CN102223634A - Method and device for controlling mode of accessing user terminal into Internet - Google Patents
Method and device for controlling mode of accessing user terminal into Internet Download PDFInfo
- Publication number
- CN102223634A CN102223634A CN2010101497691A CN201010149769A CN102223634A CN 102223634 A CN102223634 A CN 102223634A CN 2010101497691 A CN2010101497691 A CN 2010101497691A CN 201010149769 A CN201010149769 A CN 201010149769A CN 102223634 A CN102223634 A CN 102223634A
- Authority
- CN
- China
- Prior art keywords
- subscriber equipment
- indication information
- authentication
- access
- network mode
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W48/00—Access restriction; Network selection; Access point selection
- H04W48/08—Access restriction or access information delivery, e.g. discovery data delivery
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
The invention discloses a method and a device for controlling a mode of accessing a user terminal into Internet. The method and the device are used for solving the technical problem that operators cannot control whether user equipment (UE) accesses Internet through operator 3rd generation partnership project (3GPP) core network when the UE cannot access Internet through a wireless local area network (WLAN). An authentication authorized billing server is used for transmitting indication information to the UE to indicate a mode that the UE accesses Internet; and when the UE accesses Internet through the WLAN, the UE can selectively access Internet directly or is connected to the core network to access Internet according to the indication information. By the method and the device, the core network can control the mode that the UE accesses into the Internet according to the indication information, so that when accessing Internet through the WLAN, the user terminal can access Internet directly without passing through the core network, the UE acquires enough access bandwidth under some conditions (when the flow load of the core network is overlarge); therefore, user experiences are improved.
Description
Technical field
The present invention relates to communication technical field, relate in particular to a kind of UE inserts interconnected network mode by WLAN (wireless local area network) control method and device.
Background technology
Usually, subscriber equipment need pass through wlan access network (Wireless Local Area NetworkAccess Network, WLAN AN) and be linked into following wireless core network: the packet-based core networks of evolution, mutual WLAN, micro-wave access global inter communication network, CDMA access metwork network.
Fig. 1 is according to the mutual WLAN of the non-3GPP network insertion of correlation technique (InterworkingWireless Local Area Network, I-WLAN) network architecture schematic diagram, wherein, I-WLAN is meant one and third generation partner program (3rd Generation Partnership Project, the 3GPP) wlan network of network interaction.Mutual purpose is to make that the WLAN access technology can (General Packet Radio Service, GPRS) core-network infrastructure cooperation be so that the subscriber equipment of WLAN can insert the GPRS packet service by the WLAN access network with GPRS.As shown in Figure 1, comprising: I-WLAN core net, subscriber equipment (User Equipment, UE), the IP operation that provides of WLAN AN and operator.Wherein, the I-WLAN core net further comprises packet data gateway (Packet DataGateway, PDG), 3GPP authentication and authorization charging server (3GPP AAA Server), home subscriber server (Home Subscriber Server, HSS), wherein, the HSS vector that is used for storaging user data and generates authentication usefulness in the access authentication of user process.
Fig. 2 is non-3GPP network insertion evolution block core net (the Evolved PacketCore network according to correlation technique, EPC) network architecture schematic diagram, as shown in Figure 2, EPC comprises: evolution packet data gateway (Evolved Packet Data Gateway, ePDG), grouped data network gateway (Packet DataNetwork GateWay, P-GW), 3GPP AAA Server, HSS, wherein, the HSS vector that is used for storaging user data and generates authentication usefulness in the access authentication of user process.
Among Fig. 2, EPC can with non-3GPP network interworking, P-GW is that (PacketData Network, borde gateway PDN) are responsible for the access of PDN, and are responsible for transmitting between EPC and PDN function such as data for EPC and Packet Data Network.When operator thought that wlan network is trusted, WLAN AN can directly link to each other with P-GW; When operator thought that WLANAN is trustless, WLANAN need link to each other with ePDG.Therefore, said method can be guaranteed safety of data transmission and confidentiality between UE and the ePDG.UE can also insert EPC by other access networks in addition, comprises the Radio Access Network of 3GPP self definition.
Fig. 3 is interaction diagrams of carrying out access authentication when inserting the wireless local Access Network according to the subscriber equipment of correlation technique, as shown in Figure 3, comprises that following step S302 is to step S303:
Step S301, subscriber equipment set up the WLAN wireless connections.
Step S302, WLAN AN sends Extensible Authentication Protocol (Extensible AuthenticationProtocol to UE, EAP) request/identity message, request UE provides identity to network, UE is after receiving EAP request/identity message, (Network Access Identification NAI) replys message by EAP and sends to WLANAN with the corresponding network access sign.
