CN104935557A - Method and device for controlling local network access - Google Patents

Method and device for controlling local network access Download PDF

Info

Publication number
CN104935557A
CN104935557A CN201410105999.6A CN201410105999A CN104935557A CN 104935557 A CN104935557 A CN 104935557A CN 201410105999 A CN201410105999 A CN 201410105999A CN 104935557 A CN104935557 A CN 104935557A
Authority
CN
China
Prior art keywords
connection identifier
network
network connection
local
request
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
CN201410105999.6A
Other languages
Chinese (zh)
Inventor
钟哲英
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
ZTE Corp
Original Assignee
ZTE Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by ZTE Corp filed Critical ZTE Corp
Priority to CN201410105999.6A priority Critical patent/CN104935557A/en
Priority to PCT/CN2014/087568 priority patent/WO2015139442A1/en
Publication of CN104935557A publication Critical patent/CN104935557A/en
Withdrawn legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/08Access security
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/101Access control lists [ACL]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

The invention discloses a method for controlling local network access. The method includes the following steps: when a network connection request sent from a network node is received, a local gateway acquires a network connection identifier included in the connection request, and the network connection request is a request for connection of user equipment and a local network; the local gateway determines whether the acquired network connection identifier is a legal network connection identifier; and when the acquired network connection identifier is an illegal network connection identifier, the local gateway determines the network connection request to be an illegal request and refuses to respond to the network connection request. The invention also discloses a device for controlling local network access, and effectively prevents a connection request of a non-local gateway from being accessed to the local gateway, so as to realize control of local network access, thereby improving security of network access.

