[go: up one dir, main page]

CN101272387B - Method and terminal unit for launching re-authentication answering to network side equipment - Google Patents

Method and terminal unit for launching re-authentication answering to network side equipment Download PDF

Info

Publication number
CN101272387B
CN101272387B CN2008100946465A CN200810094646A CN101272387B CN 101272387 B CN101272387 B CN 101272387B CN 2008100946465 A CN2008100946465 A CN 2008100946465A CN 200810094646 A CN200810094646 A CN 200810094646A CN 101272387 B CN101272387 B CN 101272387B
Authority
CN
China
Prior art keywords
authentication
authentication request
side device
request response
network side
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Fee Related
Application number
CN2008100946465A
Other languages
Chinese (zh)
Other versions
CN101272387A (en
Inventor
汤昊
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Huawei Device Co Ltd
Original Assignee
Huawei Device Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Huawei Device Co Ltd filed Critical Huawei Device Co Ltd
Priority to CN2008100946465A priority Critical patent/CN101272387B/en
Publication of CN101272387A publication Critical patent/CN101272387A/en
Application granted granted Critical
Publication of CN101272387B publication Critical patent/CN101272387B/en
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Landscapes

  • Telephonic Communication Services (AREA)

Abstract

本发明涉及通信技术领域,公开应对网络侧设备发起重新鉴权的方法和终端设备。所述方法包括:接收来自网络侧设备的鉴权请求;若所述鉴权请求不是首次鉴权请求,则获取存储的鉴权信息;生成并向所述网络侧设备发送携带所述鉴权信息的鉴权请求响应。本发明实施例可以避免由于未对网络侧设备发起的重新鉴权请求进行响应而导致的数据连接中断问题,从而提升用户体验。

Figure 200810094646

The invention relates to the technical field of communication, and discloses a method and a terminal device for initiating re-authentication for a network side device. The method includes: receiving an authentication request from a network-side device; if the authentication request is not the first authentication request, obtaining stored authentication information; generating and sending an authentication message carrying the authentication information to the network-side device The authentication request response. The embodiment of the present invention can avoid the problem of data connection interruption caused by not responding to the re-authentication request initiated by the network side device, thereby improving user experience.

Figure 200810094646

Description

应对网络侧设备发起重新鉴权的方法和终端设备 Method and terminal equipment for re-authentication initiated by network side equipment

技术领域technical field

本发明涉及通信技术领域,尤其涉及应对网络侧设备发起重新鉴权的方法和终端设备。The present invention relates to the field of communication technology, in particular to a method and a terminal device for initiating re-authentication for a network side device.

背景技术Background technique

近年来,主机侧设备(如PC机等)通过终端设备(如手机等)进行上网等数据业务已经成为非常普遍的应用。在这一应用中,用户通常从主机侧设备发起拨号连接,并且针对来自网络侧设备的鉴权请求,通过终端设备将鉴权信息发送到网络侧设备,网络侧设备根据所接收的鉴权信息进行鉴权,若鉴权成功,则建立相应的数据业务连接,主机侧设备通过该数据业务连接即可以接入到互联网中;在建立数据业务连接之后,若在一定时间内没有流量,主机侧设备或网络侧设备会发起进入休眠态,在进入休眠态之后,所建立的数据业务连接被继续保持,而业务信道则被数据业务释放,当需要进行上网等数据操作时,数据业务则重新占据业务信道。In recent years, it has become a very common application for a host-side device (such as a PC, etc.) to perform data services such as Internet access through a terminal device (such as a mobile phone, etc.). In this application, the user usually initiates a dial-up connection from the host-side device, and sends authentication information to the network-side device through the terminal device for the authentication request from the network-side device, and the network-side device Perform authentication, if the authentication is successful, establish a corresponding data service connection, and the host side device can access the Internet through the data service connection; after the data service connection is established, if there is no traffic within a certain period of time, the host side device The device or the network side device will initiate to enter the dormant state. After entering the dormant state, the established data service connection will continue to be maintained, and the service channel will be released by the data service. When data operations such as Internet access are required, the data service will be occupied again. traffic channel.

在有的运营商网络环境下,网络侧设备在建立数据业务连接之后,若检测到主机侧设备的IP地址异常,则会发起对主机侧设备的重新鉴权,在上述现有技术方案中,主机侧设备并不会对网络侧设备发起的重新鉴权进行响应,而网络侧设备在重新鉴权请求得不到响应时,可能会中断数据业务连接,这时,用户如果要继续上网操作,则需要重新发起拨号连接。In some carrier network environments, after the network-side device establishes a data service connection, if it detects that the IP address of the host-side device is abnormal, it will initiate re-authentication of the host-side device. In the above-mentioned prior art solution, The host-side device will not respond to the re-authentication initiated by the network-side device, and the network-side device may interrupt the data service connection when the re-authentication request is not responded to. At this time, if the user wants to continue surfing the Internet, You need to re-initiate the dial-up connection.

发明内容Contents of the invention

本发明实施例要解决的技术问题是提供应对网络侧设备发起重新鉴权的方法和终端设备,可以在网络侧设备发起重新鉴权时,避免用户重新发起拨号连接,从而提升用户体验。The technical problem to be solved by the embodiments of the present invention is to provide a method and a terminal device for re-authentication initiated by a network-side device, which can prevent the user from re-initiating a dial-up connection when the network-side device initiates a re-authentication, thereby improving user experience.

为解决上述技术问题,本发明的实施例提供以下技术方案:In order to solve the above technical problems, embodiments of the present invention provide the following technical solutions:

一种应对网络侧设备发起重新鉴权的方法,包括:A method for responding to re-authentication initiated by a network-side device, including:

接收来自网络侧设备的鉴权请求;receiving an authentication request from a network side device;

若所述鉴权请求不是首次鉴权请求,则获取存储的鉴权信息;If the authentication request is not the first authentication request, acquiring stored authentication information;

生成并向所述网络侧设备发送携带所述鉴权信息的鉴权请求响应。Generate and send an authentication request response carrying the authentication information to the network side device.

