CN101990211B - Method for network access, device and system - Google Patents
Method for network access, device and system Download PDFInfo
- Publication number
- CN101990211B CN101990211B CN200910089141.4A CN200910089141A CN101990211B CN 101990211 B CN101990211 B CN 101990211B CN 200910089141 A CN200910089141 A CN 200910089141A CN 101990211 B CN101990211 B CN 101990211B
- Authority
- CN
- China
- Prior art keywords
- frequency spectrum
- network
- mobile subscriber
- subscriber equipment
- user
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Landscapes
- Mobile Radio Communication Systems (AREA)
Abstract
The embodiment of the invention discloses a kind of method for network access, device and system, relate to wireless communication field, take frequency real estate impact validated user for a long time for solution prior art CR user maliciously and use the problem of this frequency resource to invent.The method that the embodiment of the present invention provides, comprises the steps: mobile subscriber equipment perception the idle frequency spectrum information that reports are carried out authenticity verification;For distributing frequency spectrum resource by the mobile subscriber equipment of described authenticity verification, so that described mobile subscriber equipment carries out network insertion by above-mentioned distribution frequency spectrum resource.The present invention is applicable to GSM.
Description
Technical field
The present invention relates to wireless communication field, particularly relate to a kind of method for network access, device and system.
Background technology
Along with developing rapidly of radio communication, the demand of frequency band is improved constantly, and owing to existing frequency band divides
It is fixing for joining strategy, and frequency spectrum is not fully utilized.According to FCC (Federal
Communications Commission, FCC, is responsible for distribution and the authorization machine of frequency spectrum
Structure) report, from space-time two-dimension add up, the existing utilization rate of frequency spectrum that dispensed is between 15%-85%.
In order to make full use of frequency spectrum, existing fixed frequency spectrum distribution policy need to be changed, and use new technology to realize frequency
The dynamic high-efficiency of spectrum utilizes.Therefore, it has been proposed that employing cognitive radio (CR, Cognitive Radio)
Technology, CR is a kind of intelligent wireless communication network, and energy perception surrounding environment obtains information from surrounding environment,
And such as launch power by real-time change, the transmission such as carrier frequency and modulation system parameter adapts to running environment
Change, uses the idle frequency spectrum that other network in one's respective area is currently not used by and completes to communicate.
In order to better illustrate the operation principle of CR network, existing illustration: assume in certain CR network coverage
In the range of exist 5 frequencies that can be used for radio communication, be A, B, C, D, E frequency respectively, wherein, A,
B, C frequency is allocated to LTE (long time evolution, Long Term Evolution) network, and D, E frequency divides
(WIMAX, Worldwide Interoperability for Microwave is accessed to worldwide interoperability for microwave
Access) network.If now C frequency is idle, the mobile subscriber equipment of certain CR network, it is called for short CR user,
Perception C frequency is idle, then this CR user uses C frequency to the request of CR management entity, and CR management entity will
C frequency point allocation uses to CR user.After a period of time, LTE network needs to use C frequency, CR user
Exit C frequency, find idle frequency separately and use.
Inventor finds, if above-mentioned CR user is malicious user, then may take this C frequency for a long time,
Make validated user cannot use this C frequency resource;And prior art does not has offer prevent malice CR user
The method of access network.
Summary of the invention
Embodiments of the invention provide a kind of method for network access, device and system, it is possible to prevent malice CR from using
Family access network.
For reaching above-mentioned purpose, embodiments of the invention adopt the following technical scheme that
A kind of method for network access, including:
Mobile subscriber equipment perception the idle frequency spectrum information that reports are carried out authenticity verification;
For distributing frequency spectrum resource by the mobile subscriber equipment of described authenticity verification, so that described mobile subscriber
Equipment carries out network insertion by this frequency spectrum resource.
A kind of network equipment, including:
Verification unit: for mobile subscriber equipment perception the idle frequency spectrum information that reports are carried out authenticity school
Test;
Frequency spectrum allocation unit: for the mobile subscriber equipment distribution frequency spectrum resource for being verified by verification unit,
So that described mobile subscriber equipment carries out network insertion by described frequency spectrum resource.
A kind of communication system, including:
CR server: the spectrum information in each region in storing belonging network compass of competency, and CR is managed
Described mobile subscriber equipment perception the idle frequency spectrum information that reports that entity forwards carry out authenticity verification, for
Frequency spectrum resource is distributed by the mobile subscriber equipment of authenticity verification.
Method for network access, device and the system that the embodiment of the present invention provides, to mobile subscriber equipment perception also
The idle frequency spectrum information reported carries out authenticity verification, only by the access of the subscriber equipment of authenticity verification
Network request is just allowed to carry out security credential, thus avoids malice CR user access network.
Accompanying drawing explanation
Fig. 1 is the flow chart of an embodiment of inventive network cut-in method.
Fig. 2 is the flow chart of an embodiment of inventive network cut-in method application scenarios 1.
Fig. 3 is the flow chart of another embodiment of inventive network cut-in method application scenarios 1.
Fig. 4 is the flow chart of another embodiment of inventive network cut-in method application scenarios 1.
Fig. 5 is the flow chart of an embodiment of inventive network cut-in method application scenarios 2.
Fig. 6 is the structural representation of an embodiment of inventive network device.
Fig. 7 is the structural representation of an embodiment of communication system of the present invention.
Fig. 8 is that the present invention shares safe floor schematic diagram.
Detailed description of the invention
The method for network access, the Apparatus and system that there is provided the embodiment of the present invention below in conjunction with the accompanying drawings are carried out in detail
Describe.
One embodiment of inventive network cut-in method is as it is shown in figure 1, include:
S101, mobile subscriber equipment perception the idle frequency spectrum information that reports are carried out authenticity verification.
CR management entity can mobile subscriber equipment reports in the range of collection management idle frequency spectrum information, and will
Above-mentioned information issues CR server, and CR server is by the movement of described idle frequency spectrum information with book server storage
Real idle frequency spectrum information corresponding to subscriber equipment position is compared, if consistent, described movement
Subscriber equipment passes through authenticity verification, and inconsistent, described mobile subscriber equipment does not passes through authenticity verification.
In said process, CR management entity can detect region, mobile subscriber equipment position, or also
The information of the above-mentioned band of position of acquisition of information that can be reported by mobile subscriber equipment.And by this band of position
Information be sent to CR server so that CR server can set according to the above-mentioned mobile subscriber of this acquisition of information
The real idle frequency spectrum information that standby position is corresponding.
S102, it is to distribute frequency spectrum resource by the mobile subscriber equipment of authenticity verification, mobile uses so that described
Family equipment carries out network insertion by this frequency spectrum resource.
The present embodiment carries out authenticity verification to mobile subscriber equipment perception the idle frequency spectrum information that reports, only
The access network request having the subscriber equipment by authenticity verification is just allowed to carry out security credential, thus
Avoid malice CR user access network, also and then avoid this malice CR user and take Internet resources for a long time and make
Validated user cannot normally use Internet resources.
The application scenarios of CR network is divided into two classes at present: application scenarios 1, CR network is as a single net
Network, the CR user in this CR network is accessed by the spectrum information of the perception other network in addition to this CR network
To this CR network, and communicated by this CR network insertion master network;Or CR user utilizes other net
The mandate frequency range of network, is communicated by other network insertion master network above-mentioned.Application scenarios 2, CR network
Not as a single network, but depend on other network, such as: LTE, CDMA (Code-Division
Multiple Access, CDMA) 2000 etc.;Can increase corresponding as required in these networks
CR server, such as: frequency spectrum signing and authorization server, applies the security mechanism of depended on network to be authenticated
Authorize.CR user utilizes the idle frequency spectrum of other network outside the depended on network of CR technical limit spacing to realize network
Accessing, above-mentioned idle frequency spectrum is for authorizing frequency spectrum or unlicensed spectrum.
Difference below as application scenarios illustrates respectively.
Being illustrated in figure 2 an embodiment of application scenarios 1, its main process includes:
S201, CR user's perception idle frequency spectrum information.
This idle frequency spectrum information can be in the case of this CR network available free spectrum shortage, and CR user feels
The idle frequency spectrum information of other network known.
S202, CR user reports this idle frequency spectrum information by CR management entity to CR server.
The authenticity of idle frequency spectrum information described in S203, CR server authentication.
CR management entity is in order to realize the functions such as the network connection establishment of CR user, switching control, and CR services
Device is previously provided with the relevant parameter for authenticity verification, such as includes the frequency spectrum letter of CR user region
Breath, this spectrum information can be previously stored on CR server or by believable CR management entity by sense
The ability of knowing is collected the spectrum information of each user, then reports this CR server.CR management entity connects
Receive CR user's perception the idle frequency spectrum information reported, issue CR server and carry out authenticity verification, if
The idle frequency spectrum of the position of CR reporting of user is consistent with the idle frequency spectrum in this region that CR server stores,
Described CR user's perception the idle frequency spectrum information reported pass through authenticity verification, and CR server is that this CR uses
Family equipment distribution frequency spectrum resource;If the idle frequency spectrum of the position of CR reporting of user is deposited with CR server
The idle frequency spectrum in this region of storage is inconsistent, and described CR user fully feels the idle frequency spectrum information known and report does not leads to
Cross authenticity verification.
S204, CR server is that this CR user distributes frequency spectrum resource.
If above-mentioned authenticity verification passes through, CR server is can to distribute other network sky above-mentioned for CR user
Ideler frequency spectrum resource.
S205, CR user utilizes the frequency spectrum resource of this distribution to send access network request message to CR management entity.
Described access network request can comprise the user identity of CR, the information such as access security mechanism of support.
S206, CR management entity is to CR server report of user identity, and searches negotiation CR user and network
Between use security mechanism.
S207, CR server responds identity information and the security information of user to CR management entity, and it is right to complete
The authentication of CR user and safety certification.
By step S206 and S207, between CR user and network, carry out two-way authentication and key Establishing process.
Authentication protocol is carried out according to the result consulted in S203.Described authentication protocol can use well known in the art to be recognized
Card agreement: such as: EAP-AKA (Extensible Authentication Protocol-Authentication
And Key Agreement, Extensible Authentication Protocol-Authentication and Key Agreement) or EAP-SIM (Extensible
Authentication Protocol Method for Global System for Mobile
Communications (GSM) Subscriber Identity Modules, global system for mobile communications is used
The Extensible Authentication Protocol of family identity equipment) etc. as authentication mode.
S208, CR management entity sends access response to CR user.
S209, CR user accesses CR network.
Hereafter, it is also possible to including: if CR user exits CR network, CR user informs that CR management entity is released
Put the frequency spectrum resource distributing to described CR user.
In the present embodiment, it is achieved that at CR network as under the scene of an individual networks, CR server pair
The idle frequency spectrum information that CR user is reported carries out authenticity verification, only by the user of this authenticity verification
The access network request of equipment is just allowed to carry out security credential, it is to avoid malice CR user access network,
Also and then avoid this malice CR user and take Internet resources for a long time and make validated user cannot normally use network to provide
Source.
Another embodiment of application scenarios 1, its main process includes:
At CR network and other master network and in the case of depositing, master network receives the access of mobile subscriber equipment please
Asking, in the middle of reality, master network can be WLAN (Wireless Local Area Network, wireless local
Net), WIMAX, CDMA 2000 and LTE network, and other uses the future network of CR technology.
Concrete as it is shown on figure 3, include:
Idle frequency spectrum information in S301, CR other master network of user's perception.
S302, CR user reports this idle frequency spectrum information by CR management entity to CR server.
The authenticity of idle frequency spectrum information described in S303, CR server authentication.
S304, CR server is that this CR user distributes frequency spectrum resource.
S305, CR user utilizes above-mentioned idle frequency spectrum resource to send access request message to master network.
Or, CR user is linked into master network by the instruction of CR management entity.
S306, master network server to the server request CR user profile of CR.
The User Identity of S307, CR whois lookup CR user, and produce user security contextual information
And authorization message.
Key that described Security Context Information includes needing in identifying procedure, sequence number, counter, existence
The information such as phase.
S308, CR server produces user profile response, is sent to the server of master network.
Described user profile respond packet contains User Identity, Security Context Information and authorization message.
S309, primary networking service device carry out authentication and close according to the user profile response obtained and CR user
The flow process that key is set up.
Concrete authentication mechanism can select according to the authentication mechanism supported common between master network and CR user
Select.
S310, master network response access request, completes registration or attachment.
S311, CR user enjoys the service that master network provides.
When the mobile subscriber equipment of master network needs to use the frequency spectrum resource distributing to CR user, change distribution
To the frequency spectrum resource of CR user, during frequency spectrum resource changes, omit authenticity verification and safety certification,
Frequency spectrum resource is distributed for this CR user from idle frequency spectrum.
S312, CR user is unregistered flow process at master network.
The triggering of CR user log off reason may is that: business service terminates, CR user exits, authorize terminate,
The reasons such as network congestion.
S313, primary networking service device send notice message to CR server.
S314, CR server deletes the relevant information of CR user.
Described relevant information includes the frequency spectrum resource of CR CU.
The method provided by the present embodiment, at CR network and other master network and in the case of depositing, it is achieved that
The verification to CR reporting of user information authenticity of the CR server, and at this authenticity verification by rear to the free time
The distribution of frequency spectrum resource so that CR user accesses above-mentioned master network and by master network by this idle frequency spectrum resource
Server carries out authentication etc.;Thus avoid malice CR user access network, also and then avoid this evil
Meaning CR user takies Internet resources for a long time makes validated user cannot normally use Internet resources.
Another embodiment of application scenarios 1, it differs primarily in that with a upper embodiment, the present embodiment
In carried out the authentication of CR user by CR server.Main process includes:
Concrete the most as shown in Figure 4, including:
Step S401-S405 is roughly the same with step S301-S305 in a upper embodiment, does not repeats them here.
After S406, primary networking service device receive the access request of CR user, determine to be completed by CR server
Certification to CR user.
S407, primary networking service device send identity request to CR server.
Described identity request comprises the identity of CR and the security capabilities of CR.
CR user is authenticated by S408, CR server.
After S409, certification success, the authorization message of the server interaction user of CR server and master network.
S410, primary networking service device carry out authentication and close according to the user profile response obtained and CR user
The flow process that key is set up.
S411, primary networking service device are to CR server for authentication information and the key material of response, as connecing
The root key of incoming link protection.
Step S412-S416 is roughly the same with step S310-S314 in a upper embodiment, does not repeats them here.
The method provided by the present embodiment, at CR network and other master network and in the case of depositing, it is achieved that
The verification to CR reporting of user information authenticity of the CR server, and at this authenticity verification by rear to the free time
The distribution of frequency spectrum resource so that CR user accesses above-mentioned master network by this idle frequency spectrum resource and taken by CR
Business device carries out authentication etc.;Thus avoid malice CR user access network, also and then avoid this malice
CR user takies Internet resources for a long time makes validated user cannot normally use Internet resources.
In application scenarios 1, CR, as a single network, can comprise mobile subscriber in actual application and set
Standby, the management entity of CR network, CR server, and the entity such as the customer data base of CR network.Described
CR server can also be aaa server or other complete the server of security function.For realizing above-mentioned enforcement
Method in example, the present invention proposes a kind of shared safe floor, in way of realization, can be in CR network
The management entity of mobile subscriber equipment and CR network increases secure processing module, to realize sharing on safe floor
The safe handling function supported.
Above-mentioned shared safe floor is formulated with CR management entity and CR server for CR user, main merit
Can be the authenticity of the idle frequency spectrum information of checking CR reporting of user, provide certification, key to exchange, add password protection
Protect, integrity protection function, as shown in Figure 8, be divided into three sublayers: access sublayer, safe handling layer and
Abnormality processing layer.
Access sublayer for realizing CR management entity to the scheduling of idle frequency spectrum, CR user to ambient signals intensity
Deng detection status information, spectrum information, the collection of positional information, the negotiation etc. between CR user.
Safe handling sublayer is primary layers, consults for realizing the service strategy between operator, CR user
And the negotiation between CR management entity.At this layer, CR server completes CR reporting of user information true
The verification of reality, and at this authenticity verification by the rear distribution to idle frequency spectrum resource, thus decision is
No permission CR user uses and idle frequency spectrum resource detected.CR management entity and CR user and CR server
Or the security function of other webservers includes two-way authentication, the exchange of key, encipherment protection, integrality
The functions such as protection.
Abnormality processing layer, for processing the unusual condition of CR user security, monitors the abnormal behaviour of CR user.
Share safe floor position in protocol layer, can be deployed under Internet.Access sublayer and be responsible for place
The spectrum information of reason low layer perception, and process the result of the negotiation of perception information between CR user, CR server
According to its authenticity of the information checking reported, and the basis that the result of verification is processed as upper strata, as CR uses
The spectrum information that spectrum information that family reports and CR management entity obtain or be saved in CR server exists
There is the feature of obvious malicious attack in significantly error, or the information of CR reporting of user, or CR uses
The positional information at family and the biggest difference of the existence of preservation, then CR server can directly refuse the access of CR,
Do not send certification request, process as abnormal conditions.Security Sublayer is responsible for the negotiation of security mechanism, recognizes
Card and key exchange, and the process of cryptographic integrity protection.Meanwhile, Security Sublayer can process different operation
Security strategy between business, e.g., its security mechanism supported, the algorithm etc. of support.
Sharing in the entity involved by safe floor, CR management entity and CR user and CR server are joined jointly
Close the perception of idle frequency spectrum, distributed and use;The process of Security Sublayer relates to CR user, and CR manages real
The database that body, CR server and CR are relevant, completes authentication mode and consults, the security function of certification;Different
Often processor processes the abnormal behaviour of CR user and relevant exception policy.In above-mentioned functions, abnormality processing
Exception handling in sublayer is essential, the verification to CR reporting of user information authenticity of the CR server,
And at this authenticity verification by the rear distribution to idle frequency spectrum resource, CR authenticating user identification, add password protection
Protecting, integrity protection, key distribution management, the negotiation between CR user and management entity must be selected, fortune
Between battalion business, service strategy is optional.Accessing sublayer hollow spare time dynamic spectrum resource management, signal strength detection is divided
Analysis, location management is essential, and the negotiation between CR user is optional.
Share safe floor and be deployed in CR user, CR management entity and the service of CR as an independent level
In device.Exception handler is deployed in CR management entity as a functional module.CR management entity is responsible for connecing
Enter the management in territory, switching control, connection establishment etc..CR server comprise frequency spectrum deliver for a check, certification, charging,
Authorize, user profile, policy control, the function such as spectrum management, distribution.
Interactive authentication between CR user and CR management entity and CR server, supports multiple safe mechanism,
To support more terminal authentication means, including:
A, mode EAP authentication method (EAP-AKA/EAP-SIM) based on shared key etc., but on being not limited to
State two ways;
B, mode based on certificate.
Encipherment protection and integrity protection use the key produced by certification to derive, and the encryption of support is calculated
Method and identifying algorithm: DES (Data Encryption Standard, digital encryption standard), AES (Advanced
Encryption Standard, Advanced Encryption Standard), RSA, HMAC (Hash Message Authentication
Code, message error detection code based on Hash), 3-DES (Triple DES, triple des), SNOW 3G (should
AES language integral algorithm for 3G system) etc..
CR management entity is consulted the content of the security mechanism of use between CR user and network and is specifically included that primary user
Avoidance mechanism during appearance, frequency spectrum authorize use etc..If CR management entity perceives primary user, also
Be exactly the validated user of the frequency spectrum resource that CR user is currently in use, then CR user exits;CR management entity is protected
Deposit the list of CR user's request, depending on the priority of process can be according to corresponding strategy;CR user with
Access authentication mode between CR management entity is determined according to the ability of CR user by CR management entity.But
The concrete operations of safety certification are performed by CR server.
Above-mentioned shared safe floor supports the verification to CR reporting of user information authenticity of the CR server, Yi Ji
This authenticity verification is by the rear distribution to idle frequency spectrum resource;Support multiple authentication mode and agreement simultaneously,
Realize CR server to the certification of CR user and mandate by the authentication mode supported, and support and authenticating party
The processing method of the multiple key that formula is corresponding.
One embodiment of application scenarios 2, in the present embodiment, CR is used in certain network as a kind of technology.
If this network exists the equipment that can realize CR function, then directly these equipment can be used as CR management real
Body and CR server, such as: above-mentioned CR management entity can be: the MME (Mobility in LTE network
Management Entity, mobile management entity), or the ASN GW (Access in WIMAX network
Service network, access business network) etc.;Above-mentioned CR server can be: the HSS in LTE network
(Home Subscriber Server, home subscriber server), or the AAA in WIMAX network
(Authorization, Authentication and Accounting, Authorization, Authentication and Accounting) takes
Business device etc..If this network does not exist the equipment that can realize CR function originally, then can increase CR management newly real
Body and CR server, to realize CR function.Mobile subscriber equipment UE utilizes the depended on net of CR technical limit spacing
The idle frequency spectrum of other network outside network realizes network insertion, and the present embodiment is to be applied to WIMAX by CR technology
Network also obtains as a example by idle frequency spectrum resource from LTE network, and wherein, WIMAX network and LTE network belong to one together
Individual core net, the present embodiment is concrete as it is shown in figure 5, include:
S501, mobile subscriber equipment UE select to be attached to WIMAX network.
S502, UE perceive the idle frequency spectrum information in LTE network.
S503, UE report this idle frequency spectrum information by CR management entity to CR server.
If in actual process, idle frequency spectrum shortage available in present networks is so that UE can only perceive
The idle frequency spectrum of other network of non-present networks, the idle frequency spectrum information perceived equally is passed through CR by UE
Management entity reports to CR server.Corresponding, in S505, CR server can be by described non-
The idle frequency spectrum of other network of network distributes to UE.As, in the present embodiment, although mobile subscriber equipment
At WIMAX network, but the idle frequency spectrum information of equally perception LTE network.
The authenticity of idle frequency spectrum information described in S504, CR server authentication.
S505, CR server is that this UE distributes frequency spectrum resource.
S506, UE utilize the idle frequency spectrum of distribution to adhere at WIMAX network.
S507, UE carry out device authentication and user authentication at WIMAX network.
Above-mentioned user authentication can be complete authentication mode (full authentication) or rapid authentication
Mode (fast re-authentication).
S508, UE enjoy the service that WIMAX network provides.
S509, UE are unregistered flow process at WIMAX network.
The triggering of mobile subscriber equipment UE deregistration reason may is that: business service terminates, UE exits, authorize knot
The reasons such as bundle, network congestion.
S510, WIMAX network sends notice message to CR server.
S511, CR server deletes the relevant information of UE.
Described relevant information includes the frequency spectrum resource that UE takies.
S512, WIMAX network deletes Security Context Information.
When CR is applied to existing network or future network as a kind of enabling tool, apply the safe machine of former network
System is authenticated the process authorized.User can use in other networks in certain band limits and perceive sky
Ideler frequency spectrum access network carries out business service.The method provided by the present embodiment, is enabled as one at CR
Technology is applied in the case of other network, it is achieved that CR server is to CR reporting of user information authenticity
Verification, and at this authenticity verification by the rear distribution to idle frequency spectrum resource so that CR user is by being somebody's turn to do
Idle frequency spectrum resource accesses above-mentioned network and is carried out authentication etc. by CR server;Thus avoid malice CR
User access network, also and then avoid this malice CR user and take Internet resources for a long time and make the validated user cannot
Normally use Internet resources.
In the embodiment that Fig. 5 is corresponding, this UE can also be after by above-mentioned authenticity verification, by accessing LTE
Network enjoys service, and the method in the embodiment that concrete access way is corresponding with Fig. 4 is roughly the same, at this not
Repeat again.
One embodiment of inventive network device as shown in Figure 6, including:
Verification unit 601: for mobile subscriber equipment perception the idle frequency spectrum information that reports are carried out authenticity
Verification.
This verification unit 601 is by described idle frequency spectrum information and the mobile subscriber equipment position being previously stored
Corresponding real idle frequency spectrum information is compared, if consistent, described mobile subscriber equipment is by true
Property verification, inconsistent, described mobile subscriber equipment does not passes through authenticity verification.
Frequency spectrum allocation unit 602: provide for the mobile subscriber equipment distribution frequency spectrum for being verified by verification unit
Source, so that described mobile subscriber equipment carries out network insertion by above-mentioned distribution frequency spectrum resource.
Wherein, described verification unit 601 may further include:
Storing sub-units 6011: the spectrum information in each region in storing belonging network compass of competency.
Described spectrum information can be obtained by the detection of CR management entity, is then forwarded to storing sub-units 6011, also
Storing sub-units 6011 can be reported by other mobile subscriber equipment.
Receive subelement 6012: for receiving mobile subscriber equipment perception the idle frequency spectrum information reported.
Judge subelement 6013: for judging idle frequency spectrum and storage of position that mobile subscriber reports
The idle frequency spectrum in this region of unit 6011 storage is the most consistent,
If consistent, then judge that described mobile subscriber equipment perception the idle frequency spectrum information reported are passed through true
Property verification;
If it is inconsistent, judge that described mobile subscriber equipment perception the idle frequency spectrum information reported are not passed through
Authenticity verification.
Above-mentioned network equipment can be the CR server in CR network, or can undertake CR in other network
The entity of server capability, such as: the aaa server etc. in the HSS in LTE network, or WIMAX network.
Apparatus above is capable of whole mistakes of the inventive network cut-in method embodiment shown in Fig. 1 to Fig. 5
Journey, concrete steps are shown in embodiment of the method, do not repeat at this.
Mobile subscriber equipment perception the idle frequency spectrum information that reports are entered by this device embodiment by verification unit
Row authenticity verification, only is just allowed to carry out by the access network request of the subscriber equipment of authenticity verification
Security credential, thus avoid malice CR user access network, also and then avoid this malice CR and use the head of a household
Phase takies Internet resources makes validated user cannot normally use Internet resources.
One embodiment of communication system of the present invention is as it is shown in fig. 7, this system can be entered with mobile subscriber equipment
Row communication, including:
CR server 701: the spectrum information in each region in storing belonging network compass of competency, and to CR
Described mobile subscriber equipment perception the idle frequency spectrum information that reports that management entity 702 forwards carry out authenticity
Verification, for distributing frequency spectrum resource by the mobile subscriber equipment of authenticity verification.
System above is capable of whole mistakes of the inventive network cut-in method embodiment shown in Fig. 1 to Fig. 5
Journey, concrete steps are shown in embodiment of the method, do not repeat at this.
Mobile subscriber equipment perception the idle frequency spectrum information that reports are carried out truly by above communications system embodiment
Property verification, only be just allowed to carry out security by the access network request of the subscriber equipment of authenticity verification
Certification, thus avoid malice CR user access network, also and then avoid this malice CR user and take for a long time
Internet resources make validated user cannot normally use Internet resources.
One of ordinary skill in the art will appreciate that all or part of flow process realizing in above-described embodiment method,
Can be by computer program and complete to instruct relevant hardware, described program can be stored in a calculating
In machine read/write memory medium, this program is upon execution, it may include such as the flow process of the embodiment of above-mentioned each method.
Wherein, described storage medium can be magnetic disc, CD, read-only store-memory body (Read-Only Memory,
Or random store-memory body (Random Access Memory, RAM) etc. ROM).
The above, the only detailed description of the invention of the present invention, but protection scope of the present invention is not limited to
This, any those familiar with the art, in the technical scope that the invention discloses, can readily occur in
Change or replacement, all should contain within protection scope of the present invention.Therefore, protection scope of the present invention should
It is as the criterion with scope of the claims.
Claims (5)
1. a method for network access, it is characterised in that including:
Network equipment obtains the position of mobile subscriber equipment;
The idle frequency spectrum information by mobile subscriber equipment perception and reported and the mobile subscriber equipment institute of self storage
The real idle frequency spectrum information corresponding in position is compared;If consistent, the most described mobile subscriber equipment
Pass through authenticity verification;If it is inconsistent, described mobile subscriber equipment does not passes through authenticity verification;
Described network equipment is to distribute frequency spectrum resource by the mobile subscriber equipment of described authenticity verification, so that
Described mobile subscriber equipment carries out network insertion by described frequency spectrum resource.
Method for network access the most according to claim 1, it is characterised in that described method for network access
It is applied under the cognitive radio CR network scene as a single network, to described mobile subscriber equipment
Perception the idle frequency spectrum information reported carry out authenticity verification, including:
CR server in described CR network receives the described mobile subscriber equipment perception that CR management entity forwards
And the idle frequency spectrum information reported, and described idle frequency spectrum information is carried out authenticity verification.
Method for network access the most according to claim 1, it is characterised in that described method for network access
Being applied in the network of use CR technology, described mobile subscriber equipment is in the network of described use CR technology
In;
The most described mobile subscriber equipment perception the idle frequency spectrum information that reports are carried out authenticity verification, including:
By the network of described use CR technology to described mobile subscriber equipment perception the sky of other network that reports
Ideler frequency spectrum information carries out authenticity verification.
4. a network equipment, it is characterised in that including:
Verification unit: include storing sub-units, receive subelement and judge subelement;
Wherein, storing sub-units: the spectrum information in each region in storing belonging network compass of competency;
Receive subelement: for receiving mobile subscriber equipment perception the idle frequency spectrum information reported;
Judge subelement: for judging idle frequency spectrum and storage of position that mobile subscriber equipment reports
The idle frequency spectrum in this region of unit storage is the most consistent;If consistent, then judge described mobile subscriber equipment
Perception the idle frequency spectrum information reported pass through authenticity verification;If it is inconsistent, judge described mobile use
Family device-aware the idle frequency spectrum information reported do not pass through authenticity verification;
Frequency spectrum allocation unit: for the mobile subscriber equipment distribution frequency spectrum resource for being verified by verification unit,
So that described mobile subscriber equipment carries out network insertion by the frequency spectrum resource of above-mentioned distribution.
5. a communication system, it is possible to communicate with mobile subscriber equipment, it is characterised in that including:
CR server: the spectrum information in each region in storing belonging network compass of competency, and CR is managed
Mobile subscriber equipment perception the idle frequency spectrum information that reports that entity forwards set with the mobile subscriber self stored
The real idle frequency spectrum information corresponding for position is compared;If consistent, the most described mobile subscriber
Equipment passes through authenticity verification;If it is inconsistent, described mobile subscriber equipment does not passes through authenticity verification;
And be to distribute frequency spectrum resource by the mobile subscriber equipment of authenticity verification.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN200910089141.4A CN101990211B (en) | 2009-07-31 | 2009-07-31 | Method for network access, device and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN200910089141.4A CN101990211B (en) | 2009-07-31 | 2009-07-31 | Method for network access, device and system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN101990211A CN101990211A (en) | 2011-03-23 |
| CN101990211B true CN101990211B (en) | 2016-08-24 |
Family
ID=43746481
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN200910089141.4A Active CN101990211B (en) | 2009-07-31 | 2009-07-31 | Method for network access, device and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101990211B (en) |
Families Citing this family (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102821441B (en) * | 2011-06-09 | 2018-08-21 | 南京中兴新软件有限责任公司 | A kind of access device, method and terminal |
| US9516531B2 (en) | 2011-11-07 | 2016-12-06 | Qualcomm Incorporated | Assistance information for flexible bandwidth carrier mobility methods, systems, and devices |
| US9848339B2 (en) | 2011-11-07 | 2017-12-19 | Qualcomm Incorporated | Voice service solutions for flexible bandwidth systems |
| CN103188711A (en) * | 2011-12-31 | 2013-07-03 | 中兴通讯股份有限公司 | Method and terminal of optimizing frequency spectrum resource using |
| CN103491604B (en) * | 2012-06-14 | 2017-09-26 | 华为技术有限公司 | In the method for database registration, terminal, access point, database and communication system |
| CN103634898B (en) * | 2012-08-29 | 2017-07-14 | 华为技术有限公司 | A kind of method of equipment cancellation, apparatus and system |
| CN105191384B (en) * | 2014-01-14 | 2020-01-17 | 华为技术有限公司 | Data transmission method, UE and base station |
| WO2015180117A1 (en) * | 2014-05-30 | 2015-12-03 | 华为技术有限公司 | Frequency spectrum resource scheduling device, method and system |
| JP6490188B2 (en) | 2014-07-31 | 2019-03-27 | 華為技術有限公司Huawei Technologies Co.,Ltd. | Data transmission method and communication device |
| US20180295507A1 (en) * | 2014-11-12 | 2018-10-11 | Telefonaktiebolaget Lm Ericsson (Publ) | Radio Device Hardware Security System for Wireless Spectrum Usage |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101262288A (en) * | 2007-03-01 | 2008-09-10 | 三星电机株式会社 | Systems and methods for determining sensing thresholds of a multi-resolution spectrum sensing (MRSS) technique for cognitive radio (CR) systems |
| CN101420758A (en) * | 2008-11-26 | 2009-04-29 | 北京科技大学 | Method for resisting simulated main customer attack in cognitive radio |
| CN101459445A (en) * | 2008-12-29 | 2009-06-17 | 浙江大学 | Cooperative spectrum sensing method in cognitive radio system |
-
2009
- 2009-07-31 CN CN200910089141.4A patent/CN101990211B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101262288A (en) * | 2007-03-01 | 2008-09-10 | 三星电机株式会社 | Systems and methods for determining sensing thresholds of a multi-resolution spectrum sensing (MRSS) technique for cognitive radio (CR) systems |
| CN101420758A (en) * | 2008-11-26 | 2009-04-29 | 北京科技大学 | Method for resisting simulated main customer attack in cognitive radio |
| CN101459445A (en) * | 2008-12-29 | 2009-06-17 | 浙江大学 | Cooperative spectrum sensing method in cognitive radio system |
Non-Patent Citations (1)
| Title |
|---|
| Toward secure distributed spectrum sensing in cognitive radio;Ruiliang Chen等;《Communications Magazine, IEEE》;20080430;第46卷(第4期);第50-55页 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN101990211A (en) | 2011-03-23 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101990211B (en) | Method for network access, device and system | |
| Cao et al. | A survey on security aspects for 3GPP 5G networks | |
| US11785466B2 (en) | Method and system for IoT code and configuration using smart contracts | |
| Jover et al. | Security and protocol exploit analysis of the 5G specifications | |
| US7461248B2 (en) | Authentication and authorization in heterogeneous networks | |
| US7822406B2 (en) | Simplified dual mode wireless device authentication apparatus and method | |
| CN102111766B (en) | Network accessing method, device and system | |
| CN103596173A (en) | Wireless network authentication method, client wireless network authentication device, and server wireless network authentication device | |
| US11496522B2 (en) | Digital on-demand coupons for security service of communications system | |
| CN107005927A (en) | Cut-in method, equipment and the system of user equipment (UE) | |
| CN107094127B (en) | Processing method and device, and obtaining method and device of security information | |
| US11412386B2 (en) | Cybersecurity system for inbound roaming in a wireless telecommunications network | |
| WO2013118096A1 (en) | Method, apparatus and computer program for facilitating secure d2d discovery information | |
| CN113518312B (en) | Communication method, device and system | |
| EP3324681B1 (en) | Processing method and device for accessing to 3gpp network by terminal | |
| KR20230011423A (en) | Communication protection method and device | |
| US20230247434A1 (en) | Cybersecurity system for outbound roaming in a wireless telecommunications network | |
| CN105763517A (en) | Router security access and control method and system | |
| KR101692917B1 (en) | Apparatus and method for security management of home IoT device | |
| US20230275921A1 (en) | Cybersecurity system for services of interworking wireless telecommunications networks | |
| Settembre | A 5g core network challenge: Combining flexibility and security | |
| CN103916849A (en) | Method and apparatus for wireless LAN communication | |
| CN115706997A (en) | Authorization verification method and device | |
| Michalas et al. | From NEA and NIA to NESAS and SCAS: Demystifying the 5G Security Ecosystem | |
| CN117255340B (en) | Bluetooth communication method, device, system, storage medium and electronic equipment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| TR01 | Transfer of patent right | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20210428 Address after: Unit 3401, unit a, building 6, Shenye Zhongcheng, No. 8089, Hongli West Road, Donghai community, Xiangmihu street, Futian District, Shenzhen, Guangdong 518040 Patentee after: Honor Device Co.,Ltd. Address before: 518129 headquarters building of Bantian HUAWEI base, Longgang District, Guangdong, Shenzhen Patentee before: HUAWEI TECHNOLOGIES Co.,Ltd. |