Description

The control method of local network access and device
Technical field
The present invention relates to the mobile internet technical field of forth generation mobile communication system, particularly relate to control method and the device of local network access.
Background technology
LIPA(Local IP Access, local IP access) technology is based on HeNB(Home enhancedNode, Home eNodeB) network technology proposition, its core technology is that the communication data of local network can without the core network of operator, directly by HeNB, the communication data of each local network is branched to corresponding destination, thus alleviate load and the transmission cost of core network.
LIPA technology specifies in its agreement, and LIPA establishment of connection needs to obtain network side mandate (comprise signing, operator's configuration etc.), the control procedure of network side mandate mainly at MME(MobilityManagement Entity, network node) on carry out.
LIPA technology also specifies in its agreement, UE(User equipment, subscriber equipment) the CSG(closed user group supporting the Home eNodeB that LIPA connects can be obtained in static configuration) id, and determine whether initiate LIPA connection request according to the CSG id obtained; For the Home eNodeB supporting mixed mode, subscriber equipment judges whether to initiate LIPA connection request according to the access module of self; LIPA can not be initiated for the subscriber equipment without CSG function to connect, connect by other connected modes and local network.Network node is when there being subscriber equipment to send LIPA connection request, from HSS (HierarchicalService System, service system by different level) obtain the mark of LIPA granularity corresponding to this subscriber equipment, the network capabilities of HeNB, and determine whether that authorizing this subscriber equipment to set up is connected with the LIPA of local network according to the mark of LIPA granularity obtained, the network capabilities of HeNB.
But do not have clear stipulaties in the protocol, subscriber equipment must have CSG function just can initiate LIPA connection.When LIPA connection request initiated by the subscriber equipment without CSG function, network node obtains the tenability of the tenability of this subscriber equipment LIPA connection and the LIPA connection of local gateway from HSS, when this subscriber equipment and this local gateway all support that LIPA connects, network node allows to create this subscriber equipment and is connected with the LIPA between this local gateway, but network node cannot obtain more information and identify the access point whether this local gateway belong to this subscriber equipment connection request.
Foregoing, only for auxiliary understanding technical scheme of the present invention, does not represent and admits that foregoing is prior art.
Summary of the invention
Main purpose of the present invention, for providing control method and the device of local network access, is intended to effectively avoid be not that the connection request of described local gateway is linked into described local gateway, to realize the control of local network access, improves the fail safe of access to netwoks.
For achieving the above object, the invention provides a kind of control method of local network access, the method comprising the steps of:
When receiving the network connecting request that network node sends, local gateway obtains the network connection identifier that described connection request comprises, and described network connecting request is the connection request of subscriber equipment and local network;
Described local gateway determines whether the network connection identifier obtained is legitimate network connection identifier;
When the network connection identifier determining to obtain is illegal network connection identifier, described local gateway determines that described network connecting request is illegal request and the described network connecting request of refusal response.
Preferably, after described local gateway determines whether the network connection identifier obtained is the step of legitimate network connection identifier, the method also comprises:
When the network connection identifier determining to obtain is legitimate network connection identifier, described local gateway determines that described network connecting request is legitimate connection requests and authorizes described subscriber equipment to access local network.
Preferably, described local gateway determines that whether the network connection identifier obtained is that the step of legitimate network connection identifier comprises:
Whether described local gateway analysis has the legal connection identifier that prestores consistent with the network connection identifier of acquisition;
When there not being the legal connection identifier that prestores consistent with the network connection identifier of acquisition, described local gateway determines that described network connection identifier is illegal network connection identifier;
When there being the legal connection identifier that prestores consistent with the network connection identifier of acquisition, described local gateway determines that described network connection identifier is legitimate network connection identifier.
Preferably, described local gateway determines that whether the network connection identifier obtained is that the step of legitimate network connection identifier comprises:
The network connection identifier of acquisition is sent to the authentication device communicating with connection by described local gateway, to verify whether the network connection identifier of acquisition is legitimate network connection identifier;
Described local gateway receives the authorization information that described authentication device sends, and resolves the authorization information received, to determine whether the network connection identifier obtained is legitimate network connection identifier.
Preferably, determine that described network connecting request is illegal request and after the step of the described network connecting request of refusal response, the method also comprises at described local gateway:
Described local gateway sends prompting message, to have pointed out illegal request accessing local network.
The present invention further provides a kind of control device of local network access, this device comprises:
Acquisition module, for when receiving the network connecting request that network node sends, obtain the network connection identifier that described connection request comprises, described network connecting request is the connection request of subscriber equipment and local network;
Analysis module, for determining whether the network connection identifier obtained is legitimate network connection identifier;
Respond module, for when the network connection identifier determining to obtain is illegal network connection identifier, determines that described network connecting request is illegal request and the described network connecting request of refusal response.
Preferably, respond module, also for when the network connection identifier determining to obtain is legitimate network connection identifier, determines that described network connecting request is legitimate connection requests and authorizes described subscriber equipment to access local network.
Preferably, whether described analysis module, also have the legal connection identifier that prestores consistent with the network connection identifier of acquisition for analyzing; And
When there not being the legal connection identifier that prestores consistent with the network connection identifier of acquisition, determine that described network connection identifier is illegal network connection identifier; Or
When there being the legal connection identifier that prestores consistent with the network connection identifier of acquisition, determine that described network connection identifier is legitimate network connection identifier.
Preferably, this device also comprises:
Sending and receiving module, for the network connection identifier of acquisition is sent to the authentication device communicating with connection, to verify whether the network connection identifier of acquisition is legitimate network connection identifier; And
Receive the authorization information that described authentication device sends;
Processing module, for resolving the authorization information received, to determine whether the network connection identifier obtained is legitimate network connection identifier.
Preferably, this device also comprises:
Prompting module, for sending prompting message, to have pointed out illegal request accessing local network.
Hinge structure, the present invention is when receiving the network connecting request that network node sends, and local gateway obtains the network connection identifier that described connection request comprises, and described network connecting request is the connection request of subscriber equipment and local network; Described local gateway determines whether the network connection identifier obtained is legitimate network connection identifier; When the network connection identifier determining to obtain is illegal network connection identifier, described local gateway determines that described network connecting request is illegal request and the described network connecting request of refusal response.When the access point identifying described subscriber equipment by described local gateway is not described local gateway, the described network connecting request of described local gateway refusal response, effectively avoid not being that the connection request of described local gateway is linked into described local gateway, to realize the control of local network access, improve the fail safe of access to netwoks.
Accompanying drawing explanation
Fig. 1 is the schematic flow sheet of control method first embodiment of local network access of the present invention;
Fig. 2 is the structure-steel framing composition of mobile communications network one embodiment of the present invention;
Fig. 3 is the schematic flow sheet of control method second embodiment of local network access of the present invention;
Fig. 4 is the schematic flow sheet of control device first embodiment of local network access of the present invention;
Fig. 5 is the schematic flow sheet of control device second embodiment of local network access of the present invention.
The realization of the object of the invention, functional characteristics and advantage will in conjunction with the embodiments, are described further with reference to accompanying drawing.
Embodiment
Should be appreciated that specific embodiment described herein only in order to explain the present invention, be not intended to limit the present invention.
As shown in Figure 1, be the schematic flow sheet of control method first embodiment of local network access of the present invention.
It is emphasized that: flow chart shown in Fig. 1 is only a preferred embodiment, those skilled in the art is when knowing, any embodiment built around inventive concept should not depart from the scope contained in following technical scheme:
When receiving the network connecting request that network node sends, local gateway obtains the network connection identifier that described connection request comprises, and described network connecting request is the connection request of subscriber equipment and local network; Described local gateway determines whether the network connection identifier obtained is legitimate network connection identifier; When the network connection identifier determining to obtain is illegal network connection identifier, described local gateway determines that described network connecting request is illegal request and the described network connecting request of refusal response.
Below the concrete steps that the present embodiment progressively realizes controlling local network access:
Step S11, when receiving the network connecting request that network node sends, local gateway obtains the network connection identifier that described connection request comprises, and described network connecting request is the connection request of subscriber equipment and local network.
In the present embodiment, with reference to figure 2, useful family equipment is disposed in mobile communications network, Home eNodeB, network node, HSS, local gateway and local network, described subscriber equipment and described Home eNodeB wireless connections, described Home eNodeB, described local gateway and described HSS all communicate to connect with described network node, described local gateway is connected with described local network, described network node controls the foundation communicated to connect between described subscriber equipment and described local gateway, described local network can be one or more (only illustrating one in figure), described local gateway also can be multiple (only illustrating one in figure).In other embodiments of the present invention, in described mobile communications network, also comprise an authentication device communicated to connect with described local gateway.