一种终端设备,包括:A terminal device comprising:

鉴权请求接收单元,用于接收来自网络侧设备的鉴权请求;An authentication request receiving unit, configured to receive an authentication request from a network side device;

判断单元,用于判断所述鉴权请求是否为首次鉴权请求;A judging unit, configured to judge whether the authentication request is the first authentication request;

鉴权信息获取单元,用于在所述判断的结果为否时,获取所存储的鉴权信息;An authentication information acquiring unit, configured to acquire the stored authentication information when the result of the judgment is No;

鉴权请求响应生成单元,用于在所述判断的结果为否时,生成并向所述网络侧设备发送携带所述鉴权信息的鉴权请求响应。An authentication request response generating unit, configured to generate and send an authentication request response carrying the authentication information to the network side device when the result of the judgment is negative.

从以上技术方案可以看出,本发明实施例中,在终端设备上预先存储鉴权信息,当网络侧设备发起重新鉴权时,终端设备向网络侧设备发送携带所存储的鉴权信息的鉴权请求响应,这样,网络侧设备发起的重新鉴权能够得到响应,从而可以避免由于未对网络侧设备发起的重新鉴权请求进行响应而导致的数据连接中断问题,从而提升用户体验。It can be seen from the above technical solutions that in the embodiment of the present invention, the authentication information is pre-stored on the terminal device, and when the network-side device initiates re-authentication, the terminal device sends an authentication message carrying the stored authentication information to the network-side device. Request a response, so that the re-authentication initiated by the network-side device can be responded, so that the data connection interruption problem caused by not responding to the re-authentication request initiated by the network-side device can be avoided, thereby improving user experience.

附图说明Description of drawings

图1是本发明实施例应对网络侧设备发起重新鉴权的方法实施例一的流程图;FIG. 1 is a flow chart of Embodiment 1 of a method for initiating re-authentication for a network-side device according to an embodiment of the present invention;

图2是本发明实施例应对网络侧设备发起重新鉴权的方法实施例二的流程图;FIG. 2 is a flow chart of Embodiment 2 of a method for initiating re-authentication for a network-side device according to an embodiment of the present invention;

图3是本发明终端设备实施例一的结构图;FIG. 3 is a structural diagram of Embodiment 1 of a terminal device of the present invention;

图4是本发明终端设备实施例二的结构图;FIG. 4 is a structural diagram of Embodiment 2 of the terminal device of the present invention;

图5是本发明终端设备实施例三的结构图。FIG. 5 is a structural diagram of Embodiment 3 of a terminal device according to the present invention.

具体实施方式Detailed ways

下面结合附图,对本发明实施例提供的应对网络侧设备发起重新鉴权的方法和终端设备的推荐实施例进行详细描述。The method for initiating re-authentication for a network-side device provided by the embodiments of the present invention and recommended embodiments of a terminal device will be described in detail below with reference to the accompanying drawings.

本发明应对网络侧设备发起重新鉴权的方法实施例一;本实施例给出本发明应对网络侧设备发起重新鉴权的方法的基本流程,参考图1,本实施例方法包括以下流程:Embodiment 1 of the method for initiating re-authentication for network-side devices in the present invention; this embodiment provides the basic flow of the method for initiating re-authentication for network-side devices in the present invention. Referring to Figure 1, the method in this embodiment includes the following process:

A1、接收来自网络侧设备的鉴权请求。A1. Receive an authentication request from a network side device.

A2、若所述鉴权请求不是首次鉴权请求,则获取存储的鉴权信息。A2. If the authentication request is not the first authentication request, obtain stored authentication information.

其中,所存储的鉴权信息可以是在首次鉴权时所获得的,也可以是针对市场、运营商的定制需求等,在制作终端设备的软件版本时,直接记录在终端设备里的,所述鉴权信息可以是鉴权帐号和密码。Wherein, the stored authentication information may be obtained during the first authentication, or it may be directly recorded in the terminal device when making a software version of the terminal device according to market and operator's customization requirements, the said The authentication information may be an authentication account number and password.

A3、生成并向网络侧设备发送携带所述鉴权信息的鉴权请求响应。A3. Generate and send an authentication request response carrying the authentication information to the network side device.

本发明实施例中,在终端设备上预先存储鉴权信息,当网络侧设备发起重新鉴权时,终端设备向网络侧设备发送携带所存储的鉴权信息的鉴权请求响应,这样,网络侧设备发起的重新鉴权能够得到响应,从而可以避免由于未对网络侧设备发起的重新鉴权请求进行响应而导致的数据连接中断问题,从而提升用户体验。In the embodiment of the present invention, the authentication information is pre-stored on the terminal device. When the network-side device initiates re-authentication, the terminal device sends an authentication request response carrying the stored authentication information to the network-side device. In this way, the network-side device The initiated re-authentication can be responded, so that the data connection interruption problem caused by not responding to the re-authentication request initiated by the network side device can be avoided, thereby improving user experience.

本发明应对网络侧设备发起重新鉴权的方法实施例二;参考图2,本实施例方法包括以下流程:Embodiment 2 of the method for re-authentication initiated by the network side device in the present invention; referring to FIG. 2 , the method of this embodiment includes the following process:

B1、终端设备接收来自网络侧设备的鉴权请求。B1. The terminal device receives the authentication request from the network side device.

终端设备接收的鉴权请求可以是网络侧设备根据主机侧设备发起的拨号连接请求所发送的首次鉴权请求,也可以是网络侧设备在对主机侧设备的首次鉴权通过以后,所发送的重新鉴权请求。The authentication request received by the terminal device can be the first authentication request sent by the network side device according to the dial-up connection request initiated by the host side device, or it can be sent by the network side device after the first authentication of the host side device is passed. Re-authentication request.

B2、终端设备判断所接收的鉴权请求是否为首次鉴权请求,若是,则执行步骤B3;若否,则执行步骤B8。B2. The terminal device judges whether the received authentication request is the first authentication request, if yes, execute step B3; if not, execute step B8.

