[go: up one dir, main page]

WO2013034056A1 - Method and system for processing location information - Google Patents

Method and system for processing location information Download PDF

Info

Publication number
WO2013034056A1
WO2013034056A1 PCT/CN2012/080518 CN2012080518W WO2013034056A1 WO 2013034056 A1 WO2013034056 A1 WO 2013034056A1 CN 2012080518 W CN2012080518 W CN 2012080518W WO 2013034056 A1 WO2013034056 A1 WO 2013034056A1
Authority
WO
WIPO (PCT)
Prior art keywords
authentication
location information
bng
aaa server
radius
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Ceased
Application number
PCT/CN2012/080518
Other languages
French (fr)
Chinese (zh)
Inventor
尤建洁
范亮
秦超
袁立权
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
ZTE Corp
Original Assignee
ZTE Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by ZTE Corp filed Critical ZTE Corp
Publication of WO2013034056A1 publication Critical patent/WO2013034056A1/en
Anticipated expiration legal-status Critical
Ceased legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • H04W4/02Services making use of location information
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0892Network architectures or network communication protocols for network security for authentication of entities by using authentication-authorization-accounting [AAA] servers or protocols
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/16Implementing security features at a particular protocol layer
    • H04L63/162Implementing security features at a particular protocol layer at the data link layer