The process that described network node controls the foundation communicated to connect between described subscriber equipment and described local gateway comprises: described subscriber equipment initiates to set up the LIPA connection request with described local network to described Home eNodeB, described Home eNodeB identify that described subscriber equipment sends for connect request time, construct the message that one comprises local gateway address, be sent to described network node, described network node is when receiving the information of the structure that described Home eNodeB sends, the contextual information obtaining subscription corresponding to described subscriber equipment is initiated to HSS, and receive the contextual information of subscription corresponding to described subscriber equipment, and resolve the contextual information of subscription corresponding to described subscriber equipment, to determine whether the access point that described subscriber equipment provides supports LIPA function, when the contextual information received comprises the printed words allowing LIPA to connect, described network node mandate is set up described subscriber equipment and is set up LIPA with described local gateway and be connected, namely, a communication link is created between described subscriber equipment and described local gateway, forwarded by described local gateway for described subscriber equipment or receive mobile data, above-mentioned licensing process is network side mandate.
Described network node is when authorizing the communication link set up between subscriber equipment and local gateway, the request creating described subscriber equipment and be connected with network between described local network is sent to described local gateway, described local gateway, when receiving the network connecting request that network node sends, obtains the network connection identifier that described connection request comprises.Described subscriber equipment is the electronic equipment using mobile communications network, such as, and mobile phone, computer, panel computer etc.; Described network connection identifier can be IMSI(international mobile subscriber identity), the information in order to each subscriber equipment is distinguished such as phone number, wireless Internet access account.
Step S12, described local gateway determines whether the network connection identifier obtained is legitimate network connection identifier.
In the present embodiment, described local gateway determines that whether the network connection identifier obtained is the process of legitimate network connection identifier and can is: described local gateway prestores all legitimate network connection identifier that are connected legal in described local gateway, when getting the network connection identifier that described connection request comprises, whether analyze has the legitimate network connection identifier that prestores consistent with the network connection identifier of acquisition, when there not being the legal connection identifier that prestores consistent with the network connection identifier of acquisition, described local gateway determines that described network connection identifier is illegal network connection identifier, when there being the legal connection identifier that prestores consistent with the network connection identifier of acquisition, described local gateway determines that described network connection identifier is legitimate network connection identifier.In other embodiments of the present invention, described local gateway determines that whether the network connection identifier obtained is the process of legitimate network connection identifier and can also is: the network connection identifier of acquisition is sent to the authentication device communicating with connection by described local gateway, to verify whether the network connection identifier of acquisition is legitimate network connection identifier.Described authentication device prestores all legitimate network connection identifier that are connected legal in described local gateway, when receiving the network connection identifier that described network node sends, whether described authentication device analysis has the legitimate network connection identifier that prestores consistent with the network connection identifier of reception, having, the legitimate network connection identifier that prestores is consistent with the network connection identifier of reception, determine that the network connection identifier received is legitimate network connection identifier, generate the authorization information that the network connection identifier received is legitimate network connection identifier; When there not being the legitimate network connection identifier that prestores consistent with the network connection identifier of reception, determining that the network connection identifier received is illegal network connection identifier, generating the authorization information that the network connection identifier received is illegal network connection identifier.Described local gateway receives the authorization information that described authentication device sends, and resolves the authorization information received, to determine whether the network connection identifier obtained is legitimate network connection identifier.
Step S13, when the network connection identifier determining to obtain is illegal network connection identifier, described local gateway determines that described network connecting request is illegal request and the described network connecting request of refusal response.
In the present embodiment, when the network connection identifier determining to obtain is illegal network connection identifier, described local gateway determines that described network connecting request is illegal request and the described network connecting request of refusal response. when the network connection identifier determining to obtain is legitimate network connection identifier, described local gateway determines that described network connecting request is legitimate connection requests and authorizes described subscriber equipment to access local network.
The present embodiment is when receiving the network connecting request that network node sends, and local gateway obtains the network connection identifier that described connection request comprises, and described network connecting request is the connection request of subscriber equipment and local network; Described local gateway determines whether the network connection identifier obtained is legitimate network connection identifier; When the network connection identifier determining to obtain is illegal network connection identifier, described local gateway determines that described network connecting request is illegal request and the described network connecting request of refusal response.When the access point identifying described subscriber equipment by described local gateway is not described local gateway, the described network connecting request of described local gateway refusal response, effectively avoid not being that the connection request of described local gateway is linked into described local gateway, to realize the control of local network access, improve the fail safe of access to netwoks.
As shown in Figure 3, be the schematic flow sheet of control method second embodiment of local network access of the present invention.Based on above-mentioned first embodiment, after described step S13, the method also comprises:
Step S14, described local gateway sends prompting message, to have pointed out illegal request accessing local network.
In the present embodiment, described local gateway is when determining that described network connecting request is illegal request, and described local gateway sends prompting message, to have pointed out illegal request accessing local network.Be preferably described local gateway in the present embodiment and send reminder message to the management end of described local network, illegal request accessing local network is had to point out the monitor staff of local network management end to know, be connected with local network to strengthen preventing subscriber equipment end subscriber to be set up by illegal means to the monitoring of local network access, and the data of accessing local network.In other embodiments of the present invention, described local gateway sends prompting message to described subscriber equipment, and the described network connecting request sent to point out described subscriber equipment end subscriber is for illegal request, and namely the access point of this connection request is not described local gateway.
Implement described local gateway at this and send system information, illegal request accessing local network is had with prompting, to point out the management end user of local network to have illegal request accessing local network, strengthen the monitoring to local network access, improve the fail safe of access to netwoks further.
As shown in Figure 4, be the high-level schematic functional block diagram of control device first embodiment of local network access of the present invention.This device comprises: acquisition module 10, analysis module 20, sending and receiving module 30, processing module 40 and respond module 50.
Described acquisition module 10, for when receiving the network connecting request that network node sends, obtain the network connection identifier that described connection request comprises, described network connecting request is the connection request of subscriber equipment and local network.
In the present embodiment, with reference to figure 2, useful family equipment is disposed in mobile communications network, Home eNodeB, network node, HSS, local gateway and local network, described subscriber equipment and described Home eNodeB wireless connections, described Home eNodeB, described local gateway and described HSS all communicate to connect with described network node, described local gateway is connected with described local network, described network node controls the foundation communicated to connect between described subscriber equipment and described local gateway, described local network can be one or more (only illustrating one in figure), described local gateway also can be multiple (only illustrating one in figure).In other embodiments of the present invention, in described mobile communications network, also comprise an authentication device communicated to connect with described local gateway.The control device of described local network access is preferably local gateway.
The process that described network node controls the foundation communicated to connect between described subscriber equipment and described local gateway comprises: described subscriber equipment initiates to set up the LIPA connection request with described local network to described Home eNodeB, described Home eNodeB identify that described subscriber equipment sends for connect request time, construct the message that one comprises local gateway address, be sent to described network node, described network node is when receiving the information of the structure that described Home eNodeB sends, the contextual information obtaining subscription corresponding to described subscriber equipment is initiated to HSS, and receive the contextual information of subscription corresponding to described subscriber equipment, and resolve the contextual information of subscription corresponding to described subscriber equipment, to determine whether the access point that described subscriber equipment provides supports LIPA function, when the contextual information received comprises the printed words allowing LIPA to connect, described network node mandate is set up described subscriber equipment and is set up LIPA with described local gateway and be connected, namely, a communication link is created between described subscriber equipment and described local gateway, forwarded by described local gateway for described subscriber equipment or receive mobile data, above-mentioned licensing process is network side mandate.
Described network node is when authorizing the communication link set up between subscriber equipment and local gateway, the request creating described subscriber equipment and be connected with network between described local network is sent to described local gateway, described local gateway, when receiving the network connecting request that network node sends, obtains the network connection identifier that described connection request comprises.Described subscriber equipment is the electronic equipment using mobile communications network, such as, and mobile phone, computer, panel computer etc.; Described network connection identifier can be IMSI(international mobile subscriber identity), the information in order to each subscriber equipment is distinguished such as phone number, wireless Internet access account.
Described analysis module 20, for determining whether the network connection identifier obtained is legitimate network connection identifier.
In the present embodiment, described local gateway determines that whether the network connection identifier obtained is the process of legitimate network connection identifier and can is: described local gateway prestores all legitimate network connection identifier that are connected legal in described local gateway, when getting the network connection identifier that described connection request comprises, whether analyze has the legitimate network connection identifier that prestores consistent with the network connection identifier of acquisition, when there not being the legal connection identifier that prestores consistent with the network connection identifier of acquisition, described local gateway determines that described network connection identifier is illegal network connection identifier, when there being the legal connection identifier that prestores consistent with the network connection identifier of acquisition, described local gateway determines that described network connection identifier is legitimate network connection identifier.
In other embodiments of the present invention, described local gateway determines that whether the network connection identifier obtained is the process of legitimate network connection identifier and can also is: the network connection identifier of acquisition is sent to the authentication device communicating with connection by sending and receiving module 30, to verify whether the network connection identifier of acquisition is legitimate network connection identifier.Described authentication device prestores all legitimate network connection identifier that are connected legal in described local gateway, when receiving the network connection identifier that described network node sends, whether described authentication device analysis has the legitimate network connection identifier that prestores consistent with the network connection identifier of reception, having, the legitimate network connection identifier that prestores is consistent with the network connection identifier of reception, determine that the network connection identifier received is legitimate network connection identifier, generate the authorization information that the network connection identifier received is legitimate network connection identifier; When there not being the legitimate network connection identifier that prestores consistent with the network connection identifier of reception, determining that the network connection identifier received is illegal network connection identifier, generating the authorization information that the network connection identifier received is illegal network connection identifier.Described sending and receiving module 30 receives the authorization information that described authentication device sends, and is resolved the authorization information received by processing module 40, to determine whether the network connection identifier obtained is legitimate network connection identifier.
Described respond module 50, for when the network connection identifier determining to obtain is illegal network connection identifier, determines that described network connecting request is illegal request and the described network connecting request of refusal response.
In the present embodiment, when the network connection identifier determining to obtain is illegal network connection identifier, described local gateway determines that described network connecting request is illegal request and the described network connecting request of refusal response. when the network connection identifier determining to obtain is legitimate network connection identifier, described local gateway determines that described network connecting request is legitimate connection requests and authorizes described subscriber equipment to access local network.
The present embodiment is when receiving the network connecting request that network node sends, and local gateway obtains the network connection identifier that described connection request comprises, and described network connecting request is the connection request of subscriber equipment and local network; Described local gateway determines whether the network connection identifier obtained is legitimate network connection identifier; When the network connection identifier determining to obtain is illegal network connection identifier, described local gateway determines that described network connecting request is illegal request and the described network connecting request of refusal response.When the access point identifying described subscriber equipment by described local gateway is not described local gateway, the described network connecting request of described local gateway refusal response, effectively avoid not being that the connection request of described local gateway is linked into described local gateway, to realize the control of local network access, improve the fail safe of access to netwoks.
As shown in Figure 5, be the high-level schematic functional block diagram of control device second embodiment of local network access of the present invention.This device also comprises: prompting module 60.
Described prompting module 60, sends prompting message, to have pointed out illegal request accessing local network.
In the present embodiment, described local gateway is when determining that described network connecting request is illegal request, and described local gateway sends prompting message, to have pointed out illegal request accessing local network.Be preferably described local gateway in the present embodiment and send reminder message to the management end of described local network, illegal request accessing local network is had to point out the monitor staff of local network management end to know, be connected with local network to strengthen preventing subscriber equipment end subscriber to be set up by illegal means to the monitoring of local network access, and the data of accessing local network.In other embodiments of the present invention, described local gateway sends prompting message to described subscriber equipment, and the described network connecting request sent to point out described subscriber equipment end subscriber is for illegal request, and namely the access point of this connection request is not described local gateway.
Implement described local gateway at this and send system information, illegal request accessing local network is had with prompting, to point out the management end user of local network to have illegal request accessing local network, strengthen the monitoring to local network access, improve the fail safe of access to netwoks further.
The invention described above embodiment sequence number, just to describing, does not represent the quality of embodiment.Through the above description of the embodiments, those skilled in the art can be well understood to the mode that above-described embodiment method can add required general hardware platform by software and realize, hardware can certainly be passed through, but in a lot of situation, the former is better execution mode.Based on such understanding, technical scheme of the present invention can embody with the form of software product the part that prior art contributes in essence in other words, this computer software product is stored in a storage medium (as ROM/RAM, magnetic disc, CD), comprising some instructions in order to make a station terminal equipment (can be mobile phone, computer, server, or the network equipment etc.) perform method described in each embodiment of the present invention.
The foregoing is only the preferred embodiments of the present invention; not thereby the scope of the claims of the present invention is limited; every utilize specification of the present invention and accompanying drawing content to do equivalent structure or equivalent flow process conversion; or be directly or indirectly used in other relevant technical fields, be all in like manner included in scope of patent protection of the present invention.

Claims (10)

1. a control method for local network access, is characterized in that, the method comprising the steps of:
When receiving the network connecting request that network node sends, local gateway obtains the network connection identifier that described connection request comprises, and described network connecting request is the connection request of subscriber equipment and local network;
Described local gateway determines whether the network connection identifier obtained is legitimate network connection identifier;
When the network connection identifier determining to obtain is illegal network connection identifier, described local gateway determines that described network connecting request is illegal request and the described network connecting request of refusal response.
2. the control method of local network access according to claim 1, is characterized in that, after described local gateway determines whether the network connection identifier obtained is the step of legitimate network connection identifier, the method also comprises:
When the network connection identifier determining to obtain is legitimate network connection identifier, described local gateway determines that described network connecting request is legitimate connection requests and authorizes described subscriber equipment to access local network.
3. the control method of local network access according to claim 1 and 2, is characterized in that, described local gateway determines that whether the network connection identifier obtained is that the step of legitimate network connection identifier comprises:
Whether described local gateway analysis has the legal connection identifier that prestores consistent with the network connection identifier of acquisition;
When there not being the legal connection identifier that prestores consistent with the network connection identifier of acquisition, described local gateway determines that described network connection identifier is illegal network connection identifier;
When there being the legal connection identifier that prestores consistent with the network connection identifier of acquisition, described local gateway determines that described network connection identifier is legitimate network connection identifier.
4. the control method of local network access according to claim 1 and 2, is characterized in that, described local gateway determines that whether the network connection identifier obtained is that the step of legitimate network connection identifier comprises:
The network connection identifier of acquisition is sent to the authentication device communicating with connection by described local gateway, to verify whether the network connection identifier of acquisition is legitimate network connection identifier;
Described local gateway receives the authorization information that described authentication device sends, and resolves the authorization information received, to determine whether the network connection identifier obtained is legitimate network connection identifier.
5. the control method of local network access according to claim 1 and 2, is characterized in that, determines that described network connecting request is illegal request and after the step of the described network connecting request of refusal response, the method also comprises at described local gateway:
Described local gateway sends prompting message, to have pointed out illegal request accessing local network.
6. a control device for local network access, is characterized in that, this device comprises:
Acquisition module, for when receiving the network connecting request that network node sends, obtain the network connection identifier that described connection request comprises, described network connecting request is the connection request of subscriber equipment and local network;
Analysis module, for determining whether the network connection identifier obtained is legitimate network connection identifier;
Respond module, for when the network connection identifier determining to obtain is illegal network connection identifier, determines that described network connecting request is illegal request and the described network connecting request of refusal response.
7. the control device of local network access according to claim 6, is characterized in that,
Respond module, also for when the network connection identifier determining to obtain is legitimate network connection identifier, determines that described network connecting request is legitimate connection requests and authorizes described subscriber equipment to access local network.
8. the control device of the local network access according to claim 6 or 7, is characterized in that,
Whether described analysis module, also have the legal connection identifier that prestores consistent with the network connection identifier of acquisition for analyzing; And
When there not being the legal connection identifier that prestores consistent with the network connection identifier of acquisition, determine that described network connection identifier is illegal network connection identifier; Or
When there being the legal connection identifier that prestores consistent with the network connection identifier of acquisition, determine that described network connection identifier is legitimate network connection identifier.
9. the control device of the local network access according to claim 6 or 7, is characterized in that, this device also comprises:
Sending and receiving module, for the network connection identifier of acquisition is sent to the authentication device communicating with connection, to verify whether the network connection identifier of acquisition is legitimate network connection identifier; And
Receive the authorization information that described authentication device sends;
Processing module, for resolving the authorization information received, to determine whether the network connection identifier obtained is legitimate network connection identifier.
10. the control device of the local network access according to claim 6 or 7, is characterized in that, this device also comprises:
Prompting module, for sending prompting message, to have pointed out illegal request accessing local network.
CN201410105999.6A 2014-03-20 2014-03-20 Method and device for controlling local network access Withdrawn CN104935557A (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CN201410105999.6A CN104935557A (en) 2014-03-20 2014-03-20 Method and device for controlling local network access
PCT/CN2014/087568 WO2015139442A1 (en) 2014-03-20 2014-09-26 Local network access control method and device, and computer storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201410105999.6A CN104935557A (en) 2014-03-20 2014-03-20 Method and device for controlling local network access

Publications (1)

Publication Number Publication Date
CN104935557A true CN104935557A (en) 2015-09-23

Family

ID=54122530

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201410105999.6A Withdrawn CN104935557A (en) 2014-03-20 2014-03-20 Method and device for controlling local network access

Country Status (2)

Country Link
CN (1) CN104935557A (en)
WO (1) WO2015139442A1 (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106792688A (en) * 2016-12-15 2017-05-31 中磊电子(苏州)有限公司 For the method for network traffics route
CN107257556A (en) * 2017-08-15 2017-10-17 世纪龙信息网络有限责任公司 Verify method, system and the platform of user's loCal number
CN112752300A (en) * 2020-12-29 2021-05-04 锐捷网络股份有限公司 Method and device for realizing local distribution
CN113938305A (en) * 2021-10-18 2022-01-14 杭州安恒信息技术股份有限公司 Method, system and device for judging illegal external connection

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101163097A (en) * 2006-10-09 2008-04-16 三星电子株式会社 Method of remotely controlling local network devices and apparatus therefor
WO2008125729A1 (en) * 2007-04-13 2008-10-23 Nokia Corporation Method, radio system, mobile terminal and base station for providing local breakout service
CN101483847A (en) * 2008-01-07 2009-07-15 华为技术有限公司 Method, apparatus and system for implementing policy control
CN101860910A (en) * 2009-04-09 2010-10-13 大唐移动通信设备有限公司 Bearer establishing method, system and device of local network
CN102056129A (en) * 2009-11-05 2011-05-11 中兴通讯股份有限公司 Establishing method and device of local Internet protocol (IP) access connection
CN102123493A (en) * 2008-03-26 2011-07-13 华为技术有限公司 Registration method and device for packet data network connection

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101163097A (en) * 2006-10-09 2008-04-16 三星电子株式会社 Method of remotely controlling local network devices and apparatus therefor
WO2008125729A1 (en) * 2007-04-13 2008-10-23 Nokia Corporation Method, radio system, mobile terminal and base station for providing local breakout service
CN101483847A (en) * 2008-01-07 2009-07-15 华为技术有限公司 Method, apparatus and system for implementing policy control
US20100287599A1 (en) * 2008-01-07 2010-11-11 Huawei Technologies Co., Ltd. Method, apparatus and system for implementing policy control
CN102123493A (en) * 2008-03-26 2011-07-13 华为技术有限公司 Registration method and device for packet data network connection
CN101860910A (en) * 2009-04-09 2010-10-13 大唐移动通信设备有限公司 Bearer establishing method, system and device of local network
CN102056129A (en) * 2009-11-05 2011-05-11 中兴通讯股份有限公司 Establishing method and device of local Internet protocol (IP) access connection

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106792688A (en) * 2016-12-15 2017-05-31 中磊电子(苏州)有限公司 For the method for network traffics route
CN107257556A (en) * 2017-08-15 2017-10-17 世纪龙信息网络有限责任公司 Verify method, system and the platform of user's loCal number
CN112752300A (en) * 2020-12-29 2021-05-04 锐捷网络股份有限公司 Method and device for realizing local distribution
CN113938305A (en) * 2021-10-18 2022-01-14 杭州安恒信息技术股份有限公司 Method, system and device for judging illegal external connection
CN113938305B (en) * 2021-10-18 2024-04-26 杭州安恒信息技术股份有限公司 Illegal external connection judging method, system and device

Also Published As

Publication number Publication date
WO2015139442A1 (en) 2015-09-24

Similar Documents

Publication Publication Date Title
EP3629613B1 (en) Network verification method, and relevant device and system
US8533798B2 (en) Method and system for controlling access to networks
KR100882326B1 (en) Subscriber identities
CN106105321B (en) Method for connecting user equipment to IMS network through network browser for network real-time communication service
KR20110091305A (en) Method and apparatus for selecting public land mobile network for emergency call in multiple operator core network
AU2014410591B2 (en) Connection establishment method, device, and system
EP2227060A2 (en) Telecommunications Networks and Devices
CN105307170B (en) Connect control device, base station control method and communication means
CN114071791B (en) User plane function information reporting method, access network equipment and core network equipment
CN108307296B (en) System and method for providing differentiated services to user equipment in international locations
KR101734166B1 (en) Method, apparatus, and system for accessing mobile network
US11871223B2 (en) Authentication method and apparatus and device
EP2547133B1 (en) Method and equipment for authenticating subscriber terminal
US9241232B2 (en) Method and apparatus for machine communication
CN104935557A (en) Method and device for controlling local network access
CN109792787A (en) A kind of method and relevant device for establishing public data network connection
CN101005701A (en) Connection set-up method
CN104518874A (en) Network access control method and system
US11109219B2 (en) Mobile terminal, network node server, method and computer program
US9473934B2 (en) Wireless telecommunications network, and a method of authenticating a message
CN101652778B (en) GW coupled SIP proxy
CN115706997A (en) Authorization verification method and device
EP2482571A1 (en) Position locking method and system of user network equipment
CN113498055B (en) Access control method and communication equipment
CN113115468B (en) Control method and device of 5G local network, server, system and storage medium

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
WW01 Invention patent application withdrawn after publication

Application publication date: 20150923

WW01 Invention patent application withdrawn after publication