CN101159679A - Method to obtaining user identification sign of packet data interface in wireless LAN - Google Patents
Method to obtaining user identification sign of packet data interface in wireless LAN Download PDFInfo
- Publication number
- CN101159679A CN101159679A CNA2007101677264A CN200710167726A CN101159679A CN 101159679 A CN101159679 A CN 101159679A CN A2007101677264 A CNA2007101677264 A CN A2007101677264A CN 200710167726 A CN200710167726 A CN 200710167726A CN 101159679 A CN101159679 A CN 101159679A
- Authority
- CN
- China
- Prior art keywords
- user
- identification information
- pdg
- permanent
- tunnel
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Abstract
The invention provides a method for packet data gateway (PDG) acquiring a user identification in a wireless local-area network (WLAN). The method is characterized in that an authentication authorization accounting (AAA) server acquires the permanent user identification information from the authentication request information transmitted from a PDG and involving temporary user identification information, and transmits the authorization information involving the permanent user identification information to the PDG, and then the PDG acquires the permanent user identification information of WLAN user. Further, the PDG correlates the acquired permanent user identification information to the channel identification information of the user terminal, and saves, in this way, the PDG realizes the management to the WLAN user terminal, such as charging or access control. The invention is easy to implement, and has good compatibility with the existing corresponding processes.
Description
Technical field
The present invention relates to the wireless access technology field, be meant that especially packet data gateway in a kind of WLAN (wireless local area network) (PDG, Packet Data Gateway) obtains the method for User Identity.
Background technology
Along with the development of society, the user is more and more higher to the requirement of wireless access rate, because WLAN (wireless local area network) (WLAN, Wireless Local Area Network) can provide wireless data access at a high speed in more among a small circle, thereby it is widely used.WLAN (wireless local area network) comprises multiple different technologies, a widely used technical standard is IEEE 802.11b at present, it adopts the 2.4GHz frequency range, the maximum data transmission rate can reach 11Mbps, use the IEEE 802.11g and bluetooth (Bluetooth) technology in addition of this frequency range, wherein, 802.11g the maximum data transmission rate can reach 54Mbps.Other wireless local area network technology all uses the 5GHz frequency range such as IEEE 802.11a and ETSI BRAN Hiperlan2, and maximum transmission rate also can reach 54Mbps.
Though multiple different WLAN wireless access technology is arranged, most of WLAN adopts Internet Protocol (IP) packet data package to carry out transfer of data.For a Wireless IP network, the concrete WLAN access technology that it adopted generally is transparent for upper strata IP, its basic structure all is to utilize access point (AP) to finish the wireless access of user terminal, and the IP transmission network of forming by network control and connection device carries out transfer of data.
Rise and development along with the WLAN technology, WLAN and various wireless mobile communication network, such as: the intercommunication of global mobile communication (GSM) system, code division multiple access (CDMA) system, Wideband Code Division Multiple Access (WCDMA) (WCDMA) system, time division duplex-S-CDMA (TD-SCDMA) system, CDMA2000 system is just becoming the emphasis of current research.In third generation partner program (3GPP) standardization body, user terminal both can link to each other with internet (Internet), Intranet (Intranet) by the access network of WLAN, can also link to each other with the home network of 3GPP system or the accesses network of 3GPP system via the WLAN access network.
Figure 1 shows that the networking structure schematic diagram of wlan system and the intercommunication of 3GPP system under the roaming condition.When the WLAN user terminal inserts in roaming, link to each other with the accesses network of 3GPP via the WLAN access network, since the part entity in the 3GPP accesses network respectively with the 3GPP home network in the corresponding entity interconnection, such as 3GPP authentication and authorization charging (AAA) agency in the 3GPP accesses network and 3GPP authentication and authorization charging (AAA) server in the 3GPP home network; WLAN (wireless local area network) in the 3GPP accesses network inserts packet data gateway (PDG) in critical point (WAG) and the 3GPP home network or the like, therefore, has realized that the WLAN user terminal inserts the home network of 3GPP.Dash area is 3GPP packet switching (PS) territory business among the figure, i.e. intercommunication scene 3 (Scenario3) business in the 3GPP network.
Figure 2 shows that the networking structure schematic diagram of wlan system and the intercommunication of 3GPP system under the non-roaming situation.When the WLAN user terminal inserts in this locality, directly link to each other with the home network of 3GPP via the WLAN access network.Dash area is 3GPP packet switching (PS) territory business, i.e. Scenario3 business in the 3GPP home network among the figure.
Referring to Fig. 1, shown in Figure 2, in the 3GPP system, mainly comprise home signature user server (HSS)/attaching position register (HLR), 3GPP aaa server, 3GPP AAA agency, WAG, packet data gateway, charging critical point (CGw)/charging information collecting system (CCF) and Online Charging System (OCS).All entities of user terminal, WLAN access network and 3GPP system have constituted the 3GPP-WLAN Internet jointly, and this 3GPP-WLAN Internet can be used as a kind of LAN service system.Wherein, the 3GPP aaa server is responsible for authentication, mandate and the charging to the user, and the charging information collecting that the WLAN access network is sent here also sends charge system to; Packet data gateway (PDG) is responsible for user data is transferred to 3GPP network or other packet networks from the WLAN access network; Charge system mainly receives and writes down the customer charging information that network transmits, and OCS transmits online cost information according to online charging user's expense situation indication network is periodic, and adds up and control.
If the WLAN user terminal wishes to insert Internet/Intranet, then must will comprise self permanent user identity identification information by the WLAN Access Network, access request message as international mobile subscriber identity (IMSI) sends to aaa server (AS), carry out basic access authentication mandate, after the access authentication mandate by AS, this WLAN user terminal could be linked into Internet/Intranet by the WLAN Access Network.Described permanent user identity sign is unique to each user.
In basic access authentication licensing process, AS gives and waits to apply for that the WLAN user terminal that inserts specifies casual user's identify label, and the WLAN user by Certificate Authority uses casual user's identify label to substitute the permanent user identity sign and communicates.Perhaps, specify casual user's identify label to the user in reauthentication process that AS also can be afterwards or the business authentication process, perhaps, afterwards reauthentication process or business authentication process are upgraded casual user's identify label.
If should wish to insert the PS territory business of 3GPP by the WLAN user terminal of basic access authentication mandate, then can be further to the business of 3GPP home network application intercommunication scene 3 (Scenario3), that is:
The WLAN user terminal is from domain name resolution server (DNS), obtain to provide in the 3GPP packet network PDG address of user's requested service, and send the tunnel that comprises casual user's identification information to this PDG and set up request message, PDG is transmitted to AS with the request message that receives and carries out authentication processing.AS finishes after this WLAN user authentication processing at end, then authorizes this user can be by the PS territory business of this PDG visit 3GPP.At this moment, the PDG of this reception request is responsible for distributing Tunnel Identifier, sets up the tunnel connection, and its required business is provided for the WLAN user terminal of initiating application.
The defective of existing scheme is: PDG does not obtain the process of WLAN user's permanent user identity sign.Therefore, PDG is when communicating with the WLAN terminal and do not know user's true identity, thereby also just can not realize the control business relevant with user's permanent identification, as the user is chargeed, or to user access control etc.
Summary of the invention
In view of this, the object of the present invention is to provide PDG in a kind of WLAN (wireless local area network) to obtain the method for User Identity, make PDG can obtain WLAN user's permanent user identity identification information.
For achieving the above object, technical scheme of the present invention is achieved in that
The method of obtaining user identification sign of packet data interface in a kind of WLAN (wireless local area network), this method may further comprise the steps:
A, aaa server distribute casual user's identification information to the user, preserve this user's the permanent user identity sign and the corresponding relation of casual user's identify label simultaneously;
B, when aaa server receive from the request that comprises application service-user casual user identification information of PDG this user is carried out the message of authentication after, this user terminal is carried out authentication processing, if authentication success, then obtain this user's permanent user identity identification information according to the described corresponding relation of step a, and after the PDG transmission comprises the successful authorization messages of permanent user identity identification information, execution in step c, if authentication is unsuccessful, then aaa server directly sends failure to PDG;
After c, PDG receive the described message of step b, preserve this user's permanent user identity identification information.
Preferably, after the described PDG of step c receives the described message of step b, further comprise: PDG distributes tunnel identification information to this user terminal by authentication, and after preserving the related information of this user's permanent user identity identification information and described tunnel identification information, set up the tunnel that communicates with user terminal.
Preferably, after the described PDG of step c receives the described message of step b, further comprise: after PDG distributes tunnel identification information to this user terminal by authentication, judge the local permanent user identity identification information whether this user is arranged, if have, after then directly preserving the related information of this user's permanent user identity identification information and described tunnel identification information, set up the tunnel that communicates with user terminal, otherwise, earlier this user's permanent user identity identification information is preserved, after preserving the related information of this user's permanent user identity identification information and described tunnel identification information again, set up the tunnel that communicates with user terminal.
Preferably, after the described tunnel that communicates with user terminal was removed, this method further comprised: the related information of PDG deletion permanent user identity identification information and described tunnel identification information.
Preferably, this method further comprises: PDG judges permanent user identity identification information relevant information whether and between one or more tunnel identification informations, if then be left intact, otherwise delete this permanent user identity identification information.
Preferably, this method further comprises: PDG obtains user's permanent user identity identification information according to tunnel identification information, realizes the charging to this user terminal, or access control.
Preferably, described permanent user identity identification information is international mobile subscriber identity IMSI.
In the present invention, in the request authentication message that comprises casual user's identification information that aaa server is sent according to PDG, obtain this user's permanent user identity identification information, and the authorization messages that will comprise the permanent user identity identification information sends to PDG, thereby makes PDG obtain WLAN user's permanent user identity identification information.And then PDG carries out related preservation with the permanent user identity identification information that obtains with the tunnel identification information of this user terminal, makes PDG realize management to the WLAN user terminal, as this user being realized charge and or access control etc.The present invention realizes simply, and has good compatibility with existing related procedure.
Description of drawings
Figure 1 shows that the networking structure schematic diagram of wlan system and the intercommunication of 3GPP system under the roaming condition;
Figure 2 shows that the networking structure schematic diagram of wlan system and the intercommunication of 3GPP system under the non-roaming situation;
Figure 3 shows that and use the flow chart that PDG of the present invention obtains the permanent user identity identification information;
Figure 4 shows that the schematic diagram that permanent user totem information is associated with an above tunnel identification information.
Embodiment
For making technical scheme of the present invention clearer, the present invention is described in further details again below in conjunction with accompanying drawing.
Thinking of the present invention is: aaa server distributes casual user's identification information to the user, preserves this user's the permanent user identity sign and the corresponding relation of casual user's identify label simultaneously; When aaa server receive from the request that comprises application service-user casual user identification information of PDG this user is carried out the message of authentication after, this user terminal is carried out authentication processing, if authentication success, then obtain this user's permanent user identity identification information according to the described corresponding relation of step a, and after the PDG transmission comprises the successful authorization messages of permanent user identity identification information, preserve this user's permanent user identity identification information by PDG, if authentication is unsuccessful, then aaa server directly sends failure to PDG;
Figure 3 shows that and use the flow chart that PDG of the present invention obtains the permanent user identity identification information.
Step 301, WLAN user will comprise self permanent user identity identification information by the WLAN Access Network, access request message as IMSI sends to aaa server, carry out basic access authentication, AS distributes casual user's identification information for the user terminal by basic access authentication, preserves this user's the permanent user identity sign and the corresponding relation of casual user's identify label simultaneously;
AS can specify casual user's identify label to the user in the process of basic access authentication, perhaps, AS afterwards the reauthentication process or the business authentication process in specify casual user's identify label to the user, perhaps, reauthentication process afterwards or business authentication process are upgraded casual user's identify label.
Step 302 after the WLAN user by basic access authentication mandate obtains the address that requested service PDG is provided from DNS, sends the tunnel that comprises self casual user's identification information to this PDG and sets up request message;
Step 303, PDG sends the request authentication message that comprises application user casual user identification information to aaa server, with the request aaa server this user terminal is carried out Certificate Authority;
Step 304, aaa server carries out authentication processing to the user terminal of PDG appointment, if authentication success, then execution in step 305, if authentication is unsuccessful, then aaa server directly sends the response message of failure to PDG, and process ends;
Step 305, the corresponding relation that aaa server is preserved according to step 301, obtain this user's permanent user identity identification information, and send the successful authorization messages that comprises the permanent user identity identification information, allow this application user terminal by its PDG access service of applying for to PDG;
Step 306, after PDG receives authorization messages from aaa server, distribute Tunnel Identifier etc. for this user terminal and set up the tunnel relevant information, and judge whether this locality preserves this user's permanent user identity identification information, if have, after then directly preserving the related information of this user's permanent user identity identification information and described tunnel identification information, execution in step 307, otherwise, earlier this user's permanent user identity identification information is preserved, after preserving the related information of this user's permanent user identity identification information and described tunnel identification information again, execution in step 307;
Because a PDG may support multiple business, therefore, certain WLAN user terminal may exist a plurality of tunnels to be connected with a PDG, and promptly a WLAN user's permanent user identity sign may be associated with a plurality of Tunnel Identifiers simultaneously; As shown in Figure 4, a user's permanent user identity sign 1 and the Tunnel Identifier of certain PDG are that 1,2,3 tunnel is simultaneously related, another user's permanent user identity identify 2 and the Tunnel Identifier of this PDG be that tunnel while of 4,5 is related;
Step 307, PDG sets up the tunnel that itself and this user terminal communicates;
Step 308, in the service communication process, PDG is according to the tunnel identification information in this teleservice information, obtain this user's permanent user identity identification information, realize identifying relevant business, as user terminal being chargeed and or access control etc. with this permanent user identity.
So-called realization is chargeed and is meant, one or more business of certain PDG have been used when certain user terminal, when being one or more tunnels, PDG realizes the charging to these all applied business of user terminal according to the corresponding relation of Tunnel Identifier and user's permanent identification.
So-called realization access control is meant at a certain class business, realizes more detailed control by PDG.Usually, the aaa server that operator provides only limit to check whether user terminal has been ordered should business, and do not do more detailed inspection, use the present invention, can make PDG that user terminal is carried out the more inspection of details.Such as, the WLAN user terminal has been ordered certain game service, aaa server has been ordered really the inspection user and will have been authorized this user capture that the PDG of game service is provided behind the game service, a PDG provides the various games business usually, and the user generally only order one of them or several, PDG can judge by user's permanent user identity sign whether this WLAN user can participate in certain recreation, and realizes control.
In addition, after the user uses certain tunnel to finish and removes, PDG will delete the related information between this Tunnel Identifier and the permanent user identity sign, when PDG finds that certain permanent user identity identifies the tunnel identification information that has not been associated, PDG will delete this permanent user identity identification information.
The above only is preferred embodiment of the present invention, and is in order to restriction the present invention, within the spirit and principles in the present invention not all, any modification of being done, is equal to replacement, improvement etc., all should be included within protection scope of the present invention.
Claims (7)
1. the method for obtaining user identification sign of packet data interface in the WLAN (wireless local area network) is characterized in that this method may further comprise the steps:
A, aaa server distribute casual user's identification information to the user, preserve the permanent user identity sign of this user terminal and the corresponding relation of casual user's identify label simultaneously;
B, when aaa server receive from the request that comprises application service-user casual user identification information of PDG this user is carried out the message of authentication after, this user terminal is carried out authentication processing, if authentication success, then obtain this user's permanent user identity identification information according to the described corresponding relation of step a, and after the PDG transmission comprises the successful authorization messages of permanent user identity identification information, execution in step c, if authentication is unsuccessful, then aaa server directly sends failure to PDG;
After c, PDG receive the described message of step b, preserve this user's permanent user identity identification information.
2. method according to claim 1, it is characterized in that, after the described PDG of step c receives the described message of step b, further comprise: PDG distributes tunnel identification information to this user terminal by authentication, and after preserving the related information of this user's permanent user identity identification information and described tunnel identification information, set up the tunnel that communicates with user terminal.
3. method according to claim 1, it is characterized in that, after the described PDG of step c receives the described message of step b, further comprise: after PDG distributes tunnel identification information to this user terminal by authentication, judge the local permanent user identity identification information whether this user is arranged, if have, after then directly preserving the related information of this user's permanent user identity identification information and described tunnel identification information, set up the tunnel that communicates with user terminal, otherwise, earlier this user's permanent user identity identification information is preserved, after preserving the related information of this user's permanent user identity identification information and described tunnel identification information again, set up the tunnel that communicates with user terminal.
4. according to claim 2 or 3 described methods, it is characterized in that after the described tunnel that communicates with user terminal was removed, this method further comprised: the related information of PDG deletion permanent user identity identification information and described tunnel identification information.
5. method according to claim 4, it is characterized in that, this method further comprises: PDG judges permanent user identity identification information relevant information whether and between one or more tunnel identification informations, if, then be left intact, otherwise delete this permanent user identity identification information.
6. according to claim 2 or 3 described methods, it is characterized in that this method further comprises: PDG obtains user's permanent user identity identification information according to tunnel identification information, realizes the charging to this user, or access control.
7. method according to claim 1 is characterized in that, described permanent user identity identification information is international mobile subscriber identity IMSI.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CNA2007101677264A CN101159679A (en) | 2004-01-14 | 2004-01-14 | Method to obtaining user identification sign of packet data interface in wireless LAN |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CNA2007101677264A CN101159679A (en) | 2004-01-14 | 2004-01-14 | Method to obtaining user identification sign of packet data interface in wireless LAN |
Related Parent Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CNB2004100005849A Division CN100411335C (en) | 2004-01-14 | 2004-01-14 | Method for obtaiing user identification by packet data gate for wireless LAN |
Publications (1)
Publication Number | Publication Date |
---|---|
CN101159679A true CN101159679A (en) | 2008-04-09 |
Family
ID=39307604
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CNA2007101677264A Pending CN101159679A (en) | 2004-01-14 | 2004-01-14 | Method to obtaining user identification sign of packet data interface in wireless LAN |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN101159679A (en) |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2009152676A1 (en) * | 2008-06-17 | 2009-12-23 | 中兴通讯股份有限公司 | Aaa server, p-gw, pcrf, method and system for obtaining the ue's id |
WO2010139147A1 (en) * | 2009-06-04 | 2010-12-09 | 中兴通讯股份有限公司 | Mehtod and system for subscriber access, method and system for managing subscriber of closed subscriber group |
CN111970695A (en) * | 2020-09-08 | 2020-11-20 | 中国联合网络通信集团有限公司 | 5G charging domain user privacy protection method, charging system and core network system |
-
2004
- 2004-01-14 CN CNA2007101677264A patent/CN101159679A/en active Pending
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2009152676A1 (en) * | 2008-06-17 | 2009-12-23 | 中兴通讯股份有限公司 | Aaa server, p-gw, pcrf, method and system for obtaining the ue's id |
WO2010139147A1 (en) * | 2009-06-04 | 2010-12-09 | 中兴通讯股份有限公司 | Mehtod and system for subscriber access, method and system for managing subscriber of closed subscriber group |
CN111970695A (en) * | 2020-09-08 | 2020-11-20 | 中国联合网络通信集团有限公司 | 5G charging domain user privacy protection method, charging system and core network system |
CN111970695B (en) * | 2020-09-08 | 2022-09-02 | 中国联合网络通信集团有限公司 | 5G charging domain user privacy protection method, charging system and core network system |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN1283072C (en) | Method for processing user terminal network selection information in WLAN | |
US8233934B2 (en) | Method and system for providing access via a first network to a service of a second network | |
AU2005236981B2 (en) | Improved subscriber authentication for unlicensed mobile access signaling | |
CN1330214C (en) | Interactive method for re-selecting operating network to wireless local network | |
EP1914936B1 (en) | An access control method of the user altering the visited network, the unit and the system thereof | |
EP1916867B2 (en) | A method for managing the local terminal equipment to access the network | |
EP1693988B1 (en) | A method of the subscriber terminal selecting the packet data gateway in the wireless local network | |
EP1708417B1 (en) | An interactive method of a wireless local area network user terminal rechoosing a management network | |
EP1792498A2 (en) | Method and system for identifying and access point into a wireless network | |
WO2005069533A1 (en) | A method of acquiring permanent user identification by the packet data gateway (pdg) in the wlan | |
JP4476996B2 (en) | WLAN tight coupling solution | |
US20080200147A1 (en) | Authentication of Mobile Communication Networks | |
WO2007094864A2 (en) | General access network controller bypass to facilitate use of standard cellular handsets with a general access network | |
CN102893669A (en) | Method, device and system of accessing mobile network | |
CN1271822C (en) | Method of interactive processing of user terminal network selection information in WLAN | |
JPH1098774A (en) | Method and device for authenticating subscriber and/or coding information | |
EP3114865B1 (en) | Using services of a mobile packet core network | |
CN101160786B (en) | Method, system and apparatus for relating the information associated with user in NASS | |
JP2003513572A (en) | Method and apparatus for selecting identification confirmation information | |
EP2378802B1 (en) | A wireless telecommunications network, and a method of authenticating a message | |
CN1943256A (en) | Method and system for providing presentation system with data through wireless local network | |
CN101159679A (en) | Method to obtaining user identification sign of packet data interface in wireless LAN | |
CN101166134A (en) | A service unregistration method based on IP access | |
CN100370774C (en) | Service log-on method based on IP access | |
CN100484057C (en) | A method for transmitting service data to WLAN user |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
C02 | Deemed withdrawal of patent application after publication (patent law 2001) | ||
WD01 | Invention patent application deemed withdrawn after publication |
Open date: 20080409 |