CN100579011C - Method for restricting user within a given area to access Internet - Google Patents
Method for restricting user within a given area to access Internet Download PDFInfo
- Publication number
- CN100579011C CN100579011C CN200410070042A CN200410070042A CN100579011C CN 100579011 C CN100579011 C CN 100579011C CN 200410070042 A CN200410070042 A CN 200410070042A CN 200410070042 A CN200410070042 A CN 200410070042A CN 100579011 C CN100579011 C CN 100579011C
- Authority
- CN
- China
- Prior art keywords
- user
- account number
- access
- aaa server
- execution
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Landscapes
- Telephonic Communication Services (AREA)
Abstract
The invention discloses a method for limiting the net domain that user can access, setting up a relationship between a user account and several switch-in number, comprising: Authentication, Authorization and Auditing (AAA) severs judge if the current account and switched-in number meet the set relationship, if they do, AAA sever will return the authentication pass information to the switched-in equipment and end the flow, if they don't, AAA sever will return the authentication fail information.
Description
Technical field
The present invention relates to login technique, particularly relate to the method in a kind of limited subscriber online zone.
Background technology
In recent years, along with developing rapidly of internet (Internet), the commerce on Internet is used and multimedia service also is able to rapid popularization.Enjoy the various services on the Internet, the user is access network in some way.At present, the network access of people's use comprises broadband access network mode and arrowband network access.The arrowband network access just is meant that people are connected to landline telephone a kind of network access that dials up on the telephone by the modulator-demodulator in the computer equipment (Modem) on the computer equipment.The broadband access network mode just is meant a kind of network access that computer equipment that people link to each other by the access interface with broadband access equipment (BAS) is surfed the Net.
In order to promote the fast development of broadband services and narrow band service, operator need provide different services according to the user in the zones of different.Such as, in some remote districts, the user is less, and for broadband services and the narrow band service that promotes that these are from far-off regions, operator can increase its customers by reducing this method such as expenses of surfing Internet from far-off regions.For another example, in school, because student's One's name is legion, for the group and professional that extends one's service, operator can send out the online promotional card a collection of to the student, when the student uses the online of online promotional card, only needs the less expense of payment, go online thereby can impel the student to spend more time, satisfy the demand of fast-developing broadband services of operator and narrow band service.
In order to provide different services at the user in the zones of different, the zone of the necessary limited subscriber online of operator.Only wish lower expenses standard is carried out in broadband of carrying out in the remote districts and narrow band service such as, operator, the zone that operator just must the limited subscriber online is from far-off regions so.If operator carries out lower expenses standard, and the zone of limited subscriber online not, then can not wish the results such as business income reduction that take place for operator brings it.
In the prior art, the access interface that operator surfs the Net employed landline telephone and limits broadband user's online by the restriction narrow-band user reaches the purposes that different services are provided at different users.
Fig. 1 is the flow chart of the existing techniques in realizing restriction narrow-band user online landline telephone that uses.Referring to Fig. 1, in the prior art, operator opens an account for narrow-band user in advance, and it is set to the phone limited subscriber in this user's data bank, realizes that the detailed process of the restriction narrow-band user online landline telephone that uses may further comprise the steps:
Step 101: during the narrow-band user online, public switched telephone network (PSTN) receives and obtains the number information of the landline telephone of the user account number of this narrow-band user input and password and use thereof, and the number information with the user account number, password and the landline telephone that obtain is sent to narrow band access equipment (NAS) then.
Step 102: this narrow band access equipment is placed on the account of the number information of the landline telephone that obtains and the input of this narrow-band user and password and reports to authentication, mandate and audit server (aaa server, Authority Authentication and Accounting Server) in the authentication request.
Step 103:AAA server obtains the account number and the password of this narrow-band user from authentication request, and judges according to the account number and the password that obtain whether this narrow-band user is validated user, if then execution in step 104, otherwise, execution in step 109.
Step 104:AAA server judges whether this narrow-band user is the phone limited subscriber, if then execution in step 105, otherwise, execution in step 108.
