Embodiment
In the scheme that the realization network that the embodiment of the invention provides switches, selected the target access network switched by terminal to obtain the security information of terminal correspondence from certification authority server, described certification authority server is used for accessing terminal of the service access network of described target access network and described terminal carried out authentication operation; The described security information that the target access network utilization is obtained provides access service for the terminal that switches to target access network.Thereby the time that can avoid corresponding verification process to consume makes the switching terminal that is linked in the target access network can accelerate to insert processing procedure, reduces handover delay.
In above-mentioned processing procedure, because in the process that terminal is switched between two networks, corresponding certification authority server there is no change, be target access network and all corresponding same certification authority server of service access network, therefore, before and after terminal was switched, corresponding authentication information can be shared; For example, it is the corresponding security information of target access network regenerating key information conduct that terminal can adopt identical rule with certification authority server, so that terminal can be finished the access processing procedure in target access network.
In embodiments of the present invention, target access network specifically can be after the switching notice that the service access network that receives terminal is sent, to the security information of certification authority server acquisition request terminal correspondence; For example, can be after triggering switching or switching preparation, give target access network by service access network with the context transfer of terminal, corresponding context includes but not limited to sign, IP address or the PDN GW or the HA address etc. of terminal, is that terminal is initiated to switch to the operation of target access network or is that terminal switches to objective network and prepares with the notification target access network.Perhaps, also can be after target access network determines that this locality does not have the security information of counterpart terminal, to the security information of certification authority server acquisition request terminal correspondence.
In order further to accelerate the switching processing process, after target access network receives the notice that the triggering of terminal is switched or switches the notice of preparing, can also carry out resource reservation for the access of described terminal, so that terminal can utilize reserved resource to set up corresponding carrying apace after switching in the target access network, thereby improve the speed that inserts target access network.
In the embodiment of the invention, carry out the policy, billing operation to switching the terminal of coming exactly for the ease of target access network, the all right acquisition request terminal corresponding strategy charging regulation in target access network of corresponding target access network, and according to the policy charging rule that obtains the terminal of switching access is carried out policy, billing and operate.
That is to say, in the embodiment of the invention, in the terminal switching set-up procedure or after switching, target access network can be obtained terminal corresponding strategy charging regulation from the policy charging rule entity, described policy charging rule entity is used for described target access network and described terminal carried out policy authorization and policy charging rule generating run; And the policy charging rule that can be obtained by the target access network utilization is that the terminal that switches to target access network is carried out resource reservation and access bearer is pre-established and the mounting strategy charging regulation is that described terminal switches to and is used for carrying behind the objective network and charges.
Alternatively, in the embodiment of the invention, finish the operation that switches to target access network in terminal after, can also discharge the resource of terminal correspondence, the information of deletion terminal correspondence by the service access network of target access network or terminal notice terminal.
With the example that switches between 3G network and the WiMAX network, after triggering switching or switching pre-preparation, the process that service access network triggering target access network is switched pre-preparation specifically can comprise:
(1) the ASN GW (IAD) of MME of target access network 3G network (Mobility Management Entity) or SGSN or WiMAX network is to the security information of the certification authority server requesting terminal access that terminal is authenticated, the sign and/or the target access network information of carried terminal in this request, so that certification authority server can index corresponding security information, wherein, the security information of MME or SGSN requesting terminal can be key K
ASME, the security information of ASN GW requesting terminal can be MSK (master session key) or EMSK (extended master session key), corresponding certification authority server can be for HSS (home subscriber server)/AAA (authentication, authentication, charging) server etc.;
Wherein, certification authority server is created on the new key information of using in the target access network according to the information of terminal authentication last time;
(2) PCEF of target access network (policy execution entity) to PCRF (policy charging rule functional entity) requesting terminal in the PCC of target access network Rule (policy charging rule, i.e. PCC rule); Sign, IP address and/or the target access network information of carried terminal (as the address of access network type, policy execution entity or Access Network beared information etc.) in this request, so that PCRF can regenerate the PCC rule (as QoS information, grader template or the charging regulation etc. of authorizing) of correspondence and be handed down to PCEF according to target access network information, carry pre-established so that PCEF installs the PCC rule and reserves access network resource and carry out Access Network.
In the embodiment of the invention, if terminal moves comparatively fast, target access network can't be switched pre-preparation, after then terminal switches to target access network, can carry out normal network and reentry, and target access network detect local do not have the security information of this terminal after, trigger the operation of obtaining of corresponding security information, for example, to MME or SGSN request security information, and by MME or the SGSN key K to HSS (home subscriber server)/AAA (authentication, authentication, charging) server requests terminal
ASME, after HSS/AAA receives secret key request message, adopt IK (integrality password key)/CK (encryption key) to generate K
ASME, and be handed down to MME, the last K that receives by the MME basis
ASMEThe eat dishes without rice or wine key that needs and send to RNS RNS of generation is so that be used for the key that uses as the information interactive process of eating dishes without rice or wine.
Corresponding switched system structure as shown in Figure 3, the handling process of the implementation that the embodiment of the invention provides mainly can may further comprise the steps as shown in Figure 4:
Step 1, terminal are after detecting the signal of objective network, if detected signal strength signal intensity reaches predetermined threshold value, then terminal begins to switch pre-preparation;
Concrete pre-preparation process can comprise: terminal sends handoff request or switches pre-preparation message to service access network, in this handoff request message, carry the target BS relevant information of suggestion, as information such as Base Station Identification, signal strength signal intensities, and can carry the time that estimation begins to switch; Wherein, described service access network can but be not limited to WiMAX Access Network or 3G UTRAN or LTE network;
Step 2 is to step 5, and it is that terminal is switched preparation that service access network is indicated corresponding target access network;
Specifically can will comprise by interface between access network or interoperability functive that to target access network the contextual information such as sign, IP address, PDN GW address of terminal passes to target access network by service access network, and indicate corresponding target access network to obtain the security information of this terminal correspondence, PCC rule etc., afterwards, carry out corresponding resource reservation and carrying foundation operation; Corresponding target access network can but be not limited to 3G UTRAN network or WiMAX Access Network or LTE network;
Wherein, the corresponding switching prepares specifically can may further comprise the steps:
(1) target access network is to the security information of the server requests terminal access that terminal is authenticated, the sign of carried terminal and Access Network information in request message, accordingly the server that terminal is authenticated can but be not limited to HSS (home subscriber server) or aaa server; For example, be specifically as follows key K as the MME requesting terminal in the 3G network of target access network
ASMEAs described security information, perhaps, also can for as the master session key MSK of the IAD ASN GW requesting terminal in the WiMAX network of target access network as described security information;
(2) the policy execution entity PCEF of target access network is to the policy charging rule PCC Rule of policy charging rule functional entity PCRF request in target access network;
Corresponding processing procedure is specifically as follows: PCEF sends a request message to PCRF, the sign of carried terminal, IP address and target access network information in this request message, target access network information can comprise address, Access Network beared information of access network type, policy execution entity etc.; PCRF regenerates PCC Rule according to target access network information after receiving described request message, PCC Rule can but be not limited to comprise QoS information, grader template or the charging regulation etc. of mandate; Corresponding PCC Rule is handed down to PCEF, and PCEF installs described PCC Rule, and reserve access network resource and carry out the Access Network carrying pre-established.
Step 6 behind the switching beamhouse operation in the target access network completing steps 2 to 5, then sends response message to service access network, and indication switching pre-preparation process is finished, and relevant terminal can be initiated handover operation.
After step 7, service access network are received the response message that described target access network sends, continue to send and switch message to described terminal;
Corresponding switch to carry in the message switch the relevant information of preparing, corresponding information comprises but is not limited to: contextual information, resource reservation situation or the safe context of preparing identification information, the related objective network of result, related entities obtains in the information such as situation one or multinomial.
Alternatively, in corresponding switching response message, can carry service access network and be the target access network sign that terminal that terminal is selected can switch to, as Base Station Identification; Perhaps, also can in corresponding switching response message, carry a plurality of target access network signs, as a plurality of Base Station Identifications.
Behind step 8, the service access network response message in receiving target access network, can send acknowledge message to target access network;
Step 9, after terminal is received the response message that step 7 sends, then can carry out corresponding handoff procedure according to the target access network of carrying in response message sign, after terminal is finished normal access procedure with target access network, pre-established carrying before then activating by target access network;
Wherein, if carried a plurality of target access network signs in the described switching response message that step 7 sends, then terminal can select the best target access network of signal to carry out handover operation according to detected signal strength signal intensity; If carried selected target access network sign in the described switching response message that step 7 sends, then terminal directly adopts corresponding target access network to carry out handover operation;
In this step, terminal is finished the selection of objective network, and after preparing to switch to objective network, can also to service access network send Indication message notification service access network discharge before the resource that takies of this terminal, service access network starts the timer for this terminal reservation of resource at this moment, waiting timer is overtime, and service access network discharges all reservation of resource at this terminal automatically;
In this step, after terminal inserted target access network, target access network can send message to service access network, confirmed that terminal switches to this objective network, carried terminal successful switch indication in this message; After service access network was received this message, then deleting all information and the release service access network at this terminal that are kept was the resource of terminal distribution.
In above-mentioned steps 9, if do not have reserved resource or pre-established carrying before, then target access network carries out the distribution of resource and the foundation of carrying in this step; If before reserved resource but set up carrying, then in this step, set up carrying.
In above-mentioned steps 9, if cancellation of terminal notification service access network or refusal this time switch, after then service access network receives the switch indicating information of this cancellation or refusal switching, selected target access network will be notified, discharge it for preallocated up access-in resource of this terminal and pre-established carrying with the notification target access network, delete information such as the security information of this terminal correspondence or charging regulation.
In above-mentioned handoff process, if terminal has little time the switching Preparation operating that completing steps 2 is described to step 5, then above-mentioned steps 2 to step 5 also can be carried out after terminal switches to objective network and normal the networking, specifically can be as shown in Figure 5, and corresponding processing procedure can comprise:
Step 1, terminal detect the signal of satisfactory target access network, then initiate handoff request and switch to target access network to target access network;
Step 2, terminal is initiated network reentry operation to target access network;
Step 3, step 4, target access network receive terminal and initiate to reentry after the message of operation, then obtain information such as the security information of terminal and PCC rule;
Specifically can be to the security information of aaa server acquisition request terminal correspondence, to the PCC rule of PCRF acquisition request terminal correspondence in target access network;
Step 5, the terminal that target access network is switched for this initiation according to information such as security information of obtaining and PCC rules is carried out the pre-established operation of resource reservation and carrying, afterwards, just can be by being carried in the target access network of setting up to terminal provides access service, thus corresponding handover operation finished.
After step 6, target access network are finished corresponding handover operation, then send handoff completion message, terminal is switched to the information notification service access network in the target access network to service access network;
After step 7, service access network receive the handoff completion message of target access network transmission, then be released in local carrying and reserved resource for described switching terminal foundation, simultaneously, the end message of deletion preservation is as security information, PCC Rule Information or the like.
For ease of understanding to the embodiment of the invention, below in conjunction with accompanying drawing, be example with the handoff process between WiMAX network and the 3G network, the concrete application of the embodiment of the invention is elaborated.
Embodiment one
In this embodiment one, suppose that terminal is to switch to 3G network from WiMAX, then corresponding handoff process specifically can may further comprise the steps as shown in Figure 6:
Step 1, terminal is when the signal that detects UTRAN (terrestrial radio Access Network) network and signal strength signal intensity reach predetermined threshold, and terminal begins to switch pre-preparation;
Specifically can send message, can in this message, carry the Target BS of suggestion, and can carry the time that begins to switch estimated by the ASN GW or the interoperability functional entity etc. of terminal in the WiMAX Access Network;
Step 2 is to step 4, ASN GW in the WiMAX access network or interoperability functional entity etc. are sent out MME or the SGSN entity that handoff request is given 3G network by the access network interface, switch pre-preparation with notice MME entity, in described handoff request message, comprise the contexts such as sign, IP address, PDNGW address of terminal;
The corresponding specific implementation process of switching pre-preparation can comprise:
(1) MME merit SGSN is to the key of the server that terminal is authenticated (as certification authority servers such as HSS or aaa servers) requesting terminal access, the sign of carried terminal and target access network information in this request message, so that the HSS/AAA server is according to the identification index of this terminal IK and the CK to terminal, and generate corresponding key according to IK and CK, issue and issue MME or SGSN;
(2) MME or SGSN initiate carrying foundation and PDP Context establishment to PDN GW or Serving GW, PCEF among PDN GW or the Serving GW is the PCC Rule in target access network to the PCRF requesting terminal, the sign of carried terminal in respective request, IP address and target access network information are (as access network type, the address of policy execution entity or Access Network beared information etc.) so that PCRF regenerates the PCC rule (as the QoS information of authorizing according to target access network information, grader template or charging regulation etc.) and be handed down to policy execution entity PCEF.PCEF carries out the reservation of UTRAN access network resource according to the PCC rule, and the pre-established operation of Access Network carrying.
Step 5, terminal is initiated handoff process;
The specific implementation process of this step can may further comprise the steps:
(1) in execution in step 2 to step 4, target access network is switched pre-preparation process with indication and is finished to sending response message as the WiMAX access network of service access network, terminal can be initiated to switch;
(2) after the WiMAX access network is received described response message, send response message, in this response message, carry the base station of the target access network that the terminal of network selecting can switch to terminal; Described WiMAX access network sends acknowledge message to choosing the target access network of switching;
(3) terminal is after receiving described switching response message, just can carry out corresponding handoff process, wherein, if carried a plurality of Base Station Identifications in described switching response message, then terminal can select the best base station of signal to switch according to detected signal strength signal intensity.
Step 6, terminal are carried out network reentry operation, to be linked in the target access network;
Step 7, the context of target access network activated terminals and Business Stream carry out PMIP registration, the MIP tunnel between foundation and the PDN GW by Serving GW (gateway) to PDN GW; Also can between PDN GW and Serving GW, adopt the GTP agreement, set up GTP tunnel;
Be specifically as follows: terminal after the normal access procedure of finishing with the UTRAN access network, pre-established carrying before activating by target access network; Wherein, if there is not pre-established carrying before, then target access network is that terminal is set up carrying according to reserved resource.
Step 8, target access network will notify the WiMAX access network to discharge corresponding resource;
Be specifically as follows: target access network sends the message of carried terminal successful switch indication to the WiMAX access network, after the WiMAX access network was received described message, all information and release WiMAX access network at this switching terminal that deletion is kept were the resource of terminal distribution.
Above-mentioned steps 8 also can replace with: terminal if determine to be initiated to the switching of target access network, then sends Indication message to the WiMAX access network after receiving handoff response, discharges the resource of this terminal with notice WiMAX access network;
Be specifically as follows: after the WiMAX access network is received described Indication message, start the timer for this terminal reservation of resource, waiting timer is overtime, and the WiMAX access network discharges all reservation of resource at this terminal automatically.
In above-mentioned processing procedure, terminal can also this time be switched by described Indication message notice WiMAX access network cancellation or refusal, if terminal cancellation or refusal this time switch, after then the WiMAX access network receives the indication of cancellation or refusal switching this time, will notify selected target access network to discharge its information such as context for preallocated access-in resource of this terminal and deletion terminal.
Embodiment two
In this embodiment two, be example from the handoff process that WiMAX switches to 3G network still with terminal, corresponding handoff process and embodiment one are similar, difference was before terminal is switched, there is not Signalling exchange between WiMAX Access Network and the UTRAN Access Network, i.e. the operations such as safety information acquisition, resource reservation and carrying foundation of in the UTRAN Access Network, not switching pre-preparation and carrying out terminal in advance for the arrival of terminal in advance.
The handover operation that this embodiment two provides mainly may further comprise the steps as shown in Figure 7:
Step 1, terminal switches in the objective network under not carrying out the situation of switching pre-money beamhouse operation;
Be specifically as follows: after terminal switches to target UTRAN Access Network, carry out normal network reentry operation, in reentrant procedure, do not carry out authentication operation again at this terminal, but IK (integrality password the key)/CK (encryption key) that directly utilizes current authentication to produce, the message authentication code that is about to adopt key IK/CK to generate sends in the Target RNS (RNS) of target access network;
Step 2, step 3 are obtained the security information of terminal by MME or SGSN;
Receive the message authentication code that carries employing key IK/CK generation of terminal transmission at RNS after, detect oneself not security information of this terminal, then ask corresponding security information to MME or SGSN; MME or SGSN receive request just to the security information of HSS/AAA server requests terminal, after the HSS/AAA server is received secret key request message, adopt IK/CK to generate safe key, and are handed down to MME or SGSN; After MME or SGSN receive key, generate and to eat dishes without rice or wine the key that needs and to send to Target RNS, facilitate the use the message authentication code that its terminal sends and carry out operations such as authenticated encryption.
Step 4 after MME or SGSN send corresponding key to Target RNS, will receive that then the Business Stream of terminal is set up request, and at this moment, MME or SGSN will to PDN GW or Serving GW initiates carrying foundation and PDP Context is created;
Be specifically as follows: by the PCEF among the PDN GW to the PCRF requesting terminal PCC Rule in this target access network, the sign that needs carried terminal in the corresponding request, IP address and target access network information are (as access network type, the address of policy execution entity or Access Network beared information etc.), so that PCRF regenerates the PCC rule (as the QoS information of authorizing according to target access network information, grader template or charging regulation etc.) and be handed down to PCEF, so that PCEF reserves the UTRAN access network resource according to this PCC rule, and carry out PDP Context establishment and Access Network carrying foundation.
Other follow-up treatment steps are identical with the processing procedure that embodiment one provides, so no longer repeat.
Embodiment three
In this embodiment three, terminal is to switch to the WiMAX access network from the 3G Access Network, and switches pre-preparation by MME in the 3G access network or SGSN entity notice ASN GW; ASN GW is to the master session key MSK of HSS or aaa server requesting terminal, and HSS or aaa server generate MSK or EMSK according to the key that terminal authentication produces, and MSK or EMSK are handed down to ASN GW; At last, be that terminal is reserved WiMAX access network resource and pre-established data channel to the base station by ASN GW.
In embodiment three, corresponding handoff procedure specifically can comprise as shown in Figure 8:
Step 1, terminal is when the signal that detects the WiMAX Access Network and signal strength signal intensity reach predetermined threshold, terminal sends handoff request or switches pre-preparation message to the WiMAX network by 3G network, in this message, carry the target access network of suggestion, and can carry the time that estimation begins to switch;
Step 2 is to step 4, and MME in the 3G network or SGSN entity are handoff request or switch the ASN GW entity that pre-preparation message sends to the WiMAX Access Network, switches pre-preparation with notice ASN GW entity;
The corresponding specific implementation process of switching pre-preparation can comprise:
(1) ASN GW is to the key of the server that terminal is authenticated (as HSS or aaa server etc.) requesting terminal access, the sign of carried terminal and target access network information in this request message, so that HSS/AAA is according to the identification index of this terminal IK and the CK to the terminal correspondence, and generate the cryptographic key context of terminal in objective network, and be handed down to ASN GW according to IK and CK;
(2) ASN GW to the PCRF requesting terminal PCC Rule in target access network, the sign of carried terminal, IP address and target access network information in respective request (as the address of access network type, policy execution entity or Access Network beared information etc.) are so that PCRF regenerates PCC rule (as QoS information, grader template or the charging regulation etc. of authorizing) and is handed down to ASN GW according to target access network information.ASN GW carries out the reservation of WiMAX access network resource according to the PCC rule, and the pre-established operation of Access Network carrying.
Step 5, terminal is initiated handoff process;
Step 6, terminal are carried out network reentry operation, to be linked in the WiMAX Access Network;
Step 7, the context and the Business Stream of WiMAX Access Network activated terminals carry out the PMIP registration by ASN GW to PDNGW, and the MIP tunnel between foundation and the PDN GW facilitates the use described MIP tunnel and carries out the transmission of information for the terminal after switching;
Be specifically as follows: terminal after the normal access procedure of finishing with the WiMAX access network, pre-established carrying before activating by target access network; Wherein, if there is not pre-established carrying before, then the WiMAX Access Network is that terminal is set up carrying according to reserved resource.
Step 8, WiMAX access network notice 3G access network discharges corresponding resource;
Above-mentioned steps 8 also can replace with: terminal is after receiving handoff response, notice 3G access network discharges the resource of this terminal, for example, the 3G access network is after receiving corresponding notice, start and be the timer of this terminal reservation of resource, waiting timer is overtime, then discharges all reservation of resource at this terminal.
In above-mentioned processing procedure, terminal can also notify cancellation of 3G access network or refusal this time to switch, if terminal cancellation or refusal this time switch, after then the 3G access network receives the indication of cancellation or refusal switching this time, will notify selected WiMAX access network to discharge its information such as context for preallocated up access-in resource of this terminal and deletion terminal.
The processing procedure of describing among above-mentioned processing procedure and the embodiment one is similar, so be not described in detail in this.
Embodiment four
In this embodiment four, terminal is to switch to the WiMAX access network from the 3G Access Network, and by the master session key MSK of ASN GW to HSS/AAA server requests terminal, the HSS/AAA server generates MSK/EMSK according to the key that terminal authentication produces, and MSK/EMSK is handed down to ASN GW; At last, be that terminal is reserved WiMAX access network resource and pre-established data channel to the base station by ASN GW.
In embodiment four, corresponding switching place journey specifically can comprise as shown in Figure 9:
Step 1, terminal (being UE) switches in the target access network under not carrying out the situation of switching pre-money beamhouse operation, be after terminal switches to target WiMAX Access Network, carry out normal network reentry operation, in reentrant procedure, do not carry out authentication operation again, but the IK/CK that directly utilizes current authentication to produce generates MSK/EMSK and air interface key at this terminal;
Step 2 adopts the new MSK/EMSK of described generation and air interface key to carry out the mutual of space interface signaling between terminal and the BS;
Step 3, after BS/ASN GW detects local terminal and does not have the key of terminal, the security information of acquisition request terminal correspondence then;
After BS/ASN GW receives the message that terminal sends, detect oneself not security information of this terminal, then obtain corresponding security information to authentication device Authenticator, and by the security information (MSK/EMSK) of authentication device to HSS/AAA server requests terminal, after the HSS/AAA server is received secret key request message, adopt IK/CK to generate corresponding M SK/EMSK, and be handed down to authentication device; After authentication device is received corresponding M SK/EMSK, then continue to send it to BS/ASN GW.
Step 4 after BS/ASN GW receives corresponding M SK/EMSK, is then carried out corresponding resource reservation in the WiMAX Access Network, and the operation that PDP Context is created and the Access Network carrying is set up.
The processing procedure of describing among above-mentioned processing procedure and the embodiment two is similar, so be not described in detail in this.
Need to prove, in above embodiment, requirement WiMAX access network and 3G access network all need to handle the handoff procedure between different system, and promptly WiMAX access network (as ASN GW) and 3G access network (as mainly being MME or SGSN) need be that function corresponding is supported in the switching between different system.In actual deployment, needs can be supported also that the function of switching between different system is abstract and come out, form new functional entity, and the function corresponding entity independently is set, the interface between function corresponding entity and each access network can but be not limited to adopt the interface between common WiMAX network entity (as the R4/R6 interface etc.) or the interface (as S1, gn interface etc.) of 3G network inter-entity usually.Like this, it seems from each system that the switching between two Access Networks of switching between different system and homologous ray is similar, just corresponding the switching is to carry out adaptation processing by intermediate entities (being above-mentioned new functional entity) to finish.In real network is disposed, the setting that can distribute of this intermediate entities, for example: corresponding entity is set in the WiMAX network is used for other system and switches to the WiMAX network, at the 3G access network corresponding entity is set also and is used for other system and switches to 3G network; Perhaps, this intermediate entities also can be unified and is arranged between two networks, to realize corresponding handover operation.
The embodiment of the invention also provides a kind of system that realizes that network switches, and its specific implementation structure specifically can comprise as shown in figure 10:
(1) certification authority server is used for the target access network of switching terminal correspondence and the terminal of service access network are carried out authentication operation, and the in store security information of passing through the terminal correspondence of authentication, and it is specifically as follows HSS or aaa server etc.;
(2) target access network is used for switching the back in terminal and obtains the security information of terminal correspondence from described certification authority server, as key information etc., and utilizes the described security information of obtaining to provide access service for the terminal that switches to target access network; The operation of the security information of corresponding acquisition request terminal correspondence can trigger in this locality, also can be by the service access network notification triggers.
Alternatively, in this system, can also comprise service access network, be used for after terminal is initiated handover operation, notifying described target access network, so that described target access network starts the operation of the security information of acquisition request terminal correspondence.
After switching to target access network in terminal, can delete the relevant information in the service access network reliably, then can also comprise with lower unit at described service access network:
Switch and to finish the notice receiving element, be used for the switching that the receiving target access network sends and finish notice;
Timer is used for finishing the notice receiving element in described switching and receives described switching and finish notice back and start timer, and the timer duration of corresponding timer can be determined according to the maximum duration that the corresponding resource of expectation and information are preserved in service access network;
Resource discharges and the information deletion unit, is used for behind described timer expiry, discharges the resource of terminal correspondence in the service access network, the information of deletion terminal correspondence.
Specific implementation structure below in conjunction with the corresponding access network device in 10 pairs of corresponding target access networks of accompanying drawing describes explanation.
With reference to shown in Figure 10, the concrete structure of described access network device comprises with lower unit:
(1) safety information acquisition unit is used for obtaining the security information of terminal correspondence from the certification authority server that terminal is carried out authentication operation after terminal switches to target access network equipment (i.e. the access network at this access device place);
According to the difference of the triggering mode that obtains security information, this safety information acquisition unit specifically can comprise following arbitrary unit:
First acquiring unit is used for after the switching notice that the service access network that receives terminal is sent, to the security information of certification authority server acquisition request terminal correspondence;
Second acquisition unit is used for after determining there is not the security information that switches to local terminal correspondence, to the security information of certification authority server acquisition request terminal correspondence.
(2) insert processing unit, the security information that is used to utilize described safety information acquisition unit to obtain provides access service for the terminal that switches to this access network device.
Alternatively, this access network device can also comprise the resource reservation unit, be used for after the switching notice that the service access network that receives terminal is sent, for described terminal is carried out resource reservation, can insert target access network fast, reliably so that switch to the terminal of target access network, thereby finish corresponding handover operation with less handover delay.
Alternatively, in this access network device, can also comprise handover cancelling or refusal notice receiving element, be used to receive the handover cancelling that service access network sends or the notice of refusal, then discharge predetermined resource and delete the information of terminal correspondence, thereby can guarantee after terminal cancellation or refusal switching, target access network can discharge corresponding resource in time and delete corresponding information, thereby saves the memory space in the target access network equipment and can improve corresponding resource utilization.
Alternatively, policy charging rule carries out the policy, billing operation to it in order to guarantee can to adopt accurately at the terminal that switches to this locality in objective network, then can also comprise in this access network device:
The policy charging rule acquiring unit is used for the acquisition request terminal at target access network corresponding strategy charging regulation, specifically can obtain the new policy charging rule of terminal correspondence according to the information request such as type of target access network;
The policy, billing operating unit, the policy charging rule that is used for obtaining according to described policy charging rule acquiring unit carries out the policy, billing operation to switching the terminal that inserts.
Alternatively, can also comprise in this access network device switching and finish notification unit that be used for after terminal is finished the operation that switches to target access network, the service access network of notice terminal discharges the resource of terminal correspondence, the information of deletion terminal correspondence.
The embodiment of the invention, the system that also provides another kind of realization network to switch, its specific implementation structure specifically can comprise as shown in figure 11:
(1) switch processing device
This device is used for after terminal switches to target access network equipment, obtains the security information of terminal correspondence from certification authority server, and this security information is sent to described target access network;
This switch processing device specifically can comprise with lower unit:
The safety information acquisition unit is used for obtaining the security information of terminal correspondence from certification authority server after terminal switches to target access network equipment;
The security information transfer unit is used for the security information that described safety information acquisition unit obtains is sent to described target access network.
(2) target access network
Be used for after terminal is switched, receiving the security information that described switch processing device is sent, and utilizing described security information to provide access service for the terminal that switches to target access network.
Need to prove, above-mentioned each embodiment of the invention is not only applicable in the handoff process between WiMAX and the 3G network different editions, also be applicable in the handover operation process between other WiMAX and the non-WiMAX network, for example switching between WiMAX and the 3GPP2 etc.
In sum, description by above-mentioned each embodiment of the invention as can be known, in the handoff process between the Access Network that is total to core net, with the example that switches between 3GPP and the WiMAX network, corresponding handoff procedure can make full use of 3GPP network and WiMAX network self complete safe mechanism, guarantees by WiMAX network signal or safety of data; And, the network insertion process after the corresponding handoff process that the embodiment of the invention provides can effectively be accelerated to switch, thus handover delay reduced, guarantee data and professional continuity as much as possible.
The above; only for the preferable embodiment of the present invention, but protection scope of the present invention is not limited thereto, and anyly is familiar with those skilled in the art in the technical scope that the present invention discloses; the variation that can expect easily or replacement all should be encompassed within protection scope of the present invention.Therefore, protection scope of the present invention should be as the criterion with the protection range of claim.