CN101341779A - Prioritized network access for wireless access networks - Google Patents
Prioritized network access for wireless access networks Download PDFInfo
- Publication number
- CN101341779A CN101341779A CNA2006800480604A CN200680048060A CN101341779A CN 101341779 A CN101341779 A CN 101341779A CN A2006800480604 A CNA2006800480604 A CN A2006800480604A CN 200680048060 A CN200680048060 A CN 200680048060A CN 101341779 A CN101341779 A CN 101341779A
- Authority
- CN
- China
- Prior art keywords
- service
- authentication
- default
- network
- predetermined
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Abstract
The present invention relates to a method, terminal device, network element, authentication server, and computer program product for controlling prioritized access to a wireless access network (200), wherein an identifier portion provided in an authentication response is set to a service-specific unique default identifier portion, dedicated to a predetermined prioritized call, at a terminal device, if the predetermined prioritized call is activated. Then, the authentication response is forwarded to a predetermined default authentication server (30) where a predetermined default service-specific authentication method is initiated for authorizing the terminal device (10) to access the predetermined prioritized service. Thereby, emergency calls or services can be made by terminal devices without SIM or USIM, and no new authentication functionality related to prioritized calls is required due to the transparent character of the service-specific unique default identifier portion.
Description
Technical field
The present invention relates to a kind of method, terminal equipment, network element, certificate server and computer program, be used for the priorization access of control the wireless access network of for example interworking WLAN (wireless local area network) (I-WLAN).
Background technology
The growth of public WLAN inserts the honeycomb home network for the terminal equipment (or subscriber's installation in the third generation technology (UE)) that is suitably assembled via described WLAN and visited network provides chance.Therefore, provide the WLAN of described interworking function to be called as I-WLAN.I-WLAN is connected to privately owned ground mobile network (PLMN), privately owned ground mobile network make UE can access belonging network (HPLMN) and visited network (VPLMN) on the network service.
The legal provisions wireless device will be supported urgent call.Even when the session that on the particular radio channel of multiple access equipment, does not have a current activation (promptly, the user is not attached to any radio now, perhaps subscriber identity module (SIM) or universal mobile telecommunications system SIM (USIM) are not inserted in the equipment now) time, also should report emergency.
Usually, treated in the priorization mode usually by the emergency report of being initiated by switch or call emergency number, thereby made that acquisition inserts to call critical alarm easily.Yet wireless device may not have reliable functioning or can not be used reliably during emergency, thereby can not correctly finish input or other verification process of password.In addition, close network of wireless device possibility or Access Network, but not related with this network.Therefore, to emergency center with sound alarm or get in touch so that before quickening the urgent call process, do not need to authorize.
In the standard TS 23.234,33.234,24.234 and 29.234 of third generation partnership projects (3GPP), defined the I-WLAN access.Insert (situation 2) and 3GPP IP access (situation 3) for direct IP, Extensible Authentication Protocol (EAP) SIM/AKA (authentication and cryptographic key agreement) process is used to authentication, wherein, check based on the subscriber that the information that has in subscriber database (for example home subscriber servers (HSS)) place is carried out and authorize.
Current, do not exist to be used for to the WLAN Access Network or the mechanism that need insert for urgent call or other prioritized call to 3GPP aaa server indication.Therefore, be not provided for indicating this request should receive the mechanism that special treatment or user will be given special treatment to the user.This situation also is applied to the situation 3 that I-WLAN inserts.
In the 3GPP TSG SA of 5-9 day in September, 2005 WG2 transient document S2-051950, voice (VoIP) the urgent call support of internet protocol-based has been described, wherein, so that inserting via WLAN, WLAN supports the VoIP urgent call by using pseudo-IMSI (international mobile subscriber identity).So can being used to create the specific false network of user, pseudo-IMSI inserts identifier (NAI), to be used for initial the access and verification process.Pseudo-IMSI comprises mobile country code (MCC) and mobile network code, MNC (MNC) and from unique combination of the numeral of International Mobile Equipment Identity (IMEI).Can or all can use pseudo-NAI to support authentication by the VPLMN that WLAN announced, being used for emergency services, or can being by priority and passing UE, the ability and the wish of this service supported in indication.So VPLMN can regard UE as interim home subscriber, and or skip authentication and mandate (AAA), or guarantee the authentication and authorization success.
Yet the specific access scheme of such user needs the reinforcement signaling and the change of institute's involved network elements.
Summary of the invention
Therefore, the object of the present invention is to provide a kind of access control scheme, be used for that wireless access network is carried out priorization and insert, by this scheme, even there be not subscriber identity module to be inserted under the situation of terminal equipment, and with the change and the signaling requirement of minimum, prioritized call also is possible.
By a kind of control the method that the priorization of wireless access network inserts is realized this purpose, said method comprising the steps of:
-in response to the activation of predetermined prioritized call, the identifier portion in terminal equipment place authentication response is set to be exclusively used in the specific unique default identification symbol part of service of described predetermined prioritized call;
-in response to detection, described authentication response is transmitted to predetermined default authentication server to described default identification symbol part at described wireless access network place; And
-initiate default service-specific authentication method at described default authentication server place, to be used to authorizing described terminal equipment to insert described predetermined prioritized service.
In addition, realize above-mentioned purpose by a kind of terminal equipment that is used to provide the priorization to wireless access network to insert, described terminal equipment comprises: setting device, it is used for the activation in response to predetermined prioritized call, and the identifier portion in the authentication response is set to be exclusively used in the specific unique default identification symbol part of service of described predetermined prioritized call.
Further, realize above-mentioned purpose by a kind of network element of wireless access network, the priorization that the network element of described wireless access network is used to control described wireless access network inserts, and described network element comprises:
-checkout gear, it is used for detecting the predetermined unique default identification symbol part at the authentication response that is received; And
-retransmission unit, it is used in response to by described checkout gear described unique default identification being accorded with the detection of part and the described authentication response that receives is sent to predetermined default authentication server.
In addition, realize above-mentioned purpose by the certificate server that a kind of priorization that is used to control to wireless access network inserts, described certificate server comprises:
-be used for detecting the device of predetermined unique default identification symbol part of the authentication response that is forwarded that receives from described wireless access network; And
-apparatus for initiating, it is used in response to by described checkout gear described unique default identification being accorded with the detection of part and initiates the predetermined authentication method, and described predetermined authentication method is exclusively used in described unique default identification symbol part.
Correspondingly, unique identifier part, default authentication server and the method for specifying prioritized call can be set in authentication response, thereby no longer need the information that provided in SIM, USIM or the USIM integrated circuit card (UICC) for carrying out or setting up prioritized call (for example urgent call).
As another advantage, the use of single or unique service particular default identifier portion has been guaranteed and can carry out this authentication method pellucidly to existing authenticating network element, WLAN access point, packet data gateway etc.Therefore, as long as Existing policies pressure mechanism is enough to service is restricted to only urgent call, in these equipment, just do not need new and urgent call function associated unit.
Described unique default identification symbol part can be at least a portion of the territory portion or the territory portion of network access identifier.Therefore, be provided with the specific territory of prioritized call (for example urgent call), and can easily begin the EAP negotiation by acquiescence PLMN for the UE that lacks UICC.Thus, can be reduced to the direct forwarding configuration in the territory in corresponding routing table to the influence of wireless access network, wherein, special domain is directly indicated prioritized call (for example urgent call), it directly hints to be routed to gives tacit consent to PLMN, and need not realize any particular key or behavior in wireless access network.
This priorization access scheme is especially favourable under the situation that subscriber identity module (for example UICC) is not provided in terminal equipment.Yet this scheme also is favourable under the situation of this subscriber identity module providing, and this is owing to authentication and/or the licensing process that can ignore based on SIM/USIM.
Described default service-specific authentication method can be a balance method, and this method does not authenticate whatever.
As an alternative, described default service-specific authentication method goes for: use unilateral authentication, wherein, authenticate described certificate server by described terminal equipment.As example, described default service-specific authentication method goes for: authenticate described certificate server with server certificate.
Specifically, described default service-specific authentication method can be the request/response exchange of one bout.It also is configured to: use the fixed key be at least known to a plurality of client computer as the output session key, perhaps be configured to: derive described output session key from least one known fixed key.Perhaps, can or derive the required information of described output session key with the output session key and send described terminal equipment to from described certificate server in default service-specific authentication method, vice versa.
In addition, described default service-specific authentication method can be used tunneling method.So the internalist methodology that is encapsulated in the described tunneling method can be a balance method.As an alternative, be encapsulated in the universal method that internalist methodology in the described tunneling method can be to use the token card with known users name and password.
Further, described certificate server can be configured to: policy information is sent to the IAD of described wireless access network, and wherein, described policy information can define at least one admissible service.Described at least one admissible service can comprise: urgent call or emergency services.
Usually, the treatment step that the present invention implied may be implemented as concrete hardware entities or unit, perhaps alternatively, can be based on software program, described software program is controlled at described terminal equipment or smart card or data processor or the computer equipment that is provided in its like device, described network element or the described certificate server is provided.Therefore, the present invention may be implemented as computer program, and described computer program comprises the code unit that is used for generating each independent step of said method when operating in computer equipment or have on the data processor of each equipment of corresponding step.
Defined further favourable modification in the dependent claims.
Description of drawings
Now based on embodiment the present invention is described with reference to the accompanying drawings, wherein:
Fig. 1 illustrates the schematic diagram that indication wherein can realize the network architecture of the present invention;
Fig. 2 illustrates according to the schematic signaling of the access control operation of preferred embodiment and handles diagrammatic sketch; And
Fig. 3 illustrates the schematic block diagram according to the terminal equipment and the network equipment of embodiment.
Embodiment
Below, will be based on 3GPP standard TS 22.234V7.2.0, the defined I-WLAN network architecture is described the embodiment of the invention among the Release 7.
Fig. 1 illustrates the schematic block diagram of map network framework, and wherein, UE 10 can be connected via an air interface to the access point (AP) 20 of WLAN 200.AAA (authentication) server 30 is controlled authentication and authorization based on the information that is obtained from subscriber database (for example HSS 50).After authentication and authorization, UE 10 can be connected to WLAN IAD (WAG) 40 via WLAN 200, WLAN 200 serves as the interworking network, WLAN IAD (WAG) 40 provides (via packet data gateway (PDG)) access to public-land mobile network (PLMN) 400, and UE 10 has access to the external network of for example IP-based network (for example ip multicast subsystem (IMS)) from the WLAN IAD.
Before the resource that allows entity access network and association thereof, general mechanism will authenticate described entity (equipment and/or user), and allow to authorize in being based on identity.The most common access control is a binary, promptly based on the membership qualification in the group, or allow to insert, or refusal inserts.Authentication is based on three-party model, and it relates to requesting party, the authenticating party that approval inserts and the certificate server of permitting that needs insert.The requesting party has identity and some certificate proves that its identity of declaring is real.The requesting party is connected to network by the authenticating party port, and the authenticating party port is that access is controlled.Whether authenticating party self does not know to allow entity to insert.This is the function of certificate server.The requesting party initiates to insert request, and authenticating party begins message based on authentication protocol (for example Extensible Authentication Protocol (EAP)).At some point, authenticating party is communicated by letter with certificate server, and certificate server is judged authentication protocol.So one group of exchange appears between requesting party, authenticating party and the certificate server.In the end of described exchange, state or status of fail hit pay dirk.If authentication success, then authenticating party allows the requesting party by port network to be inserted.Authenticating party also keeps the fail safe context of a pair of requesting party and authenticating party port.
Can from following medium, select access medium: the original medium in Ethernet, token ring, WLAN or the serial PPP(Point-to-Point Protocol) link.The EAP standard provides the framework that is used for exchange authentication information after having set up link layer.This exchange does not even need IP.The function of transportation protocol layer is to specify on the Access Network how to exchange EAP message.Actual verification process is the process how definition should exchange certificate and exchange what certificate.
In this example, will use EAP to carry out access via WLAN 200, EAP is a kind of agreement flexibly, is used to carry any authentication information, and it is defined in IETF (the Internet engineering duty group) standard RFC 2284.
In the framework of Fig. 1, initiate the EAP verification process in the specific mode of WLAN.In WLAN technology specific protocol, transmit all EAP groupings on the packaged WLAN interface.Between aaa server 30 and UE 10, carry out a plurality of EAP requests and EAP response message exchange.The amount that comes and goes depends on for example employed EAP type.May need to be stored among the HSS 50 and information retrieval from HSS 50, to carry out specific EAP message.Also retrieve the information of the user's who is used to carry out and is inserted authentication from HSS 50.Only ought be used for carrying out the necessary information of EAP authentication in this information retrieval of the unavailable just needs of aaa server 30.
Usually, use the user name part of the NAI identity that is provided to come identifying user.During information retrieval, whether HSS 50 checks to exist and has been registered to serving user's aaa server.If HSS 50 detects another such aaa server, it offers current aaa server 30 with previous aaa server address of registering.So the authentication signaling is routed the aaa server to previous registration.From the HSS 50 retrievals profile relevant with subscriber's WLAN.If EAP authentication and authorization success, then aaa server 30 will insert and accept message and send to WLAN 200.In this message, the key material that aaa server 30 comprised the EAP success message, derive from the EAP authentication and to the connection authorization message of WLAN 200.WLAN 200 storage key material and authorization messages, be used for the authentication UE 10 communicate by letter.So WLAN 200 gives UE 10 with the EAP success message with success identity and authorization notification.
For the situation of specific I-WLAN urgent call, during the situation 2 of " being attached to " WLAN 200, UE 10 must indicate user name NAI as identity in the exchange of EAP signaling.The territory portion of described NAI is used to route requests to the relevant HPLMN that is used for this user.Described territory portion can be the form of internet domain name, and for example " operator.com " is as ietf specification RFC 1035 is specified.When attempting authenticating in WLAN inserts, the IMSI that UE 10 can be provided from UICC derives home network domain name.
Yet under the situation of the UE that lacks UICC, because home domain is the information that is stored among the SIM, so the user is not to the access of home domain.So still expectation allows the connectivity for IMS (IP Multimedia System) urgent call or other prioritized call.
According to preferred embodiment, unique territory is used as the example of unique default identification symbol part, and it indicates WLAN 200: this authentication for prioritized call (for example IMS urgent call) carry out.WLAN 200 (being AP 20) admits default domain as IMS urgent call string, and in acquiescence PLMN the correspondence response is transmitted to acquiescence aaa server (for example aaa server Fig. 1 30) from UE 10.So described acquiescence aaa server 30 is used predetermined acquiescence EAP method (for example new urgent call EAP method), to come authenticated user based on this method.
The authentication method of specific special use can be so-called " zero point " method (" null " method), and this method does not authenticate anything.As an alternative, authentication method goes for: if can suppose after a while in moving equipment (for example UE 10) and can obtain emergency service route public keys, then with server certificate authentication aaa server 30.This method can prevent that the assailant from pretending and be emergency call service provider.In its simplest form, specific authentication method (for example EAP method) can be the request/response exchange of one bout.The EAP master key can or be the well-known key (known to a plurality of client computer at least) of fixing, or can send described EAP master key by the EAP method.
Usually, can use the arbitrary key of authentication method outside " output ", thereby make the Wireless LAN access point that for example key can be sent to the IPsec gateway.In RFC 3748, the session key of being exported is called as " master session key (MSK) " and " master session key of expansion (EMSK) ".According to as the specified EAP agreement of the RFC 3748 of example, can send the session key to access point, IPsec gateway or other authenticating party from certificate server.This operation provides following advantage: even without real certificate of certification, also provide the key of output.
MSK is relevant with the key material of being derived between EAP peers include both and server and exported by the EAP method.MSK length is 64 bytes at least.In existing implementation, the aaa server that serves as the EAP server sends MSK to authenticating party.
EMSK is relevant with the additional keys material of being derived between EAP client and server and exported by the EAP method.EMSK length is 64 bytes at least.EMSK not with authenticating party or arbitrarily other third party share.As example, aaa server 30 can send to the authentication peers include both with random key in corresponding authentication request grouping (for example EAP-request/emergency call packets).Need this key to remain on the technical specific authentication method similar to actual authentication method.
According to another example, the specific authentication method goes for: use existing tunneling method (for example shielded EAP (PEAP) method), to be used for authentication.In described method based on the tunnel, internalist methodology is encapsulated in the tunneling method, that is to say, the grouping of internal authentication method is packaged by the grouping of tunneling method.As example, described internalist methodology can be a balance method, as mentioned above.In the case, tunneling method key derivation as usual.Because internalist methodology will not need key derivation in the case, so internalist methodology can also be existing authentication method, for example has the EAP generic token card of known users name and password.In generic token card mechanism, authentication request comprises displayable message, and response comprises the string that reads from hardware token card.As above-mentioned I-WLAN standard was defined, above-mentioned specific EAP method can not only be used for situation 2 authentications but also be used for situation 3 authentications.
Below, the specific implementation of the urgent call that lacks UICC in the I-WLAN environment is described with reference to Fig. 2.
Fig. 2 illustrates the schematic signaling of network element that indication calls and the corresponding message between these elements and handles diagrammatic sketch.
In step 1, the AP 20 of WLAN 200 sends to UE10 with EAP ID request as usually.In response to this, the UE 10 that wishes to carry out urgent call generates the NAI with special domain " ECALL " that indicating emergency calls out.Therefore, can represent NAI,, wherein, can not need UICC at the derivation IMEI of UE 10 places to indicate " IMEI@ECALL " with the form of domain name.The NAI that is obtained is integrated in the EAP ID response, and is sent to AP 20, and the AP 20 specific NAI of service that this is specific is identified as urgent call.In step 3, AP 20 responds the predetermined default aaa server that is transmitted in acquiescence PLMN with EAP ID, and for example aaa server 30.Acquiescence aaa server 30 detects the specific unique territory of service, and (step 4 and step 5) are up to completing successfully the EAP exchange to initiate to have the EAP method of at least one request bout.Selected acquiescence EAP method can comprise optional step x-1, and wherein, policy information or strategy implement to be downloaded to WAG 40, with the restriction service relevant with calling, for example only allows emergency call service to be used for the UE 10 that is authenticated.
At last, by the corresponding EAP success message of being transmitted at step x and step x+1, EAP is indicated to UE 10 via AP 20.
Fig. 3 illustrates the related equipment of indication verification process and the schematic block diagram of discrete cell and function thereof.
When initiating urgent call at UE 10 places by the user, function is set corresponding domain or unit 12 determines that default domain and generation are forwarded to the corresponding NAI of EAP control unit 14, and EAP control unit 14 generates EAP ID response.Should be in response to being the AP 20 that is forwarded to WLAN 200, AP 20 places at WLAN200, extract NAI and provide it to the territory measuring ability or unit 22, territory measuring ability or unit 22 detect default domain and control EAP control unit 24, to select predetermined aaa server 30 and EAP ID response is transmitted to selected or determined aaa server 30.At acquiescence aaa server 30 places, detect at the extraction NAI of territory detecting unit 32 places and to it once more.Based on the detection of default realm part, territory measuring ability or unit 32 control EAP control units 34 are initiated aforesaid predetermined EAP method.
Notice that a plurality of default realm part can be used for different prioritized call, thereby make EAP ID request is routed at least one aaa server, and initiate specific EAP method more than one.Such prioritized call can comprise fire calls, urgent doctor's calling etc.
The foregoing description makes it possible to be inserted by the UE that lacks UICC, to carry out urgent call or other prioritized call.The advantage of this priorization cut-in method is that it is transparent for existing AAA element, WLAN access point and packet data gateway.Call out (for example urgent call) if Existing policies enforcement mechanism is enough to that service is restricted to specific prioritized, then do not need new and urgent call function associated unit at these equipment places.
Use the advantage of the specific default identification symbol part of the specific territory of service or other service to be, for the UE that lacks UICC or do not insert other terminal equipment of SIM card or usim card, can start authentication by default network or PLMN and consult.So, can use default authentication method, wherein, can be reduced to the direct forwarding configuration in the territory in corresponding routing table (for example RADIUS (remote address dial-in customer's service) routing table) to the influence of WLAN Access Network.The advantage that provides like this is, does not need to realize particular key or behavior in WLAN 200.
In a word, a kind of method, terminal equipment, network element, certificate server and computer program have been described, the priorization that is used to control wireless access network inserts, wherein, if predetermined prioritized call is activated, then the identifier portion that is provided in terminal equipment place authentication response is set to be exclusively used in the specific unique default identification symbol part of service of predetermined prioritized call.So, authentication response is transmitted to predetermined default authentication server, at the predetermined default authentication server place, initiate the specific authentication method of service of predetermined default, insert the predetermined prioritized service to be used for authorization terminal equipment.Thus, can under the situation that does not have SIM or USIM, carry out urgent call by terminal equipment, and owing to the transparent characteristic of the specific unique default identification symbol part of service not needing to cause the new authentication function unit relevant with prioritized call.
Notice that above-mentioned priorization access control scheme is subject to above preferred embodiment anything but, but can use in conjunction with any verification process based on identifier portion.Specifically, can use and can serve as the specific unique default identification symbol any information partly of service that is exclusively used in predetermined prioritized call, rather than the territory portion of above-mentioned NAI.In addition, for authentication, can use the specific authentication method of service of any appropriate.Therefore, preferred embodiment can change within the scope of the appended claims.
Claims (33)
1. a control said method comprising the steps of the method that the priorization of wireless access network (200) inserts:
A) in response to the activation of predetermined prioritized service, the identifier portion of locating in the authentication response at terminal equipment (10) is set to be exclusively used in the specific unique default identification symbol part of service that described predetermined prioritized is served;
B) in response to the detection of locating at described wireless access network (200), described authentication response is transmitted to predetermined default authentication server (30) to described default identification symbol part; And
C) initiate default service-specific authentication method at described default authentication server place, to be used to authorizing described terminal equipment to insert described predetermined prioritized service.
2. the method for claim 1, wherein described unique default identification symbol part is the part of the territory portion or the territory portion of network access identifier.
3. method as claimed in claim 1 or 2 further may further comprise the steps: if do not provide subscriber identity module in described terminal equipment (10), then use described priorization to insert.
4. any described method in the claim as described above, wherein, described predetermined prioritized service is emergency services or urgent call.
5. any described method in the claim as described above, wherein, described default service-specific authentication method is a balance method, described balance method does not authenticate whatever.
6. as any described method in the claim 1 to 4, wherein, described default service-specific authentication method is applicable to: use unilateral authentication, wherein authenticate described certificate server (30) by described terminal equipment (10).
7. method as claimed in claim 6, wherein, described default service-specific authentication method is applicable to: authenticate described certificate server (30) with server certificate.
8. any described method in the claim as described above, wherein, described default service-specific authentication method is the request/response exchange of one bout.
9. any described method in the claim as described above, wherein, described default service-specific authentication method is configured to: use the fixed key be at least known to a plurality of client computer as the output session key, perhaps be configured to: derive described output session key from least one known fixed key.
10. any described method in the claim as described above, wherein, described service-specific authentication method is configured to: will export session key or derive the required information of described output session key in described default service-specific authentication method and send to described terminal equipment (10) from described certificate server (30), perhaps vice versa.
11. any described method in the claim as described above, wherein, described default service-specific authentication method is used tunneling method.
12. method as claimed in claim 11, wherein, packaged internalist methodology is a balance method in described tunneling method.
13. method as claimed in claim 11, wherein, packaged internalist methodology is to use the universal method of the token card with known users name and password in described tunneling method.
14. any described method in the claim as described above, further may further comprise the steps: policy information is sent to the IAD (40) of described wireless access network (200) from described certificate server (30), and described policy information defines at least one admissible service.
15. method as claimed in claim 14, wherein, described at least one admissible service comprises: urgent call or emergency services.
16. one kind is used to provide the terminal equipment to the priorization access of wireless access network (200), described terminal equipment (10) comprising: setting device (12), it is used for the activation in response to the predetermined prioritized service, and the identifier portion in the authentication response is set to be exclusively used in the specific unique default identification symbol part of service of described predetermined prioritized service.
17. terminal equipment as claimed in claim 16, wherein, the specific unique default identification symbol part of described service is the territory portion of network access identifier.
18. as claim 16 or 17 described terminal equipments, wherein, described predetermined prioritized service is urgent call.
19. as any described terminal equipment in the claim 16 to 18, wherein, described setting device (12) is configured to: operate lacking under the situation of subscriber identity module.
20. the network element of a wireless access network (200), it is used for the priorization access of control to described wireless access network (200), and described network element (20) comprising:
A) checkout gear (22), it is used for detecting predetermined unique default identification symbol part of the authentication response that is received; And
B) retransmission unit (24), it is used in response to by described checkout gear (22) described unique default identification being accorded with the detection of part and the described authentication response that receives is sent to predetermined default authentication server (30).
21. network element as claimed in claim 20, wherein, described unique default identification symbol part is the territory portion of network access identifier.
22. as claim 20 or 21 described network elements, wherein, described network element is the access point (20) of WLAN (wireless local area network) (200).
23. a certificate server, it is used for the priorization access of control to wireless access network (200), and described certificate server (30) comprising:
A) be used for the device (32) of detection from predetermined unique default identification symbol part of the authentication response that is forwarded of described wireless access network (200) reception; And
B) apparatus for initiating (34), it is used for according with predetermined authentication method partly in response to by the detection of described checkout gear (32) to described unique default identification symbol part and initiate to be exclusively used in described unique default identification.
24. certificate server as claimed in claim 23, wherein, described predetermined unique default identification symbol part is the territory portion of network access identifier.
25. as claim 23 or 24 described certificate servers, wherein, described apparatus for initiating (34) is configured to: initiate balance method as default service-specific authentication method, described balance method does not authenticate whatever.
26. as claim 23 or 24 described certificate servers, wherein, described apparatus for initiating (34) is configured to:, initiate to be configured to authenticate the authentication method of described certificate server (30) with server certificate as default service-specific authentication method.
27. as claim 23 or 24 described certificate servers, wherein, described apparatus for initiating (34) is configured to: initiate tunneling method as default service-specific authentication method.
28. as any described certificate server in the claim 23 to 27, wherein, described certificate server (30) is configured to: policy information is sent to the IAD (40) of described wireless access network (200), and described policy information defines at least one admissible service.
29. a computer program comprises the code unit that generates the step (a) of claim to a method 1 when being used on operating in computer equipment.
30. a computer program comprises the code unit that generates the step (b) of claim to a method 1 when being used on operating in computer equipment.
31. a computer program comprises the code unit that generates the step (c) of claim to a method 1 when being used on operating in computer equipment.
32. a smart card comprises computer program as claimed in claim 29.
33. system that is used to control to the priorization access of wireless access network, described system comprises: as any described terminal equipment in the claim 16 to 19, as any described network element in the claim 20 to 22, and as any described certificate server in the claim 23 to 28.
Applications Claiming Priority (3)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| US75203905P | 2005-12-21 | 2005-12-21 | |
| US60/752,039 | 2005-12-21 | ||
| US11/591,485 | 2006-11-02 |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN101341779A true CN101341779A (en) | 2009-01-07 |
Family
ID=40214855
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CNA2006800480604A Pending CN101341779A (en) | 2005-12-21 | 2006-12-19 | Prioritized network access for wireless access networks |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101341779A (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2012022245A1 (en) * | 2010-08-16 | 2012-02-23 | 中兴通讯股份有限公司 | Method and system for processing emergency service |
| CN110249648A (en) * | 2017-02-03 | 2019-09-17 | 诺基亚美国公司 | The system and method for session establishment executed by unauthenticated user equipment |
| CN113826372A (en) * | 2019-03-29 | 2021-12-21 | 三星电子株式会社 | Method for edge computing service and electronic device thereof |
-
2006
- 2006-12-19 CN CNA2006800480604A patent/CN101341779A/en active Pending
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2012022245A1 (en) * | 2010-08-16 | 2012-02-23 | 中兴通讯股份有限公司 | Method and system for processing emergency service |
| CN110249648A (en) * | 2017-02-03 | 2019-09-17 | 诺基亚美国公司 | The system and method for session establishment executed by unauthenticated user equipment |
| CN113826372A (en) * | 2019-03-29 | 2021-12-21 | 三星电子株式会社 | Method for edge computing service and electronic device thereof |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| EP2122983B1 (en) | Support of UICC-less calls | |
| EP2039110B1 (en) | Method and system for controlling access to networks | |
| RU2304856C2 (en) | Method and system, meant for setting up a connection via access network | |
| WO2007072176A1 (en) | Prioritized network access for wireless access networks | |
| US8261078B2 (en) | Access to services in a telecommunications network | |
| US20060154645A1 (en) | Controlling network access | |
| US20070192838A1 (en) | Management of user data | |
| JP4384177B2 (en) | Method for protecting data traffic between a mobile radio network and an IMS network | |
| EP1649661B1 (en) | Transparent access authentification in GPRS core networks | |
| WO2006079953A1 (en) | Authentication method and device for use in wireless communication system | |
| CN101341779A (en) | Prioritized network access for wireless access networks | |
| KR101088321B1 (en) | Methods for provisioning mobile stations and wireless communications with mobile stations located within femtocells | |
| JP4107436B2 (en) | Communication control device and communication control method |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C02 | Deemed withdrawal of patent application after publication (patent law 2001) | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Open date: 20090107 |