KR20150035145A - Authentication apparatus in wireless communication system, method thereof and computer recordable medium storing the method - Google Patents

Abstract

The present invention relates to an apparatus for authentication in a wireless communications system, a method therefor, and a computer readable recording medium storing the method. The present invention assumes that UE moves from an LTE network to a 3G network, and then moves to an LTE network again. In other words, the UE moves from to a previous mobility management entity (MME) to an SGSN, and moves to an MME again. The MME obtains authentication information on an authentication procedure of the UE by inquiring of the previous MME instead of an HHS. In other words, the MME needs to exchange an authentication information request message and an authentication information answer message with the HSS to authenticate the UE, but obtains the authentication information from not the HSS but the previous MME. As a result, a load of the HSS is reduced, and the HSS is operated by a relatively small number of nodes. Therefore, a load of an entire network can be reduced by reducing a load of an HSS. The MME for authentication comprises: an interface unit for receiving a tracking area updating request from user equipment having moved from an SGSN; and a control unit for obtaining an identifier of a previous MME from the SGSN through the interface unit, obtaining authentication information on the UE from the previous MME by using the identifier, and authenticating the UE through the authentication information.

Description

[0001] The present invention relates to an apparatus for authentication processing in a wireless communication system, a method therefor, and a computer-readable recording medium on which the method is recorded.

BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to a wireless communication technology, and more particularly, to an apparatus for authentication processing in a wireless communication system, a method therefor and a computer-readable recording medium on which the method is recorded.

In addition to LTE-A, LTE-A and Evolved High-Speed Packet Access (HSPA +), which are LTE-A (LTE advanced) . LTE is based on Release 8, a wireless high-speed data packet access standard established by the 3rd Generation Partnership Project (3GPP) in December 2008, and is aimed at 4G wireless technology (4G) designed to increase network capacity and speed. It is the technology of all stages. LTE is an all-IP-based network that provides differentiated QoS (Quality of Service) for real-time and non-real-time services and can provide efficiency of network resources and also introduces smart antenna technology (MIMO) It extends the bandwidth for wireless communications, supporting speeds up to 12 times faster than HSDPA. LTE-A is defined as improving the above-described LTE to provide a maximum transmission rate of 1 Gbps down and 500 Mbps upstream. This LTE-A provides higher data throughput than LTE through Carrier Aggregation (CA) and Coordinate Multi-Point (CoMP) technologies not supported by LTE. Here, CA is a technique of using frequency bands expanded by using different frequency bands at the same time, and CoMP is a technique for increasing throughput at a cell boundary through interference control by cooperation between neighboring base stations. Accordingly, in the current mobile communication system, two or more mobile communication services according to different standards such as LTE and LTE-Advanced are mixed and supported.

Korean Published Patent Application No. 2011-0045764, May 04, 2011 (Name: Communication method in mobile communication network and system therefor)

It is an object of the present invention to provide an apparatus for authentication processing in a wireless communication system capable of reducing traffic generated in an authentication procedure in a wireless communication system, a method therefor and a computer readable recording medium on which the method is recorded.

According to another aspect of the present invention, there is provided a mobility management server for performing an authentication process, the mobility management server including an interface unit for receiving a tracking area update request from a user equipment moving through a packet switching support node in an old mobility management server, Receiving the mobility management context for the user equipment from the packet switching support node through the interface unit, extracting an identifier of the old mobility management server from the received mobility management context, And a control unit for acquiring authentication information of the user equipment from the mobility management server and performing authentication on the user equipment through the acquired authentication information.

According to another aspect of the present invention, there is provided a method for authentication processing of a mobility management server for performing authentication processing, the method comprising: receiving, from a user equipment moving through a packet switching support node in an old mobility management server, Acquiring an identifier of an old mobility management server from the packet switching support node; acquiring authentication information of the user device from the old mobility management server using the identifier of the old mobility management server; And authenticating the user device through the authentication information.

The present invention assumes that a user equipment (UE) moves from an LTE network to a 3G network and then moves to an LTE network. At this time, according to the present invention, it is possible to omit the procedure of inquiring (HSS, Home Subscriber Server) to the home subscriber server in the proceeding authentication and security procedures when updating the tracking area of the UE, . Since the home subscriber server operates with a relatively small number of nodes, reducing the load on the home subscriber server ultimately reduces the load on the entire network.

1 is a diagram for explaining a schematic configuration of a wireless communication system according to an embodiment of the present invention.
2 is a view for explaining an identifier assigned to a user apparatus according to an embodiment of the present invention.
3 is a conceptual diagram for explaining an authentication processing method according to an embodiment of the present invention.
4 is a diagram for explaining a configuration of a mobility management server according to an embodiment of the present invention.
5A and 5B are flowcharts for explaining an authentication processing method in a tracking area update procedure according to an embodiment of the present invention.
6 is a flowchart illustrating an authentication processing method of a mobility management server according to an embodiment of the present invention.

Hereinafter, preferred embodiments of the present invention will be described in detail with reference to the accompanying drawings. Note that, in the drawings, the same components are denoted by the same reference symbols as possible. Further, the detailed description of known functions and configurations that may obscure the gist of the present invention will be omitted. For the same reason, some of the components in the drawings are exaggerated, omitted, or schematically illustrated.

1 is a diagram for explaining a schematic configuration of a wireless communication system according to an embodiment of the present invention.

1, a wireless communication system according to an embodiment of the present invention includes a base station (eNodeB, hereinafter referred to as "eNB") 100, a mobility management entity (hereinafter, referred to as "MME" (SGW) 300, a packet data network gateway (PGW) 400, a home subscriber server (HSS) 500, a rate policy management (SGSN) 700, and a packet switching support node (Serving GPRS) Supporting Node (hereinafter referred to as " SGSN ") 700.

The above-mentioned system is referred to as EPS (Evolved Packet System), and EPS is an EPC (Evolved Packet Core) which is an IP based packet switched core network and an Evolved Universal Terrestrial Radio Access Network (E-UTRAN) And a radio access network (RAN). Here, the EPC includes the MME 200, the SGW 300, the PGW 400, and the HSS 500.

Each of the entities according to the above-described embodiment of the present invention will be described.

The MME 200 includes an access to network connection, network resource allocation, tracking, paging, roaming and handover of a user equipment (UE) 10 It is an element that performs signaling and control functions to support. The MME 200 controls control plane functions related to subscriber and session management. The MME 200 manages a plurality of eNBs 100 and performs signaling for selection of a conventional gateway for handover to another 2G / 3G network. The MME 200 also performs functions such as security procedures, terminal-to-network session handling, and idle terminal location management.

The SGW 300 is an element that functions as a boundary point between a radio access network (RAN) and a core network and functions to maintain a data path between the eNB 100 and the PGW 400. [ In addition, when the UE 10 moves (e.g., handover, etc.) over an area served by the eNB 100, the SGW 300 serves as an anchor point of the movement. That is, the packets can be routed through the SGW 300 for mobility in the E-UTRAN. In addition, the SGW 300 may be connected to another 3GPP network (RAN defined before 3GPP Release 8, for example, UTRAN or GERAN (Enhanced Data Rates for Global Evolution) The SGW 300 may perform functions such as idle mode downlink packet buffering and lawful interception for the E-UTRAN. .

The PGW 400 corresponds to the termination point of the data interface towards the packet data network. The PGW 400 may include policy enforcement features, packet filtering, charging support, lawful interception, UE IP allocation, packet screening, And so on. Further, mobility management with a 3GPP network and a non-3GPP network (e.g., an untrusted network such as an Interworking Wireless Local Area Network (I-WLAN), a Code Division Multiple Access (CDMA) network or a trusted network such as WiMax) It can serve as an anchor point for.

The HSS 500 manages user subscription information (or subscription data or subscription records) and location information. In particular, the HSS 500 includes an Authentication Center (AuC). The UE 10 and the AuC store the LTE key K and the IMSI, which are master keys for the EPS. The LTE key K and the IMSI are stored at the time of manufacturing the USIM card mounted in the UE 10, and the AuC is provisioned when the user joins the carrier network.

The PCRF 600 manages a policy to be applied to the UE 10, a quality of service (QoS), and the like. The PCC (Policy and Charging Control) rules generated in the PCRF are transmitted to the PGW 400.

SGSN 700 processes all packet data such as user mobility management and authentication to another 3GPP network (e.g., GPRS network).

The present invention assumes a situation where the UE 10 moves from the LTE network to the 3G network and then moves to the LTE network and performs a tracking area update procedure. In the LTE network, since the MME pool (S1-Flex) is used, the UE 10 camps with the MME different from the previous MME. That is, it is assumed that the UE 10 camps in the old MME in the LTE network, moves to the SGSN 700 in the 3G network, and then moves to the MME 200 in the LTE network. The MME 200 typically requests the HSS 500 to obtain authentication information and then proceeds with the authentication procedure. However, according to the embodiment of the present invention, the MME 200 acquires the authentication information from the previous MME previously camped by the UE 10, and proceeds with the authentication procedure. However, since the UE 10 has not moved from the previous MME, the MME 200 can not identify the previous MME. Accordingly, the MME 200 receives the information that identifies the previous MME from the SGSN 700, that is, the MME identifier, thereby acquiring the authentication information of the UE 10 from the previous MME. The MME 200 exchanges messages with the HSS 500 to receive authentication information for the UE 10, but since it obtains authentication information from the previous MME, the load on the HSS 500 is reduced. Since the HSS 500 operates with a relatively small number of nodes, the load on the HSS 500 can be reduced, thereby reducing the load on the entire network.

2 is a view for explaining an identifier assigned to a user apparatus according to an embodiment of the present invention.

Referring to FIG. 2, when the UE 10 initially accesses an LTE network (Initial Attach), it requests an access using an International Mobile Subscriber Identity (IMSI). The IMSI can be a security issue if it is frequently exposed on the wireless link with a permanent value that uniquely identifies the mobile communication subscriber. Accordingly, the MME 200 allocates a Globally Unique Temporary Identifier (GUTI) that can uniquely identify the subscriber on behalf of the IMSI to the UE 10 upon initial access. Thereafter, when the UE 10 reconnects, a GUTI is used instead of the IMSI.

GUTI includes Globally Unique MME Identifier (GUMMEI) and M-TMSI (MME Temporary Mobile Subscriber Identity). The GUMMEI is an identifier for identifying the MME 200 and is composed of a PLMN ID (Public Land Mobile Network Identifier) that identifies a mobile communication service provider and an MMEI (MMEI Identifier) that can distinguish the MME 200 from the PLMN.

Here, the PLMN ID is composed of MCC (Mobile Country Code) and MNC (Mobile Network Code), and GUMMEI is composed of MMEC (MME Code) and MMEGI (MME Group Identifier). Within a single operator network, MMEs can be identified by MMEI, and outside the operator network, MMEs can be identified by GUMMEI.

The M-TMSI is an identifier assigned to the UE 10 camped on the MME 200 by the MME 200 in order to uniquely identify the UE 10 in one MME 200. The MME 200 allocates the M-TMSI to the UE 10 camped on the MME 200 and provides the UE 10 with a GUTI that combines the M-TMSI and the GUMMEI, which is the identifier of the MME 200 itself. Unlike the IMSI, the GUTI is a provisional value assigned by the MME 200 every time the UE 10 registers in the LTE network. Therefore, if the GUTI can be known, the GUTI identifies the identifier (GUMMEI) of the MME 200 as Able to know.

As described above, the MME 200 can forward the GUTI through the ACCEPT ACCEPT message to the UE 10 during the initial access. In addition, the MME 200 may forward the GUTI via the Tracking Area Update Accept message upon updating the registration.

3 is a conceptual diagram for explaining an authentication processing method according to an embodiment of the present invention.

Referring to FIG. 3, it is assumed that the UE 10 moves from the LTE network to the 3G network and then returns to the LTE network. That is, the UE 10 camps in the old MME 203 of the EPC in the LTE network, moves to the SGSN 700 of the 3G network, and then moves to the MME 200 of the LTE network. In particular, since the LTE network uses the MME pool (S1-Flex), the UE 10 camps with the old MME 203 and the other MME 200. In this case, the UE 10 newly camped the MME 200 does not have the authentication information for the UE 10 since it has never performed the authentication procedure for the UE 10, and the present invention assumes this situation.

The UE 10 transmits the IMSI to the old MME 203 at step S1 in the initial connection, and the old MME 203 requests authentication information to the HSS 500 at step S2. This is done by sending an Authentication Information Request message. In response, the HSS 500 transmits the authentication information to the old MME 203 through an authentication information response message in step S3. The authentication information may be, for example, an authentication vector. The old MME 203 can authenticate the UE 10 through the authentication information received from the HSS 500. [ In particular, the old MME 203 stores this authentication information in step S4. The old MME 203 continues to hold the stored authentication information until a delete request is made. On the other hand, the old MME 203 can allocate a GUTI in step S5. The old MME 203 provides the GUTI to the UE 10 in step S6.

Next, the UE 10 moves from the LTE network to the 3G network in step S7, and connects to the SGSN 700 of the General Packet Radio Service (GPRS) core in step S8 and camps the SGSN 700 in step S8. At this time, the SGSN 700 configures a mobility management context (MM) for managing the mobility of the UE 10 in step S9. The SGSN 700 includes the GUTI allocated from the MME 203 that the UE 10 first camped into the mobility management context. This may be received from the UE 10, or may be requested from the old MME 203 and extracted from the context received from the old MME 203.

Then, the UE 10 moves from the 3G network to the LTE network in step S10, and may request the MME 200 of the EPC to update the tracking area in step S11. At this time, since the MME 200 receiving the tracking area update request does not have the authentication information for the UE 10, it can confirm that the UE 10 has not camped previously.

Accordingly, the MME 200 requests the SGSN 700 in step S12, and the SGSN 700 provides the context, i.e., the mobility management context, to the MME 200 in step S13. The mobility management context includes the GUTI of the old MME 203. Therefore, the MME 200 can extract the identifier (GUMMEI) of the old MME 203 from the GUTI of the old MME 203, and can identify the old MME 203.

The MME 200 proceeds to the authentication procedure when the UE 10 initially accesses or updates the tracking area. According to the embodiment of the present invention, the MME 200 transmits the HSS 500). ≪ / RTI > Since the MME 200 can identify the old MME 203 and the old MME 203 will store the authentication information, the MME 200 requests authentication information from the old MME 203 in step S15 . Then, the old MME 203 provides authentication information to the MME 200 in step S16. Accordingly, the MME 200 can authenticate the UE 10 through the authentication information received from the old MME 203 in step S17.

As shown, for this authentication procedure, traffic with the old MME 203 has increased, but no traffic between the MME 200 and the HSS 500 has occurred. The HSS 500 basically considers the load of the HSS 500 considering the small number of nodes and the large number of MMEs 200 generating traffic with the HSS 500 for authentication of the UE 10, The load on the entire network can be significantly reduced.

4 is a diagram for explaining a configuration of a mobility management server according to an embodiment of the present invention.

Referring to FIG. 4, the MME 200 includes an interface unit 210, a storage unit 220, and a control unit 230.

The interface unit 210 communicates with the eNB 100, the SGW 300, the HSS 500, and the SGSN 700 via different interfaces. The interface unit 210 transmits a message input from the control unit 230 to the eNB 100, the SGW 300, the HSS 500 and the SGSN 700 via the corresponding interface, The HSS 500, the SGSN 700, and the like, and transmits the message to the controller 230. [

The storage unit 220 is for storing data and may store various kinds of data according to an embodiment of the present invention. For example, the storage unit 220 may store a Globally Unique Temporary Identifier (GUTI) allocated to the UE 10 served by the UE, location information, contexts including authentication information, and the like.

The control unit 230 may control the overall operation of the MME 200 and the signal flow between the internal blocks of the MME 200 and may perform a data processing function for processing the data. The controller 230 may be a processor such as a central processing unit (CPU).

The control unit 230 may receive a tracking area update message from the UE 10 via the interface unit 210. [ The tracking area update request message includes an identifier used in the core network in which the UE 10 camped previously. Therefore, the control unit 230 can know that the UE 10 has moved from the SGSN 700. [ Since the control unit 230 does not store the context or authentication information for the UE 10, the control unit 230 determines that the old MME 203 camped in the LTE network is not itself before moving to the SGSN 700 have.

Accordingly, the control unit 230 requests the SGSN 700 through the interface unit 210 to acquire the mobility management context. The mobility management context includes the GUTI of the old MME 203. Accordingly, the control unit 230 extracts the identifier (GUMMEI) of the old MME 203 from the GUTI of the obtained old MME 203. The control unit 230 then requests the old MME 203 through the interface unit 210 to acquire the authentication information of the UE 10 from the old MME 203. [ Accordingly, the control unit 230 can perform authentication with respect to the UE 10 through the acquired authentication information.

5A and 5B are flowcharts for explaining an authentication processing method in a tracking area update procedure according to an embodiment of the present invention.

5A and 5B, it is assumed that the UE 10 moves from the LTE network to the 3G network and then returns to the LTE network. In more detail, the UE 10 camps in the old MME 203 of the EPC, camps in the SGSN 700 of the GPRS core, and then moves to the EPC. At this time, it is assumed that the UE 10 moves to the MME 200 without moving to the old MME 203.

Referring to FIG. 5A, in step S100, a Tracking Area Update (TAU) procedure may be initiated to perform location registration for the UE 10. FIG.

The UE 10 transmits a tracking area update request message to the eNB 100 requesting to update the tracking area in step S101. Then, the eNB 100 transmits a tracking area update request message to the MME 200 in step S102. The tracking area update request message includes an identifier assigned to the UE 10 by the SGSN 700 through which the MME 200 can identify the SGSN 700. [ In addition, since the MME 200 receiving the tracking area update request message does not have the authentication information for the UE 10, it can confirm that the UE 10 has not camped previously.

Accordingly, the MME 200 transmits an SGSN Context Request message to the SGSN 700 in step S103. In response, the SGSN 700 transmits an SGSN Context Response message in step S104. The SGSN 700 configures a mobility management context (MM) for the UE 10 when the UE 10 initially accesses the 3G network. The mobility management context includes the GUTI that the old MME 203 has assigned to the UE 10 before the UE 10 moves to the SGSN 700. [ The SGSN Context Response message includes a mobility management context including the GUTI of the old MME 203.

The MME 200 receiving the SGSN Context Response message can extract the GUMMEI of the old MME 203 from the GUTI. That is, as described above, since the GUTI consists of GUMMEI and M-TMSI, the MME 200 can extract the GUMMEI of the old MME 203 from the GUTI.

The MME 200 extracting the GUMMEI of the old MME 203 can acquire authentication information (e.g., authentication vector) from the old MME 203 in step S105. For example, when the MME 200 transmits an authentication information request message for requesting authentication information to the old MME 203, the old MME 203 transmits the authentication information to the MME 200. Here, the authentication information transmitted from the old MME 203 is received by the HSS 500 when the UE 10 initially connects to the old MME 203. The old MME 203 maintains this authentication information until it receives a Cancel Location message, which will be described below.

The MME 200 that has obtained the authentication information can perform authentication and security procedures in step S106. For example, the MME 200 performs subscriber authentication with the UE 10 on behalf of the HSS 500 through an authentication vector for the UE 10. When the authentication is completed, the MME 200 proceeds with the security setting procedure. The UE 10, the eNB 100 and the MME 200 extract a security key used for communication between the UE 10 and the eNB 100 and the MME 200 from the authentication vector through a security setting procedure, .

As shown, for this authentication procedure, traffic with the old MME 203 has increased, but no traffic between the MME 200 and the HSS 500 has occurred. HSS 500 basically has a small number of nodes and generates traffic with the HSS 500 for authentication of the UE 10. Therefore, when considering the load of the HSS 500, The load can be remarkably reduced. Upon completion of the above-described authentication procedure, the MME 200 transmits an SGSN Context Acknowledge message to the SGSN 700 in step S107.

Next, the network establishes a bearer to serve to the UE 10. That is, the MME 200 transmits a Create Session Request message to the SGW 300 in step S109, and the SGW 300 transmits a Modify Bearer Request message to the PGW 400 in step S110. Lt; / RTI > In step S111, the PGW 400 performs a PCEF initiated IP-CAN Session Modification procedure. Then, the PGW 400 transmits a Modify Bearer Response message to the SGW 300 in step S112. Accordingly, in step S113, the SGW 300 transmits a Create Session Response message to the MME 200 to complete the bearer setup.

If the bearer is successfully established, the MME 200 transmits an Update Location Request message in step S114 to inform the HSS 500 that the location of the UE 10 has been changed. Accordingly, the HSS 500 changes the location of the UE 10 in its database. The HSS 500 transmits a Cancel Location message to the old MME 203 in step S115 to notify that the location of the UE 10 has been changed. Accordingly, the old MME 203 deletes the stored authentication information and the like for the UE 10. Then, the old MME 203 transmits a Cancel Location Ack message to the HSS 500 in step S116.

In step S117, the HSS 500 transmits a Cancel Location message to the SGSN 700 to notify that the location of the UE 10 has been changed.

Then, in step S118, the SGSN 700 transmits a lu Release Command message to the RNC BSC 101 to release the lu interface connection. lu interface connection, the RNC BSC 101 transmits a lu Release Complete message to the SGSN 700 in step S119. Accordingly, the SGSN 700 transmits a Cancel Location Ack message to the HSS 500 in step S120.

In step S121, the HSS 500 having received the Cancel Location Ack message transmits an Update Location Ack message to the MME 200 to notify that the location update has been completed. Accordingly, the MME 200 transmits a Tracking Area Update Accept message to the UE 10 in step S122. The tracking area update acceptance message may include a new GUTI and a TAI list assigned by the MME 200. Thus, when the UE 10 receives the tracking area update acceptance message, it can update the GUTI and TAI lists. Then, the UE 10 transmits a tracking area update complete message to the MME 200 in step S123. This ends the tracking area update procedure.

6 is a flowchart illustrating an authentication processing method of a mobility management server according to an embodiment of the present invention.

Referring to FIG. 6, the controller 230 receives a tracking area update request message requesting updating of the tracking area of the UE 10 through the interface unit 210 in step S210. Through the tracking area update request message, the control unit 230 can recognize that the UE 10 has moved from the SGSN 700, and can confirm that the MME that was camped before is not itself.

Accordingly, the control unit 230 acquires a mobility management context (MM) from the SGSN 700 through the interface unit 210 in step S220. In step S220, the control unit 230 transmits an SGSN Context Request message to the SGSN 700 through the interface unit 210 and receives an SGSN Context Response (SGSN Context Request) message including the mobility management context from the SGSN 700. [ Response message.

In step S230, the controller 230 extracts the identifier of the old MME 203, i.e., GUMMEI, from the mobility management context. Since the GUTI consists of GUMMEI and M-TMSI, the MME 200 can extract the GUMMEI of the old MME 203 from the GUTI.

Then, the control unit 230 can obtain authentication information (e.g., authentication vector) from the old MME 203 in step S240. Since the old MME 203 can be identified through the identifier GUMMEI of the old MME 203, the controller 230 determines that the MME 200 has received the authentication information requesting authentication information from the old MME 203 And receives the authentication information of the UE 10 from the old MME 203. Here, the authentication information may be an authentication vector.

The control unit 230, which has obtained the authentication information, may perform authentication and security procedures in step S250. For example, the control unit 230 performs subscriber authentication with the UE 10 on behalf of the HSS 500 through the authentication vector for the UE 10, and proceeds to the security setting procedure when the authentication is completed.

The MME 200 must exchange an Authentication Information Request message and an Authentication Information Answer message for authentication of the UE 10 with the HSS 500. [ However, according to the embodiment of the present invention, since the authentication information is obtained from the old MME 203 instead of obtaining the authentication information from the HSS 500, the load of the HSS 500 can be reduced.

The method for authentication processing according to an embodiment of the present invention as described above may be provided in the form of a computer readable medium suitable for storing computer program instructions and data. At this time, a computer-readable medium suitable for storing computer program instructions and data includes, for example, a magnetic medium such as a hard disk, a floppy disk and a magnetic tape, a compact disk read only memory (CD-ROM) Optical media such as a DVD (Digital Video Disk), a magneto-optical medium such as a floppy disk, and a ROM (Read Only Memory), a RAM , Random Access Memory), flash memory, EPROM (Erasable Programmable ROM), and EEPROM (Electrically Erasable Programmable ROM). The processor and memory may be supplemented by, or incorporated in, special purpose logic circuits. Examples of program instructions may include machine language code such as those generated by a compiler, as well as high-level language code that may be executed by a computer using an interpreter or the like. Such a hardware device may be configured to operate as one or more software modules to perform the operations of the present invention, and vice versa.

While the specification contains a number of specific implementation details, it should be understood that they are not to be construed as limitations on the scope of any invention or claim, but rather on the description of features that may be specific to a particular embodiment of a particular invention Should be understood. Certain features described herein in the context of separate embodiments may be implemented in combination in a single embodiment. Conversely, various features described in the context of a single embodiment may also be implemented in multiple embodiments, either individually or in any suitable subcombination. Further, although the features may operate in a particular combination and may be initially described as so claimed, one or more features from the claimed combination may in some cases be excluded from the combination, Or a variant of a subcombination.

Likewise, although the operations are depicted in the drawings in a particular order, it should be understood that such operations must be performed in that particular order or sequential order shown to achieve the desired result, or that all illustrated operations should be performed. In certain cases, multitasking and parallel processing may be advantageous. Also, the separation of the various system components of the above-described embodiments should not be understood as requiring such separation in all embodiments, and the described program components and systems will generally be integrated together into a single software product or packaged into multiple software products It should be understood.

It should be noted that the embodiments of the present invention disclosed in the present specification and drawings are only illustrative of specific examples for the purpose of understanding and are not intended to limit the scope of the present invention. It will be apparent to those skilled in the art that other modifications based on the technical idea of the present invention are possible in addition to the embodiments disclosed herein.

The present invention relates to an apparatus for authentication processing in a wireless communication system, a method for the same, and a computer-readable recording medium on which the method is recorded. 3G network, and then moves to the LTE network. That is, the UE moves from the old MME to the SGSN and back to the MME. The MME inquires the HSS for the authentication procedure for this UE to obtain the authentication information of the UE from the old MME without obtaining the authentication information. That is, the MME exchanges an authentication information request message and an authentication information answer message for HSS and UE authentication, but obtains authentication information from the old MME instead of obtaining authentication information from the HSS . For this reason, the load on the HSS is reduced. Since HSS operates with a relatively small number of nodes, reducing the load on the HSS will ultimately reduce the load on the entire network. The present invention has a possibility of commercialization or sales, and is industrially applicable since it is practically possible to carry out clearly.

100: base station, eNB 200: mobility management server, MME
210: interface unit 220: storage unit
230: Control section 300: Serving gateway, SGW
400: packet data network gateway, PGW
500: Home subscriber server, HSS 600: Policy management server, PCRF
700: Packet Switching Support Node, SGSN

Claims (8)

An interface unit for receiving a tracking area update request from a user equipment moved in the packet switching support node; And
Acquiring an identifier of the old mobility management server from the packet switching support node through the interface unit, acquiring authentication information of the user device from the old mobility management server using the acquired identifier, And a controller for performing authentication on the mobility management server for the authentication process. The method according to claim 1,
The control unit
Wherein the old mobility management server receives an identifier of a user apparatus that the old mobility management server has assigned to the user apparatus from the packet switching support node and extracts an identifier of the old mobility management server from the user apparatus identifier, Management server. 3. The method of claim 2,
The identifier of the user equipment is a Globally Unique Temporary Identifier (GUTI)
Wherein the identifier of the old mobility management server is a Globally Unique MME Identifier (GUMMEI). The method according to claim 1,
The authentication information
Wherein the old mobility management server is an authentication vector acquired from a home subscriber server. Receiving a tracking area update request from a user equipment moving in a packet switching support node;
Obtaining an identifier of an old mobility management server from the packet switching support node;
Obtaining authentication information of the user equipment from the old mobility management server using the identifier of the old mobility management server; And
And performing authentication for the user equipment through the authentication information. ≪ Desc / Clms Page number 20 > 6. The method of claim 5,
The obtaining step
Receiving the mobility management context from the packet-switching support node, the mobility management context including an identifier of the user equipment assigned to the user equipment by the old mobility management server; And
And extracting an identifier of the old mobility management server from the user equipment identifier. 6. The method of claim 5,
After performing the authentication for the user device,
The home subscriber server transmits a location update request message for the user equipment to the home subscriber server so that the home subscriber server transmits a location cancellation message to the old mobility management server to store the authentication information of the user device stored in the old mobility management server The method comprising the steps of: receiving a request for authentication from the mobility management server; A computer-readable recording medium on which a method for authentication processing according to any one of claims 5 to 7 is recorded.

Images