CN101155411A - Using control method and system for multicast broadcasting service - Google Patents
Using control method and system for multicast broadcasting service Download PDFInfo
- Publication number
- CN101155411A CN101155411A CNA2006101419747A CN200610141974A CN101155411A CN 101155411 A CN101155411 A CN 101155411A CN A2006101419747 A CNA2006101419747 A CN A2006101419747A CN 200610141974 A CN200610141974 A CN 200610141974A CN 101155411 A CN101155411 A CN 101155411A
- Authority
- CN
- China
- Prior art keywords
- mbs
- terminal
- state
- indication message
- broadcast service
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Abstract
The present invention relates to communication domain, disclosed are a using control method and its system for the multicast broadcast service, leading the MBS to be used effectively in reason. In the present invention, the functional entity storing or dispensing MBS state of the terminal sends the state indicating message for indicating the MBS state of the terminal to the MBS control functional entity, the control MBS functional entity determines whether to authorize the terminal using the MBS according to the received state indicating message. The control MBS functional entity sends corresponding MBS key to the terminal authorized using the MBS only, leads the terminal over the subscribing period of validity can not receive the MBS. The state indicating message can also carry on the safety information needed by the MBS, can transmit by a plurality of network entities, is sent to the MBS control functional entity.
Description
Technical field
The present invention relates to the communications field, particularly the multicast and broadcast technology.
Background technology
IEEE802.16 is (the Institute of Electrical andElectronics Engineers of Institute of Electrical and Electronics Engineers, be called for short " IEEE ") in promulgation in December calendar year 2001, the standard that provides last kilometer WiMAX to insert at metropolitan area network is provided.
In order effectively to utilize mobile network resource, in the up-to-date agreement IEEE802.16e/D5 of IEEE802.16, introduced multicast broadcast service (Multicast Broadcast Service is called for short " MBS ").
Above-mentioned MBS provides in the mobile network by a data source and has sent the standard of data to a plurality of users, can realize that thus Internet resources share, and improves utilization rate of network resource, the utilance of the interface resource of especially eating dishes without rice or wine.
It is worthy of note, the advantage of above-mentioned MBS is, not only can realize the multicast and the broadcasting of the information series business of plain text, low rate, can also realize the multicast and the broadcasting of high-speed multimedia business, for example, video request program, television broadcasting, video conference, online education, interactive game or the like.Therefore, MBS will promote the development of following mobile data services.
In MBS, data are sent to a plurality of users by a data source, and in certain zone, have only the user who subscribes to MBS can enjoy these data service is provided, therefore, for preventing from not subscribe to the service that the professional or unpaid user of MBS enjoys the MBS business, need in the MBS business, key be set, this key has only real user and MBS server (MBS Server) to know, thereby normally providing and receiving of data is provided.
Specifically, all users share the key that is provided with in MBS server and the group, MBS server user in group sends this shared password, this process of transmitting is that the user carries out one to one in MBS server and each group, and will adopt encryption key to this shared secret key encryption usually when sending.Each user's key-encrypting key is unique in the group, that is: the key-encrypting key that the user has in the group has nothing in common with each other.
The corresponding key-encrypting key of user is encrypted and is shared key in the employing of MBS server and each group.After this, the shared key after the MBS server will be encrypted sends to user in the corresponding group, and the user uses corresponding key-encrypting key to shared secret key decryption in this group, thereby realizes that the key between the user is shared in MBS server and the group.
After this, the MBS server adopts shares secret key encryption MBS business information, and sends to each user in the group, and the user uses and shares secret key decryption MBS business information in the group, obtains and enjoy the service of MBS business.
Below to the association key of the above-mentioned security mechanism that realizes MBS: multicast key encryption key (GroupKey Encryption Key, abbreviation " GKEK "), MBS KI (MBS AuthenticationKey, abbreviation " MAK "), multicast service encryption key (Group Traffic Encryption Key, be called for short " GTEK ") further specify with MBS transmission security key (MBS Traffic Key is called for short " MTK ").
GKEK is the multicast key encryption key, is used to untie the GTEK that uses GKEK to encrypt.
GTEK is the multicast service encryption key, and it is unique in a MBS scope of business, according to time mechanism cycle renewal.The uncontrollable unique user of GTEK.This key is the traffic encryption key of the MAC layer that defines in IEEE802.16-2005.
MAK is the MBS KI, is that with above-mentioned GTEK something in common it is unique in a MBS scope of business, upgrade according to the time mechanism cycle, and with the same uncontrollable unique user of GTEK.In addition, this key is the KI of the operation layer that defines in IEEE802.16-2005.
MTK is the MBS transmission security key, is directly used in the MBS Business Stream is encrypted.The generation formula is MTK<=Dot16KDF (MAK, MGTEK| " MTK ", 128), and visible MTK is generated by above-mentioned GTEK and MAK.
Because GTEK and MAK are unique in a MBS scope of business, so uncontrollable unique user.That is to say, do not propose how to control the concrete scheme that unique user uses MBS in the prior art as yet.
Summary of the invention
In view of this, main purpose of the present invention is to provide a kind of use control method and system thereof of multicast broadcast service, makes MBS to be used effective and reasonablely.
For achieving the above object, the invention provides a kind of use control method of multicast broadcast service, comprise following steps:
The functional entity of the multicast broadcast service MBS state of storage or distribution terminal sends the state indication message of this MBS state be used to indicate this terminal to MBS controlled function entity;
Described MBS controlled function entity determines whether to authorize described terminal to use this MBS according to the described state indication message of receiving.
Wherein, described state indication message comprises one of following parameter or its combination in any:
MBS contract overtime, MBS authentification failure of time, MBS authentication success, MBS, MBS deexcitation sign, terminal iidentification, MBS sign.
In this external described method, absolute time or professional remaining time that the business that the signatory time of described MBS is this MBS stops; Described MBS is designated traffic stream identifier or content identification.
In this external described method, when the signatory time of the MBS of described terminal expired, the functional entity of the MBS state of described storage or distribution terminal sent the signatory overdue state indication message of time of indication MBS to described MBS controlled function entity;
Described MBS controlled function entity is received the signatory time of described indication MBS during overdue state indication message, and the relevant information of this MBS by deleting described terminal maybe is changed to unactivated state with this MBS state of this terminal, and refusal authorizes this terminal to use this MBS.
In this external described method, the signatory overdue state indication message of time of described indication MBS comprises one of following parameter or its combination in any:
The overtime sign of MBS, MBS authentification failure sign, terminal iidentification, MBS sign.
In this external described method, when the MBS of described terminal authentication success, the functional entity of the MBS state of described storage or distribution terminal sends the state indication message of indication MBS authentication success to described MBS controlled function entity;
When described MBS controlled function entity is received the state indication message of described indication MBS authentication success, be changed to state of activation by this MBS state that the relevant information of this MBS of described terminal is added in the respective contexts maybe this terminal, authorize this terminal to use this MBS.
In this external described method, the state indication message of described indication MBS authentication success comprises one of following parameter or its combination in any:
The sign of MBS authentication success, signatory time of MBS, terminal iidentification, MBS sign.
In this external described method, the functional entity of the MBS state of described storage or distribution terminal is authentication aaa server, application server, MBS server or third-party aaa server;
Described MBS controlled function entity is the base station.
In this external described method, described MBS controlled function entity only sends corresponding M BS key to the terminal of licensing this MBS after receiving the MBS key request of described terminal.
In this external described method, described MBS key is multicast service encryption key GKEK.
In this external described method, the functional entity of the MBS state of described storage or distribution terminal sends to described MBS controlled function entity by the network entity of one of following or its combination in any with described state indication message:
MBS server, policy functional entity, service flow authorization person anchor point, data path function/Foreign Agent anchor point, network access server, gateway.
In this external described method, described state indication message is carried one of following parameter or its combination in any:
The address of the address of network access server sign, data path function or Foreign Agent anchor point, the address of policy functional entity, service flow authorization person anchor point.
In this external described method, described state indication message is carried the required security information of described MBS.
In this external described method, described security information comprises one of following or its combination in any:
MBS multicast group Security Association, GKEK context, MBS authorization key MAK, MAK context.
The present invention also provides a kind of use control system of multicast broadcast service, comprises:
The functional entity of multicast broadcast service MBS state of storage or distribution terminal is used to send the state indication message of this MBS state that is used to indicate this terminal; With
Whether MBS controlled function entity is used to receive described state indication message, and authorize described terminal to use this MBS according to this message decision.
Wherein, described state indication message comprises one of following parameter or its combination in any:
MBS contract overtime, MBS authentification failure of time, MBS authentication success, MBS, MBS deexcitation sign, terminal iidentification, MBS sign.
In this external described system, the functional entity of the multicast broadcast service MBS state of described storage or distribution terminal expired or during the MBS authentication success, sends described state indication message in the signatory time of the MBS of described terminal.
In this external described system, the functional entity of the MBS state of described storage or distribution terminal is authentication aaa server, application server, MBS server or third-party aaa server;
Described MBS controlled function entity is the base station.
In addition, described system also comprises the network entity of one of following or its combination in any:
MBS server, policy functional entity, service flow authorization person anchor point, data path function/Foreign Agent anchor point, network access server, gateway;
The functional entity of the MBS state of described storage or distribution terminal sends to described MBS controlled function entity by the forwarding of described network entity with described state indication message.
By relatively finding, the main distinction of technical scheme of the present invention and prior art is, send the state indication message of this MBS state be used to indicate this terminal by the functional entity of the MBS state of storage or distribution terminal to MBS controlled function entity, whether the functional entity of control MBS authorizes this terminal to use this MBS according to the state indication message decision of receiving.Make the functional entity of control MBS can learn the state of the MBS that terminal is used, and, guaranteed that MBS can be used effective and reasonablely according to the operating position of this MBS of State Control of this MBS.
When the signatory time of MBS expires, the functional entity of the MBS state of storage or distribution terminal carries the overtime sign of MBS, MBS authentification failure sign, terminal iidentification and MBS to the transmission of MBS controlled function entity and identifies isoparametric state indication message, after the functional entity of control MBS was received this message, refusal authorized this terminal to use this MBS; When the MBS authentication success, the functional entity of the MBS state of storage or distribution terminal sends the signatory time of sign, MBS, terminal iidentification and the MBS that carry the MBS authentication success to MBS controlled function entity and identifies isoparametric state indication message, after the functional entity of control MBS is received this message, authorize this terminal to use this MBS.The functional entity of control MBS only sends corresponding M BS key to the terminal of licensing this MBS, makes that exceeding the terminal of subscribing to the term of validity can't receive this MBS, and the terminal of MBS authentication success can successfully receive this MBS.
The functional entity of the MBS state of storage or distribution terminal can be authentication (Authentication, Authorization and Account, abbreviation " AAA ") server, application server (Application Server is called for short " AS "), MBS server or third-party aaa server; MBS controlled function entity can be the base station.For realization of the present invention provides concrete application mode.
State indication message can send to MBS controlled function entity by the forwarding of a plurality of network entities, make the present invention program can flexible Application in the multiple network structure.
State indication message can also be carried the required security information of MBS, as MBS multicast group Security Association, GKEK context, MBS authorization key MAK and MAK context etc., has saved and has transmitted the required Internet resources of this security information.
Description of drawings
Fig. 1 be according to the present invention in the state indication message of MBS send schematic diagram;
Fig. 2 is the use control method flow chart according to the MBS of first embodiment of the invention;
Fig. 3 is the use control method flow chart according to the MBS of second embodiment of the invention;
Fig. 4 is the use control method flow chart according to the MBS of third embodiment of the invention;
Fig. 5 be according to the present invention in the MBS server issue the state indication message schematic diagram of MBS when being in gateway.
Embodiment
For making the purpose, technical solutions and advantages of the present invention clearer, the present invention is described in further detail below in conjunction with accompanying drawing.
In the present invention, send the state indication message of this MBS state be used to indicate this terminal to MBS controlled function entity by the functional entity of the MBS state of storage or distribution terminal, as shown in Figure 1, have in can comprising in this state indication message: MBS contract overtime, MBS authentification failure of time, MBS authentication success, MBS, MBS deexcitation sign, terminal iidentification and MBS sign, wherein, the MBS time of contracting can be the absolute time or the professional remaining time of the business termination of this MBS; The MBS sign can be traffic stream identifier (SFID) or content identification (Content ID).Whether MBS controlled function entity authorizes this terminal to use this MBS according to the state indication message decision of receiving.
Such as, when the signatory time of the MBS of this terminal expires, the functional entity of the MBS state of storage or distribution terminal sends the signatory overdue state indication message of time of indication MBS to MBS controlled function entity, and the content that the signatory overdue state indication message of time of indication MBS is carried can be the overtime sign of MBS, MBS authentification failure sign, terminal iidentification and MBS sign.When MBS controlled function entity is received the signatory time of this indication MBS during overdue state indication message, the relevant information of deleting this MBS of this terminal, under the situation that in the context of this terminal, has this MBS sign, can be with this sign deletion; Have in the MBS of correspondence context under the situation of sign of this terminal, the sign of this terminal can be deleted from the MBS context of correspondence, perhaps be changed to unactivated state by this MBS state with this terminal, refusal authorizes this terminal to use this MBS.MBS controlled function entity can also use professional deletion flow process (as DSD-REQ) to notify this terminal deletion this MBS after refusal authorizes this terminal to use this MBS.
When the MBS of this terminal authentication success, the functional entity of the MBS state of storage or distribution terminal sends the state indication message of indicating the MBS authentication success to MBS controlled function entity, has in the state indication message of this indication MBS authentication success is carry-on: the sign of MBS authentication success, signatory time of MBS, terminal iidentification and MBS sign.When MBS controlled function entity is received the state indication message of this indication MBS authentication success, the relevant information of this MBS of this terminal is added in the respective contexts, under the situation that in the context of this terminal, can store this MBS sign, this sign can be joined in this context; Under the situation of sign that can storage terminal in the MBS of correspondence context, the sign of this terminal can be joined in the context, perhaps be changed to state of activation, authorize this terminal to use this MBS by this MBS state with this terminal.After this terminal of MBS controlled function entity mandate is used this MBS, if receive the key request (as the request of GKEK) or the service request (as DSA-REQ) of this terminal, can give service request (DSA-RSP) that this terminal distributes corresponding key or response etc.
Among the present invention, the functional entity of the MBS state of storage or distribution terminal can be aaa server, AS, MBS server or third-party aaa server; MBS controlled function entity can be the base station.When having a plurality of other network entities between functional entity and the MBS controlled function entity of the MBS state of storage or distribution terminal, also can pass through the forwarding of these network entities, state indication message is sent to MBS controlled function entity.
Below first execution mode of the present invention is described in detail, present embodiment relates to the use control method of MBS.In the present embodiment, the functional entity of the MBS state of storage or distribution terminal is the MBS server, MBS controlled function entity is the base station, behind the MBS of terminal authentication success, the state indication message that the MBS server issues is by network access server (Network AccessServer, be called for short " NAS ") and the forwarding of gateway, finally send to the base station.Use NAS to represent anchoring authentication device in this programme.
Specifically, as shown in Figure 2, in step 210, behind the MBS of terminal authentication success, the MBS server has in carrying in this message to the state indication message that NAS sends indication MBS authentication success: the sign of MBS authentication success, signatory time of MBS, terminal iidentification and MBS sign etc.Wherein, the MBS time of contracting can be the absolute time or the professional remaining time of the business termination of this MBS; The MBS sign can be SFID or content identification.And the MBS server can be changed to state of activation with this MBS information of this terminal.
Then, enter step 220, after NAS receives the state indication message of this indication MBS authentication success, transmit the state indication message of this indication MBS authentication success, that is to say that NAS sends the state indication message of this indication MBS authentication success to gateway.Comprise equally in the message: the sign of MBS authentication success, signatory time of MBS, terminal iidentification and MBS sign etc.
Then, enter step 230, after gateway is received the state indication message of this indication MBS authentication success, transmit the state indication message of this indication MBS authentication success, that is to say that gateway sends the state indication message of the indication MBS authentication success of this sign that comprises the MBS authentication success, information such as MBS signatory time, terminal iidentification and MBS sign to the base station.
After the state indication message of this indication MBS authentication success is received in the base station, this MBS information of this this terminal is changed to state of activation, perhaps, the relevant information of this MBS of this terminal is added in the respective contexts.Such as, if can store this MBS sign in the context of this terminal, then this sign can be joined in this context; If sign that can storage terminal in the corresponding MBS context then can join the sign of this terminal in the corresponding MBS context.
The base station is changed to state of activation by this MBS state that the relevant information of this MBS of this terminal is added in the respective contexts maybe this terminal, authorizes this terminal to use this MBS.After the base station authorizes this terminal to use this MBS,, can give service request (DSA-RSP) that this terminal distributes corresponding key or response etc. if receive the key request (as the request of GKEK) or the service request (as DSA-REQ) of this terminal.Make the terminal of MBS authentication success can successfully receive this MBS.
Because the base station only uses the terminal of corresponding MBS to send GKEK to being authorized to, and GKEK is at single terminal, the terminal that can not get GKEK can't be untied the GTEK that uses GKEK to encrypt, also just can't generate new effective MTK, therefore, guaranteed only to be authorized to use the terminal of this MBS business could use this MBS business, made the MBS business to be used effective and reasonablely.
Need to prove, for step 210,220 and 230, can increase corresponding response message, its response order can not have sequential relationship, also can allow it have sequential relationship.
In addition, what deserves to be mentioned is, the state indication message of indication MBS authentication success can also be carried the required security information of MBS, as MBS multicast group Security Association, GKEK context, MBS authorization key MAK and MAK context etc., to save the required Internet resources of this security information of transmission.
Second execution mode of the present invention relates to the use control method of MBS.In the present embodiment, the functional entity of the MBS state of storage or distribution terminal is an aaa server, MBS controlled function entity is the base station, arrive after date when the signatory time of the MBS of terminal, the state indication message that aaa server issues finally sends to the base station by the forwarding of MBS server, NAS and gateway.
Specifically, as shown in Figure 3, in step 310, arrive after date when the signatory time of the MBS of terminal, perhaps because the reason of certain Operation and Maintenance, aaa server decision stops certain MBS of certain terminal, and this aaa server sends to the MBS server and is used to indicate the MBS overdue state indication message of time of contracting, and can comprise in this message: information such as the overtime sign of MBS/MBS deexcitation sign, MBS authentification failure sign, terminal iidentification and MBS sign.If this message also comprises the signatory time of MBS, then can the signatory time be set to zero.Wherein, the MBS sign can be SFID or content identification.
Then, enter step 320, after the MBS server is received the signatory overdue state indication message of time of this indication MBS, transmit the signatory overdue state indication message of time of this indication MBS, that is to say that the MBS server sends the signatory overdue state indication message of time of this indication MBS to NAS.Comprise information such as the overtime sign of MBS/MBS deexcitation sign, MBS authentification failure sign, terminal iidentification and MBS sign in the message equally.And the MBS server can be changed to not state of activation with this MBS message deletion of this terminal or with it.
Then, enter step 330, after NAS receives the signatory overdue state indication message of time of this indication MBS, transmit the signatory overdue state indication message of time of this indication MBS, that is to say that NAS sends the signatory overdue state indication message of time of this indication MBS to gateway.Comprise information such as the overtime sign of MBS/MBS deexcitation sign, MBS authentification failure sign, terminal iidentification and MBS sign in the message equally.
Then, enter step 340, after gateway is received the signatory overdue state indication message of time of this indication MBS, transmit the signatory overdue state indication message of time of this indication MBS, that is to say that gateway sends the signatory overdue state indication message of time of this indication MBS to serving BS.Comprise information such as the overtime sign of MBS/MBS deexcitation sign, MBS authentification failure sign, terminal iidentification and MBS sign in the message equally.
After the signatory overdue state indication message of time of this indication MBS is received in the base station, this MBS of this terminal is changed to not state of activation, perhaps, with the relevant information deletion of this MBS of this terminal.Such as, if there is this MBS sign in the context of this terminal, then can be with this sign deletion; If the sign of this terminal is arranged in the corresponding MBS context, the sign of this terminal can be deleted from the MBS context of correspondence.
Similar with first execution mode, for step 310,320,330 and 340, can increase corresponding response message, its response order can not have sequential relationship, also can allow it have sequential relationship.
The base station is changed to unactivated state by this MBS state of the relevant information of this MBS of this terminal being deleted maybe this terminal from respective contexts, refusal authorizes this terminal to use this MBS.After base station refusal authorizes this terminal to use this MBS,, also can not give service request (DSA-RSP) that this terminal distributes corresponding key or response etc. even receive the key request (as the request of GKEK) or the service request (as DSA-REQ) of this terminal.
Because can not giving, the base station is rejected the terminal transmission GKEK that licenses corresponding MBS business, and GKEK is at single terminal, therefore, be rejected the terminal of licensing corresponding MBS and can not get GKEK, also just can't untie the GTEK that uses GKEK to encrypt, also just can't generate new effective MTK, can't receive this MBS, make the MBS business to be used effective and reasonablely thereby guaranteed to exceed the terminal of subscribing to the term of validity.
The 3rd execution mode of the present invention relates to the use control method of MBS, the present embodiment and first execution mode are roughly the same, its difference only is, in the first embodiment, the state indication message that the MBS server issues is by the forwarding of NAS and gateway, finally send to the base station, and in the present embodiment, the state indication message that the MBS server issues is by policy functional entity (Policy Function, be called for short " PF "), service flow authorization person anchor point (Anchor Service Flow Authorization, be called for short " Anchor SFA "), with the forwarding of gateway, finally send to the base station.
Specifically, as shown in Figure 4, in step 410, behind the MBS of terminal authentication success, the MBS server has in carrying in this message to the state indication message that PF sends indication MBS authentication success: the sign of MBS authentication success, signatory time of MBS, terminal iidentification and MBS sign etc.Wherein, the MBS time of contracting can be the absolute time or the professional remaining time of the business termination of this MBS; The MBS sign can be SFID or content identification.And the MBS server can be changed to state of activation with this MBS information of this terminal.
Then, enter step 420, after PF receives the state indication message of this indication MBS authentication success, transmit the state indication message of this indication MBS authentication success, that is to say that PF sends the state indication message of this indication MBS authentication success to Anchor SFA.Comprise equally in the message: the sign of MBS authentication success, signatory time of MBS, terminal iidentification and MBS sign etc.
Then, enter step 430, after Anchor SFA receives the state indication message of this indication MBS authentication success, transmit the state indication message of this indication MBS authentication success, that is to say that Anchor SFA sends the state indication message of this indication MBS authentication success to gateway.Comprise equally in the message: the sign of MBS authentication success, signatory time of MBS, terminal iidentification and MBS sign etc.
Then, enter step 440, after gateway is received the state indication message of this indication MBS authentication success, transmit the state indication message of this indication MBS authentication success, that is to say that gateway sends the state indication message of the indication MBS authentication success of this sign that comprises the MBS authentication success, information such as MBS signatory time, terminal iidentification and MBS sign to the base station.
After the state indication message of this indication MBS authentication success is received in the base station, this MBS information of this this terminal is changed to state of activation, perhaps, the relevant information of this MBS of this terminal is added in the respective contexts.Such as, if can store this MBS sign in the context of this terminal, then this sign can be joined in this context; If sign that can storage terminal in the corresponding MBS context then can join the sign of this terminal in the corresponding MBS context.
The base station is changed to state of activation by this MBS state that the relevant information of this MBS of this terminal is added in the respective contexts maybe this terminal, authorizes this terminal to use this MBS.After the base station authorizes this terminal to use this MBS,, can give service request (DSA-RSP) that this terminal distributes corresponding key or response etc. if receive the key request (as the request of GKEK) or the service request (as DSA-REQ) of this terminal.Make the terminal of MBS authentication success can successfully receive this MBS.
Similarly, for step 410,420,430 and 440, can increase corresponding response message, its response order can not have sequential relationship, also can allow it have sequential relationship.
Need to prove that the functional entity of the MBS state of storage or distribution terminal can also be AS or third-party aaa server.May be through the network entity of one of following or its combination in any in the communication process of the state indication message of MBS: MBS server, PF, Anchor SFA, data path function/Foreign Agent anchor point (Anchor DPF/FA), NAS and gateway.Enumerate the route of transmission of the state indication message of several possible MBS below, but do not comprise all possible situations:
(1) MBS server or AS or third party's aaa server--〉PF--〉Anchor SFA--〉gateway--base station
(2) MBS server or AS or third party's aaa server--〉PF--〉gateway--base station
(3) MBS server--〉Anchor SFA--〉gateway--base station
(4) MBS server--〉NAS--〉gateway--base station
(5) MBS server--〉Anchor DPF/FA--〉gateway--base station
(6) MBS server--〉gateway--〉base station
(7) aaa server--〉NAS--〉gateway--base station
(8) aaa server--〉Anchor DPF/FA--〉gateway--base station
(9) aaa server--〉gateway--〉base station
(10) aaa server--〉Anchor SFA--〉gateway--base station
(11) aaa server or AS or third party's aaa server--〉PF--〉Anchor SFA--〉gateway--base station
(12) aaa server or AS or third party's aaa server--〉PF--〉gateway--base station
(13) aaa server or third party's aaa server--〉MBS server--〉PF--〉Anchor SFA--〉gateway--base station
(14) aaa server or third party's aaa server--〉MBS server--〉PF--〉gateway--base station
(15) aaa server or third party's aaa server--〉MBS server--〉AnchorSFA--〉gateway--base station
(16) aaa server or third party's aaa server--〉MBS server--〉NAS--〉gateway--base station
(17) aaa server or third party's aaa server--〉MBS server--〉AnchorDPF/FA--〉gateway--base station
(18) aaa server or third party's aaa server--〉MBS server--〉gateway--〉base station
(19) third party's aaa server--〉aaa server--〉NAS--〉gateway--base station
(20) third party's aaa server--〉aaa server--〉Anchor DPF/FA--〉gateway--base station
(21) third party's aaa server--〉aaa server--〉gateway--〉base station
(22) third party's aaa server--〉aaa server--〉Anchor SFA--〉gateway--base station
(23) third party's aaa server--〉aaa server or AS or third party's aaa server--〉PF--〉Anchor SFA--〉gateway--base station
(24) third party's aaa server--〉aaa server or AS or third party's aaa server--〉PF--〉gateway--base station
(25) AS---〉PF--〉Anchor SFA--〉gateway--base station
(26) AS--〉PF--〉gateway--the base station
The state indication message of MBS can also be carried one of following parameter or its combination in any: NAS sign, the address of Anchor DPF/FA, the address of PF, the address of Anchor SFA, transmits the concrete network element of this state indication message with indication.
If the functional entity of MBS state of storage or distribution terminal is the MBS server, and the MBS server is when being in the gateway of Access Network, and the state indication message distribution path of MBS as shown in Figure 5.
For the route of transmission of the state indication message of any one MBS, the specific implementation of the use control method of MBS is all identical mutually with above-mentioned execution mode, does not repeat them here.Because state indication message can send to MBS controlled function entity by the forwarding of a plurality of network entities, therefore, the present invention program can flexible Application in the multiple network structure.
The 4th execution mode of the present invention relates to the use control system of MBS, it is characterized in that, comprises: the functional entity of MBS state of storage or distribution terminal is used to send the state indication message of this MBS state that is used to indicate this terminal; With MBS controlled function entity, be used for the accepting state Indication message, and whether authorize this terminal to use this MBS according to this message decision.Have in can comprising in this state indication message: MBS contract overtime, MBS authentification failure of time, MBS authentication success, MBS, MBS deexcitation sign, terminal iidentification and MBS sign, wherein, the MBS time of contracting can be the absolute time or the professional remaining time of the business termination of this MBS; The MBS sign can be SFID or content identification.
Wherein, the functional entity of the MBS state of storage or distribution terminal can be aaa server, AS, MBS server or third-party aaa server; MBS controlled function entity can be the base station.
Specifically, expire or during the MBS authentication success, the functional entity of the MBS state of storage or distribution terminal sends corresponding state indication message when the signatory time of the MBS of terminal.If MBS controlled function entity receives is the signatory overdue state indication message of time of indication MBS, and then the relevant information of this MBS by deleting this terminal maybe is changed to unactivated state with this MBS state of this terminal, and refusal authorizes this terminal to use this MBS; If what MBS controlled function entity received is the state indication message of indication MBS authentication success, then be changed to state of activation, authorize this terminal to use this MBS by this MBS state that the relevant information of this MBS of this terminal is added in the respective contexts maybe this terminal.
MBS controlled function entity makes that by only using the terminal of corresponding MBS to send GKEK to being authorized to exceeding the terminal of subscribing to the term of validity can't receive this MBS, and the terminal of MBS authentication success can successfully receive this MBS.
Need to prove, state indication message can also be by the forwarding of one or more network entities (as MBS server, PF, Anchor SFA, Anchor DPF/FA, NAS and gateway), send to MBS controlled function entity, with flexible Application in the multiple network structure.
Though pass through with reference to some of the preferred embodiment of the invention, the present invention is illustrated and describes, but those of ordinary skill in the art should be understood that and can do various changes to it in the form and details, and without departing from the spirit and scope of the present invention.
Claims (19)
1. the use control method of a multicast broadcast service is characterized in that, comprises following steps:
The functional entity of the multicast broadcast service MBS state of storage or distribution terminal sends the state indication message of this MBS state be used to indicate this terminal to MBS controlled function entity;
Described MBS controlled function entity determines whether to authorize described terminal to use this MBS according to the described state indication message of receiving.
2. the use control method of multicast broadcast service according to claim 1 is characterized in that, described state indication message comprises one of following parameter or its combination in any:
MBS contract overtime, MBS authentification failure of time, MBS authentication success, MBS, MBS deexcitation sign, terminal iidentification, MBS sign.
3. the use control method of multicast broadcast service according to claim 2 is characterized in that, absolute time or professional remaining time that the business that the signatory time of described MBS is this MBS stops; Described MBS is designated traffic stream identifier or content identification.
4. the use control method of multicast broadcast service according to claim 1, it is characterized in that, when the signatory time of the MBS of described terminal expired, the functional entity of the MBS state of described storage or distribution terminal sent the signatory overdue state indication message of time of indication MBS to described MBS controlled function entity;
Described MBS controlled function entity is received the signatory time of described indication MBS during overdue state indication message, and the relevant information of this MBS by deleting described terminal maybe is changed to unactivated state with this MBS state of this terminal, and refusal authorizes this terminal to use this MBS.
5. the use control method of multicast broadcast service according to claim 4 is characterized in that, the signatory overdue state indication message of time of described indication MBS comprises one of following parameter or its combination in any:
The overtime sign of MBS, MBS authentification failure sign, terminal iidentification, MBS sign.
6. the use control method of multicast broadcast service according to claim 1, it is characterized in that, when the MBS of described terminal authentication success, the functional entity of the MBS state of described storage or distribution terminal sends the state indication message of indication MBS authentication success to described MBS controlled function entity;
When described MBS controlled function entity is received the state indication message of described indication MBS authentication success, be changed to state of activation by this MBS state that the relevant information of this MBS of described terminal is added in the respective contexts maybe this terminal, authorize this terminal to use this MBS.
7. the use control method of multicast broadcast service according to claim 6 is characterized in that, the state indication message of described indication MBS authentication success comprises one of following parameter or its combination in any:
The sign of MBS authentication success, signatory time of MBS, terminal iidentification, MBS sign.
8. according to the use control method of each described multicast broadcast service in the claim 1 to 7, it is characterized in that the functional entity of the MBS state of described storage or distribution terminal is authentication aaa server, application server, MBS server or third-party aaa server;
Described MBS controlled function entity is the base station.
9. the use control method of multicast broadcast service according to claim 8 is characterized in that, described MBS controlled function entity only sends corresponding M BS key to the terminal of licensing this MBS after receiving the MBS key request of described terminal.
10. the use control method of multicast broadcast service according to claim 9 is characterized in that, described MBS key is multicast service encryption key GKEK.
11. the use control method of multicast broadcast service according to claim 8, it is characterized in that the functional entity of the MBS state of described storage or distribution terminal sends to described MBS controlled function entity by the network entity of one of following or its combination in any with described state indication message:
MBS server, policy functional entity, service flow authorization person anchor point, data path function/Foreign Agent anchor point, network access server, gateway.
12. the use control method of multicast broadcast service according to claim 8 is characterized in that, described state indication message is carried one of following parameter or its combination in any:
The address of the address of network access server sign, data path function or Foreign Agent anchor point, the address of policy functional entity, service flow authorization person anchor point.
13. the use control method of multicast broadcast service according to claim 8 is characterized in that, described state indication message is carried the required security information of described MBS.
14. the use control method of multicast broadcast service according to claim 13 is characterized in that, described security information comprises one of following or its combination in any:
MBS multicast group Security Association, GKEK context, MBS authorization key MAK, MAK context.
15. the use control system of a multicast broadcast service is characterized in that, comprises:
The functional entity of multicast broadcast service MBS state of storage or distribution terminal is used to send the state indication message of this MBS state that is used to indicate this terminal; With
Whether MBS controlled function entity is used to receive described state indication message, and authorize described terminal to use this MBS according to this message decision.
16. the use control system of multicast broadcast service according to claim 15 is characterized in that, described state indication message comprises one of following parameter or its combination in any:
MBS contract overtime, MBS authentification failure of time, MBS authentication success, MBS, MBS deexcitation sign, terminal iidentification, MBS sign.
17. the use control system of multicast broadcast service according to claim 15, it is characterized in that, the functional entity of the multicast broadcast service MBS state of described storage or distribution terminal expired or during the MBS authentication success, sends described state indication message in the signatory time of the MBS of described terminal.
18. use control system according to each described multicast broadcast service in the claim 15 to 17, it is characterized in that the functional entity of the MBS state of described storage or distribution terminal is authentication aaa server, application server, MBS server or third-party aaa server;
Described MBS controlled function entity is the base station.
19. the use control system of multicast broadcast service according to claim 18 is characterized in that, described system also comprises the network entity of one of following or its combination in any:
MBS server, policy functional entity, service flow authorization person anchor point, data path function/Foreign Agent anchor point, network access server, gateway;
The functional entity of the MBS state of described storage or distribution terminal sends to described MBS controlled function entity by the forwarding of described network entity with described state indication message.
Priority Applications (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNA2006101419747A CN101155411A (en) | 2006-09-27 | 2006-09-27 | Using control method and system for multicast broadcasting service |
| PCT/CN2007/070739 WO2008040242A1 (en) | 2006-09-20 | 2007-09-20 | Method, network and terminal device for obtaining multicast broadcast service key |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNA2006101419747A CN101155411A (en) | 2006-09-27 | 2006-09-27 | Using control method and system for multicast broadcasting service |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN101155411A true CN101155411A (en) | 2008-04-02 |
Family
ID=39256772
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CNA2006101419747A Pending CN101155411A (en) | 2006-09-20 | 2006-09-27 | Using control method and system for multicast broadcasting service |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101155411A (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107071733A (en) * | 2017-04-17 | 2017-08-18 | 深圳市途鸽信息有限公司 | Virtual SIM card service supporting method and server, communication means and SIM card server and mobile device |
| CN108632815A (en) * | 2017-03-24 | 2018-10-09 | 华为技术有限公司 | Communication means and equipment |
-
2006
- 2006-09-27 CN CNA2006101419747A patent/CN101155411A/en active Pending
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108632815A (en) * | 2017-03-24 | 2018-10-09 | 华为技术有限公司 | Communication means and equipment |
| CN108632815B (en) * | 2017-03-24 | 2020-02-21 | 华为技术有限公司 | Communication method and device |
| US11304054B2 (en) | 2017-03-24 | 2022-04-12 | Huawei Technologies Co., Ltd. | Communication method and device |
| CN107071733A (en) * | 2017-04-17 | 2017-08-18 | 深圳市途鸽信息有限公司 | Virtual SIM card service supporting method and server, communication means and SIM card server and mobile device |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| EP3742696A1 (en) | Identity management method, equipment, communication network, and storage medium | |
| US7330898B2 (en) | Network content management | |
| RU2333608C2 (en) | Method and device for provision of protection in data processing system | |
| CN102379134B (en) | Securing messages associated with a multicast communication session within a wireless communications system | |
| KR102642108B1 (en) | Greeting protocol system and method for communicating using a private overlay peer-to-peer network | |
| CN101409592B (en) | Method, system and apparatus for implementing multi-application business based on condition receiving card | |
| US7917745B2 (en) | Network communications security agent | |
| CN101536405B (en) | Method and device for dynamic setting up and control of temporary communications groups with secure transmission | |
| WO2014058166A1 (en) | Data transmitting apparatus and method, and recording medium having program recorded thereon for executing said method on computer | |
| US20030101253A1 (en) | Method and system for distributing data in a network | |
| JP2008524914A (en) | Digital Rights Management Method for Broadcast / Multicast Service | |
| KR20070014162A (en) | A method for implementing grouping devices and interacting among grouped devices | |
| CN101981864A (en) | Method and apparatus for providing broadcast service using encryption key in a communication system | |
| CN100403814C (en) | Packet broadcasting service key controlling method | |
| CN102893579B (en) | For provide method, node and the equipment of bill in communication system | |
| CN101150396B (en) | Method, network and terminal device for obtaining multicast and broadcast service secret key | |
| CN101433011A (en) | Method and system for protecting broadcast service/content in a mobile broadcast system, and method for generating short term key message therefor | |
| CN101345640B (en) | Management method and system of multicast broadcasting service | |
| CN101166333A (en) | Management method and system for multicast broadcast service | |
| CN101155411A (en) | Using control method and system for multicast broadcasting service | |
| CN101150467B (en) | Method for adding multicast and broadcast service into communication system and terminal | |
| KR20010096157A (en) | Message relay system for the internet instant messenger servers | |
| CN101087188B (en) | MBS authentication secret key management method and system in wireless network | |
| US20050198126A1 (en) | System and method of providing content in a multicast system | |
| CN105610599A (en) | Method and device for managing user data |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C12 | Rejection of a patent application after its publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20080402 |