CN102685743B - A kind of method, system and equipment accessing wlan network - Google Patents

A kind of method, system and equipment accessing wlan network Download PDF

Info

Publication number
CN102685743B
CN102685743B CN201110063162.6A CN201110063162A CN102685743B CN 102685743 B CN102685743 B CN 102685743B CN 201110063162 A CN201110063162 A CN 201110063162A CN 102685743 B CN102685743 B CN 102685743B
Authority
CN
China
Prior art keywords
wlan
described
terminal
wlan terminal
access
Prior art date
Application number
CN201110063162.6A
Other languages
Chinese (zh)
Other versions
CN102685743A (en
Inventor
杨晓范
王文明
刘辉
刘南
盛凌志
邢刚
Original Assignee
中国移动通信集团北京有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 中国移动通信集团北京有限公司 filed Critical 中国移动通信集团北京有限公司
Priority to CN201110063162.6A priority Critical patent/CN102685743B/en
Publication of CN102685743A publication Critical patent/CN102685743A/en
Application granted granted Critical
Publication of CN102685743B publication Critical patent/CN102685743B/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements, e.g. access security or fraud detection; Authentication, e.g. verifying user identity or authorisation; Protecting privacy or anonymity ; Protecting confidentiality; Key management; Integrity; Mobile application security; Using identity modules; Secure pairing of devices; Context aware security; Lawful interception
    • H04W12/06Authentication
    • H04W12/0602Pre-authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements, e.g. access security or fraud detection; Authentication, e.g. verifying user identity or authorisation; Protecting privacy or anonymity ; Protecting confidentiality; Key management; Integrity; Mobile application security; Using identity modules; Secure pairing of devices; Context aware security; Lawful interception
    • H04W12/06Authentication
    • H04W12/0608Authentication using credential vaults, e.g. password manager applications or one time password [OTP] applications
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W84/00Network topologies
    • H04W84/02Hierarchically pre-organised networks, e.g. paging networks, cellular networks, WLAN [Wireless Local Area Network] or WLL [Wireless Local Loop]
    • H04W84/10Small scale networks; Flat hierarchical networks
    • H04W84/12WLAN [Wireless Local Area Networks]

Abstract

The embodiment of the present invention provides a kind of method, system and the equipment that access wlan network, specifically comprise: the access request of the access wlan network that WLAN terminal is initiated accesses WLAN AC by the communication of wireless routing device and mobile communication network element, make WLAN AC that the access request received is carried out authentication by authentication device, and then reach the object of WLAN terminal access wlan network.The access request initiated due to WLAN terminal transfers to WLAN AC's by the communication of wireless routing device and mobile communication network element, utilize the wireless transmission function of wireless routing device and mobile communication network element effectively can improve the flexibility of network element deployment, and then the large area that can realize wlan network covers continuously, improve the network quality of wlan network.

Description

A kind of method, system and equipment accessing wlan network

Technical field

The present invention relates to mobile communication technology field, particularly relate to a kind of method, system and the equipment that access wlan network.

Background technology

Along with the increase of mobile data services demand, particularly with WLAN (wireless local area network) (WLAN, WirelessLocal Area Network) mobile communication terminal (hereinafter referred to as WLAN terminal) of module popularizes gradually, wlan network is utilized to shunt the bearing pressure of mobile communication network business, WLAN terminal realizes accessing mobile Internet whenever and wherever possible by access wlan network, has become the trend of wireless wideband access network development.

Prior art provides the method below by way of metropolitan area network access wlan network:

As shown in Figure 1, for the network configuration topological diagram of existing wlan network, wherein WLAN terminal and WLAN access point (AP, Access Point) connect, WLAN AP is by the switch in metropolitan area network and router etc. and WLAN access controller (AC, Access Controller) connect, and by WLANAC, WLAN terminal is accessed wlan network.

Under network configuration as shown in Figure 1, access the process of wlan network as shown in Figure 2:

Step 101, WLAN terminal access WLANAP.

Step 102, access WLAN service-user access authentication points and service control point (AC/SC) by WLANAP.

Step 103, access wlan network by WLANAC/SC.

The scheme of above-mentioned access wlan network is based on the fixed access network network (metropolitan area network) of all-IP, the connection of WLANAP and metropolitan area network is wired connection, therefore, the deployment of WLAN AP is restricted, cause wlan network cannot realize large-area continuous covering, particularly on the mobile traffics such as bus, train, subway, due to WLAN AP cannot be disposed, the covering of wlan network cannot be realized, cause mobile terminal to access wlan network and be difficult to realize.

In order to the deployment solving WLAN AP in such scheme is limited, the ambulant problem of WLAN AP can not be supported, propose the relaying access scheme of wlan network, comprise: respectively AP is set in user side and network side, the AP of user side and the base station AP of network side wirelessly communicates to connect, and after WLAN terminal is connected with user side AP, accesses metropolitan area network by the base station AP of network side, be connected with WLAN AC by metropolitan area network again, and by WLAN AC, WLAN terminal accessed wlan network.Common network configuration topological diagram is illustrated in fig. 3 shown below.

But, the relaying access scheme of wlan network remains based on metropolitan area network, although improve the limitation that WLAN AP disposes to a certain extent, the deployment scope of user side AP has had expansion to a certain degree, but still the impact of base station AP coverage of network side can be subject to, the network quality of wlan network and continuously covering power are still subject to certain restrictions.

In sum, the mode of the existing fixing metropolitan area network access wlan network based on all-IP mode, all do not take into full account and utilize existing mobile communications network resource, making the continuous covering power of wlan network poor, cause the problem that the network quality of wlan network is lower.

Summary of the invention

The embodiment of the present invention provides a kind of method, system and the equipment that access wlan network, poor in order to the continuous covering power solved due to wlan network in prior art, causes the problem that the network quality of wlan network is lower.

A method for accessing WLAN wlan network, the method comprises:

Wireless local net access controller WLANAC receives the access request that mobile communication network element sends, and described access request is that WLAN (wireless local area network) WLAN terminal is forwarded to mobile communication network element by wireless routing device;

Described access request is sent to authentication device by WLAN AC, requires that described authentication device carries out authentication according to the access request received to described WLAN terminal, and when authentication is passed through, instruction WLAN terminal access wlan network.

Access a system for wlan network, this system comprises WLAN (wireless local area network) WLAN terminal, wireless routing device, mobile communication network element, wireless local net access controller WLANAC and authentication device, wherein:

WLAN terminal, for sending access request to wireless routing device;

Wireless routing device, for being forwarded to mobile communication network element by described access request;

Mobile communication network element, for being forwarded to WLAN AC by described access request;

WLAN AC, for described access request is sent to authentication device, when authentication device passes through WLAN terminal authentication, instruction WLAN terminal access wlan network;

Authentication device, for carrying out authentication according to described access request to described WLAN terminal.

A kind of wireless local net access controller WLAN AC, described WLAN AC comprises the first receiver module and the first sending module, wherein:

First receiver module, for receiving the access request that mobile communication network element sends, described access request is that WLAN (wireless local area network) WLAN terminal is forwarded to mobile communication network element by wireless routing device;

First sending module, for described access request is sent to authentication device, requires that described authentication device carries out authentication according to the access request received to described WLAN terminal, and when authentication is passed through, instruction WLAN terminal access wlan network.

A kind of mobile communication network element, this mobile communication network element comprises access unit and at least one data service gateway:

Access unit, for receiving access request, described access request is that WLAN (wireless local area network) WLAN terminal is forwarded by wireless routing device;

Data service gateway, for described access request is forwarded to wireless local net access controller WLANAC, require WLAN AC WLAN terminal authentication by time, instruction WLAN terminal access wlan network.

In the technical scheme that the embodiment of the present invention provides, the access request of the access wlan network that WLAN terminal is initiated is no longer by the wired connection form access WLAN AC of metropolitan area network, but access WLAN AC by the communication of wireless routing device and mobile communication network element, make WLAN AC that the access request received is carried out authentication by authentication device, and then reach the object of WLAN terminal access wlan network.The access request initiated due to WLAN terminal transfers to WLAN AC's by the communication of wireless routing device and mobile communication network element, utilize the wireless transmission function of wireless routing device and mobile communication network element effectively can improve the flexibility of network element deployment, and then the large area that can realize wlan network covers continuously, improve the network quality of wlan network.

Accompanying drawing explanation

Fig. 1 is the network configuration topological diagram of wlan network in prior art;

Fig. 2 is the method flow schematic diagram accessing wlan network in prior art;

Fig. 3 is the network configuration topological diagram of wlan network in prior art;

A kind of method flow schematic diagram accessing wlan network that Fig. 4 provides for the embodiment of the present invention one;

A kind of method flow schematic diagram accessing wlan network that Fig. 5 provides for the embodiment of the present invention two;

A kind of system configuration schematic diagram accessing wlan network that Fig. 6 provides for the embodiment of the present invention three;

The structural representation of a kind of wireless local net access controller that Fig. 7 provides for the embodiment of the present invention four;

The structural representation of a kind of mobile communication network element that Fig. 8 provides for the embodiment of the present invention five.

Embodiment

For the existing variety of problems existed based on metropolitan area network access wlan network, the embodiment of the present invention proposes a kind of new network system architecture, under this architecture, WLAN terminal, wireless routing device, mobile communication network element, WLAN AC and authentication device are connected by wired or wireless mode successively, WLAN terminal can access wireless routing device, communicated with existing mobile communications network by wireless routing device, and the WLAN terminal of the authentication device arranged by mobile communication network side to access carries out authentication, when authentication passes through, by WLAN AC, WLAN terminal is accessed wlan network, thus solve because WLAN AP does not support mobility, cause at bus, train, on the mobile traffics such as subway, the problem that mobile terminal uses wlan network access mobile Internet comparatively difficult, and be no longer limited to the restriction of the coverage of the base station AP of network side, network quality and continuous covering power are guaranteed, simultaneously, also existing mobile communications network resource is taken full advantage of.

Below by each embodiment and accompanying drawing, technical solution of the present invention is described in detail.

Embodiment one,

The embodiment of the present invention one provides a kind of method accessing wlan network, and the flow chart of steps of the method as shown in Figure 4, specifically comprises the following steps:

Step 201, WLAN terminal send access request.

WLAN terminal, when hope access wlan network, sends access request to wireless routing device, can carry terminal iidentification in this request.

Described WLAN terminal refers to the mobile communication terminal with WLAN module, comprises the portable user terminal equipment of notebook computer, WIFI module such as support such as Wireless Fidelity (WIFI, Wireless Fidelity) mobile phone terminal and panel computer etc.

Described access request is sent to mobile communication network element by step 202, wireless routing device.

Wireless routing device can be deployed in data service hot spot region, support that the terminal equipment of the support WIFI standards such as 802.11a/b/g/n accesses the function of public mobile communications network for completing, it can comprise user terminal access module and data back module, and the access request that WLAN terminal sends is back to mobile communications network by usage data passback module, concrete, described data back module can be TD SDMA (TD-SCDMA, Time Division-Synchronous Code Division MultipleAccess) pattern, or the Long Term Evolution (TD-LTE of TD SDMA, TD-SCDMA LongTerm Evolution) pattern.

Described user terminal access module and described data back module can be all multiple, realize data access and data back respectively.

In data communication, wireless routing device has been responsible for the encryption and decryption of packet between WLAN terminal, all right supported data compression function, by the compression, the decompression that have coordinated data with network equipment, to improve the utilance of mobile communications network resource.

In security control, wireless routing device can control WLAN terminal access wlan network by operator logo.

It should be noted that, when WLAN terminal moves in each wireless routing device seamless coverage region, WLAN terminal can carry out switching (Handover) between different wireless routing devices, thus by different wireless routing devices access wlan network, can ensure that data communication is not interrupted.

Described wireless routing device can by carrier customization, write special APN (APN, Access Point Name) so that access mobile communications network corresponding to this APN, if APN is China Mobile net (CMNET, China Mobile Net), then the mobile communications network accessed is CMNET network.

Described access request is sent to WLAN AC by step 203, mobile communication network element.

Described mobile communication network element can be the network element in TD-SCDMA network grouping (PS) territory, also can be the network element of TD-LTE network

Described mobile communication network element can comprise access unit and at least one data service gateway.When the special APN APN that wireless routing device sends to mobile communication network element, access unit can be utilized to receive described APN, and determine according to the described APN received the data service gateway sending access request to WLANAC, access request is sent to WLAN AC by the data service gateway determined, described data service gateway can be the GGSN equipment in 3G network, or the LTE P-GW equipment in LTE network.

WLANAC is as the controller controlling wireless routing device, for completing management to wireless routing device and configuration, to realize load balancing, the functions such as dynamic channel allocation, the simultaneously security control node that accesses as WLAN terminal of WLAN AC, corresponding certification and charging miscellaneous function are completed to WLAN terminal, supports to set up tunnel between mobile communication network element, and certification is carried out to the message that tunnel is sent.

Step 204, WLAN AC send described access request to authentication device.

Described access request is sent to authentication device by WLAN AC, requires that described authentication device carries out authentication according to the access request received to described WLAN terminal, and when authentication is passed through, instruction WLAN terminal access wlan network.

In the present embodiment, authentication can be carried out to WLAN terminal by the authentication mode based on WEB page, when adopting this kind of authentication mode, described authentication device can comprise entrance (PORTAL) server and certificate server, wireless routing device can as WLAN terminal access access point and backstage certificate server (as, radius user's certificate server) be connected, complete the certification to WLAN user, WLANAC provides and forces PORTAL function, to WLAN terminal pushing certification page, and be connected with the certificate server on backstage as security control point, to complete the access authentication to WLAN terminal, after WLAN terminal certification is passed through, WLAN terminal business datum is linked into corresponding private services network by WLAN AC.

When by carrying out authentication based on the authentication mode of WEB page to WLAN terminal, step 204 specifically comprises the following steps:

Described access request is sent to portal server by step 2041, WLAN AC.

In this step, described access request is sent to portal server by WLAN AC, and instruction portal server is to described WLAN terminal pushing certification page.

Portal server completes certification based on the WLAN terminal under the authentication mode of WEB page for coordinating WLAN AC, namely portal server is after the access request receiving the WLAN terminal that WLAN AC forwarding comes, certification page is shown to WLAN terminal by WLAN AC, require WLAN terminal input authentication information, described authentication information can be the password that terminal iidentification and this terminal iidentification are corresponding, as phone number and password.

Portal server, to described WLAN terminal pushing certification page, specifically comprises:

Portal server is sent to mobile communication network element to the certification page that described WLAN terminal pushes by WLAN AC, and this certification page is forwarded to WLAN terminal by wireless routing device by instruction mobile communication network element.

Step 2042, WLAN AC receive the certification page carrying authentication information that described WLAN terminal returns.

WLAN terminal, when receiving the certification page that portal server pushes, according to the instruction of certification page, inputs corresponding authentication information, and the certification page carrying authentication information is sent to WLAN AC.

WLAN AC receives the certification page carrying authentication information that described WLAN terminal returns, and specifically comprises:

WLAN AC receives the certification page carrying authentication information that mobile communication network element sends, described in carry authentication information certification page be that WLAN terminal is forwarded to mobile communication network element by wireless routing device.

Described authentication information is sent to certificate server by step 2043, WLAN AC.

Described authentication information is sent to certificate server by WLAN AC, require that certificate server carries out authentication according to described authentication information to described WLAN terminal, the authentication information that the authentication information received and self have been preserved mates by certificate server, can when the authentication information determining to receive be the authentication information self preserved, confirm that authentication is passed through, and indicate WLAN AC by described WLAN terminal access wlan network.

After completing WLAN terminal access wlan network, described method can further include the charging step to each WLAN terminal, certainly before execution charging step, WLAN AC is needed to record the terminal iidentification of the WLAN terminal that authentication is passed through, in charging, WLAN AC, as centralized billing data acquisition front end, gathers the charge information such as duration, flow of subscriber data traffic, and send it in certificate server and portal server and produce ticket, charging step specifically comprises:

Step 205, WLAN AC receive the charge information of multiple WLAN terminal of access wlan network.

WLAN AC receives the charge information of the multiple WLAN terminal by wireless routing device access wlan network.

Step 206, WLANAC, according to the terminal iidentification of the WLAN terminal of record, determine the charge information of each WLAN terminal accessing wlan network.

The charge information that WLAN AC receives may from multiple wireless routing device, and each wireless routing device access also may be multiple WLAN terminal, therefore, in this step, WLAN AC can according to the terminal iidentification of the WLAN terminal of preserving, the charge information received is classified, determines the charge information of each WLAN terminal respectively.

The charge information of each WLAN terminal is sent to certificate server by step 207, WLAN AC, and instruction certificate server carries out charging to each WLAN terminal respectively.

In this step, the charge information of each WLAN terminal determined is sent to certificate server by WLAN AC, certificate server carries out charging according to the charge information received and produces ticket (charging data record, i.e. CDR), and the ticket that charging produces is sent to BOSS charge subsystem by metering data interface, thus realize the charging for each WLAN terminal.

Concrete, mobile communication network element can to divide into groups the network element in (PS) territory for TD-SCDMA network, wherein access device can be Serving GPRS Support Node (SGSN, SERVICING GPRS SUPPORTNODE), data service gateway can be Gateway GPRS Support Node (GGSN, Gateway GPRSSupport Node), the authorization data of WLAN terminal and the access of metering data is completed by SGSN, GGSN is the APN of wireless routing device access configure dedicated, and data access WLAN terminal sent by tunnel is to WLAN AC.Below with the network element of mobile communication network element for TD-SCDMA network grouping (PS) territory, and be example by carrying out authentication based on the authentication mode of WEB page to WLAN terminal, be described in detail by the concrete scheme of example to the embodiment of the present invention one.

Embodiment two,

A kind of flow chart of steps accessing the method for wlan network that Fig. 5 provides for the embodiment of the present invention two, specifically comprises the following steps:

Step 301, WLAN terminal send access request.

WLAN terminal can use public network C class address to send access request.

Described access request is sent to mobile communication network element by step 302, wireless routing device.

Now, wireless routing device comprises the data back module of TD-SCDMA pattern, and this data back module can use private IP address to send described access request, to ensure to set up proprietary tunnel between wireless routing device and WLAN AC, and access request data WLAN terminal sent are sent to GGSN by SGSN.

In this step, the APN that SGSN can send according to wireless routing device, selects the GGSN mated with this APN, and the access request received is sent to the GGSN selected.

Described access request is sent to WLAN AC by step 303, mobile communication network element.

The access request received can be sent to WLAN AC by the Gi interface configured between GGSN and WLAN AC by GGSN.

The access request received is pointed to portal server by step 304, WLANAC.

Step 305, portal server push the PORTAL web authentication page to WLAN terminal.

Concrete, the PORTAL web authentication page that portal server pushes to described WLAN terminal is sent to GGSN by WLAN AC, the certification page received is sent to wireless routing device by SGSN by GGSN, and this certification page is forwarded to WLAN terminal by instruction wireless routing device.

The certification page carrying authentication information is pushed to certificate server by step 306, WLAN terminal.

WLAN terminal user can identify (e.g., cell-phone number) and password by input terminal in PORTAL WEB certification page, then by wireless routing device, SGSN, GGSN and WLAN AC, the certification page carrying authentication information is routed to certificate server.

Step 307, after certification is passed through, controlled by WLAN AC and allow the route of this WLAN terminal access the Internet (Internet).

Certificate server carries out certification to WLAN terminal, and authentication result is informed to WLAN terminal by WLAN AC, and when certification is passed through, instruction WLAN AC is by this WLAN terminal access wlan network.

Step 308, WLAN AC receive the charge information of multiple WLAN terminal of access wlan network.

Step 309, WLAN AC, according to the terminal iidentification of the WLAN terminal of record, determine the charge information of each WLAN terminal accessing wlan network.

The charge information of each WLAN terminal is sent to certificate server by step 310, WLANAC, and instruction certificate server carries out charging to each WLAN terminal respectively.

Step 308 ~ step 310 and the step 205 in embodiment one ~ step 207 one_to_one corresponding respectively, does not repeat them here.

In the scheme of the access wlan network that the embodiment of the present invention one and embodiment two provide, by comprising wireless routing device, the access of various WLAN terminal can be supported, make use of existing mobile communication system resource preferably simultaneously, wireless routing device and mobile communication system resource can communicate to connect to wirelessly, thus realization can in mobile place, such as bus, train, the first-class mobile terminal that realizes of subway uses WLAN technology wireless access mobile Internet to carry out data service communications, simultaneously based on the base station equipment in mobile communication system resource, network coverage is extensive, network quality and continuous covering power are guaranteed, and take full advantage of existing wireless system resources.

In the scheme of the access wlan network that the present invention proposes, do not need to carry out very large change to wireless routing device, and will the rear end WLAN AC that WLAN terminal carries out access control being placed in mobile radio communication be used for, by receive WLAN terminal by data service gateway (as, GGSN) the data of coming are forwarded, the process such as the access authentication of realization control WLAN terminal and charging, multiple wireless routing devices that network backend WLANAC just can be realized being dispersed in different location carry out unified control and management, be conducive to the large scale deployment of wireless routing device, and also can save the input cost (cost of a usual AC is the hundreds of times of an AP cost) of the network equipment.

In addition, to in the access authentication procedure of WLAN terminal, the authentication mode based on WEB page can be realized, WLAN terminal can provide in the web authentication page terminal iidentification (as, phone number) and encrypted message etc., and the certification achieved single WLAN terminal and charging process.