本实施例中,终端设备中的鉴权信息是首次鉴权时获得的,因此终端设备可以通过判断本地是否存储有鉴权信息来判断所接收的鉴权请求是否为首次鉴权请求,若本地存储有鉴权信息,则所接收的鉴权请求不是首次鉴权请求,若本地没有存储鉴权信息,则所接收的鉴权请求是首次鉴权请求。In this embodiment, the authentication information in the terminal device is obtained during the first authentication, so the terminal device can judge whether the received authentication request is the first authentication request by judging whether the authentication information is stored locally. If there is authentication information, the received authentication request is not the first authentication request; if no authentication information is stored locally, the received authentication request is the first authentication request.

B3、所述终端设备向主机侧设备转发所述首次鉴权请求。B3. The terminal device forwards the first authentication request to the host-side device.

B4、主机侧设备在接收所述首次鉴权请求后,向终端设备发送携带鉴权信息的首次鉴权请求响应。B4. After receiving the first-time authentication request, the host-side device sends a first-time authentication request response carrying authentication information to the terminal device.

所述鉴权信息可以是鉴权帐号和密码。The authentication information may be an authentication account number and password.

B5、终端设备对所述首次鉴权请求响应进行解析,获得并存储其中携带的鉴权信息;另一方面,向网络侧设备转发所述首次鉴权请求响应。B5. The terminal device parses the first-time authentication request response, obtains and stores the authentication information carried therein; on the other hand, forwards the first-time authentication request response to the network side device.

B6、网络侧设备对所接收的首次鉴权请求响应进行解析,获得其中携带的鉴权信息,并根据所获得的鉴权信息进行鉴权,若鉴权成功,则建立数据业务连接。B6. The network side device parses the received first authentication request response, obtains the authentication information carried therein, and performs authentication according to the obtained authentication information, and establishes a data service connection if the authentication is successful.

当鉴权信息是鉴权帐号和密码时,网络侧设备可以根据鉴权帐号,从数据库中获得与该鉴权帐号对应的密码,并将从数据库中获得的密码与解析获得的密码进行比较,若两者匹配,则鉴权成功,否则,鉴权失败。When the authentication information is an authentication account number and a password, the network side device can obtain the password corresponding to the authentication account from the database according to the authentication account number, and compare the password obtained from the database with the password obtained by parsing, If the two match, the authentication is successful; otherwise, the authentication fails.

由于直接使用鉴权帐号和明文密码进行鉴权的安全性和可靠性较低,在本发明实施例中,还可以使用进行加密处理的鉴权信息进行鉴权,所述进行加密处理的鉴权信息例如可以是鉴权帐号、MD5摘要值和当前生成的随机数,所述MD5摘要值可以是将密码和所述当前生成的随机数进行Hash处理所得到的。网络侧设备解析获得首次鉴权请求响应中的鉴权信息后,根据鉴权帐号从数据库中获得与该鉴权帐号对应的密码,将从数据库中获得的密码和解析获得的鉴权信息中的随机数进行同样的Hash处理得到MD5摘要值,再将进行Hash处理得到的MD5摘要值和解析获得的鉴权信息中的MD5摘要值进行比较,若两者匹配,则鉴权成功,否则,鉴权失败。Since the security and reliability of directly using the authentication account number and plaintext password for authentication is relatively low, in the embodiment of the present invention, the authentication information that is encrypted can also be used for authentication, and the authentication information that is encrypted The information may be, for example, an authentication account, an MD5 digest value, and a currently generated random number, and the MD5 digest value may be obtained by hashing a password and the currently generated random number. After the network side device analyzes and obtains the authentication information in the first authentication request response, it obtains the password corresponding to the authentication account from the database according to the authentication account, and combines the password obtained from the database with the authentication information obtained by the analysis. The random number is subjected to the same Hash processing to obtain the MD5 digest value, and then the MD5 digest value obtained by the Hash processing is compared with the MD5 digest value in the authentication information obtained by parsing. If the two match, the authentication is successful, otherwise, the authentication right failed.

B7、网络侧设备向终端设备发送重新鉴权请求;继续执行B1。B7. The network side device sends a re-authentication request to the terminal device; continue to execute B1.

网络侧设备可以周期性的向终端设备发送重新鉴权请求,也可以在检测到主机侧设备的IP地址异常时向终端设备发送重新鉴权请求。The network-side device may periodically send a re-authentication request to the terminal device, or may send a re-authentication request to the terminal device when it detects that the IP address of the host-side device is abnormal.

B8、终端设备获取所存储的鉴权信息,生成并向网络侧设备发送携带所述鉴权信息的鉴权请求响应。B8. The terminal device acquires the stored authentication information, generates and sends an authentication request response carrying the authentication information to the network side device.

终端设备所存储的鉴权信息是对主机侧设备发送的首次鉴权请求响应进行解析后所获得的。The authentication information stored by the terminal device is obtained after parsing the first authentication request response sent by the host-side device.

B9、网络侧设备判断是否在预定的时间内接收到鉴权请求响应,若是,则执行B10;若否,则中断已建立的数据业务连接,结束流程。B9. The network side device judges whether the authentication request response is received within the predetermined time, if yes, execute B10; if not, interrupt the established data service connection, and end the process.

B10、网络侧设备对所接收的鉴权请求响应进行解析,获得其中携带的鉴权信息,并根据所获得的鉴权信息进行鉴权,若鉴权成功,则继续保持数据业务连接,执行B11;否则,中断已建立的数据业务连接,结束流程。B10. The network side device parses the received authentication request response, obtains the authentication information carried in it, and performs authentication according to the obtained authentication information. If the authentication is successful, continue to maintain the data service connection and execute B11 ; Otherwise, interrupt the established data service connection and end the process.

B11、网络侧设备向终端设备发送重新鉴权请求。B11. The network side device sends a re-authentication request to the terminal device.

网络侧设备可以周期性的向终端设备发送重新鉴权请求,也可以在检测到主机侧设备的IP地址异常时向终端设备发送重新鉴权请求。The network-side device may periodically send a re-authentication request to the terminal device, or may send a re-authentication request to the terminal device when it detects that the IP address of the host-side device is abnormal.