Whether step 105:AAA server judges this narrow-band user for surfing the Net first, if then execution in step 106, otherwise, execution in step 107.
Step 106:AAA server obtains the number information of the employed landline telephone of the current online of this narrow-band user from authentication request, and the number information of the landline telephone that obtains is kept in this user's the data bank, then, and execution in step 108.
Step 107:AAA server obtains the number information of the employed landline telephone of the current online of this narrow-band user from authentication request, and whether the number information of the landline telephone of preserving in the number information of judging the landline telephone obtained and this subscriber data storehouse is identical, if it is identical, then execution in step 108, otherwise, execution in step 109.
Step 108:AAA server by message, allows this narrow-band user online, process ends to described narrow band access equipment return authentication.
Step 109:AAA server is refused this narrow-band user online to described narrow band access equipment return authentication refuse information.
Fig. 2 is the flow chart of existing techniques in realizing restriction broadband user network connection port.Referring to Fig. 2, in the prior art, operator opens an account for the broadband user in advance, and it is set to the port limit user in this user's data bank, realizes that the detailed process of restriction broadband user network connection port may further comprise the steps:
Step 201: when the broadband user surfed the Net, BAS was placed on this broadband user's account and password and current access interface number and reports aaa server in the authentication request.
Step 202:AAA server judges according to the account number and the password that obtain whether this broadband user is validated user from authentication request, if then execution in step 203, otherwise, execution in step 208.
Step 203:AAA server judges whether this broadband user is the port limit user, if then execution in step 204, otherwise, execution in step 207.
Whether step 204:AAA server judges this broadband user for surfing the Net first, if then execution in step 205, otherwise, execution in step 206.
Step 205:AAA server obtains this broadband user employed current access interface number of surfing the Net from authentication request, and the current access interface number that will obtain is kept in this user's the data bank, then, and execution in step 207.
Step 206:AAA server obtains this broadband user employed current access interface number of surfing the Net from authentication request, and whether the access interface number of preserving in the current access interface number that judge to obtain and this subscriber data storehouse is identical, if, then execution in step 207, otherwise, execution in step 208.
Step 207:AAA server by message, allows this broadband user's online to described BAS return authentication, then, and process ends.
Step 208:AAA server is refused this broadband user's online to described BAS return authentication refuse information.
Therefore there is following shortcoming in prior art:
1, for narrow band service, prior art restriction be the narrow-band user employed landline telephone of surfing the Net, operator can only provide specific service to certain narrow-band user by the landline telephone of an appointment, and can't extend its specific service to this narrow-band user by the circuit of other landline telephone; For broadband services, what prior art limited is the access interface that the broadband user surfs the Net, and operator can only provide specific service to certain broadband user by a fixing access interface, and can't extend its service to this broadband user by other access interface.Therefore, in the prior art, the range of application of the special services that operator provided is less, has greatly limited the demand of operator expansion broadband and narrow band service.
2, in order to enjoy the special services that operator provides, the user can only be by the landline telephone or the access interface online of an appointment, and can not surf the Net by other landline telephone or access interface, thereby the place of having limited user's online, for the user brings great inconvenience.
3, user for phone restriction or port limit, when its request online, system must judge that all whether this user is for surfing the Net first, if online first, then system need preserve the number of its surf the Net first employed landline telephone or access interface, if not online first, then whether the number of landline telephone of preserving in the system's number that need judge the landline telephone of its current online or access interface and this subscriber data storehouse or access interface is identical, thereby increased the workload of system, increase the time of phone restriction or port limit user access network, reduced the performance of system.
Summary of the invention
In view of this, main purpose of the present invention is to provide the method in a kind of limited subscriber online zone, the user is limited in one has defined and fixedly surf the Net in the setting regions of geographic range.
In order to achieve the above object, technical scheme of the present invention is achieved in that
The method in a kind of limited subscriber online zone, a fixing geographic range is defined as a setting regions, all access codes in this setting regions are arranged in the number group, the user account number more than one that will use in described setting regions is arranged in the account number group, sets up described number group and described account number group's corresponding relation; This method is further comprising the steps of:
A, authentication, mandate and audit aaa server are according to the active user's account number and the current access code that obtain from access device, whether judgement has the access code identical with current access code in the number group of account number group's correspondence at active user's account number place, if, execution in step B then, otherwise, execution in step C;
B, aaa server pass through message to described access device return authentication, and process ends;
C, aaa server are to described access device return authentication refuse information.
Described active user's account number and current access code are that aaa server obtains from the authentication request that access device is sent.
Further comprised before described steps A: aaa server judges according to the active user's account number and the active user's password that obtain whether the active user is validated user from the authentication request that access device is sent, if, execution in step A then, otherwise, direct execution in step C.
Described access code is a fixed telephone number; Described access device is a narrow band access equipment.
Described access code is the number of access interface; Described access device is a broadband access equipment.
This shows that the method that the present invention proposes has the following advantages:
1, the method that proposes of the present invention can be limited in arrowband or broadband user online in the zone of a setting, rather than only limit narrow-band user by an appointment the landline telephone online or only limit the broadband user by a fixing access interface online, therefore, operator can provide specific service at broadband in this setting regions and narrow-band user, thereby make that the range of application of the special services that operator provides is wider, satisfied the demand that operator branches out.
2, according to the proposed method, when the user surfs the Net by any landline telephone in the setting regions or access interface, all can enjoy the special services that operator provides, and needn't be subjected in this zone the restriction in online place, thereby bring great convenience for the user.
3, according to the proposed method, system need not to judge that whether the region limits user is for surfing the Net first, and need not to carry out first and the non-different operating process of online first, thereby reduced the workload of system, reduce the time of region limits user access network, improved the performance of system.
4, according to the proposed method, operator only provides special services to the user in the setting regions, then can't enjoy its special services for the user in the non-setting regions, therefore, has improved the service security of operator.
Description of drawings
Fig. 1 is the flow chart of the existing techniques in realizing restriction narrow-band user online landline telephone that uses.
Fig. 2 is the flow chart of existing techniques in realizing restriction broadband user network connection port.
Fig. 3 is the schematic diagram that setting regions, account number group and phone number code group are set at narrow band service in realizing embodiments of the invention.
Fig. 4 is the schematic diagram that setting regions, account number group and port numbers code group are set at broadband services in realizing embodiments of the invention.
Fig. 5 is the flow chart in restriction narrow-band user online zone in realizing embodiments of the invention.
Fig. 6 is the surf the Net flow chart in zone of restriction broadband user in realizing embodiments of the invention.
Embodiment
For making the purpose, technical solutions and advantages of the present invention clearer, the present invention is described in further detail below in conjunction with drawings and the specific embodiments.
In the present invention, be a setting regions with a specific geographical scope definition, such as school or mountain village are defined as a setting regions.The landline telephone that the landline telephone that comprises in setting regions is connected for all fixed telephone lines in this setting regions.The access interface that comprises in setting regions is all access interface that are positioned at this setting regions of BAS in this setting regions.
In the present invention, all user account numbers that will use in a setting regions are arranged in the account number group, the telephone number of all landline telephones of comprising in this setting regions is arranged in the phone number code group, the number of all access interface of comprising in this setting regions is arranged in the port numbers code group, sets up the corresponding relation of set account number group and phone number code group and account group and port numbers code group then.
Fig. 3 is the schematic diagram that setting regions, account number group and phone number code group are set at narrow band service in realizing embodiments of the invention, and Fig. 4 is the schematic diagram that setting regions, account number group and port numbers code group are set at broadband services in realizing embodiments of the invention.Referring to Fig. 3 and Fig. 4, for school and these two specific geographic ranges of mountain village, school is defined as setting regions 1, the mountain village is defined as setting regions 2.All user account numbers that use in school are arranged in the account number group, are labeled as account number group 1, all user account numbers that will use in the mountain village are arranged in the account number group, are labeled as account number group 2.
