WO2011109936A1 - 对用户终端进行认证的方法及装置 - Google Patents
对用户终端进行认证的方法及装置 Download PDFInfo
- Publication number
- WO2011109936A1 WO2011109936A1 PCT/CN2010/070942 CN2010070942W WO2011109936A1 WO 2011109936 A1 WO2011109936 A1 WO 2011109936A1 CN 2010070942 W CN2010070942 W CN 2010070942W WO 2011109936 A1 WO2011109936 A1 WO 2011109936A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- user terminal
- operational domain
- domain
- request message
- authentication
- Prior art date
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/06—Authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0815—Network architectures or network communication protocols for network security for authentication of entities providing single-sign-on or federations
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L51/00—User-to-user messaging in packet-switching networks, transmitted according to store-and-forward or real-time protocols, e.g. e-mail
- H04L51/02—User-to-user messaging in packet-switching networks, transmitted according to store-and-forward or real-time protocols, e.g. e-mail using automatic reactions or user delegation, e.g. automatic replies or chatbot-generated messages
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0884—Network architectures or network communication protocols for network security for authentication of entities by delegation of authentication, e.g. a proxy authenticates an entity to be authenticated on behalf of this entity vis-à-vis an authentication entity
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W84/00—Network topologies
- H04W84/02—Hierarchically pre-organised networks, e.g. paging networks, cellular networks, WLAN [Wireless Local Area Network] or WLL [Wireless Local Loop]
- H04W84/04—Large scale networks; Deep hierarchical networks
- H04W84/042—Public Land Mobile systems, e.g. cellular systems
- H04W84/045—Public Land Mobile systems, e.g. cellular systems using private Base Stations, e.g. femto Base Stations, home Node B
Definitions
- the present invention relates to service provision across a service domain in a communication network, and mainly relates to authentication of user terminal cross-domain service enjoyment. Background technique
- HNB Home Base Station
- HeNB Home Evolved Base Station
- Figure 1 depicts a network topology architecture including a home base station 11, including a home network 10, a fixed access network 20, and a mobile core network 30.
- the fixed access network 20 provides the home base station 11 with a network link to the mobile core network, that is, the fixed access network 20 provides a backhaul connection for the home base station 11 to access the mobile core network 30; the user terminal 41 passes the home base station. 1 1 Access to the mobile network.
- the home base station 11 establishes a secure channel between the home base station gateway (Femto Gateway) in the mobile core network 30. If the home base station 11 does not support LIPA (local IP Access), then the user terminal 41 communicates with devices in the fixed access network 20, devices in the home network, and devices in the Internet (not shown in FIG. 1).
- LIPA local IP Access
- the GPRS gateway support node is routed to the area. If the home base station 11 supports LIPA, the user terminal 41 can directly communicate with devices in the home network, but communicates with devices in the fixed access network 20 and devices in the Internet, and still traverses the mobile core network through a secure channel. In addition, 3GPP is actively studying how to bypass the Internet service directly from the home base station and directly access the Internet through the fixed access network 20 without going through the secure channel to the mobile core network. Summary of the invention
- IPTV has been widely deployed and applied in fixed access networks, and people can watch live programs and video on demand programs.
- the user terminal When the user terminal is attached to the home in the home After the base station, the user may need to watch the IPTV through the user terminal. If the user terminal views the IPTV through the existing transmission path (ie, the curved arrow 51 shown in FIG. 1), that is, the IPTV service data stream is first transmitted from the fixed access network to the mobile core network, and then shown in FIG.
- the secure channel is transmitted from the home base station gateway to the home base station and then to the user terminal. Obviously, this solution leads to a great waste of bandwidth resources.
- the IPTV service data stream can be directly transmitted from the fixed access network to the home base station in the premises network to the user terminal, as shown by arrow 61 in FIG.
- One problem caused by this is: Since the user terminal is directly controlled by the mobile network operator, how does the fixed access network trust the user terminal, that is, how the user terminal directly obtains the authentication server in the fixed access network through the home base station. Certification.
- the present invention proposes a technical solution for authenticating a user terminal that is registered in the first operational domain of the communication network when it requests to obtain the service provided by the second operational domain.
- a service GPRS support node in a first operational domain of a communication network for connecting to a communication network through a home base station and requesting acquisition by a second operational domain
- the user terminal of the service performs the method of authenticating, the user terminal is a user terminal of the first operational domain, and the second operational domain provides a backhaul link for the home base station of the first operational domain
- the method includes the following steps: Receiving, by the user terminal, a first request message of the service provided by the second operating domain; verifying whether the user terminal has the right to receive the service; and if the user terminal has the right to receive the service, sending the first
- the second request message is sent to an authentication server in the first operational domain, and the second request message is used to request an authentication server in the first operational domain to allocate information required for accessing the service to the user terminal.
- a method for requesting access to a service provided by a second operational domain in a user terminal of a communication network wherein the second operational domain is the first operational domain
- the home base station provides a backhaul link
- the user terminal is a user terminal registered to the first operational domain
- the method includes the following steps: sending a first request message requesting to receive the service to a serving GPRS support node in the first operational domain; Receiving required information from the serving GPRS support node for accessing the service; And requesting the message to the authentication server in the second operational domain, the authentication request message includes the required information; and receiving a second response message from the authentication server in the second operational domain.
- a method for authenticating a user terminal registered in a first operational domain in an authentication server in a second operational domain of a communication network where the second operational domain is The home base station of the first operating domain provides a backhaul link, including the steps of: receiving an authentication request message from the user terminal; forwarding the authentication request message to an authentication server in the first operational domain; receiving from the a first authentication response message of the authentication server of the first operational domain; and sending a second authentication response message to the user terminal according to the first authentication response message.
- a method for authenticating a user terminal registered in a first operational domain in an authentication server of a first operational domain of a communication network where the second operational domain is The home base station of the first operational domain provides a backhaul link
- the method comprising the steps of: receiving a second request message from a serving GPRS support node in a first operational domain, the second request message being used to request the first operation
- An authentication server in the domain allocates information required to access the service to the user terminal; allocates information required to access the service to the user terminal, and stores the information, and sends the information to the service GPRS support
- the message includes information required by the user terminal to access the service and compared with the stored required information;
- a comparison result transmits a first authentication response message to the second domain authentication server operator.
- a service GPRS support node in a first operational domain of a communication network for connecting to a communication network through a home base station, and requesting acquisition by a second operational domain is provided.
- a device for authenticating a user terminal of the service where the user terminal is a user terminal that is registered to the first operating domain, and the second operating domain provides a backhaul link for the home base station of the first operating domain, including: a receiving device, configured to receive a request from the user terminal to receive a service provided by the second operating domain a first request message, the verification device, configured to verify whether the user terminal has the right to receive the service, and the first sending device is configured to send the second request message to the user device if the user terminal has the right to receive the service
- An authentication server in the operation domain the second request message is used to request an authentication server in the first operation domain to allocate information required for accessing the service to the user terminal.
- a requesting apparatus for requesting access to a service provided by a second operational domain in a user terminal of a communication network, wherein the user terminal is a user terminal registered to the first operational domain
- the second operating domain provides a backhaul link for the home base station of the first operating domain
- the requesting device includes: a second sending device, configured to send a first request message requesting to receive the service to the first operating domain a serving GPRS support node; a second receiving device, configured to receive information required for accessing the service from the serving GPRS support node; and a third sending device, configured to send an authentication request message to the An authentication server in the service domain, the authentication request message includes the required information, and a third receiving device, configured to receive a second response message from the authentication server in the second operational domain.
- an apparatus for authenticating a user terminal registered in a first operational domain in an authentication server in a second operational domain of a communication network where the second operational domain is The home base station of the first operating domain provides a backhaul link, including: a fourth receiving device, configured to receive an authentication request message from the user terminal; and a fourth sending device, configured to forward the authentication request message to the An authentication server in the service domain; a fifth receiving device, configured to receive a first authentication response message from the authentication server of the first operating domain; and a fifth sending device, configured to send according to the first authentication response message A second authentication response message to the user terminal.
- an apparatus for authenticating a user terminal registered in a first operational domain in an authentication server of a first operational domain of a communication network where the second operational domain is The home base station of the first operating domain provides a backhaul link
- a sixth receiving apparatus configured to receive a second request message from a serving GPRS support node in the first operational domain, where the second request message is used to request the An authentication server in the first operational domain allocates information required to access the service to the user terminal; And configured to allocate, to the user terminal, information required to access the service, and store the information, and send the information to the serving GPRS support node; and a seventh receiving device, configured to receive the second operation An authentication request message for authenticating the user terminal by the authentication server of the domain, where the authentication request message includes information required for the user terminal to access the service; and comparing means for including the authentication request message The information required for the user terminal to access the service is compared with the stored required information.
- the sixth sending device is configured to send an authentication
- an effective authentication solution is provided, so that subsequent service transmission becomes more effective;
- Various value-added services in the operational domain can be easily promoted to user terminals registered to the first operational domain, that is, a new service provision or acquisition mode is provided.
- the service provided by the fixed access network is directly provided to the user terminal through the home base station: the terminal user obtains more applications; the fixed access network operator enters the home base station industry chain;
- network operators can use the fixed access network bypass service to reduce their network load, and on the other hand, can promote the services of third parties (ie fixed access networks) to their users. Thereby achieving a win-win effect.
- FIG. 1 is a schematic diagram of an application scenario of a communication system according to an embodiment of the present invention.
- FIG. 2 is a schematic diagram of an application scenario of a communication system according to another embodiment of the present invention. ; , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,
- FIG. 4 is a first operation in a communication network in accordance with an embodiment of the present invention.
- FIG. 5 is a structural block diagram of a requesting apparatus 500 for requesting access to a service provided by a second operational domain in a user terminal of a communication network according to an embodiment of the present invention
- FIG. 6 is a diagram of a specific embodiment according to the present invention.
- FIG. 7 is a structural block diagram of an apparatus 700 for authenticating a user terminal registered to a first operational domain in an authentication server of a first operational domain of a communication network, in accordance with an embodiment of the present invention
- FIG. 2 a home network 11 and other devices, a television set 13, a personal computer 14, and the like are included in the home network 10.
- the functionality of the home gateway is integrated in the home base station 11.
- the home gateway and the home base station can also be physically separated and each becomes a separate device.
- the user terminal 41 is wirelessly connected to the home base station 11 (of course, whether the user terminal can be attached to the home base station 11 is controlled by the mobile core network 30).
- the fixed access network 20 includes a series of network devices such as an authentication server 21, an IPTV providing platform 22 (which may include one or more servers), and an access node 23.
- the mobile core network 30 includes a series of network devices such as a serving GPRS support node 31, an authentication server 32, a gateway 33 of the home base station 11, and a GPRS gateway support node (GGSN) 34.
- GGSN GPRS gateway support node
- the user terminal 41 and the home base station 11 are devices in the mobile network including the mobile core network 30. Another need to explain is that Figure 1 Or the network topology diagram shown in FIG. 2 is only a schematic diagram, mainly showing network devices related to various embodiments of the present invention, and many other network devices not related to various embodiments of the present invention are not. show.
- FIG. 3 is a flowchart of a method for authenticating a user terminal when a user terminal connected to a communication network through a home base station requests to obtain a service provided by a second service domain, according to an embodiment of the present invention, where The user terminal is registered to the first operational domain, and the second operational domain provides the backhaul link for the home base station 11 of the first operational domain.
- the first operational domain is the mobile core network shown in FIG. 2, and the second operational domain is a fixed access network.
- the operational domain refers to the communication network under the jurisdiction of operators (such as China Mobile, China Unicom, China Telecom, etc.).
- the second operational domain provides a backhauling IP connection for the first operational domain.
- step S301 the user terminal 41 transmits a first request message requesting reception of the service provided by the fixed access network 20 to the serving GPRS support node 31 in the mobile core network.
- the format of the first request message is an Activate PDP context Request message, and the message includes an access point name indicating that the request to receive the service provided by the fixed access network 20 is included ( APN, Access Point Name).
- the serving GPRS support node 31 verifies whether the user terminal 41 has the right to receive the service provided by the fixed access network 20. In one embodiment, the service GPRS support node 31 verifies whether the user terminal 41 has the authority to receive the service provided by the fixed access network 20 based on the subscriber data of the user terminal 41.
- User data (Subscriber Data) of the user terminal 41 is provided by a Home Location Register (HLR) in the mobile core network 30.
- HLR Home Location Register
- the services provided by the fixed access network are not limited to the IPTV services described above, including services provided by all fixed access networks, such as video on demand services, high speed Internet access (HSI) services, and online reading. Business, etc.
- the serving GPRS node 31 sends a second request message to the authentication server 32 in the mobile core network 30, the second request message.
- the authentication server 32 for requesting the mobile core network 30 allocates information required for accessing the services provided by the fixed access network 20 to the user terminal 41.
- the required information includes an account number and/or password; of course, other information related to the service, such as the address of the IPTV server, etc., may also be included.
- the first request message received by the serving GPRS node 31 further includes the network address of the home base station 11 to which the user terminal 41 is attached.
- the network address can be inserted into the first request message by the home base station gateway when forwarding the first request message.
- the serving GPRS node 31 can also know the network address of the home base station 11 by other means. This network address can be used by the authentication server 32 in the mobile core network 30 to authenticate the user terminal 41 (this will be described below).
- the format of the second request message may be based on a Diameter or a RADIUS protocol, and the second request message includes an ID of the user terminal 41, and a network address of the home base station 11 to which the user terminal 41 is attached.
- step S304 the authentication server 32 in the mobile core network 30, after receiving the second request message from the serving GPRS support node 31 in the mobile core network 30, allocates the access provided by the fixed access network 20 to the user terminal 41.
- the information required by the service such as an account number and/or password, stores the required information and sends it to the serving GPRS support node 31.
- the authentication server 32 also stores the network address of the home base station 11 to which the user terminal 41 corresponding to the desired information is attached.
- the required information may vary according to the service that the user terminal 41 requests to access.
- an IPTV service may require an account number and password; an online reading service requires only one account.
- step S305 after receiving the required information from the authentication server 32 in the mobile core network 30, the serving GPRS support node 31 transmits the required information to the user terminal 41.
- the required information may be sent to the user terminal 41 in the form of an Activate PDP context Accept message.
- the serving GPRS support node 31 reserves the air interface resource for the user terminal 41 and creates a corresponding packet data protocol after receiving the required information from the authentication server 32 in the mobile core network 30.
- Context PDP Context
- the Serving GPRS Support Node 31 notifies the Home Base Station 11 to which the User Terminal 41 is attached, reserves air interface resources for the User Terminal 41, and creates a Packet Data Protocol Context, the Packet Data Network indicated by the Packet Data Protocol Context ( The PDN) connection directly accesses the fixed access network 20 at the home base station 11 instead of the secure tunnel, but at this time no corresponding network address is assigned, which will be the IPTV platform (including one or more servers) of the second operational domain. .
- the packet data network (PDN) connection indicated by the packet data protocol context refers to the logical GGSN connection from the user terminal 41 to the home base station 11. In this case, the function of the GGSN is also integrated in the home base station 11.
- step S306 after receiving the information required by the serving GPRS support node for accessing its requested service, the user terminal 41 sends an authentication request message to the authentication server 21 in the fixed access network 20, the first An authentication request message contains information required to access the services provided by the fixed access network 20.
- the authentication request message can be implemented by transmitting a DHCP message via the newly established PDP context.
- the information required to access the services provided by the fixed access network 20 can be placed in an option (Option) in the DHCP message or in the EAP authentication extension option in the DHCP message (specific content about the EAP authentication extension option) See Pruss, R., Zorn, G., Maglione, R., and Y. Li, ⁇ Authentication Extensions for the Dynamic Host Configuration Protocol for Broadband", draft-pruss-dhcp-auth-dsl-06. June 10 , 2009).
- the access node 23 in the fixed access network 20 may insert port information in an authentication request message sent by the user terminal 41, for example, in an option of a DHCP message, for fixed connection.
- the authentication server 21 in the network 20 recognizes the network address of the home base station 21 to which the user terminal 41 is attached. In this case, the authentication server 21 prestores between the access node port and the network address of the home base station. Correspondence relationship.
- step S 3 07 the fixed access network authentication server 2021 from the user terminal 41 of the authentication request message to the mobile core network 30 in the authentication server 32.
- the authentication server 21 may add the network address of the home base station 11 to the authentication request message and then forward it to the authentication server 32 in the mobile core network 30.
- step S308 after receiving the authentication request message from the authentication server 21 in the fixed access network 20, the authentication server 32 in the mobile core network 30 includes the user terminal 41 to access the fixed access network provided in the authentication request message.
- the information required for the business is compared to the information required for storage.
- the authentication server 32 compares the stored network address corresponding to the required information with the network address included in the authentication request message.
- the authentication server 32 in the mobile core network 30 transmits a first authentication response request message to the authentication server 21 in the fixed access network 20 based on the comparison result.
- the first authentication response message includes information indicating whether the comparison result matches, that is, if the comparison result matches, the first authentication response message includes information indicating that the authentication is successful, and the comparison result does not match, and the first authentication response message includes information indicating that the authentication is failed.
- the authentication server 21 in the fixed access network 20 After receiving the first authentication response request message, the authentication server 21 in the fixed access network 20 sends a second authentication response message to the user terminal 41 according to the first authentication response message in step S310.
- the second authentication response message includes one assigned to the user.
- the network address is the IP address.
- the second authentication response message may further include a root key for generating a session key between the user terminal 41 and the service providing server of the fixed access network.
- the user terminal 41 performs acquisition of the fixed access network 20 according to the information contained in the second authentication response message, such as the network address assigned to it, and the root key. Business.
- the IPTV service in the fixed access network 20 provides a case where the user terminal 41, the user terminal 41 can use the assigned IP address to access electronic program guide (the EPG), then the packet data protocol context establishment has been established Come directly to IPTV.
- the EPG electronic program guide
- FIG. 4 illustrates, in a serving GPRS support node in a first operational domain of a communication network, for connecting to a communication network through a home base station and requesting acquisition by a second operational domain, in accordance with an embodiment of the present invention.
- the apparatus 400 includes a first receiving apparatus 401, a verification apparatus 402, and a first transmitting apparatus 403.
- the first operational domain is the mobile core network 30, and the second operational domain is the fixed access network 20.
- the first receiving device 401 receives a first request message from the user terminal 41 requesting reception of a service provided by the second operational domain.
- the first request message is an Activate Packet Data Protocol Context Request message that includes an access point name indicating receipt of a service provided by the second operational domain.
- the verification means 402 verifies whether the user terminal 41 has the authority to receive the service. Finally, if the user terminal 41 has the right to receive the service, the first sending device 403 sends a second request message to the authentication server 32 in the first operational domain, where the second request message is used to request authentication in the first operational domain.
- the server 32 allocates information required for accessing the service to the user terminal 41.
- the second request message further includes a network address of the home base station 11 to which the user terminal 41 is attached. It may also contain other information related to the service, such as the address of the IPTV server.
- the authentication server 32 After the authentication server 32 allocates the information required to access the service to the user terminal 41, it transmits it to the serving GPRS support node 31.
- the required information includes an account number and/or password.
- the first receiving device 401 receives the required information from the authentication server 32 in the first operational domain. Then a reservation device (not shown in Figure 4) is the user terminal 4 ] The air interface resources are reserved and a corresponding Packet Data Protocol Context (PDP Context) is created for receipt of the service.
- PDP Context Packet Data Protocol Context
- FIG. 5 is a structural block diagram of a requesting apparatus 500 for requesting access to a service provided by a second operational domain in a user terminal of a communication network, wherein the user terminal registers with the first operational domain, according to an embodiment of the invention
- the second operational domain provides a backhaul link for the home base station of the first operational domain.
- the requesting device 500 comprises a second sending means 501, the second receiving means 502, transmitting means 503 and the third third receiving means 504.
- the first operational domain is the mobile core network 30, and the second operational domain is the fixed access network 20.
- the second transmitting device 501 transmits a first request message requesting to receive the service provided by the second operating domain to the serving GPRS support node in the first operational domain.
- the second receiving device 502 receives the required information from the serving GPRS support node 31 for accessing the services provided by the second operational domain.
- the third sending device 503 sends an authentication request message to the authentication server 21 in the second operational domain, where the authentication request message includes the required information;
- the third receiving device 504 receives the first response message from the authentication server 21 in the second operational domain.
- the second authentication response message includes an IP address required for accessing the service.
- the second authentication response message may further include a root key for generating a session key between the user terminal 41 and the service providing server of the fixed access network.
- the user terminal 41 acquires the service provided by the fixed access network 20 based on the information contained in the second authentication response message, such as the network address assigned to it, and the root key.
- FIG. 6 is a structural block diagram of an apparatus 600 for authenticating a user terminal registered to a first operational domain in an authentication server in a second operational domain of a communication network, in accordance with an embodiment of the present invention,
- the operating domain is the home base station of the first operating domain.
- the apparatus 600 includes a fourth receiving device 601, a fourth transmitting device 602, a fifth receiving device 603, and a fifth transmitting device 604.
- the first operational domain is the mobile core network 30, and the second operational domain is the fixed access network 20.
- the fourth receiving device 601 receives an authentication request message from the user terminal 41. Then, the fourth transmitting device 602 forwards the authentication request message to the authentication server 21 in the first operational domain.
- the fifth receiving device 603 receives the first authentication response message from the authentication server 32 of the first operational domain.
- the fifth transmitting device sends a second authentication response message to the user terminal 41 according to the first authentication response message.
- the second operational domain is an IP-based fixed access network
- the apparatus 600 further includes a distribution device (not shown in FIG. 6), and if the first authentication request message includes information indicating that the authentication is successful, The user terminal 41 is assigned an IP address, which is included in the second authentication response message.
- FIG. 7 is a structural block diagram of an apparatus 700 for authenticating a user terminal registered to a first operational domain in an authentication server of a first operational domain of a communication network, according to an embodiment of the present invention, a second operation
- the domain provides a backhaul link for the home base station of the first operational domain.
- the apparatus 700 includes a sixth receiving apparatus 701, an allocation storage transmitting apparatus 702, a seventh receiving apparatus 703, a comparing means 704, and a sixth transmitting means 705.
- the first operational domain is the mobile core network 30, and the second operational domain is the fixed access network 20.
- the sixth receiving device 701 receives a second request message from the serving GPRS support node 31 in the first operational domain, the second request message is used to request the authentication server 31 in the first operational domain to allocate access to the user terminal 41.
- the distribution storage transmitting means 702 allocates information necessary for accessing the service to the user terminal 41, stores it, and transmits the information to the serving GPRS support node 31. Then, the seventh receiving device 703 receives an authentication request message for authenticating the user terminal 41 from the authentication server 21 of the second operational domain, and the authentication request message includes information required for the user terminal 41 to access the service.
- the comparing means 70 4 compares the information required for the user terminal 41 to access the service in the authentication request message with the stored required information.
- the sixth transmitting means 705 transmits an authentication response message to the authentication server 21 of the second operational domain based on the comparison result of the comparing means 704.
- the second request message further includes the network address of the home base station 11 to which the user terminal 41 is attached, and the allocation storage transmitting means 702 stores the network address of the home base station 11 together with the required information.
- the authentication request message received by the seventh receiving device 703 further includes the network address of the home base station 11 to which the user terminal 41 is attached.
- the comparison device 704 includes the information required for the user terminal 41 to access the service, the network address of the home base station 11 to which the user terminal 41 is attached, and the required information stored, and the home base station 11 to which the user terminal 41 is attached. The network address is compared.
- the sixth transmitting means 705 then transmits an authentication response message to the authentication server 21 of the second operational domain based on the comparison result of the comparing means 704.
Description
Claims
Priority Applications (6)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
KR1020127026065A KR101426721B1 (ko) | 2010-03-09 | 2010-03-09 | 가입자 단말을 인증하기 위한 방법 및 장비 |
US13/576,488 US8813195B2 (en) | 2010-03-09 | 2010-03-09 | Method and apparatus for authenticating a user equipment |
CN2010800347623A CN102474722B (zh) | 2010-03-09 | 2010-03-09 | 对用户终端进行认证的方法及装置 |
JP2012556360A JP5521057B2 (ja) | 2010-03-09 | 2010-03-09 | ユーザ機器を認証するための方法および装置 |
EP10847195.4A EP2547133B1 (en) | 2010-03-09 | 2010-03-09 | Method and equipment for authenticating subscriber terminal |
PCT/CN2010/070942 WO2011109936A1 (zh) | 2010-03-09 | 2010-03-09 | 对用户终端进行认证的方法及装置 |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
PCT/CN2010/070942 WO2011109936A1 (zh) | 2010-03-09 | 2010-03-09 | 对用户终端进行认证的方法及装置 |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2011109936A1 true WO2011109936A1 (zh) | 2011-09-15 |
Family
ID=44562786
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/CN2010/070942 WO2011109936A1 (zh) | 2010-03-09 | 2010-03-09 | 对用户终端进行认证的方法及装置 |
Country Status (6)
Country | Link |
---|---|
US (1) | US8813195B2 (zh) |
EP (1) | EP2547133B1 (zh) |
JP (1) | JP5521057B2 (zh) |
KR (1) | KR101426721B1 (zh) |
CN (1) | CN102474722B (zh) |
WO (1) | WO2011109936A1 (zh) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN106982427A (zh) * | 2017-04-14 | 2017-07-25 | 北京佰才邦技术有限公司 | 连接建立方法及装置 |
Families Citing this family (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR101467173B1 (ko) * | 2013-02-04 | 2014-12-01 | 주식회사 케이티 | M2m 네트워크의 리소스 관리 방법 및 리소스 관리 장치 |
KR101999231B1 (ko) | 2013-02-27 | 2019-07-11 | 주식회사 케이티 | 차량 콤포넌트 제어 유닛 및 차량 콤포넌트 제어를 위한 휴대용 단말 |
KR101687340B1 (ko) | 2013-09-12 | 2016-12-16 | 주식회사 케이티 | 홈 네트워크 운영환경 설정 방법 및 이를 위한 장치 |
KR101593115B1 (ko) | 2013-10-15 | 2016-02-11 | 주식회사 케이티 | 홈 네트워크 시스템에서의 구형 기기 상태 모니터링 방법 및 홈 네트워크 시스템 |
CN108076461B (zh) * | 2016-11-18 | 2020-09-18 | 华为技术有限公司 | 一种鉴权方法、基站、用户设备和核心网网元 |
JP7148947B2 (ja) | 2017-06-07 | 2022-10-06 | コネクトフリー株式会社 | ネットワークシステムおよび情報処理装置 |
CN111347428B (zh) * | 2020-04-16 | 2021-09-21 | 蓓安科仪(北京)技术有限公司 | 基于5g网络的智能医疗机器人的控制方法 |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20080305772A1 (en) * | 2007-06-07 | 2008-12-11 | Qualcomm Incorporated | Home base station |
CN101400153A (zh) * | 2007-09-27 | 2009-04-01 | 北京三星通信技术研究有限公司 | 用户设备通过hnb接入系统直接通信的方法 |
CN101631309A (zh) * | 2008-07-17 | 2010-01-20 | 上海华为技术有限公司 | 基于家庭基站网络的对终端进行鉴权的方法、设备及系统 |
Family Cites Families (17)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
DE69939494D1 (de) * | 1999-07-02 | 2008-10-16 | Nokia Corp | Authentifizierungsverfahren und system |
JP3639200B2 (ja) * | 2000-09-08 | 2005-04-20 | 株式会社東芝 | 通信システム、移動端末装置、ゲートウェイ装置、アドレス割り当て方法及び検索サービス方法 |
JP3770874B2 (ja) * | 2000-11-21 | 2006-04-26 | サムスン エレクトロニクス カンパニー リミテッド | 移動ipを使用する移動通信システムにおける地域的トンネル管理方法 |
US7936710B2 (en) * | 2002-05-01 | 2011-05-03 | Telefonaktiebolaget Lm Ericsson (Publ) | System, apparatus and method for sim-based authentication and encryption in wireless local area network access |
EP1550335B1 (en) * | 2002-10-01 | 2019-11-27 | Nokia Technologies Oy | Method and system for providing access via a first network to a service of a second network |
US8528063B2 (en) * | 2004-03-31 | 2013-09-03 | International Business Machines Corporation | Cross domain security information conversion |
US7236781B2 (en) * | 2004-06-02 | 2007-06-26 | Nokia Corporation | Method for roaming between networks |
KR100725974B1 (ko) * | 2005-03-31 | 2007-06-11 | 노키아 코포레이션 | 제 1 네트워크를 통해 제 2 네트워크의 서비스에 대한액세스를 제공하는 방법 및 시스템 |
US20090067417A1 (en) * | 2007-07-14 | 2009-03-12 | Tatara Systems, Inc. | Method and apparatus for supporting SIP/IMS-based femtocells |
EP1900160B1 (en) * | 2005-06-28 | 2015-08-26 | Telefonaktiebolaget LM Ericsson (publ) | Means and methods for controlling network access in integrated communications networks |
KR100668660B1 (ko) | 2005-10-19 | 2007-01-12 | 한국전자통신연구원 | 휴대 인터넷 망과 3g 망간의 로밍을 위한 사용자 인증처리 방법 및 이를 수행하는 라우터 |
EP1871065A1 (en) * | 2006-06-19 | 2007-12-26 | Nederlandse Organisatie voor Toegepast-Natuuurwetenschappelijk Onderzoek TNO | Methods, arrangement and systems for controlling access to a network |
CN100469196C (zh) * | 2006-07-28 | 2009-03-11 | 电信科学技术研究院 | 一种多模终端在异质接入技术网络之间漫游的认证方法 |
US8792920B2 (en) * | 2007-11-15 | 2014-07-29 | Ubeeairwalk, Inc. | System, method, and computer-readable medium for short message service processing by a femtocell system |
US9166799B2 (en) * | 2007-12-31 | 2015-10-20 | Airvana Lp | IMS security for femtocells |
JP2009253431A (ja) * | 2008-04-02 | 2009-10-29 | Alcatel-Lucent Usa Inc | Iuインターフェースを有するUMTSフェムトセル解法においてPSトラフィックをオフロードする方法。 |
US8380819B2 (en) * | 2009-05-14 | 2013-02-19 | Avaya Inc. | Method to allow seamless connectivity for wireless devices in DHCP snooping/dynamic ARP inspection/IP source guard enabled unified network |
-
2010
- 2010-03-09 JP JP2012556360A patent/JP5521057B2/ja active Active
- 2010-03-09 EP EP10847195.4A patent/EP2547133B1/en active Active
- 2010-03-09 WO PCT/CN2010/070942 patent/WO2011109936A1/zh active Application Filing
- 2010-03-09 KR KR1020127026065A patent/KR101426721B1/ko active IP Right Grant
- 2010-03-09 US US13/576,488 patent/US8813195B2/en active Active
- 2010-03-09 CN CN2010800347623A patent/CN102474722B/zh active Active
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20080305772A1 (en) * | 2007-06-07 | 2008-12-11 | Qualcomm Incorporated | Home base station |
CN101400153A (zh) * | 2007-09-27 | 2009-04-01 | 北京三星通信技术研究有限公司 | 用户设备通过hnb接入系统直接通信的方法 |
CN101631309A (zh) * | 2008-07-17 | 2010-01-20 | 上海华为技术有限公司 | 基于家庭基站网络的对终端进行鉴权的方法、设备及系统 |
Non-Patent Citations (2)
Title |
---|
PRUSS, R.; ZORN, G.; MAGLIONE, R.; Y. LI, EAP AUTHENTICATION EXTENSIONS FOR THE DYNAMIC HOST CONFIGURATION PROTOCOL FOR BROADBAND, 10 June 2009 (2009-06-10) |
See also references of EP2547133A4 |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN106982427A (zh) * | 2017-04-14 | 2017-07-25 | 北京佰才邦技术有限公司 | 连接建立方法及装置 |
WO2018188482A1 (zh) * | 2017-04-14 | 2018-10-18 | 北京佰才邦技术有限公司 | 连接建立方法及装置 |
CN106982427B (zh) * | 2017-04-14 | 2020-08-18 | 北京佰才邦技术有限公司 | 连接建立方法及装置 |
Also Published As
Publication number | Publication date |
---|---|
US8813195B2 (en) | 2014-08-19 |
JP5521057B2 (ja) | 2014-06-11 |
CN102474722B (zh) | 2013-12-25 |
US20120304259A1 (en) | 2012-11-29 |
KR20120139777A (ko) | 2012-12-27 |
EP2547133A1 (en) | 2013-01-16 |
EP2547133B1 (en) | 2018-06-27 |
JP2013521728A (ja) | 2013-06-10 |
CN102474722A (zh) | 2012-05-23 |
EP2547133A4 (en) | 2015-08-12 |
KR101426721B1 (ko) | 2014-08-06 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
WO2011109936A1 (zh) | 对用户终端进行认证的方法及装置 | |
US9654962B2 (en) | System and method for WLAN roaming traffic authentication | |
JP3006504B2 (ja) | 無線ネットワークにおける無線端末の認証方法および無線ネットワーク | |
WO2019017840A1 (zh) | 网络验证方法、相关设备及系统 | |
KR100933365B1 (ko) | 액세스 네트워크의 자원 관리 시스템 및 방법 | |
WO2008148357A1 (fr) | Système et procédé de communication, passerelle de station de base domestique et serveur de station de base domestique | |
US20090043891A1 (en) | Mobile WiMax network system including private network and control method thereof | |
US8611358B2 (en) | Mobile network traffic management | |
WO2013091494A1 (zh) | 一种无线中继设备的中继方法及无线中继设备 | |
WO2012073404A1 (ja) | サービス品質管理システム及び方法 | |
WO2013002533A2 (en) | Apparatus and method for providing service to heterogeneous service terminals | |
WO2014101755A1 (zh) | 业务数据分流方法及系统 | |
US20130028145A1 (en) | Ip based emergency services solution in wimax | |
WO2011009339A1 (zh) | 一种数据传输的方法、系统和装置 | |
CN102883265A (zh) | 接入用户的位置信息发送和接收方法、设备及系统 | |
WO2014047923A1 (zh) | 接入网络的方法和装置 | |
JP6231187B2 (ja) | アクセスネットワークシステムにおけるwlanリソース管理 | |
KR100739299B1 (ko) | 중간 dhcp 서버를 이용한 중앙집중관리방식의 아이피자동할당 방법 | |
JP5423320B2 (ja) | 無線通信システム及び方法 | |
KR100462026B1 (ko) | 이동 멀티미디어 서비스를 위한 프록시 서버 장치 및폴리시 제어 방법 | |
WO2014110768A1 (zh) | 一种移动网络对终端认证的方法和网元、终端 | |
JP5759219B2 (ja) | 無線基地局 | |
JP5775017B2 (ja) | 通信装置及び基地局装置 | |
CN115766343A (zh) | 一种通信方法及装置 | |
JP2003169085A (ja) | ボランティアネットワーク |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
WWE | Wipo information: entry into national phase |
Ref document number: 201080034762.3 Country of ref document: CN |
|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 10847195 Country of ref document: EP Kind code of ref document: A1 |
|
WWE | Wipo information: entry into national phase |
Ref document number: 6702/CHENP/2012 Country of ref document: IN |
|
WWE | Wipo information: entry into national phase |
Ref document number: 13576488 Country of ref document: US |
|
WWE | Wipo information: entry into national phase |
Ref document number: 2010847195 Country of ref document: EP |
|
WWE | Wipo information: entry into national phase |
Ref document number: 2012556360 Country of ref document: JP |
|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
ENP | Entry into the national phase |
Ref document number: 20127026065 Country of ref document: KR Kind code of ref document: A |