CN103826224B - A kind of method and apparatus for realizing user access control - Google Patents
A kind of method and apparatus for realizing user access control Download PDFInfo
- Publication number
- CN103826224B CN103826224B CN201410043067.3A CN201410043067A CN103826224B CN 103826224 B CN103826224 B CN 103826224B CN 201410043067 A CN201410043067 A CN 201410043067A CN 103826224 B CN103826224 B CN 103826224B
- Authority
- CN
- China
- Prior art keywords
- epc
- module
- network element
- access
- authentication
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Landscapes
- Mobile Radio Communication Systems (AREA)
Abstract
The invention discloses a kind of method and apparatus for realizing user access control;Wherein, methods described includes:Receive the access request that user equipment (UE) is initiated;UE access requests are sent to network element inside the EPC by the process passage in evolved packet core EPC network elements;After the access response that network element feeds back inside the EPC is got, access response is fed back to the UE to initiate the security control process of UE accesses.Using the method and apparatus of the embodiment of the present invention, the Access Control of user can be realized before HSS concentrates deployment to build completion, and simplify access process, while emergency communication supportability can be provided for system.
Description
Technical field
The present invention relates to mobile communication technology field, and in particular to a kind of method and apparatus for realizing user access control.
Background technology
With LTE(Long Term Evolution, Long Term Evolution)Business develops rapidly, the TD- currently promoted
LTE(Time Division Long Term Evolution, time-division-Long Term Evolution)Networking be related to wireless network, core
Design, construction and the O&M of the engineering such as net and transmission network.Wherein, due to during TD-LTE networking, it is desirable to new
Build HSS(Home Subscriber Server, home signature user server)/HLR(Home Location Register,
Attaching position register)The construction mode using concentrated setting is needed, that is, generally requires to concentrate and builds mutually redundant distribution
HSS/HLR equipment, and distributed HSS/HLR is generally by FE/BE(Front end/Behind end, front end/rear end)Composition;Its
In, BE is responsible for the storage of user's static data and dynamic data;FE includes FE-HSS and FE-HLR two parts functions, is responsible for processing
The processing of the signaling of S6a interfaces and Signaling System Number 7 interface, and MME(Mobility Managenment Entity, mobile management
Entity)S6a interfaces between HSS use Diameter signalings, can not but reuse existing long-distance No.7 Network.
Meanwhile just because of HSS need concentrate deployment, therefore HSS/HLR build complete before, at present LAN also without
Method is that LTE user carries out Access Control;Also, bearer network, data center, network can be related to by disposing it due to HSS concentration
Many links such as management, once some link breaks down, it will directly affect TD-LTE service quality.
The content of the invention
In view of the above problems, it is proposed that the present invention so as to provide one kind overcome above mentioned problem or at least in part solve on
State a kind of method and apparatus for realizing data transfer of problem.
According to one aspect of the present invention, there is provided a kind of method for realizing user access control, including:
Receive the access request that user equipment (UE) is initiated;By the process passage in evolved packet core EPC network elements to institute
State network element inside EPC and send UE access requests;After the access response that network element feeds back inside the EPC is got, to the UE
Feedback access is responded to initiate the security control process of UE accesses.
Preferably, this method also includes after the access request of UE initiations is received:Pass through the process in the EPC network elements
Passage sends authentication information request to network element inside the EPC;The authentication information response of network element feedback inside the EPC is received,
And authentication request is fed back to the UE, to obtain UE authentication information;The Authentication Response sent by receiving the UE obtains institute
State UE authentication information.
Preferably, this method also includes after the authentication information of the UE is obtained:Led to by the process in the EPC network elements
Road sends user contracting data to network element inside the EPC and obtains request;The EPC in-house networks member is obtained according to local data base
The UE found user contracting data.
Preferably, this method also includes:Receive the insertion user data requests that network element is sent inside the EPC;According to institute
State the configured information included in insertion user data requests and trigger operation corresponding to the UE current states;After the completion of the operation
Network element feedback insertion user data response inside to the EPC.
Preferably, this method also includes:Receive the deletion user data requests that network element is sent inside the EPC;According to institute
State and delete deletion action of the user data requests triggering to the UE data;After deletion action success into the EPC
Portion's network element feedback deletes user data response.
Preferably, before the process passage by EPC network elements sends access request to network element inside the EPC
Also include:The mapping relations list of network element access way inside the default UE international mobile equipment mark IMEI and EPC;Carry
Take out the UE included in the access request IMEI;The mapping relations are inquired about using the IMEI of the UE extracted
List, if it does, then sending access request to network element inside the EPC by the process passage in EPC network elements.
Preferably, the access request is including at least in UE attachment message, attachment removal message and location area updating message
One kind.
According to another aspect of the present invention, there is provided a kind of mobility management entity MME for realizing user access control, bag
Include:Receiving unit, communication unit and feedback unit;Wherein, the receiving unit is used for the access for receiving user equipment (UE) initiation
Request;The communication unit is used to send to network element inside the EPC by the process passage in evolved packet core EPC network elements
UE access requests;The feedback unit is used for after the access response that network element feeds back inside the EPC is got, anti-to the UE
Feedback access is responded to initiate the security control process of UE accesses.
Preferably, the communication unit also includes:Authentication request module, authentication process module and authentication acquisition module;Its
In, the authentication request module is used to send authentication letter to network element inside the EPC by the process passage in the EPC network elements
Breath request;The authentication process module is used to receive the authentication information response of network element feedback inside the EPC, and anti-to the UE
Authentication request is presented, to obtain UE authentication information;The authentication that the authentication acquisition module is used to send by receiving the UE is rung
The authentication information of the UE should be obtained.
Preferably, the communication unit also includes:Data demand module and data acquisition module;Wherein, the data please
Modulus block, which is used to obtain to network element transmission user contracting data inside the EPC by the process passage in the EPC network elements, asks
Ask;The data acquisition module is used for the user for obtaining the UE that the EPC in-house networks member is found according to local data base
Subscription data.
Preferably, the MME also includes:First receiving module, the first trigger module and the first feedback module;Wherein, it is described
First receiving module is used to receive the insertion user data requests that network element is sent inside EPC;First trigger module is used for root
It is current that the configured information included in the insertion user data requests received according to first receiving module triggers the UE
Operated corresponding to state;First feedback module is used to complete after corresponding operating to the EPC in the described first module of setting out
Internal network element feedback insertion user data response.
Preferably, the MME also includes:Second receiving module, the second trigger module and the second feedback module;Wherein, it is described
Second receiving module is used to receive the deletion user data requests that network element is sent inside EPC;Second trigger module is used for root
Deletion action according to the deletion user data requests triggering that second receiving module receives to the UE data;It is described
Second feedback module is used to delete user to network element feedback inside the EPC after second trigger module completes deletion action
Data respond.
Preferably, the communication unit also includes:Setup module, extraction module and matching module;Wherein, the setting mould
Block is used for the mapping relations list for presetting network element access way inside the UE international mobile equipment mark IMEI and EPC;Institute
State the IMEI that extraction module is used to extract the UE included in the access request;The matching module is used for described in utilization
The IMEI for the UE that extraction module extracts inquires about the mapping relations list, if it does, then being led to by the process in EPC network elements
Road sends access request to network element inside the EPC.
The embodiment of the present invention is by when user needs to access network, passing through entering between MME and its internal other network element
Cheng Tongxin, using network element control user access inside the EPC, so as to be realized before HSS concentrates deployment construction to complete
The Access Control of user, and access process is simplified, while emergency communication supportability can be provided for system.
Described above is only the general introduction of technical solution of the present invention, in order to better understand the technological means of the present invention,
And can be practiced according to the content of specification, and in order to allow above and other objects of the present invention, feature and advantage can
Become apparent, below especially exemplified by the embodiment of the present invention.
Brief description of the drawings
By reading the detailed description of hereafter preferred embodiment, it is various other the advantages of and benefit it is common for this area
Technical staff will be clear understanding.Accompanying drawing is only used for showing the purpose of preferred embodiment, and is not considered as to the present invention
Limitation.And in whole accompanying drawing, identical part is denoted by the same reference numerals.In the accompanying drawings:
Fig. 1 is the method and step schematic flow sheet for realizing user access control of one embodiment of the invention;
Fig. 2 is the apparatus structure schematic block diagram for realizing user access control of one embodiment of the invention.
Embodiment
The exemplary embodiment of the disclosure is more fully described below with reference to accompanying drawings.Although the disclosure is shown in accompanying drawing
Exemplary embodiment, it being understood, however, that may be realized in various forms the disclosure without should be by embodiments set forth here
Limited.On the contrary, these embodiments are provided to facilitate a more thoroughly understanding of the present invention, and can be by the scope of the present disclosure
Completely it is communicated to those skilled in the art.
Reference picture 1, a kind of method and step flow chart for realizing user access control according to embodiments of the present invention is shown,
Illustrate by taking MME as an example, specifically may include steps of:
Step 110:MME receives the access request that user equipment (UE) is initiated;
Wherein, when the UE needs to access network, it can send access request;In the present embodiment, the MME is received
The access request that the UE arrived is sent can include ATTACH message(Adhere to message), DETTACH message(Attachment removal), TAU message(Position
Put area's new information)In any one.Also, the IMEI of the UE is should also contain in the access request that the UE is sent
(International Mobile Station Equipment Identity, international mobile equipment mark), to identify this
UE access identity information, specific the present embodiment repeat no more.
Step 120:The MME passes through EPC(Evolved Packet Core, evolved packet core)Process in network element
Passage sends UE access requests to network element inside the EPC;
It is worth noting that, in order to realize the Access Control of user before HSS concentrates deployment, and emergency communication guarantor is provided
Barrier ability, the present embodiment proposes to set portable virtual HSS modules in EPC equipment, but is not limited thereto;It can conduct
Network element is used for storing user subscription information, user is authenticated and the work(such as is managed to customer position information inside EPC
Can, and data interaction is carried out to realize the Access Control of user with MME.Wherein, the hardware required for the portable virtual HSS is set
Standby can be existing EPC core network signallings board plate, and realize HSS functions by loading HSS software kit and database.
Because the virtual HSS is network element inside the EPC, as long as therefore being set inside the EPC and can realize HSS
Inside network element, it is virtual HSS that the present embodiment, which is not limited to the inside network element,;So receiving UE in the MME
After the access request of transmission, it can carry out information exchange by network element inside the process passage in EPC network elements and the EPC, i.e.,
The MME sends UE access request to network element inside the EPC;Wherein, inside the MME processes and EPC network element process it
Between the flow that is related to can be performed according to mode specified in existing standard agreement, because these flows are based on network element internal
Information exchange is realized in interprocess communication, and it can interact used TCP/SCTP agreements to protect independent of MME with entity HSS
Demonstrate,prove reliability.
Step 130:After the access response that network element feeds back inside the EPC is got, access response is fed back to the UE
To initiate the security control process of UE accesses.
Specifically, after the MME sends UE access request to network element inside the EPC, network element meeting inside the EPC
Judged whether to perform the access operation of the UE according to existing HSS operating processes, and operating result is notified to the MME;It is described
After MME receives the access response of network element feedback inside the EPC, access response can be fed back to the UE to initiate UE accesses
Security control process, specific the present embodiment will not be repeated here.
It should be noted that being based on the present embodiment above-mentioned steps, this method may also include step 140:Received in the MME
After the access request initiated to UE, authentication information is sent to network element inside the EPC by the process passage in the EPC network elements
Request, and the authentication information response of network element feedback inside the EPC is received, authentication request then is fed back to the UE, then pass through
Receive the authentication information that the Authentication Response that the UE is sent obtains the UE.Specifically, MME is in attachment flow, if desired
User is authenticated, is interacted by device interior passage and portable virtual HSS, user is authenticated, HSS according to
The authentication parameter at family and corresponding algorithm, return to the result of successfully/failure;If authenticate the authentication vector by returning to the user
List;If not over returning to the response of failure, MME refusal user's accesses.
In addition, the method for above-described embodiment may also include step 150 after the authentication information of the UE is obtained:By described
Process passage in EPC network elements sends user contracting data to network element inside the EPC and obtains request;Obtain inside the EPC
The user contracting data for the UE that network element is found according to local data base.Specifically, after MME is to subscription authentication success, after
Continue to portable virtual HSS requests user contracting data, HSS and the result of successfully/failure is provided according to user data in database;Such as
Fruit success, return to the subscription data of user.
Method and step based on above-described embodiment, this method may also include step 160:Receive network element hair inside the EPC
The insertion user data requests sent;Configured information according to being included in the insertion user data requests triggers the current shapes of UE
Operated corresponding to state;Network element feedback insertion user data response inside the backward EPC is completed in the operation.It is specifically, local
After operating desk modification user data, portable virtual HSS can send Insert Subscriber Data Request message to MME
User data is modified;MME can be acted after receiving the message according to corresponding to the triggering of the User Status of this equipment, such as
Bearer update process etc., and reply Insert Subscriber Data Answer responses to portable virtual HSS
In addition, the method for the embodiment of the present invention may also include step 170:Receive the deletion that network element is sent inside the EPC
User data requests;Deletion action according to the deletion user data requests triggering to the UE data;Behaviour is deleted described
Make successfully network element feedback deletion user data response inside the backward EPC.Specifically, local console deletes user data
Afterwards, portable virtual HSS can send Delete Subscriber Data Request message to MME, after MME receives the message
It can be acted according to corresponding to the triggering of the User Status of this equipment, give HSS to reply Delete Subscriber Data Answer and ring
Should.
In addition, the method for above-described embodiment in the process passage by EPC network elements to the EPC in-house networks
Member may also include step 180 before sending access request:Default UE international mobile equipment mark IMEI and the EPC in-house networks
The mapping relations list of first access way;Extract the UE included in the access request IMEI;Utilize the extraction
The UE gone out IMEI inquires about the mapping relations list, if it does, then by the process passage in EPC network elements to the EPC
Internal network element sends access request.Specifically, when MME is related in UE ATTACH message, DETTACH message, TAU message etc.
During S6a interfaces HSS addressing, the selection of access way can be achieved by the IMSI number section configured, including but not limited to select
Local portable virtual HSS completes the authentication of user, obtains the processes such as signing information;Such as:In core net MME subsystems
In, can be directed to the user of IMSI=46001xxxxx xxxxx number sections can select local virtual HSS to carry out access authentication, its
The user of his number section then selects external entity HSS to carry out access authentication, if IMSI programmings so in terminal usim card into
The IMSI number of 46001xxxxx xxxxx number sections, these terminals can carry out access authentication in the virtual HSS of local.
As can be seen that using the method for the embodiment of the present invention, when user needs to access network, inside MME and EPC
Process communication between network element, using network element control user access inside the EPC, so as to concentrate deployment to build in HSS
The Access Control of user is realized before completing, and simplifies access process, while emergency communication can be provided for system and ensure energy
Power.
Certainly, above-mentioned special type information and its judgment mode are intended only as example, when implementing the embodiment of the present invention, Ke Yigen
Other special type informations and its judgment mode are set according to actual conditions, the embodiment of the present invention is not any limitation as to this.In addition, except upper
State outside special type information and its judgment mode, those skilled in the art can also according to being actually needed using other special type informations and its
Judgment mode, the embodiment of the present invention are not also any limitation as to this.
For embodiment of the method, in order to be briefly described, therefore it is all expressed as to a series of combination of actions, but this area
Technical staff should know that the embodiment of the present invention is not limited by described sequence of movement, because implementing according to the present invention
Example, some steps can use other orders or carry out simultaneously.Secondly, those skilled in the art should also know, specification
Described in embodiment belong to preferred embodiment, necessary to the involved action not necessarily embodiment of the present invention.
Reference picture 2, show a kind of apparatus structure frame for realizing user access control according to an embodiment of the invention
Figure, can specifically include following module:Receiving unit 210, communication unit 220 and feedback unit 230;Wherein,
The receiving unit 210 is used for the access request for receiving user equipment (UE) initiation;The communication unit 220 is used to lead to
The process passage crossed in evolved packet core EPC network elements sends UE access requests to network element inside the EPC;The feedback unit
230 are used for after the access response that network element feeds back inside the EPC is got, and feed back access response to the UE is connect with initiating UE
The security control process entered.
Wherein, the communication unit 220 may also include(Not shown in figure):Authentication request module, authentication process module and
Authenticate acquisition module;Wherein, the authentication request module is used for by the process passage in the EPC network elements into the EPC
Portion's network element sends authentication information request;The authentication process module is used to receive the authentication information of network element feedback inside the EPC
Response, and authentication request is fed back to the UE, to obtain UE authentication information;The authentication acquisition module is used for by receiving
The Authentication Response for stating UE transmissions obtains the authentication information of the UE.
In addition, the communication unit 220 may also include(Not shown in figure):Data demand module and data acquisition module;
Wherein, the data demand module is used to send user to network element inside the EPC by the process passage in the EPC network elements
Subscription data obtains request;The data acquisition module is found for obtaining the EPC in-house networks member according to local data base
The UE user contracting data.
It is worth noting that, the MME may also include(Not shown in figure):First receiving module, the first trigger module and
One feedback module;Wherein, first receiving module is used to receive the insertion user data requests that network element is sent inside EPC;Institute
State the finger included in the insertion user data requests that the first trigger module is used to receive according to first receiving module
Show information to trigger corresponding to the UE current states to operate;First feedback module be used for described first set out module complete
Corresponding operating network element feedback insertion user data response inside the EPC backward.
In addition, the MME may also include(Not shown in figure):Second receiving module, the second trigger module and second
Feedback module;Wherein, second receiving module is used to receive the deletion user data requests that network element is sent inside EPC;It is described
The deletion user data requests that second trigger module is used to be received according to second receiving module are triggered to the UE
The deletion action of data;Second feedback module is used for after second trigger module completes deletion action to the EPC
Internal network element feedback deletes user data response.
It should be noted that the communication unit 220 may also include(Not shown in figure):Setup module, extraction module and
Matching module;Wherein, the setup module is used to preset network element inside the UE international mobile equipment mark IMEI and EPC and connect
Enter the mapping relations list of mode;The extraction module is used for the IMEI for extracting the UE included in the access request;
The IMEI that the matching module is used for the UE extracted using the extraction module inquires about the mapping relations list, if
Match somebody with somebody, then access request is sent to network element inside the EPC by the process passage in EPC network elements.
Algorithm and display be not inherently related to any certain computer, virtual system or miscellaneous equipment provided herein.
Various general-purpose systems can also be used together with teaching based on this.As described above, required by constructing this kind of system
Structure be obvious.In addition, the present invention is not also directed to any certain programmed language.It should be understood that it can utilize various
Programming language realizes the content of invention described herein, and the description done above to language-specific is to disclose this hair
Bright preferred forms.
In the specification that this place provides, numerous specific details are set forth.It is to be appreciated, however, that the implementation of the present invention
Example can be put into practice in the case of these no details.In some instances, known method, structure is not been shown in detail
And technology, so as not to obscure the understanding of this description.
Similarly, it will be appreciated that in order to simplify the disclosure and help to understand one or more of each inventive aspect,
Above in the description to the exemplary embodiment of the present invention, each feature of the invention is grouped together into single implementation sometimes
In example, figure or descriptions thereof.However, the method for the disclosure should be construed to reflect following intention:I.e. required guarantor
The application claims of shield features more more than the feature being expressly recited in each claim.It is more precisely, such as following
Claims reflect as, inventive aspect is all features less than single embodiment disclosed above.Therefore,
Thus the claims for following embodiment are expressly incorporated in the embodiment, wherein each claim is in itself
Separate embodiments all as the present invention.
Those skilled in the art, which are appreciated that, to be carried out adaptively to the module in the equipment in embodiment
Change and they are arranged in one or more equipment different from the embodiment.Can be the module or list in embodiment
Member or component be combined into a module or unit or component, and can be divided into addition multiple submodule or subelement or
Sub-component.In addition at least some in such feature and/or process or unit exclude each other, it can use any
Combination is to this specification(Including adjoint claim, summary and accompanying drawing)Disclosed in all features and so disclosed appoint
Where all processes or unit of method or equipment are combined.Unless expressly stated otherwise, this specification(Including adjoint power
Profit requirement, summary and accompanying drawing)Disclosed in each feature can be by providing the alternative features of identical, equivalent or similar purpose come generation
Replace.
In addition, it will be appreciated by those of skill in the art that although some embodiments described herein include other embodiments
In included some features rather than further feature, but the combination of the feature of different embodiments means in of the invention
Within the scope of and form different embodiments.For example, in the following claims, embodiment claimed is appointed
One of meaning mode can use in any combination.
The all parts embodiment of the present invention can be realized with hardware, or to be run on one or more processor
Software module realize, or realized with combinations thereof.It will be understood by those of skill in the art that it can use in practice
Microprocessor or digital signal processor(DSP)To realize in the equipment of progress webpage loading according to embodiments of the present invention
The some or all functions of some or all parts.The present invention is also implemented as being used to perform method as described herein
Some or all equipment or program of device(For example, computer program and computer program product).Such reality
The program of the existing present invention can store on a computer-readable medium, or can have the form of one or more signal.
Such signal can be downloaded from internet website and obtained, and either be provided or in the form of any other on carrier signal
There is provided.
It should be noted that the present invention will be described rather than limits the invention for above-described embodiment, and ability
Field technique personnel can design alternative embodiment without departing from the scope of the appended claims.In the claims,
Any reference symbol between bracket should not be configured to limitations on claims.Word "comprising" does not exclude the presence of not
Element or step listed in the claims.Word "a" or "an" before element does not exclude the presence of multiple such
Element.The present invention can be by means of including the hardware of some different elements and being come by means of properly programmed computer real
It is existing.In if the unit claim of equipment for drying is listed, several in these devices can be by same hardware branch
To embody.The use of word first, second, and third does not indicate that any order.These words can be explained and run after fame
Claim.
Claims (11)
- A kind of 1. method for realizing user access control, it is characterised in that including:Receive the access request that user equipment (UE) is initiated;UE access requests are sent to network element inside the EPC by the process passage in evolved packet core EPC network elements;Wherein, Network element is portable virtual HSS modules inside the EPC;After the access response that network element feeds back inside the EPC is got, access response is fed back to the UE to initiate UE accesses Security control process;Wherein, also wrapped before the process passage by EPC network elements sends access request to network element inside the EPC Include:The mapping relations list of network element access way inside the default UE international mobile equipment mark IMEI and EPC;Extract the UE included in the access request IMEI;The mapping relations list is inquired about using the IMEI of the UE extracted, if it does, then passing through entering in EPC network elements Cheng Tongdao sends access request to network element inside the EPC.
- 2. the method as described in claim 1, it is characterised in that this method is also wrapped after the access request of UE initiations is received Include:Authentication information is sent by the process passage in the EPC network elements to network element inside the EPC to ask;The authentication information response of network element feedback inside the EPC is received, and authentication request is fed back to the UE, to obtain UE mirror Weigh information;The Authentication Response sent by receiving the UE obtains the authentication information of the UE.
- 3. method as claimed in claim 2, it is characterised in that this method also includes after the authentication information of the UE is obtained:User contracting data is sent to network element inside the EPC by the process passage in the EPC network elements and obtains request;Obtain the user contracting data for the UE that the EPC in-house networks member is found according to local data base.
- 4. the method as described in claim 1, it is characterised in that this method also includes:Receive the insertion user data requests that network element is sent inside the EPC;Configured information according to being included in the insertion user data requests operates corresponding to triggering the UE current states;Network element feedback insertion user data response inside the backward EPC is completed in the operation.
- 5. the method as described in claim 1, it is characterised in that this method also includes:Receive the deletion user data requests that network element is sent inside the EPC;Deletion action according to the deletion user data requests triggering to the UE data;After the deletion action success user data response is deleted to network element feedback inside the EPC.
- 6. the method as described in claim 1 to 5 any one, it is characterised in that:The access request is including at least one kind in UE attachment message, attachment removal message and location area updating message.
- A kind of 7. mobility management entity MME for realizing user access control, it is characterised in that including:Receiving unit, communication unit Member and feedback unit;Wherein,The receiving unit is used for the access request for receiving user equipment (UE) initiation;The communication unit is used to send to network element inside the EPC by the process passage in evolved packet core EPC network elements UE access requests;The feedback unit is used for after the access response that network element feeds back inside the EPC is got, and feeds back and accesses to the UE Respond to initiate the security control process of UE accesses;Wherein, the communication unit also includes:Setup module, extraction module and matching module;Wherein,The international mobile equipment mark IMEI and EPC inside network element access ways that the setup module is used to preset UE are reflected Penetrate relation list;The extraction module is used for the IMEI for extracting the UE included in the access request;The IMEI that the matching module is used for the UE extracted using the extraction module inquires about the mapping relations list, if Matching, then access request is sent to network element inside the EPC by the process passage in EPC network elements.
- 8. MME as claimed in claim 7, it is characterised in that the communication unit also includes:At authentication request module, authentication Manage module and authentication acquisition module;Wherein,The authentication request module is used to send authentication to network element inside the EPC by the process passage in the EPC network elements Information request;The authentication process module is used to receive the authentication information response of network element feedback inside the EPC, and is fed back to the UE Authentication request, to obtain UE authentication information;The Authentication Response that the authentication acquisition module is used to send by receiving the UE obtains the authentication information of the UE.
- 9. MME as claimed in claim 8, it is characterised in that the communication unit also includes:Data demand module and data obtain Modulus block;Wherein,The data demand module is used to send user to network element inside the EPC by the process passage in the EPC network elements Subscription data obtains request;The data acquisition module is used for the user for obtaining the UE that the EPC in-house networks member is found according to local data base Subscription data.
- 10. MME as claimed in claim 7, it is characterised in that the MME also includes:First receiving module, the first trigger module With the first feedback module;Wherein,First receiving module is used to receive the insertion user data requests that network element is sent inside EPC;Wrapped in the insertion user data requests that first trigger module is used to be received according to first receiving module The configured information contained is triggered and operated corresponding to the UE current states;First feedback module is used to feed back to network element inside the EPC after first trigger module completes corresponding operating Insert user data response.
- 11. MME as claimed in claim 7, it is characterised in that the MME also includes:Second receiving module, the second trigger module With the second feedback module;Wherein,Second receiving module is used to receive the deletion user data requests that network element is sent inside EPC;The deletion user data requests that second trigger module is used to be received according to second receiving module trigger To the deletion action of the UE data;Second feedback module is used to feed back to network element inside the EPC after second trigger module completes deletion action Delete user data response.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410043067.3A CN103826224B (en) | 2014-01-29 | 2014-01-29 | A kind of method and apparatus for realizing user access control |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410043067.3A CN103826224B (en) | 2014-01-29 | 2014-01-29 | A kind of method and apparatus for realizing user access control |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN103826224A CN103826224A (en) | 2014-05-28 |
| CN103826224B true CN103826224B (en) | 2017-11-14 |
Family
ID=50761003
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201410043067.3A Active CN103826224B (en) | 2014-01-29 | 2014-01-29 | A kind of method and apparatus for realizing user access control |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103826224B (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106856602B (en) * | 2015-12-09 | 2019-09-17 | 普天信息技术有限公司 | A kind of acquisition methods and system of user equipment information |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101115309A (en) * | 2007-08-23 | 2008-01-30 | 华为技术有限公司 | Access zone network, home zone network, access zone service use system, method and terminal |
| WO2008051458A2 (en) * | 2006-10-20 | 2008-05-02 | Interdigital Technology Corporation | Method and apparatus for self configuration of lte e-node bs |
| CN101374324A (en) * | 2007-08-23 | 2009-02-25 | 大唐移动通信设备有限公司 | Method, system and node equipment for implementing district switch by mobile terminal |
| WO2013017098A1 (en) * | 2011-08-03 | 2013-02-07 | 华为技术有限公司 | Method, device, and system for ue access to evolved packet core network |
| CN103249114A (en) * | 2013-04-03 | 2013-08-14 | 大唐移动通信设备有限公司 | Remote access method and system for group intranet |
-
2014
- 2014-01-29 CN CN201410043067.3A patent/CN103826224B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2008051458A2 (en) * | 2006-10-20 | 2008-05-02 | Interdigital Technology Corporation | Method and apparatus for self configuration of lte e-node bs |
| CN101115309A (en) * | 2007-08-23 | 2008-01-30 | 华为技术有限公司 | Access zone network, home zone network, access zone service use system, method and terminal |
| CN101374324A (en) * | 2007-08-23 | 2009-02-25 | 大唐移动通信设备有限公司 | Method, system and node equipment for implementing district switch by mobile terminal |
| WO2013017098A1 (en) * | 2011-08-03 | 2013-02-07 | 华为技术有限公司 | Method, device, and system for ue access to evolved packet core network |
| CN103249114A (en) * | 2013-04-03 | 2013-08-14 | 大唐移动通信设备有限公司 | Remote access method and system for group intranet |
Also Published As
| Publication number | Publication date |
|---|---|
| CN103826224A (en) | 2014-05-28 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN104618312B (en) | A kind of remote login methods, devices and systems of M2M application | |
| EP3944675A1 (en) | Network slice selection method and apparatus | |
| CN104602363B (en) | A kind of electronic equipment and its APN information update method | |
| CN104170416A (en) | Online subscription data configuration method, device, and system | |
| CN106060900A (en) | Method and apparatus for controlling access to network slicing, terminal small cell and SDN controller | |
| EP2421326B1 (en) | Method and apparatus for acquiring machine type communication device group identification | |
| EP2887761A1 (en) | Verification method for the verification of a Connection Request from a Roaming Mobile Entity | |
| CN104244227A (en) | Terminal access authentication method and device in internet of things system | |
| EP3554139B1 (en) | Access processing method, base station and mobile communication terminal | |
| CN104796922B (en) | The triggering management method and device of CSE, CSE, carrying network element | |
| CN108876689A (en) | Order processing method, apparatus, equipment and computer readable storage medium | |
| CN104883704B (en) | A kind of automatic error correction method and device of mobile terminal access point parameters | |
| CN109417702A (en) | Access control in communication network including piece | |
| CN106937363A (en) | A kind of method and device of accessing terminal to network | |
| CN108924818A (en) | Mobile subscriber identification method based on SIM card and equipment related parameters | |
| CN111083690A (en) | Method and device for reporting user plane functional entity information | |
| CN104144409B (en) | A kind of air card-writing method, system and home location register | |
| WO2021058305A1 (en) | Test method for verification of an rsp process and active test system providing such a test method | |
| CN104703293B (en) | A kind of LIPA/SIPTO establishment of connection method and apparatus | |
| CN109246160A (en) | Access method, apparatus, system and the equipment of Internet application | |
| JP2015503304A (en) | Access method, mobility management device, and user equipment | |
| CN103826224B (en) | A kind of method and apparatus for realizing user access control | |
| CN105101040A (en) | Resource creating method and device | |
| CN103188822B (en) | A kind of machine communication method and apparatus | |
| CN106921448B (en) | Method and device for testing satellite communication system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |