+

WO2013178138A1 - Procédé et serveur d'informations d'identification pour obtenir un identifiant d'accès d'un terminal - Google Patents

Procédé et serveur d'informations d'identification pour obtenir un identifiant d'accès d'un terminal Download PDF

Info

Publication number
WO2013178138A1
WO2013178138A1 PCT/CN2013/079257 CN2013079257W WO2013178138A1 WO 2013178138 A1 WO2013178138 A1 WO 2013178138A1 CN 2013079257 W CN2013079257 W CN 2013079257W WO 2013178138 A1 WO2013178138 A1 WO 2013178138A1
Authority
WO
WIPO (PCT)
Prior art keywords
terminal
aid
iis
home
network
Prior art date
Application number
PCT/CN2013/079257
Other languages
English (en)
Chinese (zh)
Inventor
骆文
孙默
Original Assignee
中兴通讯股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 中兴通讯股份有限公司 filed Critical 中兴通讯股份有限公司
Publication of WO2013178138A1 publication Critical patent/WO2013178138A1/fr

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W8/00Network data management
    • H04W8/02Processing of mobility data, e.g. registration information at HLR [Home Location Register] or VLR [Visitor Location Register]; Transfer of mobility data, e.g. between HLR, VLR or external networks
    • H04W8/08Mobility data transfer
    • H04W8/12Mobility data transfer between location registers or mobility servers

