A kind of method and identity information server of the access mark obtaining terminal
Technical field
The present invention relates to mobile communication field more particularly to a kind of methods and identity information of the access mark for obtaining terminal
Server.
Background technique
It is well known that terminal will access the internet IP in the internet IP, it just must be from one effective IP of network application
Address.The IP address has double attribute, had not only indicated the identity of user but also had indicated network topological location locating for user.Work as user
After certain topology location (such as under certain access gateway) obtains an IP address, which can only make in the topology location
With (e.g., can only be used in the range of an access gateway is administered).For fixed terminal, no doubt there is no problem for this, but for
Mobile terminal, after the range that terminal is administered from an access gateway is moved to the range of another access gateway administration, on
The IP address stated will become an invalid address.At this point, terminal must obtain a new IP from new topology location again
Address.The continuity of IP-based upper-layer service is not can guarantee thus, such as terminal user is playing IP phone, then the call
It can break.
In order to solve this problem, industry proposes a series of solutions, such as the skill based on mobile IP (Mobile IP)
Art, the technology based on GTP.But these technologies all there are problems that it is some it is widely recognized that, such as exist routing detour, Single Point of Faliure
The problems such as.Wherein, on the one hand routing detour will lead to the transmission bearing resource of waste operator, be unfavorable for save the cost;It is another
Aspect increases the time delay of MN (mobile terminal) and CN (Correspondent Node) transmitting-receiving IP data packet, is unfavorable for improving the business body of user
It tests;A possibility that IP packet that another further aspect is increased terminal meets with network congestion when transmitting on network, causes terminal traffic
It is obstructed or even can not achieve (e.g., the real time business such as voice, video, game on line).
The method that identity-based position separates currently, industry begins one's study, the purpose of this method are to solve terminal bridging
Routing detour problem is solved while IP address must be redistributed after function Access Gateway.With reference to Fig. 1, the cellular logic structure of this method
It mainly include access service router (Access Service Router, abbreviation ASR) and identity position register
(Identity Location Register, abbreviation ILR) etc..ASR connects the access net under it, is mainly responsible for user terminal
Access;ILR mainly saves " identity-position " corresponding relationship of terminal.In the method, need to configure one for terminal user admittedly
Fixed access identifies (Access Identity, abbreviation AID), and for the identity of identity user, AID is stored in ILR.When with
When family terminal is linked into network, inquiry obtains the AID of the terminal in ASR to ILR, and is sent to the terminal.
In the network of actual deployment, often there are multiple operators, and have roaming agreement between these operators, i.e.,
Operator B allows the terminal of operator A to provide corresponding network service by the network insertion of oneself, and to the terminal.Upper
In the method for the identity-based position separation stated, the AID of terminal user is stored in the ILR of the home-operator of the user.Such as
Example shown in Fig. 2, user terminal A are contracted user'ss (that is, home-operator that operator A is terminal A) of operator A, this
When, the AID of the user is stored in identity position register A (ILR-A).When terminal roaming to operator B is (that is, visited place is transported
Seek quotient), when being accessed by access service router B (ASR-B), ASR-B can not get the AID of the terminal.Because of operator B
ILR-B in there is no the record of the user, i.e., without the AID information of the user.Therefore, it is separated in above-mentioned identity-based position
Method in, when terminal roams, even if having roaming agreement between its home-operator and current visited place operator,
Terminal can not also network because that can not get the AID of the terminal user.
Summary of the invention
The technical problem to be solved in the present invention is to provide the methods and identity information clothes of a kind of access mark for obtaining terminal
Business device can get the access mark of terminal in terminal roaming.
In order to solve the above technical problems, a kind of method of the access mark of acquisition terminal of the invention, comprising:
Identity information server (IIS) is set in a network, the access mark of the terminal in present networks is initially saved in IIS
Know (AID), and establishes the interconnection between each IIS;
When terminal is roamed from access zone network and accessed, visited place IIS is routed in the visited place serving access service of terminal
When device (ASR) inquires the AID of terminal, to the AID of the ownership IIS inquiry terminal of terminal;
The AID of terminal that the ownership IIS that the visited place IIS receives the terminal is inquired and returned.
Further, the also initial mark for saving terminal and being used for access authentication in IIS, and by the AID and terminal of terminal
Mark for access authentication is associated;
The visited place IIS when receiving the terminal that visited place service ASR is sent and being used for the mark of access authentication,
Know that the visited place service ASR inquires the AID of the terminal;
The mark that the terminal received is used for access authentication is sent to the ownership IIS of the terminal by the visited place IIS,
Inquire the AID of the terminal;
The visited place IIS receives the mark that access authentication is used for according to the terminal that the ownership IIS of the terminal is returned
Know the corresponding AID inquired.
Further, further includes:
The visited place IIS is used before inquiring the AID of the terminal to the ownership IIS of the terminal according to the terminal
Judge whether the terminal belongs to local network in the mark of access authentication, when terminal does not belong to local network, determines
The ownership IIS of the terminal inquires the AID of the terminal to the ownership IIS.
Further, it is connected directly between each IIS, or is connected by one or more borde gateways;
When the IIS is connected by one or more of borde gateways, borde gateway between the IIS according to
Terminal completes the interaction between IIS for the mark of access authentication.
Further, RADIUS (Radius Authentication Dial accessing user service) message or Diameter are based between each IIS
Message interacts.
Further, in long term evolution (LTE) network, grouped data network gateway (P-GW) is used as ASR;By IIS
It is deployed on authentication, authorization, accounting (AAA) server being connect with P-GW, and the aaa server in network is homogeneously interconnected
It connects;Alternatively, IIS is deployed on the mobility management entity (MME) being connect with P-GW, and the MME in network is homogeneously interconnected
It connects;Alternatively,
In 3G (Third Generation) Moblie (3G) network, by gateway general packet wireless service support node (GGSN) conduct
ASR;IIS is deployed on the aaa server connecting with GGSN, and the aaa server in network is homogeneously connected;Alternatively,
IIS is deployed on the home location register (HLR) being connect with GGSN, and the HLR in network is homogeneously connected;Alternatively,
IIS is deployed on the home subscribed services device (HSS) being connect with GGSN, and the HSS in network is homogeneously connected;Alternatively,
In fixed, Broadband Remote Access Server (BRAS) is used as ASR, IIS is deployed in and is connect with BRAS
Aaa server on, and the aaa server in network is homogeneously connected.
Further, a method of saving the access mark of terminal, comprising:
Establish the interconnection in network between each identity position register (ILR);
When terminal is roamed from access zone network and accessed, visited place ILR receives the institute that the visited place service ASR of terminal is sent
The access mark (AID) and Route Distinguisher (RID) of terminal are stated, the AID services ASR by the visited place to be believed from visited place identity
Breath server (IIS) inquiry obtains;The RID is the terminal after inquiring the AID by visited place service ASR
Distribution;
The AID of the terminal and RID are sent to the ownership ILR of the terminal by the visited place ILR, so that the ownership
ILR saves the corresponding relationship of the AID and RID of the terminal.
Further, further includes:
The AID of the terminal and RID before being sent to the ownership ILR of terminal by the visited place ILR, according to terminal
AID and preconfigured information judge whether terminal belongs to local network, if be not belonging to, judge the ownership of the terminal
Network;Or ASR is serviced according to the visited place and is sending mark of the terminal of AID and RID transmission simultaneously for access authentication
Judge whether terminal belongs to local network, if be not belonging to, judges the home network of the terminal.
Further, further includes:
It is connected directly between each ILR, or is connected by one or more borde gateways;
When the ILR is connected by one or more of borde gateways, borde gateway between the ILR according to
The AID or terminal of terminal complete the interaction between ILR for the mark of access authentication.
Further, further includes:
For the visited place ILR after the terminal switches ASR, receiving the target ASR that terminal is switched to is that terminal is divided again
The RID matched;
The visited place ILR is after the terminal is not belonging to local network and determines the home network of terminal, by target ASR
The ownership ILR to terminal is updated for the RID that terminal is redistributed.
Further, further includes:
When the Correspondent Node (CN) of the terminal sends datagram to the terminal, the CN in a network
ILR is when the service ASR of CN inquires the location information of the terminal, if pair of the local AID-RID for not preserving the terminal
It should be related to, then the AID of the terminal is sent to the ownership ILR of the terminal, to inquire the RID of the terminal;
The CN ILR in a network receive the ownership ILR of the terminal according to AID in local search and the institute that returns
State the RID of terminal.
Further, further includes:
The AID of the terminal is sent to the end in the terminal exiting network or release IP address by the visited place ILR
The ownership ILR at end notifies the ownership ILR to delete the RID of the terminal.
Further, RADIUS (Radius Authentication Dial accessing user service) message or Diameter are based between each ILR
Message interacts.
Further, in long term evolution (LTE) network, grouped data network gateway (P-GW) is used as ASR, by ILR
It is deployed on authentication, authorization, accounting (AAA) server being connect with P-GW, and the aaa server in network is homogeneously interconnected
It connects;Alternatively, ILR is deployed on the mobility management entity (MME) being connect with P-GW, and the MME in network is homogeneously interconnected
It connects;Alternatively,
In 3G (Third Generation) Moblie (3G) network, by gateway general packet wireless service support node (GGSN) conduct
ILR is deployed on the aaa server connecting with GGSN by ASR, and the aaa server in network is homogeneously connected;Alternatively,
ILR is deployed on the home location register (HLR) connecting with GGSN, and the HLR in network is homogeneously connected;Alternatively, will
ILR is deployed on the home subscribed services device (HSS) connecting with GGSN, and the HSS in network is homogeneously connected;Alternatively,
In fixed, Broadband Remote Access Server (BRAS) is used as ASR, ILR is deployed in and is connect with BRAS
Aaa server on, and the aaa server in network is homogeneously connected.
Further, a kind of identity information server, comprising: data storage cell, information exchange unit and information inquiry
Unit, in which:
The data storage cell, the access for initially saving the terminal in present networks identify (AID);
The information exchange unit, the interconnection for establishing between each identity information server (IIS);
The information query unit, for being routed in the visited place serving access service of terminal in terminal roaming access
When device (ASR) inquires the AID of terminal, the AID of terminal is inquired to the ownership IIS of terminal by the information exchange unit, and connect
The AID of terminal that the ownership IIS for receiving the terminal is inquired and returned.
Further, the data storage cell is also used to initially save the mark that terminal is used for access authentication, and will be whole
The AID at end is associated for the mark of access authentication with terminal;
The information query unit, specifically for receiving the terminal of the visited place service ASR transmission for accessing
When the mark of authentication, knows that the visited place service ASR will inquire the AID of the terminal, the terminal received is used to access
The mark of authentication is sent to the ownership IIS of the terminal, inquires the AID of the terminal, and the ownership IIS for receiving the terminal is returned
The corresponding AID inquired according to the terminal for the mark of access authentication returned.
Further, the information query unit is also used to inquiring the terminal to the ownership IIS of the terminal
Before AID, the mark according to the terminal for access authentication judges whether the terminal belongs to local network, does not return in terminal
When belonging to local network, the ownership IIS of the terminal is determined, the AID of the terminal is inquired to the ownership IIS.
Further, the information query unit is also used in the terminal for receiving the transmission of other identity information servers
After the mark of access authentication, the mark according to the terminal received for access authentication is inquired from the data storage cell
Corresponding AID, and the AID inquired is returned into corresponding identity information server.
Further, a kind of identity position register, comprising: information exchange unit, data storage cell and information update
Unit, in which:
The information exchange unit, for establishing the interconnection in network between each identity position register (ILR);
The data storage cell, in terminal roaming access, receiving and saving the visited place service ASR hair of terminal
The access mark (AID) and Route Distinguisher (RID) for the terminal sent, the AID service ASR from visited place by the visited place
Identity information server (IIS) inquiry obtains;The RID services ASR after inquiring the AID by the visited place, for institute
State terminal distribution;
The information updating unit, for the AID of the terminal and RID to be sent to institute by the information exchange unit
The ownership ILR of terminal is stated, so that the ownership ILR saves the corresponding relationship of the AID and RID of the terminal.
Further, the information updating unit is also used to the AID of the terminal and RID being sent to returning for terminal
Before belonging to ILR, judges whether terminal belongs to local network according to the AID of terminal and preconfigured information, if be not belonging to, sentence
The home network of the disconnected terminal out;Or ASR is serviced in the terminal for sending AID and RID transmission simultaneously according to the visited place
Mark for access authentication judges whether terminal belongs to local network, if be not belonging to, judges the ownership of the terminal
Network.
Further, the data storage cell is also used to after the terminal switches ASR, receives what terminal was switched to
Target ASR is the RID that terminal is redistributed;
The information updating unit is also used to be not belonging to local network in the terminal and determines the home network of terminal
It afterwards, is that the RID that terminal is redistributed updates the ownership ILR to terminal by target ASR.
Further, the information updating unit is also used in the terminal exiting network or release IP address, by the end
The AID at end is sent to the ownership ILR of the terminal, and the ownership ILR is notified to delete the RID of the terminal.
In conclusion the present invention saves the AID of terminal by setting identity information server, and by identity information server
Be connected with each other, so as to carry out terminal AID interaction, thus in the method for identity-based position separation, when terminal occur it is unrestrained
You Shi can get the AID of terminal, enable the terminals to be linked into access zone network.
Detailed description of the invention
Fig. 1 is the architecture diagram of identity position separation network in the prior art;
Fig. 2 is the schematic diagram that terminal roams in identity position separation network in the prior art;
Fig. 3 is the architecture diagram of the system of the access mark of acquisition terminal of the invention;
Fig. 4 is the flow chart of the embodiment 1 of the method for the access mark of acquisition terminal of the invention;
Fig. 5 is flow chart of the method for the access mark of acquisition terminal of the invention when terminal switches;
Fig. 6 is the flow chart of the embodiment 2 of the method for the access mark of acquisition terminal of the invention;
Fig. 7 is the flow chart of the embodiment 3 of the method for the access mark of acquisition terminal of the invention;
Fig. 8 is schematic diagram when method of the invention is applied to LTE network;
Fig. 9 is schematic diagram when method of the invention is applied to 3G network;
Figure 10 is schematic diagram when method of the invention is applied to fixed network;
Figure 11 is the architecture diagram of identity information server of the invention;
Figure 12 is the architecture diagram of identity position register of the invention.
Specific embodiment
With existing identity position isolation technics the difference is that in the present embodiment, using special identity information
Server (Identity Information Server, referred to herein simply as IIS) saves the AID of terminal user.Such as figure
Shown in 3, operator A has the identity information server A (IIS-A) of oneself, while operator B also has the IIS-B of oneself.It is excellent
It selects IIS while recording terminal user for the mark of access authentication and the AID of the user, and the two is associated.Terminal is used
Mark of the family for access authentication generally comprises international mobile subscriber identity (International Mobile
Subscriber Indentity, abbreviation IMSI), network access Identifier (Network Access Indentifier, NAI)
Deng.In order to support the roaming of terminal user to access, IIS (visited place IIS) and home-operator in visited place operator are needed
IIS (ownership IIS) between increase signaling interface (as shown in Figure 3), the major function of the interface be for visited place IIS with
Belong to the access mark (AID) that terminal user is transmitted between IIS.
It is worth noting that the IIS of visited place operator can be established between the IIS of home-operator and is connected directly
Interface can also establish interface by one or more borde gateway indirectly.That is, visited place operator and home-operator
IIS and above-mentioned borde gateway establish interface respectively, the interaction between two IIS in the borde gateway by having transferred
At.The general action of borde gateway is the data safety and not under fire for protecting both sides operator.It is worth noting that here
Borde gateway may be referred to generally as boundary IIS (Border IIS, abbreviation B-IIS), critical point IIS (Gateway IIS, referred to as
G-IIS it) or acts on behalf of IIS (Proxy IIS, abbreviation P-IIS).
In order to support the home-operator of terminal that can also grasp the location information of terminal, it is preferred that in visited place operator
ILR (visited place ILR) and home-operator ILR (ownership ILR) between increase signaling interface.Similarly, visited place is runed
The ILR of quotient can establish the interface being connected directly between the ILR of home-operator, can also pass through one or more boundary
Gateway establishes interface indirectly.Correspondingly, borde gateway may be referred to generally as boundary identity position register (Border ILR, letter
Claim B-ILR), critical point identity position register (Gateway ILR, abbreviation G-ILR) or agent identity location register
(Proxy ILR, abbreviation P-ILR).
As shown in figure 3, operator B is the visited place operator of terminal A, operator A is the home-operator of terminal A.Fortune
It seeks between the IIS-B of the IIS-A and operator B of quotient A and establishes interface.If terminal A is roamed from operator B and accessed, pass through access
Service router B (ASR-B) access.ASR-B requests the AID of the terminal to IIS-B, and IIS-B can be by above-mentioned at this time
Interface gets the AID of terminal A from IIS-A, and is sent to terminal.It is transported in this way, can solve above-mentioned terminal in roaming place
The problem of battalion quotient can not access.
Embodiment 1:
Fig. 4 show the first embodiment of present embodiment, is that terminal is linked into network, obtains the terminal from network
The process of access mark (AID), specifically includes the following steps:
Step 401: terminal roaming is linked into the network of visited place operator to visited place operator, is attached to it and connects
Enter on service router (ASR), at this point, the ASR is the service ASR of the terminal (i.e. visited place services ASR);
In general, service ASR gets mark of the terminal for access authentication in this step, as described above
IMSI, NAI or user name (User Name) etc..Based on above-mentioned user name, network first accesses the terminal user
Authentication, in access authentication by executing subsequent process again later.
Step 402: above-mentioned ASR (being located at visited place operator) should to visited place identity information server (IIS) inquiry
The AID of terminal user, the terminal for carrying above-mentioned acquisition are used for the mark of access authentication;
Step 403: after visited place IIS receives above-mentioned request, first choice judges whether the user belongs to local network;
Visited place IIS according to above-mentioned terminal for access authentication mark (that is, using the terminal user for accessing
The mark of authentication is expressed as mark of the terminal for access authentication below) it can judge.In the present embodiment, by
In it is assumed that user is currently accessed is visited place operator, so visited place IIS also needs to further determine that the terminal is used at this time
The home-operator at family, is generally used for the mark of access authentication according to terminal, and visited place IIS is the ownership fortune that can determine the terminal
Seek quotient.Preferably, configuration information is depended on, visited place IIS can also determine the ownership IIS of the terminal.
Step 404: visited place IIS disappears to the ownership IIS (positioned at the home-operator of terminal user) of terminal user transmission
Breath, inquires the AID of the terminal, and carried terminal is used for the mark of access authentication in message;
Step 405: after ownership place IIS receives above-mentioned request, preferably verification request message is asked from legal first
The side of asking, then the mark according to above-mentioned terminal for access authentication is returned in the corresponding AID of local search, and to visited place IIS
Response message carries the AID;
Step 406: visited place IIS returns to the AID inquired to ASR;
Above-mentioned AID is sent to terminal by step 407:ASR, and the identity as terminal is configured in terminal local;
Subsequent terminal is used for the AID as the IP address of oneself and extraneous communication.
Step 408: after acquiring the AID of terminal, above-mentioned ASR will also be terminal distribution Route Distinguisher (Routing
Identifier, abbreviation RID, and can be described as station location marker);
The RID update of terminal is arrived visited place operator's by step 409:ASR (ASR that this ASR is visited place operator)
ILR (visited place ILR), the AID of carried terminal user and the RID of above-mentioned distribution, while can also preferably carry above-mentioned terminal
Mark for access authentication;
Step 410: the AID-RID corresponding relationship of terminal is stored in local by visited place ILR, to the ownership ILR of the terminal
Message is sent, the corresponding relationship of above-mentioned AID-RID is carried;
Preferably, visited place ILR can judge that the corresponding terminal of the AID is not to belong to this operator.Visited place ILR can be with
Judge that the AID is not belonging to this operator according to AID and preconfigured information, and can judge what the AID was belonged to
Operator;Alternatively, mark of the visited place ILR according to the terminal preferably carried in step 409 for access authentication is judged to correspond to
AID be not belonging to this operator, and can judge the operator that the AID is belonged to.
Step 411: after ownership ILR gets above- mentioned information, the corresponding relationship of the AID-RID of the terminal being stored in this
Ground;
At this point, the home-operator of terminal can also know the current location information of the terminal.Belong to ILR to visited place ILR
Return to response message.
Step 412: visited place ILR returns to response message to ASR.
It is worth noting that in step 410, visited place ILR can not also record the corresponding pass AID-RID of the terminal
System, and the AID-RID of terminal is directly sent to the ownership ILR of terminal user, the AID- of terminal is only saved by ownership ILR
RID corresponding relationship.
The method of above-described embodiment through the invention, can solve problem of the prior art.When terminal roaming, by visiing
The ASR of Fang Di operator is linked into after network, can also get the AID of oneself, and uses the AID as the source address of oneself
Communication with the outside world.
It is worth noting that directly being interacted between visited place IIS and ownership IIS in the description of present embodiment.
As described above, one or more borde gateways (such as above-mentioned B-IIS, G- can be passed through between visited place IIS and ownership IIS
IIS or P-IIS) it is in communication with each other, borde gateway can also be determined according to above-mentioned terminal for the mark of access authentication at this time
Corresponding message should be sent to which next-hop borde gateway or ownership IIS (method as described in step 403).Together
Reason can also pass through one or more borde gateways (such as above-mentioned B-ILR, P-ILR, G- between visited place ILR and ownership ILR
ILR) intercommunication, the borde gateway can be according to the methods described in step 410, according to AID or above-mentioned terminal user for connecing
Enter the mark of authentication to judge that corresponding message should be sent to which next-hop borde gateway or ownership ILR.
As shown in figure 5, that is, from source, ASR is switched to target when terminal is when visited place operator has switched current ASR
ASR, target ASR need the RID new for the terminal distribution, while the corresponding pass the AID-RID for updating the terminal saved in ILR
System, comprising the following steps:
Step 501-502: after terminal is switched to target ASR from source ASR, target ASR is the new RID of terminal distribution;
Step 503: since target ASR also is located at the network of visited place operator, then target ASR is sent to visited place ILR
Update message, the AID of carried terminal and newly assigned RID, while preferably going back mark of the carried terminal for access authentication;
It is identical principle with step 409.
Step 504: with step 410, visited place ILR judges the terminal user not and is to belong to this operator, while true
After the home-operator of the fixed user, message is sent to the ownership ILR of the terminal, carries the mapping relations of above-mentioned AID-RID;
Step 505-506: with step 411-412.
Embodiment 2:
Fig. 6 show second embodiment of the invention, still assumes that terminal accesses network in visited place operator, i.e. terminal is worked as
Preceding service ASR is located at visited place operator.
Step 601: the Correspondent Node (Correspondent Node, abbreviation CN) of terminal sends datagram to terminal,
The purpose IP address of data message is set as the AID of terminal, and data message arrives first at the service ASR (CN-ASR) of CN;
Step 602: when CN-ASR is when locally searching the location information less than terminal, to the provider domain where CN-ASR
The location information of interior ILR inquiry terminal, the AID of query messages carried terminal;
It is assumed that the operator where CN-ASR is not the home-operator of terminal.
Step 603: it is assumed that ILR in provider domain where CN-ASR is in RID information of the local search less than the terminal,
Then as described in step 410, which can judge that the AID is not belonging to this operation according to AID and preconfigured information
Quotient, and can judge the operator that the AID is belonged to;
Step 604: above-mentioned ILR sends to the ownership ILR of terminal and requests, the AID of carried terminal, to request the terminal
RID information;
Step 605: ownership ILR is after local foundation AID inquires the RID information of terminal, to where above-mentioned CN-ASR
Provider domain in ILR return response message, the AID-RID information of carried terminal;
After the ILR in provider domain where step 606:CN-ASR receives above-mentioned response message, by terminal RID information
Carrying returns to CN-ASR in response message;
Step 607:CN-ASR sends above-mentioned data message according to the location information of terminal.
It is worth noting that the operator where CN-ASR may be the visited place operator that terminal is currently located.At this point,
As described in Example 1, visited place ILR can save the AID-RID relationship of terminal, then CN-ASR directly can be in visited place ILR
Inquire relevant information;Otherwise it is necessary to the method for such as 2 above-mentioned steps of embodiment, relevant information is inquired to ownership ILR.CN-
Operator where ASR may also be distinct from that the visited place operator that terminal is currently located, and be needed at this time according to above-described embodiment
Method inquire the location information of terminal.
Embodiment 3:
Fig. 7 show third embodiment of the invention, still assumes that terminal accesses network in visited place operator, i.e. terminal is worked as
Preceding service ASR is located at visited place operator.When terminal exiting network, need to remove the terminal saved in the ownership ILR of terminal
Location information, specifically comprise the steps of.
Step 701: the current service ASR of terminal receives terminal exiting network or discharges the instruction of IP address;
Step 702: above-mentioned ASR ILR (visited place ILR) transmission in (i.e. the visited place operator domain of terminal) into this domain disappears
Breath, to delete the location information of the terminal, the wherein AID of carried terminal, and carried terminal is preferably gone back for access authentication
Mark;
Step 703: after receiving above-mentioned message, visited place ILR is closed in the AID-RID mapping for locally deleting the terminal first
System, meanwhile, according to the method for step 410, visited place ILR can determine that this domain is the visit domain (i.e. visited place) of terminal, and energy
Determine that the home domain of terminal, visited place ILR send message to the ownership ILR of terminal and take for deleting the location information of the terminal
AID with the terminal, and preferably also carry mark of the above-mentioned terminal for access authentication;
Step 704: ownership ILR deletes the relevant information locally saved, and returns to response message to visit-ILR.
Step 705: visit-ILR returns to response message to above-mentioned ASR.
It is worth noting that IIS described in present embodiment can be deployed in certification, award in the deployment of actual network
Power and charging (Authentication, Authorization and Accouting, abbreviation AAA) server on, homing position
On register (Home Location Register, abbreviation HLR) or home subscribed services device (Home Subscriber
Server, abbreviation HSS), i.e. IIS has the function of IIS as a functional module of these network elements or these network elements itself
Energy.In this way, can directly replace " the identity information server " in the various embodiments described above with these network elements.For example, with " ownership is reflected
Weigh authentication and accounting server " replacement " ownership identity information server ", " visited place authentication authorized charging server " replacement " visit
Ground identity information server " etc., principle is all the same.At this point, visited place-IIS and ownership are passed can be assisted between-IIS by AAA
View interaction, including RADIUS (Remote Authentication Dial In User Service, Radius Authentication Dial access
User service) agreement and Diameter.
For example, the Access-Request message that visited place IIS is defined using radius protocol, carried terminal is for accessing
AID information of the authentication mark into the ownership requesting terminal IIS, correspondingly, ownership IIS uses Access-Accept acknowledgement messaging
Visited place IIS, the AID of carried terminal.If also without record (e.g., terminal user do not contract AID) accordingly in ownership IIS,
Access-Reject message can be returned to visited place IIS by then belonging to IIS.At this point, the ASR of visited place will preferably refuse terminal
Access.The AA-Request that Diameter defines also can be used in visited place IIS believes to the AID of the ownership requesting terminal IIS
Breath, carried terminal are used for the mark of access authentication;Belong to IIS and uses AA-Answer response visited place IIS, the AID of carried terminal
Information, or carry error indication (e.g., terminal user do not contract AID).If visited place IIS, which is received, carries error indication
AA-Answer message, then ASR preferably refuses terminal networking.
As a same reason, in the deployment of actual network, ILR described in present embodiment can also be deployed in aaa server
Upper, HLR is upper or HSS on, i.e. ILR has the function of ILR as a functional module of these network elements or these network elements itself
Energy.In this way, can directly replace " the identity position register " in the various embodiments described above with these network elements.For example, with " ownership is reflected
Weigh authentication and accounting server " replacement " ownership identity position register ", " visited place authentication authorized charging server " replacement " visit
Ground identity position register " etc., principle is all the same.At this point, aaa protocol can also be passed through between visited place ILR and ownership ILR
Interaction, including radius protocol and Diameter.
For example, the Accounting-Request message that visited place ILR is defined using radius protocol, carried terminal
AID and RID information, to the RID information of ownership ILR more new terminal.In first update, Accounting- can be used
Request [start] (that is, the type for showing this request is start) updates above- mentioned information to ownership ILR;It is subsequent to do again more
Newly when (e.g., terminal has switched ASR, after new ASR is the new RID of terminal distribution), Accounting-Request is used
[interim];When deleting the location information of terminal, visited place ILR sends Accounting-Request to ownership ILR
[stop].When angelica ILR receives the Accounting-Request message that type is stop, the RID information of terminal is deleted.Phase
Answer, ownership ILR using Accounting-Response [start], Accounting-Response [interim],
Accounting-Response [stop] response visited place ILR.As described in Example 2, the provider domain where CN-ASR
RID from ILR to the ownership ILR inquiry terminal of terminal when, which can be used the message that newly defines in radius protocol to returning
Belong to ILR inquiry.
The Accounting-Request message that Diameter defines, carried terminal also can be used in visited place ILR
AID and RID information, to ownership ILR more new terminal RID information;Correspondingly, ownership ILR uses Accounting-Answer
Response visited place ILR.Disconnect-Peer-Request or Abort-Session- can be used in visited place ILR
The message such as Request, the AID of carried terminal, instruction ownership ILR delete the RID information of the terminal;Correspondingly ownership ILR is used
Disconnect-Peer-Answer Abort-Session-Answer response visited place ILR.As described in Example 2, when
When the ILR of provider domain where CN-ASR inquires the RID of terminal to the ownership ILR of terminal, which be can be used in Diameter
The message newly defined in agreement is inquired to ownership-ILR.
Embodiment 4:
Fig. 8 is the fourth embodiment of present embodiment, specifically applies the content of present embodiment in LTE (Long Term
Evolution) in network.In the lte networks, terminal is first by being wirelessly connected to S-GW (Serving Gateway, service
Gateway), then P-GW (Packet Data Network Gateway, grouped data network gateway) is connected to by S-GW.Here
P-GW has above-described RBT ASR, is denoted as P-GW (ASR).
Network is divided into visited place operator (the operator B in figure) and the home-operator (the operator A in figure) of terminal,
It is assumed that terminal is presently attached in the network of its visited place operator, and network also is located at for the P-GW (ASR) of terminal distribution
In visited place operator domain.P-GW (ASR) and ILR (i.e. visited place ILR above) and visit in visited place operator domain
IIS (i.e. visited place IIS above) in ground provider domain has interface.The home-operator of visited place ILR and terminal simultaneously
There is interface between ILR (i.e. ownership ILR above) in domain, the IIS in the home-operator domain of visited place IIS and terminal is (i.e.
Ownership IIS above) between also have interface.As described above, interface described here, which can be, is directly connected to, and can also lead to
Intermediate borde gateway etc. is crossed to be indirectly connected with.
Method described in above-described embodiment 1~3 of present embodiment can be applied to LTE network described herein, only
It needs the ASR by embodiment before to replace with P-GW described here (ASR), and source ASR, target ASR is replaced with into source P-
GW (ASR), target P-GW (ASR).Equally, as described above, ILR, IIS, which each may lie in, connect with P-GW (ASR)
(e.g., it is connected by SGi interface with P-GW (ASR)) on aaa server.Its principle is consistent, repeats no more.
In addition, also include MME (Mobility Management Entity, mobility management entity) in LTE network,
It acts as the mobility contexts for saving terminal.At this point, above-mentioned IIS, ILR can also be located on MME, MME sheet in other words
Body have the function of IIS and or ILR.At this point, the MME for being located at visit domain is visited place MME, and it is located at the MME belonged to and is
Belong to MME, and has indirect or direct interface between visited place MME and ownership MME.
Embodiment 5:
Fig. 9 is the 5th embodiment of present embodiment, specifically applies the content of present embodiment in GPRS (General
Packet Radio Service, general packet radio service) in network.In the gprs networks, terminal passes through wirelessly connect first
It is connected to SGSN (Serving GPRS Support Node), then GGSN (Gateway GPRS Support is connected to by SGSN
Node, gateway general packet wireless service support node).Here GGSN has above-described RBT ASR, is denoted as GGSN
(ASR)。
With the principle of example IV, network is divided into visited place operator (the operator B in figure) and the ownership operation of terminal
Quotient (the operator A in figure), it is assumed that terminal is presently attached in the network of its visited place operator, and network is terminal distribution
GGSN (ASR) also be located in visited place operator domain.(i.e. above visits GGSN (ASR) and the ILR in visited place operator domain
Visit ground ILR) and visited place operator domain in IIS (i.e. visited place IIS above) have interface.Simultaneously visited place ILR with
There are interface, the ownership fortune of visited place IIS and terminal between ILR (i.e. ownership ILR above) in the home-operator domain of terminal
Also there is interface between IIS (i.e. ownership IIS above) in battalion's quotient field.As described above, interface described here can be directly
It connects, can also be indirectly connected with by intermediate borde gateway etc. in succession.
Method described in the above embodiment of the present invention 1~3 can be applied to GPRS network described herein, it is only necessary to will
The ASR of embodiment is replaced with GGSN described here (ASR) before, and source ASR, target ASR are replaced with source GGSN
(ASR), target GGSN (ASR).Equally, as described above, ILR, IIS each may lie in the AAA connecting with GGSN (ASR)
(e.g., it is connected by Gi interface with GGSN (ASR)) on server.Its principle is consistent, repeats no more.
In addition, also including HLR or HSS in GPRS network, effect is the information such as the signing for saving terminal user.This
When, IIS, ILR as described above can also be located on HLR/HSS, and the HLR/HSS positioned at visit domain is visited place-HLR/
HSS, and being located at the HLR/HSS belonged to is ownership-HLR/HSS.
Embodiment 6:
Figure 10 is the sixth embodiment of present embodiment, specifically applies the content of present embodiment at fixed network (such as xDSL)
In.In fixed network, terminal passes through user's line (Subscriber Line) and DSLAM (Digital Subscriber Line
Access Multiplexer) it is connected to BRAS (Broadband Remote Access Server, Broadband Remote Access Service
Device).Here BRAS has above-described RBT ASR, is denoted as BRAS (ASR).
The general district management of fixed network, such as region A shown in Fig. 10 and region B.Wherein the attributed region of terminal is area
Domain A, it is assumed that terminal is presently attached in its visited place region (i.e. region B).It is worth noting that region A and region B here
It is analogous to above-mentioned operator A and operator B, so also can be regarded as roaming scence shown in Figure 10.It is assumed that terminal currently connects
The BRAS connect also is located in the region of visited place, the ILR (i.e. visited place ILR above) in BRAS (ASR) and visited place region and
IIS (i.e. visited place IIS above) in visit region has interface.Simultaneously in visited place ILR and the attributed region of terminal
There is interface between ILR (i.e. ownership ILR above), the IIS (ownership i.e. above in the attributed region of visited place IIS and terminal
IIS also there is interface between).As described above, interface described here, which can be, is directly connected to, and can also pass through intermediate side
Boundary's gateway etc. is indirectly connected with.
Method described in the above embodiment of the present invention 1~3 can be applied to fixed network described herein, it is only necessary to by before
The ASR of embodiment is replaced with BRAS described here (ASR), and source ASR, target ASR are replaced with source BRAS (ASR), mesh
It marks BRAS (ASR).Equally, as described above, ILR, IIS each may lie in the aaa server connecting with BRAS (ASR)
On.Its principle is consistent, repeats no more.
As shown in figure 11, present embodiment additionally provides a kind of identity information server, comprising: data storage cell, letter
Cease interactive unit and information query unit, in which:
Data storage cell, for initially saving the AID of the terminal in present networks;
Information exchange unit, the interconnection for establishing between each IIS;
Information query unit, in terminal roaming access, service ASR to inquire the AID of terminal in the visited place of terminal
When, the AID of terminal is inquired to the ownership IIS of terminal by information exchange unit, and the ownership IIS for receiving terminal is inquired and returned
Terminal AID.
Data storage cell is also used to initially save the mark that terminal is used for access authentication, and by the AID and terminal of terminal
Mark for access authentication is associated;
Information query unit, specifically for being used for the mark of access authentication in the terminal for receiving visited place service ASR transmission
When knowledge, knows that visited place service ASR will inquire the AID of terminal, the mark that the terminal received is used for access authentication is sent to
The ownership IIS of terminal, inquires the AID of terminal, and the mark that access authentication is used for according to terminal that the ownership IIS for receiving terminal is returned
Know the corresponding AID inquired.
Information query unit is also used to before the AID to the ownership IIS inquiry terminal of terminal, according to terminal for accessing
The mark of authentication judges whether terminal belongs to local network, when terminal does not belong to local network, determines the ownership of terminal
IIS, to the AID of ownership IIS inquiry terminal.
Information query unit is also used to receiving the terminal of other identity information servers transmission for access authentication
After mark, the mark according to the terminal received for access authentication inquires corresponding AID from data storage cell, and will inquiry
To AID return to corresponding identity information server.
As shown in figure 12, present embodiment additionally provides a kind of identity position register, comprising: information exchange unit, number
According to storage unit and information updating unit, in which:
Information exchange unit, for establishing the interconnection in network between each ILR;
Data storage cell, what the visited place service ASR in terminal roaming access, receiving and saving terminal was sent
The AID and RID of terminal, AID are inquired to obtain by visited place service ASR from visited place IIS;RID is being inquired by visited place service ASR
It is terminal distribution to after AID;
Information updating unit, for the AID of terminal and RID to be sent to the ownership ILR of terminal by information exchange unit,
So that ownership ILR saves the corresponding relationship of the AID and RID of terminal.
Information updating unit is also used to before the ownership ILR that the AID of terminal and RID are sent to terminal, according to terminal
AID and preconfigured information judge whether terminal belongs to local network, if be not belonging to, judge the home network of terminal
Network;Or ASR is serviced according to visited place and is judged eventually in the mark that the terminal for sending AID and RID transmission simultaneously is used for access authentication
Whether end belongs to local network, if be not belonging to, judges the home network of terminal.
Data storage cell is also used to after terminal switches ASR, receive the target ASR that is switched to of terminal be terminal again
The RID of distribution;
Information updating unit is also used to after terminal is not belonging to local network and determines the home network of terminal, by target
ASR updates the ownership ILR to terminal for the RID that terminal is redistributed.
Information updating unit is also used to that the AID of terminal is sent to returning for terminal in terminal exiting network or release IP address
Belong to ILR, notice ownership ILR deletes the RID of terminal.
Obviously, those skilled in the art should be understood that each module of the above invention or each step can be with general
Computing device realize that they can be concentrated on a single computing device, or be distributed in multiple computing devices and formed
Network on, optionally, they can be realized with the program code that computing device can perform, so as to be stored in
It is performed by computing device in storage device, perhaps they are fabricated to each integrated circuit modules or will be in them
Multiple modules or step be fabricated to single integrated circuit module to realize.In this way, the present invention is not limited to any specific hard
Part and software combine.
Above this is merely a preferred embodiment of the present invention, and is not intended to restrict the invention, for the technology of this field
For personnel, the invention may be variously modified and varied.All within the spirits and principles of the present invention, made any to repair
Change, equivalent replacement, improvement etc., should all be included in the protection scope of the present invention.