Step S303, (Authentication, Authorization andAccounting AAA) carry out access authentication flow processs such as algorithm secret key negotiation between the server for subscriber equipment and authentication and authorization charging.
As Fig. 1 or system shown in Figure 2, UE can pass through two paths access internet (Intranet/Internet), one paths is directly by WLAN AN access internet, another paths is by 3GPP core net access internet, in the prior art, the subscriber equipment acquiescence is by the core net access internet.Owing to whether pass through the 3GPP of operator core net when operator can't indicate subscriber equipment to pass through the WLAN (wireless local area network) access internet, so when the third party uses and the internet access increase in demand, when causing increase of operator core network pressure even core net flow congestion, the flow of user equipment access Internet can't be dredged, the demand that the user uses enough bandwidth access internet can not be satisfied.
Summary of the invention
In view of this, main purpose of the present invention is to provide a kind of user terminal to insert the control method and the device of interconnected network mode, whether passes through the technical problem of the 3GPP of operator core net when being used to solve the uncontrollable subscriber equipment of operator by the WLAN (wireless local area network) access internet.
To achieve these goals, according to an aspect of the present invention, provide a kind of user terminal to insert the control method of interconnected network mode, this method comprises:
Authentication and authorization charging server issues the indication information that subscriber equipment inserts interconnected network mode to subscriber equipment (UE), and described subscriber equipment is according to the access way of described indication information decision access internet business.
Preferably, described authentication and authorization charging server issues the indication information that subscriber equipment inserts interconnected network mode to subscriber equipment, is specially:
Be initially connected in the identifying procedure of evolution block core net (EPC) by wlan access network (WLAN AN) at subscriber equipment, the indication information that described authentication and authorization charging server will comprise subscriber equipment access interconnected network mode is handed down to UE via WLANAN.
Further, the indication information that described authentication and authorization charging server inserts interconnected network mode with UE is encapsulated in the Diameter message that comprises EAP-Success message and sends to WLANAN, gives UE by WLANAN with described EAP-Success forwards; Described indication information is arranged in Diameter message Vendor-Specific-Application-Id AVP field.
Preferably, described authentication and authorization charging server issues the indication information that subscriber equipment inserts interconnected network mode to subscriber equipment, is specially:
When subscriber equipment is initially connected to EPC by WLAN AN, create in the flow process in internet key exchange (IKEv2) tunnel at subscriber equipment and packet data gateway (PDG), described authentication and authorization charging server is handed down to UE with the indication information that UE inserts interconnected network mode via PDG.
Further, described authentication and authorization charging server indication information that UE is inserted interconnected network mode is included in and is handed down to PDG in the authorization response message; PDG sends the Internet Key Exchange authentication response message of the indication information that carries UE access interconnected network mode to described UE by the IKEv2 tunnel.
Preferably, described authentication and authorization charging server issues the indication information that subscriber equipment inserts interconnected network mode to subscriber equipment, is specially:
After subscriber equipment was connected to the EPC network by WLAN AN, in the re-authentication flow process, the indication information that described authentication and authorization charging server inserts interconnected network mode with UE was included in the re-authentication request message and is handed down to UE.
Further, described authentication and authorization charging server issues the indication information that subscriber equipment inserts interconnected network mode to subscriber equipment, is specially:
After subscriber equipment and evolution packet data gateway (ePDG) are finished ipsec tunnel foundation, set up Security Association and described authentication and authorization charging server and P-GW at UE and grouped data network gateway (P-GW) and carry out in the process of Certificate Authority, described authentication and authorization charging server is handed down to UE with the indication information that UE inserts interconnected network mode via P-GW.
Based on the method for the invention, the present invention also proposes the control device that a kind of user terminal inserts interconnected network mode, and this device comprises:
Sending module is positioned at authentication and authorization charging server, is used for issuing the indication information that subscriber equipment inserts interconnected network mode to subscriber equipment;
Receiver module is positioned at UE, is used to receive the indication information that subscriber equipment that described sending module issues inserts interconnected network mode;
Access module is positioned at UE, is used for the access way according to described indication information decision access internet business.
Preferably, in the re-authentication flow process after subscriber equipment is connected to the EPC network by WLAN AN, the indication information that described sending module inserts interconnected network mode with UE is included in and is handed down to described receiver module in the re-authentication request message.
Preferably, described device also comprises forwarding module, is positioned at WLAN AN, is used for being initially connected at subscriber equipment the identifying procedure of EPC, transmits the indication information that is handed down to the UE access interconnected network mode of described receiver module by described sending module.
Preferably, described device also comprises forwarding module:
Described forwarding module is positioned at PDG, is used for being initially connected to the subscriber equipment of EPC and the flow process that PDG creates the IKEv2 tunnel at subscriber equipment, transmits the indication information that is handed down to the UE access interconnected network mode of described receiver module by described sending module.Or,
Described forwarding module is positioned at P-GW, be used for setting up the process that Security Association and authentication and authorization charging server and P-GW carry out Certificate Authority, transmit the indication information that is handed down to the UE access interconnected network mode of described receiver module by described sending module at UE and P-GW.
The present invention adopts authentication and authorization charging server to send a kind of indication information to subscriber equipment, be used to refer to subscriber equipment and insert interconnected network mode, subscriber equipment can be selected direct access internet or by being connected to the core net access internet according to described indication information when inserting by WLAN (wireless local area network).By the present invention, core net can be controlled the access way that UE inserts the Internet by indication information, thereby make user terminal when inserting, can directly insert the Internet and without core net by WLAN (wireless local area network), make subscriber equipment in some cases when excessive (such as the core net flow load) obtain enough access bandwidths, thereby improve user experience.
Description of drawings
Fig. 1 is the network architecture schematic diagram of the non-3GPP network insertion I-WLAN of correlation technique;
Fig. 2 is the network architecture schematic diagram of the non-3GPP network insertion EPC of correlation technique;
Fig. 3 is the interaction diagrams that the subscriber equipment of correlation technique is carried out access authentication when inserting the wireless local Access Network;
Fig. 4 is the UE of the embodiment of the invention 1 inserts the control method of interconnected network mode by WLAN (wireless local area network) a flow chart;
Fig. 5 is the UE of the embodiment of the invention 2 inserts the control method of interconnected network mode by WLAN (wireless local area network) a flow chart;
Fig. 6 is the UE of the embodiment of the invention 3 inserts the control method of interconnected network mode by WLAN (wireless local area network) a flow chart;
Fig. 7 is the UE of the embodiment of the invention 4 inserts the control method of interconnected network mode by WLAN (wireless local area network) a flow chart;
Fig. 8 inserts the structural representation of the control device of interconnected network mode for user terminal of the present invention.
Embodiment
For making the purpose, technical solutions and advantages of the present invention clearer, by the following examples and with reference to accompanying drawing, the present invention is described in more detail.
Embodiment 1
Fig. 4 is the UE of the embodiment of the invention 1 inserts the control method of interconnected network mode by WLAN (wireless local area network) a flow chart, in this flow process, subscriber equipment is initially connected to the EPC network by WLAN AN, in identifying procedure, authentication and authorization charging server sends to UE according to the indication information that strategy will directly be connected into the Internet via WLAN AN, to reach the goal of the invention of control UE by the mode of wireless local network accessing Internet.In the present embodiment, authentication and authorization charging server sends to the indication information of UE, requires UE when access internet is professional, directly passes through WLAN AN access internet without core network, after UE receives this indication information, adopt corresponding routing policy visit Internet business.These flow process concrete steps are:
Step 401: subscriber equipment is set up the WLAN wireless connections;
Step 402:WLANAN sets up the wireless connections with UE, and WLANAN sends EAP request (EAP Request/Identity) message to UE, and request UE provides identity information to network, is used for access authentication;
After step 403:UE receives the EAP request message, reply message by EAP the UE identity information is sent to WLANAN;
Step 404:WLAN AN sends the AAA request message (Diameter message) that carries the UE identity information to aaa server, also carries access style and Access Network sign in the described AAA request message;
Mutual EAP-AKA ' the algorithm of step 405:AAA server and HSS authentication information carries out the authentication of user's algorithm;
Step 406:AAA server extracts key information;
Step 407:AAA server sends AAA/AKA ' challenge message to WLAN AN, carries out negotiating algorithm, carries the EAP request and the AKA ' challenge information that comprise message authentication code in the AAA/AKA ' challenge message;
Step 408:WLAN AN sends the EAP request/AKA ' challenge message that comprises message authentication code to subscriber equipment;
Step 409: operation AKA algorithm generated cipher key related information after subscriber equipment was received EAP request/AKA ' challenge message;
Step 410: subscriber equipment is encapsulated into AKA result of calculation among the EAP and sends EAP response/AKA ' challenge message to WLAN;
The EAP response message that comprises negotiating algorithm information that step 411:WLAN AN will receive is encapsulated in the Diameter message and is transmitted to aaa server;
The message authentication code information that the inspection of step 412:AAA server is received is carried out processing such as algorithm information checking to it;
The Internet connection mode that step 413:AAA server is determined UE according to strategy is for directly to insert the access way of the Internet without the EPC core net, and the indication information that will comprise this access way is encapsulated in the Diameter message that comprises EAP-Success message and sends to WLAN AN.
WLAN AN knows that core gateway inserts this decision-making consideration of certain security strategy (for example for) of interconnection network access mode in UE if desired, extended field (the Vendor-Specific-Application-Id AVP that can utilize the Diameter message to reserve, equipment is specified the application identities property value to field, hereinafter to be referred as the AVP field) carry described indication information;
Step 414:WLAN AN gives UE with EAP Success forwards.If described indication information is included in the Vendor-Specific-Application-Id AVP field, then WLAN AN can resolve this Diameter message, gives UE with the EAP forwards again after the indication of extraction Internet connection mode.
Embodiment 2
Fig. 5 is the UE of the embodiment of the invention 2 inserts the control method of interconnected network mode by WLAN (wireless local area network) a flow chart, in this flow process, subscriber equipment is connected to the EPC network by WLANAN, initiate at needs under the situation of re-authentication, excessive or carrier policy variation etc. as the core net flow pressure, aaa server inserts UE interconnected network mode in the re-authentication flow process indication information is handed down to UE, Fig. 5 is example (Fast Re-Authentication Procedure) with quick re-authentication flow process, carries described indication information in re-authentication request (Re-Auth-Request) message that AAA Server sends:
Step 501: authentication and authorization charging server sends re-authentication request (Re-Auth-Request) message to subscriber equipment, wherein, carries the indication information that core net is the definite interconnection network access mode of UE by the AVP field in this message;
Step 502: subscriber equipment sends re-authentication response (Re-Auth-Response) message to authentication and authorization charging server, comprises quick re-authentication identify label in the message;
Step 503: authentication and authorization charging server is discerned after receiving quick re-authentication identify label, and quick re-authentication flow process is carried out in approval;
Step 504: subscriber equipment and mandate accounting server carry out quick re-authentication flow process.
Embodiment 3
Fig. 6 is the UE of the embodiment of the invention 3 inserts the control method of interconnected network mode by WLAN (wireless local area network) a flow chart, in this flow process, subscriber equipment is initially connected to the EPC network by WLAN AN, subscriber equipment and packet data gateway (PDG) are in creating internet key exchange (IKEv2) tunneling process, and aaa server is handed down to the interconnection network access mode indication information of UE the embodiment flow chart of UE via PDG in authorization messages.Concrete steps are:
Step 601:UE and first pair of message IKE_SA_INIT consulted encryption algorithm of PDG exchange carry out the exchange of random number etc.
The authentication information that step 602:UE is undertaken by PDG and aaa server mutual.
Step 603:UE sends the Internet Key Exchange that comprises EAP message to PDG and authenticates (IKE_AUTH) request message to PDG, the authentication challenge of receiving in the response identity authentication reciprocal process.
Step 604:PDG sends to aaa server with EAP-Response response message (band AKA challenge information).
Step 605:AAA server is being proved to be successful the back comprises EAP-Success and authentication answer from key information to the PDG transmission.
Step 606:PDG sends the authorization requests that comprises sky AVP and W-APN (W-APN) information to aaa server.
Whether step 607:AAA server authentication user profile allows to set up the tunnel.Aaa server inserts the mode of the Internet according to network strategy (aaa server may change the mode that UE inserts the Internet according to own policy control or network gateway notifications) decision-making UE here, and the indication information that will comprise UE access interconnected network mode issues in next step authorization response message.
Step 608:AAA server sends authorization response (AA-Answer) message to PDG, wherein comprises the indication information that UE inserts interconnected network mode.
Step 609:PDG calculates according to key information and generates the AUTH parameter.
Step 610:PDG sends the Internet Key Exchange authentication (IKE_AUTH) response message by IKEv2 to UE, and the IKE_AUTH response message comprises the EAP Success/Failure message of the indication information that carries UE access interconnected network mode.
The success of above-mentioned flow process, UE finish and PDG between the foundation in IP safety (IPSec) tunnel.
Embodiment 4
Fig. 7 is the UE of the embodiment of the invention 4 inserts the control method of interconnected network mode by WLAN (wireless local area network) a flow chart, in this flow process, after subscriber equipment and evolution packet data gateway (ePDG) are finished the negotiation of IKEv2 message, ipsec tunnel foundation, UE and P-GW set up Security Association, aaa server and P-GW carry out Certificate Authority, and aaa server passes to UE's with the indication information that UE inserts interconnected network mode via P-GW in this process.Here UE is by DSMIPv6 (two stack mobile IPv 6 protocol) access network.Concrete steps are as follows:
Step 701:UE initiates to set up IKEv2 tunnel flow process and carries out the secure tunnel Certificate Authority.Here flow process is set up in the IPSec Tunnel tunnel of similar embodiment 3, repeats no more here;
Step 702: the evolution packet data gateway will carry to be distributed to the IKEv2 configuration messages that UE is used for the IP address of ipsec tunnel and returns to UE;
Step 703: after UE and evolution packet data gateway are successfully set up ipsec tunnel, set up Security Association to ensure the safety of signaling message by IKEv2 agreement flow process between UE and the P-GW, P-GW and aaa server carry out authentication and authorization by the EAP method, aaa server is handed down to UE with the indication information that UE inserts interconnected network mode via P-GW in this process, for example pass through authorization response message, here flow process and embodiment 3 flow processs are similar, repeat no more here.
Step 704:UE sends binding update messages to P-GW, transmits the mobility management protocol signaling message;
Step 705:P-GW sends the Binding Update acknowledge message to UE, finishes the DSMIPv6 address binding.DSMIPv6 tunnel between UE and the P-GW builds up, so far, UE finish with network between IP be connected.
Embodiment 5
Fig. 8 is the structural representation of the control device of user terminal access interconnected network mode of the present invention, and this device comprises at least: sending module, receiver module and access module.
Sending module is positioned at authentication and authorization charging server, is used for issuing the indication information that subscriber equipment inserts interconnected network mode to subscriber equipment; Receiver module is positioned at UE, is used to receive the indication information that subscriber equipment that described sending module issues inserts interconnected network mode; Access module is used for the access way according to described indication information decision access internet business.
Preferably, in the re-authentication flow process after subscriber equipment is connected to the EPC network by WLANAN, the indication information that described sending module inserts interconnected network mode with UE is included in and is handed down to described receiver module in the re-authentication request message.
Preferably, described device also comprises forwarding module, and described forwarding module is arranged in different network elements according to different implementations.
Corresponding with Fig. 4, forwarding module can be arranged in WLAN AN, is used for being initially connected at subscriber equipment the identifying procedure of EPC, transmits the indication information that is handed down to the UE access interconnected network mode of described receiver module by described sending module.
Corresponding with Fig. 6, forwarding module can be arranged in PDG, be used for being initially connected to the subscriber equipment of EPC and the flow process that PDG creates the IKEv2 tunnel, transmit the indication information that is handed down to the UE access interconnected network mode of described receiver module by described sending module at subscriber equipment.
Corresponding with Fig. 7, forwarding module can be positioned at P-GW, be used for setting up the process that Security Association and authentication and authorization charging server and P-GW carry out Certificate Authority, transmit the indication information that is handed down to the UE access interconnected network mode of described receiver module by described sending module at UE and P-GW.
The present invention is directed to the problem of whether passing through the 3GPP of operator core net when the uncontrollable subscriber equipment of operator is by the WLAN (wireless local area network) access internet in the correlation technique, a kind of cut-in method is provided, adopt authentication and authorization charging server to send the indication information that core net is the access way of the definite access the Internet of subscriber equipment to subscriber equipment, to reach the goal of the invention that inserts the access way of the Internet by core net according to certain control strategy control UE, so that the user can directly insert the Internet, thereby obtain enough access bandwidths, and improve user experience.
The above is preferred embodiment of the present invention only, is not to be used to limit protection scope of the present invention.
Claims (12)
1. the control method of a user terminal access interconnected network mode is characterized in that, comprising:
Authentication and authorization charging server issues the indication information that subscriber equipment inserts interconnected network mode to subscriber equipment (UE), and described subscriber equipment is according to the access way of described indication information decision access internet business.
2. method according to claim 1 is characterized in that, described authentication and authorization charging server issues the indication information that subscriber equipment inserts interconnected network mode to subscriber equipment, is specially:
Be initially connected in the identifying procedure of evolution block core net (EPC) by wlan access network (WLAN AN) at subscriber equipment, the indication information that described authentication and authorization charging server will comprise subscriber equipment access interconnected network mode is handed down to UE via WLANAN.
3. method according to claim 2, it is characterized in that, the indication information that described authentication and authorization charging server inserts interconnected network mode with UE is encapsulated in the Diameter message that comprises EAP-Success message and sends to WLAN AN, gives UE by WLAN AN with described EAP-Success forwards;
Described indication information is arranged in Diameter message Vendor-Specific-Application-Id AVP field.
4. method according to claim 1 is characterized in that, described authentication and authorization charging server issues the indication information that subscriber equipment inserts interconnected network mode to subscriber equipment, is specially:
When subscriber equipment is initially connected to EPC by WLAN AN, create in the flow process in internet key exchange (IKEv2) tunnel at subscriber equipment and packet data gateway (PDG), described authentication and authorization charging server is handed down to UE with the indication information that UE inserts interconnected network mode via PDG.
5. method according to claim 4 is characterized in that, the indication information that described authentication and authorization charging server inserts interconnected network mode with UE is included in and is handed down to PDG in the authorization response message; PDG sends the Internet Key Exchange authentication response message of the indication information that carries UE access interconnected network mode to described UE by the IKEv2 tunnel.
6. method according to claim 1 is characterized in that, described authentication and authorization charging server issues the indication information that subscriber equipment inserts interconnected network mode to subscriber equipment, is specially:
After subscriber equipment was connected to the EPC network by WLAN AN, in the re-authentication flow process, the indication information that described authentication and authorization charging server inserts interconnected network mode with UE was included in the re-authentication request message and is handed down to UE.
7. method according to claim 1 is characterized in that, described authentication and authorization charging server issues the indication information that subscriber equipment inserts interconnected network mode to subscriber equipment, is specially:
After subscriber equipment and evolution packet data gateway (ePDG) are finished ipsec tunnel foundation, set up Security Association and described authentication and authorization charging server and P-GW at UE and grouped data network gateway (P-GW) and carry out in the process of Certificate Authority, described authentication and authorization charging server is handed down to UE with the indication information that UE inserts interconnected network mode via P-GW.
8. the control device of a user terminal access interconnected network mode is characterized in that, comprising:
Sending module is positioned at authentication and authorization charging server, is used for issuing the indication information that subscriber equipment inserts interconnected network mode to subscriber equipment;
Receiver module is positioned at UE, is used to receive the indication information that subscriber equipment that described sending module issues inserts interconnected network mode;
Access module is positioned at UE, is used for the access way according to described indication information decision access internet business.
9. device according to claim 8, it is characterized in that, in the re-authentication flow process after subscriber equipment is connected to the EPC network by WLANAN, the indication information that described sending module inserts interconnected network mode with UE is included in and is handed down to described receiver module in the re-authentication request message.
10. device according to claim 8, it is characterized in that described device also comprises forwarding module, is positioned at WLANAN, be used for being initially connected to the identifying procedure of EPC, transmit the indication information that is handed down to the UE access interconnected network mode of described receiver module by described sending module at subscriber equipment.
11. device according to claim 8 is characterized in that, described device also comprises:
Forwarding module is positioned at PDG, is used for being initially connected to the subscriber equipment of EPC and the flow process that PDG creates the IKEv2 tunnel at subscriber equipment, transmits the indication information that is handed down to the UE access interconnected network mode of described receiver module by described sending module.
12. device according to claim 8 is characterized in that, described device also comprises:
Forwarding module is positioned at P-GW, is used for setting up the process that Security Association and authentication and authorization charging server and P-GW carry out Certificate Authority at UE and P-GW, transmits the indication information that is handed down to the UE access interconnected network mode of described receiver module by described sending module.
Priority Applications (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2010101497691A CN102223634A (en) | 2010-04-15 | 2010-04-15 | Method and device for controlling mode of accessing user terminal into Internet |
| PCT/CN2011/071584 WO2011127774A1 (en) | 2010-04-15 | 2011-03-07 | Method and apparatus for controlling mode for user terminal to access internet |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2010101497691A CN102223634A (en) | 2010-04-15 | 2010-04-15 | Method and device for controlling mode of accessing user terminal into Internet |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN102223634A true CN102223634A (en) | 2011-10-19 |
Family
ID=44780033
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2010101497691A Pending CN102223634A (en) | 2010-04-15 | 2010-04-15 | Method and device for controlling mode of accessing user terminal into Internet |
Country Status (2)
| Country | Link |
|---|---|
| CN (1) | CN102223634A (en) |
| WO (1) | WO2011127774A1 (en) |
Cited By (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103067342A (en) * | 2011-10-20 | 2013-04-24 | 中兴通讯股份有限公司 | Equipment, system and method using extensible authentication protocol (EAP) to carry out external authentication |
| CN103220817A (en) * | 2012-01-20 | 2013-07-24 | 中兴通讯股份有限公司 | Session establishing method and device |
| CN103250446A (en) * | 2011-12-02 | 2013-08-14 | 华为技术有限公司 | Method for determining access mode of user equipment, and system and device thereof |
| CN103379591A (en) * | 2012-04-26 | 2013-10-30 | 中兴通讯股份有限公司 | Method and device for user device connection mode selection |
| CN103583068A (en) * | 2012-04-26 | 2014-02-12 | 华为技术有限公司 | Method for accessing packet switching network, WLAN access system and user equipment |
| CN106031105A (en) * | 2013-12-19 | 2016-10-12 | 阿尔卡特朗讯公司 | Overload control for trusted wlan access to epc |
| CN106302376A (en) * | 2015-06-29 | 2017-01-04 | 中兴通讯股份有限公司 | Re-authentication recognition methods, evolution packet data gateway and system |
| CN106301809A (en) * | 2016-08-22 | 2017-01-04 | 广东工业大学 | A kind of user-defined EPC data concurrent transmission method |
| CN106686589A (en) * | 2015-11-09 | 2017-05-17 | 中国电信股份有限公司 | VoWiFi business achieving method, system and AAA server |
| CN107070922A (en) * | 2017-04-18 | 2017-08-18 | 北京思特奇信息技术股份有限公司 | A kind of method and device for accelerating message generation |
| CN107371157A (en) * | 2016-05-13 | 2017-11-21 | 北京旅信顺捷软件科技有限公司 | Operator ePDG gateway accessings system and the method for realizing mobile communication |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1852323A (en) * | 2005-04-22 | 2006-10-25 | 阿尔卡特公司 | Treatment of correlative information of user access in a core network subsystem |
| WO2007039432A1 (en) * | 2005-09-20 | 2007-04-12 | Telefonaktiebolaget Lm Ericsson (Publ) | Implicit secondary pdp context activation method |
Family Cites Families (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101141822B (en) * | 2007-09-30 | 2011-05-25 | 中兴通讯股份有限公司 | Gateway selecting method of wireless network |
| CN101472263B (en) * | 2008-05-04 | 2011-12-28 | 中兴通讯股份有限公司 | Method for deciding network connection mode |
-
2010
- 2010-04-15 CN CN2010101497691A patent/CN102223634A/en active Pending
-
2011
- 2011-03-07 WO PCT/CN2011/071584 patent/WO2011127774A1/en active Application Filing
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1852323A (en) * | 2005-04-22 | 2006-10-25 | 阿尔卡特公司 | Treatment of correlative information of user access in a core network subsystem |
| WO2007039432A1 (en) * | 2005-09-20 | 2007-04-12 | Telefonaktiebolaget Lm Ericsson (Publ) | Implicit secondary pdp context activation method |
Non-Patent Citations (2)
| Title |
|---|
| HYERAN MUN ET AL: "3G-WLAN Interworking:Security Analysis and New Authentication and Key Agreement based on EAP-AKA", 《WIRELESS TELECOMMUNICATIONS SYMPOSIUM,2009,WTS 2009》 * |
| IRFAN ALI ET AL: "Network-Based Mobility Management in the Evolved 3GPP Core Network", 《COMMUNICATION MAGAZINE,IEEE》 * |
Cited By (20)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103067342A (en) * | 2011-10-20 | 2013-04-24 | 中兴通讯股份有限公司 | Equipment, system and method using extensible authentication protocol (EAP) to carry out external authentication |
| CN103067342B (en) * | 2011-10-20 | 2018-01-19 | 中兴通讯股份有限公司 | A kind of equipment, system and method that external authentication is carried out using EAP |
| CN103250446B (en) * | 2011-12-02 | 2015-12-02 | 华为技术有限公司 | Determine the method and system of subscriber equipment access way, equipment |
| CN103250446A (en) * | 2011-12-02 | 2013-08-14 | 华为技术有限公司 | Method for determining access mode of user equipment, and system and device thereof |
| CN103220817A (en) * | 2012-01-20 | 2013-07-24 | 中兴通讯股份有限公司 | Session establishing method and device |
| WO2013107243A1 (en) * | 2012-01-20 | 2013-07-25 | 中兴通讯股份有限公司 | Session establishing method and device |
| CN103379591B (en) * | 2012-04-26 | 2019-03-01 | 中兴通讯股份有限公司 | The selection method and device of user equipment access module |
| CN103583068A (en) * | 2012-04-26 | 2014-02-12 | 华为技术有限公司 | Method for accessing packet switching network, WLAN access system and user equipment |
| CN103379591A (en) * | 2012-04-26 | 2013-10-30 | 中兴通讯股份有限公司 | Method and device for user device connection mode selection |
| CN106031105B (en) * | 2013-12-19 | 2020-04-24 | 诺基亚技术有限公司 | Overload control for trusted WLAN access to EPC |
| US10645611B2 (en) | 2013-12-19 | 2020-05-05 | Alcatel Lucent | Overload control for trusted WLAN access to EPC |
| CN106031105A (en) * | 2013-12-19 | 2016-10-12 | 阿尔卡特朗讯公司 | Overload control for trusted wlan access to epc |
| CN106302376A (en) * | 2015-06-29 | 2017-01-04 | 中兴通讯股份有限公司 | Re-authentication recognition methods, evolution packet data gateway and system |
| WO2017000620A1 (en) * | 2015-06-29 | 2017-01-05 | 中兴通讯股份有限公司 | Re-authentication and recognition method, and evolved packet data gateway and system |
| CN106686589A (en) * | 2015-11-09 | 2017-05-17 | 中国电信股份有限公司 | VoWiFi business achieving method, system and AAA server |
| CN106686589B (en) * | 2015-11-09 | 2020-04-28 | 中国电信股份有限公司 | Method, system and AAA server for realizing VoWiFi service |
| CN107371157A (en) * | 2016-05-13 | 2017-11-21 | 北京旅信顺捷软件科技有限公司 | Operator ePDG gateway accessings system and the method for realizing mobile communication |
| CN106301809A (en) * | 2016-08-22 | 2017-01-04 | 广东工业大学 | A kind of user-defined EPC data concurrent transmission method |
| CN107070922B (en) * | 2017-04-18 | 2020-02-04 | 北京思特奇信息技术股份有限公司 | Method and device for accelerating message generation |
| CN107070922A (en) * | 2017-04-18 | 2017-08-18 | 北京思特奇信息技术股份有限公司 | A kind of method and device for accelerating message generation |
Also Published As
| Publication number | Publication date |
|---|---|
| WO2011127774A1 (en) | 2011-10-20 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10382206B2 (en) | Authentication mechanism for 5G technologies | |
| US7200383B2 (en) | Subscriber authentication for unlicensed mobile access signaling | |
| CN102223634A (en) | Method and device for controlling mode of accessing user terminal into Internet | |
| US8495360B2 (en) | Method and arrangement for providing a wireless mesh network | |
| US7945777B2 (en) | Identification information protection method in WLAN inter-working | |
| CA2755142C (en) | Method for user terminal authentication and authentication server and user terminal thereof | |
| EP1304002B1 (en) | Arranging data ciphering in a wireless telecommunication system | |
| US8122249B2 (en) | Method and arrangement for providing a wireless mesh network | |
| EP2583479B1 (en) | Method and apparatus for binding subscriber authentication and device authentication in communication systems | |
| EP1770940B1 (en) | Method and apparatus for establishing a communication between a mobile device and a network | |
| EP2087689B1 (en) | Authentication in mobile interworking system | |
| US20090307483A1 (en) | Method and system for providing a mesh key | |
| KR20080086127A (en) | A method and apparatus of security and authentication for mobile telecommunication system | |
| US20230275883A1 (en) | Parameter exchange during emergency access using extensible authentication protocol messaging | |
| CN111615837B (en) | Data transmission method, related equipment and system | |
| CN101079786B (en) | Interconnection system and authentication method and terminal in interconnection system | |
| WO2006079953A1 (en) | Authentication method and device for use in wireless communication system | |
| WO2017000620A1 (en) | Re-authentication and recognition method, and evolved packet data gateway and system | |
| EP1486036B1 (en) | Compatibility between various w-lan standards | |
| RU2779029C1 (en) | Access of a non-3gpp compliant apparatus to the core network | |
| CN102625308A (en) | Method, apparatus and system for realization of mutual authentication based on LTE-LAN | |
| CN116347445A (en) | Security protocol channel establishment method, transmission method and system based on non-3 GPP network element | |
| Yogi et al. | A Systematic Review of Security Protocols for Ubiquitous Wireless Networks | |
| KR101361198B1 (en) | Authentication authorization/accountig server and method for authenticating access thereof in interworking-wireless local area network | |
| Birkos et al. | Security and Quality of Service in Wireless Networks |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C12 | Rejection of a patent application after its publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20111019 |