CN101047612A - Attaching method for mobile management using agent mobile IP - Google Patents
Attaching method for mobile management using agent mobile IP Download PDFInfo
- Publication number
- CN101047612A CN101047612A CNA2006100348405A CN200610034840A CN101047612A CN 101047612 A CN101047612 A CN 101047612A CN A2006100348405 A CNA2006100348405 A CN A2006100348405A CN 200610034840 A CN200610034840 A CN 200610034840A CN 101047612 A CN101047612 A CN 101047612A
- Authority
- CN
- China
- Prior art keywords
- mobile
- mobile device
- network side
- node
- information
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Landscapes
- Mobile Radio Communication Systems (AREA)
Abstract
An attaching method of applying agent mobile IP to carry out management on movement includes sending attachment request to network side first node by mobile device, sending mobile IP logon request message to network side second node after attaching request with mobile safety union information is received by network side first node, obtaining mobile safety union information of mobile device and relevant policy information from attribution user server if there is no effective mobile safety union information in network side second node and sending a receiving message of attaching request to mobile device by network side first node.
Description
Technical field
The present invention relates to the attachment flow in the mobile communication system, relate in particular to the adherence method that adopts proxy-mobile IP to carry out mobile management in the mobile communication system.
Background technology
Defined an a kind of attachment flow of being initiated by mobile device in the prior art, this attachment flow is not considered the situation of using proxy-mobile IP.When using proxy-mobile IP to carry out the user mobility management, defined flow process can slightly be had any different in the attachment flow of mobile device UE and the agreement.The system block diagram of the dependence of existing attachment flow is as shown in Figure 1: the major function of three functional entitys of SAE core net is as follows:
1) MME: chain of command functional entity, be in charge of and store UE context (such as UE/ user ID, mobility management states, user security parameters etc.), produce temporary mark and it is distributed to UE, when UE quarters at this tracing area or this network is to be responsible for this user is carried out authentication.
2) UPE: the user plane functions entity, the user face data route is handled, and termination is in the downlink data of the UE of idle state, when the downlink data that mails to UE arrives, initiates paging.The context of management and storage UE, this context comprise such as the parameter of IP bearer service or network internal routing iinformation etc.
3) Inter-AS anchor: the mobile management anchor point between multiple connecting system, this anchor point are the user plane functions entities of supporting the mobile management between the multiple connecting system of 3GPP inside and 3GPP and non-3GPP definition.
The attachment flow of being initiated by mobile device is as shown in Figure 2:
101 mobile devices find the Radio Access Network of evolution and the system architecture system of the evolution of correspondence, carry out connecting system and network selecting.
102 mobile devices send and adhere to request to mobile management node M ME/ user plane unit UPE.This adheres to request may have old log-on message, as interim ID etc.
Adhere to request and may have default IP access bearer information, as IP address and Access Point Name APN etc.The wireless access system of evolution is selected mobile management node M ME/ user plane unit UPE.
103 if adhere to and have old log-on message in the request, obtains user profile among the mobile management node M ME/ user plane unit UPE that then mobile management node M ME/ user plane unit UPE is registered before the mobile device according to this log-on message.
104 old mobile management node M ME/ user plane unit UPE send to mobile management node M ME/ user plane unit UPE with user profile such as permanent ID etc.
105 mobile management node M ME/ user plane unit UPE authenticate mobile device.
106 mobile management node M ME/ user plane unit UPE register to home subscriber server.
If 107 exist old mobile management node M ME/ user plane unit UPE, home subscriber server notify old mobile management node M ME/ user plane unit UPE deletion mobile device information maybe with this mobile device message identification for not existing.
108 home subscriber servers send registration confirmation message to mobile management node M ME/ user plane unit UPE.The log-on message of this mobile device, authorization message, policy information, charge information etc. send to mobile management node M ME/ user plane unit UPE together.
109 mobile management node M ME/ user plane unit UPE are that mobile device selects to span into system's anchor point.Network side is the mobile device configuration of IP address according to the request of mobile device, mobile subscriber's log-on message and the strategy of visited network and home network.
110 mobile management node M ME/ user plane unit UPE and span between system's anchor point and carry out routing update.Span into system's anchor point according to the IP address configuration IP of mobile device carrying, set up user's face, and application defaults strategy and charging principle thereon.
The QoS configuration information that 111 mobile management node M ME/ user plane unit UPE provide default IP to carry to the wireless evolution connecting system is as the upper limit of data speed.Mobile management node M ME/ user plane unit UPE sends to UE and adheres to request reception message, distributes interim ID and IP address to UE.When using proxy-mobile IP, the IP address is the HoA address.
112 mobile management node M ME/ user plane unit UPE send to mobile device and adhere to reception message.
113 mobile devices send to mobile management node M ME/ user plane unit UPE and adhere to affirmation.
Above-mentioned flow process, when system uses proxy-mobile IP to carry out mobile management, mobile node among the mobile IP is mobile device UE, and the system anchor point of spanning into is the home agent of mobile device, and mobile management node M ME/ user plane unit UPE is the mobile IP agent node of mobile device.
In order to guarantee the fail safe of proxy-mobile IP, the mobile security alliance information between mobile node (promptly with mobile device UE) and home agent (interdepartmental system access anchor point), home agent (interdepartmental system access anchor point) and Foreign Agent need be pushed away home agent (interdepartmental system access anchor point) to mobile IP agent node (MME/UPE) and mobile node (mobile device).
In the above-mentioned flow chart, these information safety of safety coalition ground is not sent to mobile management node M ME/ user plane unit UPE and spans into system's anchor point (home agent).Though 105 steps authenticate, but in the process of authentication, safety alliance information is not sent to mobile management node M ME/ user plane unit UPE, and in above-mentioned flow chart, do not insert the interface of anchor point, and the mobile security alliance information sends to interdepartmental system from HSS and inserts anchor point and be only safest from ownership place client server HSS to interdepartmental system.
Summary of the invention
The technical problem to be solved in the present invention is to provide a kind of adherence method that adopts proxy-mobile IP to carry out mobile management, when this method guarantees to adopt proxy-mobile IP to carry out mobile management, can satisfy the required security requirement of proxy-mobile IP registration.
For realizing the technical problem to be solved in the present invention, a kind of adherence method that adopts proxy-mobile IP to carry out mobile management of the present invention, be used for mobile communcations system, this mobile communcations system comprises network side Section Point, home subscriber server and the mobile device that has mobile management function and mobile IP agent functional network side first node, has the home agent function of mobile IP, and this method comprises:
1) mobile device sends and adheres to request to the network side first node;
2) after the network side first node is received and adhered to request, after the network side first node has the mobile security alliance information or obtains the mobile security alliance information from home subscriber server, send mobile IP login request message to network side two nodes;
3) network side two node processing mobile IP login request message if there is not the mobile security alliance information of effective mobile device in network side two nodes, are then obtained the mobile security alliance information and the corresponding strategies information of mobile device from the ownership place client server;
4) the network side first node sends to mobile device and adheres to request reception message.
Select home agent in the process that the present invention adheres to when adopting proxy-mobile IP to carry out mobile management, can distribute the mobile security alliance information to network side first node and network side Section Point, thereby required security requirement in the time of can guaranteeing to adopt proxy-mobile IP to carry out mobile management, and do not increase wireless mouthful the signaling and the complexity of existing activation process.
Description of drawings
Fig. 1 is the system block diagram that attachment flow is used in the prior art;
Fig. 2 is an adherence method flow chart in the wireless telecommunication system in the prior art;
Fig. 3 is a mobile device of the present invention adherence method flow chart when adopting proxy-mobile IP;
Embodiment
When mobile communcations system uses proxy-mobile IP to carry out mobile management among the present invention, the network side Section Point that has mobile management function and mobile IP agent functional network side first node and have the home agent function of mobile IP be need provide at the mobile communcations system network side, portable terminal and ownership place client server also included in the mobile communcations system.Network side first node among the present invention can be mobile management node M ME/ user face nodes UPE, and the network side Section Point can be that net spans into system's anchor point.Network side first node and Section Point also can be other nodes, for example SGSN (Serving GPRSSupporting Node, GPRS service node) and GGSN (Gateway GPRS Supporting Node, GPRS gateway node).Network side first node and Section Point are functional entity, and they can be independently physically, also can be integrated in the physical entity.
Be that example describes with mobile management node M ME/ user face nodes UPE with spanning into system's anchor point below.Present embodiment inserts anchor point by adopting home subscriber server distribution mobile security alliance information to mobile MME/UPE and interdepartmental system, or MME/UPE and interdepartmental system access anchor point self preservation mobile security alliance information, and mobile device carried out mobile IP registration, mobile mobile security alliance information is included in the attachment flow, guaranteed to adopt proxy-mobile IP to carry out the security requirement of mobile management, its concrete realization flow may further comprise the steps as shown in Figure 3:
301 mobile devices are carried out connecting system and network selecting.
302 mobile devices send and adhere to request to mobile management node M ME/ user face nodes UPE.This adheres to request can have old log-on message, as interim ID etc.
Adhere to request and can have default IP access bearer information, as IP address and APN (Access Point Name, Access Point Name) etc.
Mobile device sends adhere to request also can be with going up following information: the network insertion of mobile device number (NAI, NetworkAccess Identifier), NAI is the user name and the home network domain name of mobile device.
303 if adhere to and have old log-on message in the request, obtains user profile among the old mobile management node M ME/ user face nodes UPE that then mobile management node M ME/ user face nodes UPE is registered before the mobile device according to this log-on message.
304 old mobile management node M ME/ user face nodes UPE as permanent ID etc., send to mobile management node M ME/ user face nodes UPE with user profile.
305 mobile management node M ME/ user face nodes UPE authenticate mobile device.The ownership place client server is distributed to mobile management node M ME/ user face nodes UPE with the mobile security alliance information.
Can adopt following two kinds optionally to authenticate and mobile security alliance information distribution method:
Method one (is compared with existing authentication, increase is with the mobile security alliance information, guarantee the fail safe of system): mobile management node M ME/ user face nodes UPE judges whether preserve all required security information of authentication mobile device UE in MME/UPE, these security information comprise: mobile device and MME/UPE recognize each other card required security information and mobile security alliance information.If have these information among the mobile management node M ME/ user face nodes UPE, then MME/UPE does not need to visit the ownership place client server, uses its local information of preserving that mobile device is authenticated by MME/UPE; If there is not the relevant security information of mobile device among the MME/UPE, then MME/UPE at first obtains these information to the ownership place client server, after these information of acquisition UE is authenticated.
Method two (authentication points has been moved on to home subscriber server from MME/UPE, increased the fail safe of system): MME/UPE can not authenticate mobile device, to the authentication points of mobile device at home subscriber server.After MME/UPE receives and adheres to request, (different with method one is at first to judge whether to have the required security information of UE authentication MME/UPE, it in the method one UE and the MME/UPE security information of authentication mutually, here be the security information of UE authentication MME/UPE), if do not have, then MME/UPE obtains to the home subscriber server of UE, these security information include only the required necessary information of UE authentication MME/UPE, but do not comprise the necessary information of MME/UPE authentication UE, do not comprise the mobile security alliance information yet.After receiving these necessary informations, MME/UPE sends authentication request to UE.After receiving the authentication response of UE, MME/UPE sends to home subscriber server with authentication response, and home subscriber server authenticates UE, behind the authentication success mobile security alliance information is sent to MME/UPE.
306 mobile management node M ME/ user face nodes UPE register to the ownership place client server.
307 if exist old mobile management node M ME/ user face nodes UPE, then the ownership place client server notify old mobile management node M ME/ user face nodes UPE deletion mobile device information maybe with this mobile device message identification for not existing.
308 ownership place client servers send registration confirmation message to this mobile management node M ME/ user face nodes UPE.Registration confirmation message comprises log-on message, authorization message, policy information, charge information of this mobile device etc.
Set up user's face between 309 mobile devices and mobile management node M ME/ user face nodes UPE, the foundation of user's face can be that mobile device is initiated or mobile management node M ME/ user face nodes UPE initiates; Mobile management node M ME/ user face nodes UPE sends mobile IP login information to spanning into system's anchor point (HA), have the digital digest that adopts relevant mobile security alliance information to calculate in this login request message, be used to span into the source and the integrality of system's anchor point checking mobile IP login request message.The system anchor point of spanning into is handled this login request message, if span into the mobile security alliance information that does not have effectively relevant mobile device in system's anchor point (HA), spanning into system's anchor point (HA) needs visit ownership place client server to obtain these information.At the ownership place client server mobile security alliance information of mobile device is sent to when spanning into system's anchor point, the ownership place client server can be simultaneously sends to the policy information of relevant this mobile device and spans into system's anchor point (HA).Span into system's anchor point (HA) according to have or obtain the mobile security alliance information from the ownership place client server and calculate the corresponding digital summary, again with mobile IP login information in mobile security alliance information digital digest comparison, the source of checking mobile IP login request message and the integrality of message.Interdepartmental system inserts anchor point (HA) and distributes home IP address according to the policy information of the mobile device that obtains from the ownership place client server again.
310 mobile management node M ME/ user face nodes UPE provide QoS (Quality of Service, the quality of service) configuration information of default IP carrying to the wireless access system of evolution, as the upper limit of data speed.
311 mobile management node M ME/ user face nodes UPE send to mobile device and adhere to request reception message, will span into system's anchor point and incidentally give mobile device for mobile subscriber's IP address allocated in this message.
312 mobile devices are confirmed to adhere to successfully.
Claims (10)
1, a kind of adherence method that adopts proxy-mobile IP to carry out mobile management, be used for mobile communcations system, this mobile communcations system comprises network side Section Point, home subscriber server and the mobile device that has mobile management function and mobile IP agent functional network side first node, has the home agent function of mobile IP, it is characterized in that this method comprises:
1) mobile device sends and adheres to request to the network side first node;
2) the network side first node is received and is adhered to request, after it has the mobile security alliance information or obtains the mobile security alliance information from home subscriber server, then sends mobile IP login request message to the network side Section Point;
3) the network side Section Point is handled mobile IP login request message, if there is not the mobile security alliance information of effective mobile device in the network side Section Point, then obtain the mobile security alliance information and the corresponding strategies information of mobile device from the ownership place client server;
4) the network side first node sends to mobile device and adheres to request reception message.
2, method according to claim 1 is characterized in that, step 2 further comprises:
When security information that does not have mobile device and network side first node to authenticate mutually in the network side first node and mobile security alliance information, then obtain the back and carry out interactive authentication with mobile device from the ownership place client server;
When preserving the security information that mobile security alliance information and mobile device and network side first node authenticate mutually in the network side first node, then directly and mobile device authenticate;
When only having the required security information of mobile device authenticating network side first node in the network side first node or when home subscriber server only obtains the required security information of mobile device authenticating network side first node, then home subscriber server authenticates mobile device, behind the authentication success mobile security alliance information is sent to the network side first node.
3, method according to claim 1 and 2 is characterized in that, further comprises: the network side Section Point is according to the home IP address of the corresponding strategies information distribution mobile device of mobile device; In adhering to request reception message, carry this home IP address.
4, method according to claim 3, it is characterized in that, home subscriber server also comprises before mobile device UE is authenticated: the network side first node sends authentication request to mobile device, after receiving the authentication response of mobile device, the network side first node sends to home subscriber server with authentication response.
5, according to claim 1,2 or 4 described methods, it is characterized in that, carry the digital digest that adopts the mobile security alliance information to calculate in the mobile IP login request message, when the network side Section Point is handled mobile IP login request message, by adopting that it has or obtaining digital digest comparison digital digest that the mobile security alliance information calculates and the mobile IP login request message, verify mobile IP login request informed source and integrality from the ownership place client server.
6, method according to claim 5 is characterized in that, the network side first node is mobile management node M ME/ user face nodes UPE, and network side second joint is that interdepartmental system inserts anchor point.
7, method according to claim 6 is characterized in that, described adhering to asks to comprise following information: the log-on message that mobile device is old; And/or default IP access bearer information; And/or the network insertion of mobile device number; Wherein old log-on message comprises interim ID, and default IP access bearer information comprises IP address and Access Point Name, and the network insertion of mobile device number comprises the user name and the home network domain name of mobile device.
8, method according to claim 7, it is characterized in that, have old log-on message in the request if adhere to, obtain user profile among the old mobile management node M ME/ user face nodes UPE that then described mobile management node M ME/ user face nodes UPE is registered before the mobile device according to this log-on message, old mobile management node M ME/ user face nodes UPE sends to mobile management node M ME/ user face nodes UPE with user profile.
9, method according to claim 8, it is characterized in that, when mobile management node M ME/ user face nodes UPE when the ownership place client server is registered, if there is an old mobile management node M ME/ user face nodes UPE, then the ownership place client server notify old mobile management node M ME/ user face nodes UPE1 deletion mobile device information maybe with this mobile device message identification for not existing.
According to claim 1,2 or 6 described methods, it is characterized in that 10,, further comprise that mobile device is confirmed to adhere to successfully.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNA2006100348405A CN101047612A (en) | 2006-03-31 | 2006-03-31 | Attaching method for mobile management using agent mobile IP |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNA2006100348405A CN101047612A (en) | 2006-03-31 | 2006-03-31 | Attaching method for mobile management using agent mobile IP |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN101047612A true CN101047612A (en) | 2007-10-03 |
Family
ID=38771851
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CNA2006100348405A Pending CN101047612A (en) | 2006-03-31 | 2006-03-31 | Attaching method for mobile management using agent mobile IP |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101047612A (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101730036B (en) * | 2009-03-24 | 2012-12-19 | 中兴通讯股份有限公司 | Method, device and user facility for changing attachment state |
| CN104540117A (en) * | 2008-07-24 | 2015-04-22 | 微软公司 | Anchoring services of a mobile station attached to a first service domain at a home agent in a second service domain |
| CN106850872A (en) * | 2017-01-22 | 2017-06-13 | 北京佰才邦技术有限公司 | A kind of method and device of user name system IP registrations/cancellation |
-
2006
- 2006-03-31 CN CNA2006100348405A patent/CN101047612A/en active Pending
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104540117A (en) * | 2008-07-24 | 2015-04-22 | 微软公司 | Anchoring services of a mobile station attached to a first service domain at a home agent in a second service domain |
| CN104540117B (en) * | 2008-07-24 | 2019-07-26 | 微软技术许可有限责任公司 | Anchoring is attached to the service of the movement station in the first service domain at home agent in second service domain |
| CN101730036B (en) * | 2009-03-24 | 2012-12-19 | 中兴通讯股份有限公司 | Method, device and user facility for changing attachment state |
| CN106850872A (en) * | 2017-01-22 | 2017-06-13 | 北京佰才邦技术有限公司 | A kind of method and device of user name system IP registrations/cancellation |
| WO2018133776A1 (en) * | 2017-01-22 | 2018-07-26 | 北京佰才邦技术有限公司 | Ip registration/cancellation method and device for username system |
| CN106850872B (en) * | 2017-01-22 | 2020-07-24 | 北京佰才邦技术有限公司 | Method and device for IP registration/logout of user name system |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN1144440C (en) | Authentication method and system | |
| CN100550804C (en) | A kind of network attached method and network attachment system | |
| CN101978716B (en) | For the method that optimizing user equipment PDN (packet data network) connects | |
| CN100473216C (en) | Route renewing method in mobile communication system | |
| CN1432258A (en) | Method for supporting handover between radio access networks | |
| CN1934889A (en) | Method and communication system to allow barring a call of a roaming user after pdp context activation | |
| EP2228947B1 (en) | A method for allocating network addresses, network and network node thereof | |
| CN101273584A (en) | Policy control in the evolved system architecture | |
| CN1630263A (en) | System and method for coupling between mobile communication system and wireless local area network | |
| CN1625853A (en) | Authentication system and method having mobility in public wireless local area network | |
| CN101047958B (en) | User network attaching method and system for roaming scene in 3GPP evolution network | |
| CN1859775A (en) | User's device attaching method | |
| US7215943B2 (en) | Mobile terminal identity protection through home location register modification | |
| CN101730073B (en) | Method and system for acquiring user contracting data | |
| CN1282391C (en) | Communication system | |
| CN100426777C (en) | System and method for accessing 3GPP deductive network by non-3GPP technology | |
| CN100484290C (en) | Method for realizing PDP address distribution in service cut-in | |
| CN1870554A (en) | Method for selecting access service network gateway of base station | |
| CN101047612A (en) | Attaching method for mobile management using agent mobile IP | |
| CN100346615C (en) | Method for receiving external network data by target user equipment | |
| CN101742454B (en) | Management method, device and system of emergency business of mobile restricted terminal | |
| CN1859422A (en) | Method for processing user terminal cut-in evolution network | |
| CN1642076A (en) | Method for obtaiing user identification by packet data gate for wireless LAN | |
| CN1751472A (en) | Terminating a session in a network | |
| CN1604555A (en) | Method for implementing intercommunication between WLAN and GSM/GPRS system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C02 | Deemed withdrawal of patent application after publication (patent law 2001) | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20071003 |