CN101394664A - Mobile node, method and system for implementing media irrelevant switching - Google Patents
Mobile node, method and system for implementing media irrelevant switching Download PDFInfo
- Publication number
- CN101394664A CN101394664A CNA2007101541423A CN200710154142A CN101394664A CN 101394664 A CN101394664 A CN 101394664A CN A2007101541423 A CNA2007101541423 A CN A2007101541423A CN 200710154142 A CN200710154142 A CN 200710154142A CN 101394664 A CN101394664 A CN 101394664A
- Authority
- CN
- China
- Prior art keywords
- service
- mobile node
- network side
- key
- information
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 65
- 238000002360 preparation method Methods 0.000 claims abstract description 31
- 230000004044 response Effects 0.000 claims description 72
- 230000005540 biological transmission Effects 0.000 claims description 29
- 230000008569 process Effects 0.000 claims description 21
- 238000013475 authorization Methods 0.000 claims description 7
- 238000012795 verification Methods 0.000 claims description 7
- 238000010200 validation analysis Methods 0.000 abstract description 2
- 208000022737 midline interhemispheric variant of holoprosencephaly Diseases 0.000 description 50
- 230000011664 signaling Effects 0.000 description 5
- 238000005516 engineering process Methods 0.000 description 4
- 238000004519 manufacturing process Methods 0.000 description 4
- 238000010586 diagram Methods 0.000 description 2
- 230000006870 function Effects 0.000 description 2
- 238000013459 approach Methods 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 238000004891 communication Methods 0.000 description 1
- 238000001914 filtration Methods 0.000 description 1
- 239000012467 final product Substances 0.000 description 1
- 230000000977 initiatory effect Effects 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
- 230000002452 interceptive effect Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000003068 static effect Effects 0.000 description 1
- 238000003860 storage Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/06—Authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W36/00—Hand-off or reselection arrangements
- H04W36/0005—Control or signalling for completing the hand-off
- H04W36/0011—Control or signalling for completing the hand-off for data sessions of end-to-end connection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W36/00—Hand-off or reselection arrangements
- H04W36/0005—Control or signalling for completing the hand-off
- H04W36/005—Control or signalling for completing the hand-off involving radio access media independent information, e.g. MIH [Media independent Hand-off]
Abstract
The invention relates to a mobile node, a method and a system thereof for realizing media independent handover. The method comprises the following steps: the mobile node obtains service information subjected to the protection of a shared key from a network side; the shared key is validated; after the validation is passed, the mobile node sends a handover preparation request message for the network side according to the service information, and the handover preparation request message is subjected to the protection of the first shared key; the network side receives the handover preparation request message to validate the first shared key and access the mobile node to a target service point, so as to complete the handover, thereby effectively solving the safety problem of the media independent handover and ensuring the safety of the media independent service and the media independent handover. The mobile node comprises a service information acquisition module, a validating module, a request module and a message protection module; and the system comprises a message sending module, a system message protection module, a message receiving module, a system validating module and a switching module, thereby ensuring the safety of the media independent handover.
Description
Technical field
The present invention relates to wireless communication technology, relate in particular to media-independent switching technology.
Background technology
Media-independent switches the switching that is meant by between the support different media types, make the mobile subscriber when internetwork roaming, can select best network connection type and seamless switching speech channel automatically, switch with the roaming that is implemented between the system such as IEEE802.3/802.11/802.16/3GPP/3GPP2.
At present, media-independent switching technology mainly is by mobile node (Mobile Node, MN) (the Media Independent Handover Function of the media-independent handoff functionality on, MIHF) module, the media-independent handed over service point of MN service attachment point (serving PoA) (MIH Point of Service is called for short MIH PoS), the MIH PoS of MN candidate PoA, the non-service point of MIH (Non-PoS) that does not comprise the MIH PoS of MN PoA and do not comprise MN PoA realizes that the roaming of mobile subscriber between systems such as IEEE802.3/802.11/802.16/3GPP/3GPP2 switch.Wherein, the MIH PoS of MN servingPoA refers to can be directly and MIH network entity with mutual MIH message of MN of MIH function, and the promptly current PoS that serves for MN also promptly is in the POS (ServingPoS) of service state; The MIH PoS of MN candidate PoA refers to can be directly and possess the MIH network entity of the mutual MIH message of MN of MIH function, i.e. candidate POS; The MIH PoS that does not comprise the PoA of MN refer to can with the MIH network entity of the directly mutual MIH message of the MN that possesses the MIH function, for example Router that possesses MIHF in the cable network; The MIH Non-PoS that does not comprise the PoA of MN refers to can be directly and the MIH network entity of the mutual MIH message of other MIH network entity, but this network entity cannot be directly and had the mutual MIH message of MN of MIH function.
During concrete the switching, at first, Serving PoS comprises for MN provides the MIH that determines in the MIH capability discovery process service:
MIH Event Service (MIES): event classification, event filtering and incident about the dynamic change of link characteristics, Link State and link-quality are provided.
MIH command service (MICS): provide tension management and control the link behavior relevant with switching and mobility.
MIH information service (MIIS): the feature and the professional details of service network and ambient network are provided, and these information are used for the efficient system access and switch decision.
Secondly, after whether the objective network that MN will switch according to the MIH service decision inquiry that provides allows to insert, initiate query requests to network side Serving PoS, return under the situation of switching command, send handoff request to the PoS of objective network and switch at network side Serving PoS.
In realizing process of the present invention; the inventor finds that prior art exists following problem: PoS to provide in the process of MIH service and MN handover network for MN at least; information interaction between MN and each network entity lacks safeguard protection, and therefore, there is safety problem in the media-independent switching.
Summary of the invention
The first aspect of the embodiment of the invention provides a kind of method that realizes that media-independent switches, in order to solve the safety problem that media-independent switches.
The second aspect of the embodiment of the invention provides a kind of mobile node, makes mobile node can carry out the irrelevant switching of secure media.
The third aspect of the embodiment of the invention provides and realizes the system that media-independent switches in one, switches to realize that secure media is irrelevant.
First aspect present invention provides following technical scheme by some embodiment: a kind of method that realizes that media-independent switches comprises:
Mobile node obtains through sharing the information on services of cryptographic key protection from network side;
Verify described shared key;
After checking was passed through, described mobile node sent handover preparation request message according to described information on services to described network side, and described handover preparation request message is shared cryptographic key protection through first;
Described network side receives described handover preparation request message, verifies that described first shares key, and described mobile node is inserted the destination service point, finishes switching.
By sharing key the message in service process and the handoff procedure is protected; the third party who makes malice intercept and capture message can't obtain the content in the media-independent handoff procedure; thereby efficiently solve the safety problem that media-independent switches, guaranteed the safety that media-independent service and media-independent switch.
Second aspect present invention provides following technical scheme by some embodiment: a kind of mobile node comprises:
The information on services acquisition module is used for obtaining through sharing the information on services of cryptographic key protection from network side;
Authentication module is used to verify described shared key;
Request module is used for verifying at described authentication module sending handover preparation request message according to described information on services to described network side under the situation that described shared key passes through;
The message protection module is used for sharing the described handover preparation request message of cryptographic key protection with first.
This programme is by modules such as message protection module and authentication modules; effectively guaranteed the safety of mobile node messaging; make mobile node to carry out alternately with network side media-independent switched system with safety protection function; thereby the reception that has guaranteed mobile node safety sends information, has realized that the media-independent of mobile node safety switches.
Third aspect present invention provides following technical scheme by some embodiment: a kind of system that realizes that media-independent switches comprises:
Message transmission module is used for sending service information to mobile node;
The system message protection module is used for sharing the described information on services of cryptographic key protection;
The message sink module is used to receive the handover preparation request message through the first shared cryptographic key protection that described mobile node sends;
The system verification module is used to verify that described first shares key;
Handover module is used for according to described handover preparation request message described mobile node being inserted the destination service point, finishes switching.
This programme is by modules such as message protection module and authentication modules; the various message in the process that switches to the mobile node service network have effectively been protected; the third party who has avoided malice to intercept and capture message obtains the message content in the handoff procedure; solve the safety problem during media-independent switches, guaranteed service and the safety of switching in the media-independent switching.
Below by drawings and Examples, technical scheme of the present invention is described in further detail.
Description of drawings
Fig. 1 is default security architecture schematic diagram among the method embodiment of media-independent switching of the present invention;
Direct security architecture schematic diagram among the method embodiment of Fig. 2 for media-independent switching of the present invention;
Fig. 3 realizes the signaling process figure of method first embodiment that media-independent switches for the present invention;
Fig. 4 realizes the signaling process figure of method second embodiment that media-independent switches for the present invention;
Fig. 5 is the structural representation of mobile node embodiment of the present invention;
Fig. 6 is the structural representation of media-independent switched system embodiment of the present invention.
Embodiment
The present invention realizes among the method embodiment of media-independent switching, MN and each network entity all possess the MIH function, by set up between MN and each network entity and the Security Association between each network entity (Security Association SA), forms the security architecture of MIH.Wherein, the foundation of SA by between MN and each network entity or the shared key between each network entity realize.For convenience of explanation, in the embodiment of the invention, the shared key between MN and the network side Serving PoS is referred to as first shares key (Kms), this key need generate before MN obtains information on services; Shared key between Serving PoS and the information server is referred to as second shares key (Kns), but this key can dynamically generate also static configuration, is decided by actual demand; Key between MN and the information server is referred to as the 3rd shares key (Kmn), this key needs dynamically to generate; Shared key between Serving PoS and each the candidate PoS is referred to as the 4th shares key (Kcs); Shared key between MN and the authentication and authorization charging server (AAA Server) is referred to as the 5th shares key (Kma); Shared key between MN and the target P oS is referred to as the 6th shares key (Kmc); And,, security architecture is divided into default security architecture and direct security architecture according to the MIHF of the MN new Correspondent Node of the clear and definite MIH of needs whether.
Under the default security architecture, the MIHF of MN only need know whether the MIHF of the MIH PoS of Serving PoA exists, and other MIHF in the network are all invisible concerning MN.For the MIHF of MN, only need to set up and the MIHF of the MIH PoS of Serving PoA between SA, and ask all services to it.Default security architecture as shown in Figure 1, solid line is represented directly to link to each other, dotted line represents and can not directly link to each other that thick line represents to have the connection of the safeguard protection relevant with the MIHF of MN.But may there be Security Association in other connections be uncorrelated with the MIHF of MN.
Under direct security architecture, the MIHF of MN need know the existence of MIHF of the MIH PoS of Serving PoA, also needs to know the existence of other MIHF in the network.For the MIHF of MN, the security association between the MIHF that it need be set up and all need be mutual with it, and respectively to the corresponding service of their requests.Its framework can be as shown in Figure 2, and solid line is represented directly to link to each other, and dotted line represents and can not directly link to each other that thick line represents to have the connection of the safeguard protection relevant with the MIHF of MN.But may there be Security Association in other connections be uncorrelated with the MIHF of MN.Of particular note, thick dotted line also shows and has Security Association between them, although they can not directly link to each other.MIH PoS is the functional module that network side does not comprise the PoA of MN among Fig. 1 and Fig. 2, can be directly mutual with the MN that possesses the MIH function, for example possess the router of MIH function in the cable network.
Method embodiment one
Fig. 3 realizes the signaling process figure of method first embodiment that media-independent switches for the present invention, and present embodiment is an example with default security architecture, and handoff procedure is specially:
Step 101:MN sends the service request information of protecting through Kms " [MIH_Service-REQ] Kms " to Serving PoS, has guaranteed the safety between MN and the Serving PoS; " [MIH_Service-REQ] Kms " expression " MIH_Service-REQ " message is through the Kms protection, and following situation is similar.
Step 102:Serving PoS receives " [MIH_Service-REQ] Kms " message, and checking Kms, has guaranteed the reliability of message.
After checking was passed through, Serving PoS sent the service response message of protecting through Kms " [MIH_Service-RSP] Kms " to MN, includes MN requested service information in " [MIH_Service-RSP] Kms " message;
Step 103:MN receives " [MIH_Service-RSP] Kms ", and checking Kms, after checking is passed through, has obtained information on services such as ambient network information safely and effectively.
After checking is passed through, MN is according to information on services select target network, and to the handover preparation request message " [MIH_Prepare-REQ] Kms " of Serving PoS initiation through the Kms protection, whether allow oneself to insert with the query aim network, portability MN prepares the PoS information of inquiry in " [MIH_Prepare-REQ] Kms ";
Step 104:Serving PoS receives " [MIH_Prepare-REQ] Kms ", and checking Kms;
After checking was passed through, Serving PoS sent the resource query request message of protecting through Kcs " [MIH_Query-REQ] Kcs " to each candidate PoS;
Step 105: each candidate PoS receives " [MIH_Query-REQ] Kcs ", and checking Kcs;
After checking was passed through, each candidate PoS judged whether this service point can insert MN, returned the resource query response message of protecting through Kcs " [MIH_Query-RSP] Kcs " to Serving PoS, and " [MIH_Query-RSP] Kcs " comprises judged result; And,, then also can be this MN reserved resource if judge and can insert.
Step 106:Serving PoS receives " [MIH_Query-RSP] Kcs ", and checking Kcs;
After checking was passed through, Serving PoS was the destination service point that MN selects access according to judged result, and to the switching command that MN sends process Kms protection, included target P oS information in the switching command; Perhaps Serving PoS sends through the switching of Kms protection to MN and prepares response message " [MIH_Prepare-RSP] Kms ", includes judged result in " [MIH_Prepare-RSP] Kms "; Serving PoS can be handed down to MN after receiving " [MIH_Prepare-RSP] Kms " immediately, also can wait all candidate PoS all to be handed down to MN behind the return results.
Step 107:MN receives switching command or " [MIH_Prepare-RSP] Kms ", and checking Kms;
After checking was passed through, MN sent through the switching of Kms protection to Serving PoS according to switching command and carries out request message " [MIH_Commit-REQ] Kms "; Or MN obtains judged result from " [MIH_Prepare-RSP] Kms ", and sends " [MIH_Commit-REQ] Kms " through the Kms protection according to judged result to Serving PoS; Include target P oS information in " [MIH_Commit-REQ] Kms ", as the IP address of target P oS, network access Identifier (Network Access Identifier, NAI) or the identifier of MIHF identifiers such as (ID);
Step 108:Serving PoS receives " [MIH_Commit-REQ] Kms ", and checking Kms;
After checking was passed through, Serving PoS obtained " [MIH_Commit-REQ] Kcs ", and according to target P oS information " [MIH_Commit-REQ] Kcs " is sent to target P oS with Kcs protection " MIH_Commit-REQ " message;
Step 109: target P oS receives " [MIH_Commit-REQ] Kcs ", and checking Kcs;
After checking was passed through, target P oS returned through the switching of Kcs protection to Serving PoS and carries out response message " [MIH_Commit-RSP] Kcs ";
Step 110:Serving PoS receives " [MIH_Commit-RSP] Kcs ", and checking Kcs;
After checking was passed through, Serving PoS obtained " [MIH_Commit-RSP] Kms " with Kms protection " MIH_Commit-RSP " message, and sends to MN;
Step 111:MN receives " [MIH_Commit-RSP] Kms ", and checking Kms;
After checking was passed through, MN generated request message " [MIH_Key-REQ] Kma " by target P oS to the key that aaa server sends through the Kma protection;
Step 112: target P oS is transmitted to aaa server by " AAA REQ " message with " [MIH_Key-REQ] Kma ";
Step 113:AAA server receives " AAA REQ ", after the acquisition " [MIH_Key-REQ] Kma ", and checking Kma;
After checking was passed through, aaa server generated Kmc, and sent " AAA RSP " to target P oS, returned checking result and Kmc;
Step 114: target P oS generates response message " [MIH_Key-RSP] Kmc " to the key that MN returns through the Kmc protection;
Step 115:MN receives " [MIH_Key-RSP] Kmc ", checking Kmc; After checking is passed through, finish switching.Afterwards, MN also can send handoff completion message " [MIH_Complete-REQ] Kmc " to target P oS, treats that target P oS returns response message " [MIH_Complete-RSP] Kmc ", confirms to switch and finishes.
In the present embodiment, after Serving PoS receives " [MIH_Service-REQ] Kms " message, also can be under the situation that the Kms checking is passed through, further judge self whether store M N institute information requested, if then carry out: Serving PoS sends the service response message of protecting through Kms " [MIH_Service-RSP] Kms " to MN; Otherwise, Serving PoS sends " [MIH_Service-REQ] Kns " to information server, information server receives " [MIH_Service-REQ] Kns " message, after checking Kns passes through, return " [MIH_Service-RSP] Kns " message that comprises MN requested service information to Serving PoS; Serving PoS receives " [MIH_Service-RSP] Kns " message, and by acquired information behind the checking Kns, carry out then: Serving PoS sends the service response message of protecting through Kms " [MIH_Service-RSP] Kms " to MN.Do not pass through under the situation of checking at Kms, Serving PoS returns failure information to MN.
MN obtains the process of information on services, and also available following process is replaced:
Information server is to each PoS broadcasting " [MIH_Service] Kns " message, and wherein Kns can be different because of PoS;
After Serving PoS receives " [MIH_Service] Kns " message, checking Kns, and under the situation that checking is passed through, give all MN by " [MIH_Service] Kms " information broadcast with the information on services that obtains, wherein Kms also can be different because of MN;
MN receives " [MIH_Service] Kms " message, obtains information on services behind the checking Kms.
In the present embodiment media-independent handoff procedure,, promptly utilize to share key, guaranteed that MN safety obtains information on services by setting up SA between MN and the Serving PoS; Between MN and Serving PoS, candidate PoS, aaa server, and set up the safety that SA has guaranteed that network switches between the PoS, thereby guaranteed the safety that media-independent switches on the whole.
And, because the interactive object of MN acquiescence is exactly Serving PoS, therefore, can reduce signaling consumption carrying out not introducing any sign when MIH is mutual, be convenient to wireless transmission.
For simple IP and mobile IP network, because MN does not need to know other route-maps of Access Network in these two kinds of networks, only need know that his couple in router (AR) gets final product, this situation is similar with the situation of not striding the PoS visit, therefore AR and PoS role class are seemingly, network carries out obtaining the MIH function behind the simple upgrade to AR easily, does not need to stride the visit of PoS, and this programme can be applied to simple IP and mobile IP network easily.
Method embodiment two
Fig. 4 realizes the signaling process figure of method second embodiment that media-independent switches for the present invention.Present embodiment is an example with direct security architecture, and handoff procedure is specially:
Step 201:MN sends the service request information " [MIH_Service-REQ] Kmn " through the Kmn protection;
Serving PoS judges according to the transmission target information in the service request information " [MIH_Service-REQ] Kmn " whether this service point is the message transmission target of MN, if, then protect the shared key of message to should be the first shared key, Serving PoS can verify, after checking is passed through, ServingPoS returns information on services to MN, among the similar approach embodiment one: Serving PoS receives " [MIH_Service-REQ] Kms " message, and checking Kms; After checking was passed through, Serving PoS sent the service response message of protecting through Kms " [MIH_Service-RSP] Kms " to MN;
Step 202: when Serving PoS judged that this service point is not the message transmission target of MN, information server received " [MIH_Service-REQ] Kmn ", and checking Kmn;
After checking was passed through, information server sent the MN requested service response message of protecting through Kmn " [MIH_Service-REQ] Kmn " to MN, includes MN requested service information in " [MIH_Service-REQ] Kmn ";
Step 203:MN receives " [MIH_Service-REQ] Kmn " message, and checking Kmn; After checking was passed through, MN obtained information on services.
MN is according to information on services select target PoS, and " [MIH_Prepare-REQ] Kms " that initiate process Kms protection to Serving PoS;
Step 204:Serving PoS receives " [MIH_Prepare-REQ] Kms ", checking Kms;
After checking was passed through, Serving PoS sent " [MIH_Query-REQ] Kcs " that protects through Kcs to each candidate PoS of network side;
Step 205: each candidate PoS receives " [MIH_Query-REQ] Kcs ", and checking Kcs;
After checking was passed through, each candidate PoS judged whether this service point can insert MN, and returned " [MIH_Query-RSP] Kcs " that protects through Kcs to ServingPoS, and " [MIH_Query-RSP] Kcs " comprises judged result; And,, then also can be this MN reserved resource if judge and can insert.
Step 206:Serving PoS receives " [MIH_Query-RSP] Kcs ", and checking Kcs;
After checking was passed through, Serving PoS sent " [MIH_Prepare-RSP] Kms " message of protecting through Kms to MN, comprises judged result in " [MIH_Prepare-RSP] Kms ";
Step 207:MN receives " [MIH_Prepare-RSP] Kms ", and checking Kms;
After checking was passed through, MN sent " [MIH_Key-REQ] Kma " that protects through Kma according to judged result to the candidate PoS that can insert;
Step 208: the candidate PoS that can insert is transmitted to aaa server with " [MIH_Key-REQ] Kma " by " AAAREQ ";
Step 209:AAA server receives " [MIH_Key-REQ] Kma ", and checking Kma;
After checking was passed through, aaa server generated Kmc, and returned checking result and Kmc by " AAA RSP " to the PoS that can insert;
Step 210: the PoS Receipt Validation result and the Kmc that can insert, and to " [MIH_Key-RSP] Kmc " of MN transmission through the Kmc protection;
Step 211:MN receives " [MIH_Key-RSP] Kmc ", and checking Kmc;
After checking was passed through, MN selected target P oS to be accessed from the candidate PoS that can insert, and sent " [MIH_Commit-REQ] Kms " that protects through Kms to Serving PoS;
Step 212:Serving PoS receives " [MIH_Commit-REQ] Kms ", and checking Kms;
After checking was passed through, Serving PoS protected " [MIH_Commit-REQ] Kcs " with Kcs, and sends to target P oS;
Step 213: target P oS receives " [MIH_Commit-REQ] Kcs ", and checking Kcs;
After checking was passed through, target P oS sent " [MIH_Commit-RSP] Kcs " that protects through Kcs to Serving PoS;
Step 214:Serving PoS receives " [MIH_Commit-RSP] Kcs ", and checking Kcs;
After checking was passed through, Serving PoS sent " [MIH_Commit-RSP] Kms " that protects through Kms to MN;
Step 215:MN receives " [MIH_Commit-RSP] Kms ", and checking Kms, finishes switching.Afterwards, MN also can send handoff completion message " [MIH_Complete-REQ] Kmc " to target P oS, treats that target P oS returns response message " [MIH_Complete-RSP] Kmc ", confirms to switch and finishes.
In the present embodiment media-independent handoff procedure, by setting up SA between MN and each PoS and between each PoS, promptly utilize to share key, guaranteed that MN safety obtains the safety of information on services and network switching process, thereby solved the safety problem that media-independent switches on the whole.
In the present embodiment, after information server receives " [MIH_Service-REQ] Kmn ", also can further judge that according to the transmission purpose information in " [MIH_Service-REQ] Kmn " whether this service point is, and verify Kmn; And, the method that obtains information on services in the present embodiment among the method methods availalbe embodiment one of acquisition information on services is replaced the acquisition information on services, also can pass through ServingPoS broadcast service message " [MIH_Service] Kms " and obtain information on services to MN, also can " [MIH_Service] Kmn " message directly be broadcast to MN, obtain information on services by information server; The process that the process that obtains handover network after the information on services in the present embodiment also obtains among the methods availalbe embodiment one after the information on services is replaced, and safety realizes that the network of MN switches.
Because directly under the security architecture, MN can distinguish the object of key request, set up it and the SA of objective network at former network, therefore, this SA can set up after switching, has reduced switching delay.In the present embodiment, after MN receives " [MIH_Prepare-RSP] Kms " message, at first set up and all candidate PoS that can insert between SA, promptly generate the shared key between MN and candidate PoS that all can insert, initiate to switch the execution request message to target P oS then, avoided setting up in the hand-off execution process SA or caused to visit switching, saved the switching time of implementation, accelerated the network switch speed because can't set up.If MN need visit an information server that is positioned at home network, the Serving PoS of the visited network at his place may not have Security Association with this information server, can build SA earlier, and visit is switched then, thereby has saved visit switching time.
In the foregoing description, message is protected, both encrypted also integrity protection, specifically use which kind of mode to determine by concrete agreement with shared key.
Mobile node embodiment
Fig. 5 is the structural representation of mobile node embodiment of the present invention, and mobile node 10 comprises: information on services acquisition module 11, authentication module 12, request module 13 and message protection module 14; Wherein, information on services acquisition module 11 is used for obtaining through sharing the information on services of cryptographic key protection from network side; Authentication module 12 is used to verify described shared key, as Kms, Kmn, Kmc; Request module 13 is used for verifying at described authentication module initiates handover preparation request message according to described information on services to described network side under the situation that described shared key passes through; Or send the service request information be used to obtain described information on services to network side; Message protection module 14 usefulness Kms protect described handover preparation request message, service request information; Or protect service request information with Kmn.
In the present embodiment, the information on services acquisition module is used to also to receive that network side sends through the switching command of Kms protection or switch and prepare response message and switch to carry out response message, and described switching prepares to include described judged result in the response message; The described request module also is used for sending the switching of protecting through Kms according to described switching command to described service point and carries out request message; Or prepare response message from described switching and obtain described judged result, and send through the switching of Kms protection to described service point according to described judged result and to carry out request message; Described switching is carried out in the request message and is included the destination service dot information; Request module also is used for sending the key generation request message of protecting through Kma to the aaa server of described network side; The message protection module also is used for protecting described key to generate request message with Kma; The information on services acquisition module also is used to receive the key generation response message through the Kmc protection that network side sends; Authentication module also is used to verify Kmc.
Above-mentioned mobile node embodiment makes mobile node can carry out media-independent safely and switches by checking, protection module.
System embodiment
Fig. 6 is the structural representation of media-independent switched system embodiment of the present invention, system 20 comprises message transmission module 21, system message protection module 22, message sink module 23, system verification module 24 and handover module 25, and system message protection module 22 is used for sharing the cryptographic key protection information on services; Send information on services by message transmission module 21 to MN then through overprotection; Message sink module 23 is used to receive the handover preparation request message through the Kms protection that MN sends; System verification module 24 is used to verify Kms; Handover module 25 is used for according to described handover preparation request message MN being inserted the destination service point, finishes switching.
In the present embodiment, the message sink module also can be used for receiving the service request information through the Kms protection that MN sends; Message transmission module also can be used for sending the service response message that comprises information on services to MN; The also available Kms of system message protection module protects described service response message.
Handover module can comprise first receiver module, first authentication module, first protection module, first sending module, second receiver module, second authentication module, second protection module, second sending module, the 3rd receiver module, the 3rd authentication module, key production module and the 3rd sending module; Wherein, first authentication module, first protection module, first sending module are located among the Serving PoS, and after system verification module verification Kms passed through, first protection module sent to candidate PoS with Kcs resource conservation inquiry request message and by first sending module; Second receiver module, second authentication module, second protection module, second sending module are located at candidate PoS or target P oS, second receiver module receives the resource query request message that first sending module sends, the Kcs of second authentication module checking resource conservation inquiry request message, after checking is passed through, candidate PoS generates the resource query response message, second protection module sends to Serving PoS by second sending module after protecting with Kcs; First receiver module receives the resource query response message, first authentication module checking Kcs; First protection module sends to MN by first sending module after switching the preparation response message with the Kms protection; First receiver module receives the switching execution request message through the Kms protection that MN sends, first authentication module checking Kms, after checking is passed through, first protection module switches with the Kcs protection carries out request message, first sending module will be carried out request message through the switching of Kcs protection and send to second receiver module, after second receiver module receives, second authentication module checking Kcs, after checking is passed through, target P oS generates to switch and carries out response message, second protection module switches with the Kcs protection carries out response message, and second sending module will be carried out response message through the switching of overprotection and send to MN; Second receiver module receives the key generation request message with the Kma protection that MN sends, and the key that second sending module is protected Kma generates request message and sends to the 3rd receiver module; The 3rd receiver module, the 3rd authentication module, key production module and the 3rd sending module are located in the aaa server, and the 3rd receiver module receives key and generates request message, the 3rd authentication module checking Kma; After checking was passed through, key production module generated Kmc, and the 3rd sending module sends to second receiver module with the checking result and the Kcs of the 3rd authentication module; Second receiver module receives, and target P oS generates key and generates response message, and second protection module generates response message with Kmc protection key, and the key after second sending module will be protected generates response message and sends to MN; Second receiver module receives the switching through the Kmc protection of MN transmission and finishes request message; second authentication module checking Kmc; after checking is passed through; target P oS generates to switch and finishes response message; second protection module is protected with Kmc, and the switching after second sending module will be protected is finished response message and sent to MN.
Among the said system embodiment, the media-independent switched system also can comprise judge module, and judge module is located at Serving PoS, is used to judge whether this PoS is the transmission target of described service request information, or judges whether self stores the MN information requested; If this PoS is the transmission target of described service request information, then Serving PoS carries out corresponding operating, as checking Kms; If judge self to store the MN information requested, then first sending module sends to MN with the MN information requested.
The media-independent switched system also can comprise creation module, and creation module is located at Serving PoS, does not have store M N information requested if judge module is judged Serving PoS, then creates new service request information, sends to information server.
Said system embodiment by system protection module, system verification module and key production module, has guaranteed the safety that media-independent switches.
One of ordinary skill in the art will appreciate that: all or part of step that realizes said method embodiment can be finished by the relevant hardware of program command, aforesaid program can be stored in the computer read/write memory medium, this program is carried out the step that comprises said method embodiment when carrying out; And aforesaid storage medium comprises: various media that can be program code stored such as ROM, RAM, magnetic disc or CD.
It should be noted that at last: above embodiment only in order to technical scheme of the present invention to be described, is not intended to limit; Although with reference to previous embodiment the present invention is had been described in detail, those of ordinary skill in the art is to be understood that: it still can be made amendment to the technical scheme that aforementioned each embodiment put down in writing, and perhaps part technical characterictic wherein is equal to replacement; And these modifications or replacement do not make the essence of appropriate technical solution break away from the spirit and scope of various embodiments of the present invention technical scheme.
Claims (23)
1, a kind of method that realizes that media-independent switches is characterized in that, comprising:
Mobile node obtains through sharing the information on services of cryptographic key protection from network side;
Verify described shared key;
After checking was passed through, described mobile node sent handover preparation request message according to described information on services to described network side, and described handover preparation request message is shared cryptographic key protection through first;
Described network side receives described handover preparation request message, verifies that described first shares key, and described mobile node is inserted the destination service point, finishes switching.
2, method according to claim 1 is characterized in that, mobile node obtains to be specially through the information on services of sharing cryptographic key protection from network side:
Described mobile node sends through sharing the service request information of cryptographic key protection to described network side;
Described network side receives described service request information, and verifies described shared key;
After checking was passed through, described network side included described mobile node requested service information to the service response message of described mobile node transmission through described shared cryptographic key protection in the described service response message;
Described mobile node receives described service response message, and verifies described shared key, after checking is passed through, obtains described information on services.
3, method according to claim 2 is characterized in that, and also comprises before verifying described shared key:
Described network side receives the service point of described service request information and judges whether this service point is the transmission target of described service request information,
If this service point is not the transmission target of described service request information, then described service request information is transmitted to the transmission target of described service request information; After described transmission target receives described service request information, return the response message of service request to described network side, described service response message includes described mobile node requested service information; Described network side receives described service response message.
4, method according to claim 2 is characterized in that, described network side also comprises to the service response message that described mobile node sends through described shared cryptographic key protection before:
The service point that is in service state in the described network side described shared key authentication by the time judge whether this service point stores described mobile node requested service information;
If not, the then described service point that is in service state is created new service request information, and shares key with second and protect, and sends to the information server in the described network side then; Described information server receives described new service request information, and verifies that described second shares key; After checking was passed through, described information server returned the new service response message that process described second is shared cryptographic key protection to described service point, and described new service response message includes described mobile node requested service information; Described service point receives described new service response message, and verifies that described second shares key; After checking was passed through, described service point obtained described information on services.
5, method according to claim 1 is characterized in that, mobile node obtains to be specially through the information on services of sharing cryptographic key protection from network side:
Information server in the described network side is broadcasted described information on services to each service point of described network side, and described information on services is shared cryptographic key protection through second;
The service point that is in service state in the described network side receives described information on services, and verifies that described second shares key;
After checking was passed through, the described service message that is in the service point broadcasting of service state through described shared cryptographic key protection comprised described information on services in the described service message;
Described mobile node receives in the described service message, and verifies described shared key;
After checking was passed through, described mobile node obtained described information on services.
6, method according to claim 1 is characterized in that, mobile node obtains to be specially through the information on services of sharing cryptographic key protection from network side:
The broadcasting of described network side is shared the service message that key or the 3rd is shared cryptographic key protection through first, or network side to described mobile node clean culture through first service message of sharing cryptographic key protection, described service message includes described information on services;
Described mobile node receives described service message, and verifies that described first shares key or the 3rd shared key;
After checking was passed through, described mobile node obtained described information on services.
7, method according to claim 1 is characterized in that, described network side receives described handover preparation request message, verifies that described first shares key, and described mobile node is inserted the destination service point, finishes to switch being specially:
Described network side verifies that described first shares key;
After checking was passed through, described network side returned process described first to described mobile node and shares the switching command of cryptographic key protection or switch the preparation response message according to described handover preparation request message;
Described network side receives the process described first of described mobile node transmission and shares the switching execution request message of cryptographic key protection, and verifies that described first shares key;
After checking was passed through, described network side was carried out request message according to described switching and is returned the switching execution response message that process described first is shared cryptographic key protection to described mobile node;
Described network side receives the key generation request message through the 5th shared cryptographic key protection that described mobile node sends, and verifies that the described the 5th shares key;
After checking was passed through, described network side returned through the 6th key of sharing cryptographic key protection to described mobile node and generates response message;
Described mobile node verifies that the described the 6th shares key, after checking is passed through, finishes switching.
8, method according to claim 7 is characterized in that, the switching execution request message that described network side receives the process described first shared cryptographic key protection of described mobile node transmission also comprises before:
Described mobile node receives described switching command or response message is prepared in switching, and verifies that described first shares key;
After checking was passed through, described mobile node was in the service point transmission of service state and carries out request message through first switching of sharing cryptographic key protection in described network side according to described switching command; Or described mobile node prepares response message from described switching and obtains described judged result, and sends through first switching of sharing cryptographic key protection according to described judged result is in service state in described network side service point and to carry out request message; Described switching is carried out in the request message and is included the destination service dot information.
9, method according to claim 7 is characterized in that, described network side receives also comprising before through the 5th key generation request message of sharing cryptographic key protection of described mobile node transmission:
Described mobile node receives described switching and carries out response message, and verifies that described first shares key;
After checking was passed through, described mobile node sent through the described the 5th key of sharing cryptographic key protection to described network side and generates request message.
10, method according to claim 1 is characterized in that, described network side receives described handover preparation request message, verifies that described first shares key, and described mobile node is inserted the destination service point, finishes to switch being specially:
Described network side verifies that described first shares key;
After checking was passed through, described network side returned process described first to described mobile node and shares the switching command of cryptographic key protection or switch the preparation response message according to described handover preparation request message;
Described network side receives the key generation request message through the 5th shared cryptographic key protection that described mobile node sends, and verifies that the described the 5th shares key;
After checking was passed through, described network side generated request message according to described key and generates response message to the key that described mobile node returns through the 6th shared cryptographic key protection;
Described network side receives the process described first of described mobile node transmission and shares the switching execution request message of cryptographic key protection, and verifies that described first shares key;
After checking was passed through, described network side returned through described first switching of sharing cryptographic key protection to described mobile node and carries out response message;
Described mobile node verifies that described first shares key, after checking is passed through, finishes switching.
11, method according to claim 10 is characterized in that, described network side receives also comprising before through the 5th key generation request message of sharing cryptographic key protection of described mobile node transmission:
Described mobile node receives described switching and prepares response message, and verifies that described first shares key;
After checking was passed through, described mobile node sent through the 5th key of sharing cryptographic key protection to described network side according to described judged result and generates request message.
12, method according to claim 10 is characterized in that, the switching execution request message that described network side receives the process described first shared cryptographic key protection of described mobile node transmission also comprises before:
Described mobile node receives described key and generates response message, and verifies that the described the 6th shares key;
After checking was passed through, described mobile node sent through described first switching of sharing cryptographic key protection to described network side and carries out request message.
13, according to each described method among the claim 7-12; it is characterized in that; described network side is according to described handover preparation request message, and the switching command from the described first shared cryptographic key protection to described mobile node or the switching preparation response message that return through are specially:
The service point that is in service state in the described network side each candidate service point in described network side sends the resource query request message of sharing cryptographic key protection through the 4th;
Described each candidate service point receives described resource query request message, and verifies that the described the 4th shares key;
After checking is passed through, described each candidate service point judges whether this service point can insert described mobile node, and returning the resource query response message of sharing cryptographic key protection through the described the 4th to the described service point that is in service state, described resource query response message comprises judged result;
The described service point that is in service state receives described resource query response message, and verifies that the described the 4th shares key;
After checking is passed through, the described service point that is in service state is the destination service point that described mobile node is selected access according to described judged result, and, include described destination service dot information in the described switching command to the switching command of described mobile node transmission through the described first shared cryptographic key protection; The perhaps described service point that is in service state sends through first switching of sharing cryptographic key protection to described mobile node prepares response message, and described switching prepares to include described judged result in the response message.
According to each described method among the claim 7-12, it is characterized in that 14, described network side is carried out request message according to described switching and is specially to the switching execution response message that described mobile node returns through the described first shared cryptographic key protection:
The service point that is in service state in the described network side is shared the described switching execution of cryptographic key protection request message with the 4th, and according to described destination service dot information described switching execution request message is sent to described destination service point;
Described destination service point receives described switching and carries out request message, and verifies that the described the 4th shares key;
After checking was passed through, described destination service point returned through the 4th switching of sharing cryptographic key protection to the described service point that is in service state and carries out response message;
The described service point that is in service state receives described switching and carries out response message, and verifies that the described the 4th shares key;
After checking was passed through, the described service point that is in service state was shared the described switching of cryptographic key protection with described first and is carried out response message, and sends to described mobile node.
According to each described method among the claim 7-9, it is characterized in that 15, described network side returns through the 6th key generation response message of sharing cryptographic key protection to described mobile node and is specially:
The destination service point of described network side generates request message to the authentication and authorization charging server transmission of described network side through the 5th key of sharing cryptographic key protection;
Described authentication and authorization charging server receives described key and generates request message, and verifies that the described the 5th shares key;
After checking was passed through, described authentication and authorization charging server generated the 6th and shares key, and returned checking result and the described the 6th to described destination service point and share key;
Described destination service point returns through the 6th key of sharing cryptographic key protection to described mobile node and generates response message.
According to each described method among the claim 10-12, it is characterized in that 16, described network side generates request message according to described key and is specially to the key generation response message that described mobile node returns through the 6th shared cryptographic key protection:
Name a person for a particular job described key of the candidate service that can insert in the described network side generates the authentication and authorization charging server that request message is transmitted to described network side;
Described authentication and authorization charging server receives described key and generates request message, and verifies that the described the 5th shares key;
After checking was passed through, described authentication and authorization charging server generated the 6th and shares key, and returned checking result and the described the 6th to the described service point that inserts and share key;
The described service point that inserts receives described checking result and the described the 6th and shares key, and the key that sends through the described the 6th shared cryptographic key protection to described mobile node generates response message.
17, a kind of mobile node is characterized in that, comprising:
The information on services acquisition module is used for obtaining through sharing the information on services of cryptographic key protection from network side;
Authentication module is used to verify described shared key;
Request module is used for verifying at described authentication module sending handover preparation request message according to described information on services to described network side under the situation that described shared key passes through;
The message protection module is used for sharing the described handover preparation request message of cryptographic key protection with first.
18, mobile node according to claim 17 is characterized in that, the described request module also is used for sending the service request information that is used to obtain described information on services to network side; Described message protection module also is used for sharing the described service request information of cryptographic key protection with described first; Described information on services acquisition module also is used to receive the service response message that comprises described information on services that network side sends.
19, mobile node according to claim 17; it is characterized in that; described information on services acquisition module also is used to receive the service message through the first shared key or the 3rd shared cryptographic key protection of network side broadcasting, and described service message comprises described information on services.
20, mobile node according to claim 17 is characterized in that, the described request module also is used for sending the service request information that is used to obtain described information on services to network side; Described message protection module also is used for sharing the described service request information of cryptographic key protection with the 3rd; Described information on services acquisition module also is used to receive the service response message that comprises described information on services that network side sends; Described authentication module also is used to verify the 3rd shared key of the described service response message of protection.
21, mobile node according to claim 17 is characterized in that, described information on services acquisition module also is used to receive the service message through the first shared cryptographic key protection of network side clean culture, and described service message includes described information on services.
22, according to each described mobile node among the claim 17-21, it is characterized in that:
Described information on services acquisition module is used to also to receive that described network side sends through first shares the switching command of cryptographic key protection or switch and prepare response message and switch to carry out response message, switch and carry out response message, and generates response message through the 6th key of sharing cryptographic key protection;
The described request module also is used for preparing response message to the switching execution request message of described network side transmission through the first shared cryptographic key protection according to described switching command or switching; Send key to described network side and generate request message;
Described message protection module also is used for sharing the described switching of cryptographic key protection with described first and carries out request message, shares the described key of cryptographic key protection with the 5th and generates request message;
Described authentication module is used to also verify that the described the 6th shares key.
23, a kind of system that realizes that media-independent switches is characterized in that, comprising:
Message transmission module is used for sending service information to mobile node;
The system message protection module is used for sharing the described information on services of cryptographic key protection;
The message sink module is used to receive the handover preparation request message through the first shared cryptographic key protection that described mobile node sends;
The system verification module is used to verify that described first shares key;
Handover module is used for according to described handover preparation request message described mobile node being inserted the destination service point, finishes switching.
Priority Applications (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2007101541423A CN101394664B (en) | 2007-09-19 | 2007-09-19 | Mobile node, method and system for implementing media irrelevant switching |
| PCT/CN2008/072435 WO2009039782A1 (en) | 2007-09-19 | 2008-09-19 | A mobile node apparatus, a method for realizing media independent handover and the system thereof |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2007101541423A CN101394664B (en) | 2007-09-19 | 2007-09-19 | Mobile node, method and system for implementing media irrelevant switching |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN101394664A true CN101394664A (en) | 2009-03-25 |
| CN101394664B CN101394664B (en) | 2012-01-04 |
Family
ID=40494684
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2007101541423A Expired - Fee Related CN101394664B (en) | 2007-09-19 | 2007-09-19 | Mobile node, method and system for implementing media irrelevant switching |
Country Status (2)
| Country | Link |
|---|---|
| CN (1) | CN101394664B (en) |
| WO (1) | WO2009039782A1 (en) |
Family Cites Families (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1323523C (en) * | 2003-04-02 | 2007-06-27 | 华为技术有限公司 | Method of forming dynamic key in radio local network |
| CN1290362C (en) * | 2003-05-30 | 2006-12-13 | 华为技术有限公司 | Key consulting method for switching mobile station in wireless local network |
| US7496364B2 (en) * | 2004-11-05 | 2009-02-24 | Freescale Semiconductor, Inc. | Media-independent handover (MIH) method featuring a simplified beacon |
| CN100488142C (en) * | 2006-02-18 | 2009-05-13 | 华为技术有限公司 | Method for switching between heterogeneous networks |
| CN1968252B (en) * | 2006-06-29 | 2010-09-22 | 华为技术有限公司 | Media-independent link switching method |
-
2007
- 2007-09-19 CN CN2007101541423A patent/CN101394664B/en not_active Expired - Fee Related
-
2008
- 2008-09-19 WO PCT/CN2008/072435 patent/WO2009039782A1/en active Application Filing
Also Published As
| Publication number | Publication date |
|---|---|
| WO2009039782A1 (en) | 2009-04-02 |
| CN101394664B (en) | 2012-01-04 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| JP5421274B2 (en) | Handover method between different radio access networks | |
| CN102395166B (en) | System and method for fast network re-entry in a broadband wireless access communication system | |
| US8219064B2 (en) | Method, system, and apparatus for preventing bidding down attacks during motion of user equipment | |
| US7831835B2 (en) | Authentication and authorization in heterogeneous networks | |
| US8549293B2 (en) | Method of establishing fast security association for handover between heterogeneous radio access networks | |
| US20100002883A1 (en) | Security procedure and apparatus for handover in a 3gpp long term evolution system | |
| KR101395416B1 (en) | Pre-registration security support in multi-technology interworking | |
| CA2552917C (en) | A method of obtaining the user identification for the network application entity | |
| US20110078442A1 (en) | Method, device, system and server for network authentication | |
| US8407474B2 (en) | Pre-authentication method, authentication system and authentication apparatus | |
| CN101600200B (en) | Method for switching among heterogeneous networks, mobile node and authentication access point | |
| CN102026190B (en) | Rapid and safe heterogeneous wireless network switching method | |
| CN103402201A (en) | Pre-authentication-based authentication method for WiFi-WiMAX (wireless fidelity-worldwide interoperability for microwave access) heterogeneous wireless network | |
| CN101730171B (en) | Switching control method and switching control system | |
| US20070140196A1 (en) | System for preventing IP allocation to cloned mobile communication terminal | |
| CN101990207B (en) | Access control method, home base station (HBS) and HBS authorization server | |
| CN101087242B (en) | Device and method for self enumeration of heterogeneous network in dual stack node | |
| CN104507065B (en) | Non-repudiation charging method in heterogeneous wireless network | |
| CN101516121B (en) | Method for transmitting switching information of base station, system and device thereof | |
| CN101394664B (en) | Mobile node, method and system for implementing media irrelevant switching | |
| CN101350755B (en) | Method for processing switch, method for generating message and network side equipment as well as network system | |
| CN101193427A (en) | Pre-authentication method for supporting quick switch | |
| You et al. | ESS-FH: Enhanced security scheme for fast handover in hierarchical mobile IPv6 | |
| You et al. | Enhancing MISP with fast mobile IPv6 security | |
| Hassan et al. | One-time key and diameter message authentication protocol for proxy mobile IPv6 |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| ASS | Succession or assignment of patent right |
Owner name: CHANGZHOU XIAOGUO INFORMATION SERVICE CO., LTD. Free format text: FORMER OWNER: HUAWEI TECHNOLOGY CO., LTD. Effective date: 20140313 |
|
| C41 | Transfer of patent application or patent right or utility model | ||
| COR | Change of bibliographic data |
Free format text: CORRECT: ADDRESS; FROM: 518129 SHENZHEN, GUANGDONG PROVINCE TO: 213164 CHANGZHOU, JIANGSU PROVINCE |
|
| TR01 | Transfer of patent right |
Effective date of registration: 20140313 Address after: 213164 building C, building 407-2-6, Tian An Digital City, 588 Chang Wu Road, Wujin hi tech Industrial Development Zone, Changzhou, Jiangsu, China Patentee after: Changzhou Xiaoguo Information Service Co., Ltd. Address before: 518129 Bantian HUAWEI headquarters office building, Longgang District, Guangdong, Shenzhen Patentee before: Huawei Technologies Co., Ltd. |
|
| TR01 | Transfer of patent right | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20170816 Address after: 454991 Henan twelve Sanyang village, Sanyang Township, Wuzhi County, Hunan Province Patentee after: Yuan Yonglin Address before: 213164 building C, building 407-2-6, Tian An Digital City, 588 Chang Wu Road, Wujin hi tech Industrial Development Zone, Changzhou, Jiangsu, China Patentee before: Changzhou Xiaoguo Information Service Co., Ltd. |
|
| TR01 | Transfer of patent right | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20180104 Address after: 471299 two groups in Chengguan Town, Chengguan Town, Ruyang County, Henan Province Patentee after: Wang Yanchao Address before: 454991 Henan twelve Sanyang village, Sanyang Township, Wuzhi County, Hunan Province Patentee before: Yuan Yonglin |
|
| CF01 | Termination of patent right due to non-payment of annual fee | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20120104 Termination date: 20170919 |