本发明应对网络侧设备发起重新鉴权的方法实施例三;本实施例给出本发明应对网络侧设备发起重新鉴权的方法的一种详细实施方式,本实施例方法包括以下流程:Embodiment 3 of the method for initiating re-authentication for network-side devices in the present invention; this embodiment provides a detailed implementation of the method for initiating re-authentication for network-side devices in the present invention. The method in this embodiment includes the following process:

C1、终端设备接收来自网络侧设备的点对点协议(Point-to-Point Protocol,简称PPP)包。C1. The terminal device receives a Point-to-Point Protocol (PPP for short) packet from the network side device.

C2、所述终端设备判断所述PPP包的协议字段是否为PPP挑战握手认证协议(Challenge-Handshake Authentication Protocol,简称CHAP)鉴权包,若是,则执行C3;若否,则结束本方法流程。C2, the terminal device judges whether the protocol field of the PPP packet is a PPP Challenge-Handshake Authentication Protocol (Challenge-Handshake Authentication Protocol, CHAP for short) authentication packet, if so, then execute C3; if not, then end the process of this method.

C3、所述终端设备进一步判断本次接收的鉴权包是否为首次鉴权请求,若是,则执行步骤C4;若本次接收的鉴权包是鉴权请求但不是首次鉴权请求,则执行步骤C9。C3. The terminal device further judges whether the authentication packet received this time is an authentication request for the first time, and if so, execute step C4; if the authentication packet received this time is an authentication request but not the first authentication request, execute Step C9.

若终端设备接收的PPP CHAP鉴权包的类型为CHAP挑战(CHALLENGE),且本地没有存储鉴权信息,则所接收的鉴权包是首次鉴权请求。If the type of the PPP CHAP authentication packet received by the terminal device is a CHAP challenge (CHALLENGE), and the authentication information is not stored locally, the received authentication packet is the first authentication request.

若终端设备接收的PPP CHAP鉴权包的类型为CHAP挑战(CHALLENGE),但本地存储鉴权信息,则所接收的鉴权包是鉴权请求但不是首次鉴权请求。If the type of the PPP CHAP authentication packet received by the terminal device is a CHAP challenge (CHALLENGE), but the authentication information is stored locally, then the received authentication packet is an authentication request but not the first authentication request.

C4、所述终端设备向主机侧设备转发所述CHAP挑战类型的PPP CHAP鉴权包。C4. The terminal device forwards the PPP CHAP authentication packet of the CHAP challenge type to the host-side device.

C5、所述主机侧设备在接收所述CHAP挑战类型的PPP CHAP鉴权包后,向所述终端设备发送CHAP响应(RESPONSE)类型的PPP CHAP鉴权包,其中携带鉴权信息。C5. After receiving the PPP CHAP authentication packet of the CHAP challenge type, the host side device sends a CHAP response (RESPONSE) type PPP CHAP authentication packet to the terminal device, which carries authentication information.

其中,所述鉴权信息可以是鉴权帐号和密码。Wherein, the authentication information may be an authentication account number and password.

C6、所述终端设备判断所接收的PPP CHAP鉴权包的类型是否为CHAP响应,若是,则从所述PPP CHAP鉴权包中获得其中携带的鉴权信息后进行存储;另一方面,向所述网络侧设备转发所接收的CHAP响应类型的PPPCHAP鉴权包。C6, the terminal device judges whether the type of the received PPP CHAP authentication packet is a CHAP response, if so, then obtains the authentication information carried therein from the PPP CHAP authentication packet and then stores it; on the other hand, to The network side device forwards the received PPPCHAP authentication packet of the CHAP response type.

C7、所述网络侧设备对所接收的CHAP响应类型的PPP CHAP鉴权包进行解析,获得其中携带的鉴权信息,并根据所获得的鉴权信息进行鉴权,若鉴权成功,则建立数据业务连接。C7. The network side device parses the received PPP CHAP authentication packet of the CHAP response type, obtains the authentication information carried therein, and performs authentication according to the obtained authentication information. If the authentication is successful, the establishment Data business connection.

当鉴权信息是鉴权帐号和密码时,网络侧设备可以根据鉴权帐号,从数据库中获得与该鉴权帐号对应的密码,并将从数据库中获得的密码与解析获得的密码进行比较,若两者匹配,则鉴权成功,否则,鉴权失败。When the authentication information is an authentication account number and a password, the network side device can obtain the password corresponding to the authentication account from the database according to the authentication account number, and compare the password obtained from the database with the password obtained by parsing, If the two match, the authentication is successful; otherwise, the authentication fails.

C8、网络侧设备检测到主机侧设备的IP地址是否异常,是则向所述终端设备重新发送CHAP挑战类型的PPP CHAP鉴权包,继续执行C1;否则继续执行C8。C8. Whether the network side device detects that the IP address of the host side device is abnormal, if so, resends the PPP CHAP authentication packet of the CHAP challenge type to the terminal device, and continues to execute C1; otherwise, continues to execute C8.

C9、所述终端设备获取所存储的鉴权信息,生成并向所述网络侧设备发送CHAP响应类型的PPP CHAP鉴权包,其中携带所述鉴权信息。C9. The terminal device obtains the stored authentication information, generates and sends a CHAP response type PPP CHAP authentication packet to the network side device, which carries the authentication information.

C10、所述网络侧设备判断是否在预定的时间内接收到CHAP响应类型的PPP CHAP鉴权包,若是,则执行C11;若否,则中断已建立的数据业务连接,结束流程。C10, the network side device judges whether the PPP CHAP authentication packet of the CHAP response type is received within a predetermined time, if so, then execute C11; if not, then interrupt the established data service connection, and end the process.

C11、所述网络侧设备对所接收的CHAP响应类型的PPP CHAP鉴权包进行解析,获得其中携带的鉴权信息,并根据所获得的鉴权信息进行鉴权,若鉴权成功,则继续保持数据业务连接;否则,中断已建立的数据业务连接。C11. The network side device analyzes the received PPP CHAP authentication packet of the CHAP response type, obtains the authentication information carried therein, and performs authentication according to the obtained authentication information. If the authentication is successful, continue Keep the data service connection; otherwise, interrupt the established data service connection.

本发明应对网络侧设备发起重新鉴权的方法实施例四;本实施例方法包括以下流程:Embodiment 4 of the method for initiating re-authentication for network-side devices in the present invention; the method of this embodiment includes the following procedures:

D1、终端设备接收来自网络侧设备的鉴权请求。D1. The terminal device receives the authentication request from the network side device.