Definitions

  • the present invention relates to the field of communications, and in particular, to a location information processing method and system. Background technique
  • the Residential Gateway connects the home network with the external network to provide connectivity, master control and coordination for the home network.
  • the International Standards Organization Broadband Forum (BBF) is working on the standardization of home gateway and home terminal equipment certification.
  • the scenarios involved include the authentication process of home terminal equipment accessing the BBF network through RG.
  • the RG initiates access authentication to the AN (Access Node).
  • the AN acts as the 802.1x authenticator and the Remote Authentication Dial In User Service (RADIUS).
  • the good end initiates an authentication request to the AAA (Authentication Authorization Accounting, Authentication, Authorization, and Accounting) server.
  • AAA Authentication Authorization Accounting, Authentication, Authorization, and Accounting
  • the authentication request message sent by the AN to the AAA server does not carry the location information of the RG, and the user equipment (UE) under the RG initiates a dynamic host allocation protocol (DHCP) to the BNG (Broadband Network Gateway).
  • DHCP dynamic host allocation protocol
  • the BNG local or AAA server does not have the location information of the UE (the location information of the UE accessing the network through the RG is the same as the location information of the RG), but in fact the location information has been authenticated in the RG authentication process.
  • the DHCP request initiated by the UE fails the authentication and cannot be accessed. This is obviously not conducive to normal communication of the UE.
  • the location information of a user has been authenticated, the user may still need to be authenticated again in the subsequent communication process.
  • the UE communication process is complicated. Summary of the invention
  • the main object of the present invention is to provide a location information processing method and system to avoid repeated authentication of a UE.
  • a location information processing method includes:
  • the home gateway RG acts as an 802.1x client and initiates an authentication request.
  • the access node AN acts as the 802. lx authenticator and the remote authentication dial-up user service RADIUS client, inserts the location information of the RG into the authentication request received, and sends it to the authentication, authorization, and accounting AAA server.
  • the process of inserting the location information of the RG into the received authentication request and sending the information to the AAA server includes:
  • the location information of the RG is inserted into the received authentication request, and the authentication request that has been inserted into the RG location information is encapsulated into a RADIUS packet, and the RADIUS packet is sent to the AAA server.
  • the method further includes:
  • the AAA server authenticates the RG and saves the location information of the RG when the authentication is passed.
  • the method further includes:
  • the broadband network gateway BNG perceives the RADIUS packet exchanged between the AN and the AAA server, if the RG passes the authentication, the BNG saves the location information of the RG;
  • the AAA When the BNG does not perceive the RADIUS protocol of the AN and the AAA server, if the RG passes the authentication, the AAA notifies the location information of the RG to the BNG corresponding to the RG; and/or, when the BNG receives the When the authentication request or the address request of the UE accessed by the RG does not have the authentication information of the UE locally, the AAA server queries the AAA server.
  • the location information of the RG is a link identifier.
  • a location information processing system including RG, AN; wherein
  • the RG is used as an 802.1x client to initiate an authentication request.
  • the AN is used as an 802.1x authenticator and a RADIUS client, and inserts the location information of the RG into the received authentication request, and sends the location information to the AAA server.
  • the AN inserts the location information of the RG into the received authentication request and sends it to the AAA server for:
  • the location information of the RG is inserted into the received authentication request, and the authentication request that has been inserted into the RG location information is encapsulated into a RADIUS packet, and the RADIUS packet is sent to the AAA server for reference for subsequent authentication.
  • the AAA server is further configured to:
  • the RG is authenticated and the location information of the RG is saved when the authentication is passed.
  • system further includes BNG;
  • the BNG When the BNG perceives the RADIUS packet exchanged between the AN and the AAA server, the BNG is used to: if the RG passes the authentication, save the location information of the RG;
  • the BNG When the BNG does not perceive the RADIUS protocol of the AN interacting with the AAA server, the BNG is used to:
  • the BNG corresponding to the RG receives the location information of the RG notified by the AAA; and/or,
  • the BNG When the BNG receives the authentication request or the address request from the UE accessed by the RG, if there is no authentication information of the UE locally, the BNG queries the AAA server.
  • the location information of the RG is a link identifier.
  • the location information processing technology of the present invention enables the UE that has passed the location information to be authenticated without re-authentication in the subsequent communication process, thereby avoiding repeated authentication of the UE and simplifying the communication process.
  • the location information of the RG is also associated with the authentication, the security of the authentication can be further enhanced, and problems such as illegal access can be better avoided.
  • FIG. 1 is a flowchart of position information processing according to Embodiment 1 of the present invention.
  • FIG. 2 is a flow chart of position information processing according to Embodiment 2 of the present invention.
  • Embodiment 3 is a flowchart of location information processing according to Embodiment 3 of the present invention.
  • Embodiment 4 is a flowchart of location information processing according to Embodiment 4 of the present invention.
  • FIG. 5 is a schematic diagram of a process of processing location information according to an embodiment of the present invention. detailed description
  • the RG can be used as an 802.1x client to initiate an authentication request.
  • the AN as an 802.1x authenticator and a RADIUS client, inserts the location information of the RG into the received authentication request, and inserts the location into the RG.
  • the authentication request of the information is encapsulated into a RADIUS packet, and the RADIUS packet is sent to the AAA server for use as a reference for subsequent authentication.
  • the location information of the RG may be a link ID.
  • the AAA server can authenticate the RG and save the location information of the RG when the authentication is passed.
  • the BNG receives the authentication request or the address request of the UE connected to the RG, if there is no authentication information of the UE locally, such as the UE. Location information), then query the AAA server.
  • the RADIUS protocol of the AN interacting with the AAA server can pass the BNG, and the BNG has the capability to obtain the location information of the RG. If the RG passes the authentication, the BNG saves the location information of the RG. Specifically, if the RG is authenticated, the AAA server can notify the location information of the RG to the BNG corresponding to the RG.
  • Figure 1 depicts the RG as the authentication access process of the 802.1x client.
  • the location information of the RG inserted into the RG is sent to the AAA server via the BNG, and the BNG senses the RG authentication process.
  • the process shown in Figure 1 includes the following steps:
  • RG acts as an 802.1x client, attaches to the Ethernet, and initiates the authentication protocol (EAPoL) Start) to ask for authentication.
  • EAPoL authentication protocol
  • the AN After receiving the EAPoL Start message sent by the RG, the AN sends an EAP Identity Request message to the RG to notify the RG to report the user name.
  • the RG After receiving the EAP Identity Request message sent by the AN, the RG sends an EAP Identity Response message to the AN, which carries the user name.
  • the AN encapsulates the received EAP Identity Response message into the RADIUS Access Request message and inserts the location information corresponding to the RG, such as the link ID (Line ID) / line ID (Line ID). For example: the virtual LAN ID (vlan-id) and the Layer 2 port number of the switch port to which the RG is connected. After that, the AN sends a RADIUS Access Request packet to the BNG.
  • the BNG acts as the RADIUS proxy (RADIUS proxy) and is aware of the RG authentication process. That is, the BNG can read the RG location information and other parameters. Further, the BNG sends a RADIUS Access Request message to the AAA server.
  • RADIUS proxy RADIUS proxy
  • the AAA server replies to the authentication access response (RADIUS Access Response) message to the challenge (Challenge d
  • the BNG forwards the received RADIUS Access Response packet to the AN.
  • the AN unblocks the EAP packet from the received RADIUS Access Response packet and sends the EAP packet to the RG.
  • the RG After receiving the EAP packet sent by the AN, the RG replies to the AN, which carries the Challenged Password.
  • the AN After receiving the RG reply, the AN encapsulates the EAP packet into a RADIUS Access Request packet and sends it to the BNG.
  • the BNG forwards the received RADIUS Access Request message to the AAA server. 12. If the RG passes the authentication, the AAA server replies to the authentication access accept (RADIUS Access Accept) The message is sent to the BNG. If the RG fails to pass the authentication, the AAA server replies to the RADIUS Access Reject message to the BNG.
  • the BNG saves the location information of the RG, such as the link identifier/line identifier, for example: the vlan-id and the layer 2 port number of the switch port connected to the RG.
  • the BNG sends a RADIUS Access Request message to the AN. If the RG authentication fails, the BNG forwards the RADIUS Access Reject packet to the AN.
  • the authentication protocol is successfully sent to the RG. If the RG authentication fails, the authentication protocol failure packet is sent to the RG.
  • Figure 2 depicts the RG as the authentication access process of the 802.1x client.
  • the location information of the AN inserted into the RG is sent to the AAA server.
  • the process shown in Figure 2 includes the following steps:
  • the RG attaches to the Ethernet and initiates an authentication protocol start message to request authentication.
  • the AN After receiving the EAPoL Start message sent by the RG, the AN sends an authentication protocol ID request message to the RG to notify the RG to report the user name.
  • the RG After receiving the EAP Identity Request message sent by the AN, the RG returns the authentication protocol ID response message to the AN, which carries the user name.
  • the AN encapsulates the received EAP Identity Response packet into the authentication access request packet, and inserts the location information corresponding to the RG, such as the link identifier/line identifier. For example: vlan of the switch port connected by the RG Id and Layer 2 port number. After that, the AN sends the RADIUS Access Request packet to the AAA server.
  • the AAA server replies to the authentication access response packet to the AN, which carries the EAP challenge.
  • the AN unblocks the EAP packet from the received RADIUS Access Response packet and sends the EAP packet to the RG.
  • the RG After receiving the EAP packet sent by the AN, the RG replies to the AN, which carries the pick Battle password.
  • the AN After receiving the RG reply packet, the AN encapsulates the EAP packet into a RADIUS Access Request packet and sends it to the AAA server.
  • the AAA server saves the location information of the RG, such as the link identifier/line identifier. For example, the vlan-id and the Layer 2 port number of the switch port connected to the RG.
  • the AAA server replies to the authentication access accept message to the AN. If the RG fails to pass the authentication, the AAA server replies to the authentication access reject message to the AN.
  • the AN unblocks the EAP packet. If the RG authentication succeeds, the EAP Success packet is sent to the RG. If the RG authentication fails, the EAP-Failure packet is sent to the RG.
  • FIG. 3 illustrates a process in which a UE connected to the RG initiates a DHCP request, in which the BNG to the AAA server queries whether the location information of the UE is legal.
  • the process shown in Figure 3 includes the following steps:
  • the UE sends a broadcast DHCP Discovery (Discover) message on the physical subnet to find an available DHCP server.
  • Discover broadcast DHCP Discovery
  • the AN receives the DHCP Discover message from the UE and inserts the DHCP option (Option) 82.
  • This option contains the location information of the UE, such as the link identifier. For example: vlan-id and Layer 2 of the switch port connected to the RG. The port number is forwarded to the BNG.
  • the BNG If there is no authentication information of the UE locally, the BNG queries the AAA server. The BNG sends a RADIUS Access Request packet to the AAA server, where the packet carries the location information of the user. Specifically, the BNG converts the Option 82 option to the network access server port identifier.
  • NAS-Port-ID (representing the physical location information of the UE, which is an attribute parameter of the Radius message).
  • the AAA server determines that the location information of the UE has been authenticated (refer to the process of FIG. 2: the RG authentication process, and the RG and the UE have the same location information)
  • the RADIUS is sent to the BNG. Access Accept message; if the UE is not authenticated, it will reply to the authentication access reject message to the BNG.
  • the BNG sends a DHCP Discover message to the DHCP server. If the authentication fails, the BNG sends a reject message to the UE through the AN, and the process ends.
  • the DHCP server After the DHCP server receives the DHCP Discover message, it is equivalent to receiving the IP lease request from the BNG for the DHCP server. Therefore, the DHCP server provides an IP lease and reserves the IP address for the UE, and then replies to the BNG with a DHCP response (DHCP). Offer ) A packet carrying an IPv4 address.
  • the BNG After receiving the DHCP Offer message replied by the DHCP server, the BNG forwards it to
  • the AN replies to the UE with a DHCP Offer message, which carries an IPv4 address.
  • the UE sends a DHCP Request message to the AN and all other DHCP servers, where the IP of the DHCP server providing the IP lease is used to inform all other DHCP servers that the UE has accepted the IP lease.
  • the AN forwards the DHCP Request message received from the UE to the BNG.
  • the BNG sends a DHCP Request message to the DHCP server.
  • the DHCP server replies with a DHCP acknowledgment (DHCPAck) message to the BNG.
  • DHCPAck DHCP acknowledgment
  • the BNG replies to the DHCP Ack packet to the AN.
  • the AN replies to the DHCP Ack message to the UE.
  • Figure 4 depicts the RG as the authentication access process of the 802.1x client.
  • the AN inserts the location information of the RG and sends it to the AAA server. If the RG passes the authentication, the AAA server notifies the BNG of the location information of the RG.
  • the process shown in Figure 4 includes the following steps:
  • the RG attaches to the Ethernet and initiates an authentication protocol start message to request authentication.
  • the AN After receiving the EAPoL Start message sent by the RG, the AN sends an authentication protocol ID request message to the RG to notify the RG to report the user name. 3. After receiving the EAP Identity Request message sent by the AN, the RG returns the authentication protocol ID response message to the AN, which carries the user name.
  • the AN encapsulates the received EAP Identity Response packet into the authentication access request packet, and inserts the location information corresponding to the RG, such as the link identifier/line identifier. For example: vlan of the switch port connected by the RG Id and Layer 2 port number.
  • the AN RADIUS Access Request packet is sent to the AAA server.
  • the AAA server replies to the authentication access response packet to the AN, which carries the EAP challenge.
  • the AN unblocks the EAP packet from the received RADIUS Access Response packet and sends the EAP packet to the RG.
  • the RG After receiving the EAP packet sent by the AN, the RG replies to the AN, and the packet carries the challenge password.
  • the AN After receiving the RG reply packet, the AN encapsulates the EAP packet into a RADIUS Access Request packet and sends it to the AAA server.
  • the AAA server sends the location information of the RG (such as the link identifier/line identifier, for example, the vlan-id and the Layer 2 port number of the switch port connected to the RG) to the BNG. Specifically, the AAA server finds the corresponding BNG according to the link information or other static configuration information.
  • the AAA server replies to the authentication access accept message to the AN. If the RG fails to pass the authentication, the AAA server replies to the authentication access reject message to the AN.
  • the authentication protocol is successfully sent to the RG. If the RG authentication fails, the authentication protocol failure packet is sent to the RG.
  • the operation of the present invention for processing location information may represent a process as shown in FIG. 5, and the process includes the following steps:
  • Step 510 The RG acts as an 802.1x client and initiates an authentication request.
  • the authentication request may be in various forms, such as: at least one of the first three steps shown in FIG. 2, such as the start of the authentication protocol. Messages.
  • Step 520 The AN, as the 802.1x authenticator and the RADIUS client, inserts the location information of the RG into the received authentication request, and sends the location information to the AAA server. Specifically, the authentication request that has been inserted into the RG location information is encapsulated into a RADIUS packet, and the RADIUS packet is sent to the AAA server for reference for subsequent authentication.
  • the location information of the RG may be a link identifier or the like.
  • the system includes the RG and the AN, and the foregoing technical content implemented by the RG and the AN.
  • the location information processing technology of the present invention enables the UE whose location information has been authenticated to pass through, and does not need to be used again in the subsequent communication process. Authentication eliminates repeated UE authentication and simplifies the communication process. In addition, since the location information of the RG is also associated with the authentication, the security of the authentication can be further enhanced, and problems such as access to the method can be better avoided.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Business, Economics & Management (AREA)
  • Accounting & Taxation (AREA)
  • Computer And Data Communications (AREA)
  • Small-Scale Networks (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

Disclosed are a method and a system for processing location information. A residential gateway (RG), serving as an 802.1x client, initiates an authentication request (510). An access node (AN), serving as an 802.1x authenticator and a Remote Authentication Dial In User Service (RADIUS) client, inserts the location information of the RG in the received authentication request and sends the authentication request to an Authentication Authorization and Accounting (AAA) server (520) for reference by subsequent authentication. By means of the technology for processing location information of the present invention, a UE whose location information has passed the authentication does not need to be authenticated again during the subsequent communication process, so repeated authentication of the UE is avoided and the communication process is simplified. In addition, as the location information of an RG is associated at the same time during the authentication, the security of authentication is further enhanced, thereby better avoiding the problems such as illegal access.

Description

一种位置信息处理方法和系统 技术领域  Position information processing method and system

本发明涉及通信领域, 具体涉及一种位置信息处理方法和系统。 背景技术  The present invention relates to the field of communications, and in particular, to a location information processing method and system. Background technique

随着网络技术的发展和用户对业务的需求, 家庭网络中的终端设备逐 渐多样化、 智能化。 家庭网关(Residential Gateway, RG )作为集中式智能 接口, 将家庭网络和外部网络联系起来, 为家庭网络提供联接、 总控及协 调。  With the development of network technology and the demand of users for services, terminal devices in home networks are gradually diversified and intelligent. As a centralized intelligent interface, the Residential Gateway (RG) connects the home network with the external network to provide connectivity, master control and coordination for the home network.

目前, 国际性标准组织宽带论坛 ( Broadband Forum, BBF )正在进行 家庭网关、 家庭终端设备认证的标准化工作, 涉及的场景包括家庭终端设 备通过 RG从 BBF 网络接入的认证过程。 RG作为 802.1x客服端向 AN ( Access Node, 接入节点 )发起接入认证, 此时 AN作为 802.1x认证器及 远程认证拔号用户月良务 ( Remote Authentication Dial In User Service , RADIUS )客月良端向 AAA ( Authentication Authorization Accounting , 认证、 授权和计费)服务器发起认证请求。  At present, the International Standards Organization Broadband Forum (BBF) is working on the standardization of home gateway and home terminal equipment certification. The scenarios involved include the authentication process of home terminal equipment accessing the BBF network through RG. As an 802.1x client, the RG initiates access authentication to the AN (Access Node). At this time, the AN acts as the 802.1x authenticator and the Remote Authentication Dial In User Service (RADIUS). The good end initiates an authentication request to the AAA (Authentication Authorization Accounting, Authentication, Authorization, and Accounting) server.

根据现有技术, AN向 AAA服务器发送的认证请求消息中不会携带 RG 的位置信息, 当 RG 下的用户设备(UE ) 向 BNG ( Broadband Network Gateway, 宽带网络网关)发起动态主机分配协议( DHCP )请求时, BNG 本地或 AAA服务器都没有该 UE的位置信息 (通过 RG接入网络的 UE的 位置信息与 RG的位置信息相同), 而实际上该位置信息在 RG的认证过程 中已通过认证。 根据现有技术, UE发起的 DHCP请求将认证失败, 无法接 入。 这显然不利于 UE的正常通信。 另外, 即使某用户的位置信息已经认证 过, 则该用户在后续通信过程中仍有可能需要再次认证, 这种重复认证必 然导致 UE通信过程复杂化。 发明内容 According to the prior art, the authentication request message sent by the AN to the AAA server does not carry the location information of the RG, and the user equipment (UE) under the RG initiates a dynamic host allocation protocol (DHCP) to the BNG (Broadband Network Gateway). When requesting, the BNG local or AAA server does not have the location information of the UE (the location information of the UE accessing the network through the RG is the same as the location information of the RG), but in fact the location information has been authenticated in the RG authentication process. . According to the prior art, the DHCP request initiated by the UE fails the authentication and cannot be accessed. This is obviously not conducive to normal communication of the UE. In addition, even if the location information of a user has been authenticated, the user may still need to be authenticated again in the subsequent communication process. However, the UE communication process is complicated. Summary of the invention

有鉴于此, 本发明的主要目的在于提供一种位置信息处理方法和系统, 以避免 UE的重复认证。  In view of this, the main object of the present invention is to provide a location information processing method and system to avoid repeated authentication of a UE.

为达到上述目的, 本发明的技术方案是这样实现的:  In order to achieve the above object, the technical solution of the present invention is achieved as follows:

一种位置信息处理方法, 包括:  A location information processing method includes:

家庭网关 RG作为 802.1x客户端, 发起认证请求;  The home gateway RG acts as an 802.1x client and initiates an authentication request.

接入节点 AN作为 802. lx认证器和远程认证拨号用户服务 RADIUS客 户端, 在收到的所述认证请求中插入 RG的位置信息, 并发送给认证、授权 和计费 AAA服务器。  The access node AN acts as the 802. lx authenticator and the remote authentication dial-up user service RADIUS client, inserts the location information of the RG into the authentication request received, and sends it to the authentication, authorization, and accounting AAA server.

其中, 在收到的所述认证请求中插入 RG的位置信息, 并发送给 AAA 服务器的过程包括:  The process of inserting the location information of the RG into the received authentication request and sending the information to the AAA server includes:

在收到的所述认证请求中插入 RG的位置信息,并将已插入 RG位置信 息的认证请求封装成 RADIUS报文, 再将该 RADIUS报文发送给 AAA服 务器。  The location information of the RG is inserted into the received authentication request, and the authentication request that has been inserted into the RG location information is encapsulated into a RADIUS packet, and the RADIUS packet is sent to the AAA server.

其中, 该方法还包括:  The method further includes:

AAA服务器对 RG进行认证, 并在认证通过时保存 RG的位置信息。 其中, 该方法还包括:  The AAA server authenticates the RG and saves the location information of the RG when the authentication is passed. The method further includes:

当宽带网络网关 BNG感知 AN与 AAA服务器交互的 RADIUS报文时, 若 RG通过认证, 则 BNG保存 RG的位置信息;  When the broadband network gateway BNG perceives the RADIUS packet exchanged between the AN and the AAA server, if the RG passes the authentication, the BNG saves the location information of the RG;

当所述 BNG不感知 AN与 AAA服务器交互的 RADIUS 4艮文时,若 RG 通过认证, 则 AAA将 RG的位置信息通知给与该 RG对应的 BNG; 和 /或, 当 BNG收到从所述 RG接入的 UE的认证请求或地址请求时, 若本地 没有该 UE的认证信息, 则向 AAA服务器查询。  When the BNG does not perceive the RADIUS protocol of the AN and the AAA server, if the RG passes the authentication, the AAA notifies the location information of the RG to the BNG corresponding to the RG; and/or, when the BNG receives the When the authentication request or the address request of the UE accessed by the RG does not have the authentication information of the UE locally, the AAA server queries the AAA server.

其中, 所述 RG的位置信息为链路标识。 一种位置信息处理系统, 包括 RG、 AN; 其中, The location information of the RG is a link identifier. A location information processing system, including RG, AN; wherein

所述 RG, 用于作为 802.1x客户端, 发起认证请求;  The RG is used as an 802.1x client to initiate an authentication request.

所述 AN, 用于作为 802.1x认证器和 RADIUS客户端, 在收到的所述 认证请求中插入 RG的位置信息, 并发送给 AAA服务器。  The AN is used as an 802.1x authenticator and a RADIUS client, and inserts the location information of the RG into the received authentication request, and sends the location information to the AAA server.

其中, 所述 AN在收到的所述认证请求中插入 RG的位置信息,并发送 给 AAA服务器时, 用于:  The AN inserts the location information of the RG into the received authentication request and sends it to the AAA server for:

在收到的所述认证请求中插入 RG的位置信息,并将已插入 RG位置信 息的认证请求封装成 RADIUS报文, 再将该 RADIUS报文发送给 AAA服 务器, 用于作为后续认证的参考。  The location information of the RG is inserted into the received authentication request, and the authentication request that has been inserted into the RG location information is encapsulated into a RADIUS packet, and the RADIUS packet is sent to the AAA server for reference for subsequent authentication.

其中, 所述 AAA服务器还用于:  The AAA server is further configured to:

对 RG进行认证, 并在认证通过时保存 RG的位置信息。  The RG is authenticated and the location information of the RG is saved when the authentication is passed.

其中, 该系统还包括 BNG;  Wherein, the system further includes BNG;

当所述 BNG感知 AN与 AAA服务器交互的 RADIUS报文时,所述 BNG 用于: 若 RG通过认证, 则保存 RG的位置信息;  When the BNG perceives the RADIUS packet exchanged between the AN and the AAA server, the BNG is used to: if the RG passes the authentication, save the location information of the RG;

当所述 BNG不感知 AN与 AAA服务器交互的 RADIUS 4艮文时, 所述 BNG用于:  When the BNG does not perceive the RADIUS protocol of the AN interacting with the AAA server, the BNG is used to:

若 RG通过认证, 则与该 RG对应的 BNG接收 AAA所通知的 RG的 位置信息; 和 /或,  If the RG passes the authentication, the BNG corresponding to the RG receives the location information of the RG notified by the AAA; and/or,

当 BNG收到从所述 RG接入的 UE的认证请求或地址请求时, 若本地 没有该 UE的认证信息, 则向 AAA服务器查询。  When the BNG receives the authentication request or the address request from the UE accessed by the RG, if there is no authentication information of the UE locally, the BNG queries the AAA server.

其中, 所述 RG的位置信息为链路标识。  The location information of the RG is a link identifier.

本发明的位置信息处理技术, 使得位置信息已经认证通过的 UE, 在后 续通信过程中无须再次认证, 避免了 UE的重复认证, 简化了通信流程。 另 外, 由于在认证时同时关联了 RG的位置信息, 因而能进一步加强认证的安 全性, 能够更好地避免非法接入等问题。 附图说明 The location information processing technology of the present invention enables the UE that has passed the location information to be authenticated without re-authentication in the subsequent communication process, thereby avoiding repeated authentication of the UE and simplifying the communication process. In addition, since the location information of the RG is also associated with the authentication, the security of the authentication can be further enhanced, and problems such as illegal access can be better avoided. DRAWINGS

图 1为本发明实施 1的位置信息处理流程图;  1 is a flowchart of position information processing according to Embodiment 1 of the present invention;

图 2为本发明实施 2的位置信息处理流程图;  2 is a flow chart of position information processing according to Embodiment 2 of the present invention;

图 3为本发明实施 3的位置信息处理流程图;  3 is a flowchart of location information processing according to Embodiment 3 of the present invention;

图 4为本发明实施 4的位置信息处理流程图;  4 is a flowchart of location information processing according to Embodiment 4 of the present invention;

图 5为本发明实施的位置信息处理流程简图。 具体实施方式  FIG. 5 is a schematic diagram of a process of processing location information according to an embodiment of the present invention. detailed description

在实际应用中, 可以由 RG作为 802.1x客户端, 发起认证请求; AN作 为 802.1x认证器和 RADIUS客户端, 在收到的所述认证请求中插入 RG的 位置信息, 并将已插入 RG位置信息的认证请求封装成 RADIUS报文, 再 将该 RADIUS报文发送给 AAA服务器, 用于作为后续认证的参考。 所述 RG的位置信息可以为链路标识( Circuit ID )。  In an actual application, the RG can be used as an 802.1x client to initiate an authentication request. The AN, as an 802.1x authenticator and a RADIUS client, inserts the location information of the RG into the received authentication request, and inserts the location into the RG. The authentication request of the information is encapsulated into a RADIUS packet, and the RADIUS packet is sent to the AAA server for use as a reference for subsequent authentication. The location information of the RG may be a link ID.

AAA服务器可以对 RG进行认证, 并在认证通过时保存 RG的位置信 当 BNG收到接在所述 RG下的 UE的认证请求或地址请求时, 若本地 没有该 UE的认证信息 (如 UE的位置信息), 则向 AAA服务器查询。  The AAA server can authenticate the RG and save the location information of the RG when the authentication is passed. When the BNG receives the authentication request or the address request of the UE connected to the RG, if there is no authentication information of the UE locally, such as the UE. Location information), then query the AAA server.

可选地, AN与 AAA服务器交互的 RADIUS 4艮文可以经过 BNG, BNG 有能力获取 RG的位置信息。 若 RG通过认证, 则 BNG保存 RG的位置信 息。 具体而言, 若 RG通过认证, AAA服务器可以将 RG的位置信息通知 给与该 RG对应的 BNG。  Optionally, the RADIUS protocol of the AN interacting with the AAA server can pass the BNG, and the BNG has the capability to obtain the location information of the RG. If the RG passes the authentication, the BNG saves the location information of the RG. Specifically, if the RG is authenticated, the AAA server can notify the location information of the RG to the BNG corresponding to the RG.

下面将结合附图和实施例对本发明进行详细描述。  The invention will now be described in detail in conjunction with the drawings and embodiments.

参见图 1 , 图 1描述了 RG作为 802.1x客服端的认证接入过程,该过程 中, AN插入 RG的位置信息经由 BNG发送到 AAA服务器, BNG感知 RG 的认证过程。 图 1所示流程包括以下步驟:  Referring to Figure 1, Figure 1 depicts the RG as the authentication access process of the 802.1x client. In this process, the location information of the RG inserted into the RG is sent to the AAA server via the BNG, and the BNG senses the RG authentication process. The process shown in Figure 1 includes the following steps:

1、 RG作为 802.1x客户端,附着到以太网,并发起认证协议开始( EAPoL Start )才艮文, 以请求认证。 1. RG acts as an 802.1x client, attaches to the Ethernet, and initiates the authentication protocol (EAPoL) Start) to ask for authentication.

2、 AN收到 RG发送的 EAPoL Start报文后, 向 RG发送认证协议 ID 请求( EAP Identity Request )报文, 用于通知 RG上报用户名。  2. After receiving the EAPoL Start message sent by the RG, the AN sends an EAP Identity Request message to the RG to notify the RG to report the user name.

3、 收到 AN发送的 EAP Identity Request报文后, RG回复认证协议 ID 应答( EAP Identity Response )报文给 AN, 其中携带有用户名。  3. After receiving the EAP Identity Request message sent by the AN, the RG sends an EAP Identity Response message to the AN, which carries the user name.

4、 AN 将收到的 EAP Identity Response 4艮文封装到认证接入请求 ( RADIUS Access Request )报文中, 同时插入 RG对应的位置信息, 如链 路标识( Circuit ID ) /线路标识( Line ID ), 举例来说: RG所连接交换机端 口的虚拟局域网标识( vlan-id )及二层端口号。之后, AN将 RADIUS Access Request报文发送给 BNG。  4. The AN encapsulates the received EAP Identity Response message into the RADIUS Access Request message and inserts the location information corresponding to the RG, such as the link ID (Line ID) / line ID (Line ID). For example: the virtual LAN ID (vlan-id) and the Layer 2 port number of the switch port to which the RG is connected. After that, the AN sends a RADIUS Access Request packet to the BNG.

5、 BNG作为 RADIUS Proxy ( RADIUS代理), 感知 RG的认证过程, 即 BNG能读取 RG的位置信息等参数。进一步地, BNG将 RADIUS Access Request报文发送给 AAA服务器。  5. The BNG acts as the RADIUS proxy (RADIUS proxy) and is aware of the RG authentication process. That is, the BNG can read the RG location information and other parameters. Further, the BNG sends a RADIUS Access Request message to the AAA server.

6、 AAA服务器回复认证接入响应( RADIUS Access Response )报文给 挑战(Challenge d  6. The AAA server replies to the authentication access response (RADIUS Access Response) message to the challenge (Challenge d

7、 BNG将收到的 RADIUS Access Response报文转发给 AN。  7. The BNG forwards the received RADIUS Access Response packet to the AN.

8、 AN从收到的 RADIUS Access Response报文中解封出 EAP报文, 并将该 EAP报文发送给 RG。  8. The AN unblocks the EAP packet from the received RADIUS Access Response packet and sends the EAP packet to the RG.

9、 收到 AN发送的 EAP报文后, RG回复报文给 AN, 其中携带有挑 战密码 ( Challenged Password )。  9. After receiving the EAP packet sent by the AN, the RG replies to the AN, which carries the Challenged Password.

10、 收到 RG回复的报文后, AN将 EAP报文封装到 RADIUS Access Request报文中发送给 BNG。  10. After receiving the RG reply, the AN encapsulates the EAP packet into a RADIUS Access Request packet and sends it to the BNG.

11、 BNG将收到的 RADIUS Access Request报文转发给 AAA服务器。 12、若 RG通过认证,则 AAA服务器回复认证接入接受( RADIUS Access Accept )报文给 BNG; 若 RG没有通过认证, 则 AAA服务器回复认证接入 拒绝( RADIUS Access Reject )报文给 BNG。 11. The BNG forwards the received RADIUS Access Request message to the AAA server. 12. If the RG passes the authentication, the AAA server replies to the authentication access accept (RADIUS Access Accept) The message is sent to the BNG. If the RG fails to pass the authentication, the AAA server replies to the RADIUS Access Reject message to the BNG.

13、 若 RG认证成功, 则 BNG保存该 RG的位置信息, 如链路标识 / 线路标识, 举例来说: RG所连接交换机端口的 vlan-id及二层端口号。 并 且, BNG将 RADIUS Access Request报文发送给 AN。 若 RG认证失败, 则 BNG将 RADIUS Access Reject报文转发给 AN。  13. If the RG authentication succeeds, the BNG saves the location information of the RG, such as the link identifier/line identifier, for example: the vlan-id and the layer 2 port number of the switch port connected to the RG. The BNG sends a RADIUS Access Request message to the AN. If the RG authentication fails, the BNG forwards the RADIUS Access Reject packet to the AN.

14、 AN解封出 EAP才艮文, 若 RG认证成功, 则发送认证协议成功报 文给 RG; 若 RG认证失败, 则发送认证协议失败报文给 RG。  If the RG authentication succeeds, the authentication protocol is successfully sent to the RG. If the RG authentication fails, the authentication protocol failure packet is sent to the RG.

参见图 2, 图 2描述了 RG作为 802.1x客服端的认证接入过程,该过程 中, AN插入 RG的位置信息发送给 AAA服务器。 图 2所示流程包括以下 步驟:  Referring to Figure 2, Figure 2 depicts the RG as the authentication access process of the 802.1x client. In this process, the location information of the AN inserted into the RG is sent to the AAA server. The process shown in Figure 2 includes the following steps:

1、 RG作为 802.1x客户端, 附着到以太网, 并发起认证协议开始报文, 以请求认证。  1. As an 802.1x client, the RG attaches to the Ethernet and initiates an authentication protocol start message to request authentication.

2、 AN收到 RG发送的 EAPoL Start报文后, 向 RG发送认证协议 ID 请求报文, 用于通知 RG上报用户名。  2. After receiving the EAPoL Start message sent by the RG, the AN sends an authentication protocol ID request message to the RG to notify the RG to report the user name.

3、 收到 AN发送的 EAP Identity Request报文后, RG回复认证协议 ID 应答报文给 AN, 其中携带有用户名。  3. After receiving the EAP Identity Request message sent by the AN, the RG returns the authentication protocol ID response message to the AN, which carries the user name.

4、 AN将收到的 EAP Identity Response报文封装到认证接入请求报文 中, 同时插入 RG对应的位置信息, 如链路标识 /线路标识, 举例来说: RG 所连接交换机端口的 vlan-id及二层端口号。 之后, AN将 RADIUS Access Request报文发送给 AAA服务器。  4. The AN encapsulates the received EAP Identity Response packet into the authentication access request packet, and inserts the location information corresponding to the RG, such as the link identifier/line identifier. For example: vlan of the switch port connected by the RG Id and Layer 2 port number. After that, the AN sends the RADIUS Access Request packet to the AAA server.

5、 AAA服务器回复认证接入响应报文给 AN, 其中携带有 EAP挑战。 5. The AAA server replies to the authentication access response packet to the AN, which carries the EAP challenge.

6、 AN从收到的 RADIUS Access Response报文中解封出 EAP报文, 并将该 EAP报文发送给 RG。 6. The AN unblocks the EAP packet from the received RADIUS Access Response packet and sends the EAP packet to the RG.

7、 收到 AN发送的 EAP报文后, RG回复报文给 AN, 其中携带有挑 战密码。 7. After receiving the EAP packet sent by the AN, the RG replies to the AN, which carries the pick Battle password.

8、 收到 RG回复的报文后, AN将 EAP报文封装到 RADIUS Access Request报文中发送给 AAA服务器。  8. After receiving the RG reply packet, the AN encapsulates the EAP packet into a RADIUS Access Request packet and sends it to the AAA server.

9、 若 RG通过认证, 则 AAA服务器保存该 RG的位置信息, 如链路 标识 /线路标识,举例来说: RG所连接交换机端口的 vlan-id及二层端口号。 并且, AAA服务器回复认证接入接受报文给 AN; 若 RG没有通过认证, 则 AAA服务器回复认证接入拒绝报文给 AN。  9. If the RG is authenticated, the AAA server saves the location information of the RG, such as the link identifier/line identifier. For example, the vlan-id and the Layer 2 port number of the switch port connected to the RG. The AAA server replies to the authentication access accept message to the AN. If the RG fails to pass the authentication, the AAA server replies to the authentication access reject message to the AN.

10、 AN解封出 EAP报文,若 RG认证成功,则发送认证协议成功( EAP Success )报文给 RG; 若 RG认证失败,则发送认证协议失败( EAP-Failure ) 报文给 RG。  10. The AN unblocks the EAP packet. If the RG authentication succeeds, the EAP Success packet is sent to the RG. If the RG authentication fails, the EAP-Failure packet is sent to the RG.

参见图 3, 图 3描述了接在 RG下的 UE发起 DHCP请求的过程, 该过 程中, BNG到 AAA服务器查询 UE的位置信息是否合法。 图 3所示流程包 括以下步驟:  Referring to FIG. 3, FIG. 3 illustrates a process in which a UE connected to the RG initiates a DHCP request, in which the BNG to the AAA server queries whether the location information of the UE is legal. The process shown in Figure 3 includes the following steps:

1、 UE在物理子网上发送广播的 DHCP发现(Discover )报文, 用于寻 找可用的 DHCP服务器。  1. The UE sends a broadcast DHCP Discovery (Discover) message on the physical subnet to find an available DHCP server.

2、 AN收到来自 UE的 DHCP Discover报文,插入 DHCP选项( Option ) 82 (该选项包含 UE的位置信息, 如链路标识, 举例来说: RG所连接交换 机端口的 vlan-id及二层端口号)后转发给 BNG。  2. The AN receives the DHCP Discover message from the UE and inserts the DHCP option (Option) 82. (This option contains the location information of the UE, such as the link identifier. For example: vlan-id and Layer 2 of the switch port connected to the RG. The port number is forwarded to the BNG.

3、 若本地没有该 UE的认证信息, 则 BNG向 AAA服务器查询。 BNG 向 AAA服务器发送 RADIUS Access Request报文, 该报文中携带有用户的 位置信息。 具体地, BNG将 Option82选项转换为网络接入服务器端口标识 3. If there is no authentication information of the UE locally, the BNG queries the AAA server. The BNG sends a RADIUS Access Request packet to the AAA server, where the packet carries the location information of the user. Specifically, the BNG converts the Option 82 option to the network access server port identifier.

( NAS-Port-ID )信息(表示 UE的物理位置信息, 是 Radius报文的属性参 数)。 (NAS-Port-ID) information (representing the physical location information of the UE, which is an attribute parameter of the Radius message).

4、 若 AAA服务器判断出 UE的位置信息已经认证过(参照图 2的流 程: RG的认证过程, RG与 UE的位置信息相同),则向 BNG发送 RADIUS Access Accept报文; 若 UE没有认证过, 则回复认证接入拒绝报文给 BNG。4. If the AAA server determines that the location information of the UE has been authenticated (refer to the process of FIG. 2: the RG authentication process, and the RG and the UE have the same location information), the RADIUS is sent to the BNG. Access Accept message; if the UE is not authenticated, it will reply to the authentication access reject message to the BNG.

5、 若 UE认证通过, 则 BNG向 DHCP服务器发送 DHCP Discover报 文; 如果没有通过认证, 则 BNG通过 AN发送拒绝报文给 UE, 结束流程。 5. If the UE passes the authentication, the BNG sends a DHCP Discover message to the DHCP server. If the authentication fails, the BNG sends a reject message to the UE through the AN, and the process ends.

6、 DHCP服务器收到 DHCP Discover报文后, 对于 DHCP服务器, 相 当于收到来自 BNG的 IP租约请求, 因此 DHCP服务器会提供 IP租约, 并 为 UE保留 IP地址, 然后向 BNG回复 DHCP应答( DHCP Offer )报文, 该报文中携带有 IPv4地址。  After the DHCP server receives the DHCP Discover message, it is equivalent to receiving the IP lease request from the BNG for the DHCP server. Therefore, the DHCP server provides an IP lease and reserves the IP address for the UE, and then replies to the BNG with a DHCP response (DHCP). Offer ) A packet carrying an IPv4 address.

7、 收到 DHCP服务器回复的 DHCP Offer报文后, BNG将其转发给 7. After receiving the DHCP Offer message replied by the DHCP server, the BNG forwards it to

AN。 AN.

8、 AN向 UE回复 DHCP Offer报文, 其中携带有 IPv4地址。  8. The AN replies to the UE with a DHCP Offer message, which carries an IPv4 address.

9、 UE发送 DHCP Request报文给 AN和其他所有的 DHCP服务器, 其 中携带有提供 IP租约的 DHCP服务器的 IP, 用于告知其他所有的 DHCP 服务器 UE已经接受 IP租约。  9. The UE sends a DHCP Request message to the AN and all other DHCP servers, where the IP of the DHCP server providing the IP lease is used to inform all other DHCP servers that the UE has accepted the IP lease.

10、 AN将从 UE收到的 DHCP Request报文转发给 BNG。  10. The AN forwards the DHCP Request message received from the UE to the BNG.

11、 BNG发送 DHCP Request报文给 DHCP服务器。  11. The BNG sends a DHCP Request message to the DHCP server.

12、 DHCP服务器回复 DHCP确认(DHCPAck )报文给 BNG。  12. The DHCP server replies with a DHCP acknowledgment (DHCPAck) message to the BNG.

13、 BNG回复 DHCP Ack报文给 AN。  13. The BNG replies to the DHCP Ack packet to the AN.

14、 AN回复 DHCP Ack报文给 UE。  14. The AN replies to the DHCP Ack message to the UE.

参见图 4, 图 4描述了 RG作为 802.1x客服端的认证接入过程,此过程 中, AN插入 RG的位置信息并发送给 AAA服务器,若 RG通过认证, AAA 服务器将 RG的位置信息通知 BNG。 图 4所示流程包括以下步驟:  Referring to Figure 4, Figure 4 depicts the RG as the authentication access process of the 802.1x client. In this process, the AN inserts the location information of the RG and sends it to the AAA server. If the RG passes the authentication, the AAA server notifies the BNG of the location information of the RG. The process shown in Figure 4 includes the following steps:

1、 RG作为 802.1x客户端, 附着到以太网, 并发起认证协议开始报文, 以请求认证。  1. As an 802.1x client, the RG attaches to the Ethernet and initiates an authentication protocol start message to request authentication.

2、 AN收到 RG发送的 EAPoL Start报文后, 向 RG发送认证协议 ID 请求报文, 用于通知 RG上报用户名。 3、 收到 AN发送的 EAP Identity Request报文后, RG回复认证协议 ID 应答报文给 AN, 其中携带有用户名。 2. After receiving the EAPoL Start message sent by the RG, the AN sends an authentication protocol ID request message to the RG to notify the RG to report the user name. 3. After receiving the EAP Identity Request message sent by the AN, the RG returns the authentication protocol ID response message to the AN, which carries the user name.

4、 AN将收到的 EAP Identity Response报文封装到认证接入请求报文 中, 同时插入 RG对应的位置信息, 如链路标识 /线路标识, 举例来说: RG 所连接交换机端口的 vlan-id及二层端口号。 之后, AN RADIUS Access Request报文发送给 AAA服务器。  4. The AN encapsulates the received EAP Identity Response packet into the authentication access request packet, and inserts the location information corresponding to the RG, such as the link identifier/line identifier. For example: vlan of the switch port connected by the RG Id and Layer 2 port number. The AN RADIUS Access Request packet is sent to the AAA server.

5、 AAA服务器回复认证接入响应报文给 AN, 其中携带有 EAP挑战。 5. The AAA server replies to the authentication access response packet to the AN, which carries the EAP challenge.

6、 AN从收到的 RADIUS Access Response报文中解封出 EAP报文, 并将该 EAP报文发送给 RG。 6. The AN unblocks the EAP packet from the received RADIUS Access Response packet and sends the EAP packet to the RG.

7、 收到 AN发送的 EAP报文后, RG回复报文给 AN, 该报文中携带 有挑战密码。  7. After receiving the EAP packet sent by the AN, the RG replies to the AN, and the packet carries the challenge password.

8、 收到 RG回复的报文后, AN将 EAP报文封装到 RADIUS Access Request报文中发送给 AAA服务器。  8. After receiving the RG reply packet, the AN encapsulates the EAP packet into a RADIUS Access Request packet and sends it to the AAA server.

9、 若 RG通过认证, 则 AAA服务器将该 RG的位置信息 (如链路标 识 /线路标识, 举例来说: RG所连接交换机端口的 vlan-id及二层端口号) 发送给 BNG。 具体地, AAA服务器根据链路信息或其它静态配置信息找到 对应的 BNG。  9. If the RG is authenticated, the AAA server sends the location information of the RG (such as the link identifier/line identifier, for example, the vlan-id and the Layer 2 port number of the switch port connected to the RG) to the BNG. Specifically, the AAA server finds the corresponding BNG according to the link information or other static configuration information.

10、 若 RG通过认证, 则 AAA服务器回复认证接入接受报文给 AN; 若 RG没有通过认证, 则 AAA服务器回复认证接入拒绝报文给 AN。  10. If the RG passes the authentication, the AAA server replies to the authentication access accept message to the AN. If the RG fails to pass the authentication, the AAA server replies to the authentication access reject message to the AN.

11、 AN解封出 EAP才艮文, 若 RG认证成功, 则发送认证协议成功报 文给 RG; 若 RG认证失败, 则发送认证协议失败报文给 RG。  If the RG authentication succeeds, the authentication protocol is successfully sent to the RG. If the RG authentication fails, the authentication protocol failure packet is sent to the RG.

结合以上各实施例可见, 本发明处理位置信息的操作思路可以表示如 图 5所示的流程, 该流程包括以下步驟:  As shown in the above embodiments, the operation of the present invention for processing location information may represent a process as shown in FIG. 5, and the process includes the following steps:

步驟 510: RG作为 802.1x客户端, 发起认证请求。 所述认证请求的形 式可能有多种, 如: 认证协议开始等如图 2所示的前三个步驟中的至少一 个消息。 Step 510: The RG acts as an 802.1x client and initiates an authentication request. The authentication request may be in various forms, such as: at least one of the first three steps shown in FIG. 2, such as the start of the authentication protocol. Messages.

步驟 520: AN作为 802.1x认证器和 RADIUS客户端, 在收到的认证 请求中插入 RG的位置信息, 并发送给 AAA服务器。 具体而言, 可以将已 插入 RG位置信息的认证请求封装成 RADIUS报文, 再将该 RADIUS报文 发送给 AAA服务器, 用于作为后续认证的参考。 所述 RG的位置信息可以 为链路标识等。  Step 520: The AN, as the 802.1x authenticator and the RADIUS client, inserts the location information of the RG into the received authentication request, and sends the location information to the AAA server. Specifically, the authentication request that has been inserted into the RG location information is encapsulated into a RADIUS packet, and the RADIUS packet is sent to the AAA server for reference for subsequent authentication. The location information of the RG may be a link identifier or the like.

综上所述可见, 无论是包括 RG以及 AN的系统, 还是 RG以及 AN所 实现的前述技术内容, 本发明的位置信息处理技术, 使得位置信息已经认 证通过的 UE, 在后续通信过程中无须再次认证, 避免了 UE的重复认证, 简化了通信流程。 另外, 由于在认证时同时关联了 RG的位置信息, 因而能 进一步加强认证的安全性, 能够更好地避免 ^法接入等问题。  In summary, the system includes the RG and the AN, and the foregoing technical content implemented by the RG and the AN. The location information processing technology of the present invention enables the UE whose location information has been authenticated to pass through, and does not need to be used again in the subsequent communication process. Authentication eliminates repeated UE authentication and simplifies the communication process. In addition, since the location information of the RG is also associated with the authentication, the security of the authentication can be further enhanced, and problems such as access to the method can be better avoided.

以上所述, 仅为本发明的较佳实施例而已, 并非用于限定本发明的保 护范围。  The above is only the preferred embodiment of the present invention and is not intended to limit the scope of the present invention.

Claims

1、 一种位置信息处理方法, 包括: 1. A method for processing location information, comprising: 家庭网关 RG作为 802.1x客户端, 发起认证请求;  The home gateway RG acts as an 802.1x client and initiates an authentication request. 接入节点 AN作为 802. lx认证器和远程认证拨号用户服务 RADIUS客 户端, 在收到的所述认证请求中插入 RG的位置信息, 并发送给认证、授权 和计费 AAA服务器。  The access node AN acts as the 802. lx authenticator and the remote authentication dial-up user service RADIUS client, inserts the location information of the RG into the authentication request received, and sends it to the authentication, authorization, and accounting AAA server. 2、 根据权利要求 1所述的方法, 其中, 在收到的所述认证请求中插入 RG的位置信息, 并发送给 AAA服务器的过程包括:  2. The method according to claim 1, wherein the process of inserting the location information of the RG into the received authentication request and sending the information to the AAA server includes: 在收到的所述认证请求中插入 RG的位置信息,并将已插入 RG位置信 息的认证请求封装成 RADIUS报文, 再将该 RADIUS报文发送给 AAA服 务器。  The location information of the RG is inserted into the received authentication request, and the authentication request that has been inserted into the RG location information is encapsulated into a RADIUS packet, and the RADIUS packet is sent to the AAA server. 3、 根据权利要求 1或 2所述的方法, 其中, 该方法还包括:  3. The method according to claim 1 or 2, wherein the method further comprises: AAA服务器对 RG进行认证, 并在认证通过时保存 RG的位置信息。 The AAA server authenticates the RG and saves the location information of the RG when the authentication is passed. 4、 根据权利要求 1或 2所述的方法, 其中, 该方法还包括: 4. The method according to claim 1 or 2, wherein the method further comprises: 当宽带网络网关 BNG感知 AN与 AAA服务器交互的 RADIUS报文时, 若 RG通过认证, 则 BNG保存 RG的位置信息;  When the broadband network gateway BNG perceives the RADIUS packet exchanged between the AN and the AAA server, if the RG passes the authentication, the BNG saves the location information of the RG; 当所述 BNG不感知 AN与 AAA服务器交互的 RADIUS 4艮文时,若 RG 通过认证, 则 AAA将 RG的位置信息通知给与该 RG对应的 BNG; 和 /或, 当 BNG收到从所述 RG接入的 UE的认证请求或地址请求时, 若本地 没有该 UE的认证信息, 则向 AAA服务器查询。  When the BNG does not perceive the RADIUS protocol of the AN and the AAA server, if the RG passes the authentication, the AAA notifies the location information of the RG to the BNG corresponding to the RG; and/or, when the BNG receives the When the authentication request or the address request of the UE accessed by the RG does not have the authentication information of the UE locally, the AAA server queries the AAA server. 5、 根据权利要求 1或 2所述的方法, 其中, 所述 RG的位置信息为链 路标识。  The method according to claim 1 or 2, wherein the location information of the RG is a link identifier. 6、 一种位置信息处理系统, 包括 RG、 AN; 其中,  6. A position information processing system, comprising RG, AN; wherein 所述 RG, 用于作为 802.1x客户端, 发起认证请求;  The RG is used as an 802.1x client to initiate an authentication request. 所述 AN, 用于作为 802.1x认证器和 RADIUS客户端, 在收到的所述 认证请求中插入 RG的位置信息, 并发送给 AAA服务器。 The AN, used as an 802.1x authenticator and a RADIUS client, in the received The location information of the RG is inserted into the authentication request and sent to the AAA server. 7、 根据权利要求 6所述的系统, 其中, 所述 AN在收到的所述认证请 求中插入 RG的位置信息, 并发送给 AAA服务器时, 用于:  7. The system according to claim 6, wherein the AN inserts the location information of the RG into the received authentication request and sends it to the AAA server for: 在收到的所述认证请求中插入 RG的位置信息,并将已插入 RG位置信 息的认证请求封装成 RADIUS报文, 再将该 RADIUS报文发送给 AAA服 务器, 用于作为后续认证的参考。  The location information of the RG is inserted into the received authentication request, and the authentication request that has been inserted into the RG location information is encapsulated into a RADIUS packet, and the RADIUS packet is sent to the AAA server for reference for subsequent authentication. 8、 根据权利要求 6或 7所述的系统, 其中, 所述 AAA服务器还用于: 对 RG进行认证, 并在认证通过时保存 RG的位置信息。  The system according to claim 6 or 7, wherein the AAA server is further configured to: authenticate the RG, and save the location information of the RG when the authentication passes. 9、 根据权利要求 6或 7所述的系统, 其中, 该系统还包括 BNG; 当所述 BNG感知 AN与 AAA服务器交互的 RADIUS报文时,所述 BNG 用于: 若 RG通过认证, 则保存 RG的位置信息;  The system according to claim 6 or 7, wherein the system further includes a BNG; when the BNG senses an RADIUS packet that the AN interacts with the AAA server, the BNG is used to: save the RG if the authentication is successful RG location information; 当所述 BNG不感知 AN与 AAA服务器交互的 RADIUS 4艮文时, 所述 BNG用于:  When the BNG does not perceive the RADIUS protocol of the AN interacting with the AAA server, the BNG is used to: 若 RG通过认证, 则与该 RG对应的 BNG接收 AAA所通知的 RG的 位置信息; 和 /或,  If the RG passes the authentication, the BNG corresponding to the RG receives the location information of the RG notified by the AAA; and/or, 当 BNG收到从所述 RG接入的 UE的认证请求或地址请求时, 若本地 没有该 UE的认证信息, 则向 AAA服务器查询。  When the BNG receives the authentication request or the address request from the UE accessed by the RG, if there is no authentication information of the UE locally, the BNG queries the AAA server. 10、根据权利要求 6或 7所述的系统, 其中, 所述 RG的位置信息为链 路标识。  The system according to claim 6 or 7, wherein the location information of the RG is a link identifier.
PCT/CN2012/080518 2011-09-09 2012-08-23 Method and system for processing location information Ceased WO2013034056A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201110268183.1 2011-09-09
CN201110268183.1A CN103001927B (en) 2011-09-09 2011-09-09 A kind of position information processing method and system

Publications (1)

Publication Number Publication Date
WO2013034056A1 true WO2013034056A1 (en) 2013-03-14

Family

ID=47831521

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2012/080518 Ceased WO2013034056A1 (en) 2011-09-09 2012-08-23 Method and system for processing location information

Country Status (2)

Country Link
CN (1) CN103001927B (en)
WO (1) WO2013034056A1 (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20160065575A1 (en) 2013-04-28 2016-03-03 Zte Corporation Communication Managing Method and Communication System
CN112567812B (en) * 2018-10-12 2022-08-16 中兴通讯股份有限公司 Location reporting for mobile devices

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101022460A (en) * 2007-03-06 2007-08-22 华为技术有限公司 Identifying method and system
CN101350726A (en) * 2007-07-20 2009-01-21 中兴通讯股份有限公司 User Management Method Based on DSL Binding
CN101442800A (en) * 2008-12-23 2009-05-27 深圳华为通信技术有限公司 Method, system and terminal for discharging terminal business
CN101447976A (en) * 2007-11-26 2009-06-03 华为技术有限公司 Method for accessing dynamic IP session, system and device thereof
US20100122338A1 (en) * 2008-11-11 2010-05-13 Hitachi, Ltd. Network system, dhcp server device, and dhcp client device

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP4352728B2 (en) * 2003-03-11 2009-10-28 株式会社日立製作所 Server apparatus, terminal control apparatus, and terminal authentication method
CN101043331A (en) * 2006-06-30 2007-09-26 华为技术有限公司 System and method for distributing address for network equipment
CN101442516B (en) * 2007-11-20 2012-04-25 华为技术有限公司 Method, system and device for DHCP authentication

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101022460A (en) * 2007-03-06 2007-08-22 华为技术有限公司 Identifying method and system
CN101350726A (en) * 2007-07-20 2009-01-21 中兴通讯股份有限公司 User Management Method Based on DSL Binding
CN101447976A (en) * 2007-11-26 2009-06-03 华为技术有限公司 Method for accessing dynamic IP session, system and device thereof
US20100122338A1 (en) * 2008-11-11 2010-05-13 Hitachi, Ltd. Network system, dhcp server device, and dhcp client device
CN101442800A (en) * 2008-12-23 2009-05-27 深圳华为通信技术有限公司 Method, system and terminal for discharging terminal business

Also Published As

Publication number Publication date
CN103001927A (en) 2013-03-27
CN103001927B (en) 2018-06-12

Similar Documents

Publication Publication Date Title
US11395143B2 (en) Network access method and apparatus and network device
US7624181B2 (en) Techniques for authenticating a subscriber for an access network using DHCP
CN100366007C (en) System, device and method for SIM-based authentication and encryption for wireless local area network access
EP1330073B1 (en) Method and apparatus for access control of a wireless terminal device in a communications network
US20080092213A1 (en) Method, system and server for realizing secure assignment of dhcp address
CN101977187B (en) Firewall policy distribution method, client, access server and system
US7861076B2 (en) Using authentication server accounting to create a common security database
WO2014117525A1 (en) Method and device for handling authentication of static user terminal
CN101471936A (en) Method, device and system for establishing IP conversation
WO2014101449A1 (en) Method for controlling access point in wireless local area network, and communication system
WO2013056619A1 (en) Method, idp, sp and system for identity federation
WO2014169240A1 (en) Internet protocol address registration
CN101621433B (en) Method, device and system for configuring access equipment
CN100583759C (en) Method for realizing synchronous authentication among different authentication control devices
JP2001326696A (en) Method for controlling access
WO2012142867A1 (en) Authentication notification method and system
CN1658553B (en) A Strong Authentication Method Using Public Key Cryptography Algorithm Encryption Mode
WO2009079896A1 (en) User access authentication method based on dynamic host configuration protocol
WO2013034056A1 (en) Method and system for processing location information
CN101365238B (en) Session converting method and apparatus
CN102577299B (en) The Access Network authentication information bearing protocol simplified
CN100428667C (en) A Strong Authentication Method Using Public Key Cryptography Algorithm Digital Signature Mode
JP2006019934A (en) Call switching method for packet switching network
CN100490375C (en) Strong authentication method based on symmetric encryption algorithm
CN100546305C (en) A point-to-point protocol mandatory authentication method and device

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 12829550

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 12829550

Country of ref document: EP

Kind code of ref document: A1