Definitions

  • the present invention relates to the field of mobile communications, and in particular, to a method for acquiring an access identifier of a terminal and an identity information server. Background technique
  • IP Internet if a terminal wants to access the IP Internet, it must apply for a valid IP address from the network.
  • the IP address has a dual attribute that represents both the identity of the user and the location of the network topology in which the user is located.
  • the IP address can only be used in the topology (for example, it can only be used within the scope of one access gateway) .
  • This is certainly not a problem for fixed terminals, but for mobile terminals, the above IP address becomes an invalid address after the terminal moves from the scope of one access gateway to another.
  • the terminal must re-acquire a new IP address from the new topology. In this way, the continuity of the IP-based upper layer service cannot be guaranteed. For example, if the end user is making an IP call, the call will be broken.
  • the service experience increases the possibility that the terminal's IP packet encounters network congestion when it is transmitted on the network, causing the terminal service to be blocked or even impossible to implement (for example, real-time services such as voice, video, online games, etc.).
  • the network logical structure of the method mainly includes an Access Service Router (ASR) and an Identity Location Register (ILR).
  • ASR Access Service Router
  • ILR Identity Location Register
  • the ASR is connected to the access network under it, and is mainly responsible for accessing the user terminal; the ILR mainly stores the "identity-location" correspondence of the terminal.
  • a fixed access identifier needs to be configured for the end user. (Access Identity, AID for short), used to identify the identity of the user.
  • the AID is stored in the ILR.
  • Carrier B allows the terminals of Carrier A to access through their own networks and provide corresponding networks to the terminals. service.
  • the AID of the end user is stored in the ILR of the home operator of the user.
  • the user terminal A is the subscriber of the operator A (ie, the operator A is the home operator of the terminal A), and at this time, the user's AID is stored in the identity location register A (IRR-A). ).
  • the ASR-B cannot obtain the AID of the terminal. Because there is no record of the user in the ILR-B of the operator B, there is no AID information of the user. Therefore, in the foregoing method based on identity location separation, when a terminal roams, even if there is a roaming agreement between the home operator and the current visited operator, the terminal cannot obtain the AID of the terminal user. Network access.
  • the invention provides a method for acquiring an access identifier of a terminal and an identity information server, which can obtain an access identifier of the terminal in the case that the terminal roams.
  • an embodiment of the present invention provides a method for acquiring an access identifier of a terminal, including:
  • IIS identity information server
  • AID access identifier
  • the visited IIS queries the terminal's home IIS for the terminal's AID when the terminal's visited service access service router (ASR) queries the terminal's AID; and
  • ASR visited service access service router
  • the visited IIS receives the AID of the terminal returned by the home IIS of the terminal.
  • the method also includes:
  • the step of the visited IIS querying the AID of the terminal to the home IIS of the terminal includes: the visited IIS is informed of the visited service ASR when receiving the identifier used by the terminal sent by the visited service ASR to access the authentication Querying the AID of the terminal;
  • the visited IIS sends the received identifier of the terminal for access authentication to the home IIS of the terminal, and queries the AID of the terminal;
  • the step of the visited IIS receiving the AID of the terminal returned by the home IIS of the terminal includes: the visited IIS receiving the identifier returned by the home IIS of the terminal according to the identifier used by the terminal for access authentication AID.
  • the method further includes: the visited IIS querying the terminal IIS to the terminal
  • the AID Before the AID, determining, according to the identifier used by the terminal for access authentication, whether the terminal belongs to the local network, and determining, when the terminal does not belong to the local network, determining the home IIS of the terminal, to query the home ns The AID of the terminal.
  • Each IIS is directly connected to each other or connected through one or more border gateways;
  • the border gateway between the IISs completes the interaction between the IISs according to the identifier used by the terminal for access authentication.
  • Each IIS interacts based on a Remote Authentication Dial-In User Service (RADIUS) message or a Diameter message.
  • RADIUS Remote Authentication Dial-In User Service
  • a Packet Data Network Gateway (P-GW) is used as an ASR; IIS is deployed on an Authentication, Authorization, and Accounting (AAA) server connected to the P-GW, and AAA in the network
  • AAA Authentication, Authorization, and Accounting
  • the servers are connected to each other; or IIS is deployed on a mobility management entity (MME) connected to the P-GW, and the MMEs in the network are connected to each other; or
  • the gateway general packet radio service support node (GGSN) is used as the ASR; the IIS is deployed on the AAA server connected to the GGSN, and the AAA servers in the network are connected to each other; or Deploy IIS on the home location register (HLR) connected to the GGSN, and connect the HLRs in the network to each other; or deploy IIS on the home subscription server (HSS) connected to the GGSN, and connect the HSSs in the network to each other. Connect; or,
  • the Broadband Remote Access Server (BRAS) is used as the ASR, and IIS is deployed in Connect to the BRAS on the AAA server and connect the AAA servers in the network to each other.
  • An embodiment of the present invention further provides a method for saving an access identifier of a terminal, including: establishing an interconnection between each identity location register (ILR) in the network;
  • the visited ILR receives the access identifier (AID) and the route identifier (RID) of the terminal sent by the visited service access service router (ASR) of the terminal, where the AID Querying from the visited location information server (IIS) by the visited service ASR; the RID is allocated by the visited service ASR to the terminal after querying the AID;
  • AID access identifier
  • RID route identifier
  • the visited ILR sends the AID and the RID of the terminal to the home ILR of the terminal, so that the home ILR saves the correspondence between the AID and the RID of the terminal.
  • the method further includes: before the AID and the RID of the terminal are sent to the home ILR of the terminal, determining, according to the AID of the terminal and the pre-configured information, whether the terminal belongs to the local network, and if not, determining the location Determining whether the terminal belongs to the local network, if not, according to the identity of the terminal, or determining whether the terminal belongs to the local network according to the identifier of the terminal that is sent by the ASR and the RID.
  • the internet before the AID and the RID of the terminal are sent to the home ILR of the terminal, determining, according to the AID of the terminal and the pre-configured information, whether the terminal belongs to the local network, and if not, determining the location Determining whether the terminal belongs to the local network, if not, according to the identity of the
  • Each ILR is directly connected to each other or connected through one or more border gateways;
  • the border gateway between the ILRs completes the interaction between the ILRs according to the AID of the terminal or the identifier used by the terminal for access authentication.
  • the method also includes:
  • the visited ILR receives the RID reassigned by the target ASR to which the terminal is handed over;
  • the visited ILR updates the RID re-allocated by the target ASR to the terminal to the home ILR of the terminal.
  • the method also includes:
  • the ILR in the network where the CN is located is used to determine the location information of the terminal when the service ASR of the CN queries the location information of the terminal. If the AID-RID correspondence of the terminal is not saved, the AID of the terminal is sent to the home ILR of the terminal to query the RID of the terminal;
  • the ILR in the network where the CN is located receives the RID of the terminal that the home ILR of the terminal queries and returns locally according to the received AID.
  • the method further includes: when the terminal retires or releases the IP address, the visited ILR sends the AID of the terminal to the home ILR of the terminal, and notifies the home ILR to delete the RID of the terminal.
  • Each ILR interacts based on a Remote Authentication Dial-In User Service (RADIUS) message or a Diameter message.
  • RADIUS Remote Authentication Dial-In User Service
  • a Packet Data Network Gateway (P-GW) is used as an ASR, and an ILR is deployed on an Authentication, Authorization, and Accounting (AAA) server connected to the P-GW, and AAA in the network.
  • the servers are connected to each other; or the ILRs are deployed on a mobility management entity (MME) connected to the P-GW, and the MMEs in the network are connected to each other; or
  • MME mobility management entity
  • the gateway general packet radio service support node (GGSN) is used as the ASR, the ILR is deployed on the AAA server connected to the GGSN, and the AAA servers in the network are connected to each other; or The ILR is deployed on the home location register (HLR) connected to the GGSN, and the HLRs in the network are connected to each other; or the ILR is deployed on a home subscription server (HSS) connected to the GGSN, and the HSSs in the network are mutually connected.
  • HLR home location register
  • HSS home subscription server
  • the Broadband Remote Access Server (BRAS) is used as the ASR, the ILR is deployed on the AAA server connected to the BRAS, and the AAA servers in the network are connected to each other.
  • An embodiment of the present invention further provides an identity information server, including: a data storage unit, an information interaction unit, and an information query unit, where:
  • the data storage unit is configured to initially save an access identifier (AID) of a terminal in a network; the information interaction unit is configured to establish an interconnection between each identity information server (IIS); the information query unit is configured to When the terminal is roaming access, when the visited service access router (ASR) of the terminal queries the AID of the terminal, the information interaction unit searches the home IIS of the terminal for the AID of the terminal, and receives the home IIS of the terminal. The AID of the returned terminal.
  • the data storage unit is further configured to initially save the identifier used by the terminal for access authentication, and associate the AID of the terminal with the identifier used by the terminal for access authentication;
  • the information querying unit is configured to query and receive the AID of the terminal by: when receiving the identifier used by the terminal sent by the visited service ASR to access the authentication, it is known that the visited service ASR is to be Querying the AID of the terminal, and sending the received identifier of the terminal for access authentication to the home IIS of the terminal, by using the information interaction unit to query the home IIS of the terminal for the AID of the terminal, and receiving The AID returned by the home IIS of the terminal according to the identifier used by the terminal for access authentication.
  • the information querying unit is further configured to determine, according to the identifier used by the terminal for access authentication, whether the terminal belongs to the local network before the home IIS of the terminal queries the AID of the terminal, and the terminal does not belong to the terminal.
  • the home IIS of the terminal is determined to query the home ns for the AID of the terminal.
  • the information querying unit is further configured to, after receiving the identifier sent by the terminal sent by the other identity information server for access authentication, query the corresponding data from the data storage unit according to the identifier used by the terminal for access authentication. AID, and return the queried AID to the corresponding identity information server.
  • An embodiment of the present invention further provides an identity location register, including an information interaction unit, a data storage unit, and an information update unit, where:
  • the information interaction unit is configured to establish an interconnection between respective identity location registers (ILRs) in the network;
  • ILRs identity location registers
  • the data storage unit is configured to receive and save an access identifier (AID) and a route identifier (RID) of the terminal sent by the visited service access service router ASR of the terminal when the terminal roams access, where the AID is The visited service ASR is queried from the visited identity information server (IIS); the RID is allocated by the visited service ASR to the terminal after querying the AID;
  • AID access identifier
  • RID route identifier
  • the information updating unit is configured to pass the AID of the terminal by the information interaction unit
  • the RID is sent to the home ILR of the terminal, so that the home ILR saves the correspondence between the AID and the RID of the terminal.
  • the information updating unit is further configured to send the AID and the RID of the terminal to the terminal Before the ILR, determine whether the terminal belongs to the local network according to the AID of the terminal and the pre-configured information, and if not, determine the home network of the terminal; or send the AID and the RID according to the visited service ASR.
  • the identifier used by the terminal for access authentication determines whether the terminal belongs to the local network. If not, determines the home network of the terminal.
  • the data storage unit is further configured to: after the terminal switches the ASR, receive the RID that the target ASR switched by the terminal is reassigned by the terminal;
  • the information updating unit is further configured to update the RID reassigned by the target ASR to the terminal to the home ILR of the terminal after the terminal does not belong to the local network and determine the home network of the terminal.
  • the information update unit is further configured to send the AID of the terminal to the home ILR of the terminal when the terminal retires or releases the IP address, and notify the home ILR to delete the RID of the terminal.
  • the present invention saves the AID of the terminal by setting the identity information server, and connects the identity information servers to each other for interaction of the AID of the terminal, so that in the method based on the identity location separation, when the terminal roams, The AID of the terminal can be obtained, so that the terminal can access the visited network.
  • FIG. 1 is an architectural diagram of an identity location separation network in the related art
  • FIG. 2 is a schematic diagram of a terminal roaming in an identity location separated network in the related art
  • FIG. 3 is an architectural diagram of a system for acquiring an access identifier of a terminal according to the present invention
  • FIG. 4 is a flowchart of Embodiment 1 of a method for acquiring an access identifier of a terminal according to the present invention
  • FIG. 5 is a flowchart of a method for acquiring an access identifier of a terminal in a terminal handover manner according to the present invention
  • FIG. 7 is a flowchart of Embodiment 3 of a method for obtaining an access identifier of a terminal according to the present invention
  • FIG. 8 is a flowchart of a method for acquiring an access identifier of a terminal according to the present invention.
  • 9 is a schematic diagram of a method of the present invention applied to a 3G network
  • 10 is a schematic diagram of a method of the present invention applied to a fixed network
  • FIG. 11 is an architectural diagram of an identity information server of the present invention.
  • Figure 12 is a block diagram of the identity location register of the present invention.
  • a dedicated identity information server (Identity Information Server, hereinafter referred to as IIS) is used to save the AID of the terminal user.
  • IIS Identity Information Server
  • Carrier A has its own Identity Server A (IIS-A)
  • Carrier B has its own IIS-B.
  • IIS records both the identity used by the end user for access authentication and the AID of the user, and associates the two.
  • the identifier used by the terminal user for access authentication generally includes an International Mobile Subscriber Identity (IMSI), a Network Access Identifier (NAI), and the like.
  • IMSI International Mobile Subscriber Identity
  • NAI Network Access Identifier
  • a signaling interface (shown in Figure 3) needs to be added between the visited operator's IIS (visited IIS) and the home operator's IIS (home IIS).
  • the function is to pass the end user's access identifier (AID) between the visited IIS and the home IIS.
  • the IIS of the visited operator can establish a directly connected interface with the IMS of the home carrier, or can indirectly establish an interface through one or more border gateways. That is, the visited operator and the home operator's IIS establish an interface with the above-mentioned border gateways, and the interaction between the two IISs is completed by the transit of the border gateway.
  • the general role of the border gateway is to protect the data security of both operators and to be free from attacks.
  • the border gateway here can be generally referred to as Border IIS (B-IIS), Gateway IIS (G-IIS) or Proxy IIS (P-IIS).
  • the location information of the terminal can also be grasped.
  • a signaling interface is added between the visited operator's ILR (visited ILR) and the home operator's ILR (home ILR).
  • the ILR of the visited operator can establish a directly connected interface with the home operator's ILR, or can indirectly establish an interface through one or more border gateways.
  • the border gateway can be generally referred to as Border ILR (B-ILR for short), Gateway ILR (G-ILR for short) or Proxy ILR (P-ILR for short).
  • Border ILR Border ILR
  • G-ILR Gateway ILR
  • P-ILR Proxy ILR
  • An interface is established between IIS-A of carrier A and IIS-B of carrier B. If terminal A roams access from carrier B, it accesses through access service router B (ASR-B). ASR-B requests the AID of the terminal from IIS-B. At this time, IIS-B can obtain the AID of terminal A from IIS-A through the above interface, and send it to the terminal. In this way, the problem that the terminal cannot be accessed by the roaming operator can be solved.
  • FIG. 4 shows a first embodiment of the present embodiment, which is a process in which a terminal accesses a network and obtains an access identifier (AID) of the terminal from the network, and specifically includes the following steps:
  • Step 401 The terminal roams to the visited operator, and accesses the network of the visited operator, and attaches to the access service router (ASR).
  • ASR is the service ASR of the terminal (ie, the visited service) ASR ) ;
  • the service ASR obtains the identifier used by the terminal for access authentication in this step, such as the above-mentioned IMSI, NAI, or User Name. Based on the user name mentioned above, the network first performs access authentication on the terminal user, and then performs subsequent processes after the access authentication is passed.
  • Step 402 The ASR (located at the visited operator) queries the visited identity information server (IIS) for the AID of the terminal user, and carries the identifier of the obtained terminal for access authentication;
  • Step 403 Visiting the IIS After the above request, it is preferred to determine whether the user belongs to the local network;
  • IIS visited identity information server
  • the visited IIS can make a judgment according to the identifier used by the terminal for access authentication (that is, the identifier used by the user of the terminal for access authentication, and the following is expressed as the identifier used by the terminal for access authentication). .
  • the visited IIS since it is assumed that the user is currently accessing the visited operator, the visited IIS needs to further determine the home operator of the terminal user, and generally visits according to the identifier used by the terminal for access authentication.
  • IIS can determine the home operator of the terminal.
  • the visited IIS can also determine the home IIS of the terminal.
  • Step 404 The visited IIS sends a message to the home IIS (located in the home operator of the terminal user) of the terminal user, and queries the AID of the terminal, where the message carries the identifier used by the terminal to access the authentication;
  • Step 405 After receiving the foregoing request, the home IIS preferably first verifies that the request message is from a legal requester, and then locally queries the corresponding identifier according to the identifier used by the terminal for access authentication.
  • Step 406 Visiting IIS returns the queried AID to the ASR;
  • Step 407 The ASR sends the foregoing AID to the terminal, and the identity of the terminal is configured locally at the terminal.
  • the subsequent terminal uses the AID as its own IP address for communication with the outside world.
  • Step 408 After obtaining the AID of the terminal, the ASR further allocates a route identifier (RID, also referred to as a location identifier) to the terminal.
  • RID route identifier
  • Step 409 The ASR (the ASR is the ASR of the visited operator) updates the RID of the terminal to the ILR (visited ILR) of the visited operator, carries the AID of the terminal user, and the allocated RID, and preferably carries the above The identifier used by the terminal to access the authentication;
  • Step 410 The visited ILR saves the AID-RID correspondence of the terminal locally, and sends a message to the home ILR of the terminal, and carries the corresponding relationship of the AID-RID;
  • the visited ILR can determine that the terminal corresponding to the AID is not attributable to the operator.
  • the visited ILR can determine, according to the AID and the pre-configured information, that the AID does not belong to the operator, and can determine the operator to which the AID belongs; or, the visited ILR is used for access according to the terminal that is preferably carried in step 409.
  • the identifier of the authentication determines that the corresponding AID does not belong to the carrier, and can determine the operator to which the AID belongs.
  • Step 411 After the home ILR obtains the foregoing information, the corresponding relationship of the AID-RID of the terminal is saved locally;
  • the home operator of the terminal can also obtain the current location information of the terminal.
  • the home ILR returns a response message to the visited ILR.
  • Step 412 The visited ILR returns a response message to the ASR.
  • the visited ILR may also not record the terminal.
  • the AID-RID corresponds to the relationship, and the AID-RID of the terminal is directly sent to the home ILR of the terminal user, and only the home ILR stores the AID-RID correspondence of the terminal.
  • the problems of the prior art can be solved by the method of the above embodiment of the present invention.
  • the terminal roams
  • the ASR of the visited carrier accesses the network, it can also obtain its own AID and use the AID as its own source address to communicate with the outside world.
  • the visited IIS and the home IIS are directly interacted with each other.
  • the visited IIS and the home IIS can communicate with each other through one or more border gateways (such as B-IIS, G-IIS or P-IIS mentioned above), and the border gateway can also be based on the above terminal.
  • the identity used for access authentication determines which next hop border gateway or home IIS should be sent the corresponding message (as described in step 403).
  • the visited ILR and the home ILR may also be interworked through one or more border gateways (such as B-ILR, P-ILR, G-ILR), and the border gateway may follow the method described in step 410. According to the AID or the identifier used by the terminal user for access authentication, it is determined which next-hop border gateway or home ILR should be sent to the corresponding message.
  • the target ASR needs to allocate a new RID to the terminal, and simultaneously update the AID of the terminal saved in the ILR.
  • the -RID correspondence includes the following steps:
  • Step 501-502 After the terminal switches from the source ASR to the target ASR, the target ASR allocates a new RID to the terminal.
  • Step 503 The target ASR sends an update message to the visited ILR, and carries the AID of the terminal and the newly allocated RID, and preferably also carries the identifier used by the terminal for access authentication, because the target ASR is also located in the network of the visited carrier.
  • Step 503 is the same principle as step 409.
  • Step 504 In the same step 410, the visited ILR determines that the terminal user is not the home operator, and after determining the home operator of the user, sends a message to the home ILR of the terminal, and carries the mapping relationship of the AID-RID;
  • Steps 505-506 Same as steps 411-412.
  • FIG. 6 shows a second embodiment of the present invention, and it is still assumed that the terminal accesses the network at the visited operator. That is, the current service ASR of the terminal is located at the visited operator.
  • Step 601 The communication peer end (CN) of the terminal sends a data packet to the terminal, and the destination IP address of the data packet is set to the AID of the terminal, and the data packet first reaches the service ASR (CN-ASR) of the CN;
  • CN-ASR service ASR
  • Step 602 When the CN-ASR cannot find the location information of the terminal locally, query the location information of the terminal to the ILR in the carrier domain where the CN-ASR is located, and query the AID of the message carrying terminal; assume that the carrier where the CN-ASR is located Not the home operator of the terminal.
  • Step 603 It is assumed that the ILR in the carrier domain where the CN-ASR is located cannot locally query the RID information of the terminal, and as described in step 410, the ILR can determine that the AID does not belong to the present according to the AID and the pre-configured information. The operator, and the operator that can determine the AID belongs to; Step 604: The foregoing ILR sends a request to the home ILR of the terminal, and carries the AID of the terminal to request the RID information of the terminal;
  • Step 605 After the local ILR queries the RID information of the terminal according to the AID, the ILR returns a response message in the carrier domain where the CN-ASR is located, and carries the AID-RID information of the terminal.
  • Step 606 After receiving the response message, the ILR in the carrier domain where the CN-ASR is located carries the terminal RID information in the response message and returns it to the CN-ASR.
  • Step 607 The CN-ASR sends the foregoing data packet according to the location information of the terminal.
  • the operator where the CN-ASR is located may be the visited operator of the terminal.
  • the visited ILR can save the AID-RID relationship of the terminal, and the CN-ASR can directly query the related information in the visited ILR; otherwise, the method of the above step of Embodiment 2 is required. , to the relevant information related to the ILR query.
  • the operator in which the CN-ASR is located may also be different from the visited carrier where the terminal is currently located. In this case, the location information of the terminal needs to be queried according to the method in the foregoing embodiment.
  • FIG. 7 shows a third embodiment of the present invention. It is still assumed that the terminal accesses the network at the visited operator, that is, the current service ASR of the terminal is located at the visited operator. When the terminal exits the network, you need to clear the terminal.
  • the location information of the terminal that is stored in the ILR includes the following steps.
  • Step 701 The current service ASR of the terminal receives an indication that the terminal retires or releases the IP address.
  • Step 703 After receiving the above message, the visited ILR first deletes the AID-RID mapping relationship of the terminal locally, and according to the method of step 410, the visited ILR can determine that the local domain is the visited domain of the terminal (ie, the visited place). And determining the home domain of the terminal, the visited ILR sending a message to the home ILR of the terminal, for deleting the location information of the terminal, carrying the AID of the terminal, and preferably carrying the identifier of the terminal for access authentication;
  • Step 704 The home ILR deletes the locally saved related information, and returns a response message to the visited -ILR.
  • Step 705 Visit - ILR returns a response message to the above ASR.
  • the IIS described in this embodiment can be deployed on an Authentication, Authorization and Accounting (AAA) server, and a Home Location Register (referred to as a Home Location Register).
  • AAA Authentication, Authorization and Accounting
  • HLR Home Location Register
  • HSS Home Subscriber Server
  • these network elements can be used to directly replace the "identity information server” in the above embodiments. For example, replacing the "home identity information server” with the "home authentication authentication accounting server” and the "visit authentication authentication accounting server” with the "visiting location authentication information server” is the same.
  • the visited place - IIS and the IIS can interact with each other through the AAA protocol, including the RADIUS (Remote Authentication Dial In User Service) protocol and the Diameter protocol.
  • RADIUS Remote Authentication Dial In User Service
  • the visited IIS uses the Access-Request message defined by the RADIUS protocol, and the carrying terminal is used to access the authentication identifier to request the AID information in the terminal from the home IIS.
  • the home IIS uses the Access-Accept message to answer the visited IIS, and carries The AID of the terminal. If there is no corresponding record in the home IIS (for example, the terminal user does not sign the AID), then the home IIS can visit the IIS. Returns an Access-Reject message. At this time, the ASR of the visited place will preferably reject the terminal access.
  • the visited IIS can also use the AA-Request defined by the Diameter protocol to request the AID information of the terminal from the home IIS, and carry the identifier used by the terminal for access authentication; the home IIS uses the AA-Answer to answer the visited IIS, and carries the AID information of the terminal. Or carry an error indication (for example, the end user does not sign the AID). If the visited IIS receives the AA-Answer message carrying the error indication, the ASR preferably rejects the terminal access to the network.
  • the ILR in this embodiment can also be deployed on the AAA server, the HLR, or the HSS, that is, the ILR functions as a functional module of the network elements, or the network elements themselves have the ILR.
  • these network elements can be used to directly replace the "identity location register" in the above embodiments. For example, replacing the "home identity location register” with the "home authentication location accounting register” and the “visit authentication authority accounting server” with the "home authentication authentication accounting server", the principle is the same.
  • the visited ILR and the home ILR can also interact through the AAA protocol, including the RADIUS protocol and the Diameter protocol.
  • the visited ILR uses the Accounting-Request message defined by the RADIUS protocol, carries the AID and RID information of the terminal, and updates the RID information of the terminal to the home ILR.
  • you can use the Accounting-Request[start] that is, the type of the request is start
  • the subsequent update for example, the terminal switches the ASR, the new ASR assigns a new terminal
  • the visited ILR sends an Accounting-Request[stop] to the home ILR.
  • the home ILR receives the Accounting-Request message of type stop, the RID information of the terminal is deleted.
  • the ILR uses the Accounting-Response [start], Accounting-Response [interim], and Accounting-Response [stop] responses to the visited ILR.
  • the ILR of the carrier domain where the CN-ASR is located queries the terminal's home ILR for the RID of the terminal, the ILR can query the home ILR by using the newly defined message in the RADIUS protocol.
  • the visited ILR can also use the Accounting-Request message defined by the Diameter protocol to carry the AID and RID information of the terminal, and update the RID information of the terminal to the home ILR; accordingly, the home ILR responds to the visited ILR by using the Accounting-Answer.
  • the visited ILR can use the Disconnect-Peer-Request or Abort-Session-Request message to carry the AID of the terminal.
  • the home ILR Indicates that the home ILR deletes the RID information of the terminal; correspondingly belongs to the ILR using the Disconnect-Peer- Answer or Abort-Session- Answer to answer the ILR noirI port implementation 1” column 2, when the CN-ASR is located in the carrier domain
  • the ILR queries the terminal's home ILR for the RID of the terminal, the ILR can query the home-ILR using the newly defined message in the Diameter protocol.
  • FIG. 8 is a fourth embodiment of the present embodiment, and specifically applies the content of the present embodiment to an LTE (Long Term Evolution) network.
  • LTE Long Term Evolution
  • a terminal is first connected to an S-GW (Serving Gateway) through a wireless connection, and then connected to a P-GW (Packet Data Network Gateway) through an S-GW.
  • P-GW Packet Data Network Gateway
  • the P-GW has the ASR function described above, and is referred to as P-GW (ASR).
  • the network is divided into the visited operator of the terminal (operator B in the figure) and the home carrier (operator A in the figure), assuming that the terminal is currently connected in the network of the operator of the visited place, and the network is allocated for the terminal.
  • the P-GW (ASR) is also located in the visited operator domain.
  • the P-GW (ASR) interfaces with the ILR in the visited operator domain (i.e., the visited ILR above) and the IIS in the visited carrier domain (i.e., the visited IIS above).
  • the interfaces described herein may be directly connected or indirectly connected through an intermediate border gateway or the like.
  • Embodiments 1 to 3 of the present embodiment are all applicable to the LTE network described herein, and only need to replace the ASR of the previous embodiment with the P-GW (ASR) described herein, and the source ASR,
  • the target ASR is replaced by the source P-GW (ASR) and the target P-GW (ASR).
  • both the ILR and IIS can be located on the AAA server connected to the P-GW (ASR) (eg, connected to the P-GW (ASR) via the SGi interface). The principle is the same and will not be described again.
  • the LTE network further includes an MME (Mobility Management Entity), which functions to save the mobility context of the terminal.
  • MME Mobility Management Entity
  • IIS ILR
  • ILR Mobility Management Entity
  • the above IIS, ILR may also be located on the MME, or the MME itself has IIS and / or ILR functions.
  • the MME located in the visited domain is the visited MME
  • the MME located at the home is the home MME.
  • An indirect or direct interface is established between the visited MME and the home MME.
  • Fig. 9 is a fifth embodiment of the present embodiment, and specifically the content of the present embodiment is applied to a GPRS (General Packet Radio Service) network.
  • the terminal first connects to the SGSN (Serving GPRS Support Node) wirelessly, and then connects to the GGSN (Gateway GPRS Support Node, Gateway General Packet Radio Service Support Node) through the SGSN.
  • the GGSN has the ASR function described above, and is denoted as GGSN (ASR).
  • the network is divided into the visited operator of the terminal (the operator B in the figure) and the home carrier (the operator A in the figure), and the terminal is currently connected to the operator of the visited place.
  • the GGSN (ASR) allocated by the network for the terminal is also located in the visited operator domain.
  • the GGSN (ASR) interfaces with the ILR in the visited carrier domain (ie, the visited ILR above) and the IIS in the visited carrier domain (ie, the visited IIS above).
  • the interfaces described herein may be directly connected or indirectly connected through an intermediate border gateway or the like.
  • Embodiments 1 to 3 of the present invention can be applied to the GPRS network described herein, and only need to replace the ASR of the previous embodiment with the GGSN (ASR) described herein, and replace the source ASR and the target ASR with The source GGSN (ASR) and the target GGSN (ASR) can be used.
  • both the ILR and IIS can be located on the AAA server connected to the GGSN (ASR) (eg, connected to the GGSN (ASR) via the Gi interface). The principle is the same and will not be described again.
  • the GPRS network also includes an HLR or HSS, which is used to store information such as subscriptions of end users.
  • HLR or HSS which is used to store information such as subscriptions of end users.
  • IIS and ILR can also be located on the HLR/HSS.
  • the HLR/HSS in the visited domain is the visited-HLR/HSS
  • the HLR/HSS located in the visited domain is the attribution-HLR/HSS.
  • FIG. 10 is a sixth embodiment of the present embodiment, specifically applying the content of the present embodiment to a fixed network
  • BRAS Broadband Remote Access Server
  • DSLAM Digital Subscriber Line Access Multiplexer
  • the fixed network is generally managed in a sub-area, such as area A and area B as shown in FIG.
  • the home area of the terminal is area A, and it is assumed that the terminal is currently connected in its visited area (ie, area B).
  • the area A and the area B are the same as the carrier A and the operator B mentioned above, so that the figure 10 can also be regarded as a roaming scene.
  • the BRAS Assuming that the BRAS currently connected to the terminal is also located in the visited area, the BRAS (ASR) has an interface with the ILR of the visited area (i.e., the visited ILR above) and the IIS in the visited area (ie, the visited IIS above).
  • the visited ILR has an interface with the ILR in the home zone of the terminal (i.e., the above-mentioned home ILR), and there is also an interface between the visited IIS and the IIS in the home zone of the terminal (ie, the home IIS above).
  • the interfaces described herein may be directly connected or indirectly connected through an intermediate border gateway or the like.
  • Embodiments 1 to 3 of the present invention can be applied to the fixed network described herein, and only need to replace the ASR of the previous embodiment with the BRAS (ASR) described herein, and replace the source ASR and the target ASR with The source BRAS (ASR) and the target BRAS (ASR) are sufficient. Also, as mentioned above, both the ILR and IIS can be located on the AAA server connected to the BRAS (ASR). The principle is the same and will not be repeated.
  • the embodiment further provides an identity information server, including: a data storage unit, an information interaction unit, and an information query unit, where:
  • the data storage unit is set to initially save the AID of the terminal in the network where the network is located;
  • the information interaction unit is configured to establish an interconnection between the IISs
  • the information querying unit is configured to query the AID of the terminal to the home IIS of the terminal through the information interaction unit when the terminal accesses the AID of the terminal, and receives the AID of the terminal returned by the home IIS of the terminal. .
  • the data storage unit is further configured to initially save the identifier used by the terminal for access authentication, and the terminal
  • the AID is associated with an identifier used by the terminal to access the authentication
  • the information querying unit is configured to: when receiving the identifier of the terminal used by the visited service ASR for access authentication, knowing that the visited service ASR is to query the AID of the terminal, and using the received terminal for access authentication
  • the home IIS sent to the terminal is identified to query the AID of the terminal through the information interaction unit, and receives the AID returned by the home IIS of the terminal and queried according to the identifier used by the terminal for access authentication.
  • the information querying unit is further configured to determine whether the terminal belongs to the local network according to the identifier used by the terminal for access authentication before querying the AID of the terminal to the home IIS of the terminal, and determine the home IIS of the terminal when the terminal does not belong to the local network. To query the AID of the terminal to the home IIS.
  • the information querying unit is further configured to: after receiving the identifier sent by the terminal sent by the other identity information server for access authentication, query the corresponding AID from the data storage unit according to the identifier used by the terminal for access authentication, and The queried AID is returned to the corresponding identity information server.
  • the embodiment further provides an identity location register, including: an information interaction unit, a data storage unit, and an information update unit, where:
  • the information interaction unit is configured to establish an interconnection between the ILRs in the network
  • the data storage unit is configured to receive and save the AID and RID of the terminal sent by the visited service ASR of the terminal when the terminal roams access, and the AID is obtained by the visited service ASR from the visited IIS; the RID is inquired by the visited service ASR. After the AID, assign to the terminal;
  • the information updating unit is configured to send the AID and the RID of the terminal to the home ILR of the terminal through the information interaction unit, so that the home ILR saves the correspondence between the AID and the RID of the terminal.
  • the information update unit is further configured to determine whether the terminal belongs to the local network according to the AID of the terminal and the pre-configured information before transmitting the AID and the RID of the terminal to the home ILR of the terminal, and if not, determine the home network of the terminal;
  • the destination service ASR sends the AID and the RID to send the AID and the RID to determine whether the terminal belongs to the local network. If not, the home network of the terminal is determined.
  • the data storage unit is further configured to: after the terminal switches the ASR, receive the RID that the target ASR switched by the terminal is reassigned to the terminal;
  • the information updating unit is further configured to update the RID reassigned by the target ASR to the terminal to the home ILR of the terminal after the terminal does not belong to the local network and determine the home network of the terminal.
  • the information update unit is further configured to send the AID of the terminal to the home ILR of the terminal when the terminal retires or releases the IP address, and notifies the home ILR to delete the RID of the terminal.
  • modules or steps of the present invention can be implemented by a general-purpose computing device, which can be concentrated on a single computing device or distributed over a network composed of multiple computing devices. Alternatively, they may be implemented by program code executable by the computing device so that they may be stored in the storage device by the computing device, or they may be separately fabricated into individual integrated circuit modules, or Multiple modules or steps are made into a single integrated circuit module. Thus, the invention is not limited to any particular combination of hardware and software.
  • the present invention saves the AID of the terminal by setting the identity information server, and connects the identity information servers to each other for interaction of the AID of the terminal, so that in the method based on identity location separation, when the terminal When roaming occurs, the AID of the terminal can be obtained, so that the terminal can access the visited network.

Landscapes

  • Engineering & Computer Science (AREA)
  • Databases & Information Systems (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

Un procédé pour obtenir un identifiant d'accès (AID) d'un terminal consiste à établir un serveur d'informations d'identification (IIS) dans un réseau, à stocker, dès le départ, un AID d'un terminal dans le réseau dans le IIS, puis à établir une connexion réciproque entre les IIS; lorsque le terminal à accès depuis un réseau visité et en itinérance, et lorsque un IIS visité recherche l'AID du terminal depuis un routeur de service d'accès visité (ASR) du terminal, à rechercher l'AID du terminal à partir d'un IIS local du terminal; puis l'IIS visité reçoit l'AID du terminal qui est renvoyé par l'IIS local du terminal. Selon le mode de réalisation, l'AID du terminal peut être obtenu lorsque le terminal est en itinérance, de sorte que le terminal peut avoir accès au réseau visité.
PCT/CN2013/079257 2012-08-24 2013-07-12 Procédé et serveur d'informations d'identification pour obtenir un identifiant d'accès d'un terminal WO2013178138A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201210305447.0A CN103634776B (zh) 2012-08-24 2012-08-24 一种获取终端的接入标识的方法及身份信息服务器
CN201210305447.0 2012-08-24

Publications (1)

Publication Number Publication Date
WO2013178138A1 true WO2013178138A1 (fr) 2013-12-05

Family

ID=49672463

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2013/079257 WO2013178138A1 (fr) 2012-08-24 2013-07-12 Procédé et serveur d'informations d'identification pour obtenir un identifiant d'accès d'un terminal

Country Status (2)

Country Link
CN (1) CN103634776B (fr)
WO (1) WO2013178138A1 (fr)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109067788B (zh) * 2018-09-21 2020-06-09 新华三技术有限公司 一种接入认证的方法及装置
CN118590842A (zh) * 2023-03-03 2024-09-03 华为技术有限公司 计费方法及系统

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1925691A (zh) * 2006-09-30 2007-03-07 华为技术有限公司 实现国际漫游呼叫的方法和系统
CN102045692A (zh) * 2009-10-26 2011-05-04 中兴通讯股份有限公司 一种基于控制面与媒体面分离的网络架构实现的通信网络
CN102546847A (zh) * 2010-12-30 2012-07-04 中兴通讯股份有限公司 信息处理方法、域名服务器和接入路由器

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102026164A (zh) * 2009-09-17 2011-04-20 中兴通讯股份有限公司 一种获取终端身份标识的方法及系统
CN102036215B (zh) * 2009-09-25 2013-05-08 中兴通讯股份有限公司 实现网间漫游的方法、系统及查询和网络附着方法及系统

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1925691A (zh) * 2006-09-30 2007-03-07 华为技术有限公司 实现国际漫游呼叫的方法和系统
CN102045692A (zh) * 2009-10-26 2011-05-04 中兴通讯股份有限公司 一种基于控制面与媒体面分离的网络架构实现的通信网络
CN102546847A (zh) * 2010-12-30 2012-07-04 中兴通讯股份有限公司 信息处理方法、域名服务器和接入路由器

Also Published As

Publication number Publication date
CN103634776B (zh) 2019-01-04
CN103634776A (zh) 2014-03-12

Similar Documents

Publication Publication Date Title
US9143483B2 (en) Method for anonymous communication, method for registration, method and system for transmitting and receiving information
EP1901567B2 (fr) Procédé et serveur de géstion d'adresse dans un réseau à paquets
WO2011050678A1 (fr) Réseau de communication mis en oeuvre selon une architecture de réseau à séparation du plan de commande et du plan de transport
WO2012130085A1 (fr) Procédé et dispositif destinés à établir une connexion avec un système de gestion de réseau, et système de communication
CN102685712B (zh) 一种身份位置分离网络中的映射服务器及其实现方法
CN104969590A (zh) 用于允许在虚拟家庭网关中的数据路径选择的方法和设备
WO2013071819A1 (fr) Procédé, élément réseau et équipement utilisateur permettant de réaliser une séparation d'identifiant et d'emplacement et une attribution d'identifiant d'interface
WO2007051407A1 (fr) Systeme de communication mobile ameliore et procede d’enregistrement de terminal correspondant
WO2009046666A1 (fr) Procédé d'adressage d'entité à fonction de décision de politique, élément de réseau et système de réseau
WO2009082979A1 (fr) Procédé d'attribution d'adresses réseaux, réseau et nœud de réseau de celui-ci
WO2011035667A1 (fr) Procédés et systèmes pour réaliser une itinérance interréseau, interroger et rattacher un réseau
WO2011085618A1 (fr) Procédé de commutation de terminal et réseau de communication correspondant
WO2014067420A1 (fr) Procédé, dispositif et système de gestion de type de réseau de données en paquets
CN102571999B (zh) 一种数据传输方法、系统及接入网关
WO2011050724A1 (fr) Système de mise en oeuvre de communication mobile en fonction d'un coeur de réseau à accès multiple par répartition en code à large bande (wcdma) et procédé d'accès d'équipement utilisateur
EP4252455A1 (fr) Continuité de session pdu pour un ue se déplaçant entre un réseau de télécommunications et un dispositif de passerelle
US8705471B2 (en) Method and system for implementing ID/locator mapping
WO2011032417A1 (fr) Procédé et système de déclenchement d'acheminement de message de communication, d'informations et de données et de configuration de routage
WO2011120365A1 (fr) Procédé et système d'établissement de connexion entre terminaux multiconnectés
WO2011120276A1 (fr) Procédé et système permettant d'établir une connexion entre des terminaux
WO2011032478A1 (fr) Procédé, dispositif et terminal pour obtenir un identifiant de terminal
WO2011044807A1 (fr) Procédé de communication et d'enregistrement de communication anonyme et système émetteur-récepteur de message de données
WO2013178138A1 (fr) Procédé et serveur d'informations d'identification pour obtenir un identifiant d'accès d'un terminal
WO2011050679A1 (fr) Réseau de communication et procédé d'accès de terminal mis en oeuvre grâce à une infrastructure de réseau wimax
WO2012103755A1 (fr) Procédé et système pour obtenir l'identité (id) d'un terminal

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 13798063

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 13798063

Country of ref document: EP

Kind code of ref document: A1

点击 这是indexloc提供的php浏览器服务,不要输入任何密码和下载