Disclosure of Invention
The technical problem to be solved by the present invention is to provide a method for acquiring an access identifier of a terminal and an identity information server, which can acquire the access identifier of the terminal under the condition that the terminal roams.
In order to solve the above technical problem, a method for acquiring an access identifier of a terminal of the present invention includes:
an Identity Information Server (IIS) is arranged in a network, an Access Identifier (AID) of a terminal in the network is initially stored in the IIS, and mutual connection between the IIS is established;
when the terminal is accessed from the visited place network in a roaming way, when a visited place IIS inquires the AID of the terminal in a visited place service Access Service Router (ASR) of the terminal, the AID of the terminal is inquired from the attribution IIS of the terminal;
and the visit place IIS receives the AID of the terminal inquired and returned by the attribution IIS of the terminal.
Further, the identifier used for access authentication of the terminal is also initially stored in the IIS, and the AID of the terminal is associated with the identifier used for access authentication of the terminal;
when receiving an identifier used for access authentication of a terminal sent by the visited place service ASR, the visited place IIS learns that the visited place service ASR inquires the AID of the terminal;
the visit place IIS sends the received identifier used for access authentication of the terminal to the home IIS of the terminal, and inquires the AID of the terminal;
and the visit place IIS receives the corresponding AID returned by the home location IIS of the terminal and inquired according to the identifier used for access authentication of the terminal.
Further, still include:
before inquiring the AID of the terminal to the home IIS of the terminal, the visit IIS judges whether the terminal belongs to a local network according to the identifier used for access authentication of the terminal, determines the home IIS of the terminal when the terminal does not belong to the local network, and inquires the AID of the terminal to the home IIS.
Further, all IISs are directly connected or connected through one or more border gateways;
and when the IISs are connected through the one or more border gateways, the border gateways between the IISs complete the interaction between the IISs according to the identifier used for access authentication of the terminal.
Further, the IISs interact with each other based on RADIUS (remote authentication dial in access user service) messages or Diameter messages.
Further, in a Long Term Evolution (LTE) network, a packet data network gateway (P-GW) is taken as an ASR; the IIS is deployed on an authentication, authorization and accounting (AAA) server connected with the P-GW, and the AAA servers in the network are all connected with each other; or the IIS is deployed on a Mobility Management Entity (MME) connected with the P-GW, and the MME in the network are connected with each other; or,
in a third generation mobile communication (3G) network, a gateway general packet radio service support node (GGSN) is used as ASR; the IIS is deployed on an AAA server connected with the GGSN, and the AAA servers in the network are all connected with each other; or the IIS is deployed on a Home Location Register (HLR) connected with the GGSN, and the HLRs in the network are connected with each other; or, the IIS is deployed on a Home Subscriber Server (HSS) connected with the GGSN, and the HSS in the network are connected with each other; or,
in a fixed network, a Broadband Remote Access Server (BRAS) is used as an ASR, an IIS is deployed on an AAA server connected with the BRAS, and all AAA servers in the network are connected with each other.
Further, a method for storing an access identifier of a terminal includes:
establishing interconnection between Identity Location Registers (ILRs) in a network;
when a terminal is accessed from a visited place network in a roaming way, a visited place ILR receives an Access Identifier (AID) and a Routing Identifier (RID) of the terminal, which are sent by a visited place service ASR of the terminal, wherein the AID is obtained by the visited place service ASR through inquiring from a visited place Identity Information Server (IIS); the RID is distributed to the terminal by the visit place service ASR after inquiring the AID;
and the visit location ILR sends the AID and the RID of the terminal to the home ILR of the terminal, so that the home ILR stores the corresponding relation between the AID and the RID of the terminal.
Further, still include:
before the AID and the RID of the terminal are sent to the home ILR of the terminal by the visitor location ILR, whether the terminal belongs to a local network is judged according to the AID of the terminal and pre-configured information, and if the terminal does not belong to the local network, the home network of the terminal is judged; or judging whether the terminal belongs to the local network according to the identifier used for access authentication of the terminal which is sent by the ASR in the visit area service and simultaneously sends the AID and the RID, and if not, judging the home network of the terminal.
Further, still include:
the ILRs are directly connected or connected through one or more border gateways;
and when the ILRs are connected through the one or more border gateways, the border gateways between the ILRs complete interaction between the ILRs according to the AIDs of the terminals or the identifiers used by the terminals for access authentication.
