CN103250446B - Determine the method and system of subscriber equipment access way, equipment - Google Patents

Determine the method and system of subscriber equipment access way, equipment Download PDF

Info

Publication number
CN103250446B
CN103250446B CN201180003638.5A CN201180003638A CN103250446B CN 103250446 B CN103250446 B CN 103250446B CN 201180003638 A CN201180003638 A CN 201180003638A CN 103250446 B CN103250446 B CN 103250446B
Authority
CN
China
Prior art keywords
corresponding relation
subscriber equipment
access network
network discovery
application message
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201180003638.5A
Other languages
Chinese (zh)
Other versions
CN103250446A (en
Inventor
周伟
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Honor Device Co Ltd
Original Assignee
Huawei Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Huawei Technologies Co Ltd filed Critical Huawei Technologies Co Ltd
Publication of CN103250446A publication Critical patent/CN103250446A/en
Application granted granted Critical
Publication of CN103250446B publication Critical patent/CN103250446B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W48/00Access restriction; Network selection; Access point selection
    • H04W48/08Access restriction or access information delivery, e.g. discovery data delivery

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

The embodiment of the present invention provides a kind of method and system, the equipment of determining subscriber equipment access way.Wherein a kind of method comprises: data gateway obtains access network discovery corresponding to subscriber equipment and selection function policy information; This access network discovery and selection function policy information comprise the first corresponding relation corresponding to this subscriber equipment, and this first corresponding relation is the corresponding relation of application message and access way; This data gateway obtains the second corresponding relation corresponding to this subscriber equipment, and this second corresponding relation is the corresponding relation of this application message and security information; This data gateway, according to this first corresponding relation, this second corresponding relation and the data message through safe protection treatment that will send to this subscriber equipment, determines the access way of this subscriber equipment.The technical scheme of the embodiment of the present invention, can determine the access way of UE, thus can realize the triage operator of the Business Stream to UE under security scenario based on application message.

Description

Determine the method and system of subscriber equipment access way, equipment
Technical field
The embodiment of the present invention relates to communication technical field, particularly relates to a kind of method and system, the equipment of determining subscriber equipment access way.
Background technology
System Architecture Evolution (SystemArchitectureEvolution, SAE) is the evolution network framework that third generation partner program (3rdGenerationPartnershipProject, 3GPP) starts.Under the guidance of SAE evolution plan, define a new mobile communications network framework being separated chain of command and data surface, i.e. the grouping system (EvolvedPacketSystem, EPS) of evolution.
In SAE, after the operator deployment EPS of multiple access style, subscriber equipment (UserEquipment, UE) is in the environment with multiple wireless access, need according to certain strategy, as selected a suitable wireless access way according to signal strength signal intensity or price factor etc.Simultaneously operator also to need according to current network state as signal strength signal intensity and network load condition etc. for UE recommends a suitable wireless access way.Therefore, 3GPP tissue proposes access network discovery and selection function (AccessNetworkDiscoveryandSelectionFunction, ANDSF) entity, this ANDSF entity can under the prerequisite of comprehensive wireless access network information and carrier policy, formulate a group policy rule, a suitable access way can be selected for UE according to this policing rule.Such as ANDSF entity can arrange the execute file host-host protocol (FileTransferProtocol between at 8 in the morning at 8 in evening, FTP) UE of business selects WiFi access way, like this, UE can select WiFi access way to access between at 8 in the morning at 8 in evening.In the EPS introducing ANDSF entity, to the technical scheme that the Business Stream of UE is shunted, by policy charging rule function (PolicyChargingRuleFunction, PCRF) entity and ANDSF entity interaction acquisition strategy rule, (PolicyandChargingControl is controlled again according to this policing rule generation strategy and charging, PCC) rule, again by packet data gateway (PacketDataNetworkGateway, PDN-GW) select corresponding carrying according to the application message of this PCC rule and UE, and triage operator is carried out to the Business Stream of UE.
In practice, above-mentioned cannot be applied in security scenario based on application message to the technical scheme that the Business Stream of UE is shunted under, cause the access way cannot determining UE, thus the shunting of the Business Stream to UE cannot be realized.
Summary of the invention
The embodiment of the present invention provides a kind of method and system, packet data gateway for determining subscriber equipment access way, in order to solve the defect cannot determining the access way of UE in prior art under security scenario based on application message.
The embodiment of the present invention provides a kind of method determining subscriber equipment access way, comprising:
Data gateway obtains access network discovery corresponding to subscriber equipment and selection function policy information; This access network discovery and selection function policy information comprise the first corresponding relation corresponding to this subscriber equipment, and this first corresponding relation is the corresponding relation of application message and access way;
This data gateway obtains the second corresponding relation corresponding to this subscriber equipment, and this second corresponding relation is the corresponding relation of this application message and security information;
This data gateway, according to this first corresponding relation, this second corresponding relation and the data message through safe protection treatment that will send to this subscriber equipment, determines the access way of this subscriber equipment.
The embodiment of the present invention also provides a kind of method determining subscriber equipment access way, comprising:
Access network discovery and selection functional entity obtain access network discovery corresponding to subscriber equipment and selection function policy information; This access network discovery and selection function policy information comprise the first corresponding relation corresponding to this subscriber equipment, and this first corresponding relation is the corresponding relation of application message and access way;
This access network discovery and selection functional entity obtain the second corresponding relation corresponding to this subscriber equipment, and this second corresponding relation is the corresponding relation of this application message and security information;
This access network discovery and selection functional entity send this first corresponding relation with this second corresponding relation to data gateway; for this data gateway according to this first corresponding relation, this second corresponding relation and the data message through safe protection treatment that will send to this subscriber equipment, determine the access way of this subscriber equipment.
The embodiment of the present invention also provides a kind of data gateway, comprising:
First acquisition module, for obtaining access network discovery corresponding to subscriber equipment and selection function policy information; This access network discovery and selection function policy information comprise the first corresponding relation corresponding to this subscriber equipment, and this first corresponding relation is the corresponding relation of application message and access way;
Second acquisition module, for obtaining the second corresponding relation corresponding to this subscriber equipment, this second corresponding relation is the corresponding relation of this application message and security information;
Determination module, for according to this first corresponding relation, this second corresponding relation and the data message through safe protection treatment that will send to this subscriber equipment, determines the access way of this subscriber equipment.
The embodiment of the present invention also provides a kind of access network discovery and selection functional entity, comprising:
First acquisition module, for obtaining access network discovery corresponding to subscriber equipment and selection function policy information; This access network discovery and selection function policy information comprise the first corresponding relation corresponding to this subscriber equipment, and this first corresponding relation is the corresponding relation of application message and access way;
Second acquisition module, for obtaining the second corresponding relation corresponding to this subscriber equipment, this second corresponding relation is the corresponding relation of this application message and security information;
Sending module; for sending this first corresponding relation with this second corresponding relation to data gateway; for this data gateway according to this first corresponding relation, this second corresponding relation and the data message through safe protection treatment that will send to this subscriber equipment, determine the access way of this subscriber equipment.
The embodiment of the present invention also provides a kind of system determining subscriber equipment access way, comprising: data gateway and access network discovery and selection functional entity;
This data gateway, for receiving access network discovery corresponding to subscriber equipment and selection function policy information; This access network discovery and selection function policy information comprise the first corresponding relation corresponding to this subscriber equipment, and this first corresponding relation is the corresponding relation of application message and access way; Receive the second corresponding relation that this subscriber equipment is corresponding, this second corresponding relation is the corresponding relation of this application message and security information; According to this first corresponding relation, this second corresponding relation and the data message through safe protection treatment that will send to this subscriber equipment, determine the access way of this subscriber equipment;
This access network discovery and selection functional entity, for obtaining access network discovery corresponding to this subscriber equipment and selection function policy information; Obtain the second corresponding relation that this subscriber equipment is corresponding; Send this access network discovery and selection function policy information and this second corresponding relation to data gateway.
Method and system, the data gateway of the determination subscriber equipment access way of the embodiment of the present invention, by adopting technique scheme, can determine the access way of UE, thus can realize the triage operator of the Business Stream to UE under security scenario based on application message.
Accompanying drawing explanation
In order to be illustrated more clearly in the embodiment of the present invention or technical scheme of the prior art, be briefly described to the accompanying drawing used required in embodiment or description of the prior art below, apparently, accompanying drawing in the following describes is some embodiments of the present invention, for those of ordinary skill in the art, under the prerequisite not paying creative work, other accompanying drawing can also be obtained according to these accompanying drawings.
A kind of signaling diagram that the Business Stream of UE is shunted that Fig. 1 provides for prior art;
The flow chart of the method for the determination UE access way that Fig. 2 provides for one embodiment of the invention;
The flow chart of the method for the determination UE access way that Fig. 3 provides for another embodiment of the present invention;
The flow chart of the method for the determination UE access way that Fig. 4 provides for yet another embodiment of the invention;
The flow chart of the method for the determination UE access way that Fig. 5 provides for further embodiment of this invention;
The signaling diagram of the method for the determination subscriber equipment access way that Fig. 6 provides for one embodiment of the invention;
The signaling diagram of the method for the determination subscriber equipment access way that Fig. 7 provides for yet another embodiment of the invention;
The structural representation of the data gateway that Fig. 8 provides for one embodiment of the invention;
The structural representation of the data gateway that Fig. 9 provides for another embodiment of the present invention;
The structural representation of the ANDSF entity that Figure 10 provides for the embodiment of the present invention;
The structural representation of the system of the determination UE access way that Figure 11 provides for one embodiment of the invention.
Embodiment
For making the object of the embodiment of the present invention, technical scheme and advantage clearly, below in conjunction with the accompanying drawing in the embodiment of the present invention, technical scheme in the embodiment of the present invention is clearly and completely described, obviously, described embodiment is the present invention's part embodiment, instead of whole embodiments.Based on the embodiment in the present invention, those of ordinary skill in the art, not making the every other embodiment obtained under creative work prerequisite, belong to the scope of protection of the invention.
The technical scheme that the embodiment of the present invention provides can be applied to various cordless communication network, such as code division multiple access (CodeDivisionMultipleAccess, CDMA), time division multiple access (Timedivisionmultipleaccess, TDMA), frequency division multiple access (FrequencyDivisionMultipleAccess, FDMA), OFDM (OrthogonalFrequency-DivisionMultipleAccess, OFDMA), single-carrier frequency division multiple access (SingleCarrierFDMA, SC-FDMA) and other network etc.Term " network " and " system " can be replaced mutually.Cdma network can realize such as wireless universal land access (UniversalTerrestrialRadioAccess, UTRA), the wireless technologys such as CDMA2000.UTRA can comprise the distortion of CDMA, WCDMA and other CDMA.CDMA2000 can cover Interim Standard (InterimStandard, IS) 2000 (IS-2000), IS-95 and IS-856 standard.TDMA network can realize the wireless technologys such as such as global system for mobile communications (GlobalSystemforMobileCommunication, GSM).OFDMA network can realize such as evolved universal Radio Terrestrial access (EvolvedUTRA, E-UTRA), super mobile broadband (UltraMobileBroadband, UMB), IEEE802.11 (Wi-Fi), IEEE802.16 (WiMAX), the wireless technologys such as IEEE802.20, FlashOFDMA.UTRA and E-UTRA is UMTS and UMTS evolution version.3GPP is the redaction of the UMTS using E-UTRA at Long Term Evolution (LongTermEvolution, LTE) and LTE senior (LTEAdvanced, LTE-A).UTRA, E-UTRA, UMTS, LTE, LTE-A and GSM be description on the books in the document of 3GPP normal structure.CDMA2000 and UMB be description on the books in the document of 3GPP2 normal structure.The technology that the embodiment of the present invention describes also can be applied in wireless network described above and wireless technology.
In embodiments of the present invention, base station (BaseStation, BS) can be and subscriber equipment (UserEquipment, or other communication site UE), as relay, carry out the website communicated, base station can provide the communication overlay of specific physical region.Described base station can be macrocell, skin community (picocell), femtocell community (femtocell), and/or the community of other type provides communication overlay.Macrocell can cover relatively large geographic area, and such as radius is the scope of several kilometers, and allows the UE carrying out service contracting unrestrictedly to access.Picocell can cover relatively little geographic area, and the UE carrying out service contracting can be allowed unrestrictedly to access.Femtocell covers relatively little geographic area, such as family, and allows the UE be associated with this femtocell to carry out restriction to access.For the base station of macrocell service can be called macro base station, for the base station of pico cell serves can be called pico base station, for the base station of femtocell service can be called femto base station or home base station.One or more community can be supported in base station.
In embodiments of the present invention, UE can be distributed in whole wireless network, and each UE can be static or movement.UE can be called terminal (terminal), travelling carriage (mobilestation), subscriber unit (subscriberunit), platform (station) etc.UE can be cell phone (cellularphone), personal digital assistant (PersonalDigitalAssistant, PDA), radio modem (modem), Wireless Telecom Equipment, handheld device (handheld), kneetop computer (laptopcomputer), cordless telephone (cordlessphone), wireless local loop (WirelessLocalLoop, WLL) platform etc.UE can with macro base station, pico base station, femto base station etc. communicates.
In the embodiment of the present invention, ANDSF entity stores ANDSF policy information.ANDSF policy information comprises the first corresponding relation corresponding to UE, and this first corresponding relation comprises the corresponding relation between application message and access way, such as: " application message A, access way B ".
In the embodiment of the present invention, aaa server is for storing the server of the second corresponding relation.Second corresponding relation comprises the corresponding relation of security information and application message, such as: " cryptographic algorithm C, application message A ".
In the embodiment of the present invention, data gateway can be PDN-GW, also can be gateway general packet radio service (GeneralPacketRadioService, GPRS) support node (GatewayGPRSSupportNode, GGSN), along with the progress of technology, be also likely that other are for carrying out the network element of Business Stream triage operator.Those skilled in the art should know, the data gateway under different network scenarios is different.
Exemplary, application message can be application identities, is used for distinguishing different applicating categories.Exemplary, application message can be content type, such as text or video, is used for distinguishing different content types.Exemplary, application message can also be that other need to be obtained by resolution data message, and in order to distinguish the information of different data messages.The present invention is not construed as limiting application message.
For ease of better setting forth embodiments of the invention, the scene being PDN-GW below in conjunction with data gateway is described.
A kind of signaling diagram that the Business Stream of UE is shunted that Fig. 1 provides for prior art.The method shunted the Business Stream of UE as shown in Figure 1, specifically can comprise as follows:
100, initiate attachment request after UE start, thus be attached in core net.UE carries out transfer of data by the PDN-GW in core net;
101, UE reports application message to application function (ApplicationFunction, AF) server;
Such as this UE can pass through specific signaling message, such as conversation initialized protocol (SessionInitiationProtocol, SIP) signaling, and the application message of operation is reported AF server.This application message and this UE and the Correspondent Node server application message related to of carrying out communicating is identical.
102, AF server generates session information, and sends this session information to PCRF entity;
Such as AF server is after receiving the application message that UE sends over, generate corresponding session information (in fact, the information of the application message that can identify UE is also carried) in this session information, and set up Rx session with PCRF entity, session information is sent to PCRF entity by Rx interface.
103, connect between PCRF entity and ANDSF entity, obtain the corresponding ANDSF policy information of application message of UE from ANDSF entity;
104, PCRF entity is according to the PCC rule of the ANDSF policy information generation obtained, and sends PCC rule to PDN-GW;
Such as this PCRF entity sends PCC rule by Gx interface to PDN-GW.The PCC rule that the application message that this PCC rule is UE is corresponding.This PCC rule comprises the application message of this UE and the one-to-one relationship of access way.
Alternatively, if do not dispose PCC framework in network, then can adopt following 105 agencies above-mentioned 103 and 104;
105, connect between PDN-GW and ANDSF entity, PDN-GW obtains corresponding ANDSF policy information from ANDSF entity.
When Correspondent Node server issues the Business Stream that will send to this UE to PDN-GW, PDN-GW can obtain the application message of this UE from Business Stream, then according to the application message of ANDSF policy information and UE, obtains the PCC rule that this UE is corresponding.
Further, can also comprise:
106, PDN-GW performs and carries operation accordingly, PCC rule as corresponding according to the application message of this UE in the Business Stream being handed down to UE performs and carries operation accordingly, such as can increase, modify or delete corresponding carrying, thus the receipts Correspondent Node server that achieves a butt joint sends to the Business Stream of UE to carry out shunting process.
Such as PDN-GW can determine the access way of UE according to this PCC rule, thus can perform and carry operation accordingly.
The technical scheme of above-mentioned shunting process is applied under UE is not in the scene of safeguard protection; but under UE is in security scenario; communication data between UE and Correspondent Node server is obtained for safeguard protection effectively; PDN-GW cannot know the application message of UE; thus the access way of UE cannot be determined, thus cannot realize shunting the Business Stream of UE.Therefore following technical scheme of the present invention can be adopted to realize under security scenario, determine the access way of UE, thus realize shunting the Business Stream of UE.
The flow chart of the method for the determination UE access way that Fig. 2 provides for one embodiment of the invention.Exemplary, the executive agent of the method for the determination UE access way of the present embodiment is PDN-GW, and as shown in Figure 2, the method for the determination UE access way of the present embodiment, comprises as follows:
200, ANDSF policy information corresponding to UE is obtained;
In the present embodiment, this ANDSF policy information comprises the first corresponding relation corresponding to UE, and this first corresponding relation is the corresponding relation of application message and access way.
201, the second corresponding relation corresponding to UE is obtained;
It is the corresponding relation of this application message and security information in the second corresponding relation in the present embodiment.
202, according to the first corresponding relation, the second corresponding relation and the data message through safe protection treatment that will send to UE, the access way of UE is determined.
The application scenarios of the present embodiment is under UE is in security scenario.This security scenario shows to establish secure connection between UE and Correspondent Node server, and the context data of UE transmission is subject to encipherment protection, thus the data of protection UE transmission are from external attack.
The method of the determination subscriber equipment access way of the present embodiment, by the corresponding relation of the corresponding relation of application message and access way, application message and security information and the data message through safe protection treatment that will send to UE, determines the access way of UE.Adopt the technical scheme of the present embodiment, the problem cannot determining the access way of UE in prior art under security scenario based on application message can be overcome, thus shunt based on the Business Stream of application message to UE under security scenario can be realized.
It should be noted that, the security information in above-described embodiment comprises the information such as key certificate, symmetric key, security algorithm.
The flow chart of the method for the determination UE access way that Fig. 3 provides for another embodiment of the present invention.As shown in Figure 3, the method for the determination UE access way of the present embodiment, on above-mentioned basis embodiment illustrated in fig. 2, introduces technical scheme of the present invention in further detail.The method of the determination UE access way of the present embodiment, comprises as follows:
300, the data message of PDN-GW received communication opposite end server transmission;
This data message will send to UE, and this data message is through safe protection treatment.
301, PDN-GW sends the ANDSF strategy request information of carrying UE mark to ANDSF entity, obtains ANDSF policy information corresponding to UE for ANDSF entity;
Wherein the mark of UE is specifically as follows the IP address of this UE.This ANDSF policy information is with above-mentioned embodiment illustrated in fig. 2 identical, and comprise the first corresponding relation that UE is corresponding, this first corresponding relation comprises the corresponding relation of application message and access way.Wherein, the ANDSF policy information that ANDSF entity acquisition UE is corresponding is specifically as follows ANDSF entity from the policy database pre-seted, obtains ANDSF policy information corresponding to UE.ANDSF policy information also can comprise the first corresponding relation corresponding to multiple UE.
The application scenarios of the present embodiment is also under UE is in security scenario, and the physical significance that this security scenario shows is same as the previously described embodiments, with reference to the record of above-described embodiment, can not repeat at this in detail.
Alternatively, before 300, UE can with the demand information of the mutual Provisioning Policy information of ANDSF entity as UE identify, the application message and security information designator etc. of UE, UE mark here can be the IP address of UE.Security information designator is under identifying this UE and being in security scenario, and the Correspondent Node server communicated with this UE sends to the data message of this UE to be through safe protection treatment.Therefore this ANDSF entity is after receiving ANDSF strategy request information, can obtain the second corresponding relation that this UE is corresponding from security server.Or ANDSF entity also can obtain the second corresponding relation corresponding to this UE in advance before 300 from security server, and this second corresponding relation comprises the corresponding relation of application message and security information.
302, PDN-GW receives ANDSF policy information that ANDSF entity sends and the second corresponding relation corresponding to this UE;
The second corresponding relation in the present embodiment is with above-mentioned embodiment illustrated in fig. 2 identical, and the second corresponding relation comprises the corresponding relation of application message and security information.
303, PDN-GW is according to the second corresponding relation and the data message through safe protection treatment that will send to UE, obtains the application message of this data message;
Such as, adopt the security information in the second corresponding relation to resolve the data message through safe protection treatment of this UE will be sent to, the application message of this data message after parsing, can be obtained; Judge that whether the application message of this data message obtained after resolving is corresponding with the application message in this second corresponding relation, if correspondence, successfully resolved, can determine that the security information that this data message is corresponding and application message are security information in the second corresponding relation and application message.If not corresponding, resolve unsuccessful, if also there is other the second corresponding relation corresponding to UE, then can continue to adopt the security information in other the second corresponding relation to proceed to resolve.
Security information in the present embodiment is specifically as follows the information such as key certificate, symmetric key, security algorithm; Such as when security information is key certificate, key information is obtained after key certificate can be adopted to verify on certificate server, and adopt this key information to resolve data message, when successfully resolved determines that this security information is the security information that this UE is corresponding.Or when security information is symmetric key, adopt this symmetric key to resolve data message, when successfully resolved determines that this security information is the security information that this UE is corresponding.Or when security information is security algorithm, adopt this security algorithm to resolve data message, when successfully resolved determines that this security information is the security information that this UE is corresponding in conjunction with self existing key information.Other similar security information can process with reference to example above.
304, PDN-GW is according to the first corresponding relation in the application message of this data message obtained and ANDSF strategy request information corresponding to UE, determines the access way of UE;
Such as, according to the application message of this data message determined, from the first corresponding relation that UE is corresponding, obtain the access way that the application message of this data message is corresponding, be the access way of this UE.
The method of the determination subscriber equipment access way of the present embodiment; by PDN-GW according to the corresponding relation of application message and security information and the data message through safe protection treatment that will send to UE; obtain the application message of this data message, and determine the access way of UE according to the corresponding relation of application message and access way.Adopt the technical scheme of the present embodiment, the problem cannot determining the access way of UE in prior art under security scenario based on application message can be overcome, thus shunt based on the Business Stream of application message to UE under security scenario can be realized.
Security server in above-described embodiment can be certification, authorize charging (AuthenticationAuthorizationandAccounting; Hereinafter referred to as AAA) server, home subscriber server (HomeSubscriberServer; Hereinafter referred to as HSS), certificate server or application server etc. other can the server of storage security information and the second corresponding relation.
The flow chart of the method for the determination UE access way that Fig. 4 provides for yet another embodiment of the invention.As shown in Figure 4, the method for the determination UE access way of the present embodiment, on above-mentioned basis embodiment illustrated in fig. 2, introduces technical scheme of the present invention in further detail.The method of the determination UE access way of the present embodiment, comprises as follows:
400, PDN-GW sends the ANDSF strategy request information of carrying UE mark to ANDSF entity, obtains ANDSF policy information corresponding to UE for ANDSF entity;
This ANDSF policy information is identical with embodiment illustrated in fig. 3 with above-mentioned Fig. 2, and comprise the first corresponding relation that UE is corresponding, this first corresponding relation comprises the corresponding relation of application message and access way.
401, PDN-GW receives the ANDSF policy information that ANDSF entity sends;
402, the data message of PDN-GW received communication opposite end server transmission;
This data message will send to UE, and under UE is in security scenario, this data message is through encipherment protection process.
403, PDN-GW sends the security information request of carrying UE mark to security server, obtains the second corresponding relation corresponding to UE for security server according to UE mark;
The second corresponding relation in the present embodiment is identical with embodiment illustrated in fig. 3 with above-mentioned Fig. 2, and the second corresponding relation comprises the corresponding relation in application message and security information.
404, the second corresponding relation that the UE of PDN-GW reception security server transmission is corresponding;
When not having interface between PDN-GW and security server, in 403, PDN-GW can send the security information request of carrying UE mark by PCRF entity to security server.Accordingly in 404, PDN-GW receives the second corresponding relation corresponding to UE that security server sent by PCRF entity.
405, PDN-GW is according to the second corresponding relation and the data message through safe protection treatment that will send to UE, obtains the application message of this data message;
406, PDN-GW is according to the first corresponding relation in the application message of this data message and ANDSF strategy request information corresponding to UE, determines the access way of UE.
405-406 with above-mentioned embodiment illustrated in fig. 3 in 303-304 identical, with reference to the record of above-described embodiment, can not repeat them here in detail.
The application scenarios of the present embodiment is still under UE is in security scenario, now UE and Correspondent Node server establish secure connection, the physical significance that security scenario shows is identical with above-mentioned related embodiment, with reference to the record of above-described embodiment, can not repeat at this in detail.
The method of the determination subscriber equipment access way of the present embodiment; by PDN-GW according to the corresponding relation of application message and security information and the data message through safe protection treatment that will send to UE; obtain the application message of this data message, and determine the access way of UE according to the corresponding relation of application message and access way.Adopt the technical scheme of the present embodiment, the problem cannot determining the access way of UE in prior art under security scenario based on application message can be overcome, thus shunt based on the Business Stream of application message to UE under security scenario can be realized.
The flow chart of the method for the determination UE access way that Fig. 5 provides for further embodiment of this invention.The executive agent of the method for the determination UE access way of the present embodiment can be ANDSF entity.As shown in Figure 5, the method for the determination UE access way of the present embodiment, specifically can comprise as follows:
500, access network discovery corresponding to UE and selection function policy information is obtained;
Wherein, access network discovery and selection function policy information comprise the first corresponding relation corresponding to UE, and this first corresponding relation is the corresponding relation of application message and access way;
501, the second corresponding relation corresponding to UE is obtained;
Wherein, the second corresponding relation is the corresponding relation of this application message and security information.
502, the first corresponding relation and the second corresponding relation is sent to data gateway.
First corresponding relation and the second corresponding relation are sent to data gateway, for data gateway according to the first corresponding relation, the second corresponding relation and the data message through safe protection treatment that will send to UE, determine the access way of UE.
ANDSF policy information in the present embodiment is with above-mentioned Fig. 2-embodiment illustrated in fig. 4 identical, and comprise the first corresponding relation that UE is corresponding, this first corresponding relation comprises the corresponding relation of application message and access way.
Data message in the present embodiment can be the data message through safe protection treatment for being handed down to this UE, and this data message is specifically sent to PDN-GW by the Correspondent Node server communicated with UE.
The application scenarios of the present embodiment is still under UE is in security scenario, now UE and Correspondent Node server establish secure connection, the physical significance that security scenario shows is identical with above-mentioned related embodiment, with reference to the record of above-described embodiment, can not repeat at this in detail.
The method of the determination subscriber equipment access way of the present embodiment, by the application message that will obtain and the corresponding relation of access way, and the corresponding relation of application message and security information is sent to data gateway, the access way of UE is determined for data gateway, the problem cannot determining the access way of UE in prior art under security scenario based on application message can be overcome, thus shunt based on the Business Stream of application message to UE under security scenario can be realized.
Alternatively, on the basis of the technical scheme of above-described embodiment, in 501, " access network discovery that acquisition UE is corresponding and selection function policy information " is specifically as follows and obtains the ANDSF policy information that UE identifies corresponding UE from the policy database pre-seted.
Alternatively; on the basis of the technical scheme of above-described embodiment; the UE mark of UE transmission, the application message of UE and security information designator can also be received before 501; ANDSF entity can according to the application message of the mark of UE and UE; obtain the access network discovery corresponding with this application message and the selection function policy information of UE; ANDSF entity can also be known according to security information designator and establishes secure connection between UE and Correspondent Node server, and the data message transmitted between UE and Correspondent Node server is subject to encipherment protection.Exemplary, when the mark of UE, the application message of UE and security information designator can carry out the demand information of more mutual Provisioning Policy information between UE and ANDSF entity, report this ANDSF entity by UE.
Further alternatively, similar with the method for the determination subscriber equipment access way of the PDN-GW side shown in above-mentioned Fig. 3, in the present embodiment, after ANDSF entity receives the UE mark of UE transmission, the application message of UE and security information designator, just can learn that Correspondent Node server sends to the data message of this UE all to send under security scenario according to security information designator, now, ANDSF entity at PDN-GW to before ANDSF entity requests ANDSF policy information or afterwards, can obtain second corresponding relation of this UE from security server.The second corresponding relation obtained can also be sent to PDN-GW by ANDSF entity.Exemplary, can with reference to following steps:
A1, send the security information request of carrying UE mark to security server, obtain the second corresponding relation corresponding to UE for security server according to UE mark;
The second corresponding relation that the UE that A2, reception security server send is corresponding;
A3, send this second corresponding relation to PDN-GW.
When not having interface between ANDSF entity and security server, above-mentioned A1 is specifically as follows: ANDSF entity sends the security information request of carrying UE mark to security server by PCRF entity.Accordingly, above-mentioned A2 can receive the second corresponding relation corresponding to UE that security server sent by PCRF entity for ANDSF entity.
The second corresponding relation obtained can also be sent to PDN-GW by ANDSF entity together with ANDSF policy information.
By adopting the above-mentioned method determining subscriber equipment access way, the problem cannot determining the access way of UE in prior art under security scenario based on application message can be overcome, thus shunt based on the Business Stream of application message to UE under security scenario can be realized.
The signaling diagram of the method for the determination subscriber equipment access way that Fig. 6 provides for one embodiment of the invention.As shown in Figure 6, the method for the determination subscriber equipment access way of the present embodiment, specifically can comprise as follows:
600, after UE start, be attached in core net;
601, UE and Correspondent Node server set up secure connection;
Like this, the data message between follow-up UE and Correspondent Node server all will transmit under security scenario, and the physical significance that security scenario shows is identical with above-mentioned related embodiment, with reference to the record of above-described embodiment, can not repeat at this in detail.
602, UE and ANDSF entity interaction policy information, wherein UE reports the IP address of UE, application message and security information designator to ANDSF entity;
603, ANDSF entity sends to aaa server and carries the IP address of UE and the security information request of application message;
604, the second corresponding relation that aaa server is corresponding according to this UE of security information acquisition request, and send this second corresponding relation to ANDSF entity;
It should be noted that when not have interface between ANDSF entity and aaa server, in 603, ANDSF entity to be sent to aaa server by PCRF entity and carries the IP address of UE and the security information request of application message.In 604, aaa server sends this second corresponding relation by PCRF entity to ANDSF entity.
605, ANDSF entity obtains the first corresponding relation according to the IP address of UE and application message in the policy database pre-seted;
The first corresponding relation in the present embodiment and the second corresponding relation and above-mentioned Fig. 2-embodiment illustrated in fig. 5 identical.First corresponding relation comprises the corresponding relation of application message access way.Second corresponding relation comprises the corresponding relation of application message and security information.
606, Correspondent Node server issues the data message through safeguard protection that will send to this UE to PDN-GW;
Alternatively, these 606 also can between 601 and 602.
607, PDN-GW sends ANDSF strategy request information to ANDSF entity;
608, ANDSF entity sends ANDSF policy information and the second corresponding relation to PDN-GW;
This ANDSF policy information and above-mentioned Fig. 2-embodiment illustrated in fig. 5 identical.
609, PDN-GW resolves the data message through safe protection treatment sending to UE according to the security information in the second corresponding relation, obtains the application message that this sends to the data message through safe protection treatment of UE; If this sends to the application message of the data message through safe protection treatment of UE corresponding with the application message in the second corresponding relation, PDN-GW, according to the first corresponding relation, determines the access way of UE.
Step 609 with above-mentioned embodiment illustrated in fig. 3 in 303-304 identical, with reference to the record of above-described embodiment, can not repeat them here in detail.
The method that the embodiment of the present invention provides in sum can determine the access way of this UE under security scenario based on application message, follow-uply can perform newly-built or amendment carrying flow process according to the change of access way, and according to the access way streamed data message determined, thus the data distribution under realizing security scenario.
The method of the determination subscriber equipment access way of the present embodiment; by PDN-GW according to the corresponding relation of application message and security information and the data message through safe protection treatment that will send to UE; obtain the application message of this data message, and determine the access way of UE according to the corresponding relation of application message and access way.Adopt the technical scheme of the present embodiment, the problem cannot determining the access way of UE in prior art under security scenario based on application message can be overcome, thus shunt based on the Business Stream of application message to UE under security scenario can be realized.
The signaling diagram of the method for the determination subscriber equipment access way that Fig. 7 provides for yet another embodiment of the invention.As shown in Figure 7, the method for the determination subscriber equipment access way of the present embodiment, specifically can comprise as follows:
700, after UE start, be attached in core net;
701, UE and Correspondent Node server set up secure connection;
Like this, the data message between follow-up UE and Correspondent Node server all will transmit under security scenario, and the physical significance that security scenario shows is identical with above-mentioned related embodiment, with reference to the record of above-described embodiment, can not repeat at this in detail.
702, PDN-GW sends the ANDSF strategy request information of carrying the IP address of UE to ANDSF entity;
703, ANDSF entity obtains ANDSF policy information according to ANDSF strategy request information in the policy database pre-seted;
In the present embodiment, this ANDSF policy information is with above-mentioned Fig. 2-embodiment illustrated in fig. 6 identical, does not repeat herein.
704, ANDSF entity sends ANDSF policy information to PDN-GW;
705, Correspondent Node server issues the data message through safeguard protection sending to this UE to PDN-GW;
706, PDN-GW sends the security information request of carrying the IP address of UE to aaa server;
707, the second corresponding relation that aaa server is corresponding according to this UE of security information acquisition request, and send this second corresponding relation to PDN-GW;
It should be noted that when not have interface between PDN-GW and aaa server, in 706, PDN-GW sends the security information request of carrying the IP address of UE to aaa server by PCRF entity.In 707, aaa server sends this second corresponding relation by PCRF entity to PDN-GW.
708, PDN-GW resolves the data message through safe protection treatment sending to UE according to the security information in the second corresponding relation, obtains the application message that this sends to the data message through safe protection treatment of UE; If this sends to the application message of the data message through safe protection treatment of UE corresponding with the application message in the second corresponding relation, PDN-GW, according to the first corresponding relation, determines the access way of UE.
Step 708 with above-mentioned embodiment illustrated in fig. 3 in 303-304 identical, with reference to the record of above-described embodiment, can not repeat them here in detail.
The method that the embodiment of the present invention provides in sum can determine the access way of this UE under security scenario based on application message, follow-uply can perform newly-built or amendment carrying flow process according to the change of access way, and according to the access way streamed data message determined, thus the data distribution under realizing security scenario.
The method of the determination subscriber equipment access way of the present embodiment; by PDN-GW according to the corresponding relation of application message and security information and the data message through safe protection treatment that will send to UE; obtain the application message of this data message, and determine the access way of UE according to the corresponding relation of application message and access way.Adopt the technical scheme of the present embodiment, the problem cannot determining the access way of UE in prior art under security scenario based on application message can be overcome, thus shunt based on the Business Stream of application message to UE under security scenario can be realized.
Above-mentioned Fig. 6 and Fig. 7 is that aaa server is for example is to illustrate the technical scheme of the embodiment of the present invention with security server, in practical application, the aaa server in above-described embodiment can adopt HSS, certificate server or application server etc. can other can the server of storage security information and the second corresponding relation replace.
Application message in security information in the second corresponding relation in the embodiment of the present invention and application message and the first corresponding relation and the corresponding relation of access way are one-to-one relationship, an i.e. corresponding application message of security information, a corresponding a kind of access way of application message.
One of ordinary skill in the art will appreciate that: all or part of step realizing said method embodiment can have been come by the hardware that program command is relevant, aforesaid program can be stored in a computer read/write memory medium, this program, when performing, performs the step comprising said method embodiment; And aforesaid storage medium comprises: ROM, RAM, magnetic disc or CD etc. various can be program code stored medium.
The structural representation of the data gateway that Fig. 8 provides for one embodiment of the invention.As shown in Figure 8, the data gateway of the present embodiment, comprising: the first acquisition module M10, the second acquisition module M11 and determination module M12.
In the data gateway of the present embodiment, the first acquisition module M10 is for getting access network discovery corresponding to subscriber equipment and selection function policy information; This access network discovery and selection function policy information comprise the first corresponding relation corresponding to this subscriber equipment, and this first corresponding relation is the corresponding relation of application message and access way; Second acquisition module M11 is for obtaining the second corresponding relation corresponding to this subscriber equipment, and this second corresponding relation is the corresponding relation of this application message and security information; Determination module M12 is connected with the first acquisition module M10 and the second acquisition module M11 respectively; determination module M12 is used for according to this first corresponding relation, this second corresponding relation and the data message through safe protection treatment that will send to this subscriber equipment, determines the access way of this subscriber equipment.
The data gateway of the present embodiment, what realize determining the realization mechanism of the access way of UE and above-mentioned related method embodiment by adopting above-mentioned module realizes identical, with reference to the record of above-mentioned related method embodiment, can not repeat at this in detail.
The data gateway of the present embodiment, by the access way adopting above-mentioned module can determine UE based on application message under security scenario, thus can shunt at the Business Stream of follow-up middle realization to UE.
The structural representation of the data gateway that Fig. 9 provides for another embodiment of the present invention.As shown in Figure 9, the data gateway of the present embodiment, on above-mentioned basis embodiment illustrated in fig. 8, specifically can also comprise as follows:
In the data gateway of the present embodiment, the first acquisition module M10 can comprise the first transmitting element U101 and the first receiving element U102.Wherein the first transmitting element U101 is used for sending the ANDSF strategy request information of carrying UE mark to ANDSF entity, and obtain ANDSF policy information corresponding to UE for ANDSF entity, this ANDSF policy information comprises the first corresponding relation corresponding to UE.The ANDSF policy information that first receiving element U102 sends for receiving ANDSF entity.Now corresponding determination module M12 is connected with the first receiving element U102; the first corresponding relation corresponding to UE in the ANDSF policy information that the second corresponding relation that determination module M12 is used for obtaining according to the second acquisition module M11, the first receiving element U102 receive and will send to the data message through safe protection treatment of UE, determines the access way of UE.
Alternatively, in the PDN-GW equipment of the present embodiment, the second acquisition module M11 specifically may be used for receiving at least one second corresponding relation of at least one security information corresponding to UE that ANDSF entity sends and correspondence; At least one second corresponding relation of at least one security information that this UE is corresponding and correspondence is that ANDSF entity obtains from security server.
Further alternatively, in the data gateway of the present embodiment, the second acquisition module M11 can also comprise the second transmitting element U111 and the second receiving element U112.Wherein the second transmitting element U111 is used for sending the security information request of carrying UE mark to security server, obtains the second corresponding relation corresponding to UE for security server according to UE mark.The second corresponding relation corresponding to UE that second receiving element U112 sends for receiving security server.Accordingly now, determination module M12 can also be connected with the second receiving element U112, determination module M12 (is specifically as follows the first receiving element U102 in technique scheme for the second corresponding relation according to the second receiving element U112 reception, the first acquisition module M10, the first corresponding relation that UE in the ANDSF policy information obtained as shown in Figure 9) is corresponding and will send to the data message of UE, determines the access way of UE.
Further alternatively, the second transmitting element U111 specifically may be used for sending the security information request of carrying UE mark to security server by PCRF entity.Second receiving element U112 specifically may be used for receiving the second corresponding relation corresponding to UE that security server sent by PCRF entity.
Alternatively, the determination module M12 in above-described embodiment can comprise further: acquiring unit U121 and determining unit U122.Wherein acquiring unit U121 is connected with the second receiving element U112, the security information that acquiring unit U121 is used in this second corresponding relation received according to the second receiving element U112 resolves the data message through safe protection treatment that this sends to this subscriber equipment, obtains the application message that this sends to the data message through safe protection treatment of this subscriber equipment; Determining unit U122 is connected with acquiring unit U121 and the second receiving element U112 and the first receiving element U102 respectively; determining unit U122 is used for sending to the application message of the data message through safe protection treatment of this subscriber equipment and the application message in this second corresponding relation this first corresponding relation corresponding to the UE in the ANDSF policy information received according to the first receiving element U102 time corresponding to determine the access way of this subscriber equipment when this.
Alternatively, the data gateway of the present embodiment, can also comprise receiver module M13.This receiver module M13 is used for the data message through safe protection treatment that received communication opposite end server sends.Particularly; this receiver module M13 is connected with acquiring unit U121; such acquiring unit U121 may be used for the data message through safe protection treatment that will send to subscriber equipment of the second corresponding relation and the receiver module M13 reception received according to the second receiving element U112, obtains the application message of this data message.
It should be noted that, as shown in Figure 9, be only and above-mentioned all alternatives are combined to form a kind of embodiment of the present invention together, in practical application, can also combinative mode combination in any can be adopted to form plurality of optional embodiment of the present invention above-mentioned plurality of optional technical scheme, not repeat at this in detail.
The data gateway of the present embodiment, by adopting above-mentioned module and unit, what realize determining the realization mechanism of the access way of UE and above-mentioned related method embodiment realizes identical, with reference to the record of above-mentioned related method embodiment, can not repeat at this in detail.
The data gateway of the present embodiment, by the access way adopting above-mentioned module can determine UE based on application message under security scenario, thus can shunt at the Business Stream of follow-up middle realization to UE.
The structural representation of the access network discovery that Figure 10 provides for the embodiment of the present invention and selection functional entity.As shown in Figure 10, the ANDSF entity device of the present embodiment comprises: the first acquisition module M20, the second acquisition module M21 and sending module M22.
In the ANDSF entity device of the present embodiment, the first acquisition module M20 is for obtaining access network discovery corresponding to subscriber equipment and selection function policy information; This access network discovery and selection function policy information comprise the first corresponding relation corresponding to this subscriber equipment, and this first corresponding relation is the corresponding relation of application message and access way; Second acquisition module M21 is for obtaining the second corresponding relation corresponding to this subscriber equipment, and this second corresponding relation is the corresponding relation of this application message and security information.Sending module M22 is connected respectively with the first acquisition module M20 and the second acquisition module M21; sending module M22 is for sending this first corresponding relation with this second corresponding relation to data gateway; for this data gateway according to this first corresponding relation, this second corresponding relation and the data message through safe protection treatment that will send to this subscriber equipment, determine the access way of this subscriber equipment.
The ANDSF entity of the present embodiment, what realize determining the realization mechanism of the access way of UE and above-mentioned related method embodiment by adopting above-mentioned module realizes identical, with reference to the record of above-mentioned related method embodiment, can not repeat at this in detail.
The ANDSF entity of the present embodiment, can be convenient to by adopting above-mentioned module data gateway determines UE under security scenario access way based on application message, thus can shunt at the Business Stream of follow-up middle realization to UE.
Alternatively, the first acquisition module M20 in above-described embodiment specifically can obtain the ANDSF policy information of UE corresponding to UE mark from the policy database pre-seted.
Alternatively, the second acquisition module M21 can comprise instruction receiving element, transmitting element and receiving element.Instruction receiving element is for receiving customer equipment identification and the security information designator of this subscriber equipment; Transmitting element is used for sending the security information request of carrying this customer equipment identification to security server, obtains the second corresponding relation corresponding to this subscriber equipment for this security server according to this customer equipment identification; The second corresponding relation corresponding to this subscriber equipment that receiving element sends for receiving this security server.
The ANDSF entity of above-described embodiment, what realize determining the realization mechanism of the access way of UE and above-mentioned related method embodiment by adopting above-mentioned module realizes identical, with reference to the record of above-mentioned related method embodiment, can not repeat at this in detail.
The ANDSF entity of above-described embodiment, can be convenient to by adopting above-mentioned module data gateway determines UE under security scenario access way based on application message, thus can shunt at the Business Stream of follow-up middle realization to UE.
Security server in said apparatus embodiment can be still aaa server, HSS, certificate server or application server etc. other can the server of storage security information and the corresponding relation between security information and application message.
The structural representation of the system of the determination UE access way that Figure 11 provides for one embodiment of the invention.As shown in figure 11, the system of the determination UE access way of the present embodiment, can comprise: data gateway 30, ANDSF entity 40.
This data gateway 30, for receiving access network discovery corresponding to subscriber equipment and selection function policy information; This access network discovery and selection function policy information comprise the first corresponding relation corresponding to this subscriber equipment, and this first corresponding relation is the corresponding relation of application message and access way; Receive the second corresponding relation that this subscriber equipment is corresponding, this second corresponding relation is the corresponding relation of this application message and security information; According to this first corresponding relation, this second corresponding relation and the data message through safe protection treatment that will send to this subscriber equipment, determine the access way of this subscriber equipment;
This ANDSF40, for obtaining access network discovery corresponding to this subscriber equipment and selection function policy information; Obtain the second corresponding relation that this subscriber equipment is corresponding; Send this access network discovery and selection function policy information and this second corresponding relation to data gateway.
Further, data gateway 30 is specifically for obtaining access network discovery corresponding to subscriber equipment and selection function policy information; This access network discovery and selection function policy information comprise the first corresponding relation corresponding to this subscriber equipment, and this first corresponding relation is the corresponding relation of application message and access way; Obtain the second corresponding relation that this subscriber equipment is corresponding, this second corresponding relation is the corresponding relation of this application message and security information; Resolve according to the security information in this second corresponding relation the data message through safe protection treatment that this sends to this subscriber equipment, obtain the application message that this sends to the data message through safe protection treatment of this subscriber equipment; When this sends to the application message of the data message through safe protection treatment of this subscriber equipment and the application message in this second corresponding relation to the access way determining this subscriber equipment time corresponding according to this first corresponding relation.
Further, ANDSF40 is specifically for obtaining access network discovery corresponding to this subscriber equipment and selection function policy information; Receive customer equipment identification and the security information designator of this subscriber equipment; Send the security information request of carrying this customer equipment identification to security server, obtain the second corresponding relation corresponding to this subscriber equipment for this security server according to this customer equipment identification; Receive the second corresponding relation that this subscriber equipment of this security server transmission is corresponding; Send this access network discovery and selection function policy information and this second corresponding relation to data gateway.
The system of the determination UE access way of the present embodiment, by adopting above-mentioned data gateway 30 and ANDSF entity 40, what realize determining the realization mechanism of the access way of UE and above-mentioned related method embodiment realizes identical, with reference to the record of above-mentioned related method embodiment, can not repeat at this in detail.
The system of the determination UE access way of the present embodiment, by the access way adopting above-mentioned data gateway 30 and ANDSF entity 40 can determine UE based on application message under security scenario, thus can shunt at the Business Stream of follow-up middle realization to UE.
Art technology is any can also recognize that the various illustrative components, blocks (illustrativelogicalblock) that the embodiment of the present invention is listed and step (step) can pass through electronic hardware, computer software, or both combinations realize.For the replaceability (interchangeability) of clear displaying hardware and software, above-mentioned various illustrative components (illustrativecomponents) and step have universally described their function.Such function is the designing requirement realizing depending on specific application and whole system by hardware or software.Those skilled in the art for often kind of specifically application, can use the function described in the realization of various method, but this realization can should not be understood to the scope exceeding embodiment of the present invention protection.
Various illustrative logical block described in the embodiment of the present invention, module and circuit can pass through general processor, digital signal processor, application-specific integrated circuit (ASIC) (ASIC), field programmable gate array (FPGA) or other programmable logic device, discrete gate or transistor logic, discrete hardware components, or the design of above-mentioned any combination realizes or operates described function.General processor can be microprocessor, and alternatively, this general processor also can be any traditional processor, controller, microcontroller or state machine.Processor also can be realized by the combination of calculation element, such as digital signal processor and microprocessor, multi-microprocessor, and a Digital Signal Processor Core combined by one or more microprocessor, or other similar configuration any realizes.
The software module that method described in the embodiment of the present invention or the step of algorithm directly can embed hardware, processor performs or the combination of both.Software module can be stored in the storage medium of other arbitrary form in RAM memory, flash memory, ROM memory, eprom memory, eeprom memory, register, hard disk, moveable magnetic disc, CD-ROM or this area.Exemplarily, storage medium can be connected with processor, with make processor can from storage medium reading information, and write information can be deposited to storage medium.Alternatively, storage medium can also be integrated in processor.Processor and storage medium can be arranged in ASIC, and ASIC can be arranged in user terminal.Alternatively, processor and storage medium also can be arranged in the different parts in user terminal.
In one or more exemplary design, the above-mentioned functions described by the embodiment of the present invention can realize in the combination in any of hardware, software, firmware or this three.If realized in software, these functions can store on the medium with computer-readable, or are transmitted on the medium of computer-readable with one or more instruction or code form.Computer readable medium comprises computer storage medium and is convenient to make to allow computer program transfer to the communication medium in other place from a place.Storage medium can be that any general or special computer can the useable medium of access.Such as, such computer readable media can include but not limited to RAM, ROM, EEPROM, CD-ROM or other optical disc storage, disk storage or other magnetic storage device, or other anyly may be used for carrying or store the medium that can be read the program code of form with instruction or data structure and other by general or special computer or general or special processor.In addition, any connection can be properly termed computer readable medium, such as, if software is by a coaxial cable, optical fiber computer, twisted-pair feeder, Digital Subscriber Line (DSL) or being also comprised in defined computer readable medium with wireless way for transmittings such as such as infrared, wireless and microwaves from a web-site, server or other remote resource.Described video disc (disk) and disk (disc) comprise Zip disk, radium-shine dish, CD, DVD, floppy disk and Blu-ray Disc, and disk is usually with magnetic duplication data, and video disc carries out optical reproduction data with laser usually.Above-mentioned combination also can be included in computer readable medium.
The foregoing description of specification of the present invention can make that art technology is any can utilize or realize content of the present invention, it is apparent that any amendment based on disclosed content all should be considered to this area, and basic principle described in the invention can be applied in other distortion and not depart from invention of the present invention essence and scope.Therefore, content disclosed in this invention is not only confined to described embodiment and design, can also expand to the maximum magnitude consistent with principle of the present invention and disclosed new feature.

Claims (17)

1. determine a method for subscriber equipment access way, it is characterized in that, comprising:
Data gateway obtains access network discovery corresponding to subscriber equipment and selection function policy information; Described access network discovery and selection function policy information comprise the first corresponding relation corresponding to described subscriber equipment, and described first corresponding relation is the corresponding relation of application message and access way;
Described data gateway obtains the second corresponding relation corresponding to described subscriber equipment, and described second corresponding relation is the corresponding relation of described application message and security information;
Described data gateway, according to described first corresponding relation, described second corresponding relation and the data message through safe protection treatment that will send to described subscriber equipment, determines the access way of described subscriber equipment.
2. method according to claim 1, is characterized in that, described data gateway obtains the second corresponding relation corresponding to described subscriber equipment, comprising:
Described data gateway receives access network discovery second corresponding relation corresponding with the described subscriber equipment that selection functional entity sends; The second corresponding relation that described subscriber equipment is corresponding is that described access network discovery and selection functional entity obtain from security server.
3. method according to claim 1, is characterized in that, described data gateway obtains the second corresponding relation corresponding to described subscriber equipment, comprising:
Described data gateway sends the security information request of carrying described customer equipment identification to security server, obtain the second corresponding relation corresponding to described subscriber equipment for described security server according to described customer equipment identification;
Described data gateway receives the second corresponding relation corresponding to described subscriber equipment that described security server sends.
4. method according to claim 3, is characterized in that,
Described data gateway sends the security information request of carrying described customer equipment identification to security server, comprising: described data gateway sends the described security information request of carrying described customer equipment identification to described security server by policy charging rule functional entity;
Described data gateway receives the second corresponding relation corresponding to described subscriber equipment that described security server sends, and comprising: described data gateway receives the second corresponding relation corresponding to described subscriber equipment that described security server sent by described policy charging rule functional entity.
5. according to the arbitrary described method of claim 1-4; it is characterized in that; described data gateway, according to described first corresponding relation, described second corresponding relation and the data message through safe protection treatment that will send to described subscriber equipment, is determined the access way of described subscriber equipment, being comprised:
Described data gateway sends to the data message through safe protection treatment of described subscriber equipment according to the security information parsing in described second corresponding relation, sends to the application message of the data message through safe protection treatment of described subscriber equipment described in acquisition;
If described in send to the application message of the data message through safe protection treatment of described subscriber equipment corresponding with the application message in described second corresponding relation, described data gateway, according to described first corresponding relation, determines the access way of described subscriber equipment.
6. determine a method for subscriber equipment access way, it is characterized in that, comprising:
Access network discovery and selection functional entity obtain access network discovery corresponding to subscriber equipment and selection function policy information; Described access network discovery and selection function policy information comprise the first corresponding relation corresponding to described subscriber equipment, and described first corresponding relation is the corresponding relation of application message and access way;
Described access network discovery and selection functional entity obtain the second corresponding relation corresponding to described subscriber equipment, and described second corresponding relation is the corresponding relation of described application message and security information;
Described access network discovery and selection functional entity send described first corresponding relation and described second corresponding relation to data gateway; for described data gateway according to described first corresponding relation, described second corresponding relation and the data message through safe protection treatment that will send to described subscriber equipment, determine the access way of described subscriber equipment.
7. method according to claim 6, is characterized in that, described access network discovery and selection functional entity obtain the second corresponding relation corresponding to described subscriber equipment, comprising:
Described access network discovery and selection functional entity receive customer equipment identification and the security information designator of described subscriber equipment;
Described access network discovery and selection functional entity send the security information request of carrying described customer equipment identification to security server, obtain the second corresponding relation corresponding to described subscriber equipment for described security server according to described customer equipment identification;
Described access network discovery and selection functional entity receive the second corresponding relation corresponding to described subscriber equipment that described security server sends.
8. a data gateway, is characterized in that, comprising:
First acquisition module, for obtaining access network discovery corresponding to subscriber equipment and selection function policy information; Described access network discovery and selection function policy information comprise the first corresponding relation corresponding to described subscriber equipment, and described first corresponding relation is the corresponding relation of application message and access way;
Second acquisition module, for obtaining the second corresponding relation corresponding to described subscriber equipment, described second corresponding relation is the corresponding relation of described application message and security information;
Determination module, for according to described first corresponding relation, described second corresponding relation and the data message through safe protection treatment that will send to described subscriber equipment, determines the access way of described subscriber equipment.
9. data gateway according to claim 8, is characterized in that, described second acquisition module, specifically for receiving access network discovery second corresponding relation corresponding with the described subscriber equipment that selection functional entity sends; The second corresponding relation that described subscriber equipment is corresponding is that described access network discovery and selection functional entity obtain from security server.
10. data gateway according to claim 8, is characterized in that, described second acquisition module, comprising:
Second transmitting element, for sending the security information request of carrying described customer equipment identification to security server, obtains the second corresponding relation corresponding to described subscriber equipment for described security server according to described customer equipment identification;
Second receiving element, the second corresponding relation that the described subscriber equipment for receiving the transmission of described security server is corresponding.
11. data gateways according to claim 10, is characterized in that:
Described second transmitting element, specifically for sending the described security information request of carrying described customer equipment identification to described security server by policy charging rule functional entity;
Described second receiving element, specifically for receiving the second corresponding relation corresponding to described subscriber equipment that described security server sent by described policy charging rule functional entity.
12.-11 arbitrary described data gateways according to Claim 8, it is characterized in that, described determination module, comprising:
Acquiring unit, for sending to the data message through safe protection treatment of described subscriber equipment according to the security information parsing in described second corresponding relation, described in acquisition, send to the application message of the data message through safe protection treatment of described subscriber equipment;
Determining unit, for when described in send to the application message of the data message through safe protection treatment of described subscriber equipment and the application message in described second corresponding relation to the access way determining described subscriber equipment time corresponding according to described first corresponding relation.
13. 1 kinds of access network discoveries and selection functional entity, is characterized in that, comprising:
First acquisition module, for obtaining access network discovery corresponding to subscriber equipment and selection function policy information; Described access network discovery and selection function policy information comprise the first corresponding relation corresponding to described subscriber equipment, and described first corresponding relation is the corresponding relation of application message and access way;
Second acquisition module, for obtaining the second corresponding relation corresponding to described subscriber equipment, described second corresponding relation is the corresponding relation of described application message and security information;
Sending module; for sending described first corresponding relation and described second corresponding relation to data gateway; for described data gateway according to described first corresponding relation, described second corresponding relation and the data message through safe protection treatment that will send to described subscriber equipment, determine the access way of described subscriber equipment.
14. access network discovery according to claim 13 and selection functional entity, is characterized in that, described second acquisition module, comprising:
Instruction receiving element, for receiving customer equipment identification and the security information designator of described subscriber equipment;
Transmitting element, for sending the security information request of carrying described customer equipment identification to security server, obtains the second corresponding relation corresponding to described subscriber equipment for described security server according to described customer equipment identification;
Receiving element, the second corresponding relation that the described subscriber equipment for receiving the transmission of described security server is corresponding.
15. 1 kinds of systems determining subscriber equipment access way, is characterized in that, comprising: data gateway and access network discovery and selection functional entity;
Described data gateway, for receiving access network discovery corresponding to subscriber equipment and selection function policy information; Described access network discovery and selection function policy information comprise the first corresponding relation corresponding to described subscriber equipment, and described first corresponding relation is the corresponding relation of application message and access way; Receive the second corresponding relation that described subscriber equipment is corresponding, described second corresponding relation is the corresponding relation of described application message and security information; According to described first corresponding relation, described second corresponding relation and the data message through safe protection treatment that will send to described subscriber equipment, determine the access way of described subscriber equipment;
Described access network discovery and selection functional entity, for obtaining access network discovery corresponding to described subscriber equipment and selection function policy information; Obtain the second corresponding relation that described subscriber equipment is corresponding; Send described access network discovery and selection function policy information and described second corresponding relation to data gateway.
16. systems according to claim 15, is characterized in that, described data gateway, specifically for obtaining access network discovery corresponding to subscriber equipment and selection function policy information; Described access network discovery and selection function policy information comprise the first corresponding relation corresponding to described subscriber equipment, and described first corresponding relation is the corresponding relation of application message and access way; Obtain the second corresponding relation that described subscriber equipment is corresponding, described second corresponding relation is the corresponding relation of described application message and security information; Send to the data message through safe protection treatment of described subscriber equipment described in resolving according to the security information in described second corresponding relation, described in acquisition, send to the application message of the data message through safe protection treatment of described subscriber equipment; When the described application message of the data message through safe protection treatment of described subscriber equipment and the application message in described second corresponding relation of sending to is to the access way determining described subscriber equipment time corresponding according to described first corresponding relation.
17. systems according to claim 15 or 16, is characterized in that, described access network discovery and selection functional entity, specifically for obtaining access network discovery corresponding to described subscriber equipment and selection function policy information; Receive customer equipment identification and the security information designator of described subscriber equipment; Send the security information request of carrying described customer equipment identification to security server, obtain the second corresponding relation corresponding to described subscriber equipment for described security server according to described customer equipment identification; Receive the second corresponding relation that the described subscriber equipment of described security server transmission is corresponding; Send described access network discovery and selection function policy information and described second corresponding relation to data gateway.
CN201180003638.5A 2011-12-02 2011-12-02 Determine the method and system of subscriber equipment access way, equipment Active CN103250446B (en)

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/CN2011/083375 WO2013078678A1 (en) 2011-12-02 2011-12-02 Method for determining access mode of user equipment, and system and device thereof

Publications (2)

Publication Number Publication Date
CN103250446A CN103250446A (en) 2013-08-14
CN103250446B true CN103250446B (en) 2015-12-02

Family

ID=48534650

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201180003638.5A Active CN103250446B (en) 2011-12-02 2011-12-02 Determine the method and system of subscriber equipment access way, equipment

Country Status (2)

Country Link
CN (1) CN103250446B (en)
WO (1) WO2013078678A1 (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109756919B (en) * 2017-11-01 2021-02-26 华为技术有限公司 Method, device and system for processing proprietary bearer stream

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101599904A (en) * 2009-06-26 2009-12-09 中国电信股份有限公司 The method and system that a kind of virtual dial-up safe inserts
CN101730192A (en) * 2009-02-10 2010-06-09 中兴通讯股份有限公司 Method and device for transmitting access network policy information and interaction system
CN101945456A (en) * 2009-07-08 2011-01-12 中兴通讯股份有限公司 Method and system for providing access network protocol selection function by access network discovery and selection function (ANDSF)
CN102223634A (en) * 2010-04-15 2011-10-19 中兴通讯股份有限公司 Method and device for controlling mode of accessing user terminal into Internet

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101577909B (en) * 2008-05-05 2011-03-23 大唐移动通信设备有限公司 Method, system and device for acquiring trust type of non-3GPP access system

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101730192A (en) * 2009-02-10 2010-06-09 中兴通讯股份有限公司 Method and device for transmitting access network policy information and interaction system
CN101599904A (en) * 2009-06-26 2009-12-09 中国电信股份有限公司 The method and system that a kind of virtual dial-up safe inserts
CN101945456A (en) * 2009-07-08 2011-01-12 中兴通讯股份有限公司 Method and system for providing access network protocol selection function by access network discovery and selection function (ANDSF)
CN102223634A (en) * 2010-04-15 2011-10-19 中兴通讯股份有限公司 Method and device for controlling mode of accessing user terminal into Internet

Also Published As

Publication number Publication date
WO2013078678A1 (en) 2013-06-06
CN103250446A (en) 2013-08-14

Similar Documents

Publication Publication Date Title
US11849356B2 (en) Long term evolution-primary WiFi (LTE-PW)
KR101467780B1 (en) Method for handover between heterogeneous radio access networks
CA2957328C (en) System and method for enabling discovery of local service availability in local cellular coverage
CN103609150B (en) It is proprietary or non-APN Proprietary Informations carry out flow shunt via local network based on APN
CN107666723B (en) Information transmission method, convergence gateway and system
US8358627B2 (en) Radio communication system, radio communication method, and mobile station
CN103634791A (en) Method for provider network switching, user equipment and remote management platform
CN106465227A (en) Methods and apparatus to support network-based IP flow mobility via multiple wireless accesses for a wireless device
US20100215001A1 (en) Telecommunications networks and devices
CN104519537A (en) Communication method, user equipment and communication device
CN101133661A (en) Dynamically obtaining neighborhood information
CN101330740A (en) Method for selecting gateway in wireless network
CN105165039A (en) Mechanism for gateway discovery layer-2 mobility
CN104486358A (en) Converged communication system based on micro base station
CN111405607A (en) Network switching method, equipment and block chain system
EP2196048A1 (en) Terminal trace activation in a wirless communications network
JP6009242B2 (en) Authentication method, access point, and program for connecting third-party wireless terminal to user-owned access point
CN103250446B (en) Determine the method and system of subscriber equipment access way, equipment
CN101483929B (en) Method and apparatus for obtaining interaction mode with policy making entity by non-3GPP access gateway
CA2851678A1 (en) Method of and system for enacting digital communication for a mobile subscriber
CN101521676B (en) Method for calling USI interface and equipment thereof
JP6266064B2 (en) Authentication method, access point, and program for connecting third-party wireless terminal to user-owned access point
KR102287669B1 (en) Method and apparatus for managing subscriber profile
US9913213B2 (en) Methods, devices and computer program products providing for RAN based LGW selection
JP6266063B2 (en) Authentication method, access point, and program for connecting third-party wireless terminal to user-owned access point

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant
TR01 Transfer of patent right
TR01 Transfer of patent right

Effective date of registration: 20210427

Address after: Unit 3401, unit a, building 6, Shenye Zhongcheng, No. 8089, Hongli West Road, Donghai community, Xiangmihu street, Futian District, Shenzhen, Guangdong 518040

Patentee after: Honor Device Co.,Ltd.

Address before: 518129 Bantian HUAWEI headquarters office building, Longgang District, Guangdong, Shenzhen

Patentee before: HUAWEI TECHNOLOGIES Co.,Ltd.