Referring to Fig. 3, in order to limit narrow-band user online zone, the present invention is arranged on the telephone number of all landline telephones in the school in the phone number code group, is labeled as phone number code group 1, then, sets up the corresponding relation of account number group 1 and phone number code group 1.The telephone number of all landline telephones in the mountain village is arranged in the phone number code group, is labeled as phone number code group 2, then, set up the corresponding relation of account number group 2 and phone number code group 2.
Referring to Fig. 4, in order to limit broadband user's online zone, the present invention is that the number of all access interface of BAS 201 is arranged in the port numbers code group with broadband access equipment all access interface in school, be labeled as port numbers code group 1, then, set up the corresponding relation of account number group 1 and port numbers code group 1.With broadband access equipment all access interface in the mountain village is that the number of BAS 202 and all access interface of BAS 203 in the mountain village is arranged in the port numbers code group, be labeled as port numbers code group 2, then, set up the corresponding relation of account number group 2 and port numbers code group 2.
The specific implementation process of student's restriction being surfed the Net in school with operator is the method in example explanation limited subscriber online of the present invention zone below.
Because refectory student's One's name is legion, time of being used to surf the Net are more, online place basic fixed in school and the student new things are accepted very fast, therefore, for operator, the student is its customer group should striving for energetically.But there is the difficulty of economic aspect in the student, is reluctant to cost a lot of money aspect online.In order to solve this contradiction, operator need provide the expenses standard lower than domestic consumer to the student.And for other user outside the school, operator does not then wish to reduce its expenses standard.Therefore, operator can make the very low card of surfing Internet of a collection of online rate, and this card of surfing Internet is distributed to the student.Operator uses this user who pulls on network interface card to be set to the region limits user.Owing to include user's account number and encrypted message in the card of surfing Internet, so can pulling on this all user account numbers that comprise in network interface card, operator is arranged in the account number group, be labeled as account number group 1.And, operator is arranged on the telephone number of all landline telephones of using in the school in the phone number code group, be labeled as phone number code group 1, and the number of all access interface of comprising in the school is arranged in the port numbers code group, be labeled as port numbers code group 1, set up the corresponding relation of account number group 1 and phone number code group 1 and account number group 1 and port numbers code group 1 then.
Preferably, operator can make the quantity of card of surfing Internet according to the actual quantity decision of student in the school, just determines the quantity of regional limited subscriber.Therefore, when the student in the school increased, operator can make more card of surfing Internet, and the account number that comprises in the card of surfing Internet that increases also is arranged in the account number group 1, made the more student service that can enjoy privileges.
Fig. 5 is the flow chart in restriction narrow-band user online zone in realizing embodiments of the invention.Referring to Fig. 3 and Fig. 5, when the student adopted the arrowband network access promptly to surf the Net by landline telephone, the present invention realized that the detailed process that limits the network playing by students zone may further comprise the steps:
Step 501: the card of surfing Internet that the student uses operator to provide is also surfed the Net by some landline telephones.
Step 502:PSTN net receives and obtains the number information of the landline telephone of the user account number of this student's input and password and use thereof, and the number information with the user account number, password and the landline telephone that obtain is sent to narrow band access equipment (NAS) then.
Step 503: this narrow band access equipment is placed on the number information of the user account number, password and the landline telephone that receive and is sent to aaa server in the authentication request.
Step 504:AAA server obtains the number information of user account number, password and landline telephone from the authentication request that receives, then, aaa server judges whether this student is validated user, if then execution in step 505, otherwise, execution in step 509.
Here, aaa server judges that whether this student is that validated user is to finish by inquiring about the user account number that whether acquisition is arranged in its subscriber data storehouse and the keeping records of password, if aaa server inquires the keeping records of the user account number and the password of acquisition in its subscriber data storehouse, judge that then this student is validated user, otherwise, judge that this student is the disabled user.
