CN102802169B - A kind of Operational Visit control method and system - Google Patents
A kind of Operational Visit control method and system Download PDFInfo
- Publication number
- CN102802169B CN102802169B CN201110138451.8A CN201110138451A CN102802169B CN 102802169 B CN102802169 B CN 102802169B CN 201110138451 A CN201110138451 A CN 201110138451A CN 102802169 B CN102802169 B CN 102802169B
- Authority
- CN
- China
- Prior art keywords
- list information
- local
- local control
- home gateway
- network
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 28
- 238000013475 authorization Methods 0.000 claims description 10
- 238000004220 aggregation Methods 0.000 description 5
- 230000002776 aggregation Effects 0.000 description 5
- 238000009434 installation Methods 0.000 description 3
- 238000010586 diagram Methods 0.000 description 2
- 238000004891 communication Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 230000002452 interceptive effect Effects 0.000 description 1
- 238000011160 research Methods 0.000 description 1
- 238000013519 translation Methods 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W48/00—Access restriction; Network selection; Access point selection
- H04W48/08—Access restriction or access information delivery, e.g. discovery data delivery
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Mobile Radio Communication Systems (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses a kind of Operational Visit control method and system, method to include:Broadband network strategic server transmits local control access list information to home gateway;Home gateway carries out Access Control according to the local control access list information of reception to mobile terminal data.The present invention between broadband network strategic server and home gateway by transmitting local control access list information, mobile terminal data is detected according to the list information by home gateway and Access Control, to ensure that fixed network is effectively controlled to mobile terminal service behavior.
Description
Technical Field
The present invention relates to the field of communications, and in particular, to a method and a system for controlling service access.
Background
The Broadband Forum (BBF) is mainly responsible for research in three fields of Broadband network control (control), access (access), and Home (Home), and is designed to solve the problems encountered in Broadband network development. The broadband network architecture defined by BBF, as shown in fig. 1, includes:
user Equipment (UE) generally includes a computer, an interactive network television (IPTV) terminal, and the like;
customer Premises Equipment (CPE) including a home gateway and the like;
a business router (business router) through which business users access the broadband network;
AN Access Node (AN, Access Node) for terminating various Access technologies and providing a uniform Ethernet convergence interface for uplink;
the aggregation point (AGG) comprises an Ethernet aggregation node and an IP layer aggregation device, wherein the Ethernet aggregation node is connected with a plurality of access nodes in a downlink manner and provides a flow two-layer aggregation function;
IP Edge nodes (IP edges), typically Broadband network gateway devices (BNG);
a Network Service Provider (NSP) for providing a Network Service to a user;
an Application Service Provider (ASP) that provides a user with a dedicated Application;
and the Policy server (Policy server) provides corresponding policies for the area network.
For access control of users and services, the BBF defines a broadband network policy control framework, as shown in fig. 2, including:
a Service provider domain (NSP, ASP) connected to the strategy server via G interface;
the broadband residential network comprises a BNG (broadband network gateway), a Digital subscriber line Access management Device (DSLAM) and a policy server connected through an R interface;
an authentication authorization accounting Server (AAA Server) connected with the strategy Server through an A interface;
and a Network Management System (NMS) connected with the policy server through the M/Q interface.
In order to better operate services and expand Wireless coverage, a mobile operator leases a Wireless Local Area Network (WLAN) access line of a fixed network operator from the viewpoint of cost saving.
For the scene of fixed and mobile convergence, a mobile user can carry out flow fixed network local unloading of the internet service through a local IP address distributed by a fixed network and access the local service of a fixed network operator. For example, the mobile user uses the local private Network address 192.168.1.2 allocated by the home gateway to obtain the public Network address 202.10.10.1 to access the local service of the operator after the home gateway performs Network Address Translation (NAT), and since the terminal belongs to the mobile Network, the fixed Network operator cannot identify different terminals according to the public IP address modified by the NAT. Given that a mobile user has access to unauthorized fixed network local traffic or offloads (offload) internet traffic that is not allowed to be offloaded locally, the fixed network operator cannot effectively control it.
Disclosure of Invention
In view of the above, the main objective of the present invention is to provide a service access control method and system, so as to implement effective control of service behavior of a mobile terminal by a fixed network.
In order to achieve the purpose, the technical scheme of the invention is realized as follows:
the invention provides a service access control method, which comprises the following steps:
the broadband network strategy server transmits local control access list information to the home gateway;
and the home gateway performs access control on the mobile terminal data according to the received local control access list information.
The local control access list information includes: an IP address that allows for local offloading of traffic and authorization to access local traffic.
The local control access list information further includes: service identification information.
The method further comprises the following steps:
the broadband network policy server transfers the local control access list information to the home gateway through a direct interface to the home gateway.
The method further comprises the following steps:
the broadband network policy server communicates the local control access list information to a home gateway through a Network Management System (NMS).
The method further comprises the following steps:
the broadband network policy server transmits the local control access list information to a home gateway through a Broadband Network Gateway (BNG).
The invention also provides a service access control system, which comprises: a broadband network policy server and a home gateway, wherein,
the broadband network policy server is used for transmitting local control access list information to the home gateway;
and the home gateway is used for performing access control on the mobile terminal data according to the received local control access list information.
The local control access list information includes: an IP address that allows for local offloading of traffic and authorization to access local traffic.
The local control access list information further includes: service identification information.
The broadband network policy server is further configured to communicate the local control access list information to a home gateway via a direct interface to the home gateway.
The system further comprises: and the broadband network policy server transmits the local control access list information to the home gateway through the NMS.
The system further comprises: and the broadband network policy server transmits the local control access list information to the home gateway through the BNG.
The invention provides a service access control method and a system thereof, which transmit local control access list information between a bandwidth network policy server and a home gateway, and the home gateway detects and controls access of mobile terminal data according to the list information so as to ensure that a fixed network effectively controls the service behavior of the mobile terminal.
Drawings
FIG. 1 is a schematic diagram of a broadband network architecture defined by BBF in the prior art;
FIG. 2 is a schematic diagram of a broadband network policy control framework defined by the BBF in the prior art;
fig. 3 is a flowchart of a service access control method according to the present invention;
fig. 4 is a flowchart of a service access control method according to a first embodiment of the present invention;
fig. 5 is a flowchart of a service access control method according to a second embodiment of the present invention;
fig. 6 is a flowchart of a service access control method according to a third embodiment of the present invention.
Detailed Description
The technical solution of the present invention is further elaborated below with reference to the drawings and the specific embodiments.
As shown in fig. 3, a method for controlling service access mainly includes the following steps:
step 301, the broadband network policy server transmits local control access list information to the home gateway.
The local control access list information includes: an IP address allowing for local offloading of traffic and authorized access to local traffic; may also include: and allowing the local traffic offload and authorizing access to the IP address and the service identification information of the local service.
And step 302, the home gateway performs access control on the mobile terminal data according to the received local control access list information.
For example: the local control access list information is { S ═ 192.168.1.2, G ═ and }, which indicates that for the mobile terminal with the source IP address of 192.168.1.2, all traffic is allowed to be subjected to traffic local offload, and the mobile user is not restricted from accessing the local service of the fixed network; the local control access list information is 192.168.1.6, G x.x.x.x, and indicates that for a mobile terminal with a source IP address of 192.168.1.6, all data of the mobile terminal is required to be transmitted to a user tunnel endpoint x.x.x in the mobile local network, and local traffic offload is prohibited; the local control access list information is { S ═ 192.168.1.6, G ═ x.x.x | | G ═ a.b.c.d }, which indicates that for the mobile terminal with source IP address 192.168.1.6, when the destination address is a.b.c.d, traffic is allowed to be locally offloaded, and the rest of the data is required to be transmitted to the mobile network; the local control access list information is { S ═ 192.168.1.2, T ═ y }, which indicates that for a mobile terminal with a source IP address of 192.168.1.2, traffic local offloading is allowed only if the service identifier T is y; the local control access list information is { S ═ 192.168.1.2, G ═ x.x.x.x | | | G ═ a.b.c.d, T ═ y }, which means that for a mobile terminal with a source IP address of 192.168.1.2, traffic local offload is allowed only if the destination address is a.b.c.d and the traffic identity T is y.
In addition, the broadband network policy server may communicate the local control access list information to the home gateway through a direct interface to the home gateway; or,
the broadband network policy server transmits the local control access list information to a home gateway through NMS; or,
and the broadband network policy server transmits the local control access list information to the home gateway through the BNG.
Corresponding to the service access control method, the invention also provides a service access control system, which comprises: a broadband network policy server and a home gateway. The broadband network policy server is used for transmitting the local control access list information to the home gateway. And the home gateway is used for performing access control on the mobile terminal data according to the received local control access list information.
The broadband network policy server is further configured to communicate the local control access list information to the home gateway via a direct interface to the home gateway.
The system may further comprise: and the broadband network policy server transmits the local control access list information to the home gateway through the NMS.
The system may further comprise: and the broadband network policy server transmits the local control access list information to the home gateway through the BNG.
In the Broadband network architecture defined by the BBF, the Broadband network policy server is referred to as a Broadband Policy Control Function (BPCF). The method and system for controlling service access are further described in detail below with reference to specific embodiments.
Fig. 4 shows a flow of the BPCF passing local control access list information to the HGW through the NMS, which mainly includes the following steps:
step 401, a mobile network user accesses through a broadband residential network wireless gateway, after the user passes network authentication, an S9 session is established between a Policy and Charging Rules Function (PCRF) and a BPCF, and the BPCF acquires user home network Policy information from the PCRF.
Step 402, the BPCF makes a local control access decision of the mobile user according to the user home network policy information acquired from the PCRF, in combination with the subscription related information between operators acquired from the bandwidth network authentication authorization charging server and the local policy information in the broadband bearer network, to obtain local control access list information of the mobile user, for example: 192.168.1.6, G x.x.x.x, prohibiting local offloading of mobile subscriber traffic.
In step 403, the BPCF issues the local control access list information of the mobile subscriber to the NMS through the M interface.
And step 404, the NMS directly interacts with the HGW and issues the local control access list information of the mobile user to the HGW.
Step 405, the HGW performs the local control access decision installation of the mobile subscriber according to the local control access list information of the mobile subscriber, and performs access control on the mobile subscriber according to the decision. For example: and when the HGW performs NAT on the mobile user data, detecting the generated control list, and if the destination IP address of the mobile user data with the source IP address of 192.168.1.6 is not x.x.x.x, discarding all the mobile user data.
Fig. 5 shows the flow of the BPCF passing the local control access list information to the HGW through the BNG, which mainly includes the following steps:
step 501, a mobile network user accesses through a broadband residential network wireless gateway, after the user passes network authentication, an S9 session is established between the PCRF and the BPCF, and the BPCF obtains user home network policy information from the PCRF.
Step 502, the BPCF makes a mobile user traffic local control access decision according to the user home network policy information acquired from the PCRF, in combination with the subscription related information between operators acquired from the bandwidth network authentication authorization charging server and the local policy information in the broadband bearer network, to obtain the mobile user local control access list information, for example: 192.168.1.6, G x.x.x.x, prohibiting local offloading of mobile subscriber traffic.
In step 503, the BPCF sends the local control access list information of the mobile subscriber to the BNG through the R interface.
Step 504, BNG interacts with HGW and issues the local control access list information of the mobile subscriber to HGW.
And 505, the HGW performs local control access decision installation of the mobile subscriber according to the local control access list information of the mobile subscriber, and performs access control on the mobile subscriber according to the decision. For example: and when the HGW performs NAT on the mobile user data, detecting the generated control list, and if the destination IP address of the mobile user data with the source IP address of 192.168.1.6 is not x.x.x.x, discarding all the mobile user data.
Fig. 6 shows a flow of the BPCF transferring local control access list information to the HGW through a direct interface to the HGW, mainly including the following steps:
step 601, the mobile network user accesses through the broadband residential network wireless gateway, after the user passes the network authentication, an S9 session is established between the PCRF and the BPCF, and the BPCF acquires the user home network policy information from the PCRF.
Step 602, the BPCF makes a local control access decision of the mobile user according to the user home network policy information obtained from the PCRF, in combination with the subscription related information between operators obtained from the bandwidth network authentication authorization charging server and the local policy information in the broadband bearer network, to obtain local control access list information of the mobile user, for example: 192.168.1.6, G x.x.x.x, prohibiting local offloading of mobile subscriber traffic.
And 603, the BPCF issues the local control access list information of the mobile user to the HGW through the interface between the BPCF and the HGW.
And step 604, the HGW performs local control access decision installation of the mobile subscriber according to the local control access list information of the mobile subscriber, and performs access control on the mobile subscriber according to the decision. For example: and when the HGW performs NAT on the mobile user data, detecting the generated control list, and if the destination IP address of the mobile user data with the source IP address of 192.168.1.6 is not x.x.x.x, discarding all the mobile user data.
In summary, the present invention transmits the local control access list information between the bandwidth network policy server and the home gateway, and the home gateway detects and controls access to the mobile terminal data according to the list information, so as to ensure that the fixed network effectively controls the service behavior of the mobile terminal.
The above description is only a preferred embodiment of the present invention, and is not intended to limit the scope of the present invention.
Claims (12)
1. A method for controlling service access, the method comprising:
a mobile network user is accessed through a broadband residential network wireless gateway, and after the mobile network user passes network authentication, a broadband network policy server transmits local control access list information to a home gateway; the local control access list information is obtained by the broadband network policy server making a local control access decision of the mobile user according to the user home network policy information acquired from the policy and charging function entity in combination with the subscription related information between operators acquired from the broadband network authentication authorization charging server and the local policy information in the broadband bearer network;
and the home gateway performs access control on the mobile terminal data according to the received local control access list information.
2. The service access control method according to claim 1, wherein the local control access list information includes: an IP address that allows for local offloading of traffic and authorization to access local traffic.
3. The service access control method according to claim 2, wherein the local control access list information further includes: service identification information.
4. A service access control method according to claim 1, 2 or 3, characterized in that the method further comprises:
the broadband network policy server transfers the local control access list information to the home gateway through a direct interface to the home gateway.
5. A service access control method according to claim 1, 2 or 3, characterized in that the method further comprises:
the broadband network policy server communicates the local control access list information to a home gateway through a Network Management System (NMS).
6. A service access control method according to claim 1, 2 or 3, characterized in that the method further comprises:
the broadband network policy server transmits the local control access list information to a home gateway through a Broadband Network Gateway (BNG).
7. A service access control system, comprising: a broadband network policy server and a home gateway, wherein,
the broadband network policy server is used for transmitting local control access list information to the home gateway after a mobile network user accesses through a broadband residential network wireless gateway and passes network authentication; the local control access list information is obtained by the broadband network policy server making a local control access decision of the mobile user according to the user home network policy information acquired from the policy and charging function entity in combination with the subscription related information between operators acquired from the broadband network authentication authorization charging server and the local policy information in the broadband bearer network;
and the home gateway is used for performing access control on the mobile terminal data according to the received local control access list information.
8. The service access control system according to claim 7, wherein the local control access list information includes: an IP address that allows for local offloading of traffic and authorization to access local traffic.
9. The system of claim 8, wherein the local control access list information further comprises: service identification information.
10. A service access control system according to claim 7, 8 or 9, wherein the broadband network policy server is further configured to communicate the local control access list information to a home gateway via a direct interface to the home gateway.
11. Service access control system according to claim 7, 8 or 9, characterized in that the system further comprises: and the broadband network policy server transmits the local control access list information to the home gateway through the NMS.
12. Service access control system according to claim 7, 8 or 9, characterized in that the system further comprises: and the broadband network policy server transmits the local control access list information to the home gateway through the BNG.
Priority Applications (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201110138451.8A CN102802169B (en) | 2011-05-25 | 2011-05-25 | A kind of Operational Visit control method and system |
| PCT/CN2012/073729 WO2012159503A1 (en) | 2011-05-25 | 2012-04-10 | Service access control method and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201110138451.8A CN102802169B (en) | 2011-05-25 | 2011-05-25 | A kind of Operational Visit control method and system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN102802169A CN102802169A (en) | 2012-11-28 |
| CN102802169B true CN102802169B (en) | 2018-01-02 |
Family
ID=47201111
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201110138451.8A Active CN102802169B (en) | 2011-05-25 | 2011-05-25 | A kind of Operational Visit control method and system |
Country Status (2)
| Country | Link |
|---|---|
| CN (1) | CN102802169B (en) |
| WO (1) | WO2012159503A1 (en) |
Families Citing this family (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US9208344B2 (en) * | 2011-09-09 | 2015-12-08 | Lexisnexis, A Division Of Reed Elsevier Inc. | Database access using a common web interface |
| CN105610809B (en) * | 2015-12-23 | 2019-04-23 | 北京奇虎科技有限公司 | The method, apparatus and system of network admittance control |
| CN107659542A (en) * | 2016-07-26 | 2018-02-02 | 阿里巴巴集团控股有限公司 | A kind of method for authenticating and server |
| CN106535189B (en) * | 2016-11-16 | 2019-12-31 | 迈普通信技术股份有限公司 | Network access control information configuration method and device and exit gateway |
| US11902396B2 (en) | 2017-07-26 | 2024-02-13 | Amazon Technologies, Inc. | Model tiering for IoT device clusters |
| US10980085B2 (en) | 2017-07-26 | 2021-04-13 | Amazon Technologies, Inc. | Split predictions for IoT devices |
| CN115086326A (en) * | 2017-07-26 | 2022-09-20 | 亚马逊科技公司 | Hierarchical data processing for IOT device clusters |
| CN115426685A (en) * | 2022-08-31 | 2022-12-02 | 中国联合网络通信集团有限公司 | Access control method, device, equipment and medium for 5G edge computing flow |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101039213A (en) * | 2006-03-14 | 2007-09-19 | 华为技术有限公司 | Method for controlling user access in communication network |
| CN101222453A (en) * | 2008-01-22 | 2008-07-16 | 中兴通讯股份有限公司 | Household gateway policy control method and system |
| CN101415273A (en) * | 2008-12-09 | 2009-04-22 | 中国电信股份有限公司 | Method and system for controlling policy, and gateway for implementing policy control |
| CN101599895A (en) * | 2008-06-04 | 2009-12-09 | 华为技术有限公司 | Data processing method and wideband network gateway, strategy controller device and access node apparatus |
Family Cites Families (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN100574239C (en) * | 2007-10-17 | 2009-12-23 | 中兴通讯股份有限公司 | The fixed mobile combination system of telephony Network Based and method |
| CN101309237B (en) * | 2008-06-30 | 2011-04-20 | 中兴通讯股份有限公司 | Home gateway, system and method for remotely sharing multimedia data |
| CN101583112B (en) * | 2008-08-12 | 2011-09-21 | 中兴通讯股份有限公司 | Method and device for marking session information |
| KR101472749B1 (en) * | 2008-09-25 | 2014-12-16 | 삼성전자주식회사 | METHOD AND APPARATUS FOR UE ADMISSION CONTROL IN HOME eNB |
| US20100125576A1 (en) * | 2008-11-17 | 2010-05-20 | Chung-Ang University Industry-Academy Cooperation Foundation | User oriented information system and method of controlling the user oriented information system |
| US20110090829A1 (en) * | 2009-04-21 | 2011-04-21 | Jane Zhen Wu | System and method for handsets and access points power saving |
| CN101771726A (en) * | 2010-01-14 | 2010-07-07 | 候万春 | System and method for providing Internet browsing control service for mobile telephone subscriber |
-
2011
- 2011-05-25 CN CN201110138451.8A patent/CN102802169B/en active Active
-
2012
- 2012-04-10 WO PCT/CN2012/073729 patent/WO2012159503A1/en active Application Filing
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101039213A (en) * | 2006-03-14 | 2007-09-19 | 华为技术有限公司 | Method for controlling user access in communication network |
| CN101222453A (en) * | 2008-01-22 | 2008-07-16 | 中兴通讯股份有限公司 | Household gateway policy control method and system |
| CN101599895A (en) * | 2008-06-04 | 2009-12-09 | 华为技术有限公司 | Data processing method and wideband network gateway, strategy controller device and access node apparatus |
| CN101415273A (en) * | 2008-12-09 | 2009-04-22 | 中国电信股份有限公司 | Method and system for controlling policy, and gateway for implementing policy control |
Non-Patent Citations (1)
| Title |
|---|
| SIPTO at local network solution2 – using O-GW to offload traffic;ZTE;《SA WG2 Meeting #85》;20110520;全文 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN102802169A (en) | 2012-11-28 |
| WO2012159503A1 (en) | 2012-11-29 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN102802169B (en) | A kind of Operational Visit control method and system | |
| EP2497296B1 (en) | A method of call admission control for femtocells | |
| US7519036B2 (en) | Method of user access authorization in wireless local area network | |
| US8885571B2 (en) | System and method for maintaining a communication session | |
| EP2643996B1 (en) | Automatic remote access to ieee 802.11 networks | |
| US20110176531A1 (en) | Handling of Local Breakout Traffic in a Home Base Station | |
| US9401888B2 (en) | Internet protocol mapping resolution in fixed mobile convergence networks | |
| US20110173678A1 (en) | User and Device Authentication in Broadband Networks | |
| US7630386B2 (en) | Method for providing broadband communication service | |
| EP2606663A1 (en) | A system and method for wi-fi roaming | |
| US20120208504A1 (en) | Femto access point initialization and authentication | |
| US8813195B2 (en) | Method and apparatus for authenticating a user equipment | |
| CN102457847A (en) | Fixed network perception user access method and system thereof | |
| CN101656964B (en) | The implementation method of Wi-Fi metropolitan area network and home gateway | |
| CN102740416B (en) | Network element system of selection and device | |
| CN103139914A (en) | Resource control method and system on local unloaded data | |
| KR102216546B1 (en) | Method for providing private network service for each application and telecommunication network system, and method for transmitting traffic in terminal | |
| CN102572932B (en) | Method and system for achieving domestic base station network source differentiated management and control | |
| US20240298176A1 (en) | Methods and apparatus for implementing vlan stacking for seamless roaming in high density wireless networks | |
| CN102378251A (en) | Admission control method and system | |
| CN102572771B (en) | Method and system for realizing resource management control in switching process | |
| Cartmell | Traffic Offloading and Load Balancing to Enable Cloud Computing Connectivity |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| TR01 | Transfer of patent right | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20201130 Address after: 226600 Building 1, No.288, Changjiang West Road, Haian Town, Haian City, Nantong City, Jiangsu Province Patentee after: HAI'AN JIACHEN ENVIRONMENTAL TECHNOLOGY Co.,Ltd. Address before: 518057 Nanshan District Guangdong high tech Industrial Park, South Road, science and technology, ZTE building, Ministry of Justice Patentee before: ZTE Corp. |