CN102238547A - User session control method, session server, authentication, authorization and accounting (AAA) server and system - Google Patents
User session control method, session server, authentication, authorization and accounting (AAA) server and system Download PDFInfo
- Publication number
- CN102238547A CN102238547A CN2011102024967A CN201110202496A CN102238547A CN 102238547 A CN102238547 A CN 102238547A CN 2011102024967 A CN2011102024967 A CN 2011102024967A CN 201110202496 A CN201110202496 A CN 201110202496A CN 102238547 A CN102238547 A CN 102238547A
- Authority
- CN
- China
- Prior art keywords
- session
- server
- message
- request
- session information
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Landscapes
- Computer And Data Communications (AREA)
Abstract
Description
技术领域 technical field
本发明实施例涉及数据通信领域,并且更具体地,涉及一种用于在多个网络中控制用户会话的方法、会话服务器、AAA(Authentication,Authorizationand Accounting,认证、授权和计费)服务器和系统。Embodiments of the present invention relate to the field of data communication, and more specifically, relate to a method for controlling user sessions in multiple networks, a session server, an AAA (Authentication, Authorization and Accounting, authentication, authorization and accounting) server and system .
背景技术 Background technique
随着数据通信业务多年的发展,目前存在多种数据网络,例如固网宽带、CDMA(Code Division Multiple Access,码分多址)、WCDMA(Wideband CodeDivision Multiple Access,宽带码分多址)和WiMAX(Worldwide Interoperabilityfor Microwave Access,全球微波互联接入)等。根据规范定义,每种网络都需要单独建设一套AAA服务器。With the development of data communication business for many years, there are many kinds of data networks, such as fixed network broadband, CDMA (Code Division Multiple Access, code division multiple access), WCDMA (Wideband Code Division Multiple Access, wideband code division multiple access) and WiMAX ( Worldwide Interoperability for Microwave Access, Global Microwave Interoperability for Access), etc. According to the definition of the specification, each network requires a separate set of AAA servers.
尽管不同网络下的AAA服务器与NAS(Network Access System,网络接入设备)设备都是通过RADIUS(Remote Authentication Dial In User Service,远程用户拨号认证系统)协议通信的,但其所实现的功能不同,且AAA服务器之间也没有任何联系。当前,一套AAA服务器可以控制本服务器下的用户会话数,但存在很多运营商或多或少拥有多张网络运营牌照并且在实际运营时都要求多网络统一账号接入的情况。另外,在某些运营场景下,运营商还要求一个账号同时只能由一个用户接入一种网络,即存在多套AAA服务器之间的会话数控制管理。但是,由于目前运营商建设的AAA服务器相对比较独立,所以在多套AAA服务器之间很难做到会话数控制。Although the AAA server and NAS (Network Access System, network access device) devices under different networks communicate through the RADIUS (Remote Authentication Dial In User Service, remote user dial-in authentication system) protocol, the functions they implement are different. And there is no connection between AAA servers. Currently, a set of AAA servers can control the number of user sessions under this server, but many operators have more or less multiple network operation licenses and require multiple network unified account access during actual operation. In addition, in some operating scenarios, operators also require that one account can only be accessed by one user at a time on one network, that is, there is session number control and management between multiple sets of AAA servers. However, since the AAA servers currently built by operators are relatively independent, it is difficult to control the number of sessions among multiple sets of AAA servers.
发明内容 Contents of the invention
本发明实施例提供一种用于在多个网络中控制用户会话的方法、会话服务器、AAA服务器和系统,能够集中管理多个网络的用户信息,从而使现在多套AAA服务器之间的会话数控制。Embodiments of the present invention provide a method, a session server, an AAA server and a system for controlling user sessions in multiple networks, which can centrally manage user information of multiple networks, so that the number of sessions between multiple sets of AAA servers is now control.
根据本发明实施例的一个方面,提供了一种用于在多个网络中认证用户会话的方法,该方法包括:根据从位于不同网络中的多个认证、授权和计费AAA服务器发送的会话信息通知的类型来管理会话信息;以及根据在会话服务器上管理的会话信息来认证用户会话。According to an aspect of an embodiment of the present invention, there is provided a method for authenticating a user session in multiple networks, the method comprising: according to the session managing session information based on the type of information notification; and authenticating user sessions based on the session information managed on the session server.
根据本发明实施例的另一个方面,提供了一种用于支持在多个网络中控制用户会话的方法,包括:根据从位于不同网络中的多个认证、授权和计费AAA服务器发送的会话信息通知的类型来管理会话信息;以及根据从所述AAA服务器发送的请求消息来控制用户会话。According to another aspect of the embodiments of the present invention, there is provided a method for supporting user session control in multiple networks, including: according to the session sent from multiple authentication, authorization and accounting AAA servers located in different networks managing session information according to the type of information notification; and controlling the user session according to the request message sent from the AAA server.
根据本发明实施例的另一个方面,提供了一种用于支持在多个网络中控制用户会话的方法,包括:根据从网络接入设备NAS接收到的计费消息的类型向会话服务器发送会话信息通知;当从所述NAS接收到接入请求时,向所述会话服务器发送请求消息并接收相应的响应消息;以及根据所述会话服务器发送的响应消息向所述NAS发送接入响应,以便认证会话。According to another aspect of the embodiments of the present invention, there is provided a method for supporting user session control in multiple networks, including: sending the session server to the session server according to the type of the charging message received from the network access device NAS information notification; when an access request is received from the NAS, send a request message to the session server and receive a corresponding response message; and send an access response to the NAS according to the response message sent by the session server, so that Authentication session.
根据本发明实施例的另一个方面,提供了一种用于支持在多个网络中控制用户会话的会话服务器,包括:会话管理单元,用于根据从位于不同网络中的多个认证、授权和计费AAA服务器发送的会话信息通知的类型来管理会话信息;以及会话控制单元,用于根据从所述AAA服务器发送的请求消息来控制用户会话。According to another aspect of the embodiments of the present invention, there is provided a session server for supporting user session control in multiple networks, including: a session management unit configured to The session information is managed by charging the type of session information notification sent by the AAA server; and the session control unit is used to control the user session according to the request message sent from the AAA server.
根据本发明实施例的另一个方面,提供了一种用于支持在多个网络中控制用户会话的认证、授权和计费AAA服务器,包括:会话信息通知单元,用于根据从网络接入设备NAS接收到的计费消息的类型向会话服务器发送会话信息通知;以及第一会话控制单元,用于当从所述NAS接收到接入请求时,向所述会话服务器发送请求消息并接收相应的响应消息;以及第二会话控制单元,用于根据所述会话服务器发送的响应消息向所述NAS发送接入响应以便认证会话。According to another aspect of the embodiments of the present invention, there is provided an authentication, authorization and accounting AAA server for supporting user session control in multiple networks, including: a session information notification unit, configured to The type of the charging message received by the NAS sends a session information notification to the session server; and the first session control unit is configured to send a request message to the session server when receiving an access request from the NAS and receive a corresponding a response message; and a second session control unit, configured to send an access response to the NAS according to the response message sent by the session server so as to authenticate the session.
根据本发明实施例的另一个方面,提供了一种通信系统,包括如上所述的会话服务器和认证、授权和计费AAA服务器。According to another aspect of the embodiments of the present invention, a communication system is provided, including the above-mentioned session server and an authentication, authorization and accounting AAA server.
本发明实施例在会话服务器上集中管理来自多个网络的会话信息,并基于该会话信息来认证用户会话,使得可以跨网络来控制多个网络的用户会话,从而实现了在多套AAA服务器之间的会话数控制。The embodiment of the present invention centrally manages the session information from multiple networks on the session server, and authenticates the user session based on the session information, so that the user session of multiple networks can be controlled across the network, thereby realizing the connection between multiple sets of AAA servers. Control the number of sessions between sessions.
附图说明 Description of drawings
为了更清楚地说明本发明实施例的技术方案,下面将对实施例或现有技术描述中所需要使用的附图作简单地介绍,显而易见地,下面描述中的附图仅仅是本发明的一些实施例,对于本领域普通技术人员来讲,在不付出创造性劳动的前提下,还可以根据这些附图获得其他的附图。In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the following will briefly introduce the accompanying drawings that need to be used in the description of the embodiments or the prior art. Obviously, the accompanying drawings in the following description are only some of the present invention. Embodiments, for those of ordinary skill in the art, other drawings can also be obtained based on these drawings without any creative effort.
图1是示出根据本发明实施例的一个示范性网络系统的示意图。FIG. 1 is a schematic diagram showing an exemplary network system according to an embodiment of the present invention.
图2是示出根据本发明实施例的用于在多个网络中认证用户会话的方法的示范性流程图。FIG. 2 is an exemplary flowchart illustrating a method for authenticating user sessions in multiple networks according to an embodiment of the present invention.
图3是示出根据本发明实施例的用于管理(即创建、更新和删除)会话信息的方法的示范性流程图。FIG. 3 is an exemplary flowchart illustrating a method for managing (ie, creating, updating and deleting) session information according to an embodiment of the present invention.
图4是示出根据本发明实施例的用于支持在多个网络中控制用户会话的方法的示范性流程图。FIG. 4 is an exemplary flowchart illustrating a method for supporting user session control in multiple networks according to an embodiment of the present invention.
图5是示出根据本发明实施例的用于支持在多个网络中控制用户会话的另一方法的示范性流程图。FIG. 5 is an exemplary flowchart illustrating another method for supporting user session control in multiple networks according to an embodiment of the present invention.
图6是示出根据本发明第一实施例的用于在多个网络中控制用户会话的过程的示范性信号流图。FIG. 6 is an exemplary signal flow diagram illustrating a process for controlling user sessions in multiple networks according to the first embodiment of the present invention.
图7是示出根据本发明第二实施例的用于在多个网络中控制用户会话的过程的示范性信号流图。FIG. 7 is an exemplary signal flow diagram illustrating a process for controlling user sessions in a plurality of networks according to a second embodiment of the present invention.
图8是示出根据本发明实施例的用于外部系统来查询会话信息的过程的示范性信号流图。FIG. 8 is an exemplary signal flow diagram illustrating a process for an external system to query session information according to an embodiment of the present invention.
图9是示出根据本发明实施例的用于外部系统来查询会话信息的另一过程的示范性信号流图。FIG. 9 is an exemplary signal flow diagram illustrating another process for an external system to query session information according to an embodiment of the present invention.
图10是示出根据本发明实施例的会话服务器的结构的示范性框图。FIG. 10 is an exemplary block diagram showing the structure of a session server according to an embodiment of the present invention.
图11是示出根据本发明实施例的会话管理单元的具体结构的示范性框图。FIG. 11 is an exemplary block diagram showing a specific structure of a session management unit according to an embodiment of the present invention.
图12是示出根据本发明实施例的会话控制单元的具体结构的示范性框图。FIG. 12 is an exemplary block diagram showing a specific structure of a session control unit according to an embodiment of the present invention.
图13是示出根据本发明实施例的AAA服务器的结构的示范性框图。FIG. 13 is an exemplary block diagram showing the structure of an AAA server according to an embodiment of the present invention.
具体实施方式 Detailed ways
下面将结合本发明实施例中的附图,对本发明实施例中的技术方案进行清楚、完整地描述,显然,所描述的实施例是本发明一部分实施例,而不是全部的实施例。基于本发明中的实施例,本领域普通技术人员在没有做出创造性劳动前提下所获得的所有其他实施例,都属于本发明保护的范围。The following will clearly and completely describe the technical solutions in the embodiments of the present invention with reference to the accompanying drawings in the embodiments of the present invention. Obviously, the described embodiments are some of the embodiments of the present invention, but not all of them. Based on the embodiments of the present invention, all other embodiments obtained by persons of ordinary skill in the art without making creative efforts belong to the protection scope of the present invention.
本发明的技术方案,可以应用于各种通信系统,例如:固网宽带、CDMA、WCDMA、WiMAX等。但是,本发明不限于此,本领域技术人员可以根据需要而将本发明应用于任何合适的网络。The technical solution of the present invention can be applied to various communication systems, such as fixed broadband, CDMA, WCDMA, WiMAX and the like. However, the present invention is not limited thereto, and those skilled in the art can apply the present invention to any suitable network as needed.
针对相关技术中一套AAA服务器只能控制在其范围之内的会话数量,当多套AAA同时存在并且共用用户账号时,因为当前各AAA服务器之间不存在任何联系以致无法实现多套AAA服务器之间的会话数量控制的问题,本发明实施例在网络中包括会话服务器,用于集中存储、管理和控制多个AAA服务器的用户会话信息。A set of AAA servers in the related art can only control the number of sessions within its scope. When multiple sets of AAAs exist at the same time and share user accounts, because there is no connection between the current AAA servers, it is impossible to implement multiple sets of AAA servers. To control the number of sessions between sessions, the embodiment of the present invention includes a session server in the network, which is used to centrally store, manage and control user session information of multiple AAA servers.
图1是示出根据本发明实施例的一个示范性网络系统的示意图。该网络系统包括会话服务器10,由该会话服务器10来对诸如固网宽带、CDMA、WCDMA、WiMAX等的多个网络的会话信息进行集中存储和管理。图1中的第一接口(Int1)用于各个AAA服务器通知会话服务器10创建/更新/删除用户会话信息,本发明实施例对第一接口的接口协议不做限制,在应用时可根据需要灵活定义,诸如RADIUS、SOAP(Simple Object Access Protocol,简单对象访问协议)等。图1中的第二接口(Int2)用于会话服务器10对各个AAA服务器认证会话以及各个AAA服务器或外部系统向会话服务器10查询会话信息,本发明实施例对第二接口的接口协议也不做限制,在应用时可根据需要灵活定义,诸如HTTP(Hyper Text Transfer Protocol,超文本传输协议)、SOAP等。FIG. 1 is a schematic diagram showing an exemplary network system according to an embodiment of the present invention. The network system includes a
下面,将参照附图详细描述本发明实施例。Hereinafter, embodiments of the present invention will be described in detail with reference to the accompanying drawings.
图2是示出根据本发明实施例的用于在多个网络中认证用户会话的方法20的示范性流程图。FIG. 2 is an exemplary flowchart illustrating a
如图2中所示,在方法20的201,根据从位于不同网络中的多个AAA服务器发送的会话信息通知的类型来管理会话信息。在202,根据在会话服务器上管理的会话信息来认证用户会话。As shown in FIG. 2, at 201 of
本发明实施例在会话服务器上集中管理来自多个网络的会话信息,并基于该会话信息来认证用户会话,使得可以跨网络来控制多个网络的用户会话,从而实现了在多套AAA服务器之间的会话数控制。The embodiment of the present invention centrally manages the session information from multiple networks on the session server, and authenticates the user session based on the session information, so that the user session of multiple networks can be controlled across the network, thereby realizing the connection between multiple sets of AAA servers. Control the number of sessions between sessions.
根据本发明实施例,当用户接入一种网络、诸如固网宽带、CDMA、WCDMA、WiMAX中的一个时,该网络内的AAA服务器向会话服务器发送会话信息通知,由会话服务器根据该会话信息通知来管理会话信息,具体而言是创建、更新和删除会话信息。According to an embodiment of the present invention, when a user accesses a network, such as one of fixed network broadband, CDMA, WCDMA, and WiMAX, the AAA server in the network sends a session information notification to the session server, and the session server Notifications to manage session information, specifically creating, updating, and deleting session information.
图3是示出根据本发明实施例的用于管理(即创建、更新和删除)会话信息的方法30的示范性流程图。可以由会话服务器来执行方法30。FIG. 3 is an exemplary flowchart illustrating a
如图3所示,在方法30的301中,判断从AAA服务器接收到的会话信息通知的类型。As shown in FIG. 3 , in 301 of the
当从AAA服务器接收到创建会话信息通知时,在302中,创建与该用户有关的会话信息并进行存储。When the session information creation notification is received from the AAA server, in 302, the session information related to the user is created and stored.
当从AAA服务器接收到更新会话信息通知时,在303中,更新该会话信息。When the session information update notification is received from the AAA server, in 303, the session information is updated.
当从所述AAA服务器接收到删除会话信息通知时,在304中,删除该会话信息。When the session information deletion notification is received from the AAA server, in 304, the session information is deleted.
需要注意的是,在一些情况下,例如会话被维持的时间很短的情况下,可能不会从AAA服务器接收到更新会话信息通知,而是在接收到创建会话信息通知并创建了会话之后,经过一段时间而直接接收到删除会话信息通知,从而不执行会话信息的更新,仅执行会话信息的创建和删除。因此,方法30中的303可以省略(如图3中虚线所示)。It should be noted that in some cases, such as when the session is maintained for a short time, the update session information notification may not be received from the AAA server, but after receiving the session creation notification and creating the session, If the session information deletion notification is directly received after a period of time, the update of the session information is not performed, and only the creation and deletion of the session information is performed. Therefore, 303 in
下面,将结合具体例子来更详细地描述本发明的不同实施例。在以下实施例的描述中,均由会话服务器、诸如图1中所示的会话服务器10来集中管理(创建、更新和删除)多个网络中的会话信息,并且在进行会话信息的控制时由AAA服务器发送请求消息,然后会话服务器根据该请求消息来控制会话信息。在本发明的示范性实施例中,AAA服务器发送的请求消息可以包括会话认证请求和会话查询请求中的一个,并且相应地,可以由会话服务器或AAA服务器来执行会话认证功能。但是,本发明实施例不限于此。In the following, different embodiments of the present invention will be described in more detail with reference to specific examples. In the description of the following embodiments, session information in multiple networks is centrally managed (created, updated, and deleted) by a session server, such as
图4是示出根据本发明实施例的用于支持在多个网络中控制用户会话的方法40的示范性流程图。可以由会话服务器(诸如图1中的会话服务器10)来执行方法40。FIG. 4 is an exemplary flowchart illustrating a
如图4所示,在方法40的401中,根据从位于不同网络中的多个AAA服务器发送的会话信息通知的类型来管理会话信息,具体而言,可以按照如图3示出的方法来创建、更新和删除会话信息。As shown in FIG. 4, in 401 of
在402中,根据从所述AAA服务器发送的请求消息来控制用户会话。In 402, the user session is controlled according to the request message sent from the AAA server.
本发明实施例通过在会话服务器上集中管理来自多个网络的会话信息,可以跨网络来控制多个网络内的用户会话,从而实现了当在多网络环境下用户使用同一个登录名来接入网络时,在多套AAA服务器之间的会话数控制。In the embodiment of the present invention, by centrally managing the session information from multiple networks on the session server, user sessions in multiple networks can be controlled across networks, thereby realizing that when a user uses the same login name to access When networking, the number of sessions between multiple sets of AAA servers is controlled.
图5是示出根据本发明实施例的用于支持在多个网络中控制用户会话的另一方法50的示范性流程图。可以由AAA服务器(例如在图1中示出的固网AAA服务器、CDMAAAA服务器、WCDMAAAA服务器和WiMAX AAA服务器中的任一个)来实现方法50。FIG. 5 is an exemplary flowchart illustrating another
如图5所示,在方法50的501中,根据从网络接入设备NAS接收到的计费消息的类型向会话服务器发送会话信息通知。例如,具体而言,当接收到的计费消息是开始计费请求Accounting-Request(Start)消息时,向会话服务器发送创建会话信息通知;当所述计费消息是中间计费请求Accounting-Request(Interim)消息时,发送更新会话信息通知;以及当所述计费消息是停止计费请求Accounting-Request(Stop)消息时,发送删除会话信息通知。但是,本发明不限于此,还可以根据其他计费消息来发送相应的会话信息通知。As shown in FIG. 5, in 501 of the
在502中,当从所述NAS接收到接入请求时,向所述会话服务器发送请求消息并接收相应的响应消息。本领域技术人员可以明白,如果发送的是会话认证请求,则接收到会话认证响应,并且如果发送的是会话查询请求,则接收到具有会话信息的会话查询响应,其中会话信息是具有与会话查询请求对应的会话的登录名相同的登录名的会话的会话信息。In 502, when an access request is received from the NAS, a request message is sent to the session server and a corresponding response message is received. Those skilled in the art can understand that if a session authentication request is sent, a session authentication response is received, and if a session query request is sent, a session query response with session information is received, wherein the session information is the same as the session query Request session information for a session with the same login name as the login name of the corresponding session.
在503中,根据所述会话服务器发送的响应消息向所述NAS发送接入响应,以便认证会话。In 503, an access response is sent to the NAS according to the response message sent by the session server, so as to authenticate the session.
本发明实施例通过在会话服务器上集中管理来自多个网络的会话信息,可以跨网络来控制多个网络内的用户会话,从而实现了当在多网络环境下用户使用同一个登录名来接入网络时,在多套AAA服务器之间的会话数控制。In the embodiment of the present invention, by centrally managing the session information from multiple networks on the session server, user sessions in multiple networks can be controlled across networks, thereby realizing that when a user uses the same login name to access When networking, the number of sessions between multiple sets of AAA servers is controlled.
此后,将参照附图来描述根据本发明的更详细的示范性实施例。Hereinafter, more detailed exemplary embodiments according to the present invention will be described with reference to the accompanying drawings.
图6是示出根据本发明第一实施例的用于在多个网络中控制(具体而言,是认证)用户会话的过程60的示范性信号流图。在本发明的第一实施例中,由会话服务器(例如图1中的会话服务器10)来认证用户会话。在图6中,用户A、AAA服务器(A)和NAS(A)属于网络A,且用户B、AAA服务器(B)和NAS(B)属于网络B。各AAA服务器与其相应的NAS之间的通信标准接口可以为RADIUS。FIG. 6 is an exemplary signal flow diagram illustrating a
如图6所示,在601中,位于网络A中的用户A使用例如zhangshandomain的登录名发起接入网络A。As shown in FIG. 6 , in 601 , user A in network A uses a login name such as zhangshandomain to initiate access to network A.
在602中,NAS(A)在接收到接入请求之后向AAA服务器(A)发送接入请求Access-Request消息。In 602, the NAS (A) sends an Access-Request message to the AAA server (A) after receiving the access request.
在603中,AAA服务器(A)向会话服务器发送请求消息,这里是会话认证请求。In 603, the AAA server (A) sends a request message, here a session authentication request, to the session server.
在604中,会话服务器认证会话。例如,会话服务器确定具有登录名为zhangshandomain的会话的当前会话数量是否达到预定最大会话数,其中当前会话是指已有的、具有与该会话认证请求对应的会话的登录名(例如zhangshandomain)相同的登录名的会话。可以在会话服务器上灵活定义每个会话所允许的该预定最大会话数,例如1。In 604, the session server authenticates the session. For example, the session server determines whether the current session number of the session with the login name zhangshandomain reaches a predetermined maximum number of sessions, wherein the current session refers to an existing session with the same login name (such as zhangshandomain) of the session corresponding to the session authentication request The login's session. The predetermined maximum number of sessions allowed for each session can be flexibly defined on the session server, for example, 1.
在605中,会话服务器向AAA服务器(A)发送会话认证响应。当所述当前会话数量小于所述预定最大会话数时,会话服务器向AAA服务器(A)发送会话认证成功响应,否则,当所述当前会话数量等于或大于所述预定最大会话数时,会话服务器向所述AAA服务器发送会话认证失败响应。In 605, the session server sends a session authentication response to the AAA server (A). When the current session number is less than the predetermined maximum session number, the session server sends a session authentication success response to the AAA server (A), otherwise, when the current session number is equal to or greater than the predetermined maximum session number, the session server Send a session authentication failure response to the AAA server.
在本发明的第一实施例中,假设登录名zhangshandomain是首次接入网络且预定最大会话数为1,所以当前会话数量为0,小于预定最大会话数,从而会话服务器向AAA服务器(A)发送会话认证成功响应。因此,在606,AAA服务器(A)向NAS(A)发送接入接受Access-Accept消息。In the first embodiment of the present invention, it is assumed that the login name zhangshandomain is accessing the network for the first time and the predetermined maximum number of sessions is 1, so the current number of sessions is 0, which is less than the predetermined maximum number of sessions, so the session server sends to the AAA server (A) Session authentication success response. Therefore, at 606, the AAA server (A) sends an Access-Accept message to the NAS (A).
之后,在607中,NAS(A)向AAA服务器(A)发送Accounting-Request(Start)消息。Afterwards, in 607, the NAS (A) sends an Accounting-Request (Start) message to the AAA server (A).
在608中,AAA服务器(A)向会话服务器发送创建会话信息通知,并且在609中,会话服务器创建与该登录名zhangshandomain有关的会话信息。In 608, the AAA server (A) sends a create session information notification to the session server, and in 609, the session server creates session information related to the login name zhangshandomain.
在610中,AAA服务器(A)向NAS(A)返回开始计费响应Accounting-Response(Start)消息。In 610, the AAA server (A) returns an Accounting-Response (Start) message to the NAS (A).
这里,虽然这里描述的是在608中AAA服务器(A)向会话服务器发送创建会话信息通知以及在610中AAA服务器(A)向NAS(A)返回开始计费响应Accounting-Response(Start)消息,但是本领域技术人员应当明白,这两个过程在时间上无需按照所描述的时间顺序来依次执行,而是可以并行或以任何顺序来执行。Here, although it is described here that in 608, the AAA server (A) sends a session information notification to the session server and in 610, the AAA server (A) returns an Accounting-Response (Start) message to the NAS (A), However, those skilled in the art should understand that these two processes do not need to be executed sequentially according to the time sequence described, but can be executed in parallel or in any order.
经过一预定时间段(该预定时间段可以在NAS(A)上配置)之后,在611中,NAS(A)向AAA服务器(A)发送Accounting-Request(Interim)消息。After a predetermined time period (the predetermined time period can be configured on the NAS (A)), in 611 the NAS (A) sends an Accounting-Request (Interim) message to the AAA server (A).
在612中,AAA服务器(A)向会话服务器发送更新会话信息通知,并且在613中,会话服务器根据该更新会话信息通知来更新会话信息。In 612, the AAA server (A) sends an update session information notification to the session server, and in 613 the session server updates the session information according to the update session information notification.
在614中,AAA服务器(A)向NAS(A)返回中间计费响应Accounting-Response(Interim)消息。In 614, the AAA server (A) returns an Accounting-Response (Interim) message to the NAS (A).
同样,虽然这里描述的是在612中AAA服务器(A)向会话服务器发送更新会话信息通知以及在614中AAA服务器(A)向NAS(A)返回中间计费响应Accounting-Response(Interim)消息,但是本领域技术人员应当明白,这两个过程在时间上无需按照所描述的时间顺序来依次执行,而是可以并行或以任何顺序来执行。Similarly, although it is described here that the AAA server (A) sends an update session information notification to the session server in 612 and the AAA server (A) returns an intermediate accounting response Accounting-Response (Interim) message to the NAS (A) in 614, However, those skilled in the art should understand that these two processes do not need to be executed sequentially according to the time sequence described, but can be executed in parallel or in any order.
在用户A请求下线的情况下,在615中,NAS(A)向AAA服务器(A)发送Accounting-Request(Stop)消息。When user A requests to go offline, in 615, the NAS (A) sends an Accounting-Request (Stop) message to the AAA server (A).
在616中,AAA服务器(A)向会话服务器发送删除会话信息通知,并且在617中,会话服务器删除与该登录名zhangshandomain有关的会话信息。In 616, the AAA server (A) sends a delete session information notification to the session server, and in 617, the session server deletes the session information related to the login name zhangshandomain.
在618中,AAA服务器(A)向NAS(A)返回停止计费响应Accounting-Response(Stop)消息。In 618, the AAA server (A) returns an Accounting-Response (Stop) message to the NAS (A).
类似地,虽然这里描述的是在616中AAA服务器(A)向会话服务器发送删除会话信息通知以及在618中AAA服务器(A)向NAS(A)返回停止计费响应Accounting-Response(Stop)消息,但是本领域技术人员应当明白,这两个过程在时间上无需按照所描述的时间顺序来依次执行,而是可以并行或以任何顺序来执行。Similarly, although it is described here that in 616, the AAA server (A) sends a deletion session information notification to the session server and in 618, the AAA server (A) returns an Accounting-Response (Stop) message to the NAS (A) , but those skilled in the art should understand that these two processes do not need to be executed sequentially according to the time sequence described, but can be executed in parallel or in any order.
本领域技术人员应当注意的是,611-614中的步骤可以重复执行多次。此外,如果该会话持续的时间较短,则可能在还未经过所述预定时间段时AAA服务器(A)即接收到Accounting-Request(Stop)消息,从而会话服务器可以在没有更新过会话信息的情况下删除会话信息。因而,611-614中的步骤也可以被省略。It should be noted by those skilled in the art that the steps in 611-614 can be repeated for many times. In addition, if the duration of the session is relatively short, the AAA server (A) may receive the Accounting-Request (Stop) message before the predetermined period of time has elapsed, so that the session server may not update the session information In this case, session information will be deleted. Therefore, the steps in 611-614 can also be omitted.
在619中,位于网络B中的用户B使用同样的登录名(zhangshandomain)从B网络发起接入上网请求。In 619, user B in network B uses the same login name (zhangshandomain) to initiate an access request from network B.
在620中,NAS(B)向AAA服务器(B)发送Access-Request消息。In 620, the NAS (B) sends an Access-Request message to the AAA server (B).
同样地,在621中,AAA服务器(B)向会话服务器发起会话认证请求。Likewise, in 621, the AAA server (B) initiates a session authentication request to the session server.
在622中,会话服务器认证会话。在用户A没有下线的情况下,会话服务器发现登录名为zhangshandomain的用户已经在线,并且由于预定最大会话数为1且当前会话数量为1,所以在623中,会话服务器向AAA服务器(B)返回会话认证失败响应。In 622, the session server authenticates the session. In the case that user A is not offline, the session server finds that the user whose login name is zhangshandomain is already online, and since the predetermined maximum session number is 1 and the current session number is 1, in 623, the session server sends a request to the AAA server (B) Returns a session authentication failure response.
在624中,AAA服务器(B)向NAS(B)发送接入拒绝Access-Reject消息。In 624, the AAA server (B) sends an Access-Reject message to the NAS (B).
在本发明的第一实施例中,为了满足运营商要求一个登录名同时只能由一位用户接入一种网络的需求,在会话服务器上将所允许的预定最大会话数设置为1,但是,本发明不限于此。本领域技术人员可以明白,可以在会话服务器上灵活定义该预定最大会话数,可以将其设置为任意整数或不做任何限制。例如,在将该预定最大会话数设置为2的情况下,用户B的接入请求也可以被接受。但是,如果存在用户C(未示出)也使用同一登录名zhangshandomain来发起网络接入,则用户C的接入请求将被拒绝。In the first embodiment of the present invention, in order to meet the operator's requirement that one login name can only be accessed by one user at the same time, the predetermined maximum number of sessions allowed is set to 1 on the session server, but , the present invention is not limited thereto. Those skilled in the art can understand that the predetermined maximum number of sessions can be flexibly defined on the session server, and can be set as any integer or without any limitation. For example, when the predetermined maximum number of sessions is set to 2, the access request of user B may also be accepted. However, if user C (not shown) also uses the same login name zhangshandomain to initiate network access, user C's access request will be rejected.
此外,Accounting(Start/Interim/Stop)消息是不同网络的AAA服务器支持的标准消息,不同网络的AAA服务器利用这三种标准消息来触发通知会话服务器创建/更新/删除会话信息。从而,无需使用额外的触发通知消息。In addition, Accounting (Start/Interim/Stop) messages are standard messages supported by AAA servers in different networks. AAA servers in different networks use these three standard messages to trigger and notify the session server to create/update/delete session information. Therefore, there is no need to use an additional trigger notification message.
在本发明的第一实施例中,AAA服务器(AAA服务器(A)和AAA服务器(B))通过会话服务器上的第一接口(如图6中所示的Int1)向会话服务器发送会话信息通知,以创建/更新/删除会话信息。该第一接口的接口协议不做限制,应用时可根据需要灵活定义,例如RADIUS、SOAP等。此外,通过会话服务器上的第二接口(如图6中所示的Int2)来进行AAA服务器与会话服务器之间的认证消息的传送。该第二接口的接口协议不做限制,应用时可根据需要灵活定义,例如HTTP、SOAP等。In the first embodiment of the present invention, the AAA server (AAA server (A) and AAA server (B)) sends a session information notification to the session server through a first interface (Int1 as shown in FIG. 6 ) on the session server , to create/update/delete session information. The interface protocol of the first interface is not limited, and can be flexibly defined according to needs during application, such as RADIUS, SOAP, and the like. In addition, the transmission of the authentication message between the AAA server and the session server is performed through a second interface on the session server (Int2 as shown in FIG. 6). The interface protocol of the second interface is not limited, and can be flexibly defined according to needs during application, such as HTTP, SOAP, and the like.
图7是示出根据本发明第二实施例的用于在多个网络中控制(具体而言,是认证)用户会话的过程70的示范性信号流图。在本发明的第二实施例中,由AAA服务器(例如在图1中示出的固网AAA服务器、CDMA AAA服务器、WCDMA AAA服务器和WiMAX AAA服务器中的任一个)来认证用户会话。与图6类似地,在图7中,用户A、AAA服务器(A)和NAS(A)属于网络A,且用户B、AAA服务器(B)和NAS(B)属于网络B。各AAA服务器与其相应的NAS之间的通信标准接口可以为RADIUS。FIG. 7 is an exemplary signal flow diagram illustrating a
如图7所示,在701中,位于网络A中的用户A使用例如zhangshandomain的登录名发起接入网络A。As shown in FIG. 7 , in 701 , user A in network A uses a login name such as zhangshandomain to initiate access to network A.
在702中,NAS(A)向AAA服务器(A)发送接入请求Access-Request消息。In 702, the NAS (A) sends an Access-Request message to the AAA server (A).
与本发明的第一实施例不同的是,在703中,AAA服务器(A)向会话服务器发送会话查询请求而不是会话认证请求。Different from the first embodiment of the present invention, in 703, the AAA server (A) sends a session query request instead of a session authentication request to the session server.
在704中,会话服务器查询具有与该会话查询请求对应的会话的登录名(zhangshandomain)相同的登录名的会话的会话信息,也就是说,会话服务器查询与在会话查询请求中包括的要查阅的登录名有关的会话的会话信息。In 704, the session server queries the session information of the session with the same login name (zhangshandomain) as the session login name (zhangshandomain) corresponding to the session query request, that is, the session server queries the Session information for the session associated with the login name.
在705中,会话服务器向AAA服务器(A)发送会话查询响应,在该会话查询响应中包括所查询到的会话信息。In 705, the session server sends a session query response to the AAA server (A), and the session query response includes the queried session information.
在706中,AAA服务器(A)根据从会话服务器接收到的会话查询响应、具体而言是在该会话查询响应中包括的会话信息来认证会话。例如,AAA服务器(A)确定具有登录名为zhangshandomain的会话的当前会话数量是否达到预定最大会话数,其中当前会话是指已有的、具有与该会话认证请求对应的会话的登录名(例如zhangshandomain)相同的登录名的会话。可以在每个AAA服务器上灵活定义每个会话所允许的该预定最大会话数,并且可以将其设置为任意整数或不做任何限制,例如1。In 706, the AAA server (A) authenticates the session according to the session query response received from the session server, in particular the session information included in the session query response. For example, the AAA server (A) determines whether the current session number of the session with the login name zhangshandomain reaches a predetermined maximum number of sessions, where the current session refers to an existing login name (such as zhangshandomain ) with a session corresponding to the session authentication request ) session with the same login name. The predetermined maximum number of sessions allowed by each session can be flexibly defined on each AAA server, and can be set to any integer or without any limitation, for example, 1.
在707中,AAA服务器(A)向NAS(A)发送接入响应消息。其中,当所述当前会话数量小于所述预定最大会话数时,该AAA服务器(A)向NAS发送接入接受消息,并且当所述当前会话数量等于或大于所述预定最大会话数时,向NAS发送接入拒绝消息。In 707, the AAA server (A) sends an access response message to the NAS (A). Wherein, when the current number of sessions is less than the predetermined maximum number of sessions, the AAA server (A) sends an access acceptance message to the NAS, and when the current number of sessions is equal to or greater than the predetermined maximum number of sessions, the AAA server (A) sends an access acceptance message to the NAS The NAS sends an Access Reject message.
与第一实施例类似地,在本发明的第二实施例中,假设登录名zhangshandomain是首次接入网络且预定最大会话数为1,所以当前会话数量为0,小于预定最大会话数,从而在707中,AAA服务器(A)向NAS(A)发送接入接受Access-Accept消息。Similar to the first embodiment, in the second embodiment of the present invention, it is assumed that the login name zhangshandomain is accessing the network for the first time and the predetermined maximum number of sessions is 1, so the current number of sessions is 0, which is less than the predetermined maximum number of sessions, so that in In 707, the AAA server (A) sends an Access-Accept message to the NAS (A).
之后,在708中,NAS(A)向AAA服务器(A)发送Accounting-Request(Start)消息。Afterwards, in 708, the NAS (A) sends an Accounting-Request (Start) message to the AAA server (A).
在709中,AAA服务器(A)向会话服务器发送创建会话信息通知,并且在710中,会话服务器创建与该登录名zhangshandomain有关的会话信息。In 709, the AAA server (A) sends a create session information notification to the session server, and in 710, the session server creates session information related to the login name zhangshandomain.
在711中,AAA服务器(A)向NAS(A)返回开始计费响应Accounting-Response(Start)消息。In 711, the AAA server (A) returns an Accounting-Response (Start) message to the NAS (A).
经过一预定时间段(该预定时间段可以在NAS(A)上配置)之后,在712中,NAS(A)向AAA服务器(A)发送Accounting-Request(Interim)消息。After a predetermined period of time (which can be configured on the NAS (A)), in 712 the NAS (A) sends an Accounting-Request (Interim) message to the AAA server (A).
在713中,AAA服务器(A)向会话服务器发送更新会话信息通知,并且在714中,会话服务器根据该更新会话信息通知来更新会话信息。In 713, the AAA server (A) sends an update session information notification to the session server, and in 714 the session server updates the session information according to the update session information notification.
在715中,AAA服务器(A)向NAS(A)返回中间计费响应Accounting-Response(Interim)消息。In 715, the AAA server (A) returns an Accounting-Response (Interim) message to the NAS (A).
在用户A请求下线的情况下,在716中,NAS(A)向AAA服务器(A)发送Accounting-Request(Stop)消息。When user A requests to go offline, in 716, the NAS (A) sends an Accounting-Request (Stop) message to the AAA server (A).
在717中,AAA服务器(A)向会话服务器发送删除会话信息通知,并且在718中,会话服务器删除与该登录名zhangshandomain有关的会话信息。In 717, the AAA server (A) sends a delete session information notification to the session server, and in 718, the session server deletes the session information related to the login name zhangshandomain.
在719中,AAA服务器(A)向NAS(A)返回停止计费响应Accounting-Response(Stop)消息。In 719, the AAA server (A) returns an Accounting-Response (Stop) message to the NAS (A).
同样,712-715中的步骤可以重复执行多次,或者在某些情况下也可以被省略。并且,与图6中的过程类似地,可以不按照所描述的时间顺序,而是以并行或其他合适的词序来执行709与711、713与715以及717与719中的步骤。Likewise, the steps in 712-715 may be repeated multiple times, or may also be omitted in some cases. And, similar to the process in FIG. 6 , the steps in 709 and 711 , 713 and 715 , and 717 and 719 may be executed in parallel or other suitable word order instead of in the described chronological order.
在720中,位于网络B中的用户B使用同样的登录名(zhangshandomain)从B网络发起接入上网请求。In 720, user B in network B uses the same login name (zhangshandomain) to initiate an access request from network B.
在721中,NAS(B)向AAA服务器(B)发送Access-Request消息。In 721, the NAS (B) sends an Access-Request message to the AAA server (B).
在722中,AAA服务器(B)向会话服务器发起会话查询请求。In 722, the AAA server (B) initiates a session query request to the session server.
在723中,会话服务器查询会话,并且在724中向NAS(B)发送包括会话信息的会话查询响应。In 723 the session server queries the session and in 724 sends a session query response including the session information to the NAS(B).
然后,在725中,AAA服务器(B)根据从会话服务器接收到的会话查询响应来认证会话。例如,在用户A没有下线的情况下,会话服务器发现登录名为zhangshandomain的用户已经在线,并且由于预定最大会话数为1且当前会话数量为1,所以在726中,AAA服务器(B)向NAS(B)发送接入拒绝Access-Reject消息。Then, in 725, the AAA server (B) authenticates the session according to the session query response received from the session server. For example, when user A is not offline, the session server finds that the user whose login name is zhangshandomain is already online, and since the predetermined maximum session number is 1 and the current session number is 1, in 726, the AAA server (B) sends NAS(B) sends an Access-Reject message.
可以看到,除了703-706以及722-725中的步骤之外,图7中的信号流与图6中的相应信号流相同。It can be seen that, except for the steps in 703-706 and 722-725, the signal flow in FIG. 7 is the same as the corresponding signal flow in FIG. 6 .
在本发明的第二实施例中,AAA服务器(AAA服务器(A)和AAA服务器(B))通过会话服务器上的第一接口(如图7中所示的Int1)向会话服务器发送会话信息通知,以创建/更新/删除会话信息。该第一接口的接口协议不做限制,应用时可根据需要灵活定义,例如RADIUS、SOAP等。此外,通过会话服务器上的第二接口(如图7中所示的Int2)来进行AAA服务器与会话服务器之间的查询消息的传送。该第二接口的接口协议不做限制,应用时可根据需要灵活定义,例如HTTP、SOAP等。In the second embodiment of the present invention, the AAA servers (AAA server (A) and AAA server (B)) send session information notifications to the session server through the first interface (Int1 as shown in Figure 7) on the session server , to create/update/delete session information. The interface protocol of the first interface is not limited, and can be flexibly defined according to needs during application, such as RADIUS, SOAP, and the like. In addition, the transmission of query messages between the AAA server and the session server is performed through a second interface on the session server (Int2 as shown in FIG. 7 ). The interface protocol of the second interface is not limited, and can be flexibly defined according to needs during application, such as HTTP, SOAP, and the like.
本发明的第二实施例与第一实施例的区别在于,第二实施例将会话控制(认证)功能前移到AAA服务器上来实现,从而可以充分利用在现有网络中存在的AAA服务器基本都支持会话数控制的功能的特点来实现多网络的会话控制功能,而无需进行太大改动,从而在结构上较容易集成和实现。但是,如果存在修改认证过程的特殊需求,则运营商需要在每套AAA服务器上都进行修改,工作量较大,这时,本发明第一实施例的方案更容易实现,因为只要在会话服务器上修改一次即可完成。The difference between the second embodiment of the present invention and the first embodiment is that the second embodiment forwards the session control (authentication) function to the AAA server for implementation, thereby making full use of the existing AAA servers in the existing network. The feature of the function of supporting the control of the number of sessions realizes the session control function of the multi-network without much modification, so the structure is easier to integrate and realize. However, if there is a special requirement to modify the authentication process, the operator needs to modify each set of AAA servers, and the workload is relatively large. At this time, the solution in the first embodiment of the present invention is easier to implement, because as long as the session One revision above is all it takes.
根据本发明实施例,通过在会话服务器上集中保存多个网络的会话信息,解决了在多网络AAA服务器场景下一个用户使用同一个登录名接入上网时对会话数的控制问题,并且本发明实施例可以利用现有的计费消息(Accounting(Start/Interim/Stop))来触发通知会话服务器创建/更新/删除会话信息,而无需额外的触发信令,节约了网络资源。According to the embodiment of the present invention, by centrally saving the session information of multiple networks on the session server, the problem of controlling the number of sessions when a user uses the same login name to access the Internet in the multi-network AAA server scenario is solved, and the present invention In this embodiment, the existing accounting message (Accounting (Start/Interim/Stop)) can be used to trigger and notify the session server to create/update/delete session information without additional trigger signaling, which saves network resources.
此外,根据本发明实施例,所述第二接口除了可以用于会话服务器与AAA服务器之间的会话认证功能和会话查询功能外,还可以用于会话服务器与外部系统之间的会话查询。In addition, according to the embodiment of the present invention, in addition to the session authentication function and session query function between the session server and the AAA server, the second interface can also be used for session query between the session server and an external system.
图8是示出根据本发明实施例的用于外部系统来查询会话信息的过程80的示范性信号流图。FIG. 8 is an exemplary signal flow diagram illustrating a
如图8所示,在801,用户使用登录名(例如zhangshandomain)发起网络接入请求,并被成功认证。这里,省略了关于会话认证过程的具体步骤,本领域技术人员可以根据需要采用本发明的第一实施例或第二实施例中的方法,或者还可以采用其他合适的方法来认证用户会话。As shown in FIG. 8 , at 801 , the user initiates a network access request using a login name (such as zhangshandomain), and is successfully authenticated. Here, specific steps related to the session authentication process are omitted, and those skilled in the art can use the method in the first embodiment or the second embodiment of the present invention as needed, or can also use other suitable methods to authenticate user sessions.
在802中,NAS向AAA服务器发送Accounting-Request(Start)消息。In 802, the NAS sends an Accounting-Request (Start) message to the AAA server.
在803中,AAA服务器通过第一接口Int1向会话服务器发送创建会话信息通知,并且在804中,会话服务器创建与该用户的登录名有关的会话信息。In 803, the AAA server sends a create session information notification to the session server through the first interface Int1, and in 804, the session server creates session information related to the user's login name.
在805中,AAA服务器向NAS返回开始计费响应Accounting-Response(Start)消息。In 805, the AAA server returns an Accounting-Response (Start) message to the NAS.
在806中,外部系统通过第二接口Int2向会话服务器发送会话查询请求。In 806, the external system sends a session query request to the session server through the second interface Int2.
在807中,会话服务器查询具有与所接收到的会话查询请求对应的会话的登录名相同的登录名的会话的会话信息。In 807, the session server queries session information of a session having the same login name as that of the session corresponding to the received session query request.
在808中,会话服务器通过第二接口Int2向所述外部系统发送会话查询响应,该会话查询响应中包括查询到的会话信息。In 808, the session server sends a session query response to the external system through the second interface Int2, where the session query response includes the queried session information.
经过一预定时间段(该预定时间段可以在NAS上配置)之后,在809中,NAS向AAA服务器发送Accounting-Request(Interim)消息。After a predetermined time period (the predetermined time period can be configured on the NAS), in 809, the NAS sends an Accounting-Request (Interim) message to the AAA server.
在810中,AAA服务器通过第一接口Int1向会话服务器发送更新会话信息通知,并且在811中,会话服务器更新会话信息。In 810, the AAA server sends an update session information notification to the session server through the first interface Int1, and in 811, the session server updates the session information.
在812中,AAA服务器向NAS返回中间计费响应Accounting-Response(Interim)消息。In 812, the AAA server returns an Accounting-Response (Interim) message to the NAS.
在813中,NAS向AAA服务器发送Accounting-Request(Stop)消息。In 813, the NAS sends an Accounting-Request (Stop) message to the AAA server.
在814中,AAA服务器通过第一接口Int1向会话服务器发送删除会话信息通知,并且在815中,会话服务器删除与该登录名zhangshandomain有关的会话信息。In 814, the AAA server sends a delete session information notification to the session server through the first interface Int1, and in 815, the session server deletes the session information related to the login name zhangshandomain.
在816中,AAA服务器向NAS返回停止计费响应Accounting-Response(Stop)消息。并且,与图6和图7中的过程类似地,可以不按照所描述的时间顺序,而是以并行或其他合适的词序来执行803与805、810与812以及814与816中的步骤。In 816, the AAA server returns an Accounting-Response (Stop) message to the NAS. Also, similar to the processes in FIG. 6 and FIG. 7 , the steps in 803 and 805 , 810 and 812 , and 814 and 816 may be performed in parallel or in other suitable word orders instead of in the described chronological order.
同样,809-812中的步骤可以重复执行多次,或者在某些情况下也可以被省略。Likewise, the steps in 809-812 may be repeated multiple times, or may also be omitted in some cases.
在图8中所示出的过程80中,外部系统在会话信息创建之后和更新之前发送会话查询请求,因而查询到的会话信息是创建的原始信息。本领域技术人员可以明白,外部系统可以在任何时候发送查询请求,例如在会话信息被更新之后。In the
图9是示出根据本发明实施例的用于外部系统来查询会话信息的另一过程90的示范性信号流图,其中,外部系统在会话信息被更新之后发送查询请求,从而得到更新后的会话信息。除此以外,图9中的过程90与图8中的过程80基本类似,所以这里对其他内容不再赘述。9 is an exemplary signal flow diagram illustrating another
此外,外部系统还可能在删除会话信息之后或创建会话信息之前发送会话查询请求,这时会话服务器可以向外部系统发送指示会话信息不存在的会话查询响应。In addition, the external system may also send a session query request after the session information is deleted or before the session information is created. At this time, the session server may send a session query response indicating that the session information does not exist to the external system.
根据本发明实施例,通过第二接口额外提供了会话服务器与外部系统之间的会话查询功能,以便外部系统在一些必要情况下查询用户的会话信息,诸如查询用户是否在线、查询用户的位置信息、查询用户的接入方式、根据IP(Internet Protocol,因特网协议)地址反查用户的登录名或手机号码信息、等等。从而,外部系统通过仅向会话服务器发送会话查询请求,可以简单而方便地获得多个网络中的用户的会话信息。According to the embodiment of the present invention, the session query function between the session server and the external system is additionally provided through the second interface, so that the external system can query the user's session information in some necessary cases, such as querying whether the user is online or querying the user's location information , Query the user's access method, check the user's login name or mobile phone number information according to the IP (Internet Protocol, Internet Protocol) address, and so on. Therefore, the external system can simply and conveniently obtain session information of users in multiple networks by only sending a session query request to the session server.
图10是示出根据本发明实施例的会话服务器10的结构的示范性框图。FIG. 10 is an exemplary block diagram showing the structure of the
如图10所示,会话服务器10可以包括会话管理单元1001和会话控制单元1002。As shown in FIG. 10 , the
会话管理单元1001用于根据从位于不同网络中的多个认证、授权和计费AAA服务器发送的会话信息通知的类型来管理会话信息。会话控制单元1002用于根据从所述AAA服务器发送的请求消息来控制用户会话。The session management unit 1001 is used to manage session information according to the types of session information notifications sent from a plurality of authentication, authorization and accounting AAA servers located in different networks. The session control unit 1002 is used for controlling the user session according to the request message sent from the AAA server.
本发明实施例通过在会话服务器上集中管理来自多个网络的会话信息,可以跨网络来控制多个网络内的用户会话,从而实现了当在多网络环境下用户使用同一个登录名来接入网络时,在多套AAA服务器之间的会话数控制。In the embodiment of the present invention, by centrally managing the session information from multiple networks on the session server, user sessions in multiple networks can be controlled across networks, thereby realizing that when a user uses the same login name to access When networking, the number of sessions between multiple sets of AAA servers is controlled.
图11是示出根据本发明实施例的会话管理单元1001的具体结构的示范性框图。FIG. 11 is an exemplary block diagram showing a specific structure of a session management unit 1001 according to an embodiment of the present invention.
如图11所示,会话管理单元1001可以包括会话创建器1101、会话更新器1102和会话删除器1103。As shown in FIG. 11 , the session management unit 1001 may include a session creator 1101 , a session updater 1102 and a session deleter 1103 .
会话创建器1101用于当从所述AAA服务器接收到创建会话信息通知时,创建会话信息并进行存储。会话更新器1102用于当从所述AAA服务器接收到更新会话信息通知时,更新该会话信息。会话删除器1103用于当从所述AAA服务器接收到删除会话信息通知时,删除该会话信息。The session creator 1101 is configured to create and store session information when receiving a session information creation notification from the AAA server. The session updater 1102 is configured to update the session information when receiving the update session information notification from the AAA server. The session deleter 1103 is configured to delete the session information when receiving the session information delete notification from the AAA server.
会话管理单元1001的各部分可执行如图6-图9中的相关步骤,为了简便起见,这里不再赘述。Each part of the session management unit 1001 can execute the relevant steps as shown in FIG. 6-FIG.
图12是示出根据本发明实施例的会话控制单元1002的具体结构的示范性框图。FIG. 12 is an exemplary block diagram showing a specific structure of the session control unit 1002 according to an embodiment of the present invention.
如图12所示,会话控制单元1002可以包括会话认证模块1201和会话查询模块1202。As shown in FIG. 12 , the session control unit 1002 may include a session authentication module 1201 and a session query module 1202 .
会话认证模块1201用于:从所述AAA服务器接收会话认证请求;认证会话;以及向所述AAA服务器发送会话认证响应。会话查询模块1202用于:从所述AAA服务器接收会话查询请求;查询具有与该会话查询请求对应的会话的登录名相同的登录名的会话的会话信息;以及向所述AAA服务器发送具有会话信息的会话查询响应。此外,会话查询模块1202还可以用于:从外部系统接收会话查询请求;查询具有与该会话查询请求对应的会话的登录名相同的登录名的会话的会话信息;以及向所述外部系统发送具有会话信息的会话查询响应。The session authentication module 1201 is configured to: receive a session authentication request from the AAA server; authenticate a session; and send a session authentication response to the AAA server. The session query module 1202 is used to: receive a session query request from the AAA server; query the session information of a session with the same login name as the login name of the session corresponding to the session query request; and send the session information with the session information to the AAA server session query responses. In addition, the session query module 1202 can also be used to: receive a session query request from an external system; query session information of a session with the same login name as the session login name corresponding to the session query request; and send the session information with A session query response for session information.
会话认证模块1201可以按照参照图6所描述的认证方法来执行会话认证,且会话查询模块1202可以按照参照图7-图8所描述的查询方法来执行与AAA服务器或外部系统之间的会话查询。The session authentication module 1201 can perform session authentication according to the authentication method described with reference to FIG. 6 , and the session query module 1202 can perform session query with the AAA server or an external system according to the query method described with reference to FIGS. 7-8 .
应当注意的是,当由AAA服务器来执行认证功能时,会话控制单元1002可以仅包括会话查询模块1202,即,在这种情况下,可以省略会话认证模块1201。It should be noted that when the authentication function is performed by the AAA server, the session control unit 1002 may only include the session query module 1202, ie, in this case, the session authentication module 1201 may be omitted.
此外,会话服务器10还可以包括第一接口和第二接口(未示出),其中,第一接口用于所述会话服务器的会话管理单元与所述多个AAA服务器之间的通信,并且第二接口用于所述会话服务器的会话控制单元与所述多个AAA服务器或外部系统之间的通信。所述第一接口和第二接口分别对应于图6-图10中的Int1和Int2。In addition, the
图13是示出根据本发明实施例的AAA服务器1300的结构的示范性框图。该AAA服务器1300的非限制性例子可以是图1中示出的固网AAA服务器、CDMAAAA服务器、WCDMAAAA服务器和WiMAX AAA服务器中的任一个。FIG. 13 is an exemplary block diagram showing the structure of an AAA server 1300 according to an embodiment of the present invention. A non-limiting example of the AAA server 1300 may be any one of the fixed network AAA server, CDMA AAA server, WCDMA AAA server and WiMAX AAA server shown in FIG. 1 .
如图13所示,AAA服务器1300可以包括会话信息通知单元1301、第一会话控制单元1302和第二会话控制单元1303。As shown in FIG. 13 , the AAA server 1300 may include a session information notification unit 1301 , a first session control unit 1302 and a second session control unit 1303 .
会话信息通知单元1301用于根据从网络接入设备NAS接收到的计费消息的类型向会话服务器发送会话信息通知。第一会话控制单元1302用于当从所述NAS接收到接入请求时,向所述会话服务器发送请求消息并接收相应的响应消息。第二会话控制单元1303用于根据所述会话服务器发送的响应消息向所述NAS发送接入响应以便认证会话。The session information notification unit 1301 is configured to send a session information notification to the session server according to the type of the charging message received from the network access device NAS. The first session control unit 1302 is configured to send a request message to the session server and receive a corresponding response message when receiving an access request from the NAS. The second session control unit 1303 is configured to send an access response to the NAS according to the response message sent by the session server so as to authenticate the session.
本发明实施例通过在会话服务器上集中管理来自多个网络的会话信息,可以跨网络来控制多个网络内的用户会话,从而实现了当在多网络环境下用户使用同一个登录名来接入网络时,在多套AAA服务器之间的会话数控制。In the embodiment of the present invention, by centrally managing the session information from multiple networks on the session server, user sessions in multiple networks can be controlled across networks, thereby realizing that when a user uses the same login name to access When networking, the number of sessions between multiple sets of AAA servers is controlled.
AAA服务器1300的各部分可以执行如参照图5所描述的有关过程,这里不再赘述。例如,会话信息通知单元1301在从NAS接收到的计费消息是Accounting-Request(Start)消息时发送创建会话信息通知,在计费消息是Accounting-Request(Interim)消息时发送更新会话信息通知,以及在计费消息是Accounting-Request(Stop)消息时发送删除会话信息通知。Each part of the AAA server 1300 can execute the relevant process as described with reference to FIG. 5 , which will not be repeated here. For example, the session information notification unit 1301 sends a session information notification when the accounting message received from the NAS is an Accounting-Request (Start) message, and sends an update session information notification when the accounting message is an Accounting-Request (Interim) message, And when the accounting message is an Accounting-Request (Stop) message, a session information deletion notification is sent.
此外,当所述AAA服务器1300不执行会话认证时,在AAA服务器1300从NAS接收到接入请求时,所述第一会话控制单元1302向会话服务器(例如会话服务器10)发送会话认证请求并且从所述会话服务器接收会话认证响应,并且,当从所述会话服务器接收到的会话认证响应是会话认证成功响应时,由所述第二会话控制单元1303向所述NAS发送接入接受消息,以及当从所述会话服务器接收到的会话认证响应是会话认证失败响应时,所述第二会话控制单元1303向所述NAS发送接入拒绝消息。In addition, when the AAA server 1300 does not perform session authentication, when the AAA server 1300 receives an access request from the NAS, the first session control unit 1302 sends a session authentication request to the session server (such as the session server 10) and from The session server receives a session authentication response, and, when the session authentication response received from the session server is a session authentication success response, the second session control unit 1303 sends an access acceptance message to the NAS, and When the session authentication response received from the session server is a session authentication failure response, the second session control unit 1303 sends an access rejection message to the NAS.
另一方面,当由所述AAA服务器1300来执行会话认证时,在从所述NAS接收到接入请求时,所述第一会话控制单元1302向所述会话服务器发送会话查询请求并从所述会话服务器接收具有会话信息的会话查询响应,并且,由所述第二会话控制单元1303根据在所述会话查询响应中包括的会话信息来认证会话。第二会话控制单元1303可以采用如参照图7所描述的方法来执行认证过程。On the other hand, when session authentication is performed by the AAA server 1300, when an access request is received from the NAS, the first session control unit 1302 sends a session query request to the session server and receives an access request from the NAS. The session server receives a session query response with session information, and the session is authenticated by the second session control unit 1303 according to the session information included in the session query response. The second session control unit 1303 may use the method as described with reference to FIG. 7 to perform the authentication process.
另外,根据本发明实施例的通信系统可以包括上述会话服务器和AAA服务器。In addition, the communication system according to the embodiment of the present invention may include the above-mentioned session server and AAA server.
本领域普通技术人员可以意识到,结合本文中所公开的实施例描述的各示例的单元及算法步骤,能够以电子硬件、计算机软件或者二者的结合来实现,为了清楚地说明硬件和软件的可互换性,在上述说明中已经按照功能一般性地描述了各示例的组成及步骤。这些功能究竟以硬件还是软件方式来执行,取决于技术方案的特定应用和设计约束条件。专业技术人员可以对每个特定的应用来使用不同方法来实现所描述的功能,但是这种实现不应认为超出本发明的范围。Those of ordinary skill in the art can realize that the units and algorithm steps of the examples described in conjunction with the embodiments disclosed herein can be implemented by electronic hardware, computer software, or a combination of the two. In order to clearly illustrate the relationship between hardware and software Interchangeability. In the above description, the composition and steps of each example have been generally described according to their functions. Whether these functions are executed by hardware or software depends on the specific application and design constraints of the technical solution. Those skilled in the art may use different methods to implement the described functions for each specific application, but such implementation should not be regarded as exceeding the scope of the present invention.
所属领域的技术人员可以清楚地了解到,为描述的方便和简洁,上述描述的系统、装置和单元的具体工作过程,可以参考前述方法实施例中的对应过程,在此不再赘述。Those skilled in the art can clearly understand that for the convenience and brevity of the description, the specific working process of the above-described system, device and unit can refer to the corresponding process in the foregoing method embodiment, which will not be repeated here.
在本申请所提供的几个实施例中,应该理解到,所揭露的系统、装置和方法,可以通过其他的方式实现。例如,以上所描述的装置实施例仅仅是示意性的,例如,所述单元的划分,仅仅为一种逻辑功能划分,实际实现时可以有另外的划分方式,例如多个单元或组件可以结合或者可以集成到另一个系统,或一些特征可以忽略,或不执行。另一点,所显示或讨论的相互之间的耦合或直接耦合或通信连接可以是通过一些接口,装置或单元的间接耦合或通信连接,可以是电性,机械或其他的形式。In the several embodiments provided in this application, it should be understood that the disclosed systems, devices and methods may be implemented in other ways. For example, the device embodiments described above are only illustrative. For example, the division of the units is only a logical function division. In actual implementation, there may be other division methods. For example, multiple units or components can be combined or May be integrated into another system, or some features may be ignored, or not implemented. In another point, the mutual coupling or direct coupling or communication connection shown or discussed may be through some interfaces, and the indirect coupling or communication connection of devices or units may be in electrical, mechanical or other forms.
所述作为分离部件说明的单元可以是或者也可以不是物理上分开的,作为单元显示的部件可以是或者也可以不是物理单元,既可以位于一个地方,或者也可以分布到多个网络单元上。可以根据实际的需要选择其中的部分或者全部单元来实现本实施例方案的目的。The units described as separate components may or may not be physically separated, and the components displayed as units may or may not be physical units, and may be located in one place or distributed to multiple network units. Part or all of the units can be selected according to actual needs to achieve the purpose of the solution of this embodiment.
另外,在本发明各个实施例中的各功能单元可以集成在一个处理单元中,也可以是各个单元单独物理存在,也可以两个或两个以上单元集成在一个单元中。上述集成的单元既可以采用硬件的形式实现,也可以采用软件功能单元的形式实现。In addition, each functional unit in each embodiment of the present invention may be integrated into one processing unit, each unit may exist separately physically, or two or more units may be integrated into one unit. The above-mentioned integrated units can be implemented in the form of hardware or in the form of software functional units.
所述集成的单元如果以软件功能单元的形式实现并作为独立的产品销售或使用时,可以存储在一个计算机可读取存储介质中。基于这样的理解,本发明的技术方案本质上或者说对现有技术做出贡献的部分或者该技术方案的全部或部分可以以软件产品的形式体现出来,该计算机软件产品存储在一个存储介质中,包括若干指令用以使得一台计算机设备(可以是个人计算机,服务器,或者网络设备等)执行本发明各个实施例所述方法的全部或部分步骤。而前述的存储介质包括:U盘、移动硬盘、只读存储器(ROM,Read-OnlyMemory)、随机存取存储器(RAM,Random Access Memory)、磁碟或者光盘等各种可以存储程序代码的介质。If the integrated unit is realized in the form of a software function unit and sold or used as an independent product, it can be stored in a computer-readable storage medium. Based on this understanding, the essence of the technical solution of the present invention or the part that contributes to the prior art or all or part of the technical solution can be embodied in the form of a software product, and the computer software product is stored in a storage medium , including several instructions to make a computer device (which may be a personal computer, a server, or a network device, etc.) execute all or part of the steps of the method described in each embodiment of the present invention. The aforementioned storage medium includes: U disk, mobile hard disk, read-only memory (ROM, Read-OnlyMemory), random access memory (RAM, Random Access Memory), magnetic disk or optical disc and other media that can store program codes.
还需要指出的是,在本发明的装置和方法中,显然,各部件或各步骤是可以分解和/或重新组合的。这些分解和/或重新组合应视为本发明的等效方案。并且,执行上述系列处理的步骤可以自然地按照说明的顺序按时间顺序执行,但是并不需要一定按照时间顺序执行。某些步骤可以并行或彼此独立地执行,例如,会话服务器和AAA服务器之间的会话认证过程可以与会话服务器和外部系统之间的会话查询过程顺序地、并行地或者以任何顺序独立地执行。It should also be pointed out that in the device and method of the present invention, obviously, each component or each step can be decomposed and/or reassembled. These decompositions and/or recombinations should be considered equivalents of the present invention. Also, the steps for performing the above series of processes may naturally be performed in chronological order in the order described, but need not necessarily be performed in chronological order. Certain steps may be performed in parallel or independently of each other, for example, the session authentication process between the session server and the AAA server may be performed sequentially, in parallel, or independently in any order with the session query process between the session server and the external system.
以上所述,仅为本发明的具体实施方式,但本发明的保护范围并不局限于此,任何熟悉本技术领域的技术人员在本发明揭露的技术范围内,可轻易想到变化或替换,都应涵盖在本发明的保护范围之内。因此,本发明的保护范围应所述以权利要求的保护范围为准。The above is only a specific embodiment of the present invention, but the scope of protection of the present invention is not limited thereto. Anyone skilled in the art can easily think of changes or substitutions within the technical scope disclosed in the present invention. Should be covered within the protection scope of the present invention. Therefore, the protection scope of the present invention should be based on the protection scope of the claims.
Claims (15)
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2011102024967A CN102238547B (en) | 2011-07-19 | 2011-07-19 | User session control method, session server, authentication, authorization and accounting (AAA) server and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2011102024967A CN102238547B (en) | 2011-07-19 | 2011-07-19 | User session control method, session server, authentication, authorization and accounting (AAA) server and system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN102238547A true CN102238547A (en) | 2011-11-09 |
| CN102238547B CN102238547B (en) | 2013-12-04 |
Family
ID=44888649
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2011102024967A Expired - Fee Related CN102238547B (en) | 2011-07-19 | 2011-07-19 | User session control method, session server, authentication, authorization and accounting (AAA) server and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102238547B (en) |
Cited By (12)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103490935A (en) * | 2013-09-30 | 2014-01-01 | 华为技术有限公司 | User conversation monitoring method and device |
| CN108347449A (en) * | 2017-01-23 | 2018-07-31 | 阿里巴巴集团控股有限公司 | A kind of method and apparatus of management Telnet |
| CN109769227A (en) * | 2013-07-25 | 2019-05-17 | 康维达无线有限责任公司 | End-to-end M2M service layer session |
| CN112653653A (en) * | 2019-10-11 | 2021-04-13 | 中兴通讯股份有限公司 | Communication circuit management method, network device and storage medium |
| US11503314B2 (en) | 2016-07-08 | 2022-11-15 | Interdigital Madison Patent Holdings, Sas | Systems and methods for region-of-interest tone remapping |
| US11765406B2 (en) | 2017-02-17 | 2023-09-19 | Interdigital Madison Patent Holdings, Sas | Systems and methods for selective object-of-interest zooming in streaming video |
| US11770821B2 (en) | 2016-06-15 | 2023-09-26 | Interdigital Patent Holdings, Inc. | Grant-less uplink transmission for new radio |
| US11871451B2 (en) | 2018-09-27 | 2024-01-09 | Interdigital Patent Holdings, Inc. | Sub-band operations in unlicensed spectrums of new radio |
| US11877308B2 (en) | 2016-11-03 | 2024-01-16 | Interdigital Patent Holdings, Inc. | Frame structure in NR |
| CN117692255A (en) * | 2024-02-02 | 2024-03-12 | 北京首信科技股份有限公司 | Method and device for dynamically expanding AAA service and electronic equipment |
| US12150146B2 (en) | 2016-05-11 | 2024-11-19 | Interdigital Patent Holdings, Inc. | Radio PDCCH to facilitate numerology operations |
| US12231198B2 (en) | 2016-08-11 | 2025-02-18 | Interdigital Patent Holdings, Inc. | Beamforming sweeping and training in a flexible frame structure for new radio |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1553741A (en) * | 2003-05-30 | 2004-12-08 | ��Ϊ��������˾ | Method and system for providing users with network roaming |
| CN101069382A (en) * | 2004-09-30 | 2007-11-07 | 株式会社Kt | Apparatus and method for integrated billing management by real-time session management in wire/wireless integrated service network |
| CN101150853A (en) * | 2007-10-29 | 2008-03-26 | 华为技术有限公司 | A network system, policy management control server and policy management control method |
| CN101442473A (en) * | 2007-11-23 | 2009-05-27 | 华为技术有限公司 | Method, equipment and system for managing access session control policy |
| CN101820606A (en) * | 2010-04-21 | 2010-09-01 | 中兴通讯股份有限公司 | Authentication and authorization charging server and message processing method |
| US20110007705A1 (en) * | 2002-10-21 | 2011-01-13 | Buddhikot Milind M | Mobility access gateway |
| CN102036270A (en) * | 2010-12-16 | 2011-04-27 | 中兴通讯股份有限公司 | AAA implementation method and AAA server |
-
2011
- 2011-07-19 CN CN2011102024967A patent/CN102238547B/en not_active Expired - Fee Related
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20110007705A1 (en) * | 2002-10-21 | 2011-01-13 | Buddhikot Milind M | Mobility access gateway |
| CN1553741A (en) * | 2003-05-30 | 2004-12-08 | ��Ϊ��������˾ | Method and system for providing users with network roaming |
| CN101069382A (en) * | 2004-09-30 | 2007-11-07 | 株式会社Kt | Apparatus and method for integrated billing management by real-time session management in wire/wireless integrated service network |
| CN101150853A (en) * | 2007-10-29 | 2008-03-26 | 华为技术有限公司 | A network system, policy management control server and policy management control method |
| CN101442473A (en) * | 2007-11-23 | 2009-05-27 | 华为技术有限公司 | Method, equipment and system for managing access session control policy |
| CN101820606A (en) * | 2010-04-21 | 2010-09-01 | 中兴通讯股份有限公司 | Authentication and authorization charging server and message processing method |
| CN102036270A (en) * | 2010-12-16 | 2011-04-27 | 中兴通讯股份有限公司 | AAA implementation method and AAA server |
Cited By (19)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109769227A (en) * | 2013-07-25 | 2019-05-17 | 康维达无线有限责任公司 | End-to-end M2M service layer session |
| US11765150B2 (en) | 2013-07-25 | 2023-09-19 | Convida Wireless, Llc | End-to-end M2M service layer sessions |
| US11122027B2 (en) | 2013-07-25 | 2021-09-14 | Convida Wireless, Llc | End-to-end M2M service layer sessions |
| CN109769227B (en) * | 2013-07-25 | 2022-02-22 | 康维达无线有限责任公司 | End-to-end M2M service layer sessions |
| CN103490935A (en) * | 2013-09-30 | 2014-01-01 | 华为技术有限公司 | User conversation monitoring method and device |
| CN103490935B (en) * | 2013-09-30 | 2017-04-12 | 华为技术有限公司 | User conversation monitoring method and device |
| US12150146B2 (en) | 2016-05-11 | 2024-11-19 | Interdigital Patent Holdings, Inc. | Radio PDCCH to facilitate numerology operations |
| US11770821B2 (en) | 2016-06-15 | 2023-09-26 | Interdigital Patent Holdings, Inc. | Grant-less uplink transmission for new radio |
| US11503314B2 (en) | 2016-07-08 | 2022-11-15 | Interdigital Madison Patent Holdings, Sas | Systems and methods for region-of-interest tone remapping |
| US12231198B2 (en) | 2016-08-11 | 2025-02-18 | Interdigital Patent Holdings, Inc. | Beamforming sweeping and training in a flexible frame structure for new radio |
| US11877308B2 (en) | 2016-11-03 | 2024-01-16 | Interdigital Patent Holdings, Inc. | Frame structure in NR |
| CN108347449B (en) * | 2017-01-23 | 2021-05-07 | 阿里巴巴集团控股有限公司 | Method and equipment for managing remote login |
| CN108347449A (en) * | 2017-01-23 | 2018-07-31 | 阿里巴巴集团控股有限公司 | A kind of method and apparatus of management Telnet |
| US11765406B2 (en) | 2017-02-17 | 2023-09-19 | Interdigital Madison Patent Holdings, Sas | Systems and methods for selective object-of-interest zooming in streaming video |
| US11871451B2 (en) | 2018-09-27 | 2024-01-09 | Interdigital Patent Holdings, Inc. | Sub-band operations in unlicensed spectrums of new radio |
| CN112653653B (en) * | 2019-10-11 | 2023-08-22 | 中兴通讯股份有限公司 | Communication circuit management method, network equipment and storage medium |
| CN112653653A (en) * | 2019-10-11 | 2021-04-13 | 中兴通讯股份有限公司 | Communication circuit management method, network device and storage medium |
| CN117692255A (en) * | 2024-02-02 | 2024-03-12 | 北京首信科技股份有限公司 | Method and device for dynamically expanding AAA service and electronic equipment |
| CN117692255B (en) * | 2024-02-02 | 2024-04-30 | 北京首信科技股份有限公司 | Method and device for dynamically expanding AAA service and electronic equipment |
Also Published As
| Publication number | Publication date |
|---|---|
| CN102238547B (en) | 2013-12-04 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN102238547B (en) | User session control method, session server, authentication, authorization and accounting (AAA) server and system | |
| US12137091B2 (en) | Single sign-on enabled with OAuth token | |
| US11356440B2 (en) | Automated IoT device registration | |
| US9860234B2 (en) | Bundled authorization requests | |
| US10084823B2 (en) | Configurable adaptive access manager callouts | |
| CN109639687B (en) | Systems, methods, and media for providing cloud-based identity and access management | |
| US10009335B2 (en) | Global unified session identifier across multiple data centers | |
| CN104580496B (en) | A kind of virtual machine based on locum accesses system and server | |
| US9124569B2 (en) | User authentication in a cloud environment | |
| US20090112875A1 (en) | Shared view of customers across business support systems (bss) and a service delivery platform (sdp) | |
| KR102121140B1 (en) | Method and device for comparing data versions between time zone crossing stations | |
| WO2014140963A1 (en) | Multi-tenancy support for enterprise social business computing | |
| WO2015042349A1 (en) | Multiple resource servers with single, flexible, pluggable oauth server and oauth-protected restful oauth consent management service, and mobile application single sign on oauth service | |
| US10992680B2 (en) | Authorization client management in a distributed computing environment | |
| US9654518B2 (en) | Stack fusion software communication service | |
| CN111090881A (en) | A kind of database access method and device | |
| US9225552B2 (en) | Mail service management system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20131204 Termination date: 20170719 |