Step 505:AAA server obtains this student's the subscriber data that comprises user account number and password from the subscriber data storehouse, and judge according to the subscriber data that obtains whether this student is the region limits user, if then execution in step 506, otherwise, execution in step 508.
Here, operator can be provided with a sign for the region limits user in advance, obtain this student's subscriber data when aaa server after, whether judgement has set sign in this student's subscriber data, if have, think that then this student is the region limits user,, think that then this student is not the region limits user if do not have.
The user account number that step 506:AAA server obtains this student according to this student's subscriber data and obtains the information of the phone number code group 1 corresponding with account number group 1 in account number group 1.
Whether step 507:AAA server judges in the phone number code group 1 in steps the number of the landline telephone that obtains in 504, if having, thinks that then this student surfs the Net in this school, execution in step 508, otherwise, think that this student does not surf the Net execution in step 509 in school.
Step 508:AAA server by message, allows this network playing by students to described NAS return authentication, and process ends.
Step 509:AAA server is refused this network playing by students to described NAS return authentication refuse information.
Fig. 6 is the surf the Net flow chart in zone of restriction broadband user in realizing embodiments of the invention.Referring to Fig. 4 and Fig. 6, when the student adopted the broadband access network mode promptly to surf the Net by some access interface, the present invention realized that the detailed process that limits the network playing by students zone may further comprise the steps:
Step 601: the student uses card of surfing Internet and surfs the Net by some access interface.
Step 602: user account number, password and current access interface number that the BAS that is connected with the access interface described in the step 601 uses the student are placed on and are sent to aaa server in the authentication request.
Step 603:AAA server obtains user account number, password and current access interface number from the authentication request that receives, then, aaa server judges whether the student is validated user, if then execution in step 604, otherwise, execution in step 608.
Here, aaa server judges that whether the student is that validated user is to finish by inquiring about the user account number that whether acquisition is arranged in its subscriber data storehouse and the keeping records of password, if aaa server inquires the keeping records of the user account number and the password of acquisition in its subscriber data storehouse, the student who then judges current online is validated user, otherwise the student who judges current online is the disabled user.
Step 604:AAA server obtains the subscriber data that comprises this user account number and password, and judges according to the subscriber data that obtains whether the student of current online is the region limits user, if then execution in step 605, otherwise, execution in step 607.
Here, operator can be provided with a sign for the region limits user in advance, obtain current online student's subscriber data when aaa server after, whether judgement has set sign in this subscriber data, if have, think that then the student of current online is the region limits user,, think that then the student of current online is not the region limits user if do not have.
Step 605:AAA server obtains the account number group's 1 at this user account number place information, and obtains the information with account number group 1 corresponding port number group 1.
Step 606:AAA server judge whether have in the port numbers code group 1 with step 603 in the identical access interface number of current access interface number that obtains, if have, think that then this student surfs the Net in this school, execution in step 607, otherwise, think that this student does not surf the Net in this school, execution in step 608.
Step 607:AAA server by message, allows this network playing by students to described BAS return authentication, and process ends.
Step 608:AAA server is refused this network playing by students to described BAS return authentication refuse information.
In a word, the above is preferred embodiment of the present invention only, is not to be used to limit protection scope of the present invention.Within the spirit and principles in the present invention all, any modification of being done, be equal to replacement, improvement etc., all should be included within protection scope of the present invention.
Claims (5)
1, the regional method of a kind of limited subscriber online, it is characterized in that, a fixing geographic range is defined as a setting regions, all access codes in this setting regions are arranged in the number group, the user account number more than one that will use in described setting regions is arranged in the account number group, sets up described number group and described account number group's corresponding relation; This method is further comprising the steps of:
A, authentication, mandate and audit aaa server are according to the active user's account number and the current access code that obtain from access device, whether judgement has the access code identical with current access code in the number group of account number group's correspondence at active user's account number place, if, execution in step B then, otherwise, execution in step C;
B, aaa server pass through message to described access device return authentication, and process ends;
C, aaa server are to described access device return authentication refuse information.
2, method according to claim 1 is characterized in that, described active user's account number and current access code are that aaa server obtains from the authentication request that access device is sent.
3, method according to claim 1, it is characterized in that, further comprised before described steps A: aaa server judges according to the active user's account number and the active user's password that obtain whether the active user is validated user from the authentication request that access device is sent, if, execution in step A then, otherwise, direct execution in step C.
4, method according to claim 1 is characterized in that, described access code is a fixed telephone number; Described access device is a narrow band access equipment.
5, method according to claim 1 is characterized in that, described access code is the number of access interface; Described access device is a broadband access equipment.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN200410070042A CN100579011C (en) | 2004-04-22 | 2004-08-05 | Method for restricting user within a given area to access Internet |
Applications Claiming Priority (3)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN200410037206.8 | 2004-04-22 | ||
| CN200410037206 | 2004-04-22 | ||
| CN200410070042A CN100579011C (en) | 2004-04-22 | 2004-08-05 | Method for restricting user within a given area to access Internet |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN1691586A CN1691586A (en) | 2005-11-02 |
| CN100579011C true CN100579011C (en) | 2010-01-06 |
Family
ID=35346746
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN200410070042A Active CN100579011C (en) | 2004-04-22 | 2004-08-05 | Method for restricting user within a given area to access Internet |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN100579011C (en) |
Families Citing this family (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1929482B (en) * | 2006-09-20 | 2010-08-04 | 华为技术有限公司 | Network business identification method and device |
| CN101111075B (en) * | 2007-04-16 | 2010-12-15 | 华为技术有限公司 | Method, system and device for admittance judgment and paging user in mobile communication system |
| CN101651544B (en) * | 2009-09-16 | 2011-11-30 | 中兴通讯股份有限公司 | Detecting method and managing system of access code of service supplier |
-
2004
- 2004-08-05 CN CN200410070042A patent/CN100579011C/en active Active
Also Published As
| Publication number | Publication date |
|---|---|
| CN1691586A (en) | 2005-11-02 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US7428413B2 (en) | Method and system for providing network access and services using access codes | |
| US6564047B1 (en) | Advanced air time management | |
| US7440749B2 (en) | Displaying advertisement on rear display and calculating communication costs to bill users and advertisers | |
| US10147119B2 (en) | Theme based advertising | |
| US20010013020A1 (en) | Service providing system and method used therefor | |
| Milne | Stages of universal service policy | |
| US7554987B2 (en) | Quality of service modification using a token in a communication network | |
| CN103052046A (en) | Method and system for leasing and sharing wireless broadband network | |
| CN102098345A (en) | Resource sharing method and service providing system | |
| US20090190730A1 (en) | Method and System for Using Advertisement to Sponsor International Mobile Phone Calls for Cellular Telephone Networks | |
| US20080125147A1 (en) | Text message broadcasting | |
| US20070206526A1 (en) | Internet accessing method from a mobile station using a wireless network | |
| CN101600191A (en) | roaming service processing method and system | |
| CN100579011C (en) | Method for restricting user within a given area to access Internet | |
| CN102244864A (en) | Mobile network-oriented integrated service management platform | |
| CN101330635A (en) | System for self-help selling mobile communication terminal advertisement | |
| GB2373885A (en) | A data processing system enabling users to access services without need of specifying payment means direct to each service provider | |
| WO2006107131A1 (en) | Method for the provision of charged contents of digital multimedia broadcasting | |
| Du | Internet diffusion and usage in China | |
| CN101605303A (en) | Reminding rates method and apparatus in a kind of value-added telecom services | |
| CN101800964A (en) | Charging method, device and system as well as content/service server | |
| JP2003534600A (en) | Addressing remote data objects via a computer | |
| Parsheera | Understanding state-level variations in India's digital transformation | |
| CN101867903A (en) | User authentication method and system | |
| GB2428855A (en) | Payment system for internet services using a telephone account |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant |