CN101990211A - Method, device and system for network access - Google Patents
Method, device and system for network access Download PDFInfo
- Publication number
- CN101990211A CN101990211A CN2009100891414A CN200910089141A CN101990211A CN 101990211 A CN101990211 A CN 101990211A CN 2009100891414 A CN2009100891414 A CN 2009100891414A CN 200910089141 A CN200910089141 A CN 200910089141A CN 101990211 A CN101990211 A CN 101990211A
- Authority
- CN
- China
- Prior art keywords
- frequency spectrum
- network
- subscriber equipment
- mobile subscriber
- idle frequency
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Landscapes
- Mobile Radio Communication Systems (AREA)
Abstract
The embodiment of the invention discloses a method, a device and a system for network access, which relate to the field of wireless communication, and are invented for solving the problem that a validated user is influenced to use frequency point resources because a malicious CR user occupies the frequency point resources for a long time in the prior art. The method provided by the embodiment of the invention comprises the following steps of: performing authenticity verification on idle frequency spectrum information perceived and reported by mobile user equipment; and allocating frequency spectrum resources to the mobile user equipment which has passed through the authenticity verification to ensure that the mobile user equipment performs the network access through the allocated frequency spectrum resources. The method, the device and the system are suitable for a mobile communication system.
Description
Technical field
The present invention relates to wireless communication field, relate in particular to a kind of method for network access, device and system.
Background technology
Along with developing rapidly of radio communication, the demand of frequency band is improved constantly, and because existing bandwidth assignment strategy is fixed, frequency spectrum is not fully utilized.Report according to FCC (FederalCommunications Commission, FCC, the distribution and the authorized organization of responsible frequency spectrum) from the space-time two-dimension statistics, has now and has dispensed the utilance of frequency spectrum between 15%-85%.In order to make full use of frequency spectrum, need to change existing fixed spectrum allocation may policy, and adopt new technology to realize the dynamic high-efficiency utilization of frequency spectrum.Therefore, people propose to adopt cognitive radio (CR, Cognitive Radio) technology, CR is a kind of intelligent radio communication network, can perception surrounding environment, obtain information from surrounding environment, and by real time altering such as transmitting power, transmission parameter such as carrier frequency and modulation system adapts to the variation of running environment, uses in the one's respective area the current idle frequency spectrum that is not used of other network and finishes communication.
For the operation principle of CR network better is described, now illustrate: suppose in certain CR network coverage, to exist 5 frequencies that can be used for radio communication, be respectively A, B, C, D, E frequency, wherein, A, B, C frequency are allocated to LTE (long time evolution, Long Term Evolution) network, D, E frequency are allocated to worldwide interoperability for microwave and insert (WIMAX, Worldwide Interoperability for MicrowaveAccess) network.If C frequency free time this moment, the mobile subscriber equipment of certain CR network is called for short CR user, and the perception C frequency free time, then this CR user uses the C frequency to the request of CR management entity, and the CR management entity uses to CR user the C frequency point allocation.After a period of time, the LTE network need use the C frequency, and CR user withdraws from the C frequency, seeks idle frequency separately and uses.
The inventor finds, if above-mentioned CR user is a malicious user, then may take this C frequency for a long time, makes validated user can't use this C frequency resource; And do not provide the method that prevents malice CR user access network in the prior art.
Summary of the invention
Embodiments of the invention provide a kind of method for network access, device and system, can prevent malice CR user access network.
For achieving the above object, embodiments of the invention adopt following technical scheme:
A kind of method for network access comprises:
The authenticity verification is carried out in mobile subscriber equipment perception and the idle frequency spectrum information that reports;
For the mobile subscriber equipment by described authenticity verification distributes frequency spectrum resource, so that described mobile subscriber equipment carries out network insertion by this frequency spectrum resource.
A kind of network equipment comprises:
Verification unit: be used for the authenticity verification is carried out in mobile subscriber equipment perception and the idle frequency spectrum information that reports;
Spectrum allocation may unit: be used to mobile subscriber equipment to distribute frequency spectrum resource, so that described mobile subscriber equipment carries out network insertion by described frequency spectrum resource by the verification unit verification.
A kind of communication system comprises:
CR server: be used to store each regional spectrum information in the belonging network compass of competency, and the described mobile subscriber equipment perception that the CR management entity is transmitted and the idle frequency spectrum information that reports carries out the authenticity verification, is that the mobile subscriber equipment by the authenticity verification distributes frequency spectrum resource.
The method for network access that the embodiment of the invention provides, device and system, the authenticity verification is carried out in mobile subscriber equipment perception and the idle frequency spectrum information that reports, have only the access network request of the subscriber equipment by the authenticity verification just to be allowed to carry out security credential, thereby avoided malice CR user access network.
Description of drawings
Fig. 1 is the flow chart of an embodiment of method for network access of the present invention.
Fig. 2 is the flow chart of an embodiment of method for network access application scenarios 1 of the present invention.
