WO2015100874A1 - Home gateway access management method and system - Google Patents

Home gateway access management method and system Download PDF

Info

Publication number
WO2015100874A1
WO2015100874A1 PCT/CN2014/075012 CN2014075012W WO2015100874A1 WO 2015100874 A1 WO2015100874 A1 WO 2015100874A1 CN 2014075012 W CN2014075012 W CN 2014075012W WO 2015100874 A1 WO2015100874 A1 WO 2015100874A1
Authority
WO
WIPO (PCT)
Prior art keywords
mobile phone
wag
authentication
hgw
home gateway
Prior art date
Application number
PCT/CN2014/075012
Other languages
French (fr)
Chinese (zh)
Inventor
王飞
Original Assignee
中兴通讯股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 中兴通讯股份有限公司 filed Critical 中兴通讯股份有限公司
Publication of WO2015100874A1 publication Critical patent/WO2015100874A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/08Access security
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W48/00Access restriction; Network selection; Access point selection
    • H04W48/16Discovering, processing access restriction or access information
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W8/00Network data management
    • H04W8/18Processing of user or subscriber data, e.g. subscribed services, user preferences or user profiles; Transfer of user or subscriber data
    • H04W8/20Transfer of user or subscriber data

Definitions

  • the present invention relates to the field of wireless communications, and in particular, to a home gateway access management method and system. Background technique
  • the home gateway allows the mobile phone to access and conduct data services through WiFi (Wireless Fidelity), but in actual operation, it may be necessary to filter users who use WiFi (for example, the A operator's home gateway wants to only allow users of the A carrier). Accessing the A operator's Wifi network through the home gateway).
  • WiFi Wireless Fidelity
  • the related home gateway access terminal management mode cannot filter the terminal and cannot meet the application requirements.
  • the embodiment of the invention provides a home gateway access management method and system, which solves the problem that the related home gateway access terminal management mode cannot filter the terminal and cannot meet the application requirements.
  • a home gateway access management method includes:
  • the home gateway sends an inquiry message of an International Mobile Subscriber Identity (IMSI) carrying a mobile phone with a newly established wireless fidelity (WiFi) link to the wireless access gateway (WAG), and queries the WAG for the mobile phone The result of the authentication;
  • IMSI International Mobile Subscriber Identity
  • WiFi wireless fidelity
  • the WAG Receiving, by the HGW, the WAG returns a response message carrying an authentication result of the mobile phone, and controlling, according to the authentication result, the WiFi link data transmission of the mobile phone.
  • the method further includes:
  • the HGW receives a DHCP Request Option 60 message sent by the mobile phone carrying the mobile phone IMSI.
  • the HGW receives the response message that the WAG carries the authentication result of the mobile phone, and controls the WiFi link data transmission of the mobile phone according to the authentication result, include:
  • the HWG releases the data stream to the WiFi link, and allows the mobile phone on the WiFi link to pass through the WiFi link and the network side. Data service;
  • the HGW prohibits the mobile phone on the WiFi link from performing data service with the network side through the WiFi link.
  • the method further includes:
  • the HGW sets a wait timeout timer for the query message while sending the query message to the WAG.
  • the HGW receives the response message that the WAG carries the authentication result of the mobile phone, and controls the WiFi link data transmission of the mobile phone according to the authentication result, and further includes:
  • the HGW After receiving the response message indicating that the mobile phone authentication passes or fails, the HGW cancels the waiting timeout timer.
  • the HGW receives the response message that the WAG carries the authentication result of the mobile phone, and controls the WiFi link data transmission of the mobile phone according to the authentication result, and further includes:
  • the HGW When the response message received by the HGW indicates that the mobile phone is still in the authentication, the HGW continues to wait for the waiting timeout timer to expire;
  • the HGW After the waiting timeout timer expires, the HGW sends a query message carrying the IMSI of the mobile phone to the WAG, and records the number of times the query message is sent.
  • the method further includes:
  • the HGW acquires an Internet Protocol (IP) of the WAG at startup, and establishes a route to the WAG.
  • IP Internet Protocol
  • the embodiment of the invention further provides a home gateway access management method, including:
  • the wireless access gateway receives the home gateway (HGW) and sends the newly established Querying an International Mobile Subscriber Identity (IMSI) query message of a mobile phone of a line-fidelity (WiFi) link, and querying the WAG for an authentication result of the mobile phone;
  • IMSI International Mobile Subscriber Identity
  • the WAG parses the IMSI of the mobile phone from the query message, and queries an authentication result of the mobile phone according to the IMSI;
  • the WAG sends a response message to the HGW, where the response message carries the authentication result of the mobile phone.
  • the method for querying the authentication result of the mobile phone according to the IMSI further includes:
  • the WAG replies to the HGW with a response message indicating that the mobile phone is authenticating.
  • the method further includes:
  • the WAG receives a registration request of the mobile phone, and performs authentication authentication on the mobile phone; and the WAG saves the authentication result of the mobile phone and the IMSI of the mobile phone.
  • the WAG receives the registration request of the mobile phone, and performs authentication authentication on the mobile phone, including:
  • the WAG parses the authentication random number and the authentication data from the registration request of the mobile phone, and sends the authentication random number, the authentication data, and the authentication algorithm to the network security system server of the access network (AN - AAA ) ;
  • the AN-AAA calculates the authentication data locally according to the authentication algorithm using the authentication random number
  • the AN-AAA returns an authentication result to the WAG.
  • the embodiment of the invention further provides a home gateway access management system, including: a home gateway (HGW) and a wireless access gateway (WAG);
  • the HGW is configured to send, to the WAG, an inquiry message of an International Mobile Subscriber Identity (IMSSI) carrying a mobile phone with a newly established Wireless Fidelity (WiFi) link, and query the WAG for an authentication result of the mobile phone.
  • IMSSI International Mobile Subscriber Identity
  • WiFi Wireless Fidelity
  • the WAG Receiving, by the WAG, a response message carrying the authentication result of the mobile phone, and controlling, according to the authentication result, the WiFi link data transmission of the mobile phone; and the WAG, configured to receive the HGW to send The query message of the IMSI carrying the mobile phone with the newly established WiFi link sends a response message to the HGW, where the response message carries the authentication result of the mobile phone.
  • the HGW is further configured to acquire an Internet Protocol (IP) address of the WAG at startup, and establish a route to the WAG.
  • IP Internet Protocol
  • the WAG is further configured to receive a registration request of the mobile phone, perform authentication authentication on the mobile phone, and save the authentication result of the mobile phone and the IMSI of the mobile phone.
  • the embodiment of the invention implements the restriction on the use of the home gateway by the different network mobile phone, and solves the problem that the related home gateway access terminal management mode cannot filter the terminal and cannot meet the application requirement.
  • FIG. 1 is a schematic structural diagram of a home gateway access management system according to Embodiment 1 of the present invention.
  • FIG. 2 is a flow chart of a mobile phone side of a home gateway access management method according to Embodiment 2 of the present invention
  • FIG. 3 is a flow chart of an HGW side of a home gateway access management method according to Embodiment 2 of the present invention.
  • FIG. 4 is a flow chart of a WAG side of a home gateway access management method according to Embodiment 2 of the present invention.
  • FIG. 5 is a flowchart of a home gateway access management method according to Embodiment 3 of the present invention
  • FIG. 6 is a flowchart of a home gateway access management method according to Embodiment 4 of the present invention
  • FIG. 8 is a logic diagram of internal processing of the HGW for restricting access to other network users. Preferred embodiment of the invention
  • the related home gateway access terminal management mode cannot filter the terminal and cannot meet the application requirements.
  • Embodiments of the present invention provide a home gateway access management method and system. Embodiments of the present invention will be described in detail below with reference to the accompanying drawings. It should be noted that, in the case of no conflict, the features in the embodiments and the embodiments in the present application may be arbitrarily combined with each other.
  • the embodiment of the invention provides a home gateway access management system.
  • the system structure is as shown in FIG. 1 and includes:
  • the HGW 101 is configured to send an inquiry message of the IMSI of the mobile phone carrying the newly established WiFi link to the WAG 102, query the WAG for the authentication result of the mobile phone, and receive the WAG 102 to return the carried message. a response message of the authentication result of the mobile phone, and controlling, according to the authentication result, the WiFi link data transmission of the mobile phone;
  • the WAG 102 is configured to receive an inquiry message of the IMSI of the mobile phone carrying the newly established WiFi link sent by the HGW 101, and send a response message to the HGW 101, where the response message carries the information of the mobile phone. The result of the right.
  • the HGW 101 is further configured to acquire an IP address of the WAG 102 at startup, and establish a route to the WAG 102.
  • the WAG 102 is further configured to receive a registration request of the mobile phone, perform authentication authentication on the mobile phone, and save the authentication result of the mobile phone and the IMSI of the mobile phone.
  • HGW 101 mainly provides Wi-Fi wireless links to mobile phones, ensuring that mobile phones can access data services through the WiFi to the network side.
  • the WAG 102 is mainly used to process the authentication signaling from the mobile phone and manage the authentication session, and supports the HGW to query the mobile phone authentication result.
  • the system further includes a network security system (AN-AAA: Access Network AAA, AAA: Authentication, Authorization, Accounting) server 103, which provides authentication data, authentication data, and access to the WAG. The user performs billing.
  • AN-AAA Access Network AAA
  • AAA Authentication, Authorization, Accounting
  • the system further includes a Home Location Register (HLR), which is mainly responsible for allocating and transmitting user authentication data, and adding a network element to the fixed network.
  • HLR Home Location Register
  • the system further includes a Broadband Remote Access Server (BRAS), which is a new access gateway for broadband network applications. It is located at the edge layer of the backbone network and is responsible for broadband data connection of the home gateway.
  • BRAS Broadband Remote Access Server
  • an embodiment of the present invention provides a home gateway access management method, and the process for the mobile phone side to manage the terminal accessing the home gateway using the method is as shown in FIG. 2 . , including:
  • Step 201 The mobile phone carries the IMSI information of the user to the HGW in the DHCP Request Option 60 message.
  • the scanned hotspot automatically initiates a connection.
  • the IP address is automatically obtained from the HWG through the DHCP process
  • the user's IMSI information is carried in the DHCP Request option 60 message to the HGW.
  • Step 202 After the connection is successful, the mobile phone automatically initiates UW authentication to the WAG server; if the authentication is successful, the WiFi connection is maintained; if the authentication fails, the WiFi connection is disconnected.
  • Step 301 The HGW establishes a route to the WAG server.
  • HGW-Start immediately use chinanetcw.chinatelecom.cn to do the domain name system (DNS) operation to obtain the address IP address of the WAG server;
  • DNS domain name system
  • the HWG establishes a local to the WAG server. Route, the route can be used to enable the HGW to send a request message to the WAG to query whether the mobile phone passes the authentication.
  • Step 302 After receiving the DHCP Request Option 60 message, the HGW extracts the IMSI information of the user from the message, and associates with the WiFi link currently allocated to the user, that is, the IMSI is used as a field of the WiFi link management control block. Save it up.
  • Step 303 When the HGW detects that a certain WiFi link is connected, the IMSI carrying the mobile phone periodically initiates a message for querying the mobile phone authentication result to the WAG gateway, and sets a waiting timeout timer for the query message. Waiting for the WAG to respond to the message within the timeout allowed by the wait timeout timer.
  • the content is handled as follows:
  • the HGW continues to wait for the timer to expire. After the waiting timer expires, the query message is re-initiated and the number of queries is counted.
  • the HWG releases the data stream to the WiFi link, allowing the WiFi link to acquire data on the network side; and cancels the query message waiting timer.
  • the maximum number of times that the HGW initiates periodic challenge authentication results to the WAG is preferably no more than five times, and each time the result is no more than three seconds.
  • the HGW has received the authentication result of the changed user back from the WAG, and immediately stops sending the inquiry message to the WAG and cancels the waiting timer.
  • Step 401 After receiving the registration request from the mobile phone, the WAG performs authentication and authentication according to the normal UW authentication (this process can be referred to the “111-2012 China Telecom Mobile Terminal Demand Specification-CDMA+WiFi Volume (V201 2-9.pdf). "6.1.2 Registration Success Process").
  • Step 402 After receiving the inquiry request from the HGW, the WAG parses the user's IMSI from the request message, and uses the IMSI to query the current user's authentication result.
  • the processing method is as follows:
  • the response message is sent to the HGW. In response to the message, the authentication is in progress.
  • the HGW responds with a response message indicating whether the authentication succeeds or fails.
  • the HGW responds with a response message indicating that the authentication fails.
  • an embodiment of the present invention provides a home gateway access management method, and the process for the mobile phone side to manage the terminal accessing the home gateway using the method is as shown in FIG. 5 . , including:
  • Step 501 The mobile phone selects a hotspot and initiates a connection
  • the WiFi switch when the WiFi switch is turned on on the mobile phone, one of the searched one or more hotspots is selected to initiate an automatic connection, and the IMSI information of the mobile phone is carried in the option 60 field of the connected DHCP Request message.
  • the mobile phone automatically initiates a registration request for a Session Initiation Protocol (SIP) signaling to the WAG gateway over the WiFi link after the automatic connection.
  • SIP Session Initiation Protocol
  • the request has a type of authentication algorithm supported by the card (CAVE algorithm or MD5 algorithm).
  • Step 502 After detecting the connection with the WiFi of the mobile phone, the HGW sends a message to the WAG to query the authentication result of the mobile phone, and sets a timer to perform a protection query response.
  • Step 503 After receiving the Register request, the WAG gateway selects an algorithm (the preferred algorithm is MD5), and returns a 401 message to the mobile phone.
  • the 401 (Unauthorized, Unauthorized) message carries the corresponding authentication algorithm according to the selected algorithm. Authentication random number;
  • Step 504 After receiving the 401 message, the mobile phone parses out the number of authentication random numbers from the SIP message and calculates by the card according to the agreed CAVE or MD5 algorithm. After the result is obtained, a Register Request message is sent to the WAG, and the message carries the authentication random number and the authentication data calculated by the card.
  • Step 505 After receiving the Register Request message re-initiated by the mobile phone, the WAG parses the authentication random number and the authentication data, and sends the authentication algorithm to the AN-AAA for authentication.
  • Step 506 After receiving the authentication data sent by the WAG, the AN-AAA calculates the authentication data according to the authentication algorithm locally by using the authentication random number. If AN-AAA calculates the authentication data and mobile phone meter locally If the calculated authentication data is consistent, then the WAG will respond to the message indicating that the authentication is successful.
  • Step 507 After receiving the message that the AN-AAA indicates that the authentication succeeds, the WAG sends a message 200 (for registration, for Register) to the mobile phone.
  • Step 508 After receiving the 200 response message of the register, the mobile phone prompts the user to verify that the UW authentication is successful. Otherwise, the user is prompted to fail authentication;
  • Step 509 If the HGW queries that the mobile phone is successfully authenticated, the data link is released to the WiFi link established with the mobile phone; otherwise, the data flow is not released to the WiFi link.
  • An embodiment of the present invention provides a home gateway access management method, and the process of managing the mobile phone accessed by the home gateway using the method is as shown in FIG. 6, and includes:
  • Step 601 The HGW acquires an IP address of the WAG at startup, and establishes a route to the WAG.
  • Step 602 The HGW receives a DHCP Request option 60 message sent by the mobile phone and carrying the mobile phone IMSI.
  • Step 603 The HGW sends an IMSI query message carrying the mobile phone with the newly established WiFi link to the WAG, and queries the WAG for the authentication result of the mobile phone.
  • the HGW sends a wait timeout timer to the query message while sending the query message to the WAG.
  • Step 604 The WAG receives an inquiry message of the IMSI of the mobile phone that carries the newly established WiFi link sent by the HGW.
  • the WAG receives the registration request of the mobile phone, and performs authentication and authentication on the mobile phone;
  • the WAG parses the authentication random number and the authentication data from the registration request of the mobile phone, and sends the authentication random number, the authentication data, and the authentication algorithm to the network security system server of the access network ( AN - AAA ) ;
  • the AN-AAA uses the authentication random number to locally calculate the authentication according to the authentication algorithm.
  • the AN-AAA returns an authentication result to the WAG.
  • the WAG saves the authentication result of the mobile phone and the IMSI of the mobile phone.
  • Step 605 The WAG parses an IMSI of the mobile phone from the query message, and queries an authentication result of the mobile phone according to the IMSI.
  • Step 606 The WAG sends a response message to the HGW, where the response message carries an authentication result of the mobile phone.
  • the WAG when the mobile phone is still in the authentication process, the WAG returns a response message indicating that the mobile phone is authenticating to the HGW.
  • Step 607 The HGW receives the response message that the WAG carries the authentication result of the mobile phone, and controls the WiFi link data transmission of the mobile phone according to the authentication result.
  • the HGW cancels the waiting timeout timer after receiving a response message indicating that the mobile phone authentication passes or fails.
  • the HGW internal processing logic diagram that is not restricted to other network users is shown in Figure 7.
  • the internal processing logic for restricting access to other network users is as shown in FIG. 8. It can be seen that the technical solution provided by the embodiment of the present invention can manage the home gateway access user, and effectively restrict the access of the other network user.
  • An embodiment of the present invention provides a home gateway access management method and system.
  • the HGW sends an IMSI query message carrying a mobile phone with a newly established WiFi link to the WAG, and queries the WAG for the authentication result of the mobile phone.
  • the HGW receives the response message of the WAG carrying the authentication result of the mobile phone, and controls the WiFi link data transmission of the mobile phone according to the authentication result, thereby realizing the restriction of the different network mobile phone to the family.
  • the use of the gateway solves the problem that the related home gateway access terminal management mode cannot filter the terminal and cannot meet the application requirements. can By restricting the use of home gateways by different mobile phones, it can effectively protect the operator's network investment and reduce the data server load of the network.
  • all or part of the steps of the foregoing embodiments may also be implemented by using an integrated circuit. These steps may be separately fabricated into individual integrated circuit modules, or multiple modules or steps may be fabricated into a single integrated circuit module. achieve.
  • the invention is not limited to any particular combination of hardware and software.
  • the various devices/function modules/functional units in the above embodiments may be implemented using a general-purpose computing device, which may be centralized on a single computing device or distributed over a network of multiple computing devices.
  • Each device/function module/functional unit in the above embodiments can be stored in a computer readable storage medium when implemented in the form of a software function module and sold or used as a standalone product.
  • the above mentioned computer readable storage medium may be a read only memory, a magnetic disk or an optical disk or the like.
  • the embodiments of the present invention implement the limitation of the use of the home gateway by the different network mobile phone, and solve the problem that the related home gateway access terminal management mode cannot filter the terminal and cannot meet the application requirements.

Abstract

The present invention relates to a home gateway access management method and system. The method comprises: a home gateway (HGW) sending to a wireless access gateway (WAG) a query message of an international mobile subscriber identity (IMSI) of a mobile phone carrying a newly established wireless fidelity (WiFi) link, and querying an authentication result of the mobile phone to the WAG; and the HGW receiving a response message carrying the authentication result of the mobile phone and returned by the WAG, and controlling WiFi link data transmission of the mobile phone according to the authentication result.

Description

家庭网关接入管理方法和系统  Home gateway access management method and system
技术领域 Technical field
本发明涉及无线通信领域,尤其涉及一种家庭网关接入管理方法和系统。 背景技术  The present invention relates to the field of wireless communications, and in particular, to a home gateway access management method and system. Background technique
家庭网关允许手机接入并通过无线保真(WiFi, Wireless Fidelity )进行 数据业务,但实际运行中可能需要对使用 WiFi的用户进行筛选(如 A运营商 的家庭网关希望只允许 A运营商的用户通过该家庭网关接入该 A运营商的 Wifi网络) 。  The home gateway allows the mobile phone to access and conduct data services through WiFi (Wireless Fidelity), but in actual operation, it may be necessary to filter users who use WiFi (for example, the A operator's home gateway wants to only allow users of the A carrier). Accessing the A operator's Wifi network through the home gateway).
相关的家庭网关接入终端管理方式无法对终端进行筛选, 不能满足应用 需求。 发明内容  The related home gateway access terminal management mode cannot filter the terminal and cannot meet the application requirements. Summary of the invention
本发明实施例提供了一种家庭网关接入管理方法和系统, 解决了相关的 家庭网关接入终端管理方式无法对终端进行筛选,不能满足应用需求的问题。  The embodiment of the invention provides a home gateway access management method and system, which solves the problem that the related home gateway access terminal management mode cannot filter the terminal and cannot meet the application requirements.
一种家庭网关接入管理方法, 包括:  A home gateway access management method includes:
家庭网关 (HGW ) 向无线接入网关 (WAG )发送携带有新建立无线保 真 ( WiFi )链路的手机的国际移动用户识别码( IMSI ) 的查询消息, 向所述 WAG查询对所述手机的鉴权结果; 以及  The home gateway (HGW) sends an inquiry message of an International Mobile Subscriber Identity (IMSI) carrying a mobile phone with a newly established wireless fidelity (WiFi) link to the wireless access gateway (WAG), and queries the WAG for the mobile phone The result of the authentication;
所述 HGW接收所述 WAG返回携带有对所述手机的鉴权结果的响应消 息, 并根据该鉴权结果对所述手机的 WiFi链路数据传输进行控制。  Receiving, by the HGW, the WAG returns a response message carrying an authentication result of the mobile phone, and controlling, according to the authentication result, the WiFi link data transmission of the mobile phone.
可选地, 该方法还包括:  Optionally, the method further includes:
所述 HGW接收所述手机发送的携带有该手机 IMSI的 DHCP请求选项 60消息。  The HGW receives a DHCP Request Option 60 message sent by the mobile phone carrying the mobile phone IMSI.
可选地, 所述 HGW接收所述 WAG返回携带有对所述手机的鉴权结果 的响应消息, 并根据该鉴权结果对所述手机的 WiFi链路数据传输进行控制, 包括: Optionally, the HGW receives the response message that the WAG carries the authentication result of the mobile phone, and controls the WiFi link data transmission of the mobile phone according to the authentication result, include:
当所述 HGW接收到的响应消息指示所述手机鉴权通过时, 所述 HWG 对所述 WiFi链路放开数据流,允许所述 WiFi链路上的手机通过该 WiFi链路 与网络侧进行数据业务; 以及  When the response message received by the HGW indicates that the mobile phone authentication is passed, the HWG releases the data stream to the WiFi link, and allows the mobile phone on the WiFi link to pass through the WiFi link and the network side. Data service; and
当所述 HGW接收到的响应消息指示所述手机鉴权失败时,所述 HGW禁 止所述 WiFi链路上的手机通过该 WiFi链路与网络侧进行数据业务。  When the response message received by the HGW indicates that the mobile phone authentication fails, the HGW prohibits the mobile phone on the WiFi link from performing data service with the network side through the WiFi link.
可选地, 该方法还包括:  Optionally, the method further includes:
所述 HGW在向 WAG发送所述查询消息的同时, 对该查询消息设置等 待超时定时器。  The HGW sets a wait timeout timer for the query message while sending the query message to the WAG.
可选地, 所述 HGW接收所述 WAG返回携带有对所述手机的鉴权结果 的响应消息, 并根据该鉴权结果对所述手机的 WiFi链路数据传输进行控制, 还包括:  Optionally, the HGW receives the response message that the WAG carries the authentication result of the mobile phone, and controls the WiFi link data transmission of the mobile phone according to the authentication result, and further includes:
所述 HGW在接收到指示所述手机鉴权通过或失败的响应消息后, 取消 所述等待超时定时器。  After receiving the response message indicating that the mobile phone authentication passes or fails, the HGW cancels the waiting timeout timer.
可选地, 所述 HGW接收所述 WAG返回携带有对所述手机的鉴权结果 的响应消息, 并根据该鉴权结果对所述手机的 WiFi链路数据传输进行控制, 还包括:  Optionally, the HGW receives the response message that the WAG carries the authentication result of the mobile phone, and controls the WiFi link data transmission of the mobile phone according to the authentication result, and further includes:
当所述 HGW接收到的响应消息指示所述手机仍在鉴权中时,所述 HGW 继续等待所述等待超时定时器超时; 以及  When the response message received by the HGW indicates that the mobile phone is still in the authentication, the HGW continues to wait for the waiting timeout timer to expire;
所述 HGW在所述等待超时定时器超时后, 重新向所述 WAG发送携带 有所述手机的 IMSI的查询消息, 并记录发送查询消息的次数。  After the waiting timeout timer expires, the HGW sends a query message carrying the IMSI of the mobile phone to the WAG, and records the number of times the query message is sent.
可选地, 该方法还包括:  Optionally, the method further includes:
所述 HGW在启动时获取所述 WAG的互联网协议(IP ) , 建立到所述 WAG的路由。  The HGW acquires an Internet Protocol (IP) of the WAG at startup, and establishes a route to the WAG.
本发明实施例还提供了一种家庭网关接入管理方法, 包括: The embodiment of the invention further provides a home gateway access management method, including:
无线接入网关 (WAG )接收家庭网关 (HGW )发送的携带有新建立无 线保真 (WiFi )链路的手机的国际移动用户识别码(IMSI ) 的查询消息, 向 所述 WAG查询对所述手机的鉴权结果; The wireless access gateway (WAG) receives the home gateway (HGW) and sends the newly established Querying an International Mobile Subscriber Identity (IMSI) query message of a mobile phone of a line-fidelity (WiFi) link, and querying the WAG for an authentication result of the mobile phone;
所述 WAG从所述查询消息中解析出所述手机的 IMSI, 根据该 IMSI查 询所述手机的鉴权结果; 以及  The WAG parses the IMSI of the mobile phone from the query message, and queries an authentication result of the mobile phone according to the IMSI;
所述 WAG向所述 HGW发送响应消息, 在所述响应消息中携带有所述 手机的鉴权结果。  The WAG sends a response message to the HGW, where the response message carries the authentication result of the mobile phone.
可选地, 所述 WAG从所述查询消息中解析出所述手机的 IMSI , 根据该 IMSI查询所述手机的鉴权结果的步骤之后, 还包括:  Optionally, after the step of parsing the IMSI of the mobile phone from the query message, the method for querying the authentication result of the mobile phone according to the IMSI, the method further includes:
在所述手机仍处在鉴权过程中时, 所述 WAG向所述 HGW回复指示所 述手机正在鉴权的响应消息。  While the mobile phone is still in the authentication process, the WAG replies to the HGW with a response message indicating that the mobile phone is authenticating.
可选地, 该方法还包括:  Optionally, the method further includes:
所述 WAG接收所述手机的注册请求, 对所述手机进行鉴权认证; 以及 所述 WAG将所述手机的鉴权结果和该手机的 IMSI——对应保存。 可选地, 所述 WAG接收所述手机的注册请求, 对所述手机进行鉴权认 证, 包括:  The WAG receives a registration request of the mobile phone, and performs authentication authentication on the mobile phone; and the WAG saves the authentication result of the mobile phone and the IMSI of the mobile phone. Optionally, the WAG receives the registration request of the mobile phone, and performs authentication authentication on the mobile phone, including:
所述 WAG从所述手机的注册请求中解析出鉴权随机数和鉴权数据, 将 所述鉴权随机数、 鉴权数据和鉴权算法发送给接入网络的网络安全系统服务 器(AN - AAA ) ;  The WAG parses the authentication random number and the authentication data from the registration request of the mobile phone, and sends the authentication random number, the authentication data, and the authentication algorithm to the network security system server of the access network (AN - AAA ) ;
所述 AN - AAA使用所述鉴权随机数在本地按照所述鉴权算法计算鉴权 数据;  The AN-AAA calculates the authentication data locally according to the authentication algorithm using the authentication random number;
在所述 AN - AAA计算结果与所述 WAG发送的鉴权数据一致时, 判定 鉴权成功, 在所述 AN - AAA计算结果与所述 WAG发送的鉴权数据不一致 时, 判定鉴权失败; 以及  When the calculation result of the AN-AAA is consistent with the authentication data sent by the WAG, determining that the authentication succeeds, and determining that the authentication fails when the AN-AAA calculation result is inconsistent with the authentication data sent by the WAG; as well as
所述 AN - AAA向所述 WAG返回鉴权结果。  The AN-AAA returns an authentication result to the WAG.
本发明实施例还提供了一种家庭网关接入管理系统, 包括: 家庭网关 ( HGW )和无线接入网关 (WAG ) ; 所述 HGW, 其设置成向 WAG发送携带有新建立无线保真(WiFi )链路 的手机的国际移动用户识别码( IMSI ) 的查询消息, 向所述 WAG查询对所 述手机的鉴权结果, 接收所述 WAG返回携带有对所述手机的鉴权结果的响 应消息, 并根据该鉴权结果对所述手机的 WiFi链路数据传输进行控制; 以及 所述 WAG, 其设置成接收 HGW发送的携带有新建立 WiFi链路的手机 的 IMSI的查询消息, 向所述 HGW发送响应消息, 在所述响应消息中携带有 所述手机的鉴权结果。 The embodiment of the invention further provides a home gateway access management system, including: a home gateway (HGW) and a wireless access gateway (WAG); The HGW is configured to send, to the WAG, an inquiry message of an International Mobile Subscriber Identity (IMSSI) carrying a mobile phone with a newly established Wireless Fidelity (WiFi) link, and query the WAG for an authentication result of the mobile phone. Receiving, by the WAG, a response message carrying the authentication result of the mobile phone, and controlling, according to the authentication result, the WiFi link data transmission of the mobile phone; and the WAG, configured to receive the HGW to send The query message of the IMSI carrying the mobile phone with the newly established WiFi link sends a response message to the HGW, where the response message carries the authentication result of the mobile phone.
可选地,所述 HGW,还设置成在启动时获取所述 WAG的互联网协议( IP ) 地址, 建立到所述 WAG的路由。  Optionally, the HGW is further configured to acquire an Internet Protocol (IP) address of the WAG at startup, and establish a route to the WAG.
可选地, 所述 WAG, 还设置成接收所述手机的注册请求, 对所述手机进 行鉴权认证, 将所述手机的鉴权结果和该手机的 IMSI——对应保存。  Optionally, the WAG is further configured to receive a registration request of the mobile phone, perform authentication authentication on the mobile phone, and save the authentication result of the mobile phone and the IMSI of the mobile phone.
本发明实施例实现了限制异网手机对家庭网关的使用, 解决了相关的家 庭网关接入终端管理方式无法对终端进行筛选, 不能满足应用需求的问题。 附图概述  The embodiment of the invention implements the restriction on the use of the home gateway by the different network mobile phone, and solves the problem that the related home gateway access terminal management mode cannot filter the terminal and cannot meet the application requirement. BRIEF abstract
图 1为本发明的实施例一提供的一种家庭网关接入管理系统的结构示意 图;  1 is a schematic structural diagram of a home gateway access management system according to Embodiment 1 of the present invention;
图 2为本发明的实施例二提供的一种家庭网关接入管理方法手机侧流程 图;  2 is a flow chart of a mobile phone side of a home gateway access management method according to Embodiment 2 of the present invention;
图 3为本发明的实施例二提供的一种家庭网关接入管理方法 HGW侧流 程图;  3 is a flow chart of an HGW side of a home gateway access management method according to Embodiment 2 of the present invention;
图 4为本发明的实施例二提供的一种家庭网关接入管理方法 WAG侧流 程图;  4 is a flow chart of a WAG side of a home gateway access management method according to Embodiment 2 of the present invention;
图 5为本发明的实施例三提供的一种家庭网关接入管理方法的流程图; 图 6为本发明的实施例四提供的一种家庭网关接入管理方法的流程图; 图 7为不对他网用户限制的 HGW内部处理逻辑图;  FIG. 5 is a flowchart of a home gateway access management method according to Embodiment 3 of the present invention; FIG. 6 is a flowchart of a home gateway access management method according to Embodiment 4 of the present invention; HGW internal processing logic diagram restricted by other network users;
图 8为对他网用户限制接入的 HGW内部处理逻辑图。 本发明的较佳实施方式 FIG. 8 is a logic diagram of internal processing of the HGW for restricting access to other network users. Preferred embodiment of the invention
相关的家庭网关接入终端管理方式无法对终端进行筛选, 不能满足应用 需求。  The related home gateway access terminal management mode cannot filter the terminal and cannot meet the application requirements.
本发明的实施例提供了一种家庭网关接入管理方法和系统。 下文中将结 合附图对本发明的实施例进行详细说明。 需要说明的是, 在不冲突的情况下, 本申请中的实施例及实施例中的特征可以相互任意组合。  Embodiments of the present invention provide a home gateway access management method and system. Embodiments of the present invention will be described in detail below with reference to the accompanying drawings. It should be noted that, in the case of no conflict, the features in the embodiments and the embodiments in the present application may be arbitrarily combined with each other.
首先结合附图, 对本发明的实施例一进行说明。 First, the first embodiment of the present invention will be described with reference to the accompanying drawings.
本发明实施例提供了一种家庭网关接入管理系统, 该系统结构如图 1所 示, 包括:  The embodiment of the invention provides a home gateway access management system. The system structure is as shown in FIG. 1 and includes:
HGW 101和 WAG 102;  HGW 101 and WAG 102;
所述 HGW 101 ,其设置成向 WAG 102发送携带有新建立 WiFi链路的手 机的 IMSI的查询消息, 向所述 WAG查询对所述手机的鉴权结果, 接收所述 WAG 102返回携带有对所述手机的鉴权结果的响应消息, 并根据该鉴权结果 对所述手机的 WiFi链路数据传输进行控制;  The HGW 101 is configured to send an inquiry message of the IMSI of the mobile phone carrying the newly established WiFi link to the WAG 102, query the WAG for the authentication result of the mobile phone, and receive the WAG 102 to return the carried message. a response message of the authentication result of the mobile phone, and controlling, according to the authentication result, the WiFi link data transmission of the mobile phone;
所述 WAG 102,其设置成接收 HGW 101发送的携带有新建立 WiFi链路 的手机的 IMSI的查询消息, 向所述 HGW 101发送响应消息, 在所述响应消 息中携带有所述手机的鉴权结果。 可选地, 所述 HGW 101 , 还设置成在启动时获取所述 WAG 102的 IP地 址, 建立到所述 WAG 102的路由。  The WAG 102 is configured to receive an inquiry message of the IMSI of the mobile phone carrying the newly established WiFi link sent by the HGW 101, and send a response message to the HGW 101, where the response message carries the information of the mobile phone. The result of the right. Optionally, the HGW 101 is further configured to acquire an IP address of the WAG 102 at startup, and establish a route to the WAG 102.
可选地, 所述 WAG 102, 还设置成接收所述手机的注册请求, 对所述手 机进行鉴权认证, 将所述手机的鉴权结果和该手机的 IMSI——对应保存。  Optionally, the WAG 102 is further configured to receive a registration request of the mobile phone, perform authentication authentication on the mobile phone, and save the authentication result of the mobile phone and the IMSI of the mobile phone.
HGW 101主要给手机提供 Wi-Fi无线链路,保证手机能够通过 WiFi接入 到网络侧进行数据业务。  HGW 101 mainly provides Wi-Fi wireless links to mobile phones, ensuring that mobile phones can access data services through the WiFi to the network side.
WAG 102主要用来处理来自手机认证信令, 并对认证会话的管理, 并且 支持 HGW对手机认证结果的查询。 可选地, 该系统还包括接入网络的网络安全系统 (AN-AAA: Access Network AAA, AAA: Authentication、 Authorization、 Accounting )服务器 103 , 主要给 WAG提供鉴权数据, 认证数据, 并对接入用户进行计费。 The WAG 102 is mainly used to process the authentication signaling from the mobile phone and manage the authentication session, and supports the HGW to query the mobile phone authentication result. Optionally, the system further includes a network security system (AN-AAA: Access Network AAA, AAA: Authentication, Authorization, Accounting) server 103, which provides authentication data, authentication data, and access to the WAG. The user performs billing.
可选地, 该系统还包括归属位置寄存器 104 ( HLR: Home Location Register ) , 主要负责用户鉴权数据的分配与下发, 为固网中新增网元。  Optionally, the system further includes a Home Location Register (HLR), which is mainly responsible for allocating and transmitting user authentication data, and adding a network element to the fixed network.
可选地, 该系统还包括宽带远程接入服务器 105 ( BRAS: Broadband Remote Access Server ) , 是面向宽带网络应用的新型接入网关, 它位于骨干 网的边缘层, 负责家庭网关的宽带数据的接入。  Optionally, the system further includes a Broadband Remote Access Server (BRAS), which is a new access gateway for broadband network applications. It is located at the edge layer of the backbone network and is responsible for broadband data connection of the home gateway. In.
下面结合附图, 对本发明的实施例二进行说明。 Embodiment 2 of the present invention will be described below with reference to the accompanying drawings.
结合图 1所示的家庭网关接入管理系统, 本发明的实施例提供了一种家 庭网关接入管理方法, 手机侧使用该方法对接入家庭网关的终端进行管理的 流程如图 2所示, 包括:  In conjunction with the home gateway access management system shown in FIG. 1 , an embodiment of the present invention provides a home gateway access management method, and the process for the mobile phone side to manage the terminal accessing the home gateway using the method is as shown in FIG. 2 . , including:
步骤 201、 手机在 DHCP请求选项 60 ( DHCP Request option60 ) 消息中 携带用户的 IMSI信息给 HGW;  Step 201: The mobile phone carries the IMSI information of the user to the HGW in the DHCP Request Option 60 message.
本步骤中, 手机打开 WiFi开关后, 扫描到的热点, 自动发起连接, 在通 过 DHCP流程从 HWG自动获取 IP地址时, 在 DHCP Request option60消息 中携带用户的 IMSI信息给 HGW。  In this step, after the mobile phone turns on the WiFi switch, the scanned hotspot automatically initiates a connection. When the IP address is automatically obtained from the HWG through the DHCP process, the user's IMSI information is carried in the DHCP Request option 60 message to the HGW.
步骤 202、 手机在连接成功后自动向 WAG服务器发起 UW鉴权; 如果鉴权成功, 就保持 WiFi连接; 如果鉴权失败, 就断开 WiFi连接。  Step 202: After the connection is successful, the mobile phone automatically initiates UW authentication to the WAG server; if the authentication is successful, the WiFi connection is maintained; if the authentication fails, the WiFi connection is disconnected.
在 HGW侧的流程如图 3所示, 包括: The process on the HGW side is shown in Figure 3, including:
步骤 301、 HGW建立到 WAG服务器的路由;  Step 301: The HGW establishes a route to the WAG server.
本步骤中, HGW—启动, 就立即使用 chinanetcw.chinatelecom.cn做域名 系统 ( DNS )操作来获取 WAG服务器的地址 IP地址; 获取到 WAG服务器 的 IP地址后, HWG在本地建立一条到 WAG服务器的路由, 该路由能用来 使 HGW向 WAG发送查询手机是否通过鉴权的请求消息。 步骤 302、 HGW收到 DHCP Request Option 60消息后, 从该消息中提取 用户的 IMSI信息,并且和当前分配给该用户的 WiFi链路关联起来,即把 IMSI 作为 WiFi链路管理控制块的一个字段保存起来。 In this step, HGW-Start, immediately use chinanetcw.chinatelecom.cn to do the domain name system (DNS) operation to obtain the address IP address of the WAG server; After obtaining the IP address of the WAG server, the HWG establishes a local to the WAG server. Route, the route can be used to enable the HGW to send a request message to the WAG to query whether the mobile phone passes the authentication. Step 302: After receiving the DHCP Request Option 60 message, the HGW extracts the IMSI information of the user from the message, and associates with the WiFi link currently allocated to the user, that is, the IMSI is used as a field of the WiFi link management control block. Save it up.
步骤 303、 当 HGW检测到某一条的 WiFi链路建立了连接, 就携带该手 机的 IMSI周期性地向 WAG网关发起查询手机鉴权结果的消息, 同时对该条 查询消息设置等待超时定时器, 在等待超时定时器所允许的超时范围内等待 WAG对该消息给出响应请求。  Step 303: When the HGW detects that a certain WiFi link is connected, the IMSI carrying the mobile phone periodically initiates a message for querying the mobile phone authentication result to the WAG gateway, and sets a waiting timeout timer for the query message. Waiting for the WAG to respond to the message within the timeout allowed by the wait timeout timer.
才艮据收到的 WAG的响应消息携带内容的不同, 处理方式如下:  According to the received WAG response message, the content is handled as follows:
1、 如果收到的 WAG的响应消息指示该手机的鉴权还在进行过程中, 则 HGW继续等待定时器超时。 等待定时器超时后, 重新发起查询消息, 并且对 查询次数做计数处理。  1. If the received WAG response message indicates that the authentication of the mobile phone is still in progress, the HGW continues to wait for the timer to expire. After the waiting timer expires, the query message is re-initiated and the number of queries is counted.
2、 如果收到 WAG的查询响应消息指示该手机鉴权通过, 就有 HWG对 这条 WiFi链路放开数据流, 允许该条 WiFi链路获取网络侧的数据; 取消查 询消息等待定时器。  2. If the WAG query response message indicates that the mobile phone authentication is passed, the HWG releases the data stream to the WiFi link, allowing the WiFi link to acquire data on the network side; and cancels the query message waiting timer.
3、 如果收到 WAG的查询响应消息指示鉴权失败, 则禁止对该条 WiFi 链路从网络侧获取数据。 取消查询消息的等待定时器。  3. If the query response message of the WAG is received, indicating that the authentication fails, it is prohibited to acquire data from the network side for the WiFi link. Cancel the wait timer for the query message.
4、 HGW向 WAG发起周期性的询问鉴权结果的最大次数最好不超过 5 次, 每次等待结果的时常不超过 3秒。 HGW已收到 WAG反馈回来的改用户 的鉴权结果, 就立刻停止向 WAG发送询问消息, 并且取消等待定时器。  4. The maximum number of times that the HGW initiates periodic challenge authentication results to the WAG is preferably no more than five times, and each time the result is no more than three seconds. The HGW has received the authentication result of the changed user back from the WAG, and immediately stops sending the inquiry message to the WAG and cancels the waiting timer.
WAG侧的流程如图 4所示, 包括: The process on the WAG side is shown in Figure 4, including:
步骤 401、 WAG收到来自手机的注册请求后,按照普通的 UW鉴权进行 鉴权认证 (该流程可以参见 《111-2012 中国电信移动终端需求规范 -CDMA+WiFi分册(V201 2-9.pdf)〉 的 "6.1.2 注册成功流程" ) 。  Step 401: After receiving the registration request from the mobile phone, the WAG performs authentication and authentication according to the normal UW authentication (this process can be referred to the “111-2012 China Telecom Mobile Terminal Demand Specification-CDMA+WiFi Volume (V201 2-9.pdf). "6.1.2 Registration Success Process").
步骤 402、 WAG收到来自 HGW的询问请求后, 从请求消息中解析出用 户的 IMSI, 并且用 IMSI查询当前用户的鉴权结果。  Step 402: After receiving the inquiry request from the HGW, the WAG parses the user's IMSI from the request message, and uses the IMSI to query the current user's authentication result.
根据查询的鉴权结果的不同, 处理方式如下:  According to the different authentication results of the query, the processing method is as follows:
1、如果查询到该用户还处在鉴权进行过程中,则给通过响应消息给 HGW 回应消息, 指示鉴权进行中。 1. If the user is still in the process of authentication, the response message is sent to the HGW. In response to the message, the authentication is in progress.
2、 如果查询到该用户鉴权成功, 给 HGW回应响应消息, 指示鉴权成功 还是失败。  2. If the user is successfully authenticated, the HGW responds with a response message indicating whether the authentication succeeds or fails.
3、如果查询到该手机鉴权失败,给 HGW回应响应消息,指示鉴权失败。  3. If the authentication of the mobile phone fails, the HGW responds with a response message indicating that the authentication fails.
下面结合附图, 对本发明的实施例三进行说明。 Embodiment 3 of the present invention will be described below with reference to the accompanying drawings.
结合图 1所示的家庭网关接入管理系统, 本发明的实施例提供了一种家 庭网关接入管理方法, 手机侧使用该方法对接入家庭网关的终端进行管理的 流程如图 5所示, 包括:  In conjunction with the home gateway access management system shown in FIG. 1 , an embodiment of the present invention provides a home gateway access management method, and the process for the mobile phone side to manage the terminal accessing the home gateway using the method is as shown in FIG. 5 . , including:
步骤 501、 手机选择热点, 发起连接;  Step 501: The mobile phone selects a hotspot and initiates a connection;
本步骤中, 当在手机上打开 WiFi开关, 从搜寻到的一个或多个热点中选 择一个发起自动连接, 在连接的 DHCP Request 消息 option 60字段携带手机 的 IMSI信息。 手机在自动连接之后自动通过 WiFi链路向 WAG网关发起会 话启动协议(SIP )信令的注册(Register )请求。 该请求中有卡支持的鉴权 算法类型 ( CAVE算法或者 MD5算法 ) 。  In this step, when the WiFi switch is turned on on the mobile phone, one of the searched one or more hotspots is selected to initiate an automatic connection, and the IMSI information of the mobile phone is carried in the option 60 field of the connected DHCP Request message. The mobile phone automatically initiates a registration request for a Session Initiation Protocol (SIP) signaling to the WAG gateway over the WiFi link after the automatic connection. The request has a type of authentication algorithm supported by the card (CAVE algorithm or MD5 algorithm).
步骤 502、 HGW在检测到和手机的 WiFi建立连接后, 立即向 WAG发 送消息查询手机的认证结果, 并设置定时器进行保护查询响应。  Step 502: After detecting the connection with the WiFi of the mobile phone, the HGW sends a message to the WAG to query the authentication result of the mobile phone, and sets a timer to perform a protection query response.
步骤 503、 WAG网关收到 Register请求后选择一种算法(较佳的算法为 MD5 ) , 会给手机回一个 401消息, 401 (未授权的, Unauthorized ) 消息中 按照选的算法携带对应鉴权算法的鉴权随机数;  Step 503: After receiving the Register request, the WAG gateway selects an algorithm (the preferred algorithm is MD5), and returns a 401 message to the mobile phone. The 401 (Unauthorized, Unauthorized) message carries the corresponding authentication algorithm according to the selected algorithm. Authentication random number;
步骤 504、手机收到这个 401消息后,从 SIP消息中解析出其中的鉴权随 机数并由卡来按照约定的 CAVE或 MD5算法进行计算。 得到结果后, 重新 向 WAG发起 Register请求消息,该消息中同时携带鉴权随机数和卡计算的鉴 权数据。  Step 504: After receiving the 401 message, the mobile phone parses out the number of authentication random numbers from the SIP message and calculates by the card according to the agreed CAVE or MD5 algorithm. After the result is obtained, a Register Request message is sent to the WAG, and the message carries the authentication random number and the authentication data calculated by the card.
步骤 505、 WAG在收到手机重新发起的 Register请求消息后, 解析出其 中的鉴权随机数和鉴权数据, 并和鉴权算法送给 AN-AAA进行鉴权。  Step 505: After receiving the Register Request message re-initiated by the mobile phone, the WAG parses the authentication random number and the authentication data, and sends the authentication algorithm to the AN-AAA for authentication.
步骤 506、 AN-AAA收到 WAG送来的鉴权数据后, 用鉴权随机数在本 地按照鉴权算法计算鉴权数据。如果 AN-AAA本地计算的鉴权数据和手机计 算的鉴权数据一致, 那么就给 WAG会响应消息, 指示鉴权成功。 步骤 507、 WAG收到 AN-AAA指示鉴权成功的消息后, 这时给手机发 送 200 (用于注册, for Register ) 消息; Step 506: After receiving the authentication data sent by the WAG, the AN-AAA calculates the authentication data according to the authentication algorithm locally by using the authentication random number. If AN-AAA calculates the authentication data and mobile phone meter locally If the calculated authentication data is consistent, then the WAG will respond to the message indicating that the authentication is successful. Step 507: After receiving the message that the AN-AAA indicates that the authentication succeeds, the WAG sends a message 200 (for registration, for Register) to the mobile phone.
步骤 508、手机收到 Register的 200响应消息后,给用户提示 UW鉴权成 功。 否则给用户提示鉴权失败;  Step 508: After receiving the 200 response message of the register, the mobile phone prompts the user to verify that the UW authentication is successful. Otherwise, the user is prompted to fail authentication;
步骤 509、如果 HGW查询到该手机鉴权成功,就给和该手机建立的 WiFi 链路放开数据流; 否则不对该 WiFi链路放开数据流。  Step 509: If the HGW queries that the mobile phone is successfully authenticated, the data link is released to the WiFi link established with the mobile phone; otherwise, the data flow is not released to the WiFi link.
下面结合附图, 对本发明的实施例四进行说明。 Embodiment 4 of the present invention will be described below with reference to the accompanying drawings.
本发明实施例提供了一种家庭网关接入管理方法, 使用该方法对家庭网 关下接入的手机管理的流程如图 6所示, 包括:  An embodiment of the present invention provides a home gateway access management method, and the process of managing the mobile phone accessed by the home gateway using the method is as shown in FIG. 6, and includes:
步骤 601、 HGW在启动时获取 WAG的 IP地址, 建立到所述 WAG的路 由。  Step 601: The HGW acquires an IP address of the WAG at startup, and establishes a route to the WAG.
步骤 602、 HGW接收所述手机发送的携带有该手机 IMSI 的 DHCP Request option 60消息。  Step 602: The HGW receives a DHCP Request option 60 message sent by the mobile phone and carrying the mobile phone IMSI.
步骤 603、 HGW向 WAG发送携带有新建立 WiFi链路的手机的 IMSI的 查询消息, 向所述 WAG查询对所述手机的鉴权结果;  Step 603: The HGW sends an IMSI query message carrying the mobile phone with the newly established WiFi link to the WAG, and queries the WAG for the authentication result of the mobile phone.
本步骤中, 可选地, 所述 HGW在向 WAG发送所述查询消息的同时, 对该查询消息设置等待超时定时器。  In this step, optionally, the HGW sends a wait timeout timer to the query message while sending the query message to the WAG.
步骤 604、 WAG接收 HGW发送的携带有新建立 WiFi链路的手机的 IMSI 的查询消息;  Step 604: The WAG receives an inquiry message of the IMSI of the mobile phone that carries the newly established WiFi link sent by the HGW.
首先对 WAG对手机进行鉴权认证的过程进行说明, 方式如下:  First, the process of authenticating the mobile phone by WAG is described as follows:
1、 WAG接收所述手机的注册请求, 对所述手机进行鉴权认证;  1. The WAG receives the registration request of the mobile phone, and performs authentication and authentication on the mobile phone;
2、 所述 WAG从所述手机的注册请求中解析出鉴权随机数和鉴权数据, 将所述鉴权随机数、 鉴权数据和鉴权算法发送给接入网络的网络安全系统服 务器(AN - AAA ) ;  2. The WAG parses the authentication random number and the authentication data from the registration request of the mobile phone, and sends the authentication random number, the authentication data, and the authentication algorithm to the network security system server of the access network ( AN - AAA ) ;
3、所述 AN - AAA使用所述鉴权随机数在本地按照所述鉴权算法计算鉴 权数据; 3. The AN-AAA uses the authentication random number to locally calculate the authentication according to the authentication algorithm. Right data
4、 在所述 AN - AAA计算结果与所述 WAG发送的鉴权数据一致时, 判 定鉴权成功, 在所述 AN - AAA计算结果与所述 WAG发送的鉴权数据不一 致时, 判定鉴权失败;  4. When the calculation result of the AN-AAA is consistent with the authentication data sent by the WAG, determining that the authentication is successful, and determining the authentication when the result of the AN-AAA calculation is inconsistent with the authentication data sent by the WAG Failure
5、 所述 AN - AAA向所述 WAG返回鉴权结果。  5. The AN-AAA returns an authentication result to the WAG.
在对手机完成鉴权认证后, 所述 WAG将所述手机的鉴权结果和该手机 的 IMSI——对应保存。  After the authentication of the mobile phone is completed, the WAG saves the authentication result of the mobile phone and the IMSI of the mobile phone.
步骤 605、 所述 WAG从所述查询消息中解析出所述手机的 IMSI, 根据 该 IMSI查询所述手机的鉴权结果;  Step 605: The WAG parses an IMSI of the mobile phone from the query message, and queries an authentication result of the mobile phone according to the IMSI.
步骤 606、 所述 WAG向所述 HGW发送响应消息, 在所述响应消息中携 带有所述手机的鉴权结果;  Step 606: The WAG sends a response message to the HGW, where the response message carries an authentication result of the mobile phone.
可选地, 在所述手机仍处在鉴权过程中时, 所述 WAG向所述 HGW回 复指示所述手机正在鉴权的响应消息。  Optionally, when the mobile phone is still in the authentication process, the WAG returns a response message indicating that the mobile phone is authenticating to the HGW.
步骤 607、所述 HGW接收所述 WAG返回携带有对所述手机的鉴权结果 的响应消息, 并根据该鉴权结果对所述手机的 WiFi链路数据传输进行控制。  Step 607: The HGW receives the response message that the WAG carries the authentication result of the mobile phone, and controls the WiFi link data transmission of the mobile phone according to the authentication result.
可选地, 所述 HGW在接收到指示所述手机鉴权通过或失败的响应消息 后, 取消所述等待超时定时器。  Optionally, the HGW cancels the waiting timeout timer after receiving a response message indicating that the mobile phone authentication passes or fails.
不对他网用户限制的 HGW内部处理逻辑图如图 7所示。 使用本发明实 施例提供的家庭网关接入管理方法后, 对他网用户限制接入的内部处理逻辑 图如图 8所示。 可见, 使用本发明的实施例所提供的技术方案能够对家庭网 关接入用户进行管理, 有效的限制他网用户接入。  The HGW internal processing logic diagram that is not restricted to other network users is shown in Figure 7. After using the home gateway access management method provided by the embodiment of the present invention, the internal processing logic for restricting access to other network users is as shown in FIG. 8. It can be seen that the technical solution provided by the embodiment of the present invention can manage the home gateway access user, and effectively restrict the access of the other network user.
本发明的实施例提供了一种家庭网关接入管理方法和系统, HGW 向 WAG发送携带有新建立 WiFi链路的手机的 IMSI的查询消息, 向所述 WAG 查询对所述手机的鉴权结果, 所述 HGW接收所述 WAG返回携带有对所述 手机的鉴权结果的响应消息,并根据该鉴权结果对所述手机的 WiFi链路数据 传输进行控制, 实现了限制异网手机对家庭网关的使用, 解决了相关的家庭 网关接入终端管理方式无法对终端进行筛选, 不能满足应用需求的问题。 能 够通过限制异网手机使用家庭网关, 来有效保护运营商网络投资、 降低网络 的数据服务器负荷。 An embodiment of the present invention provides a home gateway access management method and system. The HGW sends an IMSI query message carrying a mobile phone with a newly established WiFi link to the WAG, and queries the WAG for the authentication result of the mobile phone. The HGW receives the response message of the WAG carrying the authentication result of the mobile phone, and controls the WiFi link data transmission of the mobile phone according to the authentication result, thereby realizing the restriction of the different network mobile phone to the family. The use of the gateway solves the problem that the related home gateway access terminal management mode cannot filter the terminal and cannot meet the application requirements. can By restricting the use of home gateways by different mobile phones, it can effectively protect the operator's network investment and reduce the data server load of the network.
本领域普通技术人员可以理解上述实施例的全部或部分步骤可以使用计 算机程序流程来实现,所述计算机程序可以存储于一计算机可读存储介质中, 所述计算机程序在相应的硬件平台上(如系统、 设备、 装置、 器件等)执行, 在执行时, 包括方法实施例的步骤之一或其组合。  It will be understood by those skilled in the art that all or part of the steps of the above embodiments may be implemented using a computer program flow, which may be stored in a computer readable storage medium, such as on a corresponding hardware platform (eg, The system, device, device, device, etc. are executed, and when executed, include one or a combination of the steps of the method embodiments.
可选地, 上述实施例的全部或部分步骤也可以使用集成电路来实现, 这 些步骤可以被分别制作成一个个集成电路模块, 或者将它们中的多个模块或 步骤制作成单个集成电路模块来实现。 这样, 本发明不限制于任何特定的硬 件和软件结合。  Optionally, all or part of the steps of the foregoing embodiments may also be implemented by using an integrated circuit. These steps may be separately fabricated into individual integrated circuit modules, or multiple modules or steps may be fabricated into a single integrated circuit module. achieve. Thus, the invention is not limited to any particular combination of hardware and software.
上述实施例中的各装置 /功能模块 /功能单元可以釆用通用的计算装置来 实现, 它们可以集中在单个的计算装置上, 也可以分布在多个计算装置所组 成的网络上。  The various devices/function modules/functional units in the above embodiments may be implemented using a general-purpose computing device, which may be centralized on a single computing device or distributed over a network of multiple computing devices.
上述实施例中的各装置 /功能模块 /功能单元以软件功能模块的形式实现 并作为独立的产品销售或使用时,可以存储在一个计算机可读取存储介质中。 上述提到的计算机可读取存储介质可以是只读存储器, 磁盘或光盘等。  Each device/function module/functional unit in the above embodiments can be stored in a computer readable storage medium when implemented in the form of a software function module and sold or used as a standalone product. The above mentioned computer readable storage medium may be a read only memory, a magnetic disk or an optical disk or the like.
任何熟悉本技术领域的技术人员在本发明揭露的技术范围内, 可轻易想 到变化或替换, 都应涵盖在本发明的保护范围之内。 因此, 本发明的保护范 围应以权利要求所述的保护范围为准。  It is to be understood by those skilled in the art that variations or substitutions are within the scope of the present invention. Therefore, the scope of protection of the present invention should be determined by the scope of the claims.
工业实用性 本发明实施例实现了限制异网手机对家庭网关的使用, 解决了相关的家 庭网关接入终端管理方式无法对终端进行筛选, 不能满足应用需求的问题。 Industrial Applicability The embodiments of the present invention implement the limitation of the use of the home gateway by the different network mobile phone, and solve the problem that the related home gateway access terminal management mode cannot filter the terminal and cannot meet the application requirements.

Claims

权 利 要 求 书 claims
1、 一种家庭网关接入管理方法, 包括: 1. A home gateway access management method, including:
家庭网关 (HGW ) 向无线接入网关 (WAG )发送携带有新建立无线保 真 ( WiFi )链路的手机的国际移动用户识别码( IMSI ) 的查询消息, 向所述 WAG查询对所述手机的鉴权结果; 以及 The home gateway (HGW) sends a query message carrying the International Mobile Subscriber Identity (IMSI) of the mobile phone with the newly established wireless fidelity (WiFi) link to the wireless access gateway (WAG), and queries the WAG for information about the mobile phone. the authentication result; and
所述 HGW接收所述 WAG返回携带有对所述手机的鉴权结果的响应消 息, 并根据所述鉴权结果对所述手机的 WiFi链路数据传输进行控制。 The HGW receives the response message returned by the WAG carrying the authentication result for the mobile phone, and controls the WiFi link data transmission of the mobile phone according to the authentication result.
2、 根据权利要求 1所述的家庭网关接入管理方法, 还包括: 2. The home gateway access management method according to claim 1, further comprising:
所述 HGW接收所述手机发送的携带有所述手机 IMSI的 DHCP请求选项 60消息。 The HGW receives the DHCP request option 60 message sent by the mobile phone and carrying the IMSI of the mobile phone.
3、 根据权利要求 1所述的家庭网关接入管理方法, 其中, 所述 HGW接 收所述 WAG返回携带有对所述手机的鉴权结果的响应消息, 并根据所述鉴 权结果对所述手机的 WiFi链路数据传输进行控制, 包括: 3. The home gateway access management method according to claim 1, wherein the HGW receives the response message returned by the WAG carrying the authentication result for the mobile phone, and performs the authentication on the mobile phone according to the authentication result. The mobile phone’s WiFi link data transmission is controlled, including:
当所述 HGW接收到的响应消息指示所述手机鉴权通过时, 所述 HWG 对所述 WiFi链路放开数据流, 允许所述 WiFi链路上的手机通过所述 WiFi 链路与网络侧进行数据业务; 以及 When the response message received by the HGW indicates that the mobile phone has passed the authentication, the HWG releases the data flow on the WiFi link and allows the mobile phone on the WiFi link to communicate with the network side through the WiFi link. Conduct data services; and
当所述 HGW接收到的响应消息指示所述手机鉴权失败时,所述 HGW禁 止所述 WiFi链路上的手机通过所述 WiFi链路与网络侧进行数据业务。 When the response message received by the HGW indicates that the mobile phone authentication fails, the HGW prohibits the mobile phone on the WiFi link from performing data services with the network side through the WiFi link.
4、 根据权利要求 3所述的家庭网关接入管理方法, 法还包括: 4. The home gateway access management method according to claim 3, further comprising:
所述 HGW在向 WAG发送所述查询消息的同时, 对所述查询消息设置 等待超时定时器。 While sending the query message to the WAG, the HGW sets a waiting timeout timer for the query message.
5、 根据权利要求 4所述的家庭网关接入管理方法, 其中, 所述 HGW接 收所述 WAG返回携带有对所述手机的鉴权结果的响应消息, 并根据所述鉴 权结果对所述手机的 WiFi链路数据传输进行控制, 还包括: 5. The home gateway access management method according to claim 4, wherein the HGW receives the response message returned by the WAG carrying the authentication result for the mobile phone, and performs the authentication on the mobile phone according to the authentication result. The mobile phone’s WiFi link data transmission is controlled, including:
所述 HGW在接收到指示所述手机鉴权通过或失败的响应消息后, 取消 所述等待超时定时器。 After receiving a response message indicating that the mobile phone authentication passes or fails, the HGW cancels the waiting timeout timer.
6、 根据权利要求 4所述的家庭网关接入管理方法, 其中, 所述 HGW接 收所述 WAG返回携带有对所述手机的鉴权结果的响应消息, 并根据所述鉴 权结果对所述手机的 WiFi链路数据传输进行控制, 还包括: 6. The home gateway access management method according to claim 4, wherein the HGW receives the response message returned by the WAG carrying the authentication result for the mobile phone, and performs the authentication on the mobile phone according to the authentication result. The mobile phone’s WiFi link data transmission is controlled, including:
当所述 HGW接收到的响应消息指示所述手机仍在鉴权中时,所述 HGW 继续等待所述等待超时定时器超时; 以及 When the response message received by the HGW indicates that the mobile phone is still being authenticated, the HGW continues to wait for the waiting timeout timer to expire; and
所述 HGW在所述等待超时定时器超时后, 重新向所述 WAG发送携带 有所述手机的 IMSI的查询消息, 并记录发送查询消息的次数。 After the waiting timeout timer expires, the HGW resends a query message carrying the IMSI of the mobile phone to the WAG, and records the number of times the query message is sent.
7、 根据权利要求 1所述的家庭网关接入管理方法, 还包括: 7. The home gateway access management method according to claim 1, further comprising:
所述 HGW在启动时获取所述 WAG的互联网协议( IP )地址, 建立到所 述 WAG的路由。 The HGW obtains the Internet Protocol (IP) address of the WAG when starting and establishes a route to the WAG.
8、 一种家庭网关接入管理方法, 包括: 8. A home gateway access management method, including:
无线接入网关 (WAG )接收家庭网关 (HGW )发送的携带有新建立无 线保真 (WiFi )链路的手机的国际移动用户识别码(IMSI ) 的查询消息, 向 所述 WAG查询对所述手机的鉴权结果; The wireless access gateway (WAG) receives a query message sent by the home gateway (HGW) carrying the International Mobile Subscriber Identity (IMSI) of the mobile phone with the newly established wireless fidelity (WiFi) link, and queries the WAG for the The authentication result of the mobile phone;
所述 WAG从所述查询消息中解析出所述手机的 IMSI , 根据所述 IMSI 查询所述手机的鉴权结果; 以及 The WAG parses the IMSI of the mobile phone from the query message, and queries the authentication result of the mobile phone based on the IMSI; and
所述 WAG向所述 HGW发送响应消息, 在所述响应消息中携带有所述 手机的鉴权结果。 The WAG sends a response message to the HGW, and the response message carries the authentication result of the mobile phone.
9、 根据权利要求 8所述的家庭网关接入管理方法, 其中, 所述 WAG从 所述查询消息中解析出所述手机的 IMSI, 根据所述 IMSI查询所述手机的鉴 权结果的步骤之后, 还包括: 9. The home gateway access management method according to claim 8, wherein the WAG parses the IMSI of the mobile phone from the query message, and after the step of querying the authentication result of the mobile phone according to the IMSI , Also includes:
在所述手机仍处在鉴权过程中时, 所述 WAG向所述 HGW回复指示所 述手机正在鉴权的响应消息。 When the mobile phone is still in the authentication process, the WAG replies to the HGW with a response message indicating that the mobile phone is being authenticated.
10、 根据权利要求 8所述的家庭网关接入管理方法, 还包括: 10. The home gateway access management method according to claim 8, further comprising:
所述 WAG接收所述手机的注册请求, 对所述手机进行鉴权认证; 以及 所述 WAG将所述手机的鉴权结果和所述手机的 IMSI——对应保存。 The WAG receives the registration request of the mobile phone and authenticates the mobile phone; and the WAG stores the authentication result of the mobile phone and the IMSI of the mobile phone in correspondence.
11、 根据权利要求 10所述的家庭网关接入管理系统, 其中, 所述 WAG 接收所述手机的注册请求, 对所述手机进行鉴权认证, 包括: 11. The home gateway access management system according to claim 10, wherein the WAG receives the registration request of the mobile phone and authenticates the mobile phone, including:
所述 WAG从所述手机的注册请求中解析出鉴权随机数和鉴权数据, 将 所述鉴权随机数、 鉴权数据和鉴权算法发送给接入网络的网络安全系统服务 器(AN - AAA ) ; The WAG parses the authentication random number and authentication data from the registration request of the mobile phone, and sends the authentication random number, authentication data and authentication algorithm to the network security system server (AN- AAA );
所述 AN - AAA使用所述鉴权随机数在本地按照所述鉴权算法计算鉴权 数据; The AN-AAA uses the authentication random number to locally calculate authentication data according to the authentication algorithm;
在所述 AN - AAA计算结果与所述 WAG发送的鉴权数据一致时, 判定 鉴权成功, 在所述 AN - AAA计算结果与所述 WAG发送的鉴权数据不一致 时, 判定鉴权失败; 以及 When the AN-AAA calculation result is consistent with the authentication data sent by the WAG, it is determined that the authentication is successful; when the AN-AAA calculation result is inconsistent with the authentication data sent by the WAG, it is determined that the authentication fails; as well as
所述 AN - AAA向所述 WAG返回鉴权结果。 The AN-AAA returns the authentication result to the WAG.
12、 一种家庭网关接入管理系统, 包括: 家庭网关(HGW )和无线接入 网关 (WAG ) ; 12. A home gateway access management system, including: a home gateway (HGW) and a wireless access gateway (WAG);
所述 HGW, 其设置成向 WAG发送携带有新建立无线保真( WiFi )链路 的手机的国际移动用户识别码( IMSI ) 的查询消息, 向所述 WAG查询对所 述手机的鉴权结果, 接收所述 WAG返回携带有对所述手机的鉴权结果的响 应消息, 并根据所述鉴权结果对所述手机的 WiFi链路数据传输进行控制; 以 及 The HGW is configured to send a query message carrying the International Mobile Subscriber Identity (IMSI) of the mobile phone with a newly established wireless fidelity (WiFi) link to the WAG, and query the WAG for the authentication result of the mobile phone. , receive the response message returned by the WAG carrying the authentication result for the mobile phone, and control the WiFi link data transmission of the mobile phone according to the authentication result; and
所述 WAG, 其设置成接收 HGW发送的携带有新建立 WiFi链路的手机 的 IMSI的查询消息, 向所述 HGW发送响应消息, 在所述响应消息中携带有 所述手机的鉴权结果。 The WAG is configured to receive a query message sent by the HGW carrying the IMSI of the mobile phone with a newly established WiFi link, and send a response message to the HGW, where the response message carries the authentication result of the mobile phone.
13、 根据权利要求 12所述的家庭网关接入管理系统, 其中, 13. The home gateway access management system according to claim 12, wherein,
所述 HGW,还设置成在启动时获取所述 WAG的互联网协议( IP )地址, 建立到所述 WAG的路由。 The HGW is also configured to obtain the Internet Protocol (IP) address of the WAG at startup and establish a route to the WAG.
14、 所述权利要求 12所述的家庭网关接入管理系统, 其中, 14. The home gateway access management system according to claim 12, wherein,
所述 WAG,还设置成接收所述手机的注册请求,对所述手机进行鉴权认 证, 将所述手机的鉴权结果和所述手机的 IMSI——对应保存。 The WAG is also configured to receive the registration request of the mobile phone, authenticate the mobile phone, and store the authentication result of the mobile phone and the IMSI of the mobile phone in correspondence.
PCT/CN2014/075012 2013-12-31 2014-04-09 Home gateway access management method and system WO2015100874A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201310754178.0 2013-12-31
CN201310754178.0A CN104754689B (en) 2013-12-31 2013-12-31 home gateway access management method and system

Publications (1)

Publication Number Publication Date
WO2015100874A1 true WO2015100874A1 (en) 2015-07-09

Family

ID=53493077

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2014/075012 WO2015100874A1 (en) 2013-12-31 2014-04-09 Home gateway access management method and system

Country Status (2)

Country Link
CN (1) CN104754689B (en)
WO (1) WO2015100874A1 (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2019006751A1 (en) * 2017-07-07 2019-01-10 Arris Enterprises Llc A method of providing management and control of hotspots with reduced messaging
US10256991B2 (en) 2017-04-18 2019-04-09 At&T Intellectual Property I, L.P. System for managing network termination

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106341374B (en) * 2015-07-10 2020-09-29 中兴通讯股份有限公司 Method and device for limiting access of unlicensed user equipment to home gateway
CN109218098A (en) * 2018-09-20 2019-01-15 武汉指针科技有限公司 A kind of connection and configuration method of home gateway

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101102291A (en) * 2007-08-11 2008-01-09 中兴通讯股份有限公司 Method for realizing user Internet access based on PPPOE agent function
CN101588368A (en) * 2009-07-14 2009-11-25 中国联合网络通信集团有限公司 Service authentication method and system

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR100498291B1 (en) * 2003-01-17 2005-07-01 엘지전자 주식회사 Apparatus and method for controlling home network using mobile phone

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101102291A (en) * 2007-08-11 2008-01-09 中兴通讯股份有限公司 Method for realizing user Internet access based on PPPOE agent function
CN101588368A (en) * 2009-07-14 2009-11-25 中国联合网络通信集团有限公司 Service authentication method and system

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10256991B2 (en) 2017-04-18 2019-04-09 At&T Intellectual Property I, L.P. System for managing network termination
WO2019006751A1 (en) * 2017-07-07 2019-01-10 Arris Enterprises Llc A method of providing management and control of hotspots with reduced messaging
US10750383B2 (en) 2017-07-07 2020-08-18 Arris Enterprises Llc Method of providing management and control of hotspots with reduced messaging

Also Published As

Publication number Publication date
CN104754689B (en) 2019-12-06
CN104754689A (en) 2015-07-01

Similar Documents

Publication Publication Date Title
US11716621B2 (en) Apparatus and method for providing mobile edge computing services in wireless communication system
US11212678B2 (en) Cross access login controller
JP5992554B2 (en) System and method for authenticating a second client station using first client station credentials
CA2656919C (en) Method and system for controlling access to networks
CN105052184B (en) Method, equipment and controller for controlling user equipment to access service
WO2015101125A1 (en) Network access control method and device
WO2009152749A1 (en) A binding authentication method, system and apparatus
WO2018196587A1 (en) User authentication method and apparatus in converged network
WO2019056971A1 (en) Authentication method and device
US20120102207A1 (en) Registration of ad-hoc group members into an infrastructure network
WO2015100874A1 (en) Home gateway access management method and system
WO2010000157A1 (en) Configuration method, device and system for access device
KR20200130141A (en) Apparatus and method for providing mobile edge computing service in wireless communication system
EP3025534B1 (en) Providing telephony services over wifi for non-cellular devices
TWI592001B (en) System and method for providing telephony services over wifi for non-cellular devices
WO2011029296A1 (en) System and method for providing machine-to-machine equipment with machine communication identity module
JP6155237B2 (en) Network system and terminal registration method
US20190200226A1 (en) Method of authenticating access to a wireless communication network and corresponding apparatus
CN104640111B (en) Network insertion processing method, apparatus and system
US20020042820A1 (en) Method of establishing access from a terminal to a server
WO2011017921A1 (en) System and method for visiting a visited service provider
WO2016090578A1 (en) Authentication processing method, apparatus and terminal
JP5670926B2 (en) Wireless LAN access point terminal access control system and authorization server device
WO2011029297A1 (en) System and method for providing a machine communication identity module to a machine to machine equipment
WO2013123849A1 (en) Resource admission and control method, bng, and pdp

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 14876114

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 14876114

Country of ref document: EP

Kind code of ref document: A1