CN103686719A - Method and system for determining bearer control policy - Google Patents

Method and system for determining bearer control policy Download PDF

Info

Publication number
CN103686719A
CN103686719A CN201210323245.9A CN201210323245A CN103686719A CN 103686719 A CN103686719 A CN 103686719A CN 201210323245 A CN201210323245 A CN 201210323245A CN 103686719 A CN103686719 A CN 103686719A
Authority
CN
China
Prior art keywords
control strategy
information
user terminal
acquisition approach
indication information
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201210323245.9A
Other languages
Chinese (zh)
Other versions
CN103686719B (en
Inventor
陈久雨
陈洁
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China Telecom Corp Ltd
Original Assignee
China Telecom Corp Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China Telecom Corp Ltd filed Critical China Telecom Corp Ltd
Priority to CN201210323245.9A priority Critical patent/CN103686719B/en
Publication of CN103686719A publication Critical patent/CN103686719A/en
Application granted granted Critical
Publication of CN103686719B publication Critical patent/CN103686719B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Landscapes

  • Mobile Radio Communication Systems (AREA)

Abstract

The invention discloses a method and system for determining a bearer control policy. The method comprises the following steps: admission request information sent by a user terminal is transmitted to an authentication and authorization server for identification; after authentication and authorization information sent by the authentication and authorization server is received, a control policy obtaining route instruction information is obtained from the authentication and authorization information; according to the control policy obtaining route instruction information, a bearer control policy of the user terminal is obtained; the user terminal is controlled by the bearer control policy to access to a service network. The bearer control policy of the user terminal is obtained through the control policy obtaining route instruction information, and not obtained through visiting an external policy control unit when the service network is accessed every time, so that information interaction with the external policy control unit is effectively reduced, the access process of the service network is simplified, network resources are saved and the user experience is improved.

Description

Determine the method and system of Bearer Control strategy
Technical field
The present invention relates to the communications field, particularly relate to a kind of method and system of definite Bearer Control strategy.
Background technology
In mobile network's following framework, can introduce PCC(Policy Control and Charging, policy control and charging) system, by existing PCC technology, when user uses business, such as PDSN(Packet Data Serving Node, packet data serving node) or PGW(Packet Data Network Gateway, grouped data network gateway) Function such as PCRF(Policy and Charging Rules must be accessed in strategy execution unit, strategy and charging rule functions) the policy control unit of unit obtains user's Bearer Control strategy.
From current network, should be used for, most of users apply identical strategy, namely the control strategy of acquiescence.In this case, if still obtain user's Bearer Control strategy by accessing outside policy control unit when each accessing business network, can bring unnecessary information interaction, and cause service access process complicated, thereby cause network resources waste and user to experience reduction.
Summary of the invention
The technical problem to be solved in the present invention is to provide a kind of method and system of definite Bearer Control strategy.By judging the whether directly predefined acquiescence control strategy of usage policy performance element of user, thereby can effectively reduce the information interaction with external policy control unit, therefore can simplify service access process and omit the signing process of user in policy control unit, save Internet resources, and improved user's experience.
According to an aspect of the present invention, provide a kind of method of definite Bearer Control strategy, comprising:
Receive the access request information that user terminal sends, wherein access request information comprises user terminal identifying information;
Described access request information is transmitted to certification authority server, so that certification authority server authenticates described user terminal according to described user terminal identifying information;
After receiving the Certificate Authority information of certification authority server transmission, from Certificate Authority information, obtain control strategy acquisition approach indication information;
According to described control strategy acquisition approach indication information, obtain the Bearer Control strategy of described user terminal;
Utilize user terminal access service net described in Bearer Control policy control.
According to an aspect of the present invention, provide a kind of method of definite Bearer Control strategy, comprising:
Receive the access request information that strategy execution unit sends, wherein access request information comprises the identifying information of user terminal;
Utilize the identifying information of described user terminal, described user terminal is authenticated;
When authentication success, to strategy execution unit, send Certificate Authority information, wherein Certificate Authority information comprises control strategy acquisition approach indication information, so that strategy execution unit, according to described control strategy acquisition approach indication information, obtains the Bearer Control strategy of described user terminal.
According to an aspect of the present invention, provide a kind of strategy execution unit of definite Bearer Control strategy, comprising:
The first receiving equipment, the access request information sending for receiving user terminal, wherein access request information comprises user terminal identifying information;
The first transmitting apparatus, for described access request information is transmitted to certification authority server, so that certification authority server authenticates described user terminal according to described user terminal identifying information;
Equipment is obtained in path indication, for receiving at the first receiving equipment after the Certificate Authority information of certification authority server transmission, obtains control strategy acquisition approach indication information from Certificate Authority information;
Strategy obtains equipment, for according to described control strategy acquisition approach indication information, obtains the Bearer Control strategy of described user terminal;
Service access equipment, for utilizing user terminal access service net described in Bearer Control policy control.
According to an aspect of the present invention, provide a kind of certification authority server of definite Bearer Control strategy, comprising:
The second receiving equipment, the access request information sending for receiving strategy execution unit, wherein access request information comprises the identifying information of user terminal;
Authenticating device, for utilizing the identifying information of described user terminal, authenticates described user terminal; When authentication success, indication the second transmitting apparatus sends Certificate Authority information to strategy execution unit, and wherein Certificate Authority information comprises control strategy acquisition approach indication information;
The second transmitting apparatus, for according to the indication of authenticating device, sends described Certificate Authority information to strategy execution unit, so that strategy execution unit, according to described control strategy acquisition approach indication information, obtains the Bearer Control strategy of described user terminal.
According to an aspect of the present invention, provide a kind of system of definite Bearer Control strategy, comprising: strategy execution unit and certification authority server, wherein:
Strategy execution unit, receive the access request information that user terminal sends, wherein access request information comprises user terminal identifying information, described access request information is transmitted to certification authority server, after receiving the Certificate Authority information of certification authority server transmission, from Certificate Authority information, obtain control strategy acquisition approach indication information, according to described control strategy acquisition approach indication information, obtain the Bearer Control strategy of described user terminal, utilize user terminal access service net described in Bearer Control policy control;
Certification authority server, the access request information sending for receiving strategy execution unit, utilize the identifying information of described user terminal, described user terminal is authenticated, when authentication success, to strategy execution unit, send Certificate Authority information, wherein Certificate Authority information comprises control strategy acquisition approach indication information.
The access request information that the present invention sends by receiving user terminal, wherein access request information comprises user terminal identifying information.Described access request information is transmitted to certification authority server, so that certification authority server authenticates described user terminal according to described user terminal identifying information.After receiving the Certificate Authority information of certification authority server transmission, from Certificate Authority information, obtain control strategy acquisition approach indication information.According to described control strategy acquisition approach indication information, obtain the Bearer Control strategy of described user terminal.Utilize user terminal access service net described in Bearer Control policy control.By obtain the Bearer Control strategy of described user terminal according to control strategy acquisition approach indication information, rather than when each accessing business network, all by accessing outside policy control unit, obtain user's Bearer Control strategy.Therefore can effectively reduce the information interaction with external policy control unit, can simplify service access process and omit the signing process of user in policy control unit, save Internet resources, and improved user's experience.
Accompanying drawing explanation
Fig. 1 is the schematic diagram that the present invention determines an embodiment of Bearer Control strategy process.
Fig. 2 is the schematic diagram that the present invention determines another embodiment of Bearer Control strategy process.
Fig. 3 is the schematic diagram of an embodiment of user terminal register method of the present invention.
Fig. 4 is the schematic diagram that the present invention determines the another another embodiment of Bearer Control strategy process.
Fig. 5 is the schematic diagram of another embodiment of user terminal register method of the present invention.
Fig. 6 is the schematic diagram of the embodiment in strategy execution of the present invention unit.
Fig. 7 is the schematic diagram of strategy execution of the present invention another embodiment of unit.
Fig. 8 is the schematic diagram of an embodiment of certification authority server of the present invention.
Fig. 9 is the schematic diagram of another embodiment of certification authority server of the present invention.
Figure 10 is the schematic diagram that the present invention determines an embodiment of Bearer Control policy system.
Figure 11 is the network diagram that the present invention determines an embodiment of Bearer Control policy system.
Embodiment
With reference to the accompanying drawings the present invention is described more fully, exemplary embodiment of the present invention is wherein described.
Fig. 1 is the schematic diagram that the present invention determines an embodiment of method of Bearer Control strategy.As shown in Figure 1, definite Bearer Control strategy process step of the present embodiment is as follows:
Step 101, receives the access request information that user terminal sends, and wherein access request information comprises user terminal identifying information.
Step 102, is transmitted to certification authority server by described access request information, so that certification authority server authenticates described user terminal according to described user terminal identifying information.
Step 103 after receiving the Certificate Authority information of certification authority server transmission, is obtained control strategy acquisition approach indication information from Certificate Authority information.
Step 104, according to described control strategy acquisition approach indication information, obtains the Bearer Control strategy of described user terminal.
Step 105, utilizes user terminal access service net described in Bearer Control policy control.
The method of the definite Bearer Control strategy providing based on the above embodiment of the present invention, the access request information sending by receiving user terminal, wherein access request information comprises user terminal identifying information.Described access request information is transmitted to certification authority server, so that certification authority server authenticates described user terminal according to described user terminal identifying information.After receiving the Certificate Authority information of certification authority server transmission, from Certificate Authority information, obtain control strategy acquisition approach indication information.According to described control strategy acquisition approach indication information, obtain the Bearer Control strategy of described user terminal.Utilize user terminal access service net described in Bearer Control policy control.By obtain the Bearer Control strategy of described user terminal according to control strategy acquisition approach indication information, rather than when each accessing business network, all by accessing outside policy control unit, obtain user's Bearer Control strategy.Therefore can effectively reduce the information interaction with external policy control unit, can simplify service access process and omit the signing process of user in policy control unit, save Internet resources, and improved user's experience.
Fig. 2 is the schematic diagram that the present invention determines another embodiment of method of Bearer Control strategy.As shown in Figure 2:
Step 201, receives the access request information that user terminal sends, and wherein access request information comprises user terminal identifying information.
Step 202, is transmitted to certification authority server by described access request information, so that certification authority server authenticates described user terminal according to described user terminal identifying information.
Step 203, after receiving the Certificate Authority information that certification authority server sends, judges in Certificate Authority information, whether to comprise control strategy acquisition approach indication information.If do not comprise control strategy acquisition approach indication information in Certificate Authority information, perform step 204; If Certificate Authority information comprises control strategy acquisition approach indication information, perform step 205.
Step 204, sends rule according to the control strategy acquisition approach indication information setting in advance, and determines control strategy acquisition approach indication information.
Preferably, according to the control strategy acquisition approach indication information setting in advance, send rule, in Certificate Authority information, do not comprise that control strategy acquisition approach indication information is when obtaining Bearer Control strategy from this locality, generate the control strategy acquisition approach indication information that obtains Bearer Control strategy from this locality.
And send rule according to the control strategy acquisition approach indication information setting in advance, in Certificate Authority information, do not comprise that control strategy acquisition approach indication information is when obtaining Bearer Control strategy from policy control unit, generate the control strategy acquisition approach indication information that obtains Bearer Control strategy from policy control unit.
Step 205, obtains the Bearer Control strategy of described user terminal according to described control strategy acquisition approach indication information.
Preferably, when the indication of described control strategy acquisition approach indication information is obtained Bearer Control strategy from this locality, using this locality default acquiescence control strategy as the Bearer Control strategy of described user terminal.
And when described control strategy acquisition approach indication information indication is obtained Bearer Control strategy from policy control unit, from policy control unit, obtain the Bearer Control strategy being associated with described user terminal.
Step 206, utilizes user terminal access service net described in Bearer Control policy control.
Fig. 3 is the schematic diagram of an embodiment of user terminal register method of the present invention.As shown in Figure 3,
Step 301, receives the registration information that user terminal sends.
Step 302, registration information is transmitted to certification authority server, wherein registration information comprises user terminal identifying information and control strategy acquisition approach indication information, so that certification authority server utilizes user terminal identifying information to carry out authentication registration to described user terminal, and can store control strategy acquisition approach indication information when authentication registration success.
Step 303, after receiving the authentication registration success response information of certification authority server transmission, obtains and stores the control strategy acquisition approach indication information transmission rule that authentication registration success response information comprises.
By above-mentioned logon mode, certification authority server can obtain the control strategy acquisition approach indication information that user arranges, so that certification authority server provides control strategy acquisition approach indication information for strategy execution unit.Certification authority server also can be strategy execution unit simultaneously provides control strategy acquisition approach indication information to send rule, so that the Bearer Control strategy of user terminal can be determined in strategy execution unit when not obtaining control strategy acquisition approach indication information.
Fig. 4 is the schematic diagram that the present invention determines the another another embodiment of Bearer Control strategy process.As shown in Figure 4:
Step 401, receives the access request information that strategy execution unit sends, and wherein access request information comprises the identifying information of user terminal.
Step 402, utilizes the identifying information of described user terminal, and described user terminal is authenticated.
Step 403, when authentication success, to strategy execution unit, send Certificate Authority information, wherein Certificate Authority information comprises control strategy acquisition approach indication information, so that strategy execution unit, according to described control strategy acquisition approach indication information, obtains the Bearer Control strategy of described user terminal.
The definite Bearer Control strategy process providing based on the above embodiment of the present invention, the access request information sending by receiving strategy execution unit, wherein access request information comprises the identifying information of user terminal.Utilize the identifying information of described user terminal, described user terminal is authenticated.When authentication success, to strategy execution unit, send Certificate Authority information, wherein Certificate Authority information comprises control strategy acquisition approach indication information, so that strategy execution unit, according to described control strategy acquisition approach indication information, obtains the Bearer Control strategy of described user terminal.By sending control strategy acquisition approach indication information to strategy execution unit, thereby strategy execution unit can obtain according to control strategy acquisition approach indication information the Bearer Control strategy of described user terminal, rather than when each accessing business network, all by accessing outside policy control unit, obtain user's Bearer Control strategy.Therefore can effectively reduce the information interaction with external policy control unit, can simplify service access process and omit the signing process of user in policy control unit, save Internet resources, and improved user's experience.
Fig. 5 is the schematic diagram of another embodiment of user terminal register method of the present invention.As shown in Figure 5:
Step 501, receives the registration information that strategy execution unit sends.
Step 502, the user terminal identifying information comprising according to registration information carries out authentication registration to user terminal.
Step 503, when authentication registration success, the control strategy acquisition approach indication information that storage registration information comprises, and to strategy execution unit transmission authentication registration success response information, wherein authentication registration success response information comprises that control strategy acquisition approach indication information sends rule, so that strategy execution unit is not when obtaining control strategy acquisition approach indication information, according to control strategy acquisition approach indication information, sends rule and determine control strategy acquisition approach indication information.
Fig. 6 is the schematic diagram of the embodiment in strategy execution of the present invention unit.As shown in Figure 6, strategy execution unit comprises:
The first receiving equipment 601, the access request information sending for receiving user terminal, wherein access request information comprises user terminal identifying information.
The first transmitting apparatus 602, for described access request information is transmitted to certification authority server, so that certification authority server authenticates described user terminal according to described user terminal identifying information.
Equipment 603 is obtained in path indication, for receiving at the first receiving equipment 601 after the Certificate Authority information of certification authority server transmission, obtains control strategy acquisition approach indication information from Certificate Authority information.
Strategy obtains equipment 604, for according to described control strategy acquisition approach indication information, obtains the Bearer Control strategy of described user terminal.
Service access equipment 605, for utilizing user terminal access service net described in Bearer Control policy control.
The strategy execution unit of the definite Bearer Control strategy providing based on the above embodiment of the present invention, the access request information sending by receiving user terminal, wherein access request information comprises user terminal identifying information.Described access request information is transmitted to certification authority server, so that certification authority server authenticates described user terminal according to described user terminal identifying information.After receiving the Certificate Authority information of certification authority server transmission, from Certificate Authority information, obtain control strategy acquisition approach indication information.According to described control strategy acquisition approach indication information, obtain the Bearer Control strategy of described user terminal.Utilize user terminal access service net described in Bearer Control policy control.By obtain the Bearer Control strategy of described user terminal according to control strategy acquisition approach indication information, rather than when each accessing business network, all by accessing outside policy control unit, obtain user's Bearer Control strategy.Therefore can effectively reduce the information interaction with external policy control unit, can simplify service access process and omit the signing process of user in policy control unit, save Internet resources, and improved user's experience.
Preferably, strategy obtains equipment 604 also for when the indication of described control strategy acquisition approach indication information is obtained Bearer Control strategy from this locality, and using this locality, default acquiescence control strategy is as the Bearer Control strategy of described user terminal.
Preferably, strategy obtains equipment 604 also for when described control strategy acquisition approach indication information indication is obtained Bearer Control strategy from policy control unit, obtains the Bearer Control strategy being associated with described user terminal from policy control unit.
Fig. 7 is the schematic diagram of strategy execution of the present invention another embodiment of unit.Compare with embodiment illustrated in fig. 6, in the embodiment shown in fig. 7, strategy execution unit also comprises the definite equipment 701 of path indication.Wherein:
Path indication is obtained equipment 603 also when there is no control strategy acquisition approach indication information in Certificate Authority information, and the indication of indication path determines that equipment 701 determines control strategy acquisition approach indication information;
Equipment 701 is determined in path indication, for the indication of obtaining equipment 603 according to path indication, according to the control strategy acquisition approach indication information setting in advance, send rule, determine control strategy acquisition approach indication information, then indication strategy obtains equipment 604 and carries out the operation of obtaining the Bearer Control strategy of described user terminal according to described control strategy acquisition approach indication information.
Preferably, path indication determines that equipment 701 is concrete according to the control strategy acquisition approach indication information transmission rule setting in advance, in Certificate Authority information, do not comprise that control strategy acquisition approach indication information is when obtaining Bearer Control strategy from this locality, generate the control strategy acquisition approach indication information that obtains Bearer Control strategy from this locality.
Preferably, path indication determines that equipment 701 is concrete according to the control strategy acquisition approach indication information transmission rule setting in advance, in Certificate Authority information, do not comprise that control strategy acquisition approach indication information is when obtaining Bearer Control strategy from policy control unit, generate the control strategy acquisition approach indication information that obtains Bearer Control strategy from policy control unit.
Preferably, in the strategy execution unit shown in Fig. 7, also comprise Rule equipment 702 and first memory 703.Wherein:
The first receiving equipment 601 is also for when receiving the registration information of described user terminal transmission, indicate the first transmitting apparatus 602 that registration information is transmitted to certification authority server, wherein registration information comprises user terminal identifying information and control strategy acquisition approach indication information, so that certification authority server utilizes user terminal identifying information to carry out authentication registration to described user terminal, and when authentication registration success, store control strategy acquisition approach indication information; After receiving the authentication registration success response information of certification authority server transmission, indication Rule equipment 702 obtains the control strategy acquisition approach indication information transmission rule that authentication registration success response information comprises.
Rule equipment 702, be used for according to the indication of the first receiving equipment 601, obtain the control strategy acquisition approach indication information transmission rule that authentication registration success response information comprises, and control strategy acquisition approach indication information is sent to rale store in first memory 703.
First memory 703, sends rule for storing control strategy acquisition approach indication information.
Preferably, path indication determines that equipment 701 can obtain corresponding control strategy acquisition approach indication information from first memory 703 and send rule.
Fig. 8 is the schematic diagram of an embodiment of certification authority server of the present invention.As shown in Figure 8, the certification authority server of determining Bearer Control strategy comprises:
The second receiving equipment 801, the access request information sending for receiving strategy execution unit, wherein access request information comprises the identifying information of user terminal.
Authenticating device 802, for utilizing the identifying information of described user terminal, authenticates described user terminal; When authentication success, indication the second transmitting apparatus 803 sends Certificate Authority information to strategy execution unit, and wherein Certificate Authority information comprises control strategy acquisition approach indication information.
The second transmitting apparatus 803, for according to the indication of authenticating device 802, sends described Certificate Authority information to strategy execution unit, so that strategy execution unit, according to described control strategy acquisition approach indication information, obtains the Bearer Control strategy of described user terminal.
The certification authority server of the definite Bearer Control strategy providing based on the above embodiment of the present invention, the access request information sending by receiving strategy execution unit, wherein access request information comprises the identifying information of user terminal.Utilize the identifying information of described user terminal, described user terminal is authenticated.When authentication success, to strategy execution unit, send Certificate Authority information, wherein Certificate Authority information comprises control strategy acquisition approach indication information, so that strategy execution unit, according to described control strategy acquisition approach indication information, obtains the Bearer Control strategy of described user terminal.By sending control strategy acquisition approach indication information to strategy execution unit, thereby strategy execution unit can obtain according to control strategy acquisition approach indication information the Bearer Control strategy of described user terminal, rather than when each accessing business network, all by accessing outside policy control unit, obtain user's Bearer Control strategy.Therefore can effectively reduce the information interaction with external policy control unit, can simplify service access process and omit the signing process of user in policy control unit, save Internet resources, and improved user's experience.
Fig. 9 is the schematic diagram of another embodiment of certification authority server of the present invention.Compare with embodiment illustrated in fig. 8, in the embodiment shown in fig. 9, certification authority server also comprises second memory 901.Wherein:
The second receiving equipment 801 is also for when receiving the registration information of strategy execution unit transmission, and the user terminal identifying information that indication authenticating device 802 comprises according to registration information carries out authentication registration to user terminal.
Authenticating device 802 is also for according to the indication of the second receiving equipment 801, and the user terminal identifying information comprising according to registration information carries out authentication registration to user terminal; When authentication registration success, the control strategy acquisition approach indication information that registration information is comprised is stored in second memory 901, and indicate the second transmitting apparatus 803 to strategy execution unit, to send authentication registration success response information, wherein authentication registration success response information comprises that control strategy acquisition approach indication information sends rule, so that strategy execution unit is not when obtaining control strategy acquisition approach indication information, according to control strategy acquisition approach indication information, sends rule and determine control strategy acquisition approach indication information.
Second memory 901, for storing control strategy acquisition approach indication information.
Figure 10 is the schematic diagram that the present invention determines an embodiment of Bearer Control policy system.As shown in figure 10, this system comprises strategy execution unit 1001 and certification authority server 1002.Wherein:
Strategy execution unit 1001, receive the access request information that user terminal sends, wherein access request information comprises user terminal identifying information, described access request information is transmitted to certification authority server 1002, after receiving the Certificate Authority information of certification authority server 1002 transmissions, from Certificate Authority information, obtain control strategy acquisition approach indication information, according to described control strategy acquisition approach indication information, obtain the Bearer Control strategy of described user terminal, utilize user terminal access service net described in Bearer Control policy control.
Certification authority server 1002, the access request information sending for receiving strategy execution unit 1001, utilize the identifying information of described user terminal, described user terminal is authenticated, when authentication success, to strategy execution unit, 1001 send Certificate Authority information, and wherein Certificate Authority information comprises control strategy acquisition approach indication information.
The system of the definite Bearer Control strategy providing based on the above embodiment of the present invention, receives by strategy execution unit the access request information that user terminal sends, and wherein access request information comprises user terminal identifying information.Strategy execution unit is transmitted to certification authority server by described access request information, so that certification authority server authenticates described user terminal according to described user terminal identifying information.After receiving the Certificate Authority information of certification authority server transmission, strategy execution unit obtains control strategy acquisition approach indication information from Certificate Authority information.According to described control strategy acquisition approach indication information, obtain the Bearer Control strategy of described user terminal.User terminal access service net described in strategy execution unit by using Bearer Control policy control.By obtain the Bearer Control strategy of described user terminal according to control strategy acquisition approach indication information, rather than when each accessing business network, all by accessing outside policy control unit, obtain user's Bearer Control strategy.Therefore can effectively reduce the information interaction with external policy control unit, can simplify service access process and omit the signing process of user in policy control unit, save Internet resources, and improved user's experience.
Preferably, strategy execution unit 1001 is the strategy execution unit that in Fig. 6 or Fig. 7, arbitrary embodiment relates to, and certification authority server is the certification authority server that in Fig. 8 or Fig. 9, arbitrary embodiment relates to.
Figure 11 is the network diagram that the present invention determines an embodiment of Bearer Control policy system.As shown in figure 11, user terminal is by wireless access network core network access, and strategy execution unit is transmitted to certification authority server by access request and authenticates.Certification authority server sends to strategy execution unit by Certificate Authority information after authentication success, and the control strategy acquisition approach indication information that strategy execution unit comprises according to Certificate Authority information obtains the Bearer Control strategy of user terminal.Wherein, according to sending rule, certification authority server can adopt following several mode to send control strategy acquisition approach indication information:
1) indication information is indicated respectively and from this locality, is obtained Bearer Control strategy and obtain Bearer Control strategy from policy control unit
Indication information is 1, obtains Bearer Control strategy from this locality
Indication information is 0, from policy control unit, obtains Bearer Control strategy
Strategy execution unit does not receive indication information, by predetermined way, obtains Bearer Control strategy
2) indication information represents to obtain from this locality Bearer Control strategy
Strategy execution unit receives indication information, obtains Bearer Control strategy from this locality
Strategy execution unit does not receive indication information, from policy control unit, obtains Bearer Control strategy
3) indication information represents to obtain Bearer Control strategy from policy control unit
Strategy execution unit receives indication information, from policy control unit, obtains Bearer Control strategy
Strategy execution unit does not receive indication information, obtains Bearer Control strategy from this locality
Strategy execution unit is by the Bearer Control strategy obtaining from this locality, or obtains Bearer Control strategy from policy control unit, controls user terminal access service net.
Preferably, strategy execution unit can be PDSN, SGSN(Serving GPRS SUPPORT NODE, GPRS serving GPRS support node), GGSN(Gateway GPRS Support Node, Gateway GPRS Support Node), SGW(Serving Gateway, gateway), PGW, certification authority server can be AAA(Authentication, Authorization, Accounting, checking, authorization and accounting) server, HSS(Home Subscriber Server, home subscriber server), policy control unit can be PCRF.
Description of the invention provides for example with for the purpose of describing, and is not exhaustively or limit the invention to disclosed form.Many modifications and variations are obvious for the ordinary skill in the art.Selecting and describing embodiment is for better explanation principle of the present invention and practical application, thereby and makes those of ordinary skill in the art can understand the various embodiment with various modifications that the present invention's design is suitable for special-purpose.

Claims (20)

1. a method for definite Bearer Control strategy, is characterized in that, comprising:
Receive the access request information that user terminal sends, wherein access request information comprises user terminal identifying information;
Described access request information is transmitted to certification authority server, so that certification authority server authenticates described user terminal according to described user terminal identifying information;
After receiving the Certificate Authority information of certification authority server transmission, from Certificate Authority information, obtain control strategy acquisition approach indication information;
According to described control strategy acquisition approach indication information, obtain the Bearer Control strategy of described user terminal;
Utilize user terminal access service net described in Bearer Control policy control.
2. method according to claim 1, is characterized in that,
The step of obtaining the Bearer Control strategy of described user terminal according to described control strategy acquisition approach indication information comprises:
When the indication of described control strategy acquisition approach indication information is obtained Bearer Control strategy from this locality, using this locality, default acquiescence control strategy is as the Bearer Control strategy of described user terminal.
3. method according to claim 1, is characterized in that,
The step of obtaining the Bearer Control strategy of described user terminal according to described control strategy acquisition approach indication information comprises:
When described control strategy acquisition approach indication information indication is obtained Bearer Control strategy from policy control unit, from policy control unit, obtain the Bearer Control strategy being associated with described user terminal.
4. according to the method described in any one in claim 1-3, it is characterized in that,
The step of obtaining control strategy acquisition approach indication information from Certificate Authority information comprises:
If there is no control strategy acquisition approach indication information in Certificate Authority information, according to the control strategy acquisition approach indication information setting in advance, send rule, determine control strategy acquisition approach indication information;
Then carry out the step of obtaining the Bearer Control strategy of described user terminal according to described control strategy acquisition approach indication information.
5. method according to claim 4, is characterized in that,
According to the control strategy acquisition approach indication information setting in advance, send rule and determine that the step of control strategy acquisition approach indication information comprises:
According to the control strategy acquisition approach indication information setting in advance, send rule, in Certificate Authority information, do not comprise that control strategy acquisition approach indication information is when obtaining Bearer Control strategy from this locality, generate the control strategy acquisition approach indication information that obtains Bearer Control strategy from this locality.
6. method according to claim 4, is characterized in that,
According to the control strategy acquisition approach indication information setting in advance, send rule and determine that the step of control strategy acquisition approach indication information comprises:
According to the control strategy acquisition approach indication information setting in advance, send rule, in Certificate Authority information, do not comprise that control strategy acquisition approach indication information is when obtaining Bearer Control strategy from policy control unit, generate the control strategy acquisition approach indication information that obtains Bearer Control strategy from policy control unit.
7. according to the method described in any one in claim 1-3, it is characterized in that,
When receiving the registration information of described user terminal transmission, registration information is transmitted to certification authority server, wherein registration information comprises user terminal identifying information and control strategy acquisition approach indication information, so that certification authority server utilizes user terminal identifying information to carry out authentication registration to described user terminal, and when authentication registration success, store control strategy acquisition approach indication information;
After receiving the authentication registration success response information of certification authority server transmission, obtain and store the control strategy acquisition approach indication information transmission rule that authentication registration success response information comprises.
8. a method for definite Bearer Control strategy, is characterized in that, comprising:
Receive the access request information that strategy execution unit sends, wherein access request information comprises the identifying information of user terminal;
Utilize the identifying information of described user terminal, described user terminal is authenticated;
When authentication success, to strategy execution unit, send Certificate Authority information, wherein Certificate Authority information comprises control strategy acquisition approach indication information, so that strategy execution unit, according to described control strategy acquisition approach indication information, obtains the Bearer Control strategy of described user terminal.
9. method according to claim 8, is characterized in that,
When receiving the registration information of strategy execution unit transmission, the user terminal identifying information comprising according to registration information carries out authentication registration to user terminal;
When authentication registration success, the control strategy acquisition approach indication information that storage registration information comprises, and to strategy execution unit transmission authentication registration success response information, wherein authentication registration success response information comprises that control strategy acquisition approach indication information sends rule, so that strategy execution unit is not when obtaining control strategy acquisition approach indication information, according to control strategy acquisition approach indication information, sends rule and determine control strategy acquisition approach indication information.
10. a strategy execution unit for definite Bearer Control strategy, is characterized in that, comprising:
The first receiving equipment, the access request information sending for receiving user terminal, wherein access request information comprises user terminal identifying information;
The first transmitting apparatus, for described access request information is transmitted to certification authority server, so that certification authority server authenticates described user terminal according to described user terminal identifying information;
Equipment is obtained in path indication, for receiving at the first receiving equipment after the Certificate Authority information of certification authority server transmission, obtains control strategy acquisition approach indication information from Certificate Authority information;
Strategy obtains equipment, for according to described control strategy acquisition approach indication information, obtains the Bearer Control strategy of described user terminal;
Service access equipment, for utilizing user terminal access service net described in Bearer Control policy control.
11. strategy execution according to claim 10 unit, is characterized in that,
Strategy obtains equipment also for when the indication of described control strategy acquisition approach indication information is obtained Bearer Control strategy from this locality, and using this locality, default acquiescence control strategy is as the Bearer Control strategy of described user terminal.
12. strategy execution according to claim 10 unit, is characterized in that,