Embodiment three,

Based on the method for the access wlan network that the embodiment of the present invention one provides, the embodiment of the present invention three provides a kind of system accessing wlan network, a kind of system configuration schematic diagram accessing wlan network that Fig. 6 provides for the embodiment of the present invention three, this system comprises WLAN (wireless local area network) WLAN terminal 11, wireless routing device 12, mobile communication network element 13, wireless local net access controller 14 and authentication device 15, wherein:

WLAN terminal 11 is for sending access request to wireless routing device; Wireless routing device 12 is for being forwarded to mobile communication network element by described access request; Mobile communication network element 13 is for being forwarded to WLAN AC by described access request; Wireless local net access controller 14 is for being sent to authentication device by described access request, and when authentication device passes through WLAN terminal authentication, instruction WLAN terminal accesses wlan network; Authentication device 15 is for carrying out authentication according to described access request to described WLAN terminal.

Described mobile communication network element 13 comprises access unit 131 and at least one data service gateway 132:

Wireless routing device 12 is also for sending APN APN to access unit.

Described access unit 131 is for determining data service gateway according to the described APN received.

By access unit established data Service Gateway 132 for described access request is sent to WLANAC.

Described authentication device 15 comprises portal server 151 and certificate server 152;

Wireless local net access controller 14 specifically for described access request is sent to portal server, and receives the certification page carrying authentication information that described WLAN terminal returns, and authentication information is sent to certificate server.

Portal server 151 for after receiving described access request, to described WLAN terminal pushing certification page.

Certificate server 152 is for carrying out authentication according to the described authentication information received to described WLAN terminal.

Wireless local net access controller 14 is specifically for being sent to mobile communication network element by portal server to the certification page that described WLAN terminal pushes, and the certification page carrying authentication information that reception mobile communication network element returns.

Mobile communication network element 13 is also for sending to wireless routing device by the certification page received, and the certification page carrying authentication information returned by wireless routing device sends to WLAN AC.

Wireless routing device 12 is also for being forwarded to WLAN terminal by the certification page received, and the certification page carrying authentication information that reception WLAN terminal returns, and sends to mobile radio communication unit.

Wireless local net access controller 14 is also for recording the terminal iidentification of the WLAN terminal that authentication is passed through, and after WLAN terminal access wlan network, receive the charge information of the multiple WLAN terminal by wireless routing device access wlan network, according to the terminal iidentification of the WLAN terminal of record, determine the charge information of each WLAN terminal accessing wlan network, and the charge information of each WLAN terminal is sent to certificate server.

Certificate server 152 is also for carrying out charging to each WLAN terminal respectively.

Described system can further include WLAN webmaster module 16:

WLAN webmaster module, for being connected with WLAN AC, completes the functions such as the config update to far-end wireless routing device, network management, failure diagnosis, Stateful Inspection.

Embodiment four,

Based on the method for the access wlan network that the embodiment of the present invention one provides, a kind of WLAN AC that the embodiment of the present invention four provides, the structural representation of a kind of wireless local net access controller that Fig. 7 provides for the embodiment of the present invention four, described WLAN AC comprises the first receiver module 21 and the first sending module 22, wherein:

The access request that first receiver module 21 sends for receiving mobile communication network element, described access request is that WLAN (wireless local area network) WLAN terminal is forwarded to mobile communication network element by wireless routing device; First sending module 22, for described access request is sent to authentication device, requires that described authentication device carries out authentication according to the access request received to described WLAN terminal, and when authentication is passed through, instruction WLAN terminal access wlan network.

Described first sending module 22 comprises the page and sends submodule 221 and information transmission submodule 222, wherein:

The page sends submodule 221 for described access request being sent to the portal server in authentication device, and instruction portal server is to described WLAN terminal pushing certification page; Information sends submodule 222 for the authentication information received being sent to the certificate server in authentication device, requires that certificate server carries out authentication according to described authentication information to described WLAN terminal;

Described authentication information also for receiving the certification page carrying authentication information that described WLAN terminal returns, and sends to information to send submodule by the first receiver module 21.

Described WLAN AC also comprises the second receiver module 23 and the second sending module 24:

The certification page that described second receiver module 23 pushes to described WLAN terminal for receiving portal server;

Described second sending module 24 is sent to mobile communication network element for the portal server received by the second receiver module to the certification page that described WLAN terminal pushes, and this certification page is forwarded to WLAN terminal by wireless routing device by instruction mobile communication network element.

The certification page carrying authentication information that first receiver module 21 sends specifically for receiving mobile communication network element, described in carry authentication information certification page be that WLAN terminal is forwarded to mobile communication network element by wireless routing device.

Described WLAN AC also comprises logging modle 25, wherein:

Logging modle 25, for when certificate server passes through WLAN terminal authentication, records the terminal iidentification of the WLAN terminal that authentication is passed through.

First receiver module 21 also for after WLAN terminal access wlan network, receives the charge information of the multiple WLAN terminal by wireless routing device access wlan network;

First sending module 22 is also for the terminal iidentification of the WLAN terminal according to record, determine the charge information of each WLAN terminal accessing wlan network, and the charge information of each WLAN terminal is sent to certificate server, instruction certificate server carries out charging to each WLAN terminal respectively.

In the present embodiment, as shown in Figure 2, first receiver module of WLAN AC receives the information from mobile communication network element, and sends information by the first sending module to authentication device, thus realizes the communication from mobile communication network element to authentication device; Second receiver module of WLAN AC receives the information from authentication device, and sends information by the second sending module to mobile communication network element, thus realizes from authentication device to the communication of mobile communication network element.

Embodiment five,

Based on the method for the access wlan network that the embodiment of the present invention one provides, a kind of mobile communication network element that the embodiment of the present invention five provides, the structural representation of a kind of mobile communication network element that Fig. 8 provides for the embodiment of the present invention five, this mobile communication network element comprises access unit 31 and at least one data service gateway 32, wherein:

Access unit 31 is for receiving access request, and described access request is that WLAN (wireless local area network) WLAN terminal is forwarded by wireless routing device; Data service gateway 32 for described access request being forwarded to wireless local net access controller WLAN AC, require WLAN AC WLAN terminal authentication by time, instruction WLAN terminal access wlan network.

Access unit 31 also for receiving the APN APN that wireless routing device sends, and determines according to the described APN received the data service gateway sending access request to WLAN AC.

Data service gateway 32 is also for receiving the certification page that WLAN AC pushes, described certification page is that portal server pushes to described WLAN AC, and the certification page carrying authentication information that reception access unit returns, and the certification page carrying authentication information is pushed to WLAN AC.

The certification page of access unit 31 also for being sent by data service gateway pushes to described WLAN terminal, receives the certification page carrying authentication information that described WLAN terminal returns, and the certification page carrying authentication information is sent to data service gateway.

Access unit 31 is also for receiving the charge information of multiple WLAN terminal of access wlan network.

The charge information of data service gateway 32 also for being received by described access unit is sent to WLANAC.

Obviously, those skilled in the art can carry out various change and modification to the present invention and not depart from the spirit and scope of the present invention.Like this, if these amendments of the present invention and modification belong within the scope of the claims in the present invention and equivalent technologies thereof, then the present invention is also intended to comprise these change and modification.

Claims (15)

1. a method for accessing WLAN wlan network, is characterized in that, the method comprises:
Wireless local net access controller WLAN AC receives the access request that mobile communication network element sends, and described access request is that WLAN (wireless local area network) WLAN terminal is forwarded to mobile communication network element by wireless routing device;
Described access request is sent to authentication device by WLAN AC, requires that described authentication device carries out authentication according to the access request received to described WLAN terminal, and when authentication is passed through, instruction WLAN terminal access wlan network;
Described mobile communication network element comprises access unit and at least one data service gateway, and the access request that WLAN AC receives is that a data Service Gateway sends;
The data service gateway sending access request to WLAN AC is determined in the following manner:
Access unit receives the APN APN that wireless routing device sends;
Access unit determines according to the described APN received the data service gateway sending access request to WLAN AC.
2. the method for claim 1, is characterized in that, described authentication device comprises portal server and certificate server;
WLAN AC requires that described authentication device carries out authentication according to the access request received to described WLAN terminal, specifically comprises:
Described access request is sent to portal server by WLAN AC, and instruction portal server is to described WLAN terminal pushing certification page;
WLAN AC receives the certification page carrying authentication information that described WLAN terminal returns, and described authentication information is sent to certificate server, requires that certificate server carries out authentication according to described authentication information to described WLAN terminal.
3. method as claimed in claim 2, is characterized in that,
Portal server, to described WLAN terminal pushing certification page, specifically comprises:
Portal server is sent to mobile communication network element to the certification page that described WLAN terminal pushes by WLAN AC, and this certification page is forwarded to WLAN terminal by wireless routing device by instruction mobile communication network element;
WLAN AC receives the certification page carrying authentication information that described WLAN terminal returns, and specifically comprises:
WLAN AC receives the certification page carrying authentication information that mobile communication network element sends, described in carry authentication information certification page be that WLAN terminal is forwarded to mobile communication network element by wireless routing device.
4. method as claimed in claim 2, is characterized in that, comprise the terminal iidentification of WLAN terminal in described authentication information;
Pass through afterwards described WLAN terminal authentication at authentication device, described method also comprises:
WLAN AC records the terminal iidentification of the WLAN terminal that authentication is passed through;
After WLAN terminal access wlan network, described method also comprises:
WLAN AC receives the charge information of the multiple WLAN terminal by wireless routing device access wlan network;
WLAN AC is according to the terminal iidentification of the WLAN terminal of record, determine the charge information of each WLAN terminal accessing wlan network, and the charge information of each WLAN terminal is sent to certificate server, instruction certificate server carries out charging to each WLAN terminal respectively.
5. access a system for wlan network, it is characterized in that, this system comprises WLAN (wireless local area network) WLAN terminal, wireless routing device, mobile communication network element, wireless local net access controller WLAN AC and authentication device, wherein:
WLAN terminal, for sending access request to wireless routing device;
Wireless routing device, for being forwarded to mobile communication network element by described access request;
Mobile communication network element, for being forwarded to WLAN AC by described access request;
WLAN AC, for described access request is sent to authentication device, when authentication device passes through WLAN terminal authentication, instruction WLAN terminal access wlan network;
Authentication device, for carrying out authentication according to described access request to described WLAN terminal;
Described mobile communication network element comprises access unit and at least one data service gateway:
Wireless routing device, also for sending APN APN to access unit;
Described access unit, for determining data service gateway according to the described APN received;
By access unit established data Service Gateway, for described access request is sent to WLAN AC.
6. system as claimed in claim 5, it is characterized in that, described authentication device comprises portal server and certificate server;
WLAN AC, specifically for described access request is sent to portal server, and receives the certification page carrying authentication information that described WLAN terminal returns, and authentication information is sent to certificate server;
Portal server, for after receiving described access request, to described WLAN terminal pushing certification page;
Certificate server, for carrying out authentication according to the described authentication information received to described WLAN terminal.
7. system as claimed in claim 6, is characterized in that,
WLAN AC, specifically for portal server is sent to mobile communication network element to the certification page that described WLAN terminal pushes, and the certification page carrying authentication information that reception mobile communication network element returns;
Mobile communication network element, also for the certification page received is sent to wireless routing device, and the certification page carrying authentication information returned by wireless routing device sends to WLAN AC;
Wireless routing device, also for the certification page received is forwarded to WLAN terminal, and the certification page carrying authentication information that reception WLAN terminal returns, and send to mobile radio communication unit.
8. system as claimed in claim 6, is characterized in that,
WLAN AC, also for recording the terminal iidentification of the WLAN terminal that authentication is passed through, and after WLAN terminal access wlan network, receive the charge information of the multiple WLAN terminal by wireless routing device access wlan network, according to the terminal iidentification of the WLAN terminal of record, determine the charge information of each WLAN terminal accessing wlan network, and the charge information of each WLAN terminal is sent to certificate server;
Certificate server, also for carrying out charging to each WLAN terminal respectively.
9. a wireless local net access controller WLAN AC, is characterized in that, described WLAN AC comprises the first receiver module and the first sending module, wherein:
First receiver module, for receiving the access request that mobile communication network element sends, described access request is that WLAN (wireless local area network) WLAN terminal is forwarded to mobile communication network element by wireless routing device, described mobile communication network element comprises access unit and at least one data service gateway, the access request that this first receiver module receives is that a data Service Gateway sends, and the data service gateway sending access request to WLAN AC is determined in the following manner: access unit receives the APN APN that wireless routing device sends; Access unit determines according to the described APN received the data service gateway sending access request to WLAN AC;
First sending module, for described access request is sent to authentication device, requires that described authentication device carries out authentication according to the access request received to described WLAN terminal, and when authentication is passed through, instruction WLAN terminal access wlan network.
10. WLAN AC as claimed in claim 9, is characterized in that, described first sending module, comprises the page and sends submodule and information transmission submodule, wherein:
The page sends submodule, and for described access request being sent to the portal server in authentication device, instruction portal server is to described WLAN terminal pushing certification page;
Information sends submodule, for the authentication information received being sent to the certificate server in authentication device, requires that certificate server carries out authentication according to described authentication information to described WLAN terminal;
First receiver module, also for receiving the certification page carrying authentication information that described WLAN terminal returns, and sends to information to send submodule by described authentication information.
11. WLAN AC as claimed in claim 10, it is characterized in that, described WLAN AC also comprises the second receiver module and the second sending module:
Described second receiver module, for receiving the certification page that portal server pushes to described WLAN terminal;
Described second sending module, portal server for being received by the second receiver module is sent to mobile communication network element to the certification page that described WLAN terminal pushes, and this certification page is forwarded to WLAN terminal by wireless routing device by instruction mobile communication network element;
First receiver module, specifically for receiving the certification page carrying authentication information that mobile communication network element sends, described in carry authentication information certification page be that WLAN terminal is forwarded to mobile communication network element by wireless routing device.
12. WLAN AC as claimed in claim 10, it is characterized in that, described WLAN AC also comprises logging modle, wherein:
Logging modle, for when certificate server passes through WLAN terminal authentication, the terminal iidentification of the WLAN terminal that record authentication is passed through;
First receiver module, also for after WLAN terminal access wlan network, receives the charge information of the multiple WLAN terminal by wireless routing device access wlan network;
First sending module, also for the terminal iidentification of the WLAN terminal according to record, determine the charge information of each WLAN terminal accessing wlan network, and the charge information of each WLAN terminal is sent to certificate server, instruction certificate server carries out charging to each WLAN terminal respectively.
13. 1 kinds of mobile communication network elements, is characterized in that, this mobile communication network element comprises access unit and at least one data service gateway:
Access unit, for receiving access request, described access request is that WLAN (wireless local area network) WLAN terminal is forwarded by wireless routing device;
Data service gateway, for described access request is forwarded to wireless local net access controller WLANAC, require WLAN AC WLAN terminal authentication by time, instruction WLAN terminal access wlan network;
Access unit, also for receiving the APN APN that wireless routing device sends, and determines according to the described APN received the data service gateway sending access request to WLAN AC.
14. mobile communication network elements as claimed in claim 13, is characterized in that,
Data service gateway, also for receiving the certification page that WLAN AC pushes, described certification page is that portal server pushes to described WLAN AC, and the certification page carrying authentication information that reception access unit returns, and the certification page carrying authentication information is pushed to WLAN AC;
Access unit, the certification page also for being sent by data service gateway pushes to described WLAN terminal, receives the certification page carrying authentication information that described WLAN terminal returns, and the certification page carrying authentication information is sent to data service gateway.
15. mobile communication network elements as claimed in claim 13, is characterized in that,
Access unit, also for receiving the charge information of multiple WLAN terminal of access wlan network;
Data service gateway, the charge information also for being received by described access unit is sent to WLANAC.
CN201110063162.6A 2011-03-16 2011-03-16 A kind of method, system and equipment accessing wlan network CN102685743B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201110063162.6A CN102685743B (en) 2011-03-16 2011-03-16 A kind of method, system and equipment accessing wlan network

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201110063162.6A CN102685743B (en) 2011-03-16 2011-03-16 A kind of method, system and equipment accessing wlan network
PCT/CN2012/072446 WO2012122947A1 (en) 2011-03-16 2012-03-16 Method, system and apparatus for accessing wlan network

Publications (2)

Publication Number Publication Date
CN102685743A CN102685743A (en) 2012-09-19
CN102685743B true CN102685743B (en) 2015-10-07

Family

ID=46816978

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201110063162.6A CN102685743B (en) 2011-03-16 2011-03-16 A kind of method, system and equipment accessing wlan network

Country Status (2)

Country Link
CN (1) CN102685743B (en)
WO (1) WO2012122947A1 (en)

Families Citing this family (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102932913B (en) * 2012-10-24 2018-10-26 南京中兴新软件有限责任公司 Obtain method, server, gateway and the system of MAB terminal access positions
US20140169291A1 (en) * 2012-12-12 2014-06-19 Qualcomm Incorporated System and method for improved communication on a wireless network
CN103916866A (en) * 2012-12-29 2014-07-09 中国移动通信集团河北有限公司 Method and apparatus for WLAN site selection
US9609569B2 (en) * 2013-09-19 2017-03-28 Cisco Technology, Inc. High-speed mobile broadband access by slewing between vehicular narrowbeam transceiver and fixed transceivers along prescribed path
CN105025510B (en) * 2014-04-23 2019-02-26 中国移动通信集团广东有限公司 A kind of network O&M method, apparatus and control equipment
CN103987042A (en) * 2014-05-08 2014-08-13 中国联合网络通信集团有限公司 Access authentication method of terminals and access gateway
CN107249207A (en) * 2017-05-05 2017-10-13 上海斐讯数据通信技术有限公司 Management method, management system and the radio reception device of any wireless network services
CN109275104A (en) * 2018-09-28 2019-01-25 上海宝通汎球电子有限公司 A kind of positioning system and method based on wireless communication technology

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101150594A (en) * 2007-10-18 2008-03-26 中国联合通信有限公司 An integrated access method and system for mobile cellular network and WLAN
CN101516141A (en) * 2008-12-05 2009-08-26 中国移动通信集团广东有限公司 Method and system for communication between mobile terminal and Internet

Family Cites Families (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2004343448A (en) * 2003-05-15 2004-12-02 Matsushita Electric Ind Co Ltd Authentication system for wireless lan access
AU2003272166A1 (en) * 2003-10-16 2005-05-05 Telefonaktiebolaget Lm Ericsson (Publ) Access to cdma/umts services over a wlan access point, using a gateway node between the wlan access point and the service providing network
CN100512190C (en) * 2005-05-30 2009-07-08 中兴通讯股份有限公司 Intercommunicating system and method between mobile communication network and wireless metropolitan area network
CN100563158C (en) * 2005-10-26 2009-11-25 杭州华三通信技术有限公司 Access control method and system
CN101399722A (en) * 2007-09-25 2009-04-01 海尔集团公司 Access method and system for wireless network device
CN101707773B (en) * 2009-11-23 2012-05-30 中国电信股份有限公司 Method and system for fusing WLAN access gateway, mobile network and wireless broadband network

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101150594A (en) * 2007-10-18 2008-03-26 中国联合通信有限公司 An integrated access method and system for mobile cellular network and WLAN
CN101516141A (en) * 2008-12-05 2009-08-26 中国移动通信集团广东有限公司 Method and system for communication between mobile terminal and Internet

Also Published As

Publication number Publication date
WO2012122947A1 (en) 2012-09-20
CN102685743A (en) 2012-09-19

Similar Documents

Publication Publication Date Title
US10257767B2 (en) Moving cellular communication system operative in an emergency mode
JP6113921B2 (en) Connection from IMSI-less device to EPC
US10582439B2 (en) Apparatus and methods for cellular network communication based on plural mobile cores
US9615388B2 (en) Communication method and apparatus using wireless LAN access point
JP6074520B2 (en) Openflow WiFi management entity architecture
US10348389B2 (en) Repeating method of wireless repeating device, and wireless repeating device
CN102349350B (en) Local breakout with optimized interface
EP2770794B1 (en) Access method for wifi access point, wifi access point and wifi system
EP2803228B1 (en) Methods and apparatus for data transmission in a communication network via a cellular network and an assistant wireless network
CN101682839B (en) Method and apparatus for providing gateway relocation when switch is proceed
US8811984B2 (en) Area-based access control method for terminals which carry out M2M communications in a wireless communication system
JP4758504B2 (en) Differentiated network view
US20130157676A1 (en) Control method for device-to-device communication
CN103947235B (en) Gateway function for mobile-relay system
US7239632B2 (en) Method and apparatus for converging local area and wide area wireless data networks
CN104284390B (en) The ubiquitous access of the network of base station from home connection
CN104170424B (en) For subscribing to shared method and apparatus
CN103369585B (en) The method and apparatus quickly setting up D2D communication
CN102349319B (en) Setup and configuration of relay nodes
CN105359572A (en) Small cell network architecture for servicing multiple network operators
US8811317B2 (en) Method for implementing local access and system thereof
US9516685B2 (en) Data distribution method, data distribution device and heterogeneous network
US20040179502A1 (en) Provision of security services for an ad-hoc network
Yang et al. When ICN meets C-RAN for HetNets: an SDN approach
CN105359561A (en) Apparatus, system and method of selectively providing internet protocol (IP) session continuity

Legal Events

Date Code Title Description
PB01 Publication
C06 Publication
SE01 Entry into force of request for substantive examination
C10 Entry into substantive examination
GR01 Patent grant
C14 Grant of patent or utility model