Further, still include:
after the visit location ILR switches the ASR, receiving a target ASR switched by the terminal as the RID redistributed by the terminal;
and after the terminal does not belong to the local network and the home network of the terminal is determined, the visited ILR updates the RID redistributed by the target ASR for the terminal to the home ILR of the terminal.
Further, still include:
when a communication opposite terminal (CN) of the terminal sends a data message to the terminal, and when an ILR in a network where the CN is located inquires the position information of the terminal in a service ASR of the CN, if the corresponding relation of AID-RID of the terminal is not stored locally, the AID of the terminal is sent to an attributive ILR of the terminal so as to inquire the RID of the terminal;
and the ILR in the network where the CN is positioned receives the RID of the terminal, which is locally inquired and returned by the home ILR of the terminal according to the AID.
Further, still include:
and when the terminal quits the network or releases the IP address, the visit location ILR sends the AID of the terminal to the home ILR of the terminal and informs the home ILR to delete the RID of the terminal.
Further, the ILRs interact based on RADIUS (remote authentication dial in access user service) messages or Diameter messages.
Further, in a Long Term Evolution (LTE) network, a packet data network gateway (P-GW) is used as an ASR, an ILR is deployed on an authentication, authorization, and accounting (AAA) server connected to the P-GW, and the AAA servers in the network are all connected to each other; or, the ILR is deployed on a Mobility Management Entity (MME) connected with the P-GW, and the MME in the network are connected with each other; or,
in a third generation mobile communication (3G) network, taking a gateway general packet radio service support node (GGSN) as an ASR, deploying ILR on an AAA server connected with the GGSN, and connecting the AAA servers in the network with each other; or the ILR is deployed on a Home Location Register (HLR) connected with the GGSN, and the HLRs in the network are connected with each other; or, the ILR is deployed on a Home Subscriber Server (HSS) connected with the GGSN, and the HSS in the network are connected with each other; or,
in a fixed network, a Broadband Remote Access Server (BRAS) is used as an ASR, an ILR is deployed on an AAA server connected to the BRAS, and the AAA servers in the network are all connected to each other.
Further, an identity information server comprising: the system comprises a data storage unit, an information interaction unit and an information inquiry unit, wherein:
the data storage unit is used for initially storing an Access Identifier (AID) of a terminal in the network;
the information interaction unit is used for establishing the mutual connection between the Identity Information Servers (IIS);
the information inquiry unit is used for inquiring the AID of the terminal from the attribution IIS of the terminal through the information interaction unit when a visited place service Access Service Router (ASR) of the terminal inquires the AID of the terminal when the terminal is in roaming access, and receiving the AID of the terminal inquired and returned by the attribution IIS of the terminal.
Further, the data storage unit is further configured to initially store an identifier used by the terminal for access authentication, and associate the AID of the terminal with the identifier used by the terminal for access authentication;
the information query unit is specifically configured to, when receiving an identifier, used for access authentication, of a terminal sent by the ASR, learn that the ASR needs to query the AID of the terminal, send the received identifier, used for access authentication, of the terminal to the home IIS of the terminal, query the AID of the terminal, and receive a corresponding AID, returned by the home IIS of the terminal, queried according to the identifier, used for access authentication, of the terminal.
Further, the information querying unit is further configured to, before querying the AID of the terminal for the home IIS of the terminal, determine whether the terminal belongs to a local network according to the identifier used for access authentication of the terminal, determine the home IIS of the terminal when the terminal does not belong to the local network, and query the AID of the terminal for the home IIS.
Further, the information querying unit is further configured to, after receiving an identifier used for access authentication by the terminal and sent by another identity information server, query a corresponding AID from the data storage unit according to the received identifier used for access authentication by the terminal, and return the queried AID to the corresponding identity information server.
Further, an identity location register comprising: the device comprises an information interaction unit, a data storage unit and an information updating unit, wherein:
the information interaction unit is used for establishing the interconnection between Identity Location Registers (ILRs) in the network;
the data storage unit is used for receiving and storing an Access Identifier (AID) and a Routing Identifier (RID) of the terminal, which are sent by a visited place service ASR of the terminal when the terminal is accessed in a roaming way, wherein the AID is obtained by the visited place service ASR through inquiring from a visited place Identity Information Server (IIS); the RID is distributed to the terminal by the visit place service ASR after inquiring the AID;
and the information updating unit is used for sending the AID and the RID of the terminal to the attribution ILR of the terminal through the information interaction unit so that the attribution ILR stores the corresponding relation between the AID and the RID of the terminal.
Further, the information updating unit is further configured to, before sending the AID and the RID of the terminal to the home ILR of the terminal, determine whether the terminal belongs to a local network according to the AID of the terminal and preconfigured information, and if not, determine the home network of the terminal; or judging whether the terminal belongs to the local network according to the identifier used for access authentication of the terminal which is sent by the ASR in the visit area service and simultaneously sends the AID and the RID, and if not, judging the home network of the terminal.
Further, the data storage unit is further configured to receive an RID reallocated to the terminal by the target ASR switched by the terminal after the terminal switches the ASR;
and the information updating unit is also used for updating the RID redistributed by the target ASR for the terminal to the home ILR of the terminal after the terminal does not belong to the local network and the home network of the terminal is determined.
Further, the information updating unit is further configured to send the AID of the terminal to the home ILR of the terminal when the terminal quits the network or releases the IP address, and notify the home ILR to delete the RID of the terminal.
In summary, in the method for identity location separation based on the invention, the identity information server is arranged to store the AID of the terminal and the identity information servers are connected with each other, so that the AID of the terminal can be acquired when the terminal roams, and the terminal can access the visited network.
Detailed Description
Unlike existing Identity location separation techniques, in the present embodiment, a dedicated Identity Information Server (IIS) is used to store the end-user's AID. As shown in fig. 3, operator A has its own identity information server A (IIS-A), and operator B has its own IIS-B. Preferably, the IIS records and associates together the identity of the end user used for access authentication and the AID of the user. The identifier used by the terminal user for Access authentication generally includes an International Mobile Subscriber Identity (IMSI), a Network Access Identifier (NAI), and the like. In order to support roaming access of the end user, a signaling interface (as shown in fig. 3) needs to be added between the IIS of the visited operator and the IIS of the home operator, and the main function of the interface is to transfer the Access Identity (AID) of the end user between the visited IIS and the home IIS.
It should be noted that the IIS of the visited operator may establish a directly connected interface with the IIS of the home operator, or may indirectly establish an interface through one or more border gateways. That is, the IISs of the visited operator and the home operator establish interfaces with the border gateways, respectively, and the interaction between the two IISs is completed through the relay of the border gateway. The general role of the border gateway is to protect the data security and attack of the operators of both parties. It should be noted that the Border Gateway can be generally referred to as Border IIS (Border IIS, abbreviated as B-IIS), Gateway IIS (Gateway IIS, abbreviated as G-IIS), or Proxy IIS (Proxy IIS, abbreviated as P-IIS).
In order to support that the home carrier of the terminal can also grasp the location information of the terminal, it is preferable to add a signaling interface between the ILR (visited ILR) of the visited operator and the ILR (home ILR) of the home operator. Similarly, the ILR of the visited operator may establish a directly connected interface with the ILR of the home operator, or may establish the interface indirectly through one or more border gateways. Accordingly, Border gateways may be generally referred to as Border identity location registers (Border ILR, B-ILR), Gateway identity location registers (Gateway ILR, G-ILR), or Proxy ILR (P-ILR).
As shown in fig. 3, operator B is a visited operator of terminal a, and operator a is a home operator of terminal a. An interface is established between operator A's IIS-A and operator B's IIS-B. If the terminal A is accessed from the operator B in a roaming way, the terminal A is accessed through an access service router B (ASR-B). And the ASR-B requests the AID of the terminal to the IIS-B, and the IIS-B can acquire the AID of the terminal A from the IIS-A through the interface and send the AID to the terminal. Therefore, the problem that the terminal cannot be accessed by the operator at the roaming place can be solved.
Example 1:
fig. 4 shows a first embodiment of the present embodiment, which is a process in which a terminal accesses a network and acquires an Access Identifier (AID) of the terminal from the network, and specifically includes the following steps:
step 401: the terminal roams to a visited operator, accesses to the network of the visited operator and attaches to an Access Service Router (ASR) of the terminal, and the ASR is the service ASR of the terminal (namely, the visited service ASR);
generally, the service ASR obtains an identifier used by the terminal for access authentication in this step, such as the above-mentioned IMSI, NAI, or User Name (User Name). Based on the user name, the network firstly performs access authentication on the terminal user, and then executes the subsequent process after the access authentication is passed.
Step 402: the ASR (located in the visited operator) queries the AID of the terminal user from the visited Identity Information Server (IIS), and carries the identifier of the obtained terminal for access authentication;
step 403: after receiving the request, the visited place IIS first determines whether the user belongs to the local network;
the visited place IIS can make a judgment according to the identifier used by the terminal for access authentication (i.e. the identifier used by the user using the terminal for access authentication, hereinafter, both identifiers are expressed as the identifier used by the terminal for access authentication). In this embodiment, since it is assumed that the current access of the user is the visited operator, the visited IIS needs to further determine the home operator of the terminal user at this time, and generally, according to the identifier used for access authentication of the terminal, the visited IIS can determine the home operator of the terminal. Preferably, depending on the configuration information, the visited IIS may also determine the home IIS of the terminal.
Step 404: the visit place IIS sends a message to the attribution IIS (located in an attribution operator of the terminal user) of the terminal user, and inquires the AID of the terminal, wherein the message carries an identifier used for access authentication of the terminal;
step 405: after receiving the request, the home location IIS preferably checks that the request message is from a legal requester, then locally queries a corresponding AID according to the identifier used by the terminal for access authentication, and returns a response message carrying the AID to the visited location IIS;
step 406: the visited place IIS returns the inquired AID to the ASR;
step 407: the ASR sends the AID to the terminal, and the AID is used as an identity mark of the terminal and is configured in the local part of the terminal;
the subsequent terminal uses the AID as its own IP address for communication with the outside.
Step 408: after obtaining the AID of the terminal, the ASR further allocates a Routing Identifier (RID, also called a location Identifier) to the terminal;
step 409: the ASR (the ASR is the ASR of the visited operator) updates the RID of the terminal to the ILR (visited ILR) of the visited operator, carries the AID of the terminal user and the assigned RID, and preferably also carries an identifier used by the terminal for access authentication;
step 410: the visit location ILR stores the corresponding relation of AID-RID of the terminal locally, and sends a message carrying the corresponding relation of AID-RID to the home location ILR of the terminal;
preferably, the visited site ILR can determine that the terminal corresponding to the AID is not affiliated to the operator. The visited ILR can judge that the AID does not belong to the operator according to the AID and the preconfigured information, and can judge that the operator to which the AID belongs; or, the visited site ILR determines, according to the identifier for access authentication of the terminal preferentially carried in step 409, that the corresponding AID does not belong to the operator, and can determine the operator to which the AID belongs.
Step 411: after the attributive ILR acquires the information, storing the corresponding relation of AID-RID of the terminal in the local;
at this time, the home operator of the terminal can also know the current location information of the terminal. The home ILR returns a reply message to the visited ILR.
Step 412: the visited ILR returns a response message to the ASR.
It should be noted that, in step 410, the visited ILR may directly send the AID-RID of the terminal to the home ILR of the terminal user without recording the AID-RID correspondence of the terminal, and only the home ILR stores the AID-RID correspondence of the terminal.
The problems of the prior art can be solved by the method of the above embodiment of the present invention. When the terminal roams, the terminal can also acquire the AID of the terminal after accessing the network through the ASR of the visited operator, and the AID is used as the source address of the terminal to communicate with the outside.
It should be noted that in the description of the present embodiment, the visited IIS and the home IIS are directly interactive with each other. As described above, the visited IIS and the home IIS can communicate with each other through one or more border gateways (such as the above-mentioned B-IIS, G-IIS or P-IIS), and the border gateway can determine to which next-hop border gateway or home IIS the corresponding message should be sent according to the above-mentioned identifier used by the terminal for access authentication (as described in step 403). Similarly, the visited ILR and the home ILR may interwork via one or more border gateways (e.g., the above-mentioned B-ILR, P-ILR, G-ILR), which may determine to which next-hop border gateway or home ILR the corresponding message should be sent according to the AID or the above-mentioned identifier for access authentication of the end-user, according to the method described in step 410.
As shown in fig. 5, when a terminal switches a current ASR in a visited operator, that is, a source ASR is switched to a target ASR, the target ASR needs to allocate a new RID to the terminal, and update an AID-RID correspondence of the terminal stored in an ILR, specifically including the following steps:
step 501-502: after the terminal is switched from the source ASR to the target ASR, the target ASR distributes a new RID for the terminal;
step 503: because the target ASR is also located in the network of the visited place operator, the target ASR sends an update message to the visited place ILR, carries the AID of the terminal and the newly allocated RID, and preferably also carries an identifier used for access authentication of the terminal;
the same principle as in step 409.
Step 504: in the same step 410, the visited site ILR determines that the terminal user is not affiliated to the operator, and sends a message to the affiliated ILR of the terminal after determining the affiliated operator of the user, wherein the message carries the mapping relationship of AID-RID;
step 505-506: the same as step 411-412.
Example 2:
fig. 6 shows a second embodiment of the present invention, which still assumes that the terminal accesses the network at the visited operator, i.e. the terminal currently serves ASR and is located at the visited operator.
Step 601: a communication opposite terminal (CORRESPONDENTER Node, CN for short) of the terminal sends a data message to the terminal, the destination IP address of the data message is set as the AID of the terminal, and the data message firstly reaches a service ASR (CN-ASR) of the CN;
step 602: when the CN-ASR cannot find the position information of the terminal locally, inquiring the position information of the terminal from the ILR in the operator domain where the CN-ASR is located, and inquiring the AID of the terminal carried by the message;
it is assumed that the operator in which the CN-ASR is located is not the home operator of the terminal.
Step 603: assuming that the ILR in the operator domain where the CN-ASR is located cannot locally query the RID information of the terminal, in step 410, the ILR may determine, according to the AID and the preconfigured information, that the AID does not belong to the operator and that the operator to which the AID belongs;
step 604: the ILR sends a request to the home ILR of the terminal, carries the AID of the terminal and requests the RID information of the terminal;
step 605: after inquiring the RID information of the terminal locally according to the AID, the attributive ILR returns a response message to the ILR in the operator domain where the CN-ASR is located, and the response message carries the AID-RID information of the terminal;
step 606: after receiving the response message, the ILR in the operator domain where the CN-ASR is located carries the RID information of the terminal in the response message and returns the RID information to the CN-ASR;
step 607: and the CN-ASR sends the data message according to the position information of the terminal.
It is worth mentioning that the operator where the CN-ASR is located may be the visited operator where the terminal is currently located. At this time, as described in embodiment 1, the visited site ILR may store the AID-RID relationship of the terminal, and the CN-ASR may directly query the visited site ILR for relevant information; otherwise, the method proceeds to the above step of embodiment 2, and the home ILR is queried for relevant information. The operator where the CN-ASR is located may also be different from the visited operator where the terminal is currently located, and at this time, the location information of the terminal needs to be queried according to the method in the foregoing embodiment.
Example 3:
fig. 7 shows a third embodiment of the present invention, which still assumes that the terminal accesses the network at the visited operator, i.e. the terminal currently serves ASR and is located at the visited operator. When the terminal leaves the network, the location information of the terminal stored in the home ILR of the terminal needs to be cleared, which specifically includes the following steps.
Step 701: the current service ASR of the terminal receives the instruction of the terminal to quit the network or release the IP address;
step 702: the ASR sends a message to an ILR (visited ILR) in the local domain (i.e. visited operator domain of the terminal) to delete the location information of the terminal, wherein the ASR carries the AID of the terminal and preferably also carries an identifier used by the terminal for access authentication;
step 703: after receiving the above-mentioned message, the visited site ILR first deletes the AID-RID mapping relationship of the terminal locally, and meanwhile, according to the method of step 410, the visited site ILR can determine that the local domain is the visited domain (i.e. visited site) of the terminal and can determine the home domain of the terminal, and the visited site ILR sends a message to the home domain ILR of the terminal for deleting the location information of the terminal, carrying the AID of the terminal, and preferably also carrying the identifier used by the terminal for access authentication;
step 704: and the home ILR deletes the related information stored locally and returns a response message to the visit-ILR.
Step 705: the visited-ILR returns a response message to the ASR described above.
It should be noted that, in actual network deployment, the IIS described in this embodiment may be deployed on an Authentication, Authorization, and accounting (AAA) Server, a Home Location Register (HLR), or a Home Subscription Server (HSS), that is, the IIS serves as a functional module of these network elements, or these network elements themselves have functions of the IIS. Thus, these network elements can be used to directly replace the "identity information server" in the above embodiments. For example, the home authentication and accounting server is used to replace the home identity information server, and the visited authentication and authorization accounting server is used to replace the visited identity information server, etc., which have the same principle. At this time, the visited-IIS and the home-IIS may interact with each other through an AAA protocol, including a RADIUS (Remote authentication dial In User Service) protocol and a Diameter protocol.
For example, the Access-Request message defined by the RADIUS protocol is used by the visited site IIS, the portable terminal is used to Access the authentication identifier to Request the AID information in the terminal from the home IIS, and accordingly, the home IIS responds to the visited site IIS by using the Access-Access message, and carries the AID of the terminal. If the home IIS also has no corresponding record (e.g., the end user has not signed up an AID), the home IIS may return an Access-Reject message to the visited IIS. At this point, the ASR at the visited site will preferably deny terminal access. The visit place IIS can also use the AA-Request defined by the Diameter protocol to Request the AID information of the terminal from the attribution IIS, and the access authentication identifier used by the terminal is carried; the home IIS uses the AA-Answer response visiting place IIS, carries AID information of the terminal, or carries an error indication (for example, the terminal user does not sign AID). If the visit place IIS receives the AA-Answer message carrying the error indication, the ASR preferably refuses the terminal to access the network.
Similarly, in actual network deployment, the ILR according to this embodiment may also be deployed on an AAA server, an HLR, or an HSS, that is, the ILR serves as a functional module of these network elements, or these network elements themselves have the function of the ILR. In this way, the "identity location register" in the above embodiments can be directly replaced by these network elements. For example, the home identity location register is replaced by the home authentication and charging server, the visitor authentication and authorization charging server is replaced by the visitor identity location register, and the like, and the principle is the same. At this time, the visited ILR and the home ILR may also interact via an AAA protocol, including a RADIUS protocol and a Diameter protocol.
For example, the visited ILR uses an Accounting-Request message defined by the RADIUS protocol to carry the AID and RID information of the terminal, and updates the RID information of the terminal to the home ILR. At the time of initial update, the above information may be updated to the home ILR using Accounting-Request [ start ] (i.e., indicating that the type of this Request is start); when updating is carried out subsequently (for example, the terminal switches ASR, and new ASR allocates new RID for the terminal), Accounting-Request [ inter ] is used; when the position information of the terminal is deleted, the visited ILR sends Accounting-Request [ stop ] to the home ILR. And when the home ILR receives the Accounting-Request message with the type of stop, deleting the RID information of the terminal. Accordingly, the home ILR responds to the visited ILR with an Accounting-Response [ start ], an Accounting-Response [ intervention ], and an Accounting-Response [ stop ]. As described in example 2, when the ILR of the operator domain where the CN-ASR resides queries the RID of the terminal from the terminal's home ILR, the ILR may query the home ILR using a message newly defined in the RADIUS protocol.
The visited ILR can also use Accounting-Request message defined by Diameter protocol, carry AID and RID information of the terminal, and update RID information of the terminal to the home ILR; accordingly, the home ILR responds to the visited ILR with an Accounting-Answer. The visited ILR can use the Disconnect-Peer-Request or Abort-Session-Request and other messages, carry the AID of the terminal, and indicate the home ILR to delete the RID information of the terminal; the home ILR responds to the visited ILR with Disconnect-Peer-Answer or Abort-Session-Answer, respectively. As described in embodiment 2, when the ILR of the operator domain where the CN-ASR is located queries the RID of the terminal from the home ILR of the terminal, the ILR may query the home-ILR using a message newly defined in the Diameter protocol.
Example 4:
fig. 8 is a fourth example of the present embodiment, and specifically, the contents of the present embodiment are applied to an lte (long Term evolution) network. In the LTE network, a terminal is first connected to an S-GW (Serving Gateway) by wireless and then connected to a P-GW (Packet data network Gateway) by the S-GW. The P-GW has the ASR function described above and is referred to as P-GW (ASR).
The network is divided into the visited operator (operator B in the figure) and the home operator (operator a in the figure) of the terminal, assuming that the terminal is currently connected in the network of its visited operator, and the P-gw (asr) assigned by the network for the terminal is also located within the visited operator domain. The P-gw (asr) interfaces with both the ILR within the visited operator domain (i.e., visited ILR above) and the IIS within the visited operator domain (i.e., visited IIS above). Meanwhile, there is an interface between the visited site ILR and the ILR in the home operator domain of the terminal (i.e., the above home ILR), and there is also an interface between the visited site IIS and the IIS in the home operator domain of the terminal (i.e., the above home IIS). As described above, the interfaces described herein may be directly connected or may be indirectly connected through an intervening border gateway or the like.
The methods described in embodiments 1 to 3 of the present embodiment can all be applied to the LTE network described herein, and only the ASR of the previous embodiment needs to be replaced by the P-gw (ASR) described herein, and the source ASR and the target ASR need to be replaced by the source P-gw (ASR) and the target P-gw (ASR). Also, as described above, both the ILR and IIS may be located on an AAA server connected to the P-gw (asr) (e.g., connected to the P-gw (asr) via the SGi interface). The principle is consistent and will not be described in detail.
In addition, the LTE network further includes an MME (Mobility Management Entity) for storing a Mobility context of the terminal. In this case, the IIS and ILR may be located on the MME, or the MME itself may have IIS and/or ILR functions. At this time, the MME in the visited domain is the visited MME, the MME belonging to the visited domain is the home MME, and an indirect or direct interface is established between the visited MME and the home MME.
Example 5:
fig. 9 is a fifth example of the present embodiment, and specifically, the contents of the present embodiment are applied to a GPRS (General Packet Radio Service) network. In the GPRS network, a terminal is first connected to an SGSN (serving GPRS Support Node) by radio, and then connected to a GGSN (Gateway GPRS Support Node) by the SGSN. Here, the GGSN has the ASR function described above and is referred to as GGSN (ASR).
In the same principle as the fourth embodiment, the network is divided into a visited operator (operator B in the figure) and a home operator (operator a in the figure) of the terminal, and it is assumed that the terminal is currently connected in the network of its visited operator, and the ggsn (asr) allocated by the network for the terminal is also located in the visited operator domain. The ggsn (asr) interfaces with both the ILR within the visited operator domain (i.e. visited ILR above) and the IIS within the visited operator domain (i.e. visited IIS above). Meanwhile, there is an interface between the visited site ILR and the ILR in the home operator domain of the terminal (i.e., the above home ILR), and there is also an interface between the visited site IIS and the IIS in the home operator domain of the terminal (i.e., the above home IIS). As described above, the interfaces described herein may be directly connected or may be indirectly connected through an intervening border gateway or the like.
The methods described in embodiments 1 to 3 of the present invention can be applied to the GPRS network described herein, and only the ASR of the previous embodiment needs to be replaced by the ggsn (ASR) described herein, and the source ASR and the target ASR need to be replaced by the source ggsn (ASR) and the target ggsn (ASR). Also, as described above, both ILR and IIS may be located on an AAA server connected to ggsn (asr) (e.g., connected to ggsn (asr) via the Gi interface). The principle is consistent and will not be described in detail.
In addition, the GPRS network also includes an HLR or HSS, which is used to store information such as a subscription of a terminal user. At this time, as described above, the IIS and ILR may also be located on the HLR/HSS, where the HLR/HSS located in the visited domain is the visited-HLR/HSS, and the HLR/HSS located in the home domain is the home-HLR/HSS.
Example 6:
fig. 10 is a sixth example of the present embodiment, and specifically, the contents of the present embodiment are applied to a fixed network (e.g., xDSL). In the fixed network, the terminal is connected to a BRAS (Broadband Remote Access server) through a Subscriber Line (Subscriber Line) and a dslam (digital Subscriber Line Access multiplexer). Here, BRAS has the ASR function described above and is denoted as BRAS (ASR).
The fixed network generally manages in different areas, such as an area a and an area B shown in fig. 10. Where the home zone of the terminal is zone a, assuming that the terminal is currently connected in its visited zone (i.e., zone B). It should be noted that the area a and the area B are similar to the operator a and the operator B, so that the roaming scenario shown in fig. 10 can be considered as well. Assuming that the BRAS to which the terminal is currently connected is also located within the visited area, the BRAS (asr) has an interface with both the ILR of the visited area (i.e. the above visited ILR) and the IIS within the visited area (i.e. the above visited IIS). Meanwhile, there is an interface between the visited site ILR and the ILR in the home area of the terminal (i.e., the above home ILR), and there is also an interface between the visited site IIS and the IIS in the home area of the terminal (i.e., the above home IIS). As described above, the interfaces described herein may be directly connected or may be indirectly connected through an intervening border gateway or the like.
The methods described in embodiments 1 to 3 of the present invention can be applied to the fixed network described herein, and only the ASR of the previous embodiment needs to be replaced by the bras (ASR) described herein, and the source ASR and the target ASR need to be replaced by the source bras (ASR) and the target bras (ASR). Also, as described above, both ILR and IIS may be located on an AAA server connected to bras (asr). The principle is consistent and will not be described in detail.
As shown in fig. 11, this embodiment further provides an identity information server, including: the system comprises a data storage unit, an information interaction unit and an information inquiry unit, wherein:
the data storage unit is used for initially storing AID of the terminal in the network;
the information interaction unit is used for establishing the interconnection among the IISs;
and the information inquiry unit is used for inquiring the AID of the terminal from the attribution IIS of the terminal through the information interaction unit when the access service ASR of the terminal inquires the AID of the terminal during roaming access of the terminal, and receiving the AID of the terminal inquired and returned by the attribution IIS of the terminal.
The data storage unit is also used for initially storing the identifier used for access authentication of the terminal and associating the AID of the terminal with the identifier used for access authentication of the terminal;
the information query unit is specifically configured to, when receiving an identifier, used for access authentication, of a terminal sent by the ASR, acquire an AID of the terminal to be queried by the ASR, send the received identifier, used for access authentication, of the terminal to the home IIS of the terminal, query the AID of the terminal, and receive a corresponding AID, returned by the home IIS of the terminal, queried according to the identifier, used for access authentication, of the terminal.
And the information inquiry unit is further used for judging whether the terminal belongs to the local network or not according to the identifier used for access authentication of the terminal before inquiring the AID of the terminal from the attribution IIS of the terminal, determining the attribution IIS of the terminal when the terminal does not belong to the local network, and inquiring the AID of the terminal from the attribution IIS.
And the information inquiry unit is also used for inquiring the corresponding AID from the data storage unit according to the received identifier for the access authentication of the terminal after receiving the identifier for the access authentication of the terminal sent by the other identity information server, and returning the inquired AID to the corresponding identity information server.
As shown in fig. 12, this embodiment also provides an identity location register, including: the device comprises an information interaction unit, a data storage unit and an information updating unit, wherein:
the information interaction unit is used for establishing the interconnection between ILRs in the network;
the data storage unit is used for receiving and storing an AID and an RID of the terminal sent by a visited place service ASR of the terminal when the terminal is in roaming access, wherein the AID is obtained by the visited place service ASR through inquiry from a visited place IIS; the RID is distributed to the terminal by the visited place service ASR after inquiring the AID;
and the information updating unit is used for sending the AID and the RID of the terminal to the attributive ILR of the terminal through the information interaction unit so that the attributive ILR stores the corresponding relation between the AID and the RID of the terminal.
The information updating unit is further used for judging whether the terminal belongs to the local network or not according to the AID of the terminal and the preconfigured information before sending the AID and the RID of the terminal to the attribution ILR of the terminal, and judging the attribution network of the terminal if the terminal does not belong to the local network; or judging whether the terminal belongs to the local network according to the identifier used for access authentication of the terminal which sends AID and RID simultaneously by the visit place service ASR, and if not, judging the home network of the terminal.
The data storage unit is also used for receiving the RID redistributed by the target ASR switched by the terminal to the terminal after the ASR is switched by the terminal;
and the information updating unit is also used for updating the RID redistributed by the target ASR for the terminal to the home ILR of the terminal after the terminal does not belong to the local network and the home network of the terminal is determined.
And the information updating unit is also used for sending the AID of the terminal to the home ILR of the terminal when the terminal quits the network or releases the IP address, and informing the home ILR to delete the RID of the terminal.
It will be apparent to those skilled in the art that the modules or steps of the present invention described above may be implemented by a general purpose computing device, they may be centralized on a single computing device or distributed across a network of multiple computing devices, and alternatively, they may be implemented by program code executable by a computing device, such that they may be stored in a storage device and executed by a computing device, or they may be separately fabricated into various integrated circuit modules, or multiple modules or steps thereof may be fabricated into a single integrated circuit module. Thus, the present invention is not limited to any specific combination of hardware and software.
The above description is only a preferred embodiment of the present invention, and is not intended to limit the present invention, and various modifications and changes may be made by those skilled in the art. Any modification, equivalent replacement, or improvement made within the spirit and principle of the present invention should be included in the protection scope of the present invention.