Strategy obtains equipment also for when described control strategy acquisition approach indication information indication is obtained Bearer Control strategy from policy control unit, obtains the Bearer Control strategy being associated with described user terminal from policy control unit.
13. according to the strategy execution unit described in any one in claim 10-12, it is characterized in that, strategy execution unit also comprises the definite equipment of path indication, wherein:
Path indication is obtained equipment also when there is no control strategy acquisition approach indication information in Certificate Authority information, and the indication of indication path determines that equipment determines control strategy acquisition approach indication information;
Equipment is determined in path indication, for the indication of obtaining equipment according to path indication, according to the control strategy acquisition approach indication information setting in advance, send rule, determine control strategy acquisition approach indication information, then indication strategy obtains equipment and carries out the operation of obtaining the Bearer Control strategy of described user terminal according to described control strategy acquisition approach indication information.
14. strategy execution according to claim 13 unit, is characterized in that,
Path indication determines that equipment is concrete according to the control strategy acquisition approach indication information transmission rule setting in advance, in Certificate Authority information, do not comprise that control strategy acquisition approach indication information is when obtaining Bearer Control strategy from this locality, generate the control strategy acquisition approach indication information that obtains Bearer Control strategy from this locality.
15. strategy execution according to claim 13 unit, is characterized in that,
Path indication determines that equipment is concrete according to the control strategy acquisition approach indication information transmission rule setting in advance, in Certificate Authority information, do not comprise that control strategy acquisition approach indication information is when obtaining Bearer Control strategy from policy control unit, generate the control strategy acquisition approach indication information that obtains Bearer Control strategy from policy control unit.
16. according to the strategy execution unit described in any one in claim 10-12, it is characterized in that, strategy execution unit also comprises Rule equipment and first memory, wherein:
The first receiving equipment is also for when receiving the registration information of described user terminal transmission, indicate the first transmitting apparatus that registration information is transmitted to certification authority server, wherein registration information comprises user terminal identifying information and control strategy acquisition approach indication information, so that certification authority server utilizes user terminal identifying information to carry out authentication registration to described user terminal, and when authentication registration success, store control strategy acquisition approach indication information; After receiving the authentication registration success response information of certification authority server transmission, indication Rule equipment obtains the control strategy acquisition approach indication information transmission rule that authentication registration success response information comprises;
Rule equipment, be used for according to the indication of the first receiving equipment, obtain the control strategy acquisition approach indication information transmission rule that authentication registration success response information comprises, and control strategy acquisition approach indication information is sent to rale store in first memory;
First memory, sends rule for storing control strategy acquisition approach indication information.
The certification authority server of 17. 1 kinds of definite Bearer Control strategies, is characterized in that, comprising:
The second receiving equipment, the access request information sending for receiving strategy execution unit, wherein access request information comprises the identifying information of user terminal;
Authenticating device, for utilizing the identifying information of described user terminal, authenticates described user terminal; When authentication success, indication the second transmitting apparatus sends Certificate Authority information to strategy execution unit, and wherein Certificate Authority information comprises control strategy acquisition approach indication information;
The second transmitting apparatus, for according to the indication of authenticating device, sends described Certificate Authority information to strategy execution unit, so that strategy execution unit, according to described control strategy acquisition approach indication information, obtains the Bearer Control strategy of described user terminal.
18. certification authority servers according to claim 17, is characterized in that, certification authority server also comprises second memory, wherein:
The second receiving equipment is also for when receiving the registration information of strategy execution unit transmission, and the user terminal identifying information that indication authenticating device comprises according to registration information carries out authentication registration to user terminal;
Authenticating device is also for according to the indication of the second receiving equipment, and the user terminal identifying information comprising according to registration information carries out authentication registration to user terminal; When authentication registration success, the control strategy acquisition approach indication information that registration information is comprised is stored in second memory, and indicate the second transmitting apparatus to strategy execution unit, to send authentication registration success response information, wherein authentication registration success response information comprises that control strategy acquisition approach indication information sends rule, so that strategy execution unit is not when obtaining control strategy acquisition approach indication information, according to control strategy acquisition approach indication information, sends rule and determine control strategy acquisition approach indication information;
Second memory, for storing control strategy acquisition approach indication information.
The system of 19. 1 kinds of definite Bearer Control strategies, is characterized in that, comprising: strategy execution unit and certification authority server, wherein:
Strategy execution unit, receive the access request information that user terminal sends, wherein access request information comprises user terminal identifying information, described access request information is transmitted to certification authority server, after receiving the Certificate Authority information of certification authority server transmission, from Certificate Authority information, obtain control strategy acquisition approach indication information, according to described control strategy acquisition approach indication information, obtain the Bearer Control strategy of described user terminal, utilize user terminal access service net described in Bearer Control policy control;
Certification authority server, the access request information sending for receiving strategy execution unit, utilize the identifying information of described user terminal, described user terminal is authenticated, when authentication success, to strategy execution unit, send Certificate Authority information, wherein Certificate Authority information comprises control strategy acquisition approach indication information.
20. systems according to claim 19, is characterized in that,
Strategy execution unit is the strategy execution unit that in claim 10-16, any one relates to;
Certification authority server is the certification authority server that claim 17 or 18 relates to.
CN201210323245.9A 2012-09-04 2012-09-04 It is determined that carrying the method and system of control strategy Active CN103686719B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201210323245.9A CN103686719B (en) 2012-09-04 2012-09-04 It is determined that carrying the method and system of control strategy

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201210323245.9A CN103686719B (en) 2012-09-04 2012-09-04 It is determined that carrying the method and system of control strategy

Publications (2)

Publication Number Publication Date
CN103686719A true CN103686719A (en) 2014-03-26
CN103686719B CN103686719B (en) 2017-07-07

Family

ID=50322725

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201210323245.9A Active CN103686719B (en) 2012-09-04 2012-09-04 It is determined that carrying the method and system of control strategy

Country Status (1)

Country Link
CN (1) CN103686719B (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103929492A (en) * 2014-04-28 2014-07-16 华为技术有限公司 Method, devices and system for load balancing of service chain
CN105792200A (en) * 2014-12-26 2016-07-20 中国移动通信集团公司 Authentication method, system and related device
CN106612509A (en) * 2015-10-21 2017-05-03 中国电信股份有限公司 Virtual wireless service providing method, device and system in dense wireless network

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101505470A (en) * 2008-02-04 2009-08-12 华为技术有限公司 Policy control method and equipment
CN102098649A (en) * 2010-12-09 2011-06-15 成都市华为赛门铁克科技有限公司 Method, device and system for processing value added service based on policy and charging control system
WO2011147074A1 (en) * 2010-05-25 2011-12-01 华为技术有限公司 Method, system and corresponding apparatus for implementing policy and charging control

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101505470A (en) * 2008-02-04 2009-08-12 华为技术有限公司 Policy control method and equipment
WO2011147074A1 (en) * 2010-05-25 2011-12-01 华为技术有限公司 Method, system and corresponding apparatus for implementing policy and charging control
CN102098649A (en) * 2010-12-09 2011-06-15 成都市华为赛门铁克科技有限公司 Method, device and system for processing value added service based on policy and charging control system

Cited By (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103929492A (en) * 2014-04-28 2014-07-16 华为技术有限公司 Method, devices and system for load balancing of service chain
CN103929492B (en) * 2014-04-28 2017-08-29 华为技术有限公司 Business chain load-balancing method and its device, system
US10673760B2 (en) 2014-04-28 2020-06-02 Huawei Technologies Co., Ltd. Method, apparatus, and system for load balancing of service chain
US11539626B2 (en) 2014-04-28 2022-12-27 Huawei Technologies Co., Ltd. Method, apparatus, and system for load balancing of service chain
CN105792200A (en) * 2014-12-26 2016-07-20 中国移动通信集团公司 Authentication method, system and related device
CN105792200B (en) * 2014-12-26 2019-05-10 中国移动通信集团公司 A kind of method for authenticating, system and relevant apparatus
CN106612509A (en) * 2015-10-21 2017-05-03 中国电信股份有限公司 Virtual wireless service providing method, device and system in dense wireless network
CN106612509B (en) * 2015-10-21 2019-10-22 中国电信股份有限公司 The methods, devices and systems of virtual radio service are provided in intensive wireless network

Also Published As

Publication number Publication date
CN103686719B (en) 2017-07-07

Similar Documents

Publication Publication Date Title
JP5926433B2 (en) Telecommunications network and time-based network access method
CN105453601B (en) EPC will be connected to without IMSI equipment
US8880688B2 (en) Apparatus and method for providing profile of terminal in communication system
CN108540973B (en) Data service processing method, device and system in roaming scene
CN105228126B (en) A kind of method and system of network access point trustship
CN105191210B (en) Method for policy control and charge for D2D service
CN107529160A (en) A kind of VoWiFi method for network access and system, terminal and wireless access points equipment
US20150230074A1 (en) Charging Control Method, Device, and System for Data Service of Roaming Subscriber
CN102497379A (en) Network access method, system and equipment
CN102215486A (en) Network access method, system, network authentication method, equipment and terminal
CN103686719A (en) Method and system for determining bearer control policy
CN1885768B (en) Worldwide web authentication method
CN105142124B (en) A kind of Network Access Method and mobile terminal applied to mobile terminal
US7310510B2 (en) Method for ascertaining a billing tariff for billing for a data transfer
CN103747423A (en) Registration method, apparatus and system of terminal application
CN108133142A (en) A kind of mobile device remote connection and the method for manipulation PC machine
CN103441889B (en) Statistical information generating method and system
CN106487776B (en) Method, network entity and system for protecting machine type communication equipment
CN105792200B (en) A kind of method for authenticating, system and relevant apparatus
US11381562B2 (en) Detection of a user equipment type related to access, services authorization and/or authentication
KR20130030956A (en) Apparatus and method for charging in one device multi-user system
KR101058941B1 (en) Prepaid Billing Method and System
US20140372270A1 (en) System and Method for Balance Requests
KR20160075655A (en) Data processing method, device and system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant