determining to allow network terminal access network, informing network accessing terminal to network then.
Alternatively, if described authenticating result, then can also comprise in duration, flow or the bandwidth that allows network terminal access network one or multinomial for allowing network terminal access network in this authenticating result.And corresponding network access equipment can also be monitored according to one in the duration, flow or the bandwidth that allow network terminal access network or multinomial process to network terminal access network.For example, when the duration that monitors network terminal accesses network or flow reached predetermined value, then application was chargeed to corresponding accesses network duration or flow to the authenticating and charging center, so that in time carry out billing operation, reduced the arrearage risk; If the duration or the flow of this mandate are used up, then can also authorize in duration, flow or the bandwidth of access network one or multinomial again, so that continue accesses network to the authenticating and charging center requests.
In the embodiment of the invention, the corresponding authentication charging center is after receiving the access request message of the network terminal by the request access network of cable network or wireless network transmission, then authentication operations is carried out in the access request of the network terminal, and send the authenticating result that whether allows network terminal access network according to the phone number and the encrypted message that insert in the request message.
Alternatively, in the corresponding authentication result, can also comprise in duration, flow or the bandwidth that allows network terminal access network one or multinomial; And, can also carry out billing operation according to one in duration, flow or the bandwidth of network terminal access network or multinomial process to network terminal access network.
In above-mentioned processing procedure, the corresponding authentication charging center can also be in the process of network terminal access network, the charging application of sending according to network access equipment, duration or flow to network terminal access network charge, and the message of authorizing again according to corresponding request lets slip Cheng Jinhang for connecing of the network terminal again and authorizes, as one in duration, flow or the bandwidth of authorizing access network or multinomial etc.
By the technical scheme that the embodiment of the invention provides, can solve present strange land broadband access network problem at low cost.And, the broadband services that each Virtual network operator can use the embodiment of the invention to extend self provides and runs, thereby make broadband network that the user can use various places based on mobile phone number of the account broadband access network whenever and wherever possible, as surfing the Net by WLAN (WLAN (wireless local area network)) wireless Internet access, cable broadband, when going on business or travel, utilize the broadband network free internet access of local place, or the like.Thereby can perhaps, not have under the situation of wireless signal covering in the online place so that do not have data card or wireless Internet card at the network terminal that is used for accesses network, the user still can obtain the network insertion service.
To be example to insert the Internet below, the specific implementation process of the embodiment of the invention will be described by broadband network.
The processing procedure that the employing mobile phone account that the embodiment of the invention provides carries out authentication paying strange land broadband access network specifically can comprise:
(1) network terminal when inserting the login the Internet, is sending phone number and the encrypted message broadband access equipment to login internet location place by broadband network (as the strange land broadband network etc.).
(2) broadband access equipment is issued mobile operator OCS (Online Charging System by Diameter with authentication message, Online Charging System) charging right discriminating system, and by the charging right discriminating system according to the information of carrying in the authentication message, authentication is carried out in the operation of network terminal login the Internet;
The information of carrying in the corresponding authentication message comprises: phone number, encrypted message alternatively, can also comprise: in the information such as application online burst (time period or flow), bandwidth application or Network Access Point one or multinomial.
Particularly, if charging right discriminating system authentication is passed through, then be this network terminal authorized appropriation bandwidth and corresponding online burst, and send authorization messages to the network terminal, the information of carrying in this authorization messages can comprise: information such as online burst (as online duration or flow burst etc.), bandwidth; Otherwise, refuse the connection of this network terminal, promptly forbid this network terminal login and access internet.
(3) network terminal information registration and the access internet of carrying according to the authorization messages received, and in the process of network terminal access network, by broadband access equipment BAS the access network process of the network terminal is monitored, the OCS system carries out real time billing.
Finish this Internet access operation at the network terminal, after promptly the network terminal rolls off the production line, carry out disbursement and sattlement by the OCS system, and the expense that from the mobile phone account of corresponding phone number correspondence, produces in the deduction corresponding network accessing terminal to network process.
By above-mentioned processing procedure, just can be so that the user can based on mobile phone account number access internet, obtain the network insertion service by the network terminal and access network (as broadband network etc.).And then guaranteed that the corresponding network terminal is not having corresponding data card or wireless SIM card equipment, perhaps, the online zone does not have under the situation of wireless signal covering, all can be based on mobile phone account number accesses network.
For ease of understanding,, the concrete application process of the embodiment of the invention in communications network system is described in detail below in conjunction with accompanying drawing.
The application scenarios of the embodiment of the invention can be with reference to shown in Figure 1, and the Real-time Billing System OCS of corresponding mobile operator is responsible for providing based on mobile phone account and realizes that the Authentication Authorization of strange land broadband access network is handled, real time billing is handled, clearing are divided into functions such as processing and mobile phone account management.When network terminal employing phone number accesses network, provide the connection of online to monitor processing, apply for processing etc. with charging based on the authentication application and the authorisation process (being that Authentication Authorization is handled) of Diameter by first node.If relate to cross operator network or strange land network, then first node can be transmitted to Section Point with the request of being correlated with, and finishes forwarding and route (be route distribution handle), the message access processing etc. of Diameter message according to phone number and type of service by Section Point.
In Fig. 1, whole system is by using the mobile phone account of mobile operator, provides real-time authentication to charge for user capture strange land operator's broadband network or when using the broadband network that cross operator provides.Be that the user only need provide phone number and encrypted message in the accesses network process, just can insert the strange land broadband network by the network terminal whenever and wherever possible, and access internet.And corresponding whole access to netwoks process is specifically as follows carries out authentication based on real-time Diameter message and charges in advance, and therefore, there is not the arrearage risk in user operator in last network process.
Based on above-mentioned communication network shown in Figure 1, in embodiments of the present invention, the processing procedure that the user realizes the strange land broadband access network based on the mobile phone account number specifically can comprise as shown in Figure 2:
Step 21, the network terminal that the user uses is by cordless communication network login the Internet the time, then input handset number and encrypted message on the network terminal that is used to surf the Net, and corresponding phone number and encrypted message sent to first node (as BAS Broadband Access Server etc.), connect and authentication with the application online, and online application is connected control and treatment by first node, connection is limited in the visit Section Point, and does not allow the access internet resource;
Step 22, first node is according to strange land broadband network situation, generation is issued Section Point based on the authentication solicitation message of Diameter, and corresponding Section Point can be for the access node Diameter Agent (based on the agent equipment of Diameter) of mobile operator etc.;
The authentication information that carries in the corresponding authentication solicitation message can comprise phone number and encrypted message, and comprises in the information such as the bandwidth of first burst of online (duration or flow), application online of application or strange land Network Access Point one or multinomial alternatively.
Step 23, Section Point is handled authentication message and is inserted, and carry out routing forwarding to the real-time authorization accounting system OCS of mobile operator ownership place of cell-phone number sign indicating number correspondence according to the information such as phone number in the authentication message, particularly, corresponding route distribution process can be according to realizations such as phone number sections.
Step 24, the OCS system handles user's authentication application, and returns authenticating result to Section Point;
The account-related information and the authenticating and charging information (as information such as remaining sum, account status, password, rate) that have the phone number correspondence of user's use in the corresponding OCS system;
Particularly, can carry out authorisation process and return Diameter Authorization result message according to phone number, encrypted message, mobile phone number of the account state, balance amount information, tariff information as authenticating result; Can comprise in the corresponding Authorization result message: whether allow the sign of surfing the Net; Wherein, the password that sends over is verified, if the password mistake is then refused the online application of the network terminal; The account of phone number correspondence to online also needs to carry out authentication, if the phone number corresponding account is in abnormalities such as shutdown, cancellation, then will refuse the online application of the network terminal;
If authentication is passed through, the sign that promptly whether allows accordingly to surf the Net is designated as the permission online, can comprise in the then corresponding Authorization result message: the online burst information such as (as duration or flows etc.) of the online bandwidth of permission, permission can also comprise online monitor mode information such as (as according to duration or traffic monitoring etc.).Further, if the duration or the flow of Sorry, your ticket has not enough value the payment application of the mobile phone account of phone number correspondence then carry out expense according to the remaining sum of mobile phone account and calculate,, lock the mobile phone account remaining sum simultaneously according to result of calculation mandate online burst and online bandwidth; If the mobile phone account remaining sum of phone number correspondence is enough, then carries out expense budget, and carry out the funds reservation locking, simultaneously according to application down sending content Authorization result message according to budget result according to the application of the network terminal; Can prevent effectively that by corresponding lock operation the application of other business from causing the arrearage risk that causes;
If authentication do not pass through, then return and comprise the Authorization result message that does not allow the sign of surfing the Net, with the request of this access network of the refusal network terminal to Section Point.
Above-mentioned steps 21 to step 24 describe at the whether correct proof procedure of corresponding encrypted message in, for guaranteeing the encrypted message transmission safety, specifically can adopt secure transfer protocol SSL (secure socket layer protocol) to carry out the transmission of whole authentication session; Perhaps, adopt IPSEC (security service that provides based on the IP layer) mechanism to guarantee network security; Perhaps, also can adopt hash algorithms such as MD5 or SHA1, when the user inputs password, by first node user cipher is carried out Hash operation, corresponding, on second node, calculate according to the encrypted message of hash algorithm, and compare and finish password authentification with the password of application authentication to the phone number correspondence of native system by the OCS system.
In embodiments of the present invention, the encrypted message of phone number correspondence can adopt the service password of cellphone subscriber in the mobile operator system, perhaps, also can obtain from SMSC (sms center) before application online authentication.Accordingly the process that obtains encrypted message by SMSC can comprise as shown in Figure 3:
Step 31, user mobile phone send the note order of application online password to SMSC by MSC (mobile switching centre);
Step 32, SMSC will order the note business processing module of issuing the OCS system accordingly, and will be responsible for generating the password of this cellphone subscriber's online by this note business processing module.
Step 33 is retained in the password of this generation in the OCS system, also this password is handed down to SMSC by note;
Step 34, SMSC issues the cellphone subscriber with the password that the user who generates surfs the Net.
Obtain the password of corresponding phone number correspondence by this mode, can strengthen the fail safe of password, like this, both can regularly replace the password of online, simultaneously, also do not need the user to remember the service password of mobile phone or the password that fixing online is used.
After step 25, Section Point are received the corresponding authentication result, then carry out route distribution and handle, so that authenticating result is returned to first node.
Step 26, first node are received the authenticating result of returning, then handle according to returning authenticating result, and the informing network terminal;
Particularly, if authenticating result is refusal network terminal access network, the then online application of refusing user's, promptly first node does not allow this network terminal access internet resource; If authenticating result then allows this network terminal access internet resource according to the information in the authenticating result (being Authorization result message) for allowing user's online, as distributing corresponding bandwidth, carry out burst monitoring and network resource accession control, or the like;
Wherein, in the process of first node monitor network terminal online,,, and forbid that this network terminal continues the access internet resource then to OCS system Apply Charging and clearing if the network terminal initiatively rolls off the production line; Moreover, first node is if determine to satisfy predetermined monitoring condition, then handle to OCS system Apply Charging, for example, if the burst that monitors is middle burst, then first node is to OCS system Apply Charging, and continue the permission network terminal according to the authorization response of returning and surf the Net, if the burst that monitors is last burst,, and forbid that the network terminal continues the access internet resource then to OCS system Apply Charging and clearing.
Step 27, the user is by corresponding network terminal access internet resource, and the process of corresponding access internet resource specifically is that the monitoring of ground first node realizes down.
In above-mentioned steps 26, handle by carrying out corresponding monitoring as the broadband access equipment entity of first node.In this monitoring processing procedure, the processing of need chargeing at the last network process of the network terminal.
Particularly, in the monitoring processing procedure of network terminal access network, the processing procedure of chargeing accordingly specifically can may further comprise the steps as shown in Figure 4:
Can comprise in the corresponding charging request message: the next burst of phone number, application (duration or flow), and in the information such as the online duration of current burst or online flow one or multinomial.
The processing procedure that the OCS system adopts specifically can comprise: at first the locking fund is reserved in the online of current burst and reduced.After from the account of phone number correspondence, having reduced current burst expenses of surfing Internet, the account of phone number correspondence is judged, if the account is undesired, then do not allow this network terminal to continue online, if the account is normal, then handle according to account balance.Wherein, if account balance is enough, then continue to allow this network terminal online, for it authorizes next burst according to application, and the fund amount of the next burst correspondence of locking application online, corresponding next burst is returned the charging request-reply as the Authorization result of middle burst; If the account balance deficiency is then calculated online flow or the duration that allows according to current remaining sum, lock all funds of mobile phone account, and return the Authorization result of last burst according to result of calculation.Corresponding as comprising in the Authorization result of charging request-reply: as whether to allow the sign that continues to surf the Net,, then can also comprise the burst information such as (duration or flows) that continues the online monitoring if allow to continue online;
The OCS system needs the recording internet concluding time in carrying out last burst charging process, according to the total duration calculation online of online zero-time, generate online consumption ticket simultaneously, and carries out whole expenses of surfing Internet clearing; Last corresponding charging request message can comprise information such as the online duration during this burst, the flow of surfing the Net, and no longer comprises the information such as burst that application continues online.
In the network process, the processing that above-mentioned steps 41 to 44 is described can repeat repeatedly on the user, finishes to go up net operation up to the network terminal.
In the embodiment of the invention, the processing procedure when the corresponding network terminal finishes to go up net operation specifically can comprise still as shown in Figure 4:
Particularly, the network terminal that the user is used to surf the Net initiatively rolls off the production line, and promptly leaves the internet, perhaps, last burst of first node monitoring arrives, then by the charging of last burst of first node transmission charging ending request application with at the whole disbursement and sattlement of going up network process.
After step 46, Section Point receive corresponding charging ending request message, give mobile operator Real-time Billing System OCS with charging ending request message routing forwarding.
The provider customer that the embodiment of the invention is specifically as follows in the various cordless communication networks provides corresponding broadband access network service.And, also can adopt other protocol messages to communicate between corresponding first node and the Section Point, finish the authenticating and charging flow process as adopting the Radius protocol message to communicate as the part of Diameter message.In addition, the processing capacity that corresponding first node and Section Point are finished also can for example, be finished the respective handling function by broadband access equipment by finishing with the amount node device.
Application by the invention described above embodiment, can effectively reduce the strange land broadband access network to network terminal requirement (promptly need not hardware facilities such as corresponding SIM card of surfing Internet or data card), make the user when going on business or travel, need not under the situation that bandwidth operator handles the online formality, still can be, ground such as leisure place adopts the mobile phone account number to obtain the network insertion service on the airport.
And, in the embodiment of the invention, in last network process, can and deduct fees, thereby can prevent the arrearage risk that consumer wideband is surfed the Net the real-time authentication of mobile phone account.
Moreover, ground such as the application of the embodiment of the invention can also be on the airport, station, leisure place, food and drink place extend the broadband service scope of bandwidth operator and the service ability of mobile operator, and then make mobile operator, bandwidth operator form with place businessman to cooperate to be divided into management mode.
One of ordinary skill in the art will appreciate that all or part of flow process that realizes in the foregoing description method, be to instruct relevant hardware to finish by computer program, described program can be stored in the computer read/write memory medium, this program can comprise the flow process as the embodiment of above-mentioned each side method when carrying out.Wherein, described storage medium can be magnetic disc, CD, read-only storage memory body (Read-Only Memory, ROM) or at random store memory body (Random Access Memory, RAM) etc.
The embodiment of the invention also provides a kind of network terminal, and its specific implementation structure can comprise as shown in Figure 5 with lower unit:
Insert request transmitting unit 501, be used for sending the access request message of asking access network to network access equipment, insert the phone number and the encrypted message that comprise the cellphone subscriber in the request message accordingly by access network; Wherein, corresponding encrypted message can be for pre-determining, also can be for obtaining (as by the short message mode acquisition request etc.) in real time;
Network insertion unit 502 is used for after receiving the message that permission that network access equipment returns inserts access network.
The embodiment of the invention also provides a kind of network access equipment, and its specific implementation structure specifically can comprise still as shown in Figure 5:
Dispatch Unit 503, be used for behind the access request message that the reception network terminal sends by cable network or wireless network, described access request message is sent to the authenticating and charging center, same, insert the phone number and the encrypted message that comprise the cellphone subscriber in the request message accordingly;
Authenticating result processing unit 504 after being used to receive the authenticating result of returning at the authenticating and charging center, determines whether to allow network terminal access network according to the corresponding authentication result;
Authenticating result notification unit 505 is used for after above-mentioned authenticating result processing unit 504 is determined to allow the network terminal access network informing network accessing terminal to network.
Alternatively, if above-mentioned authenticating result processing unit 504 determines that authenticating result is for allowing network terminal access network, then this authenticating result processing unit 504 also obtains in duration, flow or the bandwidth that allows network terminal access network one or multinomial from described authenticating result, and this network equipment can also comprise monitoring processing unit 506, is used for monitoring according to one of corresponding duration, flow or the bandwidth that allows network terminal access network or multinomial process to described network terminal access network.Particularly, monitor processing unit 506 accordingly and can be used for when the duration that monitors network terminal accesses network or flow reach predetermined value, application is chargeed to described network duration or flow to the authenticating and charging center; If the duration or the flow of this mandate are used up, then can authorize in duration, flow or the bandwidth of access network one or multinomial again, so that the network terminal continues accesses network to the authenticating and charging center requests.
The embodiment of the invention also provides a kind of network management device, or claims the authenticating and charging center, and its specific implementation structure can comprise still as shown in Figure 5:
Message sink unit 507 is used to receive the access request message of the network terminal by the request access network of cable network or wireless network transmission;
Authentication process unit 508, the phone number and the encrypted message that are used for the access request message that receives according to above-mentioned message sink unit 507 carry out authentication operations to the access request of the corresponding network terminal, and send the authenticating result that whether allows network terminal access network.
Wherein, can also comprise in the authenticating result that corresponding authentication processing unit 508 sends: the duration that allows network terminal access network, in flow or the bandwidth one or multinomial, and this network management device also comprises charging processing unit 509, be used for duration according to network terminal access network, in flow or the bandwidth one or multinomial process to network terminal access network are carried out billing operation, the charging application that specifically can network access equipment reports to the processing of chargeing of the accesses network process of the network terminal, reduces the arrearage risk of the operator that the network insertion service is provided in time.
Corresponding authentication processing unit 508 also is used for the message of authorizing again that network access equipment sends is handled, think that the corresponding network terminal authorizes in the duration of access network, flow or the bandwidth one or multinomial again, make the network terminal can continue accesses network.
The embodiment of the invention also provides a kind of network access system, and this system comprises above-mentioned network access equipment and authenticating and charging center (being above-mentioned network management device).
By the invention described above embodiment can be by cable network or wireless network, provide corresponding network insertion service based on the mobile phone account for the network terminal.Thereby can extend the broadband service scope of bandwidth operator and the service ability of mobile operator, improve the ability of network service.
The above; only for the preferable embodiment of the present invention, but protection scope of the present invention is not limited thereto, and anyly is familiar with those skilled in the art in the technical scope that the present invention discloses; the variation that can expect easily or replacement all should be encompassed within protection scope of the present invention.Therefore, protection scope of the present invention should be as the criterion with the protection range of claim.
Claims (14)
1. the method for an access network is characterized in that, comprising:
The network terminal sends the access request message of asking access network to network access equipment, comprises user's phone number and encrypted message in the described access request message;
After the network terminal receives the message that permission that network access equipment returns inserts, access network.
2. method according to claim 1 is characterized in that, described encrypted message comprises:
The service password of phone number correspondence in the mobile operator system, perhaps, the network insertion password that the mobile operator system generates in real time.
3. a network terminal is characterized in that, comprising:
Insert request transmitting unit, be used for sending the access request message of request access network, comprise user's phone number and encrypted message in the described access request message to network access equipment;
The network insertion unit is used for after receiving the message that permission that described network access equipment returns inserts access network.
4. an access control method is characterized in that, comprising:
Behind the access request message that the reception network terminal sends, described access request message is sent to the authenticating and charging center, comprise user's phone number and encrypted message in the described access request message;
After receiving the authenticating result of returning at the authenticating and charging center, determine whether to allow network terminal access network according to described authenticating result;
After determining to allow network terminal access network, notify described network terminal access network.
5. method according to claim 4, it is characterized in that, if described authenticating result is for allowing network terminal access network, then described authenticating result also comprises: allow in duration, flow or the bandwidth of network terminal access network one or multinomial, and this method comprises also:
Monitor according to one in duration, flow or the bandwidth of described permission network terminal access network or multinomial process described network terminal access network.
6. method according to claim 5 is characterized in that, described monitoring comprises:
When the duration that monitors network terminal accesses network or flow reached predetermined value, then application was chargeed to described accesses network duration or flow to the authenticating and charging center; If the duration or the flow of this mandate are used up, then authorize in duration, flow or the bandwidth of access network one or multinomial again to the authenticating and charging center requests.
7. a network access equipment is characterized in that, comprising:
Dispatch Unit is used for behind the access request message that the reception network terminal sends described access request message being sent to the authenticating and charging center, comprises user's phone number and encrypted message in the described access request message;
The authenticating result processing unit after being used to receive the authenticating result of returning at the authenticating and charging center, determines whether to allow network terminal access network according to described authenticating result;
The authenticating result notification unit is used for notifying described network terminal access network after described authenticating result processing unit determines to allow network terminal access network.
8. network access equipment according to claim 7, it is characterized in that, if it is to allow network terminal access network that described authenticating result processing unit is determined authenticating result, then described authenticating result processing unit also obtains in duration, flow or the bandwidth that allows network terminal access network one or multinomial from described authenticating result, and this network equipment also comprises:
The monitoring processing unit is used for monitoring according to duration, flow or the bandwidth of described permission network terminal access network one or multinomial process to described network terminal access network.
9. network access equipment according to claim 8, it is characterized in that, described monitoring processing unit specifically is used for when the duration that monitors network terminal accesses network or flow reach predetermined value, and application is chargeed to described accesses network duration or flow to the authenticating and charging center; If the duration or the flow of this mandate are used up, then authorize in duration, flow or the bandwidth of access network one or multinomial again to the authenticating and charging center requests.
10. a network access management method is characterized in that, comprising:
Receive the access request message of the request access network of network terminal transmission, comprise user's phone number and encrypted message in the described access request message;
According to the phone number and the encrypted message that insert in the request message authentication operations is carried out in the access request of the described network terminal, and send the authenticating result that whether allows network terminal access network.
11. method according to claim 10 is characterized in that, described authenticating result also comprises: allow in duration, flow or the bandwidth of network terminal access network one or multinomial;
And this method also comprises:
Carry out billing operation according to one in duration, flow or the bandwidth of network terminal access network or multinomial process to network terminal access network.
12. a network management device is characterized in that, comprising:
The message sink unit is used to receive the access request message of the request access network that the network terminal sends, and comprises user's phone number and encrypted message in the described access request message;
The authentication process unit, the phone number and the encrypted message that are used for the access request message that receives according to described message sink unit carry out authentication operations to the access request of the described network terminal, and send the authenticating result that whether allows network terminal access network.
13. network management device according to claim 12, it is characterized in that, also comprise in the authenticating result that described authentication process unit sends: allow in duration, flow or the bandwidth of network terminal access network one or multinomial, and this network management device comprises also:
Charging processing unit is used for carrying out billing operation according to duration, flow or the bandwidth of network terminal access network one or multinomial process to network terminal access network.
14. a network insertion management system is characterized in that, comprises each described network access equipment of claim 7 to 9, and claim 12 or 13 described network management devices.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2009100866249A CN101925062A (en) | 2009-06-12 | 2009-06-12 | Network access method, device and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2009100866249A CN101925062A (en) | 2009-06-12 | 2009-06-12 | Network access method, device and system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN101925062A true CN101925062A (en) | 2010-12-22 |
Family
ID=43339627
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2009100866249A Pending CN101925062A (en) | 2009-06-12 | 2009-06-12 | Network access method, device and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101925062A (en) |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103415010A (en) * | 2013-07-18 | 2013-11-27 | 中国联合网络通信集团有限公司 | D2D network authentication method and system |
| CN106162617A (en) * | 2015-04-27 | 2016-11-23 | 腾讯科技(深圳)有限公司 | Determine the method and device of terminal SIM ownership place |
| CN106657154A (en) * | 2017-02-07 | 2017-05-10 | 中国联合网络通信集团有限公司 | Wireless access method and system, WiFi platform and operator number taking platform |
| CN114726572A (en) * | 2022-02-28 | 2022-07-08 | 南京第壹时间信息科技有限公司 | Access method and system of Internet equipment |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101102542A (en) * | 2007-06-14 | 2008-01-09 | 中兴通讯股份有限公司 | A method and device for self-service account opening and charging of CDMA system |
| US20080095129A1 (en) * | 2003-02-18 | 2008-04-24 | Cisco Technology, Inc. | Managing Network Service Access |
| CN101222712A (en) * | 2008-02-02 | 2008-07-16 | 代邦(江西)制卡有限公司 | Mobile terminal supporting virtual SIM card and its user identity authentication method |
| CN101232385A (en) * | 2007-01-22 | 2008-07-30 | 华为技术有限公司 | System and method for charging for microwave to switch in global intercommunication system |
| CN101401385A (en) * | 2006-01-31 | 2009-04-01 | 松下电器产业株式会社 | Method for personal network management across multiple operators |
-
2009
- 2009-06-12 CN CN2009100866249A patent/CN101925062A/en active Pending
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20080095129A1 (en) * | 2003-02-18 | 2008-04-24 | Cisco Technology, Inc. | Managing Network Service Access |
| CN101401385A (en) * | 2006-01-31 | 2009-04-01 | 松下电器产业株式会社 | Method for personal network management across multiple operators |
| CN101232385A (en) * | 2007-01-22 | 2008-07-30 | 华为技术有限公司 | System and method for charging for microwave to switch in global intercommunication system |
| CN101102542A (en) * | 2007-06-14 | 2008-01-09 | 中兴通讯股份有限公司 | A method and device for self-service account opening and charging of CDMA system |
| CN101222712A (en) * | 2008-02-02 | 2008-07-16 | 代邦(江西)制卡有限公司 | Mobile terminal supporting virtual SIM card and its user identity authentication method |
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103415010A (en) * | 2013-07-18 | 2013-11-27 | 中国联合网络通信集团有限公司 | D2D network authentication method and system |
| CN106162617A (en) * | 2015-04-27 | 2016-11-23 | 腾讯科技(深圳)有限公司 | Determine the method and device of terminal SIM ownership place |
| CN106162617B (en) * | 2015-04-27 | 2019-07-05 | 腾讯科技(深圳)有限公司 | Determine the method and device of terminal SIM card ownership place |
| CN106657154A (en) * | 2017-02-07 | 2017-05-10 | 中国联合网络通信集团有限公司 | Wireless access method and system, WiFi platform and operator number taking platform |
| CN106657154B (en) * | 2017-02-07 | 2021-05-18 | 中国联合网络通信集团有限公司 | Wireless access method, system, WiFi platform and operator number taking platform |
| CN114726572A (en) * | 2022-02-28 | 2022-07-08 | 南京第壹时间信息科技有限公司 | Access method and system of Internet equipment |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| EP0480833B1 (en) | Radio telephone installation with secure prepayment service | |
| EP1027806B1 (en) | Procedure for setting up a secure service connection in a telecommunication system | |
| US10051133B2 (en) | Systems, devices and methods for providing access to a distributed network | |
| US20050080634A1 (en) | Method and network element for paying by a mobile terminal through a communication network | |
| CN1792085B (en) | online charging in mobile network | |
| CN102142967B (en) | Multi-account-based online charge processing method, device and system | |
| CN106940856A (en) | Close method of payment and its system are exempted from based on vehicle-mounted payment authorization | |
| CN103617532A (en) | Offline payment and collection method and device for mobile terminals | |
| US20050175181A1 (en) | Method and system for access to data and/or communication networks via wireless access points, as well as a corresponding computer program and a corresponding computer-readable storage medium | |
| KR101316686B1 (en) | Card terminal, method for offline payment used card terminal | |
| JP2009524301A (en) | Wireless access to the Internet by prepaid users | |
| CN100561929C (en) | The wide band post-paid service implementation method | |
| US7313381B1 (en) | Sim based authentication as payment method in public ISP access networks | |
| CN103026659A (en) | Method and system for routing communications | |
| CN101925062A (en) | Network access method, device and system | |
| WO2019111063A1 (en) | Soft mining device and methods for digital currency coins | |
| US9344582B2 (en) | Terminal and mobile communication system | |
| CN100574209C (en) | A kind of System and method for of realizing mobile value-added safety service | |
| KR102055814B1 (en) | Method Of Authentication Using Location | |
| WO2014053161A1 (en) | Method of authorizing a financial transaction |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C12 | Rejection of a patent application after its publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20101222 |