CN107295512B - Communication equipment and method for authenticating in process of switching from LTE (Long term evolution) to WLAN (Wireless local area network) - Google Patents

Communication equipment and method for authenticating in process of switching from LTE (Long term evolution) to WLAN (Wireless local area network) Download PDF

Info

Publication number
CN107295512B
CN107295512B CN201610200908.6A CN201610200908A CN107295512B CN 107295512 B CN107295512 B CN 107295512B CN 201610200908 A CN201610200908 A CN 201610200908A CN 107295512 B CN107295512 B CN 107295512B
Authority
CN
China
Prior art keywords
authentication
wlan network
network
wlan
identification information
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201610200908.6A
Other languages
Chinese (zh)
Other versions
CN107295512A (en
Inventor
范伟
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Spreadtrum Communications Shanghai Co Ltd
Original Assignee
Spreadtrum Communications Shanghai Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Spreadtrum Communications Shanghai Co Ltd filed Critical Spreadtrum Communications Shanghai Co Ltd
Priority to CN201610200908.6A priority Critical patent/CN107295512B/en
Publication of CN107295512A publication Critical patent/CN107295512A/en
Application granted granted Critical
Publication of CN107295512B publication Critical patent/CN107295512B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W36/00Hand-off or reselection arrangements
    • H04W36/14Reselecting a network or an air interface
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W84/00Network topologies
    • H04W84/02Hierarchically pre-organised networks, e.g. paging networks, cellular networks, WLAN [Wireless Local Area Network] or WLL [Wireless Local Loop]
    • H04W84/10Small scale networks; Flat hierarchical networks
    • H04W84/12WLAN [Wireless Local Area Networks]

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

A communication device and method of authentication in a handover procedure from LTE to WLAN, the method may comprise: when a connection request for representing a terminal to request to access an LTE network is received, if it is determined that an accessible WLAN network exists near the terminal, sending information for indicating to generate an authentication vector of the WLAN network to a Home Subscriber Server (HSS) through a Mobility Management Entity (MME); receiving, by the MME, identification information from the HSS suitable for the WLAN network authentication; and sending the identification information suitable for the WLAN network authentication to the terminal. By adopting the scheme, the time length of the authentication in the switching process from the LTE to the WLAN can be reduced, and the user experience is improved.

Description

Communication equipment and method for authenticating in process of switching from LTE (Long term evolution) to WLAN (Wireless local area network)
Technical Field
The present invention relates to the field of communications, and in particular, to a communication device and an authentication method in a handover process from LTE to WLAN.
Background
By virtue of unique advantages, Wireless Local Area Networks (WLANs) form good complementation with mobile Networks, and thus, the application of the WLAN in the mobile Networks is more and more extensive. From foreign operators to domestic operators, the intercommunication technology between the mobile network and the WLAN is continuously expanded and perfected, and the purpose is to rapidly and economically deploy the WLAN, so that under the condition of making minimum change on the existing network architecture, a user is attracted by a simple and practical technology, the current rapidly-increased mobile data service is shunted, the pressure that the resources of the mobile network are seriously insufficient in busy hours or busy areas is relieved, the network service quality is improved, and the user viscosity of the network is improved.
At present, a terminal (User Equipment, UE) first obtains authentication to access a Long Term Evolution (LTE) communication Network, then establishes a connection of one or more Public Data Networks (PDNs) through the LTE Network, and can switch to the WLAN Network after the UE finds a suitable WLAN Network. I.e. to handover some or all of the already established PDN connections in the LTE system to the WLAN network, the UE shall obtain authentication of the WLAN network before handover actually starts. And, the equipment parts used for authenticating the UE in the LTE network and the WLAN network are the same.
However, if the above method is used to perform handover from the LTE network to the WLAN network, the authentication time during the handover process is long, and the user experience is poor.
Disclosure of Invention
The invention solves the problem of how to reduce the time length of the authentication in the switching process from LTE to WLAN and improve the user experience.
In order to solve the above problem, an embodiment of the present invention provides a method for authenticating in a handover process from LTE to WLAN, where the method includes:
when a connection request for representing a terminal to request to access an LTE network is received, if it is determined that an accessible WLAN network exists near the terminal, sending information for indicating to generate an authentication vector of the WLAN network to an HSS through an MME;
receiving, by the MME, identification information from the HSS suitable for the WLAN network authentication;
and sending the identification information suitable for the WLAN network authentication to the terminal.
Optionally, when the sending, by the MME, information indicating generation of the authentication vector of the WLAN network to the HSS, the method further includes: indicating the type of the WLAN network.
Optionally, the type of WLAN network is a trusted or untrusted WLAN network.
Optionally, the identification information is fast re-authentication identification information.
The embodiment of the invention provides an authentication method in a process of switching from LTE to WLAN, which comprises the following steps:
when receiving the authentication vector of the WLAN network from the HSS, distributing identification information suitable for the WLAN network authentication for a terminal;
sending the identification information suitable for the WLAN network authentication to HSS;
and when the identification information which is suitable for the WLAN network authentication and is from the terminal is received, authenticating the terminal according to a quick authentication process.
The embodiment of the invention provides an authentication method in a process of switching from LTE to WLAN, which comprises the following steps:
generating an authentication vector of the WLAN network when generating the authentication vector of the LTE network when receiving information indicating generation of the authentication vectors of the LTE network and the WLAN network;
sending the authentication vector of the WLAN to an AAA server;
receiving identification information from the AAA server suitable for the WLAN network authentication;
and sending the identification information for WLAN network authentication to MME.
Optionally, the identification information suitable for performing the WLAN network authentication is fast re-authentication identification information.
The embodiment of the invention provides an authentication method in a process of switching from LTE to WLAN, which comprises the following steps:
when a connection request from a terminal for representing that the terminal requests to access an LTE network is received, judging whether information indicating that an authentication vector of the WLAN network is generated is received;
when the information indicating the generation of the authentication vector of the WLAN network is received, the information indicating the generation of the authentication vector of the WLAN network is sent to the HSS;
receiving identification information from the HSS for WLAN network authentication;
and sending the identification information for the WLAN network authentication to a base station.
An embodiment of the present invention provides a base station, where the base station includes: the first receiving unit is suitable for receiving a connection request for representing that the terminal requests to access the LTE network;
the first sending unit is suitable for sending information indicating to generate an authentication vector of a WLAN network to a Home Subscriber Server (HSS) through a Mobility Management Entity (MME) if the fact that the WLAN network which can be accessed exists near a terminal is determined when the first receiving unit receives a connection request for representing that the terminal requests to access an LTE network;
a second receiving unit adapted to receive, by the MME, identification information adapted to perform the WLAN network authentication from the HSS;
and the second sending unit is suitable for sending the identification information suitable for the WLAN network authentication to the terminal.
Optionally, the first sending unit is further adapted to indicate the type of the WLAN network when the information indicating that the authentication vector of the WLAN network is generated is sent to the HSS by the MME.
Optionally, the type of WLAN network is a trusted or untrusted WLAN network.
Optionally, the identification information is fast re-authentication identification information.
The embodiment of the invention provides an AAA server, which comprises:
the distribution unit is used for distributing identification information suitable for WLAN network authentication for the terminal when the authentication vector of the WLAN network is received from the HSS;
a third sending unit, adapted to send the identification information adapted to perform the WLAN network authentication to the HSS;
and the authentication unit is suitable for authenticating the terminal according to a quick authentication process when the identification information which is from the terminal and is suitable for the WLAN network authentication is received.
The embodiment of the invention provides an HSS, which comprises:
a third receiving unit adapted to receive information indicating generation of authentication vectors of the LTE network and the WLAN network;
an authentication vector generation unit adapted to generate an authentication vector of the WLAN network when generating an authentication vector of the LTE network when the third reception unit receives information indicating generation of authentication vectors of the LTE network and the WLAN network;
a fourth sending unit, adapted to send the authentication vector of the WLAN network to an AAA server;
a fourth receiving unit, adapted to receive the identification information adapted to perform the WLAN network authentication from the AAA server;
a fifth sending unit, adapted to send the identification information for performing the WLAN network authentication to an MME.
Optionally, the identification information suitable for performing the WLAN network authentication is fast re-authentication identification information.
An embodiment of the present invention provides an MME, where the MME includes:
a fifth receiving unit, adapted to receive a connection request from a terminal, indicating that the terminal requests to access an LTE network;
a judging unit adapted to judge whether information indicating generation of an authentication vector of the WLAN network is received when the fifth receiving unit receives the connection request;
a sixth sending unit, adapted to send, to the HSS, information indicating generation of the authentication vector of the WLAN network when the determining unit determines that the information indicating generation of the authentication vector of the WLAN network is received;
a sixth receiving unit, adapted to receive the identification information for performing the WLAN network authentication from the HSS;
and the seventh sending unit is suitable for sending the identification information for the WLAN network authentication to a base station.
Compared with the prior art, the technical scheme of the invention has the following advantages:
because the LTE network and the WLAN network need the participation of the HSS when authenticating the UE, namely signaling interaction between the terminal and the HSS is needed, when a base station receives a connection request for representing that the terminal requests to access the LTE network, if the WLAN network which can be accessed is determined to exist near the terminal, information for indicating to generate an authentication vector of the WLAN network is sent to the HSS through the MME, and further identification information suitable for the authentication of the WLAN network is generated through the HSS and the AAA server and is sent to the user equipment through the base station, so that the user equipment can directly send the identification information to the AAA server when the LTE is switched to the WLAN network, and the AAA server can authenticate the terminal according to a quick authentication process. When an LTE access request from a terminal is received, the terminal and the HSS need to interact, and the authentication message of the WLAN network is generated when the terminal accesses the LTE network, so that the interaction between the terminal and the HSS again can be avoided when the authentication process is carried out on the terminal by the WLAN network, the time spent by user equipment in accessing authentication can be saved, the switching speed from LTE to WLAN can be increased, and the use experience of a user can be improved.
On one hand, the identification information suitable for the WLAN network authentication is distributed to the terminal, and when the identification information suitable for the WLAN network authentication from the terminal is received, the terminal can be authenticated according to a quick authentication process, so that the processing resource of the AAA server can be saved, and the communication speed can be improved.
On the other hand, when the information indicating that the authentication vectors of the LTE network and the WLAN network are generated is received, the authentication vector of the WLAN network is generated when the authentication vector of the LTE network is generated, and further the identification information suitable for the authentication of the WLAN network is obtained through the interaction with the AAA server, so that the terminal can omit the signaling interaction with the terminal when the WLAN network is switched from the LTE network in the subsequent process, the processing resource of the HSS is saved, and the whole communication speed is improved.
On the other hand, when a connection request for representing that a terminal requests to access an LTE network is received and information indicating that authentication vectors of the LTE network and the WLAN network are generated is received, the information indicating that the authentication vectors of the LTE network and the WLAN network are generated is sent to an HSS, identification information used for performing authentication of the WLAN network from the HSS can be received, and then the identification information is sent to the terminal through a base station, so that signaling interaction with the HSS is omitted when the WLAN network is switched from the LTE network subsequently, processing resources of the base station are saved, and the speed of the whole communication is improved.
Drawings
Fig. 1 is a schematic diagram of a core network architecture according to an embodiment of the present invention;
fig. 2 is a flowchart illustrating an authentication method in a handover process from LTE to WLAN according to an embodiment of the present invention;
fig. 3 is a flowchart illustrating an authentication method in a handover process from LTE to WLAN according to an embodiment of the present invention;
fig. 4 is a flowchart illustrating an authentication method in a handover process from LTE to WLAN according to an embodiment of the present invention;
fig. 5 is a flowchart illustrating an authentication method in a handover process from LTE to WLAN according to an embodiment of the present invention;
fig. 6 is a flowchart illustrating an authentication method in a handover process from LTE to WLAN according to an embodiment of the present invention;
fig. 7 is a schematic structural diagram of a base station according to an embodiment of the present invention;
FIG. 8 is a schematic structural diagram of an AAA server according to an embodiment of the invention;
FIG. 9 is a diagram illustrating an HSS according to an embodiment of the present invention;
fig. 10 is a schematic structural diagram of an MME according to an embodiment of the present invention.
Detailed Description
By virtue of unique advantages, Wireless Local Area Networks (WLANs) form good complementation with mobile Networks, and thus, the application of the WLAN in the mobile Networks is more and more extensive. From foreign operators to domestic operators, the intercommunication technology between the mobile network and the WLAN is continuously expanded and perfected, and the purpose is to rapidly and economically deploy the WLAN, so that under the condition of making minimum change on the existing network architecture, a user is attracted by a simple and practical technology, the current rapidly-increased mobile data service is shunted, the pressure that the resources of the mobile network are seriously insufficient in busy hours or busy areas is relieved, the network service quality is improved, and the user viscosity of the network is improved.
At present, a terminal (User Equipment, UE) first obtains authentication to access a Long Term Evolution (LTE) communication Network, then establishes a connection of one or more Public Data Networks (PDNs) through the LTE Network, and may start switching after the UE finds a suitable WLAN Network. I.e. to handover some or all of the already established PDN connections in the LTE system to the WLAN network, the UE shall obtain authentication of the WLAN network before handover actually starts.
The Authentication process of accessing The WLAN Network specifically includes many steps, for example, it may involve multiple interactions between The UE and The HSS, after The HSS obtains The identification information of The UE, The HSS may run an AKA algorithm to generate parameters such as AUTN, and then send The parameters to The UE through The Network so that The UE performs Authentication on The Network, The Network may send other parameters such as an information Authentication Code (MAC) to The UE, The UE may run The AKA algorithm to generate AUTN, and if The AUTN generated by The UE itself is consistent with The AUTN sent by The HSS to The UE, The UE may verify that The Network (authetite The Network) is reliable.
Meanwhile, the UE needs to check the received MAC and generate a new MAC, which is sent to an Authentication, Authorization, and Accounting (AAA) Server in the network, and the AAA Server needs to verify the received MAC and other parameters, and if the verification is passed, the Authentication is completed. The UE and WLAN communication will use Keying material (Keying materials) generated during the authentication process.
And, some devices used for authenticating the UE in the LTE network and the WLAN network are the same. Specifically, refer to fig. 1, where a non-3GPP IP interface (non-3GPP IP Access) refers to a WLAN, an SWx interface is disposed between an HSS and an AAA Server, and an S6a interface is provided with an MME in LTE, and Home Subscriber Servers (HSS) in devices that authenticate UEs are the same. It is understood that the specific definition of the interface described above may refer to TS24.302, which is not described herein.
However, if the above method is used to perform handover from the LTE network to the WLAN network, the authentication time during the handover process is long, and the user experience is poor.
In order to solve the above problems, embodiments of the present invention provide an authentication method in the LTE to WLAN handover process, where the LTE network and the WLAN network both need to participate in an HSS when authenticating the UE, that is, signaling interaction between the terminal and the HSS is needed, so when a base station receives a connection request characterizing that the terminal requests to access the LTE network, if it is determined that an accessible WLAN network exists near the terminal, an MME sends, to the HSS, information indicating that an authentication vector of the WLAN network is generated, and further, through the HSS and an AAA server, identification information suitable for performing authentication of the WLAN network is generated and sent to a user equipment through the base station, so that the user equipment can directly send the identification information to an AAA server when the LTE is handed over to the WLAN network, so that the AAA server can authenticate the terminal according to a fast authentication procedure, and when receiving an LTE access request from the terminal, the terminal and the HSS need to interact, and the authentication message of the WLAN network is generated when the terminal accesses the LTE network, so that the re-interaction between the terminal and the HSS can be avoided when the authentication process is performed on the terminal by the WLAN network, the time consumed by the user equipment for accessing the authentication can be saved, the switching speed from the LTE network to the WLAN network can be increased, and the use experience of the user can be improved.
In order to make the aforementioned objects, features and advantages of the present invention comprehensible, embodiments accompanied with figures are described in detail below.
In order to enable those skilled in the art to better understand and implement the present invention, the following illustrates a method for authenticating in a process of switching from LTE to WLAN in an embodiment of the present invention, as shown in fig. 2, the method may include:
s21: when receiving a connection request for requesting access to an LTE network, which characterizes a terminal, a base station in LTE sends, if it is determined that an accessible WLAN network exists near the terminal, information indicating generation of an authentication vector of the WLAN network to an HSS through a Mobility Management Entity (MME).
S22: receiving, by the MME from the HSS, identification information suitable for performing the WLAN network authentication.
S23: and sending the identification information suitable for the WLAN network authentication to the terminal.
In a specific implementation, when the information indicating generation of the authentication vector of the WLAN network is sent to the HSS by the mobility management entity MME, the method further includes: indicating the type of the WLAN network.
In particular implementations, the types of WLAN networks may be classified as trusted or untrusted WLAN networks.
In order to make those skilled in the art better understand and implement the present invention, the following illustrates a method for authenticating in a handover process from LTE to WLAN in an embodiment of the present invention, as shown in fig. 3, where the method may include:
s31: when receiving the authentication vector of the WLAN network from the HSS, allocating identification information suitable for the WLAN network authentication to the terminal.
In a specific implementation, when receiving the authentication vector of the WLAN network from the HSS, the AAA server may allocate, to the terminal, identification information suitable for performing authentication of the WLAN network.
S32: and sending the identification information suitable for the WLAN network authentication to the HSS.
In a specific implementation, the identification information suitable for the WLAN network authentication may be transferred through the HSS and finally sent to the terminal, so that the terminal may determine to perform fast authentication when switching from the LTE network to the WLAN network.
S33: and when the identification information which is suitable for the WLAN network authentication and is from the terminal is received, authenticating the terminal according to a quick authentication process.
In a specific implementation, since the identification information is already generated by the AAA server when the terminal accesses the LTE network, when the identification information suitable for performing the WLAN network authentication is received from the terminal, the terminal may be authenticated according to a fast authentication procedure.
In order to make those skilled in the art better understand and implement the present invention, the following illustrates a method for authenticating in a handover process from an LTE network to a WLAN network in an embodiment of the present invention, as shown in fig. 4, the method may include the following steps:
s41: when information indicating that authentication vectors of the LTE network and the WLAN network are generated is received, the authentication vector of the WLAN network is generated when the authentication vector of the LTE network is generated.
S42: and sending the authentication vector of the WLAN network to an AAA server.
S43: receiving identification information from the AAA server suitable for the WLAN network authentication.
S44: and sending the identification information for WLAN network authentication to MME.
In a specific implementation, the identification information suitable for performing the WLAN network authentication is fast re-authentication identification information.
In order to enable those skilled in the art to better understand and implement the present invention, the following illustrates a method for authenticating in a handover process from LTE to WLAN in an embodiment of the present invention, as shown in fig. 5, where the method may include:
s51: and when receiving a connection request from a terminal for representing that the terminal requests to access the LTE network, judging whether information indicating that an authentication vector of the WLAN network is generated is received.
S52: and when the information indicating the generation of the authentication vector of the WLAN network is received, sending the information indicating the generation of the authentication vector of the WLAN network to the HSS.
S53: and receiving identification information used for the WLAN network authentication from the HSS.
S54: and sending the identification information for the WLAN network authentication to a base station.
In the following, referring to fig. 6, a method for authenticating in a handover process from an LTE network to a WLAN network in an embodiment of the present invention will be further described in detail, where an apparatus for participating in authentication in the network handover process includes: UE61, base station 62, mobility management entity MME63, serving gateway 64, PDN network 65, Policy and Charging Rules Function 66 (PCRF), HSS67, and AAA server 68, the method may be divided into the following steps:
s601: the UE61 sends a connection request to the base station 62 that characterizes the UE61 to request Access to the LTE network and sends Non-Access Stratum signaling (NAS) during the connection setup.
In a specific implementation, when the UE61 accesses the LTE network, it needs to establish an RRC connection with the base station 62 and send non-access stratum signaling (Service request) to the base station 62 through NAS signaling.
S602: the base station 62 determines whether there is an accessible WLAN network in the vicinity of the UE 61.
In particular implementations, when the UE61 accesses the network of LTE, the base station 62 may know whether WLAN networks exist near the UE61 according to the network topology and measurement reports of the UE61, and the base station 62 may also know whether these WLAN networks are trusted WLANs or untrusted WLANs. The base station 62 may send parameters of the handover decision (such as Received Signal Strength Indication (RSSI) of Beacon frame on the WLAN side, parameters of the Backhaul Rate (Backhaul Rate), and the threshold of the signal strength of the serving cell) to the UE61, so that the UE61 decides whether to handover from LTE to WLAN or handover traffic from WLAN to LTE according to the parameters.
When the base station 62 determines that there is an accessible WLAN network in the vicinity of the UE61, S603 and S604 may be performed simultaneously; otherwise, S603 may be simply performed, and after the completion of the S603, S604 is skipped, and then S605-S613 are performed, and the authentication action involving the WLAN side in the step is omitted.
S603: the base station 62 sends a service request and an indication of the UE61 to the MME63 to perform authentication on the LTE side.
In a specific implementation, when the base station 62 receives the request information for accessing the LTE network from the UE61, the service request of the UE61 may be sent to the MME63, so that the network side equipment assists in establishing the connection of the PDN and instructs the LTE side to perform authentication of the UE 61. In this step, the authentication of the LTE side may not be performed, and the authentication of the LTE side needs to be performed by default.
S604: the base station 62 indicates to the MME63 to perform authentication on the WLAN side.
In a particular implementation, the base station 62 may indicate to the MME63 that authentication on the WLAN side is performed and indicate to the MME63 the type of WLAN side on which authentication is performed.
In particular implementations, the type of WLAN network may be a trusted or untrusted WLAN.
S605: the MME63 indicates to the HSS67 that the UE61 is authenticated on the LTE and WLAN sides.
In a specific implementation, if the MME63 parses the identity of the UE61 from the service request of the UE61 after receiving the service request of the UE61, and then the MME63 may perform authentication of the UE61 by interacting with the HSS67, send the identity of the UE61 and a signaling request to the HSS67 to request the authentication vector of the UE61, and indicate whether the WLAN side is an authentication of a trusted WLAN or an untrusted WLAN. In this process, the MME63 and the UE61 need to mutually authenticate each other's security.
It should be noted that, because the HSS67 devices involved in the LTE authentication process by the LTE network and the WLAN network are the same, and the UE61 determines to access the LTE network, the network side needs to complete the authentication of the LTE network on the UE61, that is, the step of authenticating the UE61 by the LTE side is indispensable, and the base station 62 performs the authentication of the LTE and WLAN sides at the same time by instructing, so that in the LTE and WLAN authentication process, interaction between the UE61 and the HSS67, which is needed again when the WLAN authenticates the UE61, is avoided, and only one interaction needed by the authentication between the UE61 and the HSS67 is involved, so that the duration of the subsequent UE61 in the process of switching from the LTE network to the WLAN network can be reduced, and the efficiency of network switching can be improved.
S606: the HSS67 generates authentication vectors for the LTE and WLAN sides to authenticate the UE 61.
In the implementation, the HSS67 may generate the authentication vector for the LTE and WLAN sides to authenticate the UE61, and as described above, in the process of instructing the HSS67 to generate the authentication vector, many interactions between the UE61 and the HSS67 are required, and through this step, fewer interactions may be performed, so that the communication efficiency is improved.
S607: the HSS67 sends the authentication vector on the WLAN side to the AAA server 68.
In a particular implementation, the HSS67 may send the authentication vector for the WLAN side to the AAA server.
S608: the AAA server allocates Fast re-authentication identification information (Fast re-authentication) to the UE61 and sends it to the HSS 67.
In a specific implementation, the AAA server may allocate Fast re-authentication identification information for the UE61 and send the Fast re-authentication identification information to the HSS67, and the HSS67 and the AAA server may be different logical network elements located in the same network entity, so that interaction between the HSS67 and the AAA server may be performed within the same network entity.
S609: the HSS67 sends the authentication vector of the LTE side and the fast re-authentication identity to the MME 63.
In a specific implementation, the HSS67 may carry a Fast re-authentication identity (Fast re-authentication) for WLAN side authentication when returning an authentication vector to the MME 63.
S610: MME63 generates keys for UE61 to access the non-access stratum as well as the access stratum of the LTE network.
In a specific implementation, after receiving the authentication vector of the UE61 by the LTE, the MME63 may generate a key for the UE61 to access the non-access stratum and a key for the access stratum of the LTE network, and perform authentication of the UE61 by the LTE side.
In a specific implementation, if the authentication is passed, the MME63 may send an initial context establishment request to the base station 62, where the initial context establishment request includes parameters that require bearer establishment, and then the base station 62 interacts with the UE61 and establishes a data radio bearer, and then after the radio bearer is successfully established, the UE61 may send uplink data, and the base station 62 sends an initial context establishment response to the MME63 and optimizes the bearer request. The mobility management entity MME63 may then send a optimized Bearer Request (Modify Bearer Request) to the serving gateway 64, and the serving gateway 64 may then send the Modify Bearer Request to the PDN gateway. In this process, the MME63 may notify the gateway of the relevant parameters (e.g., IP address, etc.) for downlink data transmission of the bearer, so that the gateway can send the downlink data of the bearer to the IP address specified by the base station 62, thereby completing the access of the UE61 to the LTE network.
S611: MME63 sends a Fast re-authentication identification to base station 62.
It should be noted that, in the specific implementation, S610 and S611 do not have the execution sequence, and may be executed in parallel.
S612: the base station 62 sends a Fast re-authentication identification to the UE 61.
In particular implementations, the base station 62 may send Fast re-authentication identification to the UE61 via RRC signaling.
S613: the UE61 determines whether to switch from the LTE network to the WLAN network.
When the UE61 determines to switch from the LTE network to the WLAN network, S614 may be performed, and conversely, S613 may be performed.
S614: the UE61 sends the Fast re-authentication identification to the AAA server 68.
S615: the AAA server 68 performs a fast authentication procedure for the UE 61.
In a specific implementation, when the AAA server 68 receives the Fast re-authentication identifier from the UE61, a Fast authentication procedure may be performed on the UE61, so that the authentication of the UE61 on the WLAN side is performed quickly, and the handover to the WLAN is accelerated. In this way, the duration of the network handover may be reduced since the authentication process does not require the HSS67 to participate in generating the authentication vector, i.e., interaction between the UE61 and the HSS67 and the AAA server 68 is reduced.
To sum up, since the LTE network and the WLAN network both need to participate in the HSS when authenticating the UE, that is, signaling interaction between the terminal and the HSS is needed, when the base station receives a connection request for characterizing that the terminal requests to access the LTE network, if it is determined that an accessible WLAN network exists near the terminal, the MME sends, to the HSS, information indicating that an authentication vector of the WLAN network is generated, and further, the HSS and the AAA server generate, and send, to the user equipment through the base station, identification information suitable for performing authentication of the WLAN network, so that the user equipment can directly send, when switching from LTE to WLAN, the identification information to the AAA server, so that the AAA server can authenticate the terminal according to a fast authentication procedure, and since interaction between the terminal and the HSS is needed when receiving an LTE access request from the terminal, and the authentication message of the WLAN network is generated when the terminal accesses the LTE network, so that the interaction between the terminal and the HSS can be avoided when the authentication process is carried out on the terminal by the WLAN network, the time consumed by the user equipment for accessing the authentication can be saved, the switching speed from the LTE network to the WLAN network can be increased, and the use experience of the user can be improved.
To enable those skilled in the art to better understand and implement the present invention, the following provides a communication device that can implement the above method for authentication in the handover procedure from LTE to WLAN, and the communication device may include: terminal, AAA server, base station, HSS and MME.
Referring to fig. 7, the base station may include: a first receiving unit 71, a first transmitting unit 72, a second receiving unit 73, and a second transmitting unit 74, wherein:
the first receiving unit 71 is adapted to receive a connection request for representing that a terminal requests to access an LTE network;
the first sending unit 72 is adapted to, when the first receiving unit 71 receives the connection request, send, by a mobility management entity MME, information indicating that an authentication vector of the WLAN network is generated to an HSS if it is determined that an accessible WLAN network exists in the vicinity of the terminal;
the second receiving unit 73 is adapted to receive, by the MME, from the HSS, identification information adapted to perform the WLAN network authentication;
the second sending unit 74 is adapted to send the identification information adapted to perform the WLAN network authentication to the terminal.
In a specific implementation, the first sending unit 72 is further adapted to indicate the type of the WLAN network when the information indicating that the authentication vector of the WLAN network is generated is sent to the HSS by the mobility management entity MME.
In a specific implementation, the type of WLAN network is a trusted or untrusted WLAN network.
In a specific implementation, the identification information is fast re-authentication identification information.
Referring to fig. 8, the AAA server may include: a distribution unit 81, a third sending unit 82 and an authentication unit 83, wherein:
the allocating unit 81 is adapted to allocate, when receiving the authentication vector of the WLAN network from the HSS, identification information adapted to perform authentication of the WLAN network to the terminal;
the third sending unit 82 is adapted to send the identification information adapted to perform the WLAN network authentication to the HSS;
the authentication unit 83 is adapted to authenticate the terminal according to a fast authentication procedure when receiving the identification information suitable for performing the WLAN network authentication from the terminal.
Referring to fig. 9, the HSS may include: a third receiving unit 91, an authentication vector generating unit 92, a fourth transmitting unit 93, a fourth receiving unit 94, and a fifth transmitting unit 95, wherein:
the third receiving unit 91 is adapted to receive information indicating generation of authentication vectors of the LTE network and the WLAN network;
the authentication vector generating unit 92 is adapted to generate an authentication vector of the WLAN network when generating an authentication vector of the LTE network when the third receiving unit 91 receives information indicating that authentication vectors of the LTE network and the WLAN network are generated;
the fourth sending unit 93 is adapted to send the authentication vector of the WLAN network to an AAA server;
the fourth receiving unit 94 is adapted to receive the identification information adapted to perform the WLAN network authentication from the AAA server;
the fifth sending unit 95 is adapted to send the identification information for performing the WLAN network authentication to an MME.
In a specific implementation, the identification information suitable for performing the WLAN network authentication is fast re-authentication identification information.
Referring to fig. 10, the MME may include: fifth receiving section 101, determining section 102, sixth transmitting section 103, sixth receiving section 104, and seventh transmitting section 105, wherein:
the fifth receiving unit 101 is adapted to receive a connection request from a terminal, where the connection request indicates that the terminal requests to access an LTE network;
the judging unit 102 is adapted to judge whether information indicating generation of an authentication vector of the WLAN network is received when the fifth receiving unit 101 receives the connection request;
the sixth sending unit 103 is adapted to send, to the HSS, information indicating that the authentication vector of the WLAN network is generated when the judging unit 102 determines that the information indicating that the authentication vector of the WLAN network is generated is received;
the sixth receiving unit 104 is adapted to receive the identification information from the HSS for performing the WLAN network authentication;
the seventh sending unit 105 is adapted to send the identification information for performing the WLAN network authentication to a base station.
Those skilled in the art will appreciate that all or part of the steps in the methods of the above embodiments may be implemented by hardware related to instructions of a program, which may be stored in a computer-readable storage medium, and the storage medium may include: ROM, RAM, magnetic or optical disks, and the like.
Although the present invention is disclosed above, the present invention is not limited thereto. Various changes and modifications may be effected therein by one skilled in the art without departing from the spirit and scope of the invention as defined in the appended claims.

Claims (16)

1. A method for authenticating in a handover process from LTE to WLAN, comprising:
when a connection request for representing a terminal to request to access an LTE network is received, if it is determined that an accessible WLAN network exists near the terminal, sending information for indicating to generate an authentication vector of the WLAN network to an HSS through an MME; the method comprises the steps that when information indicating that an authentication vector of the WLAN network is generated is sent to an HSS through an MME, the information indicating that the authentication vector of the LTE network is generated is sent to the HSS through the MME;
receiving, by the MME, identification information from the HSS suitable for the WLAN network authentication; the identification information suitable for the WLAN network authentication is generated by an AAA server and is sent to the HSS by the AAA server; when the HSS receives information indicating that the authentication vector of the WLAN network is generated, the authentication vector of the WLAN network is generated and sent to the AAA server, and the AAA server generates the identification information suitable for the authentication of the WLAN network according to the authentication vector of the WLAN network;
sending the identification information suitable for the WLAN network authentication to the terminal; and when the terminal determines that the LTE network is switched to the WLAN network, the terminal sends the identification information suitable for the WLAN network authentication to the AAA server, so that the AAA server authenticates the terminal according to a quick authentication process.
2. The method of authentication in a handover procedure from LTE to WLAN according to claim 1, wherein when sending information indicating generation of authentication vector for WLAN network to HSS by MME, further comprising: indicating the type of the WLAN network.
3. The method of authentication in a handover procedure from LTE to WLAN according to claim 1, wherein the type of WLAN network is a trusted or untrusted WLAN network.
4. The method for authentication in the handover procedure from LTE to WLAN according to claim 1, wherein the identification information adapted to perform the WLAN network authentication is fast re-authentication identification information.
5. A method for authenticating in a handover process from LTE to WLAN, comprising:
when receiving the authentication vector of the WLAN network from the HSS, distributing identification information suitable for WLAN network authentication for the terminal; the authentication vector of the WLAN network is generated when the HSS receives the information indicating the generation of the authentication vector of the WLAN network, and the HSS also receives the information indicating the generation of the authentication vector of the WLAN network when the HSS receives the information indicating the generation of the authentication vector of the LTE network; the information of the authentication vector of the WLAN network is sent by the base station to the HSS through the MME, and is generated by the base station when detecting the following conditions: receiving a connection request for representing a terminal to request to access an LTE network, and determining that an accessible WLAN network exists near the terminal;
sending the identification information suitable for the WLAN network authentication to HSS;
and when the identification information which is suitable for the WLAN network authentication and is from the terminal is received, authenticating the terminal according to a quick authentication process.
6. A method for authenticating in a handover process from LTE to WLAN, comprising:
when information indicating that authentication vectors of an LTE network and a WLAN network are generated is received, generating an authentication vector of the WLAN network when the authentication vector of the LTE network is generated; the information indicating generation of the authentication vector of the WLAN network is sent by a base station through an MME and is generated by the base station when the following conditions are satisfied: receiving a connection request for representing a terminal to request to access an LTE network, and determining that an accessible WLAN network exists near the terminal;
sending the authentication vector of the WLAN to an AAA server;
receiving identification information from an AAA server suitable for the WLAN network authentication;
sending the identification information suitable for the WLAN network authentication to MME; enabling the base station to receive the identification information suitable for the WLAN network authentication from the HSS through the MME and sending the identification information suitable for the WLAN network authentication to the terminal; and when the terminal determines that the LTE network is switched to the WLAN network, the terminal sends the identification information suitable for the WLAN network authentication to the AAA server, so that the AAA server authenticates the terminal according to a quick authentication process.
7. The method of authentication in the handover procedure from LTE to WLAN according to claim 6, wherein the identification information adapted to perform the WLAN network authentication is fast re-authentication identification information.
8. A method for authenticating in a handover process from LTE to WLAN, comprising:
when a connection request from a terminal for representing that the terminal requests to access an LTE network is received, judging whether information indicating that an authentication vector of a WLAN network is generated is received;
when the information indicating the generation of the authentication vector of the WLAN network is received, the information indicating the generation of the authentication vector of the WLAN network and the information indicating the generation of the authentication vector of the LTE network are sent to the HSS; the information indicating generation of an authentication vector of the WLAN network is generated when the base station determines that an accessible WLAN network exists in the vicinity of the terminal;
receiving identification information from the HSS for WLAN network authentication; the identification information for WLAN network authentication is generated by an AAA server and is sent to the HSS by the AAA server; when the HSS receives information indicating that an authentication vector of a WLAN network is generated, the authentication vector of the WLAN network is generated and sent to the AAA server, and the AAA server generates the identification information for carrying out the authentication of the WLAN network according to the authentication vector of the WLAN network;
sending the identification information for performing the WLAN network authentication to the base station, and sending the identification information for performing the WLAN network authentication to the terminal by the base station; and when the terminal determines that the LTE network is switched to the WLAN network, the terminal sends the identification information for WLAN network authentication to the AAA server, so that the AAA server authenticates the terminal according to a quick authentication process.
9. A base station, comprising:
the first receiving unit is suitable for receiving a connection request for representing that the terminal requests to access the LTE network;
the first sending unit is suitable for sending information indicating to generate an authentication vector of a WLAN network to a Home Subscriber Server (HSS) through a Mobility Management Entity (MME) if the fact that the WLAN network which can be accessed exists near a terminal is determined when the first receiving unit receives a connection request for representing that the terminal requests to access an LTE network; the method comprises the steps that when information indicating that an authentication vector of the WLAN network is generated is sent to an HSS through an MME, the information indicating that the authentication vector of the LTE network is generated is sent to the HSS through the MME;
a second receiving unit adapted to receive, by the MME, identification information adapted to perform the WLAN network authentication from the HSS; the identification information suitable for the WLAN network authentication is generated by an AAA server and is sent to the HSS by the AAA server; when the HSS receives information indicating that the authentication vector of the WLAN network is generated, the authentication vector of the WLAN network is generated and sent to the AAA server, and the AAA server generates the identification information suitable for the authentication of the WLAN network according to the authentication vector of the WLAN network;
a second sending unit, adapted to send the identification information adapted to perform the WLAN network authentication to the terminal; when the terminal determines that the LTE network is switched to the WLAN network, the terminal sends the identification information of the WLAN network authentication to the AAA server, so that the AAA server authenticates the terminal according to a quick authentication process.
10. The base station of claim 9, wherein the first sending unit is further adapted to indicate the type of the WLAN network when the information indicating that the authentication vector of the WLAN network is generated is sent to the HSS by the MME.
11. The base station of claim 10, wherein the type of WLAN network is a trusted or untrusted WLAN network.
12. The base station of claim 9, wherein the identification information adapted to perform the WLAN network authentication is fast re-authentication identification information.
13. An AAA server, comprising:
the distribution unit is used for distributing identification information suitable for WLAN network authentication for the terminal when the authentication vector of the WLAN network is received from the HSS; the authentication vector of the WLAN network is generated when the HSS receives the information indicating the generation of the authentication vector of the WLAN network, and the HSS also receives the information indicating the generation of the authentication vector of the WLAN network when the HSS receives the information indicating the generation of the authentication vector of the LTE network; the information of the authentication vector of the WLAN network is sent by the base station to the HSS through the MME, and is generated by the base station when detecting the following conditions: receiving a connection request for representing a terminal to request to access an LTE network, and determining that an accessible WLAN network exists near the terminal;
a third sending unit, adapted to send the identification information adapted to perform the WLAN network authentication to the HSS;
and the authentication unit is suitable for authenticating the terminal according to a quick authentication process when the identification information which is from the terminal and is suitable for the WLAN network authentication is received.
14. An HSS, comprising:
a third receiving unit adapted to receive information indicating generation of authentication vectors of the LTE network and the WLAN network; the information indicating generation of the authentication vector of the WLAN network is sent by a base station through an MME and is generated by the base station when the following conditions are satisfied: receiving a connection request for representing a terminal to request to access an LTE network, and determining that an accessible WLAN network exists near the terminal;
an authentication vector generation unit adapted to generate an authentication vector of the WLAN network when generating an authentication vector of the LTE network when the third reception unit receives information indicating generation of authentication vectors of the LTE network and the WLAN network;
a fourth sending unit, adapted to send the authentication vector of the WLAN network to an AAA server;
a fourth receiving unit, adapted to receive the identification information adapted to perform the WLAN network authentication from the AAA server;
a fifth sending unit, adapted to send the identification information adapted to perform the WLAN network authentication to an MME; enabling the base station to receive the identification information suitable for the WLAN network authentication from the HSS through the MME and sending the identification information suitable for the WLAN network authentication to the terminal; and when the terminal determines that the LTE network is switched to the WLAN network, the terminal sends the identification information suitable for the WLAN network authentication to the AAA server, so that the AAA server authenticates the terminal according to a quick authentication process.
15. The HSS of claim 14, wherein the identification information adapted to perform the WLAN network authentication is a fast re-authentication identification information.
16. An MME, comprising:
a fifth receiving unit, adapted to receive a connection request from a terminal, indicating that the terminal requests to access an LTE network;
a judging unit adapted to judge whether information indicating generation of an authentication vector of the WLAN network is received when the fifth receiving unit receives the connection request;
a sixth sending unit, adapted to send, to the HSS, information indicating generation of an authentication vector of the WLAN network and information indicating generation of an authentication vector of the LTE network when the determining unit determines that the information indicating generation of an authentication vector of the WLAN network is received; the information indicating generation of an authentication vector of the WLAN network is generated when the base station determines that an accessible WLAN network exists in the vicinity of the terminal;
a sixth receiving unit, adapted to receive the identification information for performing the WLAN network authentication from the HSS; the identification information for WLAN network authentication is generated by an AAA server and is sent to the HSS by the AAA server; when the HSS receives information indicating to generate an authentication vector of the WLAN network, the HSS generates the authentication vector of the WLAN network and sends the authentication vector to the AAA server, and the AAA server generates identification information of the authentication of the WLAN network according to the authentication vector for the WLAN network;
a seventh sending unit, adapted to send the identification information for performing the WLAN network authentication to the base station, and send the identification information for performing the WLAN network authentication to the terminal by the base station; and when the terminal determines that the LTE network is switched to the WLAN network, the terminal sends the identification information for WLAN network authentication to the AAA server, so that the AAA server authenticates the terminal according to a quick authentication process.
CN201610200908.6A 2016-03-31 2016-03-31 Communication equipment and method for authenticating in process of switching from LTE (Long term evolution) to WLAN (Wireless local area network) Active CN107295512B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201610200908.6A CN107295512B (en) 2016-03-31 2016-03-31 Communication equipment and method for authenticating in process of switching from LTE (Long term evolution) to WLAN (Wireless local area network)

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201610200908.6A CN107295512B (en) 2016-03-31 2016-03-31 Communication equipment and method for authenticating in process of switching from LTE (Long term evolution) to WLAN (Wireless local area network)

Publications (2)

Publication Number Publication Date
CN107295512A CN107295512A (en) 2017-10-24
CN107295512B true CN107295512B (en) 2021-01-08

Family

ID=60087454

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201610200908.6A Active CN107295512B (en) 2016-03-31 2016-03-31 Communication equipment and method for authenticating in process of switching from LTE (Long term evolution) to WLAN (Wireless local area network)

Country Status (1)

Country Link
CN (1) CN107295512B (en)

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102238544A (en) * 2010-05-06 2011-11-09 中兴通讯股份有限公司 Mobile network authentication method and system
CN103906056A (en) * 2012-12-26 2014-07-02 中国电信股份有限公司 Unified certification method under hybrid networking and system thereof

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20120159151A1 (en) * 2010-12-21 2012-06-21 Tektronix, Inc. Evolved Packet System Non Access Stratum Deciphering Using Real-Time LTE Monitoring
CN103139754B (en) * 2011-12-02 2015-08-05 中国移动通信集团上海有限公司 A kind of method of network attachment, Apparatus and system
CN102595405A (en) * 2012-01-21 2012-07-18 华为技术有限公司 Authentication method, system and equipment for network access
WO2013181847A1 (en) * 2012-06-08 2013-12-12 华为技术有限公司 Method, apparatus and system for wlan access authentication

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102238544A (en) * 2010-05-06 2011-11-09 中兴通讯股份有限公司 Mobile network authentication method and system
CN103906056A (en) * 2012-12-26 2014-07-02 中国电信股份有限公司 Unified certification method under hybrid networking and system thereof

Also Published As

Publication number Publication date
CN107295512A (en) 2017-10-24

Similar Documents

Publication Publication Date Title
US8600353B2 (en) Methods and arrangements for communication channel re-establishment
KR101700448B1 (en) Method and system for managing security in mobile communication system
KR101737425B1 (en) Mehthod and apparatus for managing security in a mobiel communication system supporting emergency call
US11089522B2 (en) Method and device for accessing a network, and user equipment
CN109104394A (en) Conversation processing method and equipment
CN102917332B (en) Method and device for achieving attachment of mobile equipment
CN102905266B (en) Mobile equipment (ME) attaching method and device
WO2013082984A1 (en) Method for attaching e-utran and mobility management entity
JP2012524469A (en) Emergency call processing by authentication procedure in communication network
WO2016029953A1 (en) User equipment identity valid for heterogeneous networks
CN101426202A (en) Method, device and system for network switching implementation
US11483744B2 (en) Methods and computing device for splitting traffic across multiple accesses
CN107211473B (en) Communication method, user equipment and base station
CN107295511B (en) WLAN terminal, base station and method for controlling switching from LTE network to WLAN network
EP2486749A1 (en) Method and arrangement in a telecommunication system
CN113676904A (en) Slice authentication method and device
US10959097B1 (en) Method and system for accessing private network services
CN101516121B (en) Method for transmitting switching information of base station, system and device thereof
CN113784346A (en) Authentication and authorization method and device
CN107295512B (en) Communication equipment and method for authenticating in process of switching from LTE (Long term evolution) to WLAN (Wireless local area network)
US11576232B2 (en) Method for establishing a connection of a mobile terminal to a mobile radio communication network and communication network device
KR101954397B1 (en) Method for packet barring in LTE mobile communication system and, system therefor
CN109842879B (en) Call switching method and device
CN111542094B (en) RRC connection reestablishment method, RRC connection recovery method, computer-readable storage medium, and base station
KR20100021690A (en) Method and system for supporting authentication and security protected non-access stratum protocol in mobile telecommunication system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
CB03 Change of inventor or designer information

Inventor after: Fan Wei

Inventor before: Deng Yun

CB03 Change of inventor or designer information
GR01 Patent grant
GR01 Patent grant