CN101179554B - Method and network side for notifying boot mode of mobile subscriber terminal - Google Patents
Method and network side for notifying boot mode of mobile subscriber terminal Download PDFInfo
- Publication number
- CN101179554B CN101179554B CN200610063526XA CN200610063526A CN101179554B CN 101179554 B CN101179554 B CN 101179554B CN 200610063526X A CN200610063526X A CN 200610063526XA CN 200610063526 A CN200610063526 A CN 200610063526A CN 101179554 B CN101179554 B CN 101179554B
- Authority
- CN
- China
- Prior art keywords
- message
- address
- dhcp
- haaa
- access authentication
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Images
Landscapes
- Mobile Radio Communication Systems (AREA)
Abstract
The invention discloses a method used for noticing a bootstrap model to a mobile terminal. The method includes: an MS transmits a inquiry request to a network side, and after receiving the inquiry request, the network instructs the MS that a Bootstrapping is going to begin, and sends the message containing the bootstrap model back to the MS. The invention also discloses the network side for noticing a bootstrap model to a mobile terminal. The network side is used for instructing the MS that a Bootstrapping is going to begin after receiving the inquiry request transmitted by the MS, and then sending the message containing the bootstrap model back to the MS. By using the method and the network side in the invention, before a procedure of the Bootstrapping, the mobile user terminal is clearly aware what kind of way is going to be carried out for the net Bootstrapping processing, and a order attempt to every Bootstrapping way is avoided, and a plurality of useless messages are avoided. Therefore, the system is able to be far from an unnecessary confusing and complicated situation.
Description
Technical field
The invention belongs to communication technical field, relate in particular to a kind of method of notifying boot mode of mobile subscriber terminal.
Background technology
Although the internet that with IPv4 is core technology has obtained great success, because the anxiety of IPv4 address resource has but directly limited further developing of IP technical application.At present in order to address this problem; Technology such as CIDR, NAT, combined address have been proposed; Satisfy to move and the develop rapidly of broadband technology demand to the IP address; But these technology can not fundamentally solve the nervous problem of IP address resource, can only respite at present to the situation of the demand sharp increase of IP address.
In order to address the above problem; IETF (The Internet Engineering Task Force; The Internet engineering duty group) proposed Next Generation Internet agreement---IPv6 in the nineties in 20th century, IPv6 has been acknowledged as the following upgraded version of IPv4 at present.IPv6 its most improvement of essence be exactly that address size with former IPv4 is increased to 128 by 32, thereby brought almost unlimited address space.In addition, IPv6 also adopts many technology such as hierarchical address pattern, efficient IP packet header, service quality, host address configuration automatically, authentication and encryption.IPv6 makes following all-network user, even each electronic installation such as automobile, washing machine, phone, refrigerator all will have a globally unique address, thoroughly solves the address crisis that IPv4 exists, and realizes end-to-end communication.
Though the proposition of IPv6 makes the nervous problem of IP address resource obtain solution; But constantly develop the popularization and application with mobile communication along with the internet; Only fixedly IP technology can not satisfy people's demand far away; People hope can be with a kind of flexible way more access enterprise networks network and internet whenever and wherever possible, so Mobile IP (move IP, be abbreviated as MIP) technology has been arisen at the historic moment.In mobile communications network; The basic principle of MIP technology be MS (Mobile Subscriber Station, mobile subscriber terminal) except have a fixed IP addresses (be HoA, Home Address; Also claim home address) outside; Also have another one temporary ip address (be CoA, Care-of Address also claims Care-of Address) at the field network that moves to recently; Set up the corresponding relation of HoA address and CoA address through certain network mechanism; And the routing relation of home network and field network, thereby reach make MS when its network transformation be positioned at the unbroken purpose of communication between the CN (Corresponding Node, Correspondent Node) of other networks.MIPv6 (Mobile IP version 6) then is based on the mobile IP technology of IPv6 agreement, and its advantage is need not outer agency, supports Route Optimization (routing optimality) and then avoids alternate route, also can make full use of neighbours' discovery feature and IPv6 extension header.Mobile IP technology is to move one of the technology of basis, most critical of Internet age, also is one of the key technology that realizes the global personal communication of " any time, Anywhere, carrying out any service communication with anyone through any way ".Referring to shown in Figure 1, the course of work of MIPv6 below makes brief of the introduction:
Step 101: router sends Router Advertisement (route announcement) message and gives MS; This message comprises that MS belongs to the prefix of network at present; And the configuration information of some networks; MS confirms current position through Router Advertisement message, confirms that promptly MS is at home network on earth, still in nonlocal visited network.
Step 102:MS uses the automatic configuration mechanism in IPv6 address to obtain the configuration CoA of foreign link;
MS also can use other configuration mechanism to obtain the configuration CoA of foreign link here, for example manual configuration mechanism, static configuration mechanism etc.
Step 103:MS registers at HA (Home Agent, home agent), and CoA and HoA are bound, and sets up both mapping relations, and sets up the tunnel between MS and the HA.
Step 104:MS registers at CN, and CoA and HoA are bound, and sets up both mapping relations.
Step 105:CN uses HoA as destination address when sending packet and give MS, and packet is mail to the home network of MS, and home agent is according to the HoA of MS registration and the mapping relations of CoA, through the tunnel packet is transmitted to the CoA of MS,
In this step, CN also can use IPv6 route extension header, directly packet is issued MS.
Step 106:MS sends packet and gives CN, wherein uses CoA as source address.
Require mobile node to know HoA, hometown-agent-address (HA_Addr) in the MIPv6 agreement and set up the required key calculation material of Security Association etc. before carrying out home registration and between the HA; The mechanism that MS obtains above-mentioned information is called as Bootstrapping (bootstrapping) mechanism of MIPv6; At present according to MSA (Mobility Service Authenticator; Move service authentication side) and ASA (Access Service Authenticator; The access service authenticating party) relation between, the scene that will carry out Bootstrapping is divided into following two kinds:
(1) integrating scene: MSA and ASA is same entity MASA (Mobility Access Service Authenticator; Move service, access service authenticating party), that is to say to mobile subscriber terminal carries out network access authentication and merge into an entity with the entity of the access authentication of the service of moving.
For integrating scene; Exist the two kinds of mode of carrying out Bootstrapping: DHCP (Dynamic Host Configuration Protocol at present; DHCP) mode and EAP (Extensible Authentication Protocol; Extensible Authentication Protocol) mode describes to the method for carrying out Bootstrapping with this dual mode respectively below.
1, when MS carries out Bootstrapping through the DHCP mode, there are following two kinds of situation:
(1), when MS and DHCP Server are arranged in same site (the IP address is made up of 128 2 system numbers, generally regards preceding 48 the identical network nodes in IP address as to be arranged in same site), referring to flow chart shown in Figure 2, implementation step is following:
Step 201:MS and NAS (Network Access Server, network access server) carry out access authentication alternately, and NAS is in visited network.
Step 202:NAS sends Access Request (inserting request) message to HAAA (Home AAA server, home network authentication, authorization and accounting server), and request is carried out authentication to MS, and described HAAA is arranged in MASA.
Step 203:HAAA carries out access authentication to MS; After successfully accomplishing access authentication; HAAA moves authorization of service to MS; And being that at home network it distributes a HA (HA that will in home network, distribute is expressed as HA_H) here, HAAA sends Access Accept (insert and accept) message and gives NAS then, comprises the HA_H address in the described Access Accept message;
HAAA is the HA that is arranged in home network that is having no under the situation of prior information automatically for the acquiescence of MS distribution in this step.
Step 204:NAS stores the HA_H address after receiving Access Accept message, and sends and accomplish access authentication message to MS.
Step 205:MS sends DHCP Information Request message to All_DHCP_Relay_Agents_and_Servers (all dhcp relay agents and Dynamic Host Configuration Protocol server) multicast address, and shows that through the sign option of the home network in this message (Home Network Identifier Option [HAOPT]) MS wants in visited network, still to be assigned with HA in the home network;
Because DHCP Server and MS are arranged in same site, the DHCP Server that serves for MS can receive the DHCP Information Request message that MS sends to the All_DHCP_Relay_Agents_and_Servers multicast address.
Step 206: for after the DHCP server of MS service receives DHCP Information Request message; Identify MS through being used for the sign DUID of unique identification DHCP Server and MS identity in the DHCP system; Operation configuration according to current determines whether that needs are its service; The words DHCP Server that needs sends DHCP-Reply message and gives MS, comprises the HA_H address in the DHCP-Reply message;
Be arranged under the situation of same site at DHCP Server and MS; Usually DHCP Server and NAS are made an entity; Preserve the HA_H address among the NAS; Also promptly mean and preserve the HA_H address among the DHCP Server, when DHCP Server sends DHCP-Reply message when giving MS, the HA_H address information of its storage is included in the DHCP-Reply message.
If what MS stated in DHCP Information Request message will be assigned with a HA in visited network; Then DHCP server is that MS distributes a HA (HA that will in visited network, distribute is expressed as HA_V) here in visited network; And send DHCP-Reply message and give MS, comprise HA_H address and HA_V address in the DHCP-Reply message.
Step 207:MS and HA accomplish follow-up Bootstrapping process (promptly carrying out the foundation of security association of configuration and HA and the MS of HoA through IKEv2 (Internet Key Exchange Protocol) process).
(2), when MS is arranged in different site with DHCP Server, referring to flow chart shown in Figure 3, implementation step is following:
Step 301:MS and NAS (Network Access Server, network access server) carry out access authentication alternately, and NAS is in visited network.
Step 302:NAS sends Access Request (inserting request) message to AAA (Home AAA server, home network authentication, authorization and accounting server), and request is carried out authentication to MS, and described HAAA is arranged in MASA.
Step 303:HAAA carries out access authentication to MS; After successfully accomplishing access authentication; HAAA moves authorization of service to MS; And being that at home network it distributes a HA (HA that will in home network, distribute is expressed as HA_H) here, HAAA sends Access Accept (insert and accept) message and gives NAS then, comprises the HA_H address in the described Access Accept message;
HAAA is the HA that is arranged in home network that is having no under the situation of prior information automatically for the acquiescence of MS distribution in this step.
Step 304:NAS stores the HA_H address after receiving Access Accept message, and sends and accomplish access authentication message to MS.
Step 305:MS sends DHCP Information Request message to All_DHCP_Relay_Agents_and_Servers (all dhcp relay agents and Dynamic Host Configuration Protocol server) multicast address, and shows that through the sign option of the home network in this message (Home Network Identifier Option [HAOPT]) MS wants in visited network, still to be assigned with HA in the home network;
Because DHCP Server is arranged in different site with MS; DHCP Server does not receive the DHCP Information Request message that MS sends to the All_DHCP_Relay_Agents_and_Servers multicast address, just needs this moment DHCP Relay Agent (dhcp relay agent) to help MS to DHCP Server relaying DHCP Information Request message.
Above-mentioned dhcp relay agent is used for relaying DHCP message between MS and DHCP Server, and itself and NAS are same entity.
Step 306:DHCP relay agent sends Relay-Forward message and gives DHCP server (Dynamic Host Configuration Protocol server) after intercepting and capturing the DHCP Information Request message that MS sends, and comprises it in this message from HA_H address that HAAA obtains there.
Because dhcp relay agent and NAS are same entity; So preserve the HA_H address among the NAS; Also promptly mean and preserve the HA_H address in the dhcp relay agent; When dhcp relay agent sends Relay-Forward message when giving Dynamic Host Configuration Protocol server, the HA_H address information of its storage is included in the Relay-Forward message.
Step 307: for the DHCP server of MS service identifies MS through being used for the sign DUID of unique identification DHCPServer and DHCP Client (the DHCP Client here is MS) identity in the DHCP system; Operation configuration according to current determines whether that needs are its service; The words DHCP Server that needs sends Relay-Reply message and gives dhcp relay agent, comprises the HA_H address in the Relay-Reply message;
If what MS stated in DHCP Information Request message will be assigned with a HA in visited network; Then DHCP server is that MS distributes a HA (HA that will in home network, distribute is expressed as HA_V) here in visited network; And send Relay-Reply message and give dhcp relay agent, comprise HA_H address and HA_V address in the Relay-Reply message.
Step 308:DHCP relay agent sends DHCP Reply message and gives MS, comprising DHCP Server address for the HA of MS distribution in home network, i.e. HA_H address; When DHCP server is MS when in visited network, distributing a HA (HA_V), also comprise the HA_V address in this message.
Step 309:MS and HA accomplish follow-up Bootstrapping process (promptly carrying out the foundation of security association of configuration and HA and the MS of HoA through IKEv2 (Internet Key Exchange Protocol) process).
2, when MS carried out Bootstrapping through the EAP mode, referring to flow chart shown in Figure 4, implementation step was following:
Step 401:MS and NAS carry out network alternately and begin access authentication procedure, and NAS is in visited network.
Step 402:NAS send Access Request message to HAAA, and request is carried out authentication to MS, and said HAAA is arranged in MASA.
Step 403:HAAA carries out access authentication to MS, and after successfully accomplishing access authentication, HAAA moves authorization of service to MS, and distributes a HA (HA_H) at home network for it; After this, HAAA and HA_H carry out alternately, are MS configuration HoA.
Step 404:HAAA sends Access Accept message and gives NAS, comprises authentication success indication information, HA_H address and HoA in this message.
Step 405:NAS sends and accomplishes access authentication message to MS after receiving Access Accept message, comprises access authentication success indication information, HA_H address and HoA in this completion access authentication message.
Step 406:MS and HA accomplish follow-up Bootstrapping process (setting up the security association of HA and MS through the IKEv2 process).
(2) separation scene: moving service authentication entity (MSA) is different entities with access service certification entity (ASA) is provided, and that is to say that the network authentication of mobile subscriber terminal and the entity that moves the service access authentication are what to separate.
For separation scene, exist the mode of a kind of Bootstrapping of carrying out at present, i.e. DNS mode, referring to flow chart shown in Figure 5, implementation step is following:
Step 501:MS and HAAA accomplish access authentication alternately.
Step 502:MS sends DNS Request message to the dns server of place visited network, comprises the FQDN (Fully Qualified Domain Name, FQDN) of the HA that will resolve in the message.
Step 503:DNS sends to MS through DNS Reply message then through the IP address that the FQDN that resolves the HA that comprises in the DNS Request message obtains HA.
Step 504:MS accomplishes follow-up Bootstrapping process (carrying out the foundation of security association of configuration, HA and the MS of HoA through the IKEv2 process) with HA behind the address that has got access to HA.
In the prior art; The pattern that multiple Bootstrapping is arranged; Under the various network configuration, can adopt different Bootstrapping patterns; But MS is when carrying out authentication and do not know the configuring condition of current network, thus can take to attempt successively carrying out all possible Bootstrapping pattern, up to can through certain Bootstrapping pattern success get access to required relevant information till.For example: when MS does not get access to information needed through the EAP mode when carrying out access authentication, can attempt integrating the DHCP mode under the scene, when adopting the DHCP mode can't obtain the network configuration state information, can attempt adopting the DNS mode under the separation scene; Will produce a large amount of rubbish messages thus, not only take Internet resources, and to make be to be absorbed in unnecessary confusion and complex state.
Summary of the invention
Embodiments of the invention provide a kind of method of notifying boot mode of mobile subscriber terminal; Utilize this method; Can make mobile subscriber terminal before carrying out Bootstrapping, know that which kind of mode of this use carries out follow-up Bootstrapping process, avoid MS when attempting various Bootstrapping method successively; Produce a large amount of rubbish messages, and be absorbed in unnecessary confusion and complex state to system.
Embodiments of the invention provide a kind of mobile subscriber terminal to select the bootstrap approach method, and this method realizes through following steps:
Mobile subscriber terminal MS sends a request message to network side, and network side carries out access authentication to said MS after receiving request message; After network side is accomplished the access authentication to said MS,, and this indication information is returned to mobile subscriber terminal for mobile subscriber terminal is indicated the pattern that will boot.
Wherein, when described network side was home network authentication, authorization and accounting server HAAA, said method comprised step:
Mobile subscriber terminal MS sends a request message to network side, and network side carries out access authentication to said MS after receiving request message; After network side is accomplished the access authentication to said MS, the pattern that will boot for described MS indication, and the message that will comprise the boot mode indication information returns to described MS.
When described network side was home network authentication, authorization and accounting server HAAA, described method comprised step:
A1, MS and network access server NAS carry out access authentication alternately;
B1, NAS send to HAAA and insert request message, and request is carried out authentication to MS;
C1, HAAA carry out access authentication to MS, after completing successfully access authentication, are the boot mode that the MS indication will be carried out according to the user profile of MS;
D1, HAAA send and accept message to NAS, and described access accepts to comprise in the message access authentication success indication information and boot mode indication information;
E1, NAS receive accept message after, send and accomplish access authentication message and give described MS, comprise access authentication success indication information and boot mode indication information in the described completion access authentication message.
Wherein, step C1 further comprises: HAAA is that MS distributes a home agent HA _ H at home network;
D12, HAAA send and accept message to NAS, and described access accepts to comprise in the message access authentication success indication information, boot mode indication information and HA_H address;
E12, NAS receive accept message after, storage HA_H address, and send and accomplish access authentication message and give described MS comprises access authentication success indication information and boot mode indication information in the described completion access authentication message.
Wherein, step C1 further comprises: HAAA is that MS distributes a home agent HA _ H at home network; HAAA carries out alternately with the home agent that distributes for MS, is described MS configuration home address HoA;
D13, HAAA send and accept message to NAS, and described access accepts to comprise in the message access authentication success indication information, boot mode indication information, HA_H address and HoA;
E13, NAS receive accept message after, send and accomplish access authentication message and give described MS, comprise access authentication success indication information, boot mode indication information, HA_H address and HoA in the described completion access authentication message.
When described network side was couple in router AR, described method comprised step:
A2, MS be co-located care-of address CoA in visited network, and sends route request information to AR;
After B2, AR receive route request information,, and send route announcement message and give described MS, comprise the boot mode indication information in the described route announcement message for described MS indicates the boot mode that will carry out.
Wherein, further comprise before the steps A 2:
A21, MS and AAA accomplish access authentication alternately.
When described network side was Dynamic Host Configuration Protocol server, described method comprises step: MS sent a request message to Dynamic Host Configuration Protocol server; After described Dynamic Host Configuration Protocol server is received request message; For described MS distributes CoA in visited network; And for described MS indicates the boot mode that will carry out, send DHCPReply message then and give described MS, comprise boot mode indication information and CoA in the described DHCP Reply message.
Wherein, further comprised before Dynamic Host Configuration Protocol server sends a request message at described MS: described MS and HAAA accomplish access authentication alternately.
It is thus clear that the present invention can realize informing that through a simple method MS will carry out Bootstrapping in which way, the inconvenience of having avoided MS when attempting various Bootstrapping method successively, to be brought.
Description of drawings
Fig. 1 is the workflow diagram of MIPv6 in the prior art;
Fig. 2 is for integrating under the scene flow chart one that carries out Bootstrapping through the DHCP mode in the prior art;
Fig. 3 is for integrating under the scene flowchart 2 that carries out Bootstrapping through the DHCP mode in the prior art;
Fig. 4 is for integrating under the scene flow chart that carries out Bootstrapping through the EAP mode in the prior art;
Fig. 5 is for carrying out the flow chart of Bootstrapping under separation scene in the prior art;
Fig. 6 informs the schematic flow sheet of MS boot mode for embodiments of the invention;
Fig. 7 is for integrating under the scene flow chart one of informing the MS boot mode through the DHCP mode in the embodiments of the invention;
Fig. 8 is for integrating under the scene flowchart 2 of informing the MS boot mode through the DHCP mode in the embodiments of the invention;
Fig. 9 is for integrating under the scene flow chart of informing the MS boot mode through the EAP mode in the embodiments of the invention;
Figure 10 is for informing the flow chart of MS boot mode in the embodiments of the invention through the EAP mode under separation scene;
Figure 11 is for informing the flow chart of MS boot mode in the embodiments of the invention through router under separation scene;
Figure 12 is for informing the flow chart of MS boot mode in the embodiments of the invention through dhcp message under separation scene.
Embodiment
Embodiments of the invention provide a kind of method of informing mobile subscriber terminal bootstrapping (Bootstrapping) pattern; Referring to Fig. 6 sketch map; In the method, mobile subscriber terminal MS sends a request message to network side, and network side receives the pattern that will boot for the MS indication behind the request message; And this indication information returned to MS; Make MS before carrying out Bootstrapping, know that which kind of pattern of this use carries out follow-up Bootstrapping process, avoided MS attempting the inconvenience that various Bootstrapping patterns are brought successively.
Below through concrete embodiment under the different scene, inform that mobile subscriber terminal selects the method for Bootstrapping pattern to describe.
(1) integrates scene: owing to integrate two kinds of Bootstrapping modes that exist at present under the scene; Be DHCP mode and EAP mode; This dual mode all is to depend on the EAP message of in initial network access authentication process, using, and it carries out the mode of Bootstrapping therefore can to consider in network access authentication, to use EAP message to inform MS.
When carrying out Bootstrapping, there are following two kinds of situation through the DHCP mode:
Embodiment one, (the IP address is made up of 128 2 system numbers when MS and DHCP Server are arranged in same site; Generally preceding 48 the identical network nodes in IP address; Regard as and be arranged in same site) time, referring to flow chart shown in Figure 7, implementation step is following:
Step 701:MS and NAS carry out access authentication alternately, and NAS is in visited network.
Step 702:NAS sends Access Request (inserting request) message to HAAA (Home AAA server, home network authentication, authorization and accounting server), and request is carried out authentication to MS, and described HAAA is arranged in MASA.
Step 703:HAAA carries out access authentication to MS; After successfully accomplishing access authentication; HAAA moves authorization of service to MS; The Bootstrapping pattern (suppose to carry out Bootstrapping through DHCP mode under the integration scene according to the Profile indication of MS here) that will carry out for the MS indication according to the Profile (user profile) of MS; And be that it distributes a HA (HA_H) at home network for it, HAAA sends Access Accept (insert and accept) message and gives NAS then, comprises access authentication success indication information, Bootstrapping pattern indication information and above-mentioned HA_H address in the described Access Accept message;
HAAA is the HA that is arranged in home network that is having no under the situation of prior information automatically for the acquiescence of MS distribution in this step.
Step 704:NAS stores the HA_H address after receiving Access Accept message, and sends and accomplish access authentication message to MS, comprises access authentication success indication information and Bootstrapping pattern indication information in this completion access authentication message.
After step 705:MS receives Bootstrapping pattern indication information; Carry out Bootstrapping according to the DHCP mode; All_DHCP_Relay_Agents_and_Servers (all dhcp relay agents and Dynamic Host Configuration Protocol server) multicast address sends DHCP Information Request message, and shows that through the sign option of the home network in this message (Home Network Identifier Option [HAOPT]) MS wants in visited network, still to be assigned with HA in the home network;
The DHCP Server that serves for MS can receive the DHCP Information Request message that MS sends to the All_DHCP_Relay_Agents_and_Servers multicast address; Explain that DHCP Server and MS are arranged in same site; If can not receive the DHCP Information Request message that MS sends to the All_DHCP_Relay_Agents_and_Servers multicast address then not in same site, what present embodiment was described is the situation that DHCP Server and MS are arranged in same site.
Step 706: for after the DHCP server of MS service receives DHCP Information Request message; Identify MS through being used for the sign DUID of unique identification DHCP Server and MS identity in the DHCP system; Operation configuration according to current determines whether that needs are its service; The words DHCP Server that needs sends DHCP Reply message and gives MS, comprises the HA_H address in the DHCP-Reply message;
Be arranged under the situation of same site at DHCP Server and MS; Usually DHCP Server and NAS are made an entity; Preserve the HA_H address among the NAS; Also promptly mean and preserve the HA_H address among the DHCP Server, when DHCP Server sends DHCP Reply message when giving MS, the HA_H address information of its storage is included in the DHCP-Reply message.
If what MS stated in DHCP Information Request message will be assigned with a HA in visited network; Then DHCP server is that MS distributes a HA (HA that will in visited network, distribute is expressed as HA_V) here in visited network; And send DHCP-Reply message and give MS, comprise HA_H address and HA_V address in the DHCP-Reply message.
Step 707:MS and HA accomplish follow-up Bootstrapping process (promptly carrying out the foundation of security association of configuration, HA and the MS of HoA through the IKEv2 process).
Embodiment two, when MS is arranged in different site with DHCP Server, referring to flow chart shown in Figure 8, implementation step is following:
Step 801:MS and NAS carry out access authentication alternately, and NAS is in visited network.
Step 802:NAS sends Access Request (inserting request) message to HAAA, and request is carried out authentication to MS, and described HAAA is arranged in MASA.
Step 803:HAAA carries out access authentication to MS; After successfully accomplishing access authentication; HAAA moves authorization of service to MS; The Bootstrapping pattern (suppose to carry out Bootstrapping through DHCP mode under the integration scene according to the Profile indication of MS here) that will carry out for the MS indication according to the Profile (user profile) of MS; And be that it distributes a HA (HA_H) at home network for it, HAAA sends Access Accept (insert and accept) message and gives NAS then, comprises authentication success indication information, Bootstrapping pattern indication information and above-mentioned HA_H address in this Access Aceept message;
HAAA is the HA that is arranged in home network that is having no under the situation of prior information automatically for the acquiescence of MS distribution in this step.
Step 804:NAS stores the HA_H address after receiving above-mentioned message, and sends and accomplish access authentication message to MS, comprises access authentication success indication information and Bootstrapping pattern indication information in this completion access authentication message.
After step 805:MS receives Bootstrapping pattern indication information; Carry out Bootstrapping according to the DHCP mode; MS sends DHCP Information Request message to All_DHCP_Relay_Agents_and_Servers (all dhcp relay agents and Dynamic Host Configuration Protocol server) multicast address, and shows that through the sign option of the home network in this message (Home Network Identifier Option [HAOPT]) MS wants in visited network, still to be assigned with HA in the home network;
DHCP Server does not receive the DHCP Information Request message that MS sends to the All_DHCP_Relay_Agents_and_Servers multicast address; Explain that DHCP Server and MS are arranged in different site, just need this moment dhcp relay agent to help MS to DHCP Server relaying DHCP Information Request message; , DHCP Server and MS explained that so no longer repeat at this, what present embodiment was described is the situation when being positioned at different site to DHCP Server with MS because being arranged in the situation of same site at embodiment one.
Above-mentioned dhcp relay agent is used for relaying DHCP message between MS and DHCP Server, and itself and NAS are same entity.
Step 806:DHCP relay agent sends Relay-Forward message and gives Dynamic Host Configuration Protocol server after intercepting and capturing the DHCP Information Request message that MS sends, and comprises it in this message from HA_H address that HAAA obtains there;
Because dhcp relay agent and NAS are same entity; So preserve the HA_H address among the NAS; Also promptly mean and preserve the HA_H address in the dhcp relay agent; When dhcp relay agent sends Relay-Forward message when giving Dynamic Host Configuration Protocol server, the HA_H address information of its storage is included in the Relay-Forward message.
Step 807: for the DHCP server of MS service identifies MS through being used for the sign DUID of unique identification DHCPServer and DHCP Client (the DHCP Client here is MS) identity in the DHCP system; Operation configuration according to current determines whether that needs are its service; The words DHCP Server that needs sends Relay-Reply message and gives dhcp relay agent, comprises the HA_H address in the Relay-Reply message;
If what MS stated in DHCP Information Request message will be assigned with a HA in visited network; Then DHCP server is that MS distributes a HA (HA_V) in visited network; And send Relay-Reply message and give dhcp relay agent, comprise HA_H address and HA_V address in the Relay-Reply message.
Step 808:DHCP relay agent sends DHCP Reply message and gives MS, comprising DHCPServer address for the HA of MS distribution in home network, i.e. HA_H address; When DHCP server is MS when in visited network, distributing a HA (HA_V), also comprise the HA_V address in this message.
Step 809:MS and HA accomplish follow-up Bootstrapping process (promptly carrying out the foundation of security association of configuration, HA and the MS of HoA through the IKEv2 process).
Embodiment three, integrating under the scene, when carrying out Bootstrapping through the EAP mode, referring to flow chart shown in Figure 9, implementation step is following:
Step 901:MS and NAS carry out network alternately and begin access authentication procedure, and NAS is in visited network.
Step 902:NAS sends Access Request message to HAAA, and request is carried out authentication to MS, and said HAAA is arranged in MASA.
Step 903:HAAA carries out access authentication to MS; After successfully accomplishing access authentication; HAAA moves authorization of service to MS; Profile according to MS is that Bootstrapping pattern (supposing will carry out Bootstrapping through EAP mode under the integration scene according to the Profile indication of MS here) is carried out in the MS indication, and is that it distributes a HA (HA_H) at home network.
Step 904:HAAA and HA carry out alternately, are MS configuration HoA.
Step 905:HAAA sends Access Accept message and gives NAS, comprises authentication success indication information, HA_H address, HoA and Bootstrapping pattern identification in this message.
Step 906:NAS is after receiving Access Accept message, and indication information that access authentication is successful and HA address, HoA and Bootstrapping pattern identification send to MS, accomplish whole access procedure.
Step 907:MS and HA accomplish follow-up Bootstrapping process (promptly carrying out the security association foundation of HA and MS through the IKEv2 exchange process).
(2) separation scene:
Use the EAP mode when one, MS carries out network authentication, promptly inform the pattern of MS bootstrapping with the EAP mode.
Embodiment four, referring to flow chart shown in Figure 10, under separation scene, inform that through the EAP mode performing step of pattern of MS bootstrapping is following:
Step 1001:MS and NAS carry out network alternately and begin access authentication procedure, and NAS is in visited network.
Step 1002:NAS sends Access Request message to HAAA, and request is carried out authentication to MS.
Step 1003:HAAA carries out access authentication to MS; After successfully accomplishing access authentication; HAAA moves authorization of service to MS, is that Bootstrapping pattern (suppose here to indicate and will carry out Bootstrapping through DNS mode under the separation scene according to the Profile of MS) is carried out in the MS indication according to the Profile of MS.
Step 1004:HAAAA sends Access Accept message and gives NAS, comprises authentication success indication information and above-mentioned Bootstrapping pattern identification in the described Access Accept message.
Step 1005:NAS sends and accomplishes access authentication message to MS after receiving Access Accept message, comprises access authentication success indication information and Bootstrapping pattern indication information in this completion access authentication message.
After step 1006:MS receives Bootstrapping pattern indication information, carry out Bootstrapping according to separation scene DNS mode; MS sends DNS Request message to the dns server of place visited network, shows the FQDN that will resolve HA in the message.
The FQDN of the HA that carries in the DNS Request message of step 1007:DNS through the MS transmission resolves the IP address that obtains HA, sends DNS Reply message then and gives MS, comprises the IP address of HA in the described DNS Reply message.
Step 1008:MS accomplishes follow-up Bootstrapping process (foundation of the security association of configuration, HA and the MS of IKEv2 exchange carrying out HoA) with HA after having got access to the IP address of HA.
Do not use the EAP mode when two, MS carries out network authentication: through when MS is configured CoA, informing the bootstrap approach of MS, the method is a kind of mode of informing of dominance in such cases.According to existing Bootstrapping mode, if when MS does not receive informing of Bootstrapping pattern in carrying out the EAP message of access authentication, just be defaulted as with the DNS mode and carry out Bootstrapping (this kind method is recessive mode).Though recessive mode can normally be carried out Bootstrapping; But in case propose new method; Can there be some problems in the recessive mode of informing, for example when bootstrap approach becomes various, does not just know that through recessive mode MS which kind of mode of this selection booted.So the mode of informing of dominance also is necessary.
Embodiment five, and referring to shown in Figure 11, under separation scene, the method that issues the pattern of Bootstrapping through Router Advertisement (router advertisement) message realizes through following steps:
Step 1101:MS and HAAA accomplish access authentication alternately.
Step 1102:MS sends Router Solicitation (route requests) message to AR (Access Router, couple in router) behind visited network kind configuration CoA address, ask it to issue local configuration information, like network prefix information etc.
After step 1103:AR receives Router Solicitation message, corresponding Bootstrapping pattern (supposing here will to carry out Bootstrapping through the DNS mode under the separation scene according to the Profile indication of MS) is supposed that here instruct MS carries out the Bootstrapping of DNS mode under the separation scene) together be carried to Router Advertisement message kind with local configuration information and issue MS.
After step 1104:MS receives Router Advertisement message, from this message, parse Bootstrapping pattern indication information after, according to the classification scene under the DNS mode carry out Bootstrapping; MS sends DNS Request message to the dns server of place visited network, comprises the FQDN that will resolve HA in the message.
After step 1105:DNS received the DNS Request message that MS sends over, the FQDN of the HA that from this message, comprises resolved the IP address that obtains HA, sent DNS Reply message then and gave MS, comprised the IP address of HA in the described DNS Reply message.
Step 1106:MS accomplishes follow-up Bootstrapping process (foundation of the security association of configuration, HA and the MS of IKEv2 exchange carrying out HoA) with HA after having got access to the IP address of HA.
Embodiment six, and referring to shown in Figure 12, under separation scene, the method that issues the pattern of Bootstrapping through dhcp message realizes through following steps:
The whole access procedure of the mutual completion of step 1201:MS and HAAA.
Step 1202:MS is behind visited network kind configuration CoA address, and MS sends DHCP Information Request message to the Dynamic Host Configuration Protocol server of corresponding distribution address, asks it to distribute CoA.
After step 1203:DHCP server is received DHCP Information Request message; For MS distributes the CoA address, then that MS is corresponding Bootstrapping pattern (supposing will carry out Bootstrapping through DHCP mode under the integration scene according to the Profile indication of MS here) together is carried in the DHCP Reply message with the CoA relevant information and issues MS.
Step 1204:MS carries out Bootstrapping according to separation scene DNS mode after going out Bootstrapping pattern indication information through DHCP Reply message parse; MS sends DNS Request message to the dns server of place visited network, comprises the FQDN that will resolve HA in the message.
After step 1205:DNS receives DNS Request message, resolve the IP address that obtains HA, send DNS Reply message then and give MS, comprise the HA address in this DNS Reply message according to the FQDN of the HA that comprises in this message.
Step 1206:MS accomplishes follow-up Bootstrapping process (promptly carrying out the foundation of security association of configuration, HA and the MS of HoA through the IKEv2 process) with HA after having got access to the IP address of HA.
Embodiments of the invention also provide a kind of network side of notifying boot mode of mobile subscriber terminal; Described network side is used for behind the request message that receives mobile subscriber terminal MS transmission, indicating the pattern that will boot for mobile subscriber terminal, and this indication information is returned to MS.
When described network side is home network authentication, authorization and accounting server HAAA; After HAAA is used to receive the request message of mobile subscriber terminal; MS is carried out access authentication, after completing successfully access authentication, MS is moved authorization of service; User profile according to MS is the boot mode that the mobile subscriber terminal indication will be carried out, and the boot mode indication information is returned to MS.
When described network side was AR, AR was used for after receiving the route request information that MS sends, and for MS indicates the boot mode that will carry out, and sent route announcement message and gave MS, comprised the boot mode indication information in the described route announcement message.
When described network side is Dynamic Host Configuration Protocol server; Dynamic Host Configuration Protocol server is used for after receiving the request message that MS sends; For MS distributes CoA in visited network; And for MS indicates the boot mode that will carry out, send DHCP Reply message then and give MS, comprise boot mode indication information and CoA in the described DHCP Reply message.
The above is merely preferred embodiment of the present invention, and is in order to restriction the present invention, not all within spirit of the present invention and principle, any modification of being done, is equal to replacement, improvement etc., all should be included within protection scope of the present invention.
Claims (6)
1. the method for a notifying boot mode of mobile subscriber terminal is characterized in that, said method comprises: mobile subscriber terminal MS sends a request message to network side, and network side carries out access authentication to said MS after receiving request message;
After network side is accomplished the access authentication to said MS, the pattern that will boot for described MS indication, and the message that will comprise the boot mode indication information returns to described MS.
2. method according to claim 1 is characterized in that, when described network side was home network authentication, authorization and accounting server HAAA, described method comprised:
A1, MS and network access server NAS carry out access authentication alternately;
B1, NAS send to HAAA and insert request message, and request is carried out authentication to MS;
C1, HAAA carry out access authentication to MS, after completing successfully access authentication, are the boot mode that the MS indication will be carried out according to the user profile of MS;
D1, HAAA send and accept message to NAS, and described access accepts to comprise in the message access authentication success indication information and boot mode indication information;
E1, NAS receive accept message after, send and accomplish access authentication message and give described MS, comprise access authentication success indication information and boot mode indication information in the described completion access authentication message.
3. method according to claim 2 is characterized in that, described step C1 further comprises: HAAA is that MS distributes a home agent HA _ H at home network;
Access described in the said step D1 accepts further to comprise in the message HA_H address; And
Said step e 1 further comprises: NAS storage HA_H address.
4. method according to claim 2 is characterized in that, described step C1 further comprises: HAAA is that MS distributes a home agent HA _ H at home network; HAAA carries out alternately with the home agent that distributes for MS, is described MS configuration home address HoA;
Access described in the said step D1 accepts further to comprise in the message HA_H address and HoA; And
Further comprise HA_H address and HoA in the completion access authentication message described in the said step e 1.
5. method according to claim 1 is characterized in that, when described network side was couple in router AR, described method comprised:
A21, said MS and HAAA are mutual, accomplish access authentication;
A2, MS be co-located care-of address CoA in visited network, and sends route request information to AR;
After B2, AR receive route request information,, and send route announcement message and give described MS, comprise the boot mode indication information in the described route announcement message for described MS indicates the boot mode that will carry out.
6. method according to claim 1 is characterized in that, when described network side was Dynamic Host Configuration Protocol server, described method comprised:
Said MS and HAAA carry out alternately, accomplish access authentication;
MS sends a request message to Dynamic Host Configuration Protocol server;
After described Dynamic Host Configuration Protocol server is received request message,, and be the boot mode that described MS indication will be carried out for described MS distributes CoA in visited network;
Send DHCP Reply message and give described MS, comprise boot mode indication information and CoA in the described DHCP Reply message.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN200610063526XA CN101179554B (en) | 2006-11-07 | 2006-11-07 | Method and network side for notifying boot mode of mobile subscriber terminal |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN200610063526XA CN101179554B (en) | 2006-11-07 | 2006-11-07 | Method and network side for notifying boot mode of mobile subscriber terminal |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN101179554A CN101179554A (en) | 2008-05-14 |
| CN101179554B true CN101179554B (en) | 2012-12-12 |
Family
ID=39405641
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN200610063526XA Expired - Fee Related CN101179554B (en) | 2006-11-07 | 2006-11-07 | Method and network side for notifying boot mode of mobile subscriber terminal |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101179554B (en) |
Families Citing this family (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20090290539A1 (en) * | 2008-05-21 | 2009-11-26 | Huawei Technologies, Co., Ltd. | Method and apparatus for home agent address acquisition for IPv4 mobile nodes |
| CN101577723B (en) * | 2009-06-03 | 2012-09-26 | 杭州华三通信技术有限公司 | Method for preventing neighbor discovery protocol message attack and device |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1652535A (en) * | 2004-02-03 | 2005-08-10 | 华为技术有限公司 | Method for managing network layer address |
| WO2005104500A1 (en) * | 2004-04-23 | 2005-11-03 | Telefonaktiebolaget Lm Ericsson (Publ) | Aaa support for dhcp |
| CN1777180A (en) * | 2005-12-02 | 2006-05-24 | 东南大学 | Wireless protection accessing device based on embedded system |
-
2006
- 2006-11-07 CN CN200610063526XA patent/CN101179554B/en not_active Expired - Fee Related
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1652535A (en) * | 2004-02-03 | 2005-08-10 | 华为技术有限公司 | Method for managing network layer address |
| WO2005104500A1 (en) * | 2004-04-23 | 2005-11-03 | Telefonaktiebolaget Lm Ericsson (Publ) | Aaa support for dhcp |
| CN1777180A (en) * | 2005-12-02 | 2006-05-24 | 东南大学 | Wireless protection accessing device based on embedded system |
Non-Patent Citations (1)
| Title |
|---|
| Julien Boumelle等.Bootstrapping Mobile IPv6 using EAP.2005 13th IEEE international conference on2.2005,2935-940. * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN101179554A (en) | 2008-05-14 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101019402B (en) | Method and system for controlling operation of a communication network, and related network | |
| US8102815B2 (en) | Proxy mobility optimization | |
| CN101345998B (en) | Access network switch method, anchor point management equipment, mobile access equipment | |
| US7788405B2 (en) | Method for automatic configuration of prefixes at maps in HMIPv6 | |
| CN101803329A (en) | Detection of mobility functions implemented in a mobile node | |
| CA2350357A1 (en) | A method of supporting seamless hand-off in a mobile telecommunications network | |
| US8171120B1 (en) | Mobile IPv6 route optimization authorization | |
| US9615246B2 (en) | Dynamic allocation of host IP addresses | |
| CN105307170A (en) | Communication system, connection control apparatus, mobile terminal, base station control method, service request method, and program | |
| CN100563221C (en) | A kind of terminal address correlation information acquisition methods and system | |
| US8559409B2 (en) | Method and system for managing mobile router in proxy mobile internet protocol version 6 domain | |
| US8561150B2 (en) | Method and system for supporting mobility security in the next generation network | |
| WO2018030349A1 (en) | Mobile communication system control method, mobile communication system, and proxy server | |
| US20040019664A1 (en) | Method and system for discovering a network element in a network such as an agent in an IP network | |
| CN101179554B (en) | Method and network side for notifying boot mode of mobile subscriber terminal | |
| CN101031133B (en) | Method and apparatus for determining mobile-node home agent | |
| CN101047996B (en) | Method, system for acquiring target network transmission address information and its application | |
| US8428587B2 (en) | Mobile communication system, position registration method, terminal, and home agent | |
| CN101510900A (en) | Method for configuring route of mobile terminal in PMIPv4 | |
| CN1972316A (en) | Care-of address and its acquisition method and system for configuration information of care-of address | |
| CN101047997B (en) | System and method for implementing dynamic maninframe allocation of cross station | |
| CN1972317A (en) | Care-of address and its acquisition method and system for configuration information of care-of address | |
| CN1980255A (en) | Hometown-agent-address obtaining method and accessing business network gate, subscriber terminal | |
| CN1980254A (en) | Method and system for obtaining hometown agent address, subscriber terminal and hometown agency | |
| CN102264059A (en) | Communication method based on user identifier, apparatus thereof and system thereof |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20121212 Termination date: 20151107 |
|
| EXPY | Termination of patent right or utility model |