CN101252788A - Diameter-AAA server supporting RADIUS protocol and working method thereof - Google Patents
Diameter-AAA server supporting RADIUS protocol and working method thereof Download PDFInfo
- Publication number
- CN101252788A CN101252788A CNA2008101038903A CN200810103890A CN101252788A CN 101252788 A CN101252788 A CN 101252788A CN A2008101038903 A CNA2008101038903 A CN A2008101038903A CN 200810103890 A CN200810103890 A CN 200810103890A CN 101252788 A CN101252788 A CN 101252788A
- Authority
- CN
- China
- Prior art keywords
- radius
- message
- diameter
- attribute
- value pair
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Abstract
The invention relates to a Diameter-AAA server supporting RADIUS protocol and the working method thereof. The server uses unified user information, and simultaneously provides AAA application service for two different protocol terminals of Diameter and RADIUS. The server comprises a TCP/SCTP interactive module, an opposite terminal management module, a conversation management module and an AAA application service module which are connected in sequence. The server is characterized in that three software function modules used for supporting the RADIUS protocol terminal, namely a UDP interactive module, a conversion module and an RADIUS opposite terminal management module, are added on the server as well. The invention also proposes the method for processing the mutual transformation of two protocol data packages of the Diameter and the RADIUS, in order to simultaneously provide the AAA service for the two protocol terminals of the Diameter and the RADIUS in a newly built Diameter network system, and to create condition and foundation for being gradually transited into a full Diameter AAA system afterwards.
Description
Technical field
The present invention relates to a kind of Diameter-AAA server of supporting radius protocol and, belong to communication technical field the method that Diameter and two kinds of protocol data bags of RADIUS are changed mutually.
Background technology
AAA is meant Authentication (discriminating), Authorization (mandate) and Accounting (charging).Since automatic network was born, authentication system (AAA) just became the basis of its operation.The use of all kinds of resources in the network all will be carried out the management of authentication.And the development of AAA and transition all receive the concern of operator from start to finish.For each business system, discriminating is vital, has only and has confirmed user identity, can know that just the service that is provided should charge to whom, can prevent that just disabled user (hacker) from destroying network simultaneously.After confirming user identity, the service type that system is applied for when opening an account according to the user is authorized the client corresponding authority.At last, when user's using system resource, add up the take situation of user by relevant device again, collect corresponding cost to the client in view of the above resource.
The RADIUS of remote customer dialing authentication system (Remote Authentication Dial In UserService) is present most widely used aaa protocol by RFC2865 and RFC2866 definition.The initial purpose of radius protocol is to authenticate and charge for the dial user.Through repeatedly improvement afterwards, form a general authentication and accounting agreement.Autumn in 1992, after the NASREQ working group of IETF sets up, the network insertion standard on RADIUS comes true, nearly all network access server manufacturer has all realized this agreement.Up-to-date RADIUS RFC2865 is published in June, 2000.
RADIUS is a kind of agreement of C/S structure, and its client is exactly NAS (Net AccessServer) server at first, and the computer of present any operation radius client software can become the client of RADIUS.The authentication mechanism of radius protocol is flexible, can adopt multiple modes such as PAP, CHAP or Unix login authentication.RADIUS also is a kind of extendible agreement, supports manufacturer to expand producer's proprietary attribute.The basic functional principle of RADIUS is: the user inserts NAS, NAS uses the Access-Require packet to submit the user profile that comprises user name, password etc. to radius server, wherein user cipher is through md5 encryption, and both sides use shared key, and this key is without Internet communication; Radius server is the legitimacy of checking username and password earlier, also can similarly authenticate NAS; If legal, just return the Access-Accept packet to NAS, allow the user to carry out subsequent operation, otherwise return the Access-Reject packet, the refusing user's visit.If allow visit, NAS proposes charging request Account-Require to radius server, and radius server response Account-Accept begins to charge to the user, and the user can carry out the associative operation of oneself simultaneously.
Because radius protocol is simply clear and definite, extendible, therefore obtained extensive use, comprised plain old telephone online, ADSL online, sub-district broadband access network, IP phone, based on business such as dial user's Virtual Private Dialup Network business VPDN (Virtual Private Dialup Networks), mobile phone pre-payments.
IEEE has proposed a kind of standard based on port recently, and promptly the 802.1x standard is used for the access authentication to wireless network, and it also is to adopt radius protocol when authentication.
But there is more defective in radius protocol itself, such as: based on the simple packet loss mechanism of the transmission of UDP, there be not the regulation and the centralized charging service that retransmit, all make it very not adapt to the development of current network, require further improvement.Along with the introducing (as wireless access, DSL, mobile IP and Ethernet) of new access technology and the quick dilatation of access network, the router and the access server that become increasingly complex come into operation in a large number, aaa protocol has been proposed new requirement, made that the shortcoming of traditional RADIUS structure is obvious day by day.At present, 3G network not only uses the network entity of supporting IP in core net just progressively to complete IP network evolution, also use IP-based technology at Access Network, and portable terminal also becomes the IP client that can activate.As just increasing following characteristic: UTRAN and CN transmission enhancing newly when the R6 version of preplanning at WCDMA, wave point strengthens, multimedia broadcasting and multicast (MBMS), Digital Right Management (DRM), the WLAN-UMTS intercommunication, priority business, General User Profile (GUP), network is shared, the intercommunication between heterogeneous networks etc.In such network, mobile IP will be used widely.Support the terminal of mobile IP in the home network of registration, to move, or roam into the network of other operators.When terminal prepares to be linked into network, and when using every professional that operator provides, just need strict AAA process.Aaa server will authenticate portable terminal, authorizes to allow the user to use related service, and collects the situation that the user uses resource, to produce charge information.This just needs to adopt aaa protocol of new generation---Diameter.
Now, the AAA working group of IETF has been agreed Diameter as follow-on aaa protocol standard.Diameter as the radius protocol upgraded version comprises basic agreement and various specific AAA application service agreement, for example: NAS (network insertion service) agreement, EAP (can expand discriminating) agreement, MIP (mobile IP) agreement, CMS (code message grammer) agreement etc.Diameter is supported the authentication work of mobile IP, NAS request and mobile agent, the realization and the RADIUS of agreement are similar, also be to adopt property value that AVP (adopting the Attribute-Length-Value triple form) is realized, but wherein specified in more detail fault processing, failover (failover) and restoration after a failure (failback) mechanism, adopt reliable TCP and SCTP host-host protocol, support distributed charging, overcome many shortcomings of RADIUS, be best suited for the aaa protocol of future mobile communication system.
Because Diameter is more complicated than RADIUS, and RADIUS widely used, so Diameter can not occupy dominating of AAA in the short time.But, can predict, along with networks development, Diameter will be ripe and perfect more, is used widely.
Referring to Fig. 1, introduce the module of the Diameter-AAA server of now having succeeded in developing and dropped into practical application and form structure and corresponding function thereof.The Diameter-AAA server is followed RFC3588 Diameter basic agreement, and according to the environment for use needs, can provide one or more AAA application services, for example: NASREQ, EAP, MIP etc.Its inside comprises with lower module:
The TCP/SCTP interactive module is responsible for setting up TCP or SCTP and is connected, transmitting-receiving Diameter message.And give the opposite end administration module on upper strata with the Diameter message of receiving and the Diameter message that the opposite end administration module will send is sent from communication link.
