CN111866778B

CN111866778B - Authentication method, equipment and system based on roaming scene

Info

Publication number: CN111866778B
Application number: CN201910357320.5A
Authority: CN
Inventors: 代勇波
Original assignee: Huawei Technologies Co Ltd
Current assignee: Huawei Technologies Co Ltd
Priority date: 2019-04-29
Filing date: 2019-04-29
Publication date: 2022-04-05
Anticipated expiration: 2039-04-29
Also published as: CN111866778A

Abstract

The embodiment of the application provides an authentication method, equipment and a system based on a roaming scene, wherein the method comprises the following steps: the charging equipment receives a consumption state request sent by a policy function entity, wherein the consumption state request comprises indication information used for indicating the position of a visited place of a terminal, and the consumption state request is a message generated by the policy function entity when the terminal requests to establish a data service; the charging equipment determines the current roaming country of the terminal according to the indication information; the charging equipment performs roaming authentication on the terminal according to the roaming authentication information of the terminal and the current roaming country, wherein the roaming authentication information is used for indicating the country in which the terminal can roam; the charging equipment sends a consumption state response to the policy function entity, wherein the consumption state response comprises a roaming authentication result of the terminal. The embodiment of the application can reduce the international roaming settlement loss of the home location operator based on the data service.

Description

Authentication method, equipment and system based on roaming scene

Technical Field

The embodiment of the application relates to the technical field of mobile communication, in particular to an authentication method, equipment and a system based on a roaming scene.

Background

The third Generation Partnership Project (3rd Generation Partnership Project, 3GPP) standard defines a Policy and Charging Control (PCC) architecture that enables Policy and Charging Control of IP Connectivity Access Network (IP-CAN) sessions when a terminal accesses a Packet Data Network (PDN).

For the international roaming online charging process, when the terminal roams in other countries, the data service request is triggered to return to the data service network element of the operator of the user home country to determine whether the terminal can perform roaming service. Fig. 1 is a roaming authentication procedure provided in the prior art provided in the present application. As shown in fig. 1, the GPRS service support node sends a Packet Data Protocol (PDP) activation request to a Policy and Charging Enforcement Function (PCEF). The PCEF sends an Initial Credit Control Request (CCR-Initial) to a Policy and Charging Rules Function (PCRF). The PCRF sends a consumption control Request (SLR) to an Online Charging System (OCS), which obtains a charge quota report from a Policy Counter (Policy Counter). The OCS returns a charge Limit report in a consumption control Answer (SLA). And the PCRF informs the PCEF of installing the initial policy rules according to the received charge quota report. The PCEF continuously sends a CCR-Initial request to the OCS, after the OCS completes the user state authentication, a default virtual rate group (configured by an operator) is used for carrying out reverse calculation, whether the balance of a terminal user, free resources and the like meet the requirement of using the roaming data service is judged, and if the balance and the free resources meet the requirement, the roaming authentication is passed. And the OCS returns the authentication success in the CCA-Initial message. And the PCEF returns the authentication result to the GPRS service supporting node, and after the authentication is successful, the PDP connection is successfully established. A terminal user initiates an actual data Service Request to a PCEF, the PCEF sends an updated Credit Control Request (CCR-Update) to an OCS, the Request carries a real rate group, the OCS performs back-calculation reservation according to the real rate group, and calculates an authorized Service volume (GSU). The OCS issues GSUs to the PCEF in an updated Credit Control Answer (CCA-Update). The PCEF allows the end-user to use the data service based on the received GSU.

However, when roaming authentication is performed through the virtual rate group, and a PDP connection is established after the roaming authentication is successful, but when the real rate group and the virtual rate group are different and cannot be reserved, the terminal still cannot use the data service, but after the PDP connection is established, a charging ticket with a small flow is usually generated in a data service network element of an operator in the roaming country, and therefore, the operator in the home country needs to pay the international roaming fee to the operator in the roaming country, thereby generating a large loss of the international roaming settlement fee.

Disclosure of Invention

The embodiment of the application provides an authentication method, equipment and a system based on a roaming scene so as to reduce the international roaming settlement loss of a home operator based on data services.

In a first aspect, an embodiment of the present application provides an authentication method based on a roaming scenario, which includes:

the charging equipment receives a consumption state request sent by a policy function entity, wherein the consumption state request comprises indication information used for indicating the position of a visited place of a terminal, and the consumption state request is a message generated by the policy function entity when the terminal requests to establish data service connection; the consumption state request is used for requesting the charging device for the charge quota state of the user corresponding to the terminal, and the consumption state request can also be called a consumption control request or a subscription request;

the charging equipment determines the current roaming country of the terminal according to the indication information; when the visiting position of the terminal indicated by the indication message is a home location, determining that the terminal is in a non-roaming state, and when the visiting position of the terminal indicated by the indication message is a current roaming country, determining that the terminal is in a roaming state;

the charging equipment performs roaming authentication on the terminal according to roaming authentication information of the terminal and the current roaming country, wherein the roaming authentication information is used for indicating the country in which the terminal can roam; the roaming authentication information can be obtained according to the subscription information of the user at the home location operator, or the roaming authentication information can be obtained based on the affiliated products ordered by the user; the roaming authentication information can also be called roaming authentication plan or roaming authentication rule, etc.;

the charging equipment sends a consumption state response to the strategy functional entity, the consumption state response comprises a roaming authentication result of the terminal, wherein the roaming authentication result is associated with whether the data service connection can be established, and if the roaming authentication result is used for indicating that the roaming authentication fails, the data service connection is failed to be established; the consumption status answer may also be referred to as a consumption control answer or a subscription answer, etc.

Because the charging equipment of the embodiment of the application performs roaming authentication after receiving the consumption state request, compared with the prior art, the charging equipment does not perform roaming authentication according to the default virtual rate group after receiving the initial credit control request, does not need to transmit the initial credit control request and the initial credit control response twice after completing the user state authentication, and can complete authentication only by transmitting the initial credit control request and the initial credit control response once, thereby performing authentication as early as possible, reducing the message interaction flow and improving the network use efficiency. The online charging equipment performs roaming authentication based on the roaming authentication information without using a default virtual rate group, thereby avoiding the authentication result difference caused by the inconsistency of the real RG and the virtual RG, avoiding the establishment of invalid service connection and improving the accuracy of the roaming authentication.

In one possible design, the indicating information includes a mobile country code, where the mobile country code is used to indicate a country in which the terminal is currently located, and the determining, by the charging device, the current roaming country in which the terminal is located according to the indicating information includes:

and the charging equipment determines the current roaming country of the terminal according to the indication information and a country code comparison table, wherein the country code comparison table is used for indicating the corresponding relation between the mobile country code and the country. Different countries have different mobile country codes, and the corresponding relation indicated by the country code comparison table can be realized through a table or a function mapping.

In the embodiment of the application, the current roaming country of the terminal is determined by the mobile country code, and the position of the terminal can be quickly and accurately acquired, so that the authentication accuracy is improved.

In one possible design, the consumption status request includes first indication information and/or second indication information, the first indication information and the second indication information each include the mobile country code, the first indication information is gateway-based indication information, and the second indication information is location area-based indication information.

The embodiment of the application provides multiple ways of obtaining the mobile country code, for example, the first indication information may be obtained based on a gateway, and/or the second indication information may be obtained based on a location area, so that the charging device may obtain and accurately obtain the current roaming country of the terminal, thereby performing accurate authentication.

In one possible design, the roaming authentication information includes a roaming indicator and a roaming location corresponding to the roaming indicator, where the roaming indicator is used to indicate whether the terminal can roam at the roaming location, and the roaming location includes at least one of: country, group of countries.

The embodiment of the application comprises the roaming indicator and the roaming position corresponding to the roaming indicator through the roaming authentication information. The roaming indicator is used for indicating whether the terminal can roam at the roaming position or not, indication is carried out in a simple and rapid mode, meanwhile, the charging equipment can rapidly identify the position where the terminal can roam, and authentication efficiency is improved.

In one possible design, the roaming indicator corresponds to a first roaming list, where the roaming indicator is used to indicate that the terminal is not roaming in a roaming location in the first roaming list, and the charging apparatus performs roaming authentication on the terminal according to roaming authentication information of the terminal and the current roaming country, where the roaming authentication includes:

the charging equipment judges whether the current roaming country is located in the roaming list or not;

if yes, the charging equipment determines that the terminal roaming authentication fails according to the roaming indicator.

The embodiment of the application comprises the roaming indicator and the roaming position corresponding to the roaming indicator through the roaming authentication information. The roaming indicator is used for indicating that the terminal can not roam at the roaming position in the first roaming list, the indication is carried out in a simple and fast mode, meanwhile, the charging equipment can rapidly identify the position where the terminal can roam, and the authentication efficiency is improved.

In one possible design, the roaming indicator corresponds to a second roaming list, where the roaming indicator is used to indicate that the terminal can roam at a roaming location in the second roaming list, and the charging apparatus performs roaming authentication on the terminal according to roaming authentication information of the terminal and the current roaming country, including:

if not, the charging equipment determines that the terminal roaming authentication fails according to the roaming indicator.

The embodiment of the application comprises the roaming indicator and the roaming position corresponding to the roaming indicator through the roaming authentication information. The roaming indicator is used for indicating the roaming indicator to indicate that the terminal can roam at the roaming position in the second roaming list, and the indication is carried out in a simple and quick mode, and meanwhile, the charging equipment can quickly identify the position where the terminal can roam, so that the authentication efficiency is improved.

In a second aspect, an embodiment of the present application provides an authentication method based on a roaming scenario, including:

a policy function entity sends a consumption state request to charging equipment, wherein the consumption state request comprises indication information used for indicating the position of a visited place of a terminal, and the consumption state request is a message generated by the policy function entity when the terminal requests to establish data service connection;

and the policy function entity receives a consumption state response sent by the charging equipment, wherein the consumption state response comprises a roaming authentication result of the terminal, the roaming authentication result is associated with whether the data service connection can be established, and if the roaming authentication result is used for indicating that the roaming authentication fails, the data service connection is failed to be established.

The charging equipment performs roaming authentication after receiving the consumption state request, does not need to send the initial credit control request and the initial credit control response twice, and can complete authentication only by sending the initial credit control request and the initial credit control response once, so that the authentication can be performed as early as possible, the message interaction process is reduced, and the network use efficiency is improved. The online charging equipment performs roaming authentication based on the roaming authentication information without using a default virtual rate group, thereby avoiding the authentication result difference caused by the inconsistency of the real RG and the virtual RG, avoiding the establishment of invalid service connection and improving the accuracy of the roaming authentication.

In one possible design, the indication information includes a mobile country code indicating a country in which the terminal is currently located.

In one possible design, the consumption status request includes first indication information and second indication information, the first indication information and the second indication information both include the mobile country code, the first indication information is gateway-based indication information, and the second indication information is location area-based indication information.

In one possible design, before the policy function entity sends the consumption control request to the charging device, the policy function entity further includes:

the policy function entity receives a credit control request sent by a policy enforcement entity, wherein the credit control request comprises the indication information for indicating the location of the visited place of the terminal;

after the policy function entity receives the consumption control response sent by the charging device,

and the strategy functional entity sends a credit control response to the strategy execution entity, wherein the credit control response comprises a roaming authentication result of the terminal.

In a third aspect, an embodiment of the present application provides an authentication device based on a roaming scenario, including:

a receiving module, configured to receive a consumption state request sent by a policy function entity, where the consumption state request includes indication information used for indicating a location of a visited point of a terminal, and the consumption state request is a message generated by the policy function entity when the terminal requests to establish a data service connection;

the processing module is used for determining the current roaming country of the terminal according to the indication information;

the processing module is further configured to perform roaming authentication on the terminal according to roaming authentication information of the terminal and the current roaming country, where the roaming authentication information is used to indicate a country where the terminal can roam;

a sending module, configured to send a consumption state response to the policy function entity, where the consumption state response includes a roaming authentication result of the terminal, where the roaming authentication result is associated with whether the data service connection can be established, and if the roaming authentication result is used to indicate that the roaming authentication fails, the data service connection is failed to be established.

and the charging equipment determines the current roaming country of the terminal according to the indication information and a country code comparison table, wherein the country code comparison table is used for indicating the corresponding relation between the mobile country code and the country.

In one possible design, the roaming indicator corresponds to a first roaming list, and the roaming indicator is configured to indicate that the terminal is not roaming in a roaming location in the first roaming list, and the processing module is specifically configured to:

judging whether the current roaming country is in the roaming list;

and if so, determining that the terminal roaming authentication fails according to the roaming indicator.

In one possible design, the roaming indicator corresponds to a second roaming list, and the roaming indicator is configured to indicate that the terminal may roam at a roaming location in the second roaming list, and the processing module is specifically configured to:

judging whether the current roaming country is in the roaming list;

if not, determining that the terminal roaming authentication fails according to the roaming indicator.

In a fourth aspect, an embodiment of the present application provides an authentication device based on a roaming scenario, including:

a sending module, configured to send a consumption state request to a charging device, where the consumption state request includes indication information used to indicate a location of a visited place of a terminal, and the consumption state request is a message generated by the policy function entity when the terminal requests to establish a data service connection;

a receiving module, configured to receive a consumption state response sent by the charging device, where the consumption state response includes a roaming authentication result of the terminal, where the roaming authentication result is associated with whether the data service connection can be established, and if the roaming authentication result is used to indicate that the roaming authentication fails, the data service connection is failed to be established.

In a possible design, the receiving module is further configured to receive a credit control request sent by a policy enforcement entity before the policy function entity sends a consumption control request to a charging device, where the credit control request includes the indication information for indicating the visited location of the terminal;

the sending module is further configured to send a credit control response to the policy enforcement entity after receiving the consumption control response sent by the charging device, where the credit control response includes a roaming authentication result of the terminal.

In a fifth aspect, an embodiment of the present application provides an authentication device based on a roaming scenario, including: a memory for storing a computer program and a processor for calling and running the computer program from the memory, such that the processor runs the computer program to perform the roaming scenario-based authentication method as set forth in the first aspect or various possible designs of the first aspect.

In a sixth aspect, an embodiment of the present application provides a storage medium, where the storage medium includes a computer program, and the computer program is configured to implement the authentication method based on a roaming scenario according to the first aspect or various possible designs of the first aspect.

In a seventh aspect, an embodiment of the present application provides an authentication device based on a roaming scenario, including; a memory for storing a computer program and a processor for calling and running the computer program from the memory, so that the processor runs the computer program to execute the roaming scenario-based authentication method according to the second aspect or various possible designs of the second aspect.

In an eighth aspect, embodiments of the present application provide a storage medium including a computer program, where the computer program is used to implement the authentication method based on roaming scenarios as described in the second aspect or various possible designs of the second aspect.

In a ninth aspect, an embodiment of the present application provides an authentication system based on a roaming scenario, where the system includes a policy function entity and a charging device, where the charging device is configured to perform the method according to the first aspect or various possible designs of the first aspect, and the policy function entity is configured to perform the method according to the second aspect or various possible designs of the second aspect.

In one possible design, the system further includes a business device and a policy enforcement entity; wherein

The service equipment is used for sending a data service activation request to the policy enforcement entity, wherein the data service activation request is used for indicating the establishment of data service connection of a terminal;

the policy enforcement entity is configured to send a credit control request to the policy function entity after receiving the service activation request, where the credit control request includes indication information for indicating a location of a visited place of the terminal;

the policy function entity is configured to send a consumption state request to the charging device after receiving the credit control request, where the consumption state request includes the indication information;

the charging device is used for determining the current roaming country of the terminal according to the indication information after receiving the credit control request, performing roaming authentication on the terminal according to the roaming authentication information of the terminal and the current roaming country, and sending a consumption state response to the policy function entity after the roaming authentication is finished, wherein the consumption state response comprises a roaming authentication result of the terminal;

the policy function entity is further configured to send a credit control response to the policy enforcement entity after receiving the consumption status response, where the credit control response includes a roaming authentication result of the terminal;

the policy enforcement entity is further configured to send a data service activation response to the service device after receiving the credit control response, where the data service activation response includes a roaming authentication result of the terminal;

the service equipment is further configured to receive the data service activation response and return a data service connection establishment result to the terminal, where the service connection result is used to indicate that the data service connection establishment fails if the roaming authentication result is used to indicate that the roaming authentication fails.

The authentication method, the authentication equipment and the authentication system based on the roaming scene provided by the embodiment of the application have the advantages that a consumption state request sent by a policy function entity is received through the charging equipment, the consumption state request comprises indication information used for indicating the position of a visited place of a terminal, and the charging equipment determines the current roaming country of the terminal according to the indication information; the charging equipment performs roaming authentication on the terminal according to the roaming authentication information of the terminal and the current roaming country, and sends a consumption state response to the policy function entity, wherein the consumption state response comprises a roaming authentication result of the terminal.

Drawings

Fig. 1 is a roaming authentication procedure provided in the prior art provided in the present application;

fig. 2A is a schematic diagram illustrating an architecture of a roaming system according to an embodiment of the present application;

fig. 2B is a schematic diagram illustrating an architecture of a roaming system according to an embodiment of the present application;

fig. 2C is a schematic diagram illustrating an architecture of a roaming system according to an embodiment of the present application;

fig. 3 is a signaling diagram of an authentication method based on a roaming scenario according to an embodiment of the present application;

fig. 4 is a signaling diagram of an authentication method based on a roaming scenario according to an embodiment of the present application;

fig. 5 is a signaling diagram of an authentication method based on a roaming scenario according to an embodiment of the present application;

fig. 6 is a signaling diagram of an authentication method based on a roaming scenario according to an embodiment of the present application;

fig. 7 is a schematic diagram illustrating an embodiment of acquiring roaming authentication information according to the present application;

fig. 8 is a schematic structural diagram of an authentication apparatus based on a roaming scenario according to an embodiment of the present application;

fig. 9 is a schematic structural diagram of an authentication apparatus based on a roaming scenario according to an embodiment of the present application;

fig. 10 is a schematic diagram of a hardware structure of a charging device according to an embodiment of the present application;

fig. 11 is a schematic hardware structure diagram of a policy function entity according to an embodiment of the present application.

Detailed Description

The network architecture and the service scenario described in the embodiment of the present application are for more clearly illustrating the technical solution of the embodiment of the present application, and do not form a limitation on the technical solution provided in the embodiment of the present application, and as a person of ordinary skill in the art knows that along with the evolution of the network architecture and the appearance of a new service scenario, the technical solution provided in the embodiment of the present application is also applicable to similar technical problems.

Fig. 2A is a schematic structural diagram of a roaming system according to an embodiment of the present application. As shown in fig. 2A, the roaming system includes a policy function entity, a policy enforcement entity, and a charging apparatus.

The embodiment of the application is mainly used for charging control of data services. When establishing the data service, the policy function entity is responsible for making policy decision and charging rule. For example, providing network Control rules based on data traffic, such as detection, Gating (Gating Control), Quality of Service (QoS) Control, etc. of traffic data. And the policy execution entity executes the policy and the charging rule formulated by the policy function entity on the bearing surface. And the charging device is used for charging the service data.

The framework of the roaming system provided by the embodiment can be applied to various communication systems. For example, the present invention may be applied to the third Generation Partnership Project (3 GPP), the next Generation mobile communication system (next Generation system) network architecture, which is referred to as the fifth Generation (5G) network architecture, or other system architectures, which are not limited in particular.

In the first communication system, the first communication system may be, for example, a 3G communication system, the Policy Function entity may be a Policy and Charging Rules Function (PCRF), the Policy Enforcement entity may be a Policy and Charging Enforcement Function (PCEF), and the Charging device may be a Charging system.

In the second communication system, the second communication system may be, for example, a 5G communication system, the Policy Function entity may be a Policy Control Function (PCF), the Policy enforcement entity may be a Session Management Function (SMF), and the CHarging device may be a CHarging Function (CHF).

The first communication system is described in detail below with reference to fig. 2B, and the second communication system is described in detail with reference to fig. 2C.

Fig. 2B is a schematic structural diagram of a roaming system according to an embodiment of the present application. Fig. 2B shows an Evolved Packet System (EPS) architecture diagram given by the third Generation Partnership Project (3rd 3 GPP). In fig. 2B, the HPLMN represents the home network and the VPLMN represents the visited network. Terminals may roam between Public Land Mobile Networks (PLMNs).

In a possible implementation manner, the embodiments of the present application concern implementation of Policy and Charging Control (PCC), that is, Policy and Charging Control of an IP connection Access Network (IP-CAN) session established for a terminal to Access a Packet Data Network (PDN), that is, services related to the embodiments of the present application are mainly Data services. For the implementation of PCC, including multiple functional entities, the role of each functional entity is illustrated in the following with reference to fig. 2.

A Policy and Charging Rules Function (PCRF) for taking charge of Policy decision and Charging Rules. The PCRF provides traffic data flow-based network Control rules, which may include detection of traffic data flow, Gating (Gating Control), Quality of Service (QoS) Control, and data flow-based charging rules, among others. The PCRF sends the formulated Policy and Charging rules to a Policy and Charging Enforcement Function (PCEF) for Enforcement, wherein an interface between the PCEF and the PCRF is a Gx interface. The basis for formulating the policy and charging rules by the PCRF comprises the following steps: information related to a service obtained from an Application Function (AF), user Subscription information related to policy control and charging obtained from a Subscription database (SPR), and information related to a bearer network obtained from a PCEF through a Gx interface.

A Policy and Charging Enforcement Function (PCEF), typically located in a gateway (gateway-Way, GW), enforces Policy and Charging rules formulated by the PCRF on the bearer plane. The PCEF detects the service data flows according to service data flow filters in rules sent by the PCRF, and then executes policy and charging rules formulated by the PCRF on the service data flows; when the load is established, the PCEF carries out resource allocation according to the rule sent by the PCRF and carries out gating control according to the information provided by the AF; meanwhile, the PCEF triggers and reports events occurring on the bearing network according to the events subscribed by the PCRF; according to the charging rules sent by the PCRF, the PCEF performs a corresponding service data flow charging operation, and the charging may be either online charging or offline charging. In the embodiment of the present application, the entity for charging may be a charging device, such as an online charging device or an offline charging device. The Online Charging device may be an Online Charging System (OCS) in a 3GPP standard specification, and the Offline Charging device may be an Offline Charging System (OFCS) in the 3GPP standard specification. If online charging is performed, the PCEF needs to perform credit management together with the OCS; when off-line charging, relevant charging information is exchanged between the PCEF and the OFCS. In this embodiment, for convenience of description, the online charging device is taken as an OCS for detailed description.

The Traffic Detection Function (TDF) may be provided by the PCEF, or may be deployed independently. When deployed independently, i.e. the TDF entity, the TDF interacts with the PCRF over the Sd interface before. The service Detection function is to perform Application Detection and policy enforcement (such as gating, redirection, and bandwidth limitation) according to a local configuration or an Application Detection Control policy (ADC) rule issued by the PCRF, report related events and information of a detected service/flow to the PCRF (for example, report start and end of the detected service/flow to the PCRF), send a service data flow description to the PCRF, and transmit a signaling of the service Detection and policy rule for flow Detection from the PCRF.

The Subscription Profile Repository (SPR) may be integrated with the User Data Repository (UDR). The SPR stores subscriber policy charging control subscription information related to policy control and charging. The interface between the SPR and the PCRF is an Sp interface.

A Bearer Binding and Event Reporting Function (BBERF) entity is typically located in an Access Network Gateway (Access Network Gateway). The PCRF issues a Quality of Service (QoS) rule to the BBERF through the Gxx interface, and the BBERF does not interact charging information with the charging system and is only responsible for bearing binding and reporting of related events.

An Application Function (AF) exists in an IP (internet protocol) service network of an operator, and is used to provide an access point for service Application. The network resources used by these business applications require dynamic policy control. And when the service plane carries out parameter negotiation, the AF transmits the related service information to the PCRF. If the service information is consistent with the policy of the PCRF, the PCRF accepts the negotiation; otherwise, the PCRF refuses the negotiation and gives out service parameters acceptable by the PCRF during feedback. The AF may then return these parameters to the terminal. Wherein, the interface between the AF and the PCRF is an Rx interface.

The OCS and the PCEF together complete the control and management of the user credit in an online charging mode. And charging information is interacted between the OCS and the PCEF through a Gx interface. The OFCS and the PCEF together complete the charging operation in the offline charging mode. And the OFCS and the PCEF exchange charging information through a Gz interface.

In the embodiment of the present application, the Sy interface, the Gy interface, and the Gx interface are mainly referred to. The Sy interface is located between a Policy and Charging Rules Function (PCRF) and an Online Charging System (OCS), and is used for requesting state information of a policy counter from the PCRF to the OCS or notifying state change of the policy counter from the OCS to the PCRF. The Gy interface is a prepaid control interface and is located between the Policy and Charging Enforcement Function (PCEF) and the Online Charging System (OCS). The Gx interface is a request and issue charging rule interface, and is located between a Policy and Charging Rules Function (PCRF) and a Policy and Charging Enforcement Function (PCEF).

Fig. 2C is a schematic structural diagram of a roaming system according to an embodiment of the present application. Fig. 2C shows a system architecture of 5G, and those skilled in the art will understand that the PCF may function similarly to a PCRF, the SMF may function similarly to a PCEF, and the CHF may function similarly to a charging system in 3G. For the functions of each entity, this embodiment is not described herein again. Wherein, the charging interface of the 5G data service and the interface with PCF both adopt SBI interfaces.

In a specific implementation process, when receiving a Packet Data Unit Session (PDU Session) establishment or a service request, the SMF sends a charging request to the CHF, where the charging request performs the following functions: charging is started by requesting to establish a charging session, reserving service quota (only online charging), and reporting charging information. In the process of using the service by the user, the SMF records the information of the service (such as service usage duration, or traffic statistics, etc.), detects the reporting condition and manages the usage of quota, and when the reporting condition is satisfied, such as: when the user position changes, the QoS of the user service flow changes, or the quota is used up and out of date, the information is sent to the CHF, and the service information and the quota use information of the user are reported. When the SMF finishes the PDU session, the SMF requests CHF to finish charging.

Based on the problems that the charging system in the prior art performs authentication according to the virtual rate group, accurate authentication of data service roaming charging cannot be performed, and the international roaming settlement income loss is large, the embodiment of the application provides an authentication method based on a roaming scene.

Fig. 3 is a signaling diagram of an authentication method based on a roaming scenario according to an embodiment of the present application. As shown in fig. 3, the method includes:

s301, the service device sends a data service activation request to the policy enforcement entity.

When a user's terminal roams to another country and prepares to use a data service at a visited place, the terminal needs to establish a connection related to the data service to ensure that data is transmitted in an IP format. The service equipment of the visit place transmits the service activation request to the service equipment of the home place, and the service equipment of the home place transmits a data service activation request to the strategy execution entity so as to establish service connection. Or, the service device at the visited place may also directly forward the activation request to the policy enforcement entity at the home place to establish the service connection. The service device may be a GPRS service support device or a session management function entity. The service connection may be, for example, establishing a Packet Data Protocol (PDP) connection or establishing a PDU Session.

S302, the strategy executing entity sends an initial credit control request to the strategy functional entity.

The initial credit control request carries the position information of the terminal, and the initial credit control request is used for requesting the flow distribution.

And S303, the policy function entity sends a consumption state request to the charging equipment, wherein the consumption state request comprises indication information for indicating the position of the visited place of the terminal.

The consumption status request is used to request the charging device for the status of the charge limit in the policy statistics of the user. The Policy Counter may be used to track the user's consumption, such as tracking the total amount of traffic usage for the user's current month. The policy counter is capable of determining a charge quota state based on the tracking result, the charge quota state being used to indicate whether the consumption of the user reaches a threshold, and when the consumption of the user reaches the threshold, the charge quota state is reported to the policy function entity by the charging device.

The consumption state request also comprises indication information used for indicating the visit place position of the terminal. The indication information may include a location identifier of the terminal and may also include a mobile country code indicating a country in which the terminal is currently located.

For example, in some communication systems, the consumption status Request may also be referred to as a consumption control Request (SLR), or as a subscription Request.

And S304, the charging equipment determines the current roaming country of the terminal according to the indication information.

The charging apparatus determines whether the terminal is roaming after receiving the consumption state request. When the visiting position of the terminal indicated by the indication message is the home location, the terminal is in a non-roaming state, and when the visiting position of the terminal indicated by the indication message is the current roaming country, the terminal is in a roaming state, and accordingly the charging equipment authenticates the roaming state of the terminal.

S305, the charging equipment performs roaming authentication on the terminal according to the roaming authentication information of the terminal and the current roaming country.

And after determining the current roaming country of the terminal, the charging equipment performs roaming authentication on the terminal according to the roaming authentication information. The roaming authentication information can be obtained according to subscription information of the user in the home operator. The roaming authentication information may also be obtained based on the accessory product ordered by the user. The roaming authentication information is used to indicate countries where the terminal can roam. The roaming authentication information may also be referred to as a roaming authentication plan or a roaming authentication rule, etc. The roaming authentication information may be pre-stored in the charging device after the user subscribes to the corresponding roaming product or service, or may be sent to the charging device by other devices, and then the charging device pre-stores the roaming authentication information.

If the current roaming country of the terminal belongs to the country which the terminal can roam and indicated by the roaming authentication information, the roaming authentication of the terminal is successful, and if the current roaming country of the terminal does not belong to the country which the terminal can roam and indicated by the roaming authentication information, the roaming authentication of the terminal is failed.

S306, the charging device sends a consumption state response to the policy function entity, wherein the consumption state response comprises a roaming authentication result of the terminal.

And after obtaining the authentication result, the charging equipment sends a consumption state response to the policy function entity. The consumption state response comprises a roaming authentication result of the roaming authentication of the terminal by the charging equipment.

When the authentication of the charging equipment to the terminal fails, the charging equipment does not acquire the charge quota state through the strategy statistics device, but directly returns the authentication failure in the consumption state response.

In some communication systems, the consumption status response may also be referred to as a consumption control response (SLA) or subscription response, etc.

Because the charging equipment of the embodiment of the application performs roaming authentication after receiving the consumption state request, compared with the prior art, the roaming authentication is performed according to the default virtual rate group instead of the received initial credit control request (CCR-initial) after completing the user state authentication, the authentication can be completed only by sending one initial credit control request and one initial credit control response without sending two initial credit control requests and initial credit control responses, the authentication is performed as early as possible, the message interaction flow is reduced, and the network use efficiency is improved. The online charging equipment performs roaming authentication based on the roaming authentication information without using a default virtual rate group, thereby avoiding the authentication result difference caused by the inconsistency of the real RG and the virtual RG, avoiding the establishment of invalid service connection and improving the accuracy of the roaming authentication.

S307, the strategy functional entity sends an initial credit control response to the strategy execution entity.

The initial credit control response includes a roaming authentication result of the terminal. The roaming authentication result is used for indicating whether the charging equipment successfully authenticates the terminal.

S308, the strategy execution entity sends a data service activation response to the visit place equipment.

When authentication fails, the policy function entity sends an initial credit control response to the policy enforcement entity, a roaming authentication result in the initial credit control response is used for indicating authentication failure, at the moment, the policy enforcement entity sends an activation response to service equipment in a home location for indicating authentication failure, the service equipment in the home location sends a message of service data connection establishment failure to the service equipment in the visited location, and the service equipment in the visited location feeds back a final service data connection establishment result to the terminal. When authentication fails, the service data connection of the terminal is failed to be established, and the terminal cannot use the data service, data flow cannot be generated, and a roaming data service bill cannot appear.

According to the authentication method based on the roaming scene, the consumption state request sent by the policy function entity is received through the charging equipment, the consumption state request comprises indication information used for indicating the position of the visited place of the terminal, and the charging equipment determines the current roaming country where the terminal is located according to the indication information; the charging equipment performs roaming authentication on the terminal according to the roaming authentication information of the terminal and the current roaming country, and sends a consumption state response to the policy function entity, wherein the consumption state response comprises a roaming authentication result of the terminal.

The following is a detailed description with reference to specific examples. First, the system architecture shown in fig. 2B is described.

Fig. 4 is a signaling diagram of an authentication method based on a roaming scenario according to an embodiment of the present application. As shown in fig. 4, the method includes:

s401, the GPRS service supporting device sends a PDP activation request to the PCEF.

When a user's terminal roams to another country and prepares to use a Data service at a visited place, the terminal needs to attach GPRS attach and activation of a Packet Data Protocol (PDP) context. The user information is registered through the attachment of GPRS, the mobility management is carried out on the user, and the activation process is used for activating an IP protocol and ensuring that data can be transmitted in an IP form.

In one possible implementation, the terminal of the roaming user sends a PDP context request to a Serving GPRS Support Node (SGSN) in the visited place (roaming country) requesting to establish a PDP session. The PDP context request carries the location information of the terminal. The SGSN of the visit place forwards the PDP context request to the GGSN of the user attribution place so as to initiate an access authentication process. In the embodiment of the present application, the related network elements include a GPRS service support device, a PCEF, a PCRF, and an OCS as network elements in a home network.

After receiving the PDP context Request sent by the GPRS service support equipment in the visited location, the GPRS service support equipment in the home location sends a PDP activation Request (PDP activation Request) to the PCEF, where the activation Request may include location information of the terminal. The PDP activation request is used to establish a PDP connection, and after the PDP establishes a connection, the terminal may perform a data service.

S402, the PCEF sends an initial credit control request to the PCRF.

After receiving the PDP activation Request, the PCEF sends an Initial Credit Control Request (CCR-Initial) to the PCRF over the Gx interface. The initial credit control request carries the position information of the terminal.

S403, the PCRF sends a consumption control request to the OCS, where the message control request includes indication information for indicating a location of a visited place of the terminal.

The PCRF sends a consumption control Request (SLR) to the OCS through the Sy interface. The SLR also includes indication information for indicating a location of a visited place of the terminal.

S404, the OCS determines the current roaming country of the terminal according to the indication information.

S405, the OCS performs roaming authentication on the terminal according to the roaming authentication information of the terminal and the current roaming country.

S406, the OCS sends a consumption control response to the PCRF, where the consumption control response includes a roaming authentication result of the terminal.

After obtaining the authentication result, the OCS sends a consumption control response (SLA) to the PCRF through the Sy interface, where the SLA includes a roaming authentication result of the terminal.

When the OCS fails to authenticate the terminal, the OCS can not acquire the charge quota state through the strategy statistics device, but directly returns authentication failure in the SLA.

S407, PCRF sends the initial credit control response to PCEF.

S408, the PCEF sends a PDP activation response to the GPRS service supporting equipment.

When the authentication fails, PCRF sends an initial credit control response to PCEF, the roaming authentication result in the initial credit control response is used for indicating the authentication failure, and the PCEF sends a PDP activation response to GPRS service supporting equipment at the moment for indicating the authentication failure. The GPRS service supporting equipment sends a PDP establishment failure message to the GPRS service supporting equipment at the visit place, so that the GPRS service supporting equipment at the visit place returns a PDP connection establishment failure to the terminal. Because the PDP connection is failed to be established, the terminal cannot be attached to the GPRS network, so that the terminal cannot use the data service, the data flow cannot be generated, and a roaming data service bill cannot appear. In one possible implementation, when the PDP activation fails, the terminal may attempt another PDP activation, and when the number of PDP activations exceeds a preset maximum number of activations, the terminal will terminate the PDP activation procedure. Because PDP is failed to establish, the terminal can not use data service, data flow can not be generated, and roaming data service bill can not occur.

The authentication method based on the roaming scene provided by the embodiment of the application can be applied to the communication framework shown in fig. 2B, because the OCS performs roaming authentication after receiving the SLR message, the authentication time is advanced, invalid message interaction is avoided, the network use efficiency is improved, the OCS performs authentication by using roaming authentication information, the roaming authentication accuracy is improved, invalid PDP connection is avoided being established, and the international roaming settlement loss caused by invalid PDP connection of a home operator is reduced.

In the embodiment shown in fig. 4, an implementation procedure of a possible authentication failure is given, and in combination with the embodiment shown in fig. 5, an implementation procedure of a successful authentication is given.

Fig. 5 is a signaling diagram of an authentication method based on a roaming scenario according to an embodiment of the present application, where the method shown in fig. 5 includes:

s501, the GPRS service supporting equipment sends a PDP activation request to the PCEF.

S502, the PCEF sends an initial credit control request to the PCRF.

S503, the PCRF sends a consumption control request to the OCS, where the message control request includes indication information for indicating a location of a visited place of the terminal.

S504, the OCS determines the current roaming country of the terminal according to the indication information.

And S505, the OCS performs roaming authentication on the terminal according to the roaming authentication information of the terminal and the current roaming country.

S506, the OCS sends a consumption control response to the PCRF, where the consumption control response includes a roaming authentication result of the terminal.

S501 to S506 in the present embodiment are similar to S401 and S406 in the embodiment shown in fig. 3, and this embodiment is not repeated herein. In this embodiment, when the OCS performs roaming authentication on the terminal according to the roaming authentication information of the terminal and the current roaming country, and the current roaming country of the terminal belongs to the roaming-capable country indicated by the roaming authentication information, the roaming authentication on the terminal is successful. And the OCS sends a consumption control response to the PCRF to indicate that the OCS successfully authenticates the roaming of the terminal. In this implementation, a possible implementation is given for the success of the authentication.

When the OCS successfully authenticates the terminal, the charge Limit status is obtained, and a charge Limit report is carried in a consumption control Answer (SLA), where the charge Limit report includes the charge Limit status.

When the PCRF makes a policy decision, the fee state of the subscriber needs to be considered. In order to support the policy decision function based on the subscriber, the OCS can maintain state information of a policy counter of the subscriber. When PCRF requests, reporting the value of policy statistics state information of the subscriber. When the state information of the policy counter of the subscriber changes, the changes are reported to the PCRF. The PCRF makes an internet access strategy according to the user consumption condition, for example, the user bandwidth is limited.

S507, the PCRF sends an initial credit control response to the PCEF.

The PCRF determines an Initial policy rule according to the received charge quota report, and sends an Initial Credit Control response (CCA-Initial) to the PCEF, wherein the Initial Credit Control response carries the Initial policy rule. The initial credit control response also comprises a roaming authentication result of the terminal. The roaming authentication result is used for indicating that the charging equipment successfully authenticates the terminal.

S508, the PCEF sends an initial credit control request to the OCS.

After receiving the CCA-Initial, the PCEF installs the Initial policy rules, and continues to send an Initial Credit Control request CCR-Initial to the charging system OCS through the Gy interface, where no multi-service Credit Control (MSCC) exists in the CCR-Initial. The multi-service credit control belongs to different rate groups, and the credit control of a plurality of services can be completed in one session. When no MSCC AVP is present in CCR-Initia, then no actual tariff group is reported.

S509, the OCS completes the user status authentication.

And after the OCS receives the CCR-Initial, the OCS performs user state authentication. The user status authentication may be used to determine whether the user's usage status is normal, for example, whether the user is in arrearage, whether the traffic is used up, and the like.

S510, the OCS sends an initial credit control response to the PCEF, and the authentication is indicated to be successful.

After the user status is successfully authenticated, the OCS sends an Initial Credit Control response (CCA-Initial) to the PCEF, which is used to indicate that the user status is successfully authenticated.

If the user state authentication fails, the CCA-Initial is used for indicating the user state authentication fails, and the PDP activation response is used for indicating the PDP establishment failure, so that no data traffic is generated, and no roaming data service bill occurs.

S511, PCEF sends PDP activation response to GPRS service supporting equipment.

If the user state is successfully authenticated, after receiving the CCA-Initial, the PCEF sends a PDP activation response to the GPRS service supporting equipment, wherein the PDP activation response (PDP ACK) is used for indicating that the authentication is successful and the PDP connection is successfully established.

S512, the GPRS service supporting equipment sends a data service request to the PCEF.

After the PDP connection is successfully created, the terminal initiates an actual data service request to the PCEF through the GPRS service support device.

S513, the PCEF sends an updated credit control request to the OCS, carrying the real rate group.

And S514, the OCS performs back-calculation reservation according to the real rate group, and calculates the authorized service volume.

S515, OCS sends updated credit control response to PCEF, which carries authorization service volume.

S516, the PCEF sends a data service response to the GPRS service supporting equipment.

The PCEF sends an updated Credit Control Request (CCR-Update) to the OCS, where the Request carries a real rate group, and the OCS performs back-calculation reservation according to the real rate group to calculate authorized traffic (GSU). The OCS issues GSUs to the PCEF in an updated Credit Control Answer (CCA-Update). The PCEF allows the end-user to use the data service based on the received GSU.

The authentication method based on the roaming scenario provided by the embodiment of the application receives a consumption control request sent by a PCRF through an OCS, wherein the consumption control request comprises indication information used for indicating the location of a visited place of a terminal, and the OCS determines the current roaming country of the terminal according to the indication information; the OCS performs roaming authentication on the terminal according to the roaming authentication information of the terminal and the current roaming country, because the OCS performs roaming authentication after receiving the SLR message, invalid message interaction is avoided, invalid PDP connection is established, the network use efficiency is improved, the OCS performs roaming authentication by using the roaming authentication information, the roaming authentication accuracy is improved, the risk of generating international roaming settlement income loss is reduced, after the roaming authentication is successful, after the user state is authenticated, after the PDP connection is established, the flows of reverse calculation reservation and the like are performed through a real rate group, the terminal use data service is realized, the method is similar to the flow of the existing flow after the authentication is performed through a virtual rate group, the method can be compatible with the existing flow, and the applicability of the scheme is improved.

The following description is made in conjunction with the system architecture shown in fig. 2C. Fig. 6 is a signaling diagram of an authentication method based on a roaming scenario according to an embodiment of the present application. The description of the same or similar steps can be found in the embodiments shown in fig. 3 and fig. 4, and the embodiment does not take much here. As shown in fig. 6, the method includes:

s601, the V-SMF sends a PDU session establishment request to the H-SMF.

In this embodiment, V represents a visited place and H represents a home place. When the terminal roams to a visit place, the terminal sends a PDU session establishment request to a wireless Access network of the visit place, the wireless Access network forwards the request to an Access and mobility Management Function (AMF) entity, the AMF entity sends the PDU session context request to the V-SMF, and then the V-SMF sends the PUD session establishment request to the H-SMF.

S602, the H-SMF sends an initial credit control request to the H-PCF.

S603, the H-PCF sends a subscription request to the H-CHF, wherein the subscription request comprises indication information used for indicating the visit place position of the terminal.

The subscription request is used to request the H-CHF for the status of the cost quota in the user's policy statistics. When the user's consumption reaches a threshold, it is reported by the H-CHF to the H-PCF.

The subscription request also comprises indication information used for indicating the visit place position of the terminal.

And S604, determining the current roaming country of the terminal according to the indication information by the H-CHF.

And S605, performing roaming authentication on the terminal by the H-CHF according to the roaming authentication information of the terminal and the current roaming country.

S606, H-CHF sends subscription response to H-PCF, the subscription response includes the roaming authentication result of the terminal.

S607, H-PCF sends initial credit control response to H-SMF.

As will be appreciated by those skilled in the art, the subscription request and subscription reply may also be referred to as an initial subscription request and an initial subscription reply. The initial credit control response includes a roaming authentication result of the terminal. The roaming authentication result is used for indicating whether the charging equipment successfully authenticates the terminal.

S608, the H-SMF sends a PDP session establishment response to the V-SMF.

And when the authentication fails, the H-PCF sends an initial credit control response to the H-SMF, wherein the roaming authentication result included in the initial credit control response is used for indicating the authentication failure, and the H-SMF sends a PDP session establishment response to the V-SMF at the moment and is used for indicating the authentication failure. The V-SMF sends a PDU session establishment failure message to an AMF entity of the visit place, and the AMF entity returns the PDU session establishment failure message to the terminal through the RAN. When authentication fails, the PDU session setup fails. Because PDU conversation is set up and failed, therefore the terminal station can't use the data traffic, there is not data traffic that produces, will not appear roaming the data traffic ticket either.

For the successful authentication procedure, similar to S507 and S516 in the embodiment shown in fig. 5, H-CHF corresponds to OCS, H-PCF corresponds to PCRF, and H-SMF corresponds to PCEF, except that a PDU session setup response is finally sent to V-SMF for H-SMF to indicate that the PDU session setup is successful.

As can be seen from the foregoing embodiments, in the embodiments of the present application, after receiving the CCR-Initial message, the PCRF determines that the CCR-Initial message includes terminal location information, adds indication information for indicating a location of a visited place of the terminal in a consumption status request sent to the charging device, and after the charging device receives the consumption status request including the indication information from the policy function entity, the charging device determines that the terminal roams according to the location of the visited place of the terminal, performs roaming authentication, and performs accurate authentication based on a current roaming country of the terminal and roaming authentication information subscribed by the user.

In a possible implementation manner, the indication information includes a mobile country code, the indication message may be a single message or multiple messages, for example, the consumption status request may further include first indication information and/or second indication information, and the first indication information and the second indication information each include a mobile country code. The first indication information is information obtained based on the gateway, and the second indication information is information obtained based on the location area, namely, the first indication information and the second indication information are divided according to different sources of the location.

When the terminal roams, the policy enforcement entity transmits the visited location of the terminal to the policy function entity through the following 2 Attribute Value Pair (AVP) fields in the CCR-Initial. The 2 AVPs correspond to the first indication information and the second indication information. The structures of the two AVPs can be seen in table one.

Watch 1

As shown in table one, when the first indication information is information obtained based on the gateway, when the terminal is in the GPRS attach state, the SGSN stores user information and location information related to the packet. The location register of the SGSN holds location information. In addition, in the mobile communication network (EPC), the location information may also be acquired through a Serving Gateway (SGW) and an Access Gateway (AGW), that is, the SGW or the AGW corresponds to a user plane function of the SGSN, and may be connected to the SGSN to transfer the location information.

The Mobile Country Code (MCC) is uniformly distributed and managed by International Telecommunications Union (ITU), and uniquely identifies the Country to which the Mobile subscriber belongs, and the number of the countries is 3. The Mobile Network Code (MNC) is used for identifying a Mobile communication Network to which a Mobile user belongs, and is composed of 2-3 digits.

When the second indication information is information obtained based on the location area of the user, the detailed location where the user is actually located may be obtained through the SAI or the CGI. For example, when a terminal accesses from a Base Station Subsystem (BSS), a Global identity (GCI) may be obtained, and when the terminal accesses from a Radio Network Subsystem (RNS), for example, a Radio Network Controller (RNC), a Service Area Identity (SAI) may be obtained. Wherein, the base station subsystem and the wireless network subsystem can be accessed to the SGSN to transmit the position information.

Therein, a global cell identity (CGI) may be used to identify cells within a location area. The CGI is MCC + MNC + LAC + CI, where MCC is a mobile country code, MNC is a mobile network number, LAC is a location area number, and CI is a cell identification code.

A Service Area Identity (SAI) is composed of a plurality of cells belonging to a plurality of location areas, and is used for identifying a terminal location on a Core Network (CN) side, where the SAI is MCC + MNC + LAC + SAC, where: SAC is a Service area code, identifying a Service area within a location area, which is a large concept, and a Service area may cover the territory of one or several countries. Several PLMN networks may be present in a service area at the same time.

In a possible implementation manner, the policy function entity determines that the CCR-Initial includes the two AVPs, that is, the CCR-Initial includes the terminal location information, and transmits the 2 AVPs in the consumption status request to the charging system. For example, the location of these 2 AVPs in the consumption status request may be as shown in table two.

Watch two

As shown in table two, the consumption status request in the embodiment of the present application is a message implemented based on the Diameter protocol, which is an authentication, authorization and audit protocol used in the network. Wherein, the message consists of a Diameter header and a variable number of attribute-value pairs (AVPs) for Diameter message related encapsulation information. The AVP CODE, in combination with the operator-ID segment, uniquely identifies the attribute. The present embodiment gives an exemplary value of the attribute, and the present embodiment does not particularly limit the attribute value of each piece of information.

The consumption status request is added with Service-Information (Service-Information) based on the existing AVP. The service Information includes Packet Switch (Packet Switch) Information (PS-Information). The packet switching information includes the above-mentioned 3GPP-SGSN-MCC-MNC field and 3GPP-User-Location-Info field, i.e. the consumption status request includes the first indication information and/or the second indication information.

After the charging device obtains the consumption state request, the charging device may obtain a mobile country code of a visited place of the terminal according to the first indication message or the second indication message, and the charging device may determine a current roaming country where the terminal is located according to the mobile country code and a country code comparison table, where the country code comparison table is used to indicate a corresponding relationship between the mobile country code and a country.

In a specific implementation process, different countries have different mobile country codes, and the corresponding relationship indicated by the country code comparison table may be implemented by a table or by function mapping.

In the embodiment of the application, the current roaming country of the terminal is determined through the MCC, and the position of the terminal can be quickly and accurately acquired, so that the authentication accuracy is improved.

After the charging device determines the current roaming country of the terminal, the charging device authenticates the terminal according to the current roaming country and the roaming authentication information. The roaming authentication information includes a roaming indicator and a roaming position corresponding to the roaming indicator. The roaming indicator is used for indicating whether the terminal can roam at the roaming position, and the roaming position comprises at least one of the following: country, group of countries.

For example, when the indicator corresponding to the roaming position is a unbar, the roaming position corresponding to the unbar is a position where the terminal can roam, and when the indicator corresponding to the roaming position is a bar, the roaming position corresponding to the bar is a position where the terminal cannot roam. In this embodiment, the roaming indicator and the roaming position may be in a one-to-one correspondence relationship or a one-to-many correspondence relationship, and the corresponding relationship between the roaming indicator and the roaming position is not particularly limited, and the value adopted by the roaming indicator is not particularly limited.

The roaming location may be a country or a group of countries. When the roaming location is a country group, it may be a european union country, an asian country, or the like.

In one possible implementation, the roaming authentication information is obtained based on an affiliation plan subscribed by the user, as shown in fig. 7. Fig. 7 is a schematic diagram illustrating an acquisition of roaming authentication information according to an embodiment of the present application.

As shown in fig. 7, the user subscribes to an affiliation Plan, i.e., subscribes to a Supplementary offer (Supplementary Offering) that includes an authentication Plan (authentication Plan) that includes Basic authentication rules (Basic authentication rules) and Roaming authentication rules (Roaming authentication rules). The roaming authentication rule includes a roaming indicator and a roaming location. For a specific illustration of the roaming indicator and the roaming location, reference may be made to the possible implementations given in table three and table four.

Watch III

As shown in table three, the roaming indicator corresponds to the first roaming list, and the roaming indicator is used to indicate that the terminal cannot roam at the roaming position in the first roaming list. I.e. the terminal cannot roam in country F, country G and country group H.

The authentication process of the charging device is as follows: the charging equipment judges whether the current roaming country is located in the roaming list, if so, the charging equipment determines that the terminal roaming authentication fails according to the fact that the roaming position in the first roaming list indicated by the roaming indicator is the position which can not be roamed.

Watch four

As shown in table four, the roaming indicator corresponds to the second roaming list, and the roaming indicator is used to indicate that the terminal can roam at the roaming position in the second roaming list, i.e., the terminal can roam in country a, country B and country group C.

The authentication process of the charging device is as follows: the charging equipment judges whether the current roaming country is in the roaming list or not; if not, the charging equipment determines that the terminal roaming authentication fails according to the roaming position in the second roaming list indicated by the roaming indicator as the position capable of roaming.

Those skilled in the art will understand that, in a possible implementation manner, the roaming authentication information may include an indicator for indicating that the roaming location is roaming and an indicator that the roaming location is not roaming, that is, two indicators of table three and table four are included, and the charging device performs authentication according to the current roaming country of the terminal and table three and table four.

In another possible implementation manner, the roaming authentication information may also include only the contents shown in table three, that is, as long as the charging device determines that the current roaming country of the terminal is in table three, the roaming authentication of the terminal fails, and when the current roaming country of the terminal is not in table three, the roaming authentication of the terminal succeeds.

In yet another possible implementation manner, the roaming authentication information may also only include the contents shown in table four, that is, the roaming authentication of the terminal is successful as long as the charging apparatus determines that the current roaming country of the terminal is in table four, and the roaming authentication of the terminal is failed when the current roaming country of the terminal is not in table four.

The implementation manner of the roaming authentication information in this embodiment is not particularly limited as long as the roaming-enabled country or the non-roaming country of the terminal can be indicated.

Fig. 8 is a schematic structural diagram of an authentication device based on a roaming scenario according to an embodiment of the present application. As shown in fig. 8, the authentication device based on the roaming scenario may be the charging device described above, and the charging device 80 includes:

a receiving module 801, configured to receive a consumption state request sent by a policy function entity, where the consumption state request includes indication information used for indicating a location of a visited point of a terminal, and the consumption state request is a message generated by the policy function entity when the terminal requests to establish a data service connection;

a processing module 802, configured to determine, according to the indication information, a current roaming country in which the terminal is located;

the processing module 802 is further configured to perform roaming authentication on the terminal according to roaming authentication information of the terminal and the current roaming country, where the roaming authentication information is used to indicate a country where the terminal can roam;

a sending module 803, configured to send a consumption state response to the policy function entity, where the consumption state response includes a roaming authentication result of the terminal, where the roaming authentication result is associated with whether the data service connection can be established, and if the roaming authentication result is used to indicate that the roaming authentication fails, the data service connection is established in a failure.

In one possible design, the roaming indicator corresponds to a first roaming list, the roaming indicator is used to indicate that the terminal is not roaming in a roaming location in the first roaming list, and the processing module 802 is specifically configured to:

judging whether the current roaming country is in the roaming list;

In one possible design, the roaming indicator corresponds to a second roaming list, the roaming indicator is used to indicate that the terminal can roam at a roaming location in the second roaming list, and the processing module 802 is specifically configured to:

judging whether the current roaming country is in the roaming list;

The authentication device based on the roaming scenario provided in this embodiment may implement the method executed by the charging device in the foregoing method embodiment, and the implementation principle and technical effect of the method are similar, which is not described herein again.

Fig. 9 is a schematic structural diagram of an authentication device based on a roaming scenario according to an embodiment of the present application. As shown in fig. 9, the roaming scenario-based authentication apparatus may be a policy function entity, and the policy function entity 90 includes:

a sending module 901, configured to send a consumption state request to a charging device, where the consumption state request includes indication information used for indicating a location of a visited point of a terminal, and the consumption state request is a message generated by the policy function entity when the terminal requests to establish a data service connection;

a receiving module 902, configured to receive a consumption state response sent by the charging device, where the consumption state response includes a roaming authentication result of the terminal, where the roaming authentication result is associated with whether the data service connection can be established, and if the roaming authentication result is used to indicate that the roaming authentication fails, the data service connection is established in a failure.

In a possible design, the receiving module 902 is further configured to receive a credit control request sent by a policy enforcement entity before the policy function entity sends a consumption control request to a charging device, where the credit control request includes the indication information for indicating the visited location of the terminal;

the sending module 901 is further configured to send a credit control response to the policy enforcement entity after receiving the consumption control response sent by the charging device, where the credit control response includes a roaming authentication result of the terminal.

The authentication device based on the roaming scenario provided in this embodiment may implement the method executed by the policy function entity in the above method embodiment, and the implementation principle and the technical effect are similar, which are not described herein again.

Fig. 10 is a schematic diagram of a hardware structure of a charging device according to an embodiment of the present application. As shown in fig. 10, the charging apparatus 100 includes: a processor 1001 and a memory 1002; wherein

A memory 1002 for storing a computer program;

the processor 1001 is configured to execute the computer program stored in the memory to implement the roaming scenario-based authentication method performed by the charging apparatus in the foregoing embodiments. Reference may be made in particular to the description relating to the method embodiments described above.

Alternatively, the memory 1002 may be separate or integrated with the processor 1001.

When the memory 1002 is a device independent of the processor 1001, the charging apparatus 100 may further include:

a bus 1003 for connecting the memory 1002 and the processor 1001.

The transmitting device shown in fig. 10 may further include a receiver 1004 and a transmitter 1005. Among them, the receiver 1004 is used to receive various requests and the like, and the transmitter 1005 is used to transmit various responses and the like.

Alternatively, the processing module described in fig. 8 may be implemented by being integrated into the processor 1001, the receiving module may be implemented by being integrated into the receiver 1004, and the transmitting module may be implemented by being integrated into the transmitter 1005.

The charging device provided in this embodiment may be configured to execute the authentication method based on the roaming scenario executed by the charging device in the foregoing method embodiments, and the implementation principle and the technical effect of the method are similar, which are not described herein again.

Fig. 11 is a schematic hardware structure diagram of a policy function entity according to an embodiment of the present application. The policy function entity 110 of the present embodiment includes: a processor 1101 and a memory 1102; wherein

A memory 1102 for storing a computer program;

a processor 1101 for executing the computer program stored in the memory to implement the steps performed by the policy function entity in the above embodiments. Reference may be made in particular to the description relating to the method embodiments described above.

Alternatively, the memory 1102 may be separate or integrated with the processor 1101.

When the memory 1102 is a device independent from the processor 1101, the policy function entity 110 may further include:

a bus 1103 for connecting the memory 1102 and the processor 1101.

The policy function shown in fig. 11 may further comprise a receiver 1104 and a transmitter 1105. Among other things, the receiver 1604 is for receiving various requests or responses, and the transmitter 1605 is for transmitting requests or responses.

Alternatively, the receiving module described in fig. 9 may be implemented integrally in the receiver 1104, and the transmitting module may be implemented integrally in the transmitter 1105.

The policy function entity provided in this embodiment may be used to execute the authentication method based on the roaming scenario executed by the policy function entity in the above embodiments, and the implementation principle and the technical effect are similar, which are not described herein again.

An embodiment of the present application further provides a storage medium, where the storage medium includes a computer program, and the computer program is used to implement the authentication method based on the roaming scenario implemented by the charging device in the above embodiment.

An embodiment of the present application further provides a computer program product, where the computer program product includes computer program code, and when the computer program code runs on a computer, the computer is caused to execute the authentication method based on the roaming scenario implemented by the charging apparatus as described above.

The embodiment of the present application further provides a chip, which includes a memory and a processor, where the memory is used to store a computer program, and the processor is used to call and run the computer program from the memory, so that a communication device installed with the chip executes the authentication method based on the roaming scenario implemented by the charging device.

An embodiment of the present application further provides a storage medium, where the storage medium includes a computer program, and the computer program is used to implement the authentication method based on the roaming scenario executed by the policy function entity in the above embodiment.

Embodiments of the present application further provide a computer program product, which includes computer program code, when the computer program code runs on a computer, the computer is caused to execute the roaming scenario-based authentication method executed by the policy function entity in the above embodiments.

An embodiment of the present application further provides a chip, which includes a memory and a processor, where the memory is used to store a computer program, and the processor is used to call and run the computer program from the memory, so that a communication device installed with the chip executes the roaming scenario-based authentication method executed by the policy function entity in the above embodiment.

In the embodiments provided in the present invention, it should be understood that the disclosed apparatus and method may be implemented in other ways. For example, the above-described device embodiments are merely illustrative, and for example, the division of the modules is only one logical division, and other divisions may be realized in practice, for example, a plurality of modules may be combined or integrated into another system, or some features may be omitted, or not executed. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection through some interfaces, devices or modules, and may be in an electrical, mechanical or other form.

The modules described as separate parts may or may not be physically separate, and parts displayed as modules may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the modules may be selected according to actual needs to achieve the purpose of the solution of the present embodiment.

In addition, functional modules in the embodiments of the present invention may be integrated into one processing unit, or each module may exist alone physically, or two or more modules are integrated into one unit. The unit formed by the modules can be realized in a hardware form, and can also be realized in a form of hardware and a software functional unit.

The integrated module implemented in the form of a software functional module may be stored in a computer-readable storage medium. The software functional module is stored in a storage medium and includes several instructions for enabling a computer device (which may be a personal computer, a server, or a network device) or a processor (processor) to execute some steps of the methods according to the embodiments of the present application.

It should be understood that the Processor may be a Central Processing Unit (CPU), other general purpose Processor, a Digital Signal Processor (DSP), an Application Specific Integrated Circuit (ASIC), etc. A general purpose processor may be a microprocessor or the processor may be any conventional processor or the like. The steps of a method disclosed in connection with the present invention may be embodied directly in a hardware processor, or in a combination of the hardware and software modules within the processor.

The memory may comprise a high-speed RAM memory, and may further comprise a non-volatile storage NVM, such as at least one disk memory, and may also be a usb disk, a removable hard disk, a read-only memory, a magnetic or optical disk, etc.

The bus may be an Industry Standard Architecture (ISA) bus, a Peripheral Component Interconnect (PCI) bus, an Extended ISA (EISA) bus, or the like. The bus may be divided into an address bus, a data bus, a control bus, etc. For ease of illustration, the buses in the figures of the present application are not limited to only one bus or one type of bus.

The storage medium may be implemented by any type or combination of volatile or non-volatile memory devices, such as Static Random Access Memory (SRAM), electrically erasable programmable read-only memory (EEPROM), erasable programmable read-only memory (EPROM), programmable read-only memory (PROM), read-only memory (ROM), magnetic memory, flash memory, magnetic or optical disks. A storage media may be any available media that can be accessed by a general purpose or special purpose computer.

An exemplary storage medium is coupled to the processor such the processor can read information from, and write information to, the storage medium. Of course, the storage medium may also be integral to the processor. The processor and the storage medium may reside in an Application Specific Integrated Circuits (ASIC). Of course, the processor and the storage medium may reside as discrete components in an electronic device or host device.

Claims

1. An authentication method based on roaming scenarios, comprising:

the charging equipment receives a consumption state request sent by a policy function entity, wherein the consumption state request comprises indication information used for indicating the position of a visited place of a terminal, and the consumption state request is a message generated by the policy function entity when the terminal requests to establish data service connection;

the charging equipment determines the current roaming country of the terminal according to the indication information;

the charging device performs roaming authentication on the terminal according to roaming authentication information of the terminal and the current roaming country, wherein the roaming authentication information is used for indicating a country where the terminal can roam, the roaming authentication information includes a roaming indicator and a roaming position corresponding to the roaming indicator, the roaming indicator is used for indicating whether the terminal can roam at the roaming position, and the roaming position includes at least one of the following: country, group of countries;

the charging equipment sends a consumption state response to the strategy functional entity, the consumption state response comprises a roaming authentication result of the terminal, wherein the roaming authentication result is associated with whether the data service connection can be established, and if the roaming authentication result is used for indicating that the roaming authentication fails, the data service connection is failed to be established;

the indication information comprises a mobile country code, and the mobile country code is used for indicating the country where the terminal is located currently;

the step of determining, by the charging device, the current roaming country where the terminal is located according to the indication information includes:

2. The method of claim 1, wherein the consumption status request comprises first indication information and/or second indication information, wherein the first indication information and the second indication information each comprise the mobile country code, wherein the first indication information is gateway-based indication information, and wherein the second indication information is location area-based indication information.

3. The method of claim 1, wherein the roaming indicator corresponds to a first roaming list, the roaming indicator is used to indicate that the terminal is not roaming in a roaming location in the first roaming list, and the roaming authentication of the terminal is performed by the charging device according to the roaming authentication information of the terminal and the current roaming country, including:

4. The method of claim 1, wherein the roaming indicator corresponds to a second roaming list, the roaming indicator is used to indicate that the terminal can roam at a roaming location in the second roaming list, and the charging apparatus performs roaming authentication on the terminal according to the roaming authentication information of the terminal and the current roaming country, including:

5. An authentication method based on roaming scenarios, comprising:

the policy function entity receives a consumption state response sent by the charging device, where the consumption state response includes a roaming authentication result of the terminal, where the roaming authentication result is associated with whether the data service connection can be established, and if the roaming authentication result is used to indicate that the roaming authentication fails, the data service connection is established unsuccessfully, and the roaming authentication result is obtained by the charging device performing roaming authentication on the terminal according to roaming authentication information of the terminal and a current roaming country, where the roaming authentication information includes a roaming indicator and a roaming position corresponding to the roaming indicator, the roaming indicator is used to indicate whether the terminal can roam at the roaming position, and the roaming position includes at least one of: country, group of countries;

the indication information includes a mobile country code indicating a country in which the terminal is currently located.

6. The method of claim 5, wherein the consumption status request comprises first indication information and second indication information, wherein the first indication information and the second indication information each comprise the mobile country code, wherein the first indication information is gateway-based indication information, and wherein the second indication information is location area-based indication information.

7. The method of claim 5, wherein before the policy function entity sends the consumption control request to the charging device, the method further comprises:

after receiving the consumption control response sent by the charging device, the policy function entity further includes:

8. An authentication device based on roaming scenarios, comprising: a memory for storing a computer program and a processor for calling and executing the computer program from the memory, such that the processor executes the computer program to perform the roaming scenario based authentication method of any one of claims 1 to 4.

9. A storage medium, characterized in that the storage medium comprises a computer program for implementing a roaming scenario based authentication method according to any one of claims 1 to 4.

10. An authentication device based on roaming scenarios, comprising; a memory for storing a computer program and a processor for calling and running the computer program from the memory, such that the processor runs the computer program to perform the roaming scenario based authentication method of any one of claims 5 to 7.

11. A storage medium, characterized in that the storage medium comprises a computer program for implementing the roaming scenario based authentication method according to any one of claims 5 to 7.

12. An authentication system based on roaming scenarios, characterized in that the system comprises a policy function entity and a charging device, wherein the charging device is configured to perform the method of any of claims 1 to 4, and the policy function entity is configured to perform the method of any of claims 5 to 7.

13. The system of claim 12, further comprising a business device and a policy enforcement entity; wherein

the charging device is configured to, after receiving the credit control request, determine a current roaming country in which the terminal is located according to the indication information, perform roaming authentication on the terminal according to roaming authentication information of the terminal and the current roaming country, and send a consumption status response to the policy function entity after roaming authentication is completed, where the consumption status response includes a roaming authentication result of the terminal, the indication information includes a mobile country code, the mobile country code is used to indicate a country in which the terminal is currently located, the roaming authentication information includes a roaming indicator and a roaming position corresponding to the roaming indicator, the roaming indicator is used to indicate whether the terminal can roam at the roaming position, and the roaming position includes at least one of: country, group of countries;

the charging equipment determines the current roaming country of the terminal according to the indication information and a country code comparison table, wherein the country code comparison table is used for indicating the corresponding relation between the mobile country code and the country;