终端设备接收的鉴权请求可以是网络侧设备根据主机侧设备发起的拨号连接请求所发送的首次鉴权请求,也可以是网络侧设备在对主机侧设备的首次鉴权通过以后,所发送的重新鉴权请求。The authentication request received by the terminal device can be the first authentication request sent by the network side device according to the dial-up connection request initiated by the host side device, or it can be sent by the network side device after the first authentication of the host side device is passed. Re-authentication request.

D2、终端设备判断所接收的鉴权请求是否为首次鉴权请求,若是,则执行步骤D3;若否,则执行步骤D8。D2. The terminal device judges whether the received authentication request is the first authentication request, if yes, execute step D3; if not, execute step D8.

本实施例中,可以在终端设备中维护一个表示是否为首次鉴权请求的鉴权标志,终端设备可以根据该鉴权标志来判断所接收的鉴权请求是否为首次鉴权请求,若鉴权标志为已进行首次鉴权,则所接收的鉴权请求不是首次鉴权请求,若鉴权标志为未进行首次鉴权,则所接收的鉴权请求是首次鉴权请求。In this embodiment, an authentication flag indicating whether it is the first authentication request can be maintained in the terminal device, and the terminal device can judge whether the received authentication request is the first authentication request according to the authentication flag. If the flag indicates that the first authentication has been performed, the received authentication request is not the first authentication request; if the authentication flag indicates that the first authentication has not been performed, the received authentication request is the first authentication request.

D3、所述终端设备向主机侧设备转发所述首次鉴权请求。D3. The terminal device forwards the first authentication request to the host-side device.

D4、主机侧设备在接收所述首次鉴权请求后,向终端设备发送携带鉴权信息的首次鉴权请求响应。D4. After receiving the first-time authentication request, the host-side device sends a first-time authentication request response carrying authentication information to the terminal device.

所述鉴权信息可以是鉴权帐号和密码。The authentication information may be an authentication account number and password.

D5、终端设备向网络侧设备转发所述首次鉴权请求响应。D5. The terminal device forwards the first authentication request response to the network side device.

D6、网络侧设备对所接收的首次鉴权请求响应进行解析,获得其中携带的鉴权信息,并根据所获得的鉴权信息进行鉴权,若鉴权成功,则建立数据业务连接。D6. The network side device parses the received first authentication request response, obtains the authentication information carried therein, and performs authentication according to the obtained authentication information, and establishes a data service connection if the authentication is successful.

当鉴权信息是鉴权帐号和密码时,网络侧设备可以根据鉴权帐号,从数据库中获得与该鉴权帐号对应的密码,并将从数据库中获得的密码与解析获得的密码进行比较,若两者匹配,则鉴权成功,否则,鉴权失败。When the authentication information is an authentication account number and a password, the network side device can obtain the password corresponding to the authentication account from the database according to the authentication account number, and compare the password obtained from the database with the password obtained by parsing, If the two match, the authentication is successful; otherwise, the authentication fails.

由于直接使用鉴权帐号和明文密码进行鉴权的安全性和可靠性较低,在本发明实施例中,还可以使用进行加密处理的鉴权信息进行鉴权,所述进行加密处理的鉴权信息例如可以是鉴权帐号、MD5摘要值和当前生成的随机数,所述MD5摘要值可以是将密码和所述当前生成的随机数进行Hash处理所得到的。网络侧设备解析获得首次鉴权请求响应中的鉴权信息后,根据鉴权帐号从数据库中获得与该鉴权帐号对应的密码,将从数据库中获得的密码和解析获得的鉴权信息中的随机数进行同样的Hash处理得到MD5摘要值,再将进行Hash处理得到的MD5摘要值和解析获得的鉴权信息中的MD5摘要值进行比较,若两者匹配,则鉴权成功,否则,鉴权失败。Since the security and reliability of directly using the authentication account number and plaintext password for authentication is relatively low, in the embodiment of the present invention, the authentication information that is encrypted can also be used for authentication, and the authentication information that is encrypted The information may be, for example, an authentication account, an MD5 digest value, and a currently generated random number, and the MD5 digest value may be obtained by hashing a password and the currently generated random number. After the network side device analyzes and obtains the authentication information in the first authentication request response, it obtains the password corresponding to the authentication account from the database according to the authentication account, and combines the password obtained from the database with the authentication information obtained by the analysis. The random number is subjected to the same Hash processing to obtain the MD5 digest value, and then the MD5 digest value obtained by the Hash processing is compared with the MD5 digest value in the authentication information obtained by parsing. If the two match, the authentication is successful, otherwise, the authentication right failed.

D7、网络侧设备检测主机侧设备的IP地址是否异常,是则向终端设备发送重新鉴权请求,继续执行D1;否则执行D7。D7. The network-side device detects whether the IP address of the host-side device is abnormal, and if so, sends a re-authentication request to the terminal device, and continues to execute D1; otherwise, executes D7.

网络侧设备可以周期性的向终端设备发送重新鉴权请求。The network side device may periodically send a re-authentication request to the terminal device.

D8、终端设备获取预先在本地存储的鉴权信息,生成并向网络侧设备发送携带所述鉴权信息的鉴权请求响应。D8. The terminal device obtains the pre-stored authentication information locally, generates and sends an authentication request response carrying the authentication information to the network side device.

本实施例中,在制作终端设备的软件版本时,预先在终端设备中记录鉴权信息,因此终端设备在接收到首次鉴权请求响应时并不存储其中的鉴权信息,在后续再次收到鉴权请求时,获取预先在本地存储的鉴权信息,生成鉴权请求响应。终端设备本地存储的鉴权信息可以是对针对市场、运营商的定制需求等。In this embodiment, when making the software version of the terminal device, the authentication information is recorded in the terminal device in advance, so the terminal device does not store the authentication information when it receives the first authentication request response, and receives it again later. When an authentication request is made, the authentication information stored locally in advance is obtained, and an authentication request response is generated. The authentication information locally stored in the terminal device may be customized requirements for markets and operators, and the like.

D9、网络侧设备判断是否在预定的时间内接收到鉴权请求响应,若是,则执行D10;若否,则中断已建立的数据业务连接,结束流程。D9. The network side device judges whether the authentication request response is received within the predetermined time, if yes, execute D10; if not, interrupt the established data service connection, and end the process.

D10、网络侧设备对所接收的鉴权请求响应进行解析,获得其中携带的鉴权信息,并根据所获得的鉴权信息进行鉴权,若鉴权成功,则继续保持数据业务连接,执行D11;否则,中断已建立的数据业务连接,结束流程。D10. The network side device analyzes the received authentication request response, obtains the authentication information carried in it, and performs authentication according to the obtained authentication information. If the authentication is successful, continue to maintain the data service connection and execute D11 ; Otherwise, interrupt the established data service connection and end the process.

D11、网络侧设备检测主机侧设备的IP地址是否异常,是则向终端设备发送重新鉴权请求,继续执行D1;否则继续执行D11。D11. The network-side device detects whether the IP address of the host-side device is abnormal, and if so, sends a re-authentication request to the terminal device, and proceeds to D1; otherwise, proceeds to D11.

在本发明更多实施例中,网络侧设备也可以在向终端设备发送的鉴权请求中携带表示是否为首次鉴权请求的鉴权标志,终端设备根据该鉴权标志来判断所接收的鉴权请求是否为首次鉴权请求。In more embodiments of the present invention, the network side device may also carry an authentication flag indicating whether it is the first authentication request in the authentication request sent to the terminal device, and the terminal device judges the received authentication request according to the authentication flag. Whether the authorization request is the first authentication request.

本领域普通技术人员可以理解实现上述实施例方法中的全部或部分步骤是可以通过程序来指令相关的硬件来完成,所述的程序可以存储于计算机可读取存储介质中,该程序在执行时,可以包括如下步骤:接收来自网络侧设备的鉴权请求;若所述鉴权请求不是首次鉴权请求,则获取所存储的鉴权信息;生成并向所述网络侧设备发送携带所述鉴权信息的鉴权请求响应。这里所称得的存储介质,如:ROM/RAM、磁碟、光盘等。Those of ordinary skill in the art can understand that all or part of the steps in the method of the above-mentioned embodiments can be completed by instructing related hardware through a program, and the program can be stored in a computer-readable storage medium, and the program can be executed when executed , may include the following steps: receiving an authentication request from a network-side device; if the authentication request is not the first authentication request, obtaining stored authentication information; generating and sending a message carrying the authentication to the network-side device; Authentication request response for authorization information. The storage medium referred to here, such as: ROM/RAM, magnetic disk, optical disk, etc.

本发明终端设备的实施例一,参考图3,所述终端设备包括鉴权请求接收单元310、判断单元320、鉴权信息获取单元330和鉴权请求响应生成单元340:Embodiment 1 of the terminal device of the present invention, referring to FIG. 3 , the terminal device includes an authentication request receiving unit 310, a judging unit 320, an authentication information obtaining unit 330, and an authentication request response generating unit 340:

鉴权请求接收单元310,用于接收来自网络侧设备的鉴权请求。An authentication request receiving unit 310, configured to receive an authentication request from a network side device.

判断单元320,用于判断所述鉴权请求是否为首次鉴权请求。A judging unit 320, configured to judge whether the authentication request is a first-time authentication request.

鉴权信息获取单元330,用于在所述判断的结果为否时,获取所存储的鉴权信息。The authentication information obtaining unit 330 is configured to obtain the stored authentication information when the result of the determination is negative.

鉴权请求响应生成单元340,用于在所述判断的结果为否时,生成并向网络侧设备发送携带所述鉴权信息的鉴权请求响应。The authentication request response generation unit 340 is configured to generate and send an authentication request response carrying the authentication information to the network side device when the result of the judgment is negative.

本发明终端设备的实施例二,参考图4,所述终端设备包括鉴权请求接收单元410、判断单元420、鉴权信息获取单元430、鉴权请求响应生成单元440、鉴权请求转发单元450、首次鉴权请求响应接收单元460和鉴权请求响应转发单元470:Embodiment 2 of the terminal device of the present invention, referring to FIG. 4 , the terminal device includes an authentication request receiving unit 410, a judging unit 420, an authentication information obtaining unit 430, an authentication request response generating unit 440, and an authentication request forwarding unit 450 , the first authentication request response receiving unit 460 and the authentication request response forwarding unit 470:

鉴权请求接收单元410,用于接收来自网络侧设备的鉴权请求。An authentication request receiving unit 410, configured to receive an authentication request from a network side device.

判断单元420,用于判断所述鉴权请求是否为首次鉴权请求。A judging unit 420, configured to judge whether the authentication request is a first-time authentication request.

鉴权信息获取单元430,用于在所述判断的结果为否时,获取所存储的鉴权信息。The authentication information obtaining unit 430 is configured to obtain the stored authentication information when the result of the determination is negative.

其中,所存储的鉴权信息可以是对针对市场、运营商的定制需求等,在制作终端设备的软件版本时,直接记录在终端设备里的。Wherein, the stored authentication information may be directly recorded in the terminal device when the software version of the terminal device is produced according to the customization requirements of the market and the operator.

鉴权请求响应生成单元440,用于在所述判断的结果为否时,生成并向网络侧设备发送携带所述鉴权信息的鉴权请求响应。The authentication request response generation unit 440 is configured to generate and send an authentication request response carrying the authentication information to the network side device when the result of the determination is negative.

鉴权请求转发单元450,用于在所述判断的结果为是时,向主机侧设备转发所述首次鉴权请求。The authentication request forwarding unit 450 is configured to forward the first authentication request to the host side device when the judgment result is yes.

首次鉴权请求响应接收单元460,用于接收来自主机侧设备的首次鉴权请求响应,其中携带鉴权信息。The first authentication request response receiving unit 460 is configured to receive the first authentication request response from the host device, which carries authentication information.

鉴权请求响应转发单元470,用于向所述网络侧设备发送所述首次鉴权请求响应。An authentication request response forwarding unit 470, configured to send the first authentication request response to the network side device.

本实施例可以采用应对网络侧设备发起重新鉴权的方法实施例四的方法实现。This embodiment can be implemented by using the method in Embodiment 4 of the method for initiating re-authentication by a network-side device.

本发明终端设备的实施例三,参考图5,所述终端设备包括鉴权请求接收单元510、判断单元520、鉴权请求转发单元530、首次鉴权请求响应接收单元540、鉴权请求响应转发单元550、解析单元560、鉴权信息获取单元570和鉴权请求响应生成单元580:Embodiment 3 of the terminal device of the present invention, referring to FIG. 5 , the terminal device includes an authentication request receiving unit 510, a judging unit 520, an authentication request forwarding unit 530, a first authentication request response receiving unit 540, an authentication request response forwarding unit Unit 550, analysis unit 560, authentication information acquisition unit 570 and authentication request response generation unit 580:

鉴权请求接收单元510,用于接收来自网络侧设备的鉴权请求。An authentication request receiving unit 510, configured to receive an authentication request from a network side device.

判断单元520,用于判断所述鉴权请求是否为首次鉴权请求。A judging unit 520, configured to judge whether the authentication request is a first-time authentication request.

鉴权请求转发单元530,用于在所述判断的结果为是时,向主机侧设备转发所述首次鉴权请求。The authentication request forwarding unit 530 is configured to forward the first authentication request to the host-side device when the judgment result is yes.

首次鉴权请求响应接收单元540,用于接收来自主机侧设备的首次鉴权请求响应,其中携带鉴权信息。The first authentication request response receiving unit 540 is configured to receive the first authentication request response from the host device, which carries authentication information.

鉴权请求响应转发单元550,用于向所述网络侧设备发送所述首次鉴权请求响应。An authentication request response forwarding unit 550, configured to send the first authentication request response to the network side device.

解析单元560,用于对首次鉴权请求响应接收单元540接收的首次鉴权请求响应进行解析,获得并存储其中携带的鉴权信息。The parsing unit 560 is configured to parse the first authentication request response received by the first authentication request response receiving unit 540, and obtain and store the authentication information carried therein.

鉴权信息获取单元570,用于在所述判断的结果为否时,获取解析单元560所存储的鉴权信息。The authentication information acquiring unit 570 is configured to acquire the authentication information stored in the parsing unit 560 when the result of the determination is negative.

鉴权请求响应生成单元580,用于在所述判断的结果为否时,生成并向网络侧设备发送携带所述鉴权信息的鉴权请求响应。The authentication request response generation unit 580 is configured to generate and send an authentication request response carrying the authentication information to the network side device when the result of the determination is negative.

本实施例可以采用应对网络侧设备发起重新鉴权的方法实施例二或三的方法实现。This embodiment can be implemented by using the method in Embodiment 2 or 3 of the method for initiating re-authentication by a network-side device.

本发明实施例中,在终端设备上预先存储鉴权信息,当网络侧设备发起重新鉴权时,终端设备向网络侧设备发送携带所存储的鉴权信息的鉴权请求响应,这样,网络侧设备发起的重新鉴权能够得到响应,从而可以避免由于未对网络侧设备发起的重新鉴权请求进行响应而导致的数据连接中断问题,从而提升用户体验。In the embodiment of the present invention, the authentication information is pre-stored on the terminal device. When the network-side device initiates re-authentication, the terminal device sends an authentication request response carrying the stored authentication information to the network-side device. In this way, the network-side device The initiated re-authentication can be responded, so that the data connection interruption problem caused by not responding to the re-authentication request initiated by the network side device can be avoided, thereby improving user experience.

以上对本发明实施例所提供的应对网络侧设备发起重新鉴权的方法和终端设备进行了详细介绍,本文中应用了具体个例对本发明的原理及实施方式进行了阐述,以上实施例的说明只是用于帮助理解本发明的方法及其思想;同时,对于本领域的一般技术人员,依据本发明的思想,在具体实施方式及应用范围上均会有改变之处,综上所述,本说明书内容不应理解为对本发明的限制。The method for initiating re-authentication of the network-side device and the terminal device provided by the embodiment of the present invention are described above in detail. In this paper, specific examples are used to illustrate the principle and implementation of the present invention. The description of the above embodiment is only It is used to help understand the method and idea of the present invention; at the same time, for those of ordinary skill in the art, according to the idea of the present invention, there will be changes in the specific implementation and scope of application. In summary, this specification The content should not be construed as a limitation of the invention.

Claims (10)

1. A method for initiating re-authentication to a network side device is characterized by comprising the following steps:
receiving an authentication request from network side equipment;
judging whether authentication information is stored or not, if so, judging that the authentication request is not a first authentication request, and if not, judging that the received authentication request is a first authentication request; or,
judging whether the authentication mark is the first authentication, if so, judging that the received authentication request is not the first authentication request, and if not, judging that the received authentication request is the first authentication request;
if the authentication request is not the first authentication request, acquiring stored authentication information;
and generating and sending an authentication request response carrying the authentication information to the network side equipment.
2. The method as claimed in claim 1, wherein said generating and sending an authentication request response carrying said authentication information to said network side device further comprises:
if the network side equipment receives the authentication request response within the preset time, analyzing the received authentication request response to obtain the authentication information carried in the received authentication request response;
and authenticating according to the obtained authentication information, and if the authentication is successful, keeping the established data service connection.
3. The method of claim 1, wherein receiving the authentication request from the network-side device further comprises: and if the authentication request is a first authentication request, forwarding the first authentication request to host side equipment.
4. The method of claim 3, wherein forwarding the first authentication request to the host-side device further comprises:
receiving a first authentication request response from host side equipment, wherein the first authentication request response carries authentication information;
and sending the first authentication request response to the network side equipment.
5. The method of claim 4, wherein receiving the first authentication request response from the host-side device further comprises: and analyzing the first authentication request response to obtain and store the authentication information carried in the first authentication request response.
6. The method as claimed in claim 4 or 5, wherein said sending the first authentication request response to the network side device further comprises: the network side equipment analyzes the received first authentication request response to obtain the authentication information carried in the first authentication request response, authenticates according to the obtained authentication information, and establishes data service connection if the authentication is successful.
7. A terminal device, comprising:
an authentication request receiving unit, configured to receive an authentication request from a network side device;
the judging unit is used for judging whether authentication information is stored or not, if so, the authentication request is not a first authentication request, and if not, the received authentication request is a first authentication request; or, judging whether the authentication mark is the first authentication, if so, judging that the received authentication request is not the first authentication request, and if not, judging that the received authentication request is the first authentication request;
an authentication information acquisition unit for acquiring the stored authentication information when the authentication request is not the first authentication request;
and the authentication request response generating unit is used for generating and sending an authentication request response carrying the authentication information to the network side equipment when the authentication request is not the first authentication request.
8. The terminal device according to claim 7, wherein the terminal device further comprises an authentication request forwarding unit, configured to forward the first authentication request to the host-side device if a result of the determination is yes.
9. The terminal device of claim 8, wherein the terminal device further comprises:
a first authentication request response receiving unit, configured to receive a first authentication request response from the host side device, where the first authentication request response carries authentication information;
and the authentication request response forwarding unit is used for sending the first authentication request response to the network side equipment.
10. The terminal device of claim 9, wherein the terminal device further comprises:
and the analysis unit is used for analyzing the first authentication request response received by the first authentication request response receiving unit to obtain and store the authentication information carried in the first authentication request response.
CN2008100946465A 2008-04-24 2008-04-24 Method and terminal unit for launching re-authentication answering to network side equipment Expired - Fee Related CN101272387B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN2008100946465A CN101272387B (en) 2008-04-24 2008-04-24 Method and terminal unit for launching re-authentication answering to network side equipment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN2008100946465A CN101272387B (en) 2008-04-24 2008-04-24 Method and terminal unit for launching re-authentication answering to network side equipment

Publications (2)

Publication Number Publication Date
CN101272387A CN101272387A (en) 2008-09-24
CN101272387B true CN101272387B (en) 2011-04-13

Family

ID=40006074

Family Applications (1)

Application Number Title Priority Date Filing Date
CN2008100946465A Expired - Fee Related CN101272387B (en) 2008-04-24 2008-04-24 Method and terminal unit for launching re-authentication answering to network side equipment

Country Status (1)

Country Link
CN (1) CN101272387B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102025526B (en) * 2009-09-18 2014-06-11 华为技术有限公司 Method, device and system for preventing Internet deception

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1553727A (en) * 2003-05-27 2004-12-08 ����������ͨѶ�ɷ����޹�˾�Ͼ��ֹ� User information storing method for PHS mobile
CN1706207A (en) * 2002-03-28 2005-12-07 诺基亚公司 Method and system for re-authentication in IP multimedia core network system (IMS)

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1706207A (en) * 2002-03-28 2005-12-07 诺基亚公司 Method and system for re-authentication in IP multimedia core network system (IMS)
CN1553727A (en) * 2003-05-27 2004-12-08 ����������ͨѶ�ɷ����޹�˾�Ͼ��ֹ� User information storing method for PHS mobile

Also Published As

Publication number Publication date
CN101272387A (en) 2008-09-24

Similar Documents

Publication Publication Date Title
US10595266B2 (en) Sending and acquiring WiFi networking information
CN105376216B (en) A remote access method, proxy server and client
US9210729B2 (en) Communication system and method
CN105050081A (en) Method, device and system for connecting network access device to wireless network access point
RU2008107737A (en) INTERNET PROTOCOL (VoIP) TRANSFER MANAGEMENT
JP2007068161A (en) Distributed authentication function
WO2014086222A1 (en) Method and apparatus for setting video call parameters and sending capability parameters
CN111049831B (en) Generation control method and device of user hidden identifier and terminal
CN111327416A (en) Internet of things equipment access method and device and Internet of things platform
WO2014187241A1 (en) Method and wireless device for controlling disconnection of a wireless device in a wi-fi direct group of a wireless network
CN103220345B (en) Door device management method and door equipment and system
WO2013189398A2 (en) Application data push method, device, and system
CN101272387B (en) Method and terminal unit for launching re-authentication answering to network side equipment
HK1218357A1 (en) Audio/video communication method, terminal, server and platform
US7774464B2 (en) Automatic syncML client profile creation for new servers
CN103139733B (en) By the System and method for of note pull-up off-line application program
CN103152721A (en) Terminal, mobility management entity, system and network access method
CN104065717B (en) Browser communication means, system and SIM card based on mobile terminal
CN100488122C (en) System and method for network management
US7817638B2 (en) Method for promptly redialing a broadband access server
CN100496657C (en) Network game system and method for mobile terminal realizing network game
CN102111669B (en) Method, device and system for mobile television authentication
CN114630303B (en) A Bluetooth connection method, system, intelligent terminal and computer storage medium
CN1567859A (en) A method of access authentication for WLAN
US7756083B2 (en) Network access device, network connection establishing method, and mobile communication system using the same

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant
TR01 Transfer of patent right
TR01 Transfer of patent right

Effective date of registration: 20171102

Address after: Metro Songshan Lake high tech Industrial Development Zone, Guangdong Province, Dongguan City Road 523808 No. 2 South Factory (1) project B2 -5 production workshop

Patentee after: Huawei terminal (Dongguan) Co.,Ltd.

Address before: 518129 Longgang District, Guangdong, Bantian HUAWEI base B District, building 2, building No.

Patentee before: HUAWEI DEVICE Co.,Ltd.

CP01 Change in the name or title of a patent holder
CP01 Change in the name or title of a patent holder

Address after: 523808 Southern Factory Building (Phase I) Project B2 Production Plant-5, New Town Avenue, Songshan Lake High-tech Industrial Development Zone, Dongguan City, Guangdong Province

Patentee after: HUAWEI DEVICE Co.,Ltd.

Address before: 523808 Southern Factory Building (Phase I) Project B2 Production Plant-5, New Town Avenue, Songshan Lake High-tech Industrial Development Zone, Dongguan City, Guangdong Province

Patentee before: Huawei terminal (Dongguan) Co.,Ltd.

CF01 Termination of patent right due to non-payment of annual fee
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20110413