The opposite end administration module, be responsible for management and the routing function of Diameter Peer (opposite end), internal record this Diameter-AAA server connected to client information: the IP address that comprises the opposite end, affiliated territory, the data encryption mode, the AAA application service that the opposite end is supported, and, at this connection status state machine following Diameter message is handled: capabilities exchange (Capability Exchange) for state machine that indicates connection status of each opposite end that has connected maintenance, heartbeat detection (Device Watchdog), disconnect opposite end (Disconnect Peer); If the destination of Diameter message is this aaa server, then this Diameter message is sent to the session management module on upper strata; If receive the Diameter message that session management module sends, then forward it to the TCP/SCTP interactive module of lower floor;
Session management module, be in charge of each Diameter session, be provided with in this module and safeguard an AAA application service state machine table by session identification Session-Id index is arranged, if the Session-Id in the Diameter message of receiving is a session id that has existed, then seeks its corresponding AAA application service state machine and handle this message; If there is no this Session-Id just according to the newly-generated AAA application service state machine of application service sign Application-Id, is used to handle this new session;
The AAA application service module, the responsible various different concrete functions of realizing AAA application service state machine, this module is received Diameter message from session management module, according to value wherein, make concrete processing, the Diameter message that regeneration is replied, and transfer to the session management module transmission.
The flow process of Diameter-AAA server process Diameter message is as follows: after the TCP/SCTP interactive module was received the datagram that the Diameter terminal sends, the TCP/SCTP module guaranteed this datagram of complete reception, it was given the opposite end administration module again and handled.The opposite end administration module judges that according to Destination-Host in the Diameter message and Destination-Realm AVP this Diameter message is to want local processing or be redirected to other Diameter server.If local the processing then given the session management module on upper strata, otherwise, according to being redirected rule, message is sent to destination server by the TCP/SCTP module again.After session management module is received Diameter message, judge according to Session-Id AVP whether this datagram is the part of already present session, if, then find corresponding AAA application service state machine, transfer to the latter and handle.If Session-Id is a unwritten Session-Id, generate the AAA application service state machine of a correspondence so according to the sign of the application service in Diameter message Application-Id, and note this Session-Id, receive the Diameter message that comprises this Session-Id later on, all give this state machine and handle.AAA application service state machine then according to the service needs of oneself, is checked the attribute key-value pair that receives, and generates the attribute key-value pair of replying, and gives session management layer and sends.Session management layer will send bag again and be given to the opposite end administration module, beam back the Diameter opposite end via the TCP/SCTP module.
Therefore, disposing strong, flexible, the reliable Diameter AAA system of function, prepare to buy new equipment or need the support agency and the service provider of user's roaming for the overwhelming majority, is a well selection.But, for Virtual network operator, because its last stage has been dropped into a large amount of human and material resources on RADIUS, and the function that RADIUS provides in suitable scope can satisfy current and expected future communicates by letter in a period of time in the system of needs, has two kinds of protocol terminals simultaneously: RADIUS terminal and Diameter terminal.In order to solve compatibility between the two, the way that generally adopts is to increase a RADIUS/Diameter change server (referring to Fig. 2) that carries out two kinds of protocol information conversion process in system at present.But, certainly will increase the propagation delay time of equipment investment expense and signal like this.A kind of both economical, rationally, mode is select to support the aaa server of dual stack efficiently, allow RADIUS in original scope, continue to provide service, then use Diameter for the new equipment that adds in the system, create conditions for progressively carrying out the transition to full Diameter AAA system later on.So succeeding in developing a kind of aaa server of dual stack of supporting as early as possible just becomes the focus that those skilled in the art pay close attention to.
Summary of the invention
In view of this, the purpose of this invention is to provide the method that a kind of Diameter-AAA server of supporting radius protocol and this server process Diameter and two kinds of protocol data bags of RADIUS are changed mutually, to solve the urgent need of present network, when providing the AAA application service for newly-established Diameter network, also for the radius protocol terminal in this system continues to provide AAA service, and create conditions for progressively carrying out the transition to full DiameterAAA system later on.
In order to achieve the above object, the invention provides a kind of Diameter-AAA server of supporting radius protocol, be to use unified user profile, the server of AAA application service is provided for Diameter and two kinds of different agreement terminals of RADIUS simultaneously; Comprise: the TCP/SCTP interactive module that is linked in sequence, opposite end administration module, session management module and AAA application service module; It is characterized in that this server also has additional following software function module:
The UDP interactive module is used to receive the UDP datagram that radius client is sent, and the modular converter that the RADIUS message in this UDP datagram is sent to the upper strata is handled; The UDP message message of being responsible for simultaneously modular converter is sent here sends to radius client via transmission line;
Modular converter, the attribute key-value pair Attribute of the responsible radius protocol that will receive converts Diameter attribute key-value pair AVP to, and the attribute key-value pair AVP of the Diameter that will send is converted to radius attribute key-value pair Attribute;
RADIUS opposite end administration module, be in charge of and safeguard being connected of radius client and this aaa server, inside be provided with for each radius client that has connected storage relevant information to end state machine, be used to write down with this aaa server and realize the radius client information that has been connected: comprise the IP address, verify the AAA application service of port, authorized ports, data encryption mode and this client-requested; After the RADIUS message that this RADIUS receives the UDP interactive module to end state machine is delivered to modular converter earlier and carried out conversion process, be forwarded to the session management module on upper strata again; And, after delivering to modular converter earlier and carrying out conversion process, be forwarded to the UDP interactive module of lower floor again with the Diameter message that the session management module that receives sends.
In order to achieve the above object, the present invention also provides a kind of method that adopts the Diameter-AAA server of supporting radius protocol that Diameter and two kinds of protocol data bags of RADIUS are changed mutually, it is characterized in that: though Diameter can compatible radius protocol, but, because it is incomplete same that Diameter has increased the form of new function and Diameter AVP and RADIUS Attribute packet, part radius attribute key-value pair Attribute will be converted into other attribute key-value pair AVP in Diameter, be that conversion between the two is not fully one to one, handle some special circumstances; Comprise following operating procedure:
(1) adopt message header conversion and two steps of message body conversion, finishing the RADIUS message conversion is the packet conversion of Diameter message, and first, the back order of two conversion operations do not limit;
(2) carry out the message body conversion earlier, carry out the message header conversion again, be converted to the RADIUS response message to realize the Diameter response message.
The present invention's method that to be a kind of Diameter-AAA server of supporting radius protocol and this server change mutually to Diameter and two kinds of protocol data bags of RADIUS, wherein adopt and on original framework of Diameter server, add RADIUS software conversion functional module again, realized a dual stack aaa server of supporting Diameter and RADIUS simultaneously.This device is by adding UDP interactive module, RADIUS opposite end administration module and modular converter, just a RADIUS opposite end can be modeled to the Diameter opposite end, and the radius protocol packet translated into the Diameter packet, thereby realize by this Diameter-AAA server process RADIUS related news.Therefore, this server is skillfully constructed, simple in structure, reliable operation, realizes, is convenient to O﹠M easily.In addition, method, concrete operations content and transformation rule that a kind of this server that the present invention also proposes is changed mutually to Diameter and two kinds of protocol data bags of RADIUS, make this server can be in the network that is mixed with RADIUS and two kinds of terminals of Diameter can be correctly, operation efficiently.Make that server of the present invention is particularly suitable for using in the transition system of RADIUS terminal and Diameter terminal mixing use.For the Legacy System that has the RADIUS terminal provides the simple and high-efficient solution to the evolution of full Diameter terminal system.
Description of drawings
Fig. 1 is that Diameter-AAA server internal module structure is formed schematic diagram.
Fig. 2 is the application scenarios schematic diagram of two kinds of protocol terminals co-existin networks employing simultaneously protocol conversion server.
Fig. 3 (A), (B) are respectively the composition Organization Chart of Diameter message and the composition Organization Chart of wherein single attribute key-value pair AVP.
Fig. 4 (A), (B) are respectively the composition Organization Chart of RADIUS message and the composition Organization Chart of wherein single attribute key-value pair Attribute.
Fig. 5 is that the internal module structure of the present invention's Diameter server of supporting RADIUS is formed schematic diagram.
Fig. 6 is the application scenarios schematic diagram of the present invention's Diameter server of supporting RADIUS.
Embodiment
For making the purpose, technical solutions and advantages of the present invention clearer, the present invention is described in further detail below in conjunction with accompanying drawing.
Referring to Fig. 3, Diameter message structure form and the right form of each attribute value of building that introduction is made up of message header and message body, wherein message header comprises: version, message-length, command id, command code, application service sign, point-to-point identity and end-to-end sign, message body then are made up of one or more attribute key-value pair AVP.Each attribute key-value pair is normally called it with the attribute codes or the title of this attribute key-value pair, and for example attribute codes is that the attribute key-value pair of Destination-Host (destination host) just is called Destination-Host AVP or destination host attribute key-value pair.Each attribute key-value pair provides the AAA application service a needed setup parameter.For example: destination host Destination-Host attribute key-value pair provides the IP address of destination host, aiming field Destination-Realm attribute key-value pair provides the domain information at destination host place, session identification Session-Id attribute key-value pair provides session id information, and application service sign Application-Id attribute key-value pair is used to specify the AAA application service of handling this Diameter message.
Referring to Fig. 4, RADIUS message structure form and the right form of each attribute value of building thereof that introduction is made up of message header and message body, wherein message header comprises: command code, command sequence number, order length and Message Authentication Code, message body then are made up of one or more attribute key-value pair Attributes.
Referring to Fig. 5, introduce the Diameter-AAA server that the present invention supports radius protocol, it is to use unified user profile, the server of AAA application service is provided for Diameter and two kinds of different agreement terminals of RADIUS simultaneously, promptly supports the aaa server of RADIUS terminal and Diameter terminal simultaneously.This server is except comprising TCP/SCTP interactive module, opposite end administration module, session management module and the AAA application service module that is linked in sequence, also set up the UDP interactive module, modular converter and the RADIUS opposite end administration module that are used to support the radius protocol terminal, wherein the function of each software module is respectively:
The UDP interactive module is used to receive the UDP datagram that radius client is sent, and the modular converter that the RADIUS message in this UDP datagram is sent to the upper strata is handled; The UDP message message of being responsible for simultaneously modular converter is sent here sends to radius client via transmission line.
Modular converter, the attribute key-value pair Attribute of the responsible radius protocol that will receive converts Diameter attribute key-value pair AVP to, and the attribute key-value pair AVP of the Diameter that will send is converted to radius attribute key-value pair Attribute.
RADIUS opposite end administration module, be in charge of and safeguard being connected of radius client and this aaa server, inside be provided with for each radius client that has connected storage relevant information to end state machine, this RADIUS opposite end connect state machine does not need to send or disposal ability exchange (CapabilityExchange), heartbeat detection (Device Watchdog), disconnect opposite end (Disconnect Peer) message.But write down the radius client information that has been connected with this aaa server realization: comprise the AAA application service of IP address, checking port, authorized ports, data encryption mode and this client-requested etc.After the RADIUS message that this RADIUS receives the UDP interactive module to end state machine is delivered to modular converter earlier and carried out conversion process, be forwarded to the session management module on upper strata again; And, after delivering to modular converter earlier and carrying out conversion process, be forwarded to the UDP interactive module of lower floor again with the Diameter message that the session management module that receives sends.
The TCP/SCTP interactive module is responsible for setting up TCP or SCTP and is connected, transmitting-receiving Diameter message, and give the opposite end administration module on upper strata with the Diameter message of receiving and the Diameter message that the opposite end administration module will send is sent from communication link.
The opposite end administration module, be responsible for management and the routing function of Diameter opposite end Peer, internal record has with this Diameter-AAA server and connects, comprise the IP address, affiliated territory, the data encryption mode, the AAA application service of its support to client information, and for safeguarding a state machine that indicates connection status in each opposite end that has connected, in this connection status state machine to comprising capabilities exchange CapabilityExchange, heartbeat detection Device Watchdog, the Diameter message that disconnects opposite end Disconnect Peer is handled: and be the session management module that the Diameter message of this aaa server is sent to the upper strata with the destination that receives, and, be forwarded to the TCP/SCTP interactive module of lower floor with the Diameter message that its session management module that receives sends.
Session management module, be in charge of each Diameter session, be provided with in this module and safeguard an AAA application service state machine table by session identification Session-Id index is arranged, Session-Id in the Diameter message that receives is a session id that has existed, and then seeks the AAA application service state machine corresponding with it and handles this message; If there is no this Session-Id just according to the newly-generated AAA application service state machine of application service sign Application-Id, is used to handle this new session.
The AAA application service module, be used to realize the concrete function of AAA application service state machine, described state machine is different according to different AAA application service meetings, this module is received Diameter message from session management module, according to value wherein, carry out different concrete processing, and generate Diameter answer message, transfer to session management module and send.
Describe the method that server of the present invention is changed mutually to Diameter and two kinds of protocol data bags of RADIUS below in detail, as everyone knows, the realization of the aaa functionality of RADIUS and Diameter be based on all between terminal and the server that the vector data bag of exchange attribute key-value pair AVP (Attribute-Length-Value) carries out (in order to distinguish the attribute key-value pair of two kinds of agreements, with attribute key assignments symmetry among the Diameter is AVP, the radius attribute key-value pair is called Attribute or abbreviates radius attribute as, and calling specific Attribute with the attribute codes value of Attribute is so-and-so attribute or XXX Attribute equally).
Though Diameter can compatible radius protocol, but, because Diameter has increased the form incomplete same (referring to Fig. 3 and Fig. 4) of new function and Diameter AVP and RADIUS Attribute packet, part radius attribute key-value pair Attribute will be converted into other attribute key-value pair AVP in Diameter, it is fully transparent to be that conversion between the two is not, promptly not fully one to one, still need to handle some special circumstances.This conversion method comprises following two operating procedures:
Step (1), the conversion of employing message header and two steps of message body conversion, finishing the RADIUS message conversion is the packet conversion of Diameter message, and first, the back of two conversion operations do not limit in proper order;
Step (2), carry out message body conversion earlier, carry out the message header conversion again, be converted to the RADIUS response message to realize the Diameter response message.
Wherein step (1) further comprises following content of operation:
(11) carry out the message header conversion: according to the information in the RADIUS message, generate the Diameter message header, promptly generate application service sign ID and command code in the Diameter message header according to whether containing certain or a plurality of application service specific attribute key-value pair in the command code in the RADIUS message header and this RADIUS message; For example: the RADIUS command code is for inserting request (Access-Request), and contain EAP message (EAP-Message) attribute in the RADIUS message, so command code is EAP request (EAP-REQEST) in the Dui Ying Diameter message header, and application service ID is Diameter-EAP.And in modular converter, preserve the Message Authentication Code and the command sequence number of this RADIUS message, the command id in the Diameter message header is set to corresponding identification again; Because session management module and subsequent module are not used other information in the Diameter message header, so other fields need not be inserted particular value;
(12) carry out the message body conversion: because each the attribute key-value pair Attribute in the RADIUS message is independent substantially, whether exist with other Attribute and value irrelevant, so carry out in the RADIUS request message attribute key-value pair Attribute one by one to the conversion of Diameter request message attribute key-value pair AVP, and do not have the restriction of order.Attribute can most ofly realize man-to-man conversion to the conversion of Diameter request message AVP in the RADIUS request message, this moment only need be with RADIUS Attribute attribute codes value as Diameter AVP attribute codes value, after the AVP key assignments is inserted with the key assignments of Attribute in 4 byte-aligned ground, again the AVP key assignments length after 4 byte-aligned is inserted AVP attribute key-value pair length field, the AVP identification field is inserted default value.
When this step of execution (12) was carried out the message body conversion, indivedual RADIUS Attribute can not directly be converted to Diameter AVP simply, and its processing rule is by the AAA application service decision of using this Attribute; The treatment principle of the RADIUS Attribute that needs special processing that wherein is applicable to all AAA application services is as follows:
If there is message checking attribute Message-Authenticator Attribute in RADIUS message, its value must be verified so, but does not generate corresponding Diameter AVP.And, if checking is unsuccessful, then abandon this whole RADIUS message.
RADIUS sender of the message's transport layer address must and message body in the network access system NAS sign that comprises be consistent, this NAS sign comprises two attribute field: NAS sign NAS-Identifier and NAS IP address NAS-IP-Address (seeing for details hereinafter).
To safeguard the command sequence number field that comprises in the RADIUS message header, the source address of any Agent Status attribute key-value pair Proxy-State Attribute, radius protocol UDP bag that carries and the information of source port number in the conversion, and these information are kept in the local message conversion table.
If the RADIUS request message comprises a status attribute State Attfibute, and this property value is with " Diameter/ " beginning, and then data comprise " source host/source territory/session id " information Origin-Host/Origin-Realm/Session-Id of Diameter thereafter; If this attribute does not exist, then produce a new Diameter session identification ID (Diameter session id form and generation way are seen rfc3588), and this session identification ID is put into session id attribute key-value pair Session-Id AVP after the conversion.
Source host Origin-Host in the Diameter message and two attribute key-value pairs of territory, source Origin-Realm must be generated by the domain name full name information of NAS-IP-Address and NAS-Identifier attribute correspondence, and in the Diameter message after the adding conversion.
Generate aiming field attribute key-value pair Destination-Realm AVP by the information among the radius username attribute User-Name Attribute.
In execution in step (12), when the AAA application service is extensible authentication protocol EAP, carrying out RADIUS-EAP when the message body of Diameter-EAP is changed, further comprise following specific conversion operations step:
The attribute key-value pair EAP-Message Attribute that RADIUS-EAP message is comprised is converted to Diameter EAP load attribute key-value pair EAP-Payload AVP, if there are a plurality of RADIUSEAP-Message attribute key-value pairs, then a Diameter EAP-PayloadAVP is put in value merging wherein;
Length is the RADIUS EAP-Message Attribute of 2 bytes, and promptly the value of EAP-Message is empty, represents EAP-Start, is converted to empty EAP-Payload AVP.
Wherein step (2) further comprises following content of operation:
(21) carry out the message body conversion: the attribute key-value pair Attribute that one by one the attribute key-value pair AVP in the Diameter response message is converted to earlier the RADIUS response message; Wherein the special processing that will do is operating as:
The RADIUS request message of replying if be triggered carries Agent Status attribute key-value pair Proxy-StateAttribute, and the Agent Status attribute key-value pair Proxy-State that then request of local cache disappeared adds in this response message.
If contain session timeout attribute key-value pair Session-Timeout AVP in the Diameter message, but do not authorize lifetime attribute key-value pair Authorization-Lifetime AVP, then be converted into RADIUS session timeout attribute key-value pair Session-Timeout Attribute, but do not generate terminating operation attribute key-value pair Termination-Action Attribute.
If containing, Diameter message authorizes lifetime attribute key-value pair Authorization-Lifetime AVP, but there is not session timeout attribute key-value pair Session-Timeout AVP, then be converted into RADIUS session timeout attribute key-value pair Session-Timeout Attribute, and the terminating operation attribute key-value pair Termination-Action Attribute that to insert a value be AA-REQEST; And after conversion, abandon and authorize lifetime attribute key-value pair Authorization-Lifetime AVP and re-examination card request type attribute key-value pair Re-Auth-Request-Type AVP.
If Diameter message contains session timeout attribute key-value pair Session-Timeout AVP simultaneously and authorizes lifetime attribute key-value pair Authorization-Lifetime AVP, then the former Session-Timeout is inevitable more than or equal to latter Authorization-Lifetime; This moment, the value with Authorization-Lifetime AVP was converted to RADIUS session timeout attribute key-value pair Session-Timeout Attribute, and RADIUS terminating operation attribute key-value pair Termination-Action Attribute is made as AA-REQUEST, after conversion, abandon and authorize lifetime attribute key-value pair Authorization-Lifetime AVP and re-examination card request type attribute key-value pair Re-Auth-Request-Type AVP again;
RADIUS terminal UDP IP and port numbers according to buffer memory are beamed back the RADIUS response message.
In step (21),, when then carrying out Diameter-EAP, observe following principle and carry out the conversion operations step to the conversion of the message body of RADIUS-EAP if the AAA application service is EAP:
If Diameter message header command code is EAP-Answer, and the key assignments of operating result attribute key-value pair Result-Code AVP is DIAMETER_MULTI_ROUND_AUTH, then be RADIUS Access-Challenge message with this message conversion, simultaneously the key assignments content of Diameter source host, territory, source, three attribute key-value pairs of session id Origin-Host, Origin-Realm, Session-Id AVP is adopted "/" symbol segmentation, and add prefix " Diameter/ " and be encapsulated as a RADIUS status attribute key-value pair State Attribute; If there is the overtime attribute key-value pair of many bouts Multi-Round-Time-Out AVP, among the RADIUS session timeout attribute key-value pair Session-Timeout Attribute that then its value packed into.
When Diameter EAP-Payload AVP is converted to RADIUS EAP-Message attribute key-value pair, if the length of EAP-Payload AVP surpasses the maximum length that the radius attribute key-value pair is allowed, then it is divided into a plurality of EAP-Message attribute key-value pairs.
Diameter EAP has retransmitted load attribute key-value pair EAP-Reissued-Payload AVP should be converted into one or more RADIUS EAP-Message attribute key-value pairs, the value of RADIUS error reason attribute key-value pair Error-Cause Attribute is set to 202 (decimal systems) simultaneously, just " invalid EAP bag (ignoring) " Invalid EAP Packet-Ignored.
Diameter EAP session major key attribute key-value pair EAP-Master-Session-Key AVP should be converted into proprietary RADIUS MS-MPPE-Recv-Key of producer and MS-MPPE-Send-Key attribute key-value pair; Preceding 32 bytes of EAP-Master-Session-Key are put into MS-MPPE-Recv-Key, and back 32 bytes are put into MS-MPPE-Send-Key.
If have Diameter eap authentication mode charging property key-value pair Accounting-EAP-Auth-Method AVP, then it abandoned.
(22) carry out the message header conversion: after generating RADIUS message body,, generate the RADIUS message header again according to the relevant information in the Diameter message.This step (22) further comprises following content of operation:
(221) according to the value of the operating result Result-Code AVP in the Diameter message, generate the RADIUS command code, if Result-Code is " many bouts validation-cross " Diameter-Multi-Round-Auth:1001, then the RADIUS command code is Access-Challenge (11); If Result-Code AVP value is for being proved to be successful, promptly the interval scope of Result-Code is (2000,3000), and then the RADIUS command code is Access-Accept (2); If Result-Code is an authentication failed, then the RADIUS command code is Access-Reject.
(222) the RADIUS request message command sequence number of preserving is inserted RADIUS response message command sequence number;
(223) calculate newly-generated RADIUS message-length, again this numerical value is inserted in the order length;
(224), generate the Message Authentication Code of response message according to the Message Authentication Code of the RADIUS request message of in modular converter, preserving and newly-generated RADIUS message.
The present invention has developed the dual stack aaa server model machine of supporting Diameter and RADIUS simultaneously, and has carried out implementing the sharp test of test.Result of the test shows, this server can be correctly in the network that is mixed with RADIUS and Diameter terminal, work efficiently, realized goal of the invention.This server suits to use in the transition network system of RADIUS terminal and Diameter terminal mixing use very much, has good popularization and application prospect.
Claims (10)
1, a kind of Diameter-AAA server of supporting radius protocol is to use unified user profile, and the server of AAA application service is provided for Diameter and two kinds of different agreement terminals of RADIUS simultaneously; Comprise: the TCP/SCTP interactive module that is linked in sequence, opposite end administration module, session management module and AAA application service module; It is characterized in that this server also has additional following software function module:
The UDP interactive module is used to receive the UDP datagram that radius client is sent, and the modular converter that the RADIUS message in this UDP datagram is sent to the upper strata is handled; The UDP message message of being responsible for simultaneously modular converter is sent here sends to radius client via transmission line;
Modular converter, the attribute key-value pair Attribute of the responsible radius protocol that will receive converts Diameter attribute key-value pair AVP to, and the attribute key-value pair AVP of the Diameter that will send is converted to radius attribute key-value pair Attribute;
RADIUS opposite end administration module, be in charge of and safeguard being connected of radius client and this aaa server, inside be provided with for each radius client that has connected storage relevant information to end state machine, be used to write down with this aaa server and realize the radius client information that has been connected: comprise the IP address, verify the AAA application service of port, authorized ports, data encryption mode and this client-requested; After the RADIUS message that this RADIUS receives the UDP interactive module to end state machine is delivered to modular converter earlier and carried out conversion process, be forwarded to the session management module on upper strata again; And, after delivering to modular converter earlier and carrying out conversion process, be forwarded to the UDP interactive module of lower floor again with the Diameter message that the session management module that receives sends.
2, server according to claim 1 is characterized in that: the function of other software module of described server is respectively:
The TCP/SCTP interactive module is responsible for setting up TCP or SCTP and is connected, transmitting-receiving Diameter message, and give the opposite end administration module on upper strata with the Diameter message of receiving and the Diameter message that the opposite end administration module will send is sent from communication link;
The opposite end administration module, be responsible for management and the routing function of Diameter opposite end Peer, internal record have with this Diameter-AAA server connect to client information: comprise the IP address, affiliated territory, the data encryption mode, the AAA application service of its support, and for safeguarding a state machine that indicates connection status in each opposite end that has connected, in this connection status state machine to comprising capabilities exchange CapabilityExchange, heartbeat detection Device Watchdog, the Diameter message that disconnects opposite end Disconnect Peer is handled: and be the session management module that the Diameter message of this aaa server is sent to the upper strata with the destination that receives, and, be forwarded to the TCP/SCTP interactive module of lower floor with the Diameter message that its session management module that receives sends;
Session management module, be in charge of each Diameter session, be provided with in this module and safeguard an AAA application service state machine table by session identification Session-Id index is arranged, Session-Id in the Diameter message that receives is a session id that has existed, and then seeks the AAA application service state machine corresponding with it and handles this message; If there is no this Session-Id just according to the newly-generated AAA application service state machine of application service sign Application-Id, is used to handle this new session;
The AAA application service module, be used to realize the concrete function of AAA application service state machine, described state machine is different according to different AAA application service meetings, this module is received Diameter message from session management module, according to value wherein, carry out different concrete processing, and generate Diameter answer message, transfer to session management module and send.
3, a kind of method that adopts the described server of claim 1 that Diameter and two kinds of protocol data bags of RADIUS are changed mutually, it is characterized in that: though Diameter can compatible radius protocol, but, because it is incomplete same that Diameter has increased the form of new function and DiameterAVP and RADIUSAttribute packet, part radius attribute key-value pair Attribute will be converted into other attribute key-value pair AVP in Diameter, be that conversion between the two is not fully one to one, handle some special circumstances; Comprise following operating procedure:
(1) adopt message header conversion and two steps of message body conversion, finishing the RADIUS message conversion is the packet conversion of Diameter message, and first, the back order of two conversion operations do not limit;
(2) carry out the message body conversion earlier, carry out the message header conversion again, be converted to the RADIUS response message to realize the Diameter response message.
4, two kinds of methods that the protocol data bag is changed mutually according to claim 3, it is characterized in that: described step (1) further comprises following content of operation:
(11) carry out the message header conversion: according to the information in the RADIUS message, generate the Diameter message header, promptly generate application service sign ID and command code in the Diameter message header according to whether containing certain or a plurality of application service specific attribute key-value pair in the command code in the RADIUS message header and this RADIUS message; And in modular converter, preserve the Message Authentication Code and the command sequence number of this RADIUS message, the command id in the Diameter message header is set to corresponding identification again; Because session management module and subsequent module are not used other information in the Diameter message header, so other fields need not be inserted particular value;
(12) carry out message body conversion: because of each the attribute key-value pair Attribute in the RADIUS message independent substantially, whether exist with other Attribute and value irrelevant, so carry out in the RADIUS request message attribute key-value pair Attribute one by one to the conversion of Diameter request message attribute key-value pair AVP: this moment need be with RADIUS Attribute attribute codes value as Diameter AVP attribute codes value, after the AVP key assignments is inserted with the key assignments of Attribute in 4 byte-aligned ground, again the AVP key assignments length after 4 byte-aligned is inserted AVP attribute key-value pair length field, the AVP identification field is inserted default value.
5, two kinds of methods that the protocol data bag is changed mutually according to claim 4, it is characterized in that: when described step (12) is carried out the message body conversion, indivedual RADIUS Attribute can not directly be converted to Diameter AVP simply, and its processing rule is by the AAA application service decision of using this Attribute; The treatment principle of the RADIUS Attribute that needs special processing that wherein is applicable to all AAA application services is as follows:
If there is message checking attribute Message-Authenticator Attribute in RADIUS message, then must verifies its value earlier, but not generate corresponding Diameter AVP; And if checking is unsuccessful, then abandons this RADIUS message;
RADIUS sender of the message's transport layer address must and message body in the network access system NAS sign that comprises be consistent, described NAS sign comprises two attribute field: NAS sign NAS-Identifier and NAS IP address NAS-IP-Address;
To safeguard the command sequence number field that comprises in the RADIUS message header, the source address of Agent Status attribute key-value pair Proxy-State Attribute, radius protocol UDP bag and the information of source port number in the conversion, and these information are kept in the local message conversion table;
If the RADIUS request message comprises a status attribute State Attribute, and this property value is with " Diameter/ " beginning, and then data comprise " source host/source territory/session id " information Origin-Host/Origin-Realm/Session-Id of Diameter thereafter; If this attribute does not exist, then produce a new Diameter session identification ID, and this session identification ID is put into session id attribute key-value pair Session-Id AVP after the conversion;
Source host Origin-Host in the Diameter message and two attribute key-value pairs of territory, source Origin-Realm must be generated by the domain name full name information of NAS-IP-Address and NAS-Identifier attribute correspondence, and in the Diameter message after the adding conversion;
Generate aiming field attribute key-value pair Destination-Realm AVP by the information among the radius username attribute User-Name Attribute.
6, two kinds of methods that the protocol data bag is changed mutually according to claim 4, it is characterized in that: in the described step (12), when the AAA application service is extensible authentication protocol EAP, carry out RADIUS-EAP when the message body of Diameter-EAP is changed, further comprising following conversion operations step:
The attribute key-value pair EAP-Message Attribute that RADIUS-EAP message is comprised is converted to Diameter EAP load attribute key-value pair EAP-Payload AVP, if there are a plurality of RADIUSEAP-Message attribute key-value pairs, then a Diameter EAP-PayloadAVP is put in value merging wherein;
Length is the RADIUS EAP-Message Attribute of 2 bytes, and promptly the value of EAP-Message is empty, represents EAP-Start, is converted to empty EAP-Payload AVP.
7, two kinds of methods that the protocol data bag is changed mutually according to claim 3, it is characterized in that: described step (2) further comprises following content of operation:
(21) carry out the message body conversion: the attribute key-value pair Attribute that one by one the attribute key-value pair AVP in the Diameter response message is converted to earlier the RADIUS response message;
(22) carry out the message header conversion: after generating RADIUS message body,, generate the RADIUS message header again according to the relevant information in the Diameter message.
8, two kinds of methods that the protocol data bag is changed mutually according to claim 7 is characterized in that: when described step (21) is carried out the message body conversion, carry out following special processing operation:
The RADIUS request message of replying if be triggered carries Agent Status attribute key-value pair Proxy-StateAttribute, and the Agent Status attribute key-value pair Proxy-State that then request of local cache disappeared adds in this response message;
If contain session timeout attribute key-value pair Session-Timeout AVP in the Diameter message, but do not authorize lifetime attribute key-value pair Authorization-Lifetime AVP, then be converted into RADIUS session timeout attribute key-value pair Session-Timeout Attribute, but do not generate terminating operation attribute key-value pair Termination-Action Attribute;
If containing, Diameter message authorizes lifetime attribute key-value pair Authorization-Lifetime AVP, but there is not session timeout attribute key-value pair Session-Timeout AVP, then be converted into RADIUS session timeout attribute key-value pair Session-Timeout Attribute, and the terminating operation attribute key-value pair Termination-Action Attribute that to insert a value be AA-REQEST; And after conversion, abandon and authorize lifetime attribute key-value pair Authorization-Lifetime AVP and re-examination card request type attribute key-value pair Re-Auth-Request-Type AVP;
If Diameter message contains session timeout attribute key-value pair Session-Timeout AVP simultaneously and authorizes lifetime attribute key-value pair Authorization-Lifetime AVP, then the former Session-Timeout is inevitable more than or equal to latter Authorization-Lifetime; This moment, the value with Authorization-Lifetime AVP was converted to RADIUS session timeout attribute key-value pair Session-Timeout Attribute, and RADIUS terminating operation attribute key-value pair Termination-Action Attribute is made as AA-REQUEST, after conversion, abandon and authorize lifetime attribute key-value pair Authorization-Lifetime AVP and re-examination card request type attribute key-value pair Re-Auth-Request-Type AVP again;
RADIUS terminal UDP IP and port numbers according to buffer memory are beamed back the RADIUS response message.
9, two kinds of methods that the protocol data bag is changed mutually according to claim 7, it is characterized in that: in the described step (21), when the AAA application service is can expand authentication protocol EAP and when carrying out Diameter-EAP to the conversion of the message body of RADIUS-EAP, observe following principle and carry out the conversion operations step:
If Diameter message header command code is EAP-Answer, and the key assignments of operating result attribute key-value pair Result-Code AVP is DIAMETER_MULTI_ROUND_AUTH, then be RADIUS Access-Challenge message with this message conversion, simultaneously the key assignments content of Diameter source host, territory, source, three attribute key-value pairs of session id Origin-Host, Origin-Realm, Session-Id AVP is adopted "/" symbol segmentation, and add prefix " Diameter/ " and be encapsulated as a RADIUS status attribute key-value pair State Attribute; If there is the overtime attribute key-value pair of many bouts Multi-Round-Time-Out AVP, among the RADIUS session timeout attribute key-value pair Session-Timeout Attribute that then its value packed into;
When Diameter EAP-Payload AVP is converted to RADIUS EAP-Message attribute key-value pair, if the length of EAP-Payload AVP surpasses the maximum length that the radius attribute key-value pair is allowed, then it is divided into a plurality of EAP-Message attribute key-value pairs;
Diameter EAP has retransmitted load attribute key-value pair EAP-Reissued-Payload AVP should be converted into one or more RADIUS EAP-Message attribute key-value pairs, the value of RADIUS error reason attribute key-value pair Error-Cause Attribute is set to metric 202 simultaneously, be invalid EAP bag Invalid EAP Packet, Ignored;
Diameter EAP session major key attribute key-value pair EAP-Master-Session-Key AVP should be converted into proprietary RADIUS MS-MPPE-Recv-Key of producer and MS-MPPE-Send-Key attribute key-value pair; Preceding 32 bytes of EAP-Master-Session-Key are put into MS-MPPE-Recv-Key, and back 32 bytes are put into MS-MPPE-Send-Key;
If have Diameter eap authentication mode charging property key-value pair Accounting-EAP-Auth-Method AVP, then it abandoned.
10, two kinds of methods that the protocol data bag is changed mutually according to claim 7, it is characterized in that: described step (22) further comprises following content of operation:
(221) according to the value of the operating result Result-Code AVP in the Diameter message, generate the RADIUS command code, if Result-Code is many bouts validation-cross Diameter-Multi-Round-Auth:1001, then the RADIUS command code is Access-Challenge (11); If Result-Code AVP value is for being proved to be successful, promptly the span of Result-Code is (2000,3000), and then the RADIUS command code is Access-Accept (2); If Result-Code is an authentication failed, then the RADIUS command code is Access-Reject;
(222) the RADIUS request message command sequence number of preserving is inserted RADIUS response message command sequence number;
(223) calculate newly-generated RADIUS message-length, again this numerical value is inserted in the order length;
(224), generate the Message Authentication Code of response message according to the Message Authentication Code of the RADIUS request message of in modular converter, preserving and newly-generated RADIUS message.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2008101038903A CN101252788B (en) | 2008-04-11 | 2008-04-11 | Diameter-AAA server supporting RADIUS protocol and working method thereof |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2008101038903A CN101252788B (en) | 2008-04-11 | 2008-04-11 | Diameter-AAA server supporting RADIUS protocol and working method thereof |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN101252788A true CN101252788A (en) | 2008-08-27 |
| CN101252788B CN101252788B (en) | 2011-10-19 |
Family
ID=39955940
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2008101038903A Active CN101252788B (en) | 2008-04-11 | 2008-04-11 | Diameter-AAA server supporting RADIUS protocol and working method thereof |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101252788B (en) |
Cited By (20)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101873322A (en) * | 2010-06-17 | 2010-10-27 | 中兴通讯股份有限公司 | Diameter protocol interface system and realization method thereof |
| WO2010139220A1 (en) * | 2009-06-01 | 2010-12-09 | 中兴通讯股份有限公司 | Method and system for realizing cross-protocol failover |
| CN102025699A (en) * | 2009-09-22 | 2011-04-20 | 华为技术有限公司 | Methods and devices for capsulating and decapsulating Diameter message |
| CN102045177A (en) * | 2010-12-10 | 2011-05-04 | 中兴通讯股份有限公司 | Network element interworking method and AAA (authentication, authorization and accounting) server |
| CN102594821A (en) * | 2011-11-28 | 2012-07-18 | 中兴通讯股份有限公司 | Method and device for processing diameter protocol message |
| CN102611683A (en) * | 2011-12-14 | 2012-07-25 | 上海聚力传媒技术有限公司 | Method, device, equipment and system for executing third-party authentication |
| CN102754409A (en) * | 2010-02-12 | 2012-10-24 | 泰克莱克公司 | Methods, systems, and computer readable media for diameter protocol harmonization |
| CN102790959A (en) * | 2012-07-02 | 2012-11-21 | 大唐移动通信设备有限公司 | Method and device for sending Diameter messages |
| US8958306B2 (en) | 2009-10-16 | 2015-02-17 | Tekelec, Inc. | Methods, systems, and computer readable media for providing diameter signaling router with integrated monitoring functionality |
| CN105812337A (en) * | 2014-12-31 | 2016-07-27 | 中兴通讯股份有限公司 | Radius and Diameter combined authentication authorization method and method |
| CN106254434A (en) * | 2016-07-28 | 2016-12-21 | 武汉华星光电技术有限公司 | A kind of network attached storage apparatus and method for |
| CN103959715B (en) * | 2011-10-24 | 2017-03-29 | 泰科来股份有限公司 | For testing the mthods, systems and devices of DIAMETER routing nodes |
| US9888001B2 (en) | 2014-01-28 | 2018-02-06 | Oracle International Corporation | Methods, systems, and computer readable media for negotiating diameter capabilities |
| CN108696495A (en) * | 2017-03-30 | 2018-10-23 | 丛林网络公司 | Delta data is authorized via aaa protocol batch transmission |
| CN109714176A (en) * | 2019-03-13 | 2019-05-03 | 苏州科达科技股份有限公司 | Command identifying method, device and storage medium |
| CN109783013A (en) * | 2017-11-15 | 2019-05-21 | 三星电子株式会社 | Configure and access the method and system of expansible object storage |
| CN110321498A (en) * | 2018-03-30 | 2019-10-11 | 上海连尚网络科技有限公司 | A kind of two dimensional code generates and analyzing method and device |
| CN110442610A (en) * | 2019-08-05 | 2019-11-12 | 中国工商银行股份有限公司 | The method, apparatus of load balancing calculates equipment and medium |
| CN114760362A (en) * | 2022-06-13 | 2022-07-15 | 杭州马兰头医学科技有限公司 | Method, system, electronic device and storage medium for scheduling network access request |
| CN115150829A (en) * | 2022-09-02 | 2022-10-04 | 北京首信科技股份有限公司 | Network access authority management method and device |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US9537775B2 (en) | 2013-09-23 | 2017-01-03 | Oracle International Corporation | Methods, systems, and computer readable media for diameter load and overload information and virtualization |
Family Cites Families (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| EP1597892B1 (en) * | 2003-02-28 | 2006-07-12 | Siemens Aktiengesellschaft | Method for transmitting data in WLAN network |
| CN101008904A (en) * | 2006-01-26 | 2007-08-01 | 西门子通信技术(北京)有限公司 | Method for simulating multimedia subsystem based on IP |
-
2008
- 2008-04-11 CN CN2008101038903A patent/CN101252788B/en active Active
Cited By (34)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101594602B (en) * | 2009-06-01 | 2012-06-13 | 中兴通讯股份有限公司 | Method and system for realizing cross-protocol failover |
| WO2010139220A1 (en) * | 2009-06-01 | 2010-12-09 | 中兴通讯股份有限公司 | Method and system for realizing cross-protocol failover |
| CN102025699A (en) * | 2009-09-22 | 2011-04-20 | 华为技术有限公司 | Methods and devices for capsulating and decapsulating Diameter message |
| US8958306B2 (en) | 2009-10-16 | 2015-02-17 | Tekelec, Inc. | Methods, systems, and computer readable media for providing diameter signaling router with integrated monitoring functionality |
| CN102754409A (en) * | 2010-02-12 | 2012-10-24 | 泰克莱克公司 | Methods, systems, and computer readable media for diameter protocol harmonization |
| CN102754409B (en) * | 2010-02-12 | 2015-07-29 | 泰克莱克股份有限公司 | For the method for Diameter protocol harmonization, system and computer-readable medium |
| US9088478B2 (en) | 2010-02-12 | 2015-07-21 | Tekelec, Inc. | Methods, systems, and computer readable media for inter-message processor status sharing |
| US8996636B2 (en) | 2010-02-12 | 2015-03-31 | Tekelec, Inc. | Methods, systems, and computer readable media for answer-based routing of diameter request messages |
| CN101873322A (en) * | 2010-06-17 | 2010-10-27 | 中兴通讯股份有限公司 | Diameter protocol interface system and realization method thereof |
| CN102045177A (en) * | 2010-12-10 | 2011-05-04 | 中兴通讯股份有限公司 | Network element interworking method and AAA (authentication, authorization and accounting) server |
| WO2012075854A1 (en) * | 2010-12-10 | 2012-06-14 | 中兴通讯股份有限公司 | Method and aaa server for network element intercommunication |
| CN103959715B (en) * | 2011-10-24 | 2017-03-29 | 泰科来股份有限公司 | For testing the mthods, systems and devices of DIAMETER routing nodes |
| CN102594821A (en) * | 2011-11-28 | 2012-07-18 | 中兴通讯股份有限公司 | Method and device for processing diameter protocol message |
| CN102611683A (en) * | 2011-12-14 | 2012-07-25 | 上海聚力传媒技术有限公司 | Method, device, equipment and system for executing third-party authentication |
| CN102611683B (en) * | 2011-12-14 | 2015-08-19 | 上海聚力传媒技术有限公司 | A kind of method, device, equipment and system for performing Third Party Authentication |
| CN102790959A (en) * | 2012-07-02 | 2012-11-21 | 大唐移动通信设备有限公司 | Method and device for sending Diameter messages |
| CN102790959B (en) * | 2012-07-02 | 2015-04-08 | 大唐移动通信设备有限公司 | Method and device for sending Diameter messages |
| US9888001B2 (en) | 2014-01-28 | 2018-02-06 | Oracle International Corporation | Methods, systems, and computer readable media for negotiating diameter capabilities |
| CN105812337A (en) * | 2014-12-31 | 2016-07-27 | 中兴通讯股份有限公司 | Radius and Diameter combined authentication authorization method and method |
| CN106254434A (en) * | 2016-07-28 | 2016-12-21 | 武汉华星光电技术有限公司 | A kind of network attached storage apparatus and method for |
| CN108696495B (en) * | 2017-03-30 | 2021-02-23 | 瞻博网络公司 | Method and server for providing AAA service for service provider network |
| CN108696495A (en) * | 2017-03-30 | 2018-10-23 | 丛林网络公司 | Delta data is authorized via aaa protocol batch transmission |
| US11558382B2 (en) | 2017-03-30 | 2023-01-17 | Juniper Networks, Inc. | Bulk delivery of change of authorization data via AAA protocols |
| US10999280B2 (en) | 2017-03-30 | 2021-05-04 | Juniper Networks, Inc. | Bulk delivery of change of authorization data via AAA protocols |
| CN109783013A (en) * | 2017-11-15 | 2019-05-21 | 三星电子株式会社 | Configure and access the method and system of expansible object storage |
| CN109783013B (en) * | 2017-11-15 | 2021-06-01 | 三星电子株式会社 | Method and system for configuring and accessing extensible object stores |
| US11269520B2 (en) | 2017-11-15 | 2022-03-08 | Samsung Electronics Co., Ltd. | Methods to configure and access scalable object stores using KV-SSDS and hybrid backend storage tiers of KV-SSDS, NVME-SSDS and other flash devices |
| CN110321498A (en) * | 2018-03-30 | 2019-10-11 | 上海连尚网络科技有限公司 | A kind of two dimensional code generates and analyzing method and device |
| CN109714176B (en) * | 2019-03-13 | 2021-11-30 | 苏州科达科技股份有限公司 | Password authentication method, device and storage medium |
| CN109714176A (en) * | 2019-03-13 | 2019-05-03 | 苏州科达科技股份有限公司 | Command identifying method, device and storage medium |
| CN110442610A (en) * | 2019-08-05 | 2019-11-12 | 中国工商银行股份有限公司 | The method, apparatus of load balancing calculates equipment and medium |
| CN114760362A (en) * | 2022-06-13 | 2022-07-15 | 杭州马兰头医学科技有限公司 | Method, system, electronic device and storage medium for scheduling network access request |
| CN115150829A (en) * | 2022-09-02 | 2022-10-04 | 北京首信科技股份有限公司 | Network access authority management method and device |
| CN115150829B (en) * | 2022-09-02 | 2022-11-08 | 北京首信科技股份有限公司 | Network access authority management method and device |
Also Published As
| Publication number | Publication date |
|---|---|
| CN101252788B (en) | 2011-10-19 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101252788B (en) | Diameter-AAA server supporting RADIUS protocol and working method thereof | |
| CA2573171C (en) | Host credentials authorization protocol | |
| RU2372734C2 (en) | Method and device for reauthentication in cellular communication system | |
| CN1534921B (en) | Method of public authentication and authorization between independent networks | |
| US7292538B1 (en) | System and method for distributing information in a network environment | |
| CN109644186A (en) | Method for carrying out UDP communication via multipath between two terminals | |
| CN101867476B (en) | 3G virtual private dialing network user safety authentication method and device thereof | |
| CN100464550C (en) | Network architecture of backward compatible authentication, authorization and accounting system and implementation method | |
| CN101110847B (en) | Method, device and system for obtaining medium access control address | |
| JP3966711B2 (en) | Proxy response method | |
| JP2005339093A (en) | Authentication method, authentication system, authentication proxy server, network access authenticating server, program, and storage medium | |
| Aboba et al. | Criteria for evaluating AAA protocols for network access | |
| CN1197297C (en) | A platform information switch | |
| KR20040040709A (en) | A Method for Batch Processing of Accounting in AAA System | |
| US20040010713A1 (en) | EAP telecommunication protocol extension | |
| CN1647451B (en) | Apparatus, method and system for monitoring of information in a network environment | |
| EP1495586B1 (en) | Method, system and device for service selection via a wireless local area network | |
| US7694015B2 (en) | Connection control system, connection control equipment and connection management equipment | |
| US20190158453A1 (en) | Registration of Data Packet Traffic for a Wireless Device | |
| CA2565536C (en) | Supporting a network behind a wireless station | |
| CN102136977B (en) | Dialing equipment and method for realizing virtual dialing according to user needs | |
| Tschofenig et al. | Diameter: New Generation AAA Protocol-Design, Practice, and Applications | |
| WO2015184840A1 (en) | Method, apparatus and system for acquiring response message, and method, apparatus and system for routing response message | |
| CN101447976A (en) | Method for accessing dynamic IP session, system and device thereof | |
| CN101197838B (en) | Authentication and authorization accounting system and method |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant |