CN101330754A - Method for implementing authentication charging of remote subscriber dialing authentication system - Google Patents

Method for implementing authentication charging of remote subscriber dialing authentication system Download PDF

Info

Publication number
CN101330754A
CN101330754A CNA2007101673329A CN200710167332A CN101330754A CN 101330754 A CN101330754 A CN 101330754A CN A2007101673329 A CNA2007101673329 A CN A2007101673329A CN 200710167332 A CN200710167332 A CN 200710167332A CN 101330754 A CN101330754 A CN 101330754A
Authority
CN
China
Prior art keywords
network
authentication system
charging
support node
portable terminal
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CNA2007101673329A
Other languages
Chinese (zh)
Inventor
陈福志
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
ZTE Corp
Original Assignee
ZTE Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by ZTE Corp filed Critical ZTE Corp
Priority to CNA2007101673329A priority Critical patent/CN101330754A/en
Publication of CN101330754A publication Critical patent/CN101330754A/en
Pending legal-status Critical Current

Links

Images

Abstract

The invention discloses a method for realizing the authentication and the accounting of a remote authentication dial-in user service, and comprises the following steps: the incidence relation between the information of a mobile terminal and a remote authentication dial-in user service (RADIUS) server is configured on a gateway GPRS support node; the mobile terminal is activated in a service network, and when the RADIUS authentication and accounting are required for the examination of the gateway GPRS support node, the remote authentication dial-in user service server corresponding to the mobile terminal is searched according to the incidence relation; authentication and accounting requests are originated to the remote authentication dial-in user service server; the remote authentication dial-in user service server performs authentication and accounting. By adopting the method, the problems that a packet domain returns a home network to perform the RADIUS authentication and accounting, and the local RADIUS server requires load sharing due to too heavy load can be easily solved.

Description

A kind of method that realizes authentication charging of remote subscriber dialing authentication system
Technical field
The present invention relates to the communications field, relate in particular to 3GPP (3rd Generation PartnershipProject, third generation partner program) realizes the method for RADIUS (Remote Authentication DialIn User Service, remote customer dialing authentication system) authenticating and charging in.
Background technology
Along with the maturation of 3G technology, the 3G product is constantly commercial, user's authentication and charging also is subjected to operator's attention.3GPP agreement 29061 regulation GGSN (Gateway GPRS Support Node, Gateway GPRS Support Node) authenticating and chargings can adopt radius protocol.The RADIUS account flow process when MS (Mobile subscriber Station, portable terminal) can adopt RADIUS authentication and charging when GGSN activates, is directly initiated the authenticating and charging request by GGSN to radius server as shown in Figure 1.May further comprise the steps:
Step 101, portable terminal sends PDP to SGSN and activates request;
Step 102, SGSN sends the PDP Context request of creating to GGSN;
Step 103, GGSN sends authentication request message to corresponding radius server;
Step 104, radius server returns authentication to GGSN and receives message;
Step 105, GGSN sends to charge to radius server and begins request;
Step 106, GGSN returns to SGSN and creates PDP Context request response;
Step 107, SGSN returns the activation PDP Context to portable terminal and accepts message;
Step 108, radius server are returned to charge to GGSN and are begun response;
Step 109 is carried out transfer of data between portable terminal and the GGSN;
Step 110, portable terminal sends the request of deactivation PDP Context to SGSN;
Step 111, SGSN sends the request of deletion PDP Context to GGSN;
Step 112, GGSN sends to charge to radius server and stops request;
Step 113, GGSN returns the response of deletion PDP Context to SGSN;
Step 114, SGSN returns the response of deactivation PDP Context to portable terminal;
Step 115, radius server are returned to charge to GGSN and are stopped response.
Shown in Figure 2 is the network architecture system of 3GPP PS (Packet Switch, packet switching).
Home PLMN (Public Land Mobile Network, public land mobile radio communication) is the home network 3G network of MS, and this network is preserved user's subscription data, authentication parameter and authorization message.Visited PLMN is the MS visited network, and this network provides carrying for the business of MS temporarily.MS is a mobile device, directly presents the 3G business for the user.SGSN (Serving GPRS Support Node, Serving GPRS Support Node) manages moving with session of MS.GGSN mainly manages user's session, is responsible for simultaneously the user is carried out authenticating and charging, inserts the external business network.PDN is an external data network, can be Internet, also can be service provider's dedicated network.Radius server is preserved user's authentication information, authorization message and cost information.GGSN among the identical PLMN or SGSN are by gn interface communication, and GGSN among the different PLMN or SGSN are by gp interface communication, and GGSN and radius server are by the Gi interface communication.
3G network as shown in Figure 2 belongs to large-scale mobile network, and broad covered area, the user attaching of whole network are in different PLMN, and the user among the same PLMN also belongs to different areas.MS moves in 3G network, may be in the home network, also may move to visited network.According to operator's needs, to user's authentication with charge and will be allowed a choice, the user can be at the visited network authenticating and charging, also can be at the home network authenticating and charging.So just proposing the roamer may be in the demand of the local authenticating and charging of difference, and the roamer may need to return the genus network and carry out authenticating and charging.
In the prior art, the roamer is when visited network, related all is the radius server of visited network, the radius server of visited network can select to realize agent functionality, and roamer's radius server of getting back to home network carries out the agent functionality of the radius server that authenticating and charging need be by visited network like this.Unavailable when the agent functionality of the radius server of visited network, when perhaps agent service amount causes very much the radius server of visited network the performance bottleneck problem to occur greatly, the roamer can not return and belong to network and carry out authenticating and charging.
In addition, because GGSN belongs to IAD, traffic carrying capacity is very big, and according to operator's requirement, the RADIUS of GGSN local network load is very big, need carry out load sharing.
Summary of the invention
The technical problem to be solved in the present invention provides a kind of method that realizes authentication charging of remote subscriber dialing authentication system, makes the roamer carry out authenticating and charging to home network, alleviates local radius server load.
In order to address the above problem, the invention provides a kind of method that realizes authentication charging of remote subscriber dialing authentication system, may further comprise the steps:
Configuration information of mobile terminal and remote customer dialing authentication system radius server incidence relation on Gateway GPRS Support Node;
Described portable terminal activates at service network, when the Gateway GPRS Support Node inspection need be carried out the RADIUS authenticating and charging, find the remote customer dialing authentication system server of described portable terminal correspondence according to described incidence relation, initiate the authenticating and charging request to described remote customer dialing authentication system server;
Described remote customer dialing authentication system server carries out authenticating and charging.
Further, when disposing described incidence relation, dispose the incidence relation of the remote customer dialing authentication system server of described information of mobile terminal and described portable terminal home network.
Further, described information of mobile terminal is described mobile terminal user sign.
Further, described user ID is customer identification number section or user ID number.
Further, described user ID number is the international public switched telephone network (PSTN) of international mobile subscriber identity or portable terminal/integrated services digital network number.
Further, when described Gateway GPRS Support Node is searched the remote customer dialing authentication system server according to described incidence relation, if do not find the remote customer dialing authentication system server, select the remote customer dialing authentication system server of acquiescence to carry out authenticating and charging.
Further, the remote customer dialing authentication system server of described acquiescence is the remote customer dialing authentication system server of described portable terminal home network.
Further, described mobile terminal roaming is during to visited network, and described service network is the visited network of described portable terminal, and described Gateway GPRS Support Node is the Gateway GPRS Support Node of visited network or the Gateway GPRS Support Node of home network.
Further, described portable terminal is in home network the time, and described service network is the home network of described portable terminal, and described Gateway GPRS Support Node is the Gateway GPRS Support Node of home network.
Adopt method of the present invention, can simply solve the roamer and return the problem that the genus network carries out RADIUS authentication and charging, and local radius server needs the problem of load sharing too greatly owing to load.That the present invention disposes is succinct, simple to operate, be easy to realize, is of value to operator and user, has improved the Performance And Reliability of the network equipment under the situation that realizes load sharing.
Description of drawings
Fig. 1 is a RADIUS authenticating and charging flow chart in the prior art;
Fig. 2 is that GGSN realizes that MS returns the networking diagram that belongs to the network authentication charging;
Fig. 3 is the flow chart that the present invention realizes the method for authentication charging of remote subscriber dialing authentication system;
Fig. 4 is that GGSN is according to roamer's the IMSI or the flow chart of MSISDN realization MS recurrence genus network authentication charging;
Fig. 5 is the networking diagram that GGSN realizes the RADIUS load sharing;
Fig. 6 is the flow chart that GGSN realizes the RADIUS load sharing.
Embodiment
Because operator's requirement, the roamer may need to return the genus network and carry out authenticating and charging, and perhaps the RADIUS of GGSN local network load is very big, need carry out load sharing.
At above two demands, the present invention distinguishes the user according to user ID, user's authenticating and charging request message is distributed to the radius server of appointment.User ID can be selected IMSI (InternationalMobile Subscriber Identity, international mobile subscriber identity) or MSISDN (MSinternational PSTN/ISDN number, the international public switched telephone network (PSTN) of portable terminal/integrated services digital network number), the two selects one to get final product.IMSI and MSISDN have globally unique characteristic, and this characteristic makes user's message distribution have certainty.
IMSI is made up of three parts: MCC (Mobile Country Code, Mobile Country Code MCC), MNC (Mobile Network Code, Mobile Network Code) and MSIN (Mobile SubscriberIdentification Number, mobile subscriber identification code).Each national Mobile Country Code MCC is all different, if there are a plurality of PLMN networks to exist in same country, Mobile Network Code is also different, and the mobile user identification number must be different in same PLMN network.Above regulation has been guaranteed the global uniqueness of IMSI.
MSISDN is made up of three parts: CC (Country Code, national code), NDC (NationalDestination Code, national objective sign indicating number) and SN (Subscriber Number, Subscriber Number).Each national national code is all different, if a plurality of PLMN networks are arranged in same country, international object code is also different, and Subscriber Number must be different in same PLMN network.Above regulation has been guaranteed the global uniqueness of MSISDN.
Because it is related with the area that the customer identification number section is distributed with different networks, can be at GGSN directly according to customer identification number section distribution authenticating and charging request message.But flexible configuration both can also can be distributed according to the customer identification number section according to the user ID number as required.
As shown in Figure 3, the method for realization authentication charging of remote subscriber dialing authentication system may further comprise the steps:
Step 301, configuration information of mobile terminal and radius server incidence relation on the GGSN in mobile terminal affiliated service network.
Described information of mobile terminal is the mobile terminal user sign;
Described radius server can be the radius server of home network, it also can be the radius server of visited network, if realize that the roamer returns the radius server that belongs to network and carries out authenticating and charging, then set up the incidence relation of user ID and home network radius server.
Above-mentioned user ID can be customer identification number section or user ID number, and the user ID number has uniqueness can be IMSI or MSISDN.When using the customer identification number section, be in the radius server that interior its corresponding radius server of user ID number of this customer identification number segment limit is this customer identification number section association.
Also can be configured in the visited network according to the above-mentioned incidence relation of needs is set, carry out authenticating and charging.
Step 302, the user activates at service network, and GGSN checks in the time of need carrying out the RADIUS authenticating and charging that concrete radius server is found in configuration according to user ID, initiates the authenticating and charging request to this radius server;
If do not find the radius server configuration corresponding, then select the radius server of acquiescence to carry out authenticating and charging with information of mobile terminal at GGSN;
The radius server of acquiescence can be the radius server of home network.
The user is in home network the time, and service network is a home network, and GGSN is the GGSN of home network.
When the user roamed into visited network, service network was a visited network, and GGSN can also can be the GGSN of home network for the GGSN of visited network, because SGSN can select when GGSN is selected the GGSN of visited network also can select the GGSN of home network.
Step 303, after the subscription authentication success, the normal process related service.
As shown in Figure 4, after the enterprising line identifier configuration of the service GGSN of portable terminal, realize that according to IMSI or MSISDN roamer MS returns the method that belongs to the network authentication charging and may further comprise the steps:
Step 401, portable terminal sends PDP to visited network SGSN and activates request;
Step 402, visited network SGSN sends the PDP Context request of creating to visited network GGSN;
Step 403, visited network GGSN carries out IMSI or the MSISDN configuration is searched, and finds corresponding home network radius server;
Step 404, visited network GGSN sends authentication request message to the home network radius server of finding;
Step 405, the home network radius server returns authentication to visited network GGSN and receives message;
Step 406, visited network GGSN sends to charge to the home network radius server of finding and begins request;
Step 407, visited network GGSN returns to visited network SGSN and creates the PDP Context response;
Step 408, visited network SGSN returns the activation PDP Context to portable terminal and accepts message;
Step 409, home network radius server are returned to charge to visited network GGSN and are begun response;
Step 410 is carried out transfer of data between portable terminal and the visited network GGSN;
Step 411, portable terminal sends the request of deactivation PDP Context to visited network SGSN;
Step 412, visited network SGSN sends the request of deletion PDP Context to visited network GGSN;
Step 413, visited network GGSN sends to charge to the home network radius server and stops request;
Step 414, visited network GGSN returns the response of deletion PDP Context to visited network SGSN;
Step 415, visited network SGSN returns deactivation PDP Context message to portable terminal;
Step 416, home network radius server are returned to charge to visited network GGSN and are stopped response.
Service GGSN is the GGSN of visited network among Fig. 4, and in other embodiments, service GGSN can be the GGSN of home network.
As shown in Figure 5, according to the networking diagram of user ID realization RADIUS load sharing, can realize sharing of RADIUS authenticating and charging load like this.
The a plurality of customer identification number sections of configuration on GGSN, the corresponding radius server of each number section.
For the user who does not have configure user identification number section, carry out default configuration, the radius server of corresponding acquiescence; When the user carries out authentication, according to the corresponding radius server of customer identification number section inquiry.
As shown in Figure 6, for GGSN carries out the flow chart of RADIUS load sharing, GGSN can determine to carry out authentication on radius server 1 still is radius server 2, thereby reach the purpose of load sharing according to the result of customer identification number section inquiry.
Only having listed radius server 1 among Fig. 5 and Fig. 6 still is radius server 2, and radius server number herein can have more than two, can all be local server, also can be existing this locality, and the other places is also arranged.
In sum, what this programme provided realizes according to user ID dispatch user authenticating and charging message on GGSN to the method for specifying radius server, very simply solved the roamer and return and belong to the problem that network carries out RADIUS authentication and charging, also solved local radius server because the too big problem that needs load sharing of load.This invention configuration is succinct, simple to operate, be easy to realize, operator and user are of great benefit to.Under the situation that realizes load sharing, improved the Performance And Reliability of the network equipment.
The present invention also can have other various embodiments; under the situation that does not deviate from spirit of the present invention and essence thereof; those of ordinary skill in the art are when making various corresponding changes and distortion according to the present invention, and these change and be out of shape the protection range that all should belong to the appended claim of the present invention accordingly.

Claims (9)

1, a kind of method that realizes authentication charging of remote subscriber dialing authentication system is characterized in that, may further comprise the steps:
Configuration information of mobile terminal and remote customer dialing authentication system radius server incidence relation on Gateway GPRS Support Node;
Described portable terminal activates at service network, when the Gateway GPRS Support Node inspection need be carried out the RADIUS authenticating and charging, find the remote customer dialing authentication system server of described portable terminal correspondence according to described incidence relation, initiate the authenticating and charging request to described remote customer dialing authentication system server;
Described remote customer dialing authentication system server carries out authenticating and charging.
2, the method for claim 1 is characterized in that:
When disposing described incidence relation, dispose the incidence relation of the remote customer dialing authentication system server of described information of mobile terminal and described portable terminal home network.
3, method as claimed in claim 1 or 2 is characterized in that:
Described information of mobile terminal is described mobile terminal user sign.
4, method as claimed in claim 3 is characterized in that:
Described user ID is customer identification number section or user ID number.
5, method as claimed in claim 4 is characterized in that:
Described user ID number is the international public switched telephone network (PSTN) of international mobile subscriber identity or portable terminal/integrated services digital network number.
6, method as claimed in claim 1 or 2 is characterized in that:
When described Gateway GPRS Support Node is searched the remote customer dialing authentication system server according to described incidence relation, if do not find the remote customer dialing authentication system server, select the remote customer dialing authentication system server of acquiescence to carry out authenticating and charging.
7, method as claimed in claim 6 is characterized in that:
The remote customer dialing authentication system server of described acquiescence is the remote customer dialing authentication system server of described portable terminal home network.
8, the method for claim 1 is characterized in that:
Described mobile terminal roaming is during to visited network, and described service network is the visited network of described portable terminal, and described Gateway GPRS Support Node is the Gateway GPRS Support Node of visited network or the Gateway GPRS Support Node of home network.
9, the method for claim 1 is characterized in that:
Described portable terminal is in home network the time, and described service network is the home network of described portable terminal, and described Gateway GPRS Support Node is the Gateway GPRS Support Node of home network.
CNA2007101673329A 2007-10-25 2007-10-25 Method for implementing authentication charging of remote subscriber dialing authentication system Pending CN101330754A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CNA2007101673329A CN101330754A (en) 2007-10-25 2007-10-25 Method for implementing authentication charging of remote subscriber dialing authentication system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CNA2007101673329A CN101330754A (en) 2007-10-25 2007-10-25 Method for implementing authentication charging of remote subscriber dialing authentication system

Publications (1)

Publication Number Publication Date
CN101330754A true CN101330754A (en) 2008-12-24

Family

ID=40206288

Family Applications (1)

Application Number Title Priority Date Filing Date
CNA2007101673329A Pending CN101330754A (en) 2007-10-25 2007-10-25 Method for implementing authentication charging of remote subscriber dialing authentication system

Country Status (1)

Country Link
CN (1) CN101330754A (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103813293A (en) * 2014-02-14 2014-05-21 中国联合网络通信集团有限公司 Charging method and device
CN105227685A (en) * 2014-06-13 2016-01-06 中兴通讯股份有限公司 The correlating method of user profile and data flow, master control set, radius server
CN109981521A (en) * 2017-12-27 2019-07-05 中国电信股份有限公司 Message correlating method, message associated apparatus and message interconnected system

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103813293A (en) * 2014-02-14 2014-05-21 中国联合网络通信集团有限公司 Charging method and device
CN103813293B (en) * 2014-02-14 2017-10-03 中国联合网络通信集团有限公司 Charging method and device
CN105227685A (en) * 2014-06-13 2016-01-06 中兴通讯股份有限公司 The correlating method of user profile and data flow, master control set, radius server
CN109981521A (en) * 2017-12-27 2019-07-05 中国电信股份有限公司 Message correlating method, message associated apparatus and message interconnected system
CN109981521B (en) * 2017-12-27 2021-10-15 中国电信股份有限公司 Message association method, message association device and message association system

Similar Documents

Publication Publication Date Title
EP2932744B1 (en) Method for serving visitor subscribers in a mobile communication system
EP1166497B1 (en) Mobile internet access
EP1552714B1 (en) Method and apparatus for storing subscriber data
CN101212709B (en) Device and method for implementing SIMN short message service
WO2007105000A1 (en) Method of and architecture for a virtual wireles network
JP2011518487A (en) Telecommunications network
US8995994B2 (en) Routing communications between telecommunications networks
CN101978716A (en) Method for optimizing a user equipment pdn (packet data network) connection
CN101106778B (en) GPRS implementation method and system based on one-in-multiple number SIM card
WO2015069160A1 (en) Methods, network control nodes and communication devices for routing signalling requests in a communication system
EP2725831B1 (en) Method for using a user equipment in a coverage area of a visited public land mobile network, public land mobile network and computer program product
KR101104707B1 (en) System and Method for Transmitting Short Message Using Small-Size Base Station
CN101610495A (en) A kind of network of user access control and method
CN100461958C (en) Mobile communication access system and method
CN101330754A (en) Method for implementing authentication charging of remote subscriber dialing authentication system
CN101212385B (en) Trunked network interconnecting method and system
EP2082590A1 (en) Method for transmitting multimedia message to roamed multimedia message receiver and system thereof
CN101375554A (en) Wireless communication system and method of implementing an evolved system attachment procedure
EP1777978A1 (en) Service provider selection in a communication network
CN100438693C (en) Service access method for packet domain
KR101077482B1 (en) System and Method for Connecting Call Using Small-Size Base Station
CN102870485B (en) Control method, the Apparatus and system of subscriber equipment access network
CN101867904A (en) Smart dialing telephone terminal, system and method
KR100537694B1 (en) Method and system for providing multi access functions to a cell phone connected with a personal digital assistant using one directory number
KR100886827B1 (en) Ystem and method for transmitting multimedia message using small-size base station

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C12 Rejection of a patent application after its publication
RJ01 Rejection of invention patent application after publication

Open date: 20081224