Fig. 3 is the flow chart of another embodiment of method for network access application scenarios 1 of the present invention.
Fig. 4 is the flow chart of another embodiment of method for network access application scenarios 1 of the present invention.
Fig. 5 is the flow chart of an embodiment of method for network access application scenarios 2 of the present invention.
Fig. 6 is the structural representation of an embodiment of network equipment of the present invention.
Fig. 7 is the structural representation of an embodiment of communication system of the present invention.
Fig. 8 shares the safe floor schematic diagram for the present invention.
Embodiment
The method for network access, the Apparatus and system that the embodiment of the invention are provided below in conjunction with accompanying drawing are described in detail.
An embodiment of method for network access of the present invention comprises as shown in Figure 1:
S101, the authenticity verification is carried out in mobile subscriber equipment perception and the idle frequency spectrum information that reports.
The CR management entity can the collection management scope in the idle frequency spectrum information that reports of mobile subscriber equipment, and above-mentioned information issued the CR server, the real idle frequency spectrum information that the CR server is corresponding with the mobile subscriber equipment position of book server storage with described idle frequency spectrum information is compared, if unanimity then described mobile subscriber equipment are by the authenticity verification, inconsistent then described mobile subscriber equipment is by the authenticity verification.
In the said process, the CR management entity can detect zone, mobile subscriber equipment position, perhaps also can obtain the information of the above-mentioned band of position by the information that mobile subscriber equipment reports.And the information of this band of position sent to the CR server, make the CR server can obtain the real idle frequency spectrum information of above-mentioned mobile subscriber equipment position correspondence according to this information.
S102, for the mobile subscriber equipment by the authenticity verification distributes frequency spectrum resource, so that described mobile subscriber equipment carries out network insertion by this frequency spectrum resource.
Present embodiment carries out the authenticity verification to mobile subscriber equipment perception and the idle frequency spectrum information that reports, have only the access network request of the subscriber equipment by the authenticity verification just to be allowed to carry out security credential, thereby avoided malice CR user access network, also and then avoided this malice CR user to take Internet resources for a long time making validated user can't normally use Internet resources.
The application scenarios of CR network is divided into two classes at present: application scenarios 1, the CR network is as an independent network, CR user in this CR network is linked into this CR network by the spectrum information of other network of perception except that this CR network, and communicates by this CR network insertion master network; Perhaps CR user utilizes the mandate frequency range of other network, communicates by above-mentioned other network insertion master network.Application scenarios 2, CR network be as an independent network, but depend on other network, as: LTE, CDMA (Code-DivisionMultiple Access, code division multiple access) 2000 etc.; Can in these networks, increase corresponding C R server as required, as: the signatory and authorization server of frequency spectrum, use the security mechanism of the network that depends on and carry out Certificate Authority.The idle frequency spectrum that CR user utilizes the CR technology to obtain other network outside the network that depends on is realized network insertion, and above-mentioned idle frequency spectrum is for authorizing frequency spectrum or unlicensed spectrum.
Difference according to application scenarios illustrates respectively below.
Be illustrated in figure 2 as an embodiment of application scenarios 1, its main process comprises:
S201, CR user's perception idle frequency spectrum information.
This idle frequency spectrum information can be under the situation of this CR network available free frequency spectrum shortage, the idle frequency spectrum information of other network of CR user's perception.
S202, CR user report this idle frequency spectrum information by the CR management entity to the CR server.
The authenticity of S203, the described idle frequency spectrum information of CR server authentication.
The CR management entity connects functions such as foundation, switching controls in order to the network of realizing CR user, the CR server sets in advance the relevant parameter that is useful on the authenticity verification, such as the spectrum information that comprises CR user region, this spectrum information can be stored in advance on the CR server or by believable CR management entity and collect each user's spectrum information by perception, reports this CR server then.The idle frequency spectrum information that the CR management entity receives CR user's perception and reports, issue the CR server and carry out the authenticity verification, if the idle frequency spectrum of the position of CR reporting of user is consistent with this regional idle frequency spectrum of CR server stores, described CR user's perception and the idle frequency spectrum information that reports are passed through the authenticity verification, and the CR server is this CR user equipment allocation frequency spectrum resource; If this regional idle frequency spectrum of the idle frequency spectrum of the position of CR reporting of user and CR server stores is inconsistent, described CR user fully feels the idle frequency spectrum information of knowing and reporting and does not pass through the authenticity verification.
S204, CR server distribute frequency spectrum resource for this CR user.
If above-mentioned authenticity verification is passed through, the CR server can distribute above-mentioned other network idle frequency spectrum resource for CR user.
S205, CR user utilize the frequency spectrum resource of this distribution to send access network request message to the CR management entity.
The user identity that can comprise CR in the described access network request, information such as the access security mechanism of support.
S206, CR management entity be to CR server report of user identity, and search and consult the security mechanism used between CR user and network.
S207, CR server finish authentication and safety certification to identity information from CR user to CR management entity response user and security information.
By step S206 and S207, carry out two-way authentication between CR user and the network and key is set up flow process.Authentication protocol carries out according to the result who consults among the S203.Described authentication protocol can adopt authentication protocol well known in the art: as: EAP-AKA (Extensible Authentication Protocol-Authenticationand Key Agreement, Extensible Authentication Protocol-Authentication and Key Agreement) or EAP-SIM (ExtensibleAuthentication Protocol Method for Global System for MobileCommunications (GSM) Subscriber Identity Modules, the Extensible Authentication Protocol of global system for mobile communications user identity device) etc. as authentication mode.
S208, CR management entity send to CR user and insert response.
S209, CR user insert the CR network.
After this, can also comprise: if CR user withdraws from the CR network, CR user informs that the CR management entity discharges the frequency spectrum resource of distributing to described CR user.
In the present embodiment, realized under the scene of CR network as an individual networks, the CR server carries out the authenticity verification to the idle frequency spectrum information that CR user reported, have only the access network request of the subscriber equipment by this authenticity verification just to be allowed to carry out security credential, avoided malice CR user access network, also and then avoided this malice CR user to take Internet resources for a long time making validated user can't normally use Internet resources.
Another embodiment of application scenarios 1, its main process comprises:
Under CR network and other master network and the situation of depositing, master network receives the access request of mobile subscriber equipment, at actual central master network can be WLAN (Wireless Local Area Network, WLAN (wireless local area network)), WIMAX, CDMA 2000 and LTE network, and other uses the future network of CR technology.
Specifically as shown in Figure 3, comprising:
Idle frequency spectrum information in S301, other master network of CR user's perception.
S302, CR user report this idle frequency spectrum information by the CR management entity to the CR server.
The authenticity of S303, the described idle frequency spectrum information of CR server authentication.
S304, CR server distribute frequency spectrum resource for this CR user.
S305, CR user utilize above-mentioned idle frequency spectrum resource to send to master network and insert request message.
Perhaps, CR user is linked into master network by the indication of CR management entity.
The server of S306, master network is to the server requests CR of CR user profile.
S307, CR whois lookup CR user's User Identity, and produce user security contextual information and authorization message.
Described safe context information comprises information such as the key that needs in the identifying procedure, sequence number, counter, life cycle.
S308, CR server produce the user profile response, send to the server of master network.
Described user profile response comprises User Identity, safe context information and authorization message.
The flow process that S309, primary networking service device respond according to the user profile of obtaining and CR user carries out authentication and key foundation.
Concrete authentication mechanism can be selected according to the common authentication mechanism of supporting between master network and the CR user.
The response of S310, master network inserts request, finishes registration or adheres to.
S311, CR user enjoy the service that master network provides.
When the mobile subscriber equipment of master network need use the frequency spectrum resource of distributing to CR user, change the frequency spectrum resource of distributing to CR user, in the process that frequency spectrum resource changes, omit authenticity verification and safety certification, from idle frequency spectrum, distribute frequency spectrum resource for this CR user.
S312, CR user carry out logout flow path at master network.
The triggering reason of CR user log off can be: business service finishes, CR user withdraws from, authorizes reasons such as end, network congestion.
S313, primary networking service device send notice message to the CR server.
S314, CR server deletion CR user's relevant information.
Described relevant information comprises the frequency spectrum resource of CR CU.
The method that provides by present embodiment, under CR network and other master network and the situation of depositing, realized of the verification of CR server to CR reporting of user information authenticity, and in this authenticity verification by the back to the distribution of idle frequency spectrum resource, make CR user insert above-mentioned master network and carry out authentication etc. by the primary networking service device by this idle frequency spectrum resource; Thereby avoided malice CR user access network, also and then avoided this malice CR user to take Internet resources for a long time making validated user can't normally use Internet resources.
Another embodiment of application scenarios 1, the main distinction of itself and a last embodiment is, is carried out CR user's authentication in the present embodiment by the CR server.Main process comprises:
Specifically as shown in Figure 4, comprising:
Step S301-S305 is roughly the same among a step S401-S405 and the last embodiment, does not repeat them here.
After S406, primary networking service device received CR user's access request, decision was finished authentication to CR user by the CR server.
S407, primary networking service device send identity request to the CR server.
Described identity request comprises the identify label of CR and the security capabilities of CR.
S408, CR server authenticate CR user.
Behind S409, the authentication success, the server interaction user's of CR server and master network authorization message.
The flow process that S410, primary networking service device respond according to the user profile of obtaining and CR user carries out authentication and key foundation.
S411, primary networking service device are to the key material of CR server for authentication information and response, as the root key of access link protection.
Step S310-S314 is roughly the same among a step S412-S416 and the last embodiment, does not repeat them here.
The method that provides by present embodiment, under CR network and other master network and the situation of depositing, realized of the verification of CR server to CR reporting of user information authenticity, and in this authenticity verification by the back to the distribution of idle frequency spectrum resource, make CR user insert above-mentioned master network and carry out authentication etc. by the CR server by this idle frequency spectrum resource; Thereby avoided malice CR user access network, also and then avoided this malice CR user to take Internet resources for a long time making validated user can't normally use Internet resources.
In the application scenarios 1, CR can comprise mobile subscriber equipment as an independent network in the practical application, CR Network Management entity, CR server, and the entities such as customer data base of CR network.Described CR server also can be that aaa server or other are finished the server of safety function.For realizing the method in the foregoing description, the present invention proposes a kind of shared safe floor, on way of realization, can in mobile subscriber equipment in the CR network and CR Network Management entity, increase the safe handling module, to realize sharing the safe handling function of supporting on the safe floor.
Above-mentioned shared safe floor is at CR user and CR management entity and the formulation of CR server; main function be the idle frequency spectrum information of checking CR reporting of user authenticity, authentication, cipher key change, encipherment protection, integrity protection function are provided; as shown in Figure 8, be divided into three sublayers: insert sublayer, safe handling layer and abnormality processing layer.
Insert the sublayer be used to realize the CR management entity to the scheduling of idle frequency spectrum, CR user to detected state information such as ambient signals intensity, the collection of spectrum information, positional information, the negotiation between CR user etc.
The safe handling sublayer is main level, is used to realize that the service strategy between the operator is consulted the negotiation between CR user and the CR management entity.At this one deck, the CR server has been finished the verification to CR reporting of user information authenticity, and passes through the distribution of back to the idle frequency spectrum resource in this authenticity verification, detects the idle frequency spectrum resource thereby whether decision allows CR user to use.The safety function of CR management entity and CR user and CR server or other webservers comprises two-way authentication, functions such as the exchange of key, encipherment protection, integrity protection.
The abnormality processing layer is used to handle the unusual condition of CR user security, monitoring CR user's abnormal behaviour.
Share the position of safe floor in protocol layer, can be deployed under the network layer.Insert the sublayer and be responsible for handling the spectrum information of low layer perception, and the result of the negotiation of perception information between the processing CR user, the CR server is according to its authenticity of information checking that reports, and the basis that the result of verification is handled as the upper strata, there is tangible error in the spectrum information that obtains or be kept in the CR server as the spectrum information and the CR management entity of CR reporting of user, perhaps there is the feature of tangible malicious attack in the information of CR reporting of user, the perhaps very big difference of the existence of CR user position information and preservation, then the CR server can directly be refused the access of CR, do not send authentication request, it is handled as abnormal conditions.Security Sublayer is responsible for the negotiation of security mechanism, authentication and cipher key change, and the processing of cryptographic integrity protection.Simultaneously, Security Sublayer can be handled the security strategy between the different operators, as, the security mechanism of its support, the algorithm of support etc.
Share in the related entity of safe floor, the perception of idle frequency spectrum is finished in the common cooperation of CR management entity and CR user and CR server, distributes and use; The processing of Security Sublayer relates to CR user, the CR management entity, and the database that CR server and CR are relevant is finished authentication mode and is consulted the safety function of authentication; Exception handler is handled CR user's abnormal behaviour and relevant unusual tactful.In the above-mentioned functions; exception handling in the abnormality processing sublayer is essential; the CR server is to the verification of CR reporting of user information authenticity; and in this authenticity verification by the back to distribution, the CR authenticating user identification of idle frequency spectrum resource; encipherment protection, integrity protection, key distribution management; negotiation between CR user and management entity is to select, and service strategy is optional between the operator.Insert sublayer hollow ideler frequency spectrum resource management, the signal strength detection analysis, location management is essential, the negotiation between the CR user is optional.
Share safe floor as one independently level be deployed in CR user, in the server of CR management entity and CR.Exception handler is deployed in the CR management entity as a functional module.The CR management entity is responsible for the management of input field, and switching controls connects foundation etc.The CR server comprises frequency spectrum to be delivered for a check, authenticates, and charges, and authorizes user profile, policy control, functions such as spectrum management, distribution.
Interactive authentication between CR user and CR management entity and the CR server is supported multiple security mechanism, to support more multiple terminals authentication means, comprising:
A, based on the mode EAP authentication method (EAP-AKA/EAP-SIM) of sharing key etc., but be not limited to above-mentioned dual mode;
B, based on the mode of certificate.
Encipherment protection and integrity protection use the key that produces by authentication to derive; cryptographic algorithm and the identifying algorithm supported: DES (Data Encryption Standard; digital encryption standard), AES (AdvancedEncryption Standard; Advanced Encryption Standard), RSA, HMAC (Hash Message AuthenticationCode; message check code based on Hash), 3-DES (Triple DES; triple des), SNOW 3G (being applied to the cryptographic algorithm language integral algorithm of 3G system) etc.
The content that the CR management entity is consulted the security mechanism used between CR user and network mainly comprises: the avoidance mechanism when main user occurs, frequency spectrum authorize use etc.If the CR management entity perceives main user, the validated user of the frequency spectrum resource that using of CR user just, then CR user withdraws from; The CR management entity is preserved the tabulation of CR user's request, and the priority of processing can be decided according to corresponding strategy; Access authentication mode between CR user and the CR management entity is by the ability decision of CR management entity according to CR user.But the concrete operations of safety certification are carried out by the CR server.
Above-mentioned shared safe floor is supported the verification of CR server to CR reporting of user information authenticity, and passes through the distribution of back to the idle frequency spectrum resource in this authenticity verification; Support multiple authentication mode and agreement simultaneously, realize of the authentication and authorization of CR server CR user by the authentication mode of supporting, and the processing method of support and the corresponding multiple key of authentication mode.
An embodiment of application scenarios 2, CR is used at certain network as a kind of technology in the present embodiment.If there is the equipment that to realize the CR function in this network, then can directly these equipment be used as CR management entity and CR server, can be (the MobilityManagement Entity of the MME in the LTE network such as: above-mentioned CR management entity, mobile management entity), perhaps ASN GW in the WIMAX network (Accessservice network, access business network) etc.; Above-mentioned CR server can be the HSS in the LTE network (Home Subscriber Server, home subscriber server), or the AAA in the WIMAX network (Authorization, Authentication and Accounti ng, Authorization, Authentication and Accounting) server etc.If originally do not have the equipment that to realize the CR function in this network, then can increase CR management entity and CR server newly, to realize the CR function.The idle frequency spectrum that mobile subscriber equipment UE utilizes the CR technology to obtain other network outside the network that depends on is realized network insertion, present embodiment is an example the CR technology be applied to the WIMAX network and obtain the idle frequency spectrum resource from the LTE network, wherein, WIMAX network and LTE network belong to a core net together, present embodiment comprises specifically as shown in Figure 5:
S501, mobile subscriber equipment UE select attached to the WIMAX network.
S502, UE perceive the idle frequency spectrum information in the LTE network.
S503, UE report this idle frequency spectrum information by the CR management entity to the CR server.
If in actual process, the available short consequently UE of idle frequency spectrum can only perceive the idle frequency spectrum of other network of non-present networks in the present networks, and UE can report by the CR management entity idle frequency spectrum information that perceives equally to the CR server.Corresponding, in S505, the CR server can be distributed to UE with the idle frequency spectrum of other network of described non-present networks.As, in the present embodiment, though mobile subscriber equipment at the WIMAX network, idle frequency spectrum information that equally can perception LTE network.
The authenticity of S504, the described idle frequency spectrum information of CR server authentication.
S505, CR server distribute frequency spectrum resource for this UE.
S506, UE utilize the idle frequency spectrum that distributes to adhere at the WIMAX network.
S507, UE carry out device authentication and authentification of user at the WIMAX network.
Above-mentioned authentification of user can be complete authentication mode (full authentication) or rapid authentication mode (fast re-authentication).
S508, UE enjoy the service that the WIMAX network provides.
S509, UE carry out logout flow path at the WIMAX network.
The triggering reason of mobile subscriber equipment UE deregistration can be: business service finishes, UE withdraws from, authorizes reasons such as end, network congestion.
S510, WIMAX network send notice message to the CR server.
The relevant information of S511, CR server deletion UE.
Described relevant information comprises the frequency spectrum resource that UE takies.
S512, WIMAX network deletion safe context information.
When CR was applied to existing network or future network as a kind of technology of enabling, the security mechanism of using former network was carried out the process of Certificate Authority.The user can use and perceive the idle frequency spectrum access network in other networks in certain band limits and carry out business service.The method that provides by present embodiment, be applied under the situation of other network as a kind of technology of enabling at CR, realized of the verification of CR server to CR reporting of user information authenticity, and in this authenticity verification by the back to the distribution of idle frequency spectrum resource, make CR user insert above-mentioned network and carry out authentication etc. by the CR server by this idle frequency spectrum resource; Thereby avoided malice CR user access network, also and then avoided this malice CR user to take Internet resources for a long time making validated user can't normally use Internet resources.
Among the embodiment of Fig. 5 correspondence, this UE also can enjoy service by inserting the LTE network after by above-mentioned authenticity verification, and the method among the concrete access way embodiment corresponding with Fig. 4 is roughly the same, does not repeat them here.
An embodiment of network equipment of the present invention comprises as shown in Figure 6:
Verification unit 601: be used for the authenticity verification is carried out in mobile subscriber equipment perception and the idle frequency spectrum information that reports.
This verification unit 601 real idle frequency spectrum information that described idle frequency spectrum information is corresponding with the mobile subscriber equipment position of storage is in advance compared, if unanimity then described mobile subscriber equipment are by the authenticity verification, inconsistent then described mobile subscriber equipment is by the authenticity verification.
Spectrum allocation may unit 602: be used to mobile subscriber equipment to distribute frequency spectrum resource, so that described mobile subscriber equipment carries out network insertion by above-mentioned distribution frequency spectrum resource by the verification unit verification.
Wherein, described verification unit 601 may further include:
Storing sub-units 6011: be used to store each regional spectrum information in the belonging network compass of competency.
Described spectrum information can be detected by the CR management entity and obtain, and sends to storing sub-units 6011 again, also can report storing sub-units 6011 by other mobile subscriber equipment.
Receive subelement 6012: the idle frequency spectrum information that is used to receive the mobile subscriber equipment perception and reports.
Judge subelement 6013: whether the idle frequency spectrum of the position that is used to judge that the mobile subscriber reports is consistent with this regional idle frequency spectrum that storing sub-units 6011 is stored,
If consistent, then judge described mobile subscriber equipment perception and the idle frequency spectrum information that reports by the authenticity verification;
If inconsistent, then judge described mobile subscriber equipment perception and the idle frequency spectrum information that reports by the authenticity verification.
Above-mentioned network equipment can be the CR server in the CR network, perhaps can bear the entity of CR server capability in other network, as: the HSS in the LTE network, or the aaa server in the WIMAX network etc.
More than device can be realized all processes of Fig. 1 to method for network access embodiment of the present invention shown in Figure 5, and the square method embodiment of concrete steps does not do at this and to give unnecessary details.
This device embodiment carries out the authenticity verification by verification unit to mobile subscriber equipment perception and the idle frequency spectrum information that reports, have only the access network request of the subscriber equipment by the authenticity verification just to be allowed to carry out security credential, thereby avoided malice CR user access network, also and then avoided this malice CR user to take Internet resources for a long time making validated user can't normally use Internet resources.
An embodiment of communication system of the present invention as shown in Figure 7, this system can communicate with mobile subscriber equipment, comprising:
CR server 701: be used to store each regional spectrum information in the belonging network compass of competency, and the described mobile subscriber equipment perception that CR management entity 702 is transmitted and the idle frequency spectrum information that reports carries out the authenticity verification, is that the mobile subscriber equipment by the authenticity verification distributes frequency spectrum resource.
Above system can realize all processes of Fig. 1 to method for network access embodiment of the present invention shown in Figure 5, and the square method embodiment of concrete steps does not do at this and to give unnecessary details.
Above communication system embodiment carries out the authenticity verification to mobile subscriber equipment perception and the idle frequency spectrum information that reports, have only the access network request of the subscriber equipment by the authenticity verification just to be allowed to carry out security credential, thereby avoided malice CR user access network, also and then avoided this malice CR user to take Internet resources for a long time making validated user can't normally use Internet resources.
One of ordinary skill in the art will appreciate that all or part of flow process that realizes in the foregoing description method, be to instruct relevant hardware to finish by computer program, described program can be stored in the computer read/write memory medium, this program can comprise the flow process as the embodiment of above-mentioned each side method when carrying out.Wherein, described storage medium can be magnetic disc, CD, read-only storage memory body (Read-Only Memory, ROM) or at random store memory body (Random Access Memory, RAM) etc.
The above; only be the specific embodiment of the present invention, but protection scope of the present invention is not limited thereto, anyly is familiar with those skilled in the art in the technical scope that the present invention discloses; can expect easily changing or replacing, all should be encompassed within protection scope of the present invention.Therefore, protection scope of the present invention should be as the criterion with the protection range of claim.
Claims (7)
1. a method for network access is characterized in that, comprising:
The authenticity verification is carried out in mobile subscriber equipment perception and the idle frequency spectrum information that reports;
For the mobile subscriber equipment by described authenticity verification distributes frequency spectrum resource, so that described mobile subscriber equipment carries out network insertion by described frequency spectrum resource.
2. method for network access according to claim 1 is characterized in that, described the authenticity verification is carried out in mobile subscriber equipment perception and the idle frequency spectrum information that reports, comprising:
The real idle frequency spectrum information that described idle frequency spectrum information is corresponding with the mobile subscriber equipment position of self storing is compared; If consistent, then described mobile subscriber equipment is by the authenticity verification; If inconsistent, then described mobile subscriber equipment is not by the authenticity verification.
3. method for network access according to claim 1 and 2, it is characterized in that, described method for network access is applied under the scene of CR network as an independent network, described mobile subscriber equipment is described to carry out the authenticity verification to mobile subscriber equipment perception and the idle frequency spectrum information that reports, comprising:
CR server in the described CR network receives the described mobile subscriber equipment perception of CR management entity forwarding and the idle frequency spectrum information that reports, and described idle frequency spectrum information is carried out the authenticity verification.
4. method for network access according to claim 1 and 2 is characterized in that, described method for network access is applied to use in the network of CR technology, and described mobile subscriber equipment is in the network of described use CR technology;
Then described the authenticity verification is carried out in mobile subscriber equipment perception and the idle frequency spectrum information that reports, being comprised:
By the network of described use CR technology the idle frequency spectrum information of described mobile subscriber equipment perception and other network of reporting is carried out the authenticity verification.
5. a network equipment is characterized in that, comprising:
Verification unit: be used for the authenticity verification is carried out in mobile subscriber equipment perception and the idle frequency spectrum information that reports;
Spectrum allocation may unit: be used to mobile subscriber equipment to distribute frequency spectrum resource, so that described mobile subscriber equipment carries out network insertion by above-mentioned distribution frequency spectrum resource by the verification unit verification.
6. network equipment according to claim 5 is characterized in that, described verification unit comprises:
Storing sub-units: be used to store each regional spectrum information in the belonging network compass of competency;
Receive subelement: the idle frequency spectrum information that is used to receive the mobile subscriber equipment perception and reports;
Judge subelement: whether the idle frequency spectrum of the position that is used to judge that the mobile subscriber reports is consistent with this regional idle frequency spectrum that storing sub-units is stored; If consistent, then judge described mobile subscriber equipment perception and the idle frequency spectrum information that reports by the authenticity verification; If inconsistent, then judge described mobile subscriber equipment perception and the idle frequency spectrum information that reports by the authenticity verification.
7. a communication system can communicate with subscriber equipment, it is characterized in that, comprising:
CR server: be used to store each regional spectrum information in the belonging network compass of competency, and the described mobile subscriber equipment perception that the CR management entity is transmitted and the idle frequency spectrum information that reports carries out the authenticity verification, is that the mobile subscriber equipment by the authenticity verification distributes frequency spectrum resource.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN200910089141.4A CN101990211B (en) | 2009-07-31 | 2009-07-31 | Method for network access, device and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN200910089141.4A CN101990211B (en) | 2009-07-31 | 2009-07-31 | Method for network access, device and system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN101990211A true CN101990211A (en) | 2011-03-23 |
| CN101990211B CN101990211B (en) | 2016-08-24 |
Family
ID=43746481
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN200910089141.4A Active CN101990211B (en) | 2009-07-31 | 2009-07-31 | Method for network access, device and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101990211B (en) |
Cited By (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102821441A (en) * | 2011-06-09 | 2012-12-12 | 中兴通讯股份有限公司 | Access device, method and terminal |
| WO2013097398A1 (en) * | 2011-12-31 | 2013-07-04 | 中兴通讯股份有限公司 | Method and terminal for optimizing use of spectrum resources |
| WO2013185486A1 (en) * | 2012-06-14 | 2013-12-19 | 华为技术有限公司 | Method for registering to database, terminal, access point, database, and communication system |
| WO2014032454A1 (en) * | 2012-08-29 | 2014-03-06 | 华为技术有限公司 | Method, apparatus, and system for unregistering device |
| CN104012145A (en) * | 2011-11-07 | 2014-08-27 | 高通股份有限公司 | Methods, systems, and devices of assistance information for flexible bandwidth carrier mobility |
| WO2015106393A1 (en) * | 2014-01-14 | 2015-07-23 | 华为技术有限公司 | Method, ue and base station for data transmission |
| CN105684488A (en) * | 2014-07-31 | 2016-06-15 | 华为技术有限公司 | Data transmission method and communication equipment |
| CN105706499A (en) * | 2014-05-30 | 2016-06-22 | 华为技术有限公司 | Frequency spectrum resource scheduling device, method and system |
| CN107005528A (en) * | 2014-11-12 | 2017-08-01 | 瑞典爱立信有限公司 | The wireless device hardware security system used for wireless frequency spectrum |
| US9848339B2 (en) | 2011-11-07 | 2017-12-19 | Qualcomm Incorporated | Voice service solutions for flexible bandwidth systems |
Family Cites Families (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7768252B2 (en) * | 2007-03-01 | 2010-08-03 | Samsung Electro-Mechanics | Systems and methods for determining sensing thresholds of a multi-resolution spectrum sensing (MRSS) technique for cognitive radio (CR) systems |
| CN101420758B (en) * | 2008-11-26 | 2010-04-21 | 北京科技大学 | Method for resisting simulated main customer attack in cognitive radio |
| CN101459445B (en) * | 2008-12-29 | 2013-03-06 | 浙江大学 | Cooperative spectrum sensing method in cognitive radio system |
-
2009
- 2009-07-31 CN CN200910089141.4A patent/CN101990211B/en active Active
Cited By (20)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102821441A (en) * | 2011-06-09 | 2012-12-12 | 中兴通讯股份有限公司 | Access device, method and terminal |
| CN102821441B (en) * | 2011-06-09 | 2018-08-21 | 南京中兴新软件有限责任公司 | A kind of access device, method and terminal |
| CN104012145B (en) * | 2011-11-07 | 2017-09-08 | 高通股份有限公司 | Method, system and the equipment of the auxiliary information moved for flexible bandwidth carrier wave |
| US10667162B2 (en) | 2011-11-07 | 2020-05-26 | Qualcomm Incorporated | Bandwidth information determination for flexible bandwidth carriers |
| CN104012145A (en) * | 2011-11-07 | 2014-08-27 | 高通股份有限公司 | Methods, systems, and devices of assistance information for flexible bandwidth carrier mobility |
| US10111125B2 (en) | 2011-11-07 | 2018-10-23 | Qualcomm Incorporated | Bandwidth information determination for flexible bandwidth carriers |
| US9848339B2 (en) | 2011-11-07 | 2017-12-19 | Qualcomm Incorporated | Voice service solutions for flexible bandwidth systems |
| WO2013097398A1 (en) * | 2011-12-31 | 2013-07-04 | 中兴通讯股份有限公司 | Method and terminal for optimizing use of spectrum resources |
| WO2013185486A1 (en) * | 2012-06-14 | 2013-12-19 | 华为技术有限公司 | Method for registering to database, terminal, access point, database, and communication system |
| CN103491604A (en) * | 2012-06-14 | 2014-01-01 | 华为技术有限公司 | Database registration method, terminal, access point, database and communication system |
| CN103491604B (en) * | 2012-06-14 | 2017-09-26 | 华为技术有限公司 | In the method for database registration, terminal, access point, database and communication system |
| CN103634898A (en) * | 2012-08-29 | 2014-03-12 | 华为技术有限公司 | Method, device and system for device logout |
| CN103634898B (en) * | 2012-08-29 | 2017-07-14 | 华为技术有限公司 | A kind of method of equipment cancellation, apparatus and system |
| WO2014032454A1 (en) * | 2012-08-29 | 2014-03-06 | 华为技术有限公司 | Method, apparatus, and system for unregistering device |
| WO2015106393A1 (en) * | 2014-01-14 | 2015-07-23 | 华为技术有限公司 | Method, ue and base station for data transmission |
| CN105706499A (en) * | 2014-05-30 | 2016-06-22 | 华为技术有限公司 | Frequency spectrum resource scheduling device, method and system |
| CN105684488A (en) * | 2014-07-31 | 2016-06-15 | 华为技术有限公司 | Data transmission method and communication equipment |
| US10212717B2 (en) | 2014-07-31 | 2019-02-19 | Huawei Technologies Co., Ltd. | Data transmission method and communications device |
| CN105684488B (en) * | 2014-07-31 | 2019-10-15 | 华为技术有限公司 | A kind of data transmission method and communication equipment |
| CN107005528A (en) * | 2014-11-12 | 2017-08-01 | 瑞典爱立信有限公司 | The wireless device hardware security system used for wireless frequency spectrum |
Also Published As
| Publication number | Publication date |
|---|---|
| CN101990211B (en) | 2016-08-24 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101990211B (en) | Method for network access, device and system | |
| Cao et al. | A survey on security aspects for 3GPP 5G networks | |
| EP2549785B1 (en) | Method and network side entity for authenticating communication devices | |
| CN109005540B (en) | A kind of method, apparatus and computer readable storage medium of secret key deduction | |
| US9706512B2 (en) | Security method and system for supporting re-subscription or additional subscription restriction policy in mobile communications | |
| KR102040231B1 (en) | Security and information supporting method and apparatus for using policy control in change of subscription to mobile network operator in mobile telecommunication system environment | |
| CN103179558B (en) | Group system group exhales encryption implementation method and system | |
| EP1707024B1 (en) | Improvements in authentication and authorization in heterogeneous networks | |
| CN105101158B (en) | Profile switching method, signal strength detection method and apparatus | |
| CN102111766B (en) | Network accessing method, device and system | |
| JP2019512942A (en) | Authentication mechanism for 5G technology | |
| EP2731382A2 (en) | Method for setting terminal in mobile communication system | |
| US10257698B2 (en) | Method and apparatus for managing security key in a near field D2D communication system | |
| CN104104516A (en) | Portal authentication method and device | |
| US10448286B2 (en) | Mobility in mobile communications network | |
| US20150229620A1 (en) | Key management in machine type communication system | |
| CN111818516B (en) | Authentication method, device and equipment | |
| EP2561696B1 (en) | Method and apparatus for machine communication | |
| Zhang et al. | Dynamic group based authentication protocol for machine type communications | |
| CN105763517A (en) | Router security access and control method and system | |
| CN115767517A (en) | Communication method, device and system | |
| CN102970680A (en) | Method and device for network switching | |
| US11722890B2 (en) | Methods and systems for deriving cu-up security keys for disaggregated gNB architecture | |
| KR101692917B1 (en) | Apparatus and method for security management of home IoT device | |
| CN101990207B (en) | Access control method, home base station (HBS) and HBS authorization server |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| TR01 | Transfer of patent right | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20210428 Address after: Unit 3401, unit a, building 6, Shenye Zhongcheng, No. 8089, Hongli West Road, Donghai community, Xiangmihu street, Futian District, Shenzhen, Guangdong 518040 Patentee after: Honor Device Co.,Ltd. Address before: 518129 headquarters building of Bantian HUAWEI base, Longgang District, Guangdong, Shenzhen Patentee before: HUAWEI TECHNOLOGIES Co.,Ltd. |