CN106488527A - The connection control method of core net and device - Google Patents

The connection control method of core net and device Download PDF

Info

Publication number
CN106488527A
CN106488527A CN201510557162.XA CN201510557162A CN106488527A CN 106488527 A CN106488527 A CN 106488527A CN 201510557162 A CN201510557162 A CN 201510557162A CN 106488527 A CN106488527 A CN 106488527A
Authority
CN
China
Prior art keywords
access
information
core net
core
access network
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
CN201510557162.XA
Other languages
Chinese (zh)
Inventor
周俊超
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
ZTE Corp
Original Assignee
ZTE Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by ZTE Corp filed Critical ZTE Corp
Priority to CN201510557162.XA priority Critical patent/CN106488527A/en
Priority to PCT/CN2016/078132 priority patent/WO2016177223A1/en
Publication of CN106488527A publication Critical patent/CN106488527A/en
Withdrawn legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W48/00Access restriction; Network selection; Access point selection
    • H04W48/02Access restriction performed under specific conditions
    • H04W48/04Access restriction performed under specific conditions based on user or terminal location or mobility data, e.g. moving direction, speed

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

The invention discloses a kind of connection control method of core net, the connection control method of described core net comprises the following steps:Core network server receives the terminal access request from non-3 GPP access network;Described core network server obtains corresponding access network information according to described access request, and according to default control strategy, described access network information is verified;If checking is not passed through, do not allow described terminal access core net.The invention also discloses the access control apparatus of core net.The invention enables by limiting the non-3 GPP access network Access Core Network in access area, user terminal cannot efficiently solve the problems, such as that the terminal that core network server cannot access to request carries out territorial restrictions.

Description

The connection control method of core net and device
Technical field
The present invention relates to moving communicating field, more particularly, to a kind of connection control method of core net and device.
Background technology
In the mobile communication network, access network is responsible for the access of user equipment, and core net is responsible for the place of business Reason, user equipment can be linked into core net by access network and carry out service interaction.For example:Move in 4G In communication network, 3GPP normal structure define user equipment can be trusted by non-3 GPP network or The mode of person's non-trusted is linked in the core net of 4G mobile communication network, and described non-3 GPP network comprises WLAN (Wireless Local Area Network, WLAN), eHRPD (Evolved High Rate Packet Data, the high-speed packet data network of evolution) etc. non-3 gpp standard network.
When user equipment passes through non-3 GPP access network core network access, core network server can be by signing Information carries out authentication to user equipment, to control whether this user equipment is allowed to access core net, But, core network server cannot pass through to user equipment to limit the non-3 GPP access network access accessing area Core net is limited, for example:Signing in 4G core network server allows it to pass through to user WLAN or eHRPD network access 4G core net, when user home zone pass through WLAN or Person eHRPD is allowed to when accessing 4G core net, but user passes through in the roaming area limiting access When WLAN or eHRPD accesses 4G core net, lack and effectively control.
Therefore, when by non-3 GPP access network core network access, core network server cannot connect to request The terminal entering carries out the problem of territorial restrictions, and problems demand inventor in this respect solves.
The above is only used for auxiliary and understands technical scheme, does not represent and recognizes that the above is Prior art.
Content of the invention
Present invention is primarily targeted at solving when by non-3 GPP access network core network access, core net The terminal that server cannot access to request carries out the problem of territorial restrictions.
For achieving the above object, the present invention provides a kind of connection control method of core net, described core net Connection control method comprise the following steps:
Core network server receives the terminal access request from non-3 GPP access network;
Described core network server obtains corresponding access network information according to described access request, and according to pre- If control strategy described access network information is verified;
If checking is not passed through, do not allow described terminal access core net.
Preferably, described access network information is the address information of described non-3 GPP access network;And, described Core network server obtains corresponding access network information according to described access request, and according to default control The step that strategy is verified to described access network information includes:
Described core network server parses described access request, and obtains the address of described non-3 GPP access network Information;
Described core network server determines whether to access from acquired address according to described control strategy Described core net;
If allowing, judge that described address information passes through checking;
If not allowing, judge that described address information is not verified.
Preferably, described access network information is the name information of described non-3 GPP access network;And, described Core network server obtains corresponding access network information according to described access request, and according to default control The step that strategy is verified to described access network information includes:
Described core network server parses described access request, and obtains the title of described non-3 GPP access network Information;
Described core network server determines whether to connect using acquired title according to described control strategy Enter described core net;
If allowing, judge that described name information passes through checking;
If not allowing, judge that described name information is not verified.
Preferably, described core network server obtains corresponding access network information according to described access request, And after the step described access network information verified according to default control strategy, also include:
If being verified, authentication is carried out to described terminal, and determine whether to permit according to authentication result Permitted described terminal and accessed described core net.
Preferably, described core network server receives the step of the terminal access request from non-3 GPP access network Before rapid, also include:
Described core network server configures default control strategy, with according to described control strategy to access network Information is verified.
Additionally, for achieving the above object, the present invention also provides a kind of access control apparatus of core net, institute The access control apparatus stating core net include:
Receiver module, for receiving the terminal access request from non-3 GPP access network;
Authentication module, for obtaining corresponding access network information according to described access request, and according to default Control strategy described access network information is verified;
Authorization module, if not passing through for checking, does not allow described terminal access core net.
Preferably, described access network information is the address information of described non-3 GPP access network;And, described Authentication module includes the first resolution unit, the first judging unit and the first determining unit;
Described first resolution unit, for parsing described access request, and obtains described non-3 GPP access network Address information;
Described first judging unit, for determining whether from acquired ground according to described control strategy Described core net is accessed in location;
Described first determining unit, if for allowing, judge that described address information passes through checking;
Described first determining unit, if being additionally operable to not allow, judges that described address information is not verified.
Preferably, described access network information is the name information of described non-3 GPP access network;And, described Authentication module includes the second resolution unit, the second judging unit and the second determining unit;
Described second resolution unit, for parsing described access request, and obtains described non-3 GPP access network Name information;
Described second judging unit, for determining whether using acquired according to described control strategy Title accesses described core net;
Described second determining unit, if for allowing, judge that described name information passes through checking;
Described second determining unit, if being additionally operable to not allow, judges that described name information is not verified.
Preferably, described authorization module, if being additionally operable to be verified, carrying out identity to described terminal and recognizing Card, and determine whether that described terminal accesses described core net according to authentication result.
Preferably, the access control apparatus of described core net also include configuration module;
Described configuration module, for configuring default control strategy, with according to described control strategy to access Net information is verified.
, when user passes through non-3 GPP access network core network access, core network server is according to default for the present invention Control strategy docking inbound information verified, to judge described non-3 GPP access network whether in described core In the permission access area of heart net, if checking is not passed through, described non-3 GPP access network limits in core net and connects Enter in region, then do not allow described terminal to pass through this non-3 GPP access network Access Core Network so that user Terminal cannot efficiently solve core by limiting the non-3 GPP access network Access Core Network in access area The terminal that heart network server cannot access to request carries out the problem of territorial restrictions.
Brief description
Fig. 1 is the schematic flow sheet of the first embodiment of connection control method of core net of the present invention;
Fig. 2 is the schematic flow sheet of the second embodiment of connection control method of core net of the present invention;
Fig. 3 is the schematic flow sheet of the 3rd embodiment of connection control method of core net of the present invention;
Fig. 4 is the high-level schematic functional block diagram of the first embodiment of access control apparatus of core net of the present invention;
Fig. 5 is the high-level schematic functional block diagram of the second embodiment of access control apparatus of core net of the present invention;
Fig. 6 is the high-level schematic functional block diagram of the 3rd embodiment of access control apparatus of core net of the present invention.
The realization of the object of the invention, functional characteristics and advantage will be done further in conjunction with the embodiments referring to the drawings Explanation.
Specific embodiment
It should be appreciated that specific embodiment described herein, only in order to explain the present invention, is not used to limit Determine the present invention.
The primary solutions of the embodiment of the present invention are:Core network server receives and is derived from non-3 GPP access network Terminal access request;Described core network server obtains corresponding access network letter according to described access request Breath, and according to default control strategy, described access network information is verified;If checking is not passed through, Do not allow described terminal access core net.
When by non-3 GPP access network core network access, the end that core network server cannot access to request End carries out the problem of territorial restrictions.
Based on the problems referred to above, the present invention provides a kind of connection control method of core net.
With reference to Fig. 1, Fig. 1 is used for the stream of the first embodiment of control method of core network server for the present invention Journey schematic diagram.
In the present embodiment, the described control method for core network server includes:
Step S10, core network server receives the terminal access request from non-3 GPP access network;
When user terminal passes through non-3 GPP access network core network access, core network server receives from non- The terminal access request of 3GPP access network.Described terminal can be mobile phone, smart phone, notebook Computer, digit broadcasting receiver, PDA (personal digital assistant), PAD (panel computer), PMP are (portable Formula multimedia player), the mobile terminal of guider etc., described core network server can be core Authentication and authorization charging server in net.For example:When 4G core net is accessed by non-3 GPP access network, Received by 3GPP AAA server (authentication and authorization charging server) in 4G core net and be derived from non-3 gpp The terminal access request of access network.
Step S20, described core network server obtains corresponding access network information according to described access request, And according to default control strategy, described access network information is verified;
When user passes through non-3 GPP access network core network access, terminal is sent by non-3 GPP access network To core network server, described access request carries the access network letter of described non-3 GPP access network to access request Breath, when receiving described access request, it is right to be obtained according to described access request for described core network server The access network information answered, and according to default control strategy, described access network information is verified, to sentence Whether the described non-3 GPP access network that breaks is in corresponding permission access area.For example:4G Core Network Service Device obtains corresponding access network information according to the access request receiving, and according to described 4G Core Network Service Roaming control strategy docking inbound information in device is verified, described to determine whether that terminal is passed through Non-3 GPP access network accesses 4G core net.
Described access network information is the identification information of described non-3 GPP access network, for example:By non-3 gpp Access network access 4G core net when, described access network information can be wlan network IP address, Accessing of eHRPD network indicates, SSID (Service Set Identifier, the services set of wlan network Indicate) or eHRPD network APN (Access Point Name, Access Point Name) etc..
Described control strategy can be the Roaming control strategy based on address, the ground based on non-3 GPP access network Location information (information such as access sign of the IP address of such as wlan network or eHRPD network) is joined Put allow or refusal is from the Roaming control strategy of this address core network access;Or, described control plan Can also be slightly the Roaming control strategy based on title, the name information based on non-3 GPP access network is (for example The information such as the APN of the SSID of wlan network or eHRPD network) permission that configures or refusal Roaming control strategy using this non-3 GPP access network title core network access.
Further, before described step S10, can be default by described core network server configuration Control strategy, with according to described control strategy dock inbound information verified.Described default control Strategy can be saved in the roaming policy allocation list of described core network server, and is joined by described roaming Put Policy Table the described control strategy preserving is carried out safeguarding renewal.
Step S30, if checking is not passed through, does not allow described terminal access core net.
If described core network server does not pass through to the checking of described access network information, determine described non-3 gpp Access network in the restriction access area of core net, does not then allow described terminal by described non-3 GPP access Net accesses corresponding core net.For example:4G core network server does not lead to the checking of described access network information Cross, that is, described non-3 GPP access network in restriction access area, does not then allow described user terminal to pass through institute State the non-3 GPP access network limiting in access area and access 4G core net, and return response to described terminal.
Further, if being verified, authentication is carried out to described terminal, and according to authentication result Determine whether that described terminal accesses described core net.
If described core network server is verified to described access network information, determine described non-3 gpp Access network allows in access area, then to carry out authentication to described terminal in core net, and according to certification Result determines whether that described terminal accesses described core net;If authenticating identity certification is passed through, allow Described terminal accesses described core net;If authenticating identity certification is not passed through, described terminal is not allowed to access Described core net.For example:4G core network server is verified to described access network information, determines institute State non-3 GPP access network to allow in access area, then to pass through the HSS of 4G core net in 4G core net (Home Subscriber Server, home subscriber server) carries out authentication to described terminal, and root Determine whether that described terminal accesses described 4G core net according to authentication result;If authenticating identity certification is led to Cross, then allow described terminal to access described 4G core net;If authenticating identity certification is not passed through, do not allow Described terminal accesses described 4G core net.
, when user passes through non-3 GPP access network core network access, core network server is according to pre- for the present embodiment If control strategy docking inbound information verified, to judge described non-3 GPP access network whether described In the permission access area of core net, if checking is not passed through, described non-3 GPP access network limits in core net In access area, then described terminal is not allowed to pass through this non-3 GPP access network Access Core Network so that using Family terminal cannot be efficiently solved by limiting the non-3 GPP access network Access Core Network in access area The terminal that core network server cannot access to request carries out the problem of territorial restrictions.
With reference to Fig. 2, Fig. 2 is that the flow process of the second embodiment of connection control method of core net of the present invention is illustrated Figure.The first embodiment of the connection control method based on above-mentioned core net, described step S20 includes:
Step S201, described core network server parses described access request, and obtains described non-3 gpp The address information of access network;
Step S202, described core network server determines whether from acquired according to described control strategy Address access described core net;
Step S203, if allowing, judges that described address information passes through checking;
Step S204, if not allowing, judges that described address information is not verified.
Described core network server parses to described access request, to obtain described non-3 GPP access network Address information;Described core network server determines whether from being obtained according to the control strategy being preserved Described core net is accessed in the address taking;If allowing to access described core net from acquired address, judge Described address information passes through checking;If not allowing to access described core net from acquired address, judge Described address information is not verified.
For example:4G core network server receives the user terminal access request from non-3 GPP access network, Described access request is parsed, to obtain the address of the described non-3 GPP access network that access request carries Information (information such as access sign of the IP address of such as wlan network or eHRPD network);Institute State 4G core network server and pass through local roaming policy allocation list reading Roaming control strategy, according to described control System strategy determines whether that user terminal accesses 4G core net from acquired address, if described IP ground Location or access are indicated in the permission access area of 4G core net, then allow, and judge described address information By checking;If described IP address or access are indicated in the restriction access area of 4G core net, Do not allow, judge that described address information is not verified.
, when user passes through non-3 GPP access network core network access, core network server is according to connecing for the present embodiment The access request receiving obtains the address information of described non-3 GPP access network, and according to default control strategy Determine whether to access described core net from acquired address, verified with this, if checking is not led to Cross, described non-3 GPP access network limits in access area in core net, then not allowing described terminal to pass through should Non-3 GPP access network Access Core Network is so that user terminal cannot be non-in access area by limiting 3GPP access network Access Core Network, efficiently solves the terminal that core network server cannot access to request Carry out the problem of territorial restrictions.
With reference to Fig. 3, Fig. 3 is that the flow process of the 3rd embodiment of connection control method of core net of the present invention is illustrated Figure.The first embodiment of the connection control method based on above-mentioned core net, described step S20 includes:
Step S211, described core network server parses described access request, and obtains described non-3 gpp The name information of access network;
Step S212, described core network server determines whether using being obtained according to described control strategy The title taking accesses described core net;
Step S213, if allowing, judges that described name information passes through checking;
Step S214, if not allowing, judges that described name information is not verified.
Described core network server parses to described access request, to obtain described non-3 GPP access network Name information;Described core network server determines whether to use institute according to the control strategy being preserved The title obtaining accesses described core net;If allowing to access described core net using acquired title, Judge that described name information passes through checking;If not allowing to access described core net using acquired title, Then judge that described name information is not verified.
For example:4G core network server receives the user terminal access request from non-3 GPP access network, Described access request is parsed, to obtain the title of the described non-3 GPP access network that access request carries Information (information such as the SSID of such as wlan network or the APN of eHRPD network);Described 4G Core network server passes through local roaming policy allocation list and reads Roaming control strategy, according to described control plan Slightly determine whether that user terminal uses acquired title to access 4G core net, if using described SSID Wlan network or APN eHRPD network in the permission access area of 4G core net, then Allow, judge that described address information passes through checking;If wlan network or the APN using described SSID EHRPD network in the restriction access area of 4G core net, then do not allow, judge described address letter Breath is not verified.
, when user passes through non-3 GPP access network core network access, core network server is according to connecing for the present embodiment The access request receiving obtains the name information of described non-3 GPP access network, and according to default Roaming control Strategy determines whether to access described core net using acquired title, is verified with this, if testing Card does not pass through, and described non-3 GPP access network allows in access area, then not allowing described terminal in core net By this non-3 GPP access network Access Core Network so that user terminal cannot be by limiting in access area Non-3 GPP access network Access Core Network, efficiently solve core network server cannot to request access Terminal carries out the problem of territorial restrictions.
The executive agent of the connection control method of the core net of above-mentioned the first to 3rd embodiment can be all core Control device in heart network server or core web server.Further, the connecing of described core net Access control method can be by the control device being arranged in core network server or core web server Control program is realized.
The present invention further provides a kind of access control apparatus of core net.
With reference to Fig. 4, Fig. 4 is the functional module of the first embodiment of access control apparatus of core net of the present invention Schematic diagram.
In the present embodiment, the access control apparatus of described core net include:Receiver module 10, checking mould Block 20 and authorization module 30.
Described receiver module 10, for receiving the terminal access request from non-3 GPP access network;
When user terminal passes through non-3 GPP access network core network access, core network server receives from non- The terminal access request of 3GPP access network.Described terminal can be mobile phone, smart phone, notebook Computer, digit broadcasting receiver, PDA (personal digital assistant), PAD (panel computer), PMP are (portable Formula multimedia player), the mobile terminal of guider etc., described core network server can be core Authentication and authorization charging server in net.For example:When 4G core net is accessed by non-3 GPP access network, Received by 3GPP AAA server (authentication and authorization charging server) in 4G core net and be derived from non-3 gpp The terminal access request of access network.
Described authentication module 20, for obtaining corresponding access network information according to described access request, and presses According to default control strategy, described access network information is verified;
When user passes through non-3 GPP access network core network access, terminal is sent by non-3 GPP access network To core network server, described access request carries the access network letter of described non-3 GPP access network to access request Breath, when receiving described access request, it is right to be obtained according to described access request for described core network server The access network information answered, and according to default control strategy, described access network information is verified, to sentence Whether the described non-3 GPP access network that breaks is in corresponding permission access area.For example:4G Core Network Service Device obtains corresponding access network information according to the access request receiving, and according to described 4G Core Network Service Roaming control strategy docking inbound information in device is verified, described to determine whether that terminal is passed through Non-3 GPP access network accesses 4G core net.
Described access network information is the identification information of described non-3 GPP access network, for example:By non-3 gpp Access network access 4G core net when, described access network information can be wlan network IP address, Accessing of eHRPD network indicates, SSID (Service Set Identifier, the services set of wlan network Indicate) or eHRPD network APN (Access Point Name, Access Point Name) etc..
Described control strategy can be the Roaming control strategy based on address, the ground based on non-3 GPP access network Location information (information such as access sign of the IP address of such as wlan network or eHRPD network) is joined Put allow or refusal is from the Roaming control strategy of this address core network access;Or, described control plan Can also be slightly the Roaming control strategy based on title, the name information based on non-3 GPP access network is (for example The information such as the APN of the SSID of wlan network or eHRPD network) permission that configures or refusal Roaming control strategy using this non-3 GPP access network title core network access.
Further, the access control apparatus of described core net can also include configuration module;Described configuration Module, for configuring default control strategy, is tested with docking inbound information according to described control strategy Card.Described default control strategy can be saved in the roaming policy allocation list of described core network server, And by described roaming configuration strategy table, the described control strategy preserving is carried out safeguarding renewal.
Described authorization module 30, if not passing through for checking, does not allow described terminal access core net.
If described core network server does not pass through to the checking of described access network information, determine described non-3 gpp Access network in the restriction access area of core net, does not then allow described terminal by described non-3 GPP access Net accesses corresponding core net.For example:4G core network server does not lead to the checking of described access network information Cross, that is, described non-3 GPP access network in restriction access area, does not then allow described user terminal to pass through institute State the non-3 GPP access network limiting in access area and access 4G core net, and return response to described terminal.
Further, described authorization module 30, if being additionally operable to be verified, carries out body to described terminal Part certification, and determine whether that described terminal accesses described core net according to authentication result.
If described core network server is verified to described access network information, determine described non-3 gpp Access network allows in access area, then to carry out authentication to described terminal in core net, and according to certification Result determines whether that described terminal accesses described core net;If authenticating identity certification is passed through, allow Described terminal accesses described core net;If authenticating identity certification is not passed through, described terminal is not allowed to access Described core net.For example:4G core network server is verified to described access network information, determines institute State non-3 GPP access network to allow in access area, then to pass through the HSS of 4G core net in 4G core net (Home Subscriber Server, home subscriber server) carries out authentication to described terminal, and root Determine whether that described terminal accesses described 4G core net according to authentication result;If authenticating identity certification is led to Cross, then allow described terminal to access described 4G core net;If authenticating identity certification is not passed through, do not allow Described terminal accesses described 4G core net.
, when user passes through non-3 GPP access network core network access, core network server is according to pre- for the present embodiment If control strategy docking inbound information verified, to judge described non-3 GPP access network whether described In the permission access area of core net, if checking is not passed through, described non-3 GPP access network limits in core net In access area, then described terminal is not allowed to pass through this non-3 GPP access network Access Core Network so that using Family terminal cannot be efficiently solved by limiting the non-3 GPP access network Access Core Network in access area The terminal that core network server cannot access to request carries out the problem of territorial restrictions.
With reference to Fig. 5, Fig. 5 is the functional module of the second embodiment of access control apparatus of core net of the present invention Schematic diagram.The first embodiment of the access control apparatus based on above-mentioned core net, described access network information is The positional information of described non-3 GPP access network;And, described authentication module 20 includes the first resolution unit 201st, the first judging unit 202 and the first determining unit 203;
Described first resolution unit 201, for parsing described access request, and obtains described non-3 gpp and connects The address information networking;
Described first judging unit 202, for determining whether from acquired according to described control strategy Described core net is accessed in address;
Described first determining unit 203, if for allowing, judge that described address information passes through checking;
Described first determining unit 203, if being additionally operable to not allow, judges that described address information is not passed through to test Card.
Described core network server parses to described access request, to obtain described non-3 GPP access network Address information;Described core network server determines whether from being obtained according to the control strategy being preserved Described core net is accessed in the address taking;If allowing to access described core net from acquired address, judge Described address information passes through checking;If not allowing to access described core net from acquired address, judge Described address information is not verified.
For example:4G core network server receives the user terminal access request from non-3 GPP access network, Described access request is parsed, to obtain the address of the described non-3 GPP access network that access request carries Information (information such as access sign of the IP address of such as wlan network or eHRPD network);Institute State 4G core network server and pass through local roaming policy allocation list reading Roaming control strategy, according to described control System strategy determines whether that user terminal accesses 4G core net from acquired address, if described IP ground Location or access are indicated in the permission access area of 4G core net, then allow, and judge described address information By checking;If described IP address or access are indicated in the restriction access area of 4G core net, Do not allow, judge that described address information is not verified.
, when user passes through non-3 GPP access network core network access, core network server is according to connecing for the present embodiment The access request receiving obtains the address information of described non-3 GPP access network, and according to default control strategy Determine whether to access described core net from acquired address, verified with this, if checking is not led to Cross, described non-3 GPP access network limits in access area in core net, then not allowing described terminal to pass through should Non-3 GPP access network Access Core Network is so that user terminal cannot be non-in access area by limiting 3GPP access network Access Core Network, efficiently solves the terminal that core network server cannot access to request Carry out the problem of territorial restrictions.
With reference to Fig. 6, Fig. 6 is the functional module of the 3rd embodiment of access control apparatus of core net of the present invention Schematic diagram.The first embodiment of the access control apparatus based on above-mentioned core net, described access network information is The name information of described non-3 GPP access network;And, described authentication module 20 includes the second resolution unit 211st, the second judging unit 212 and the second determining unit 213;
Described second resolution unit 211, for parsing described access request, and obtains described non-3 gpp and connects The name information networking;
Described second judging unit 212, for determining whether using acquired according to described control strategy Title access described core net;
Described second determining unit 213, if for allowing, judge that described name information passes through checking;
Described second determining unit 213, if being additionally operable to not allow, judges that described name information is not passed through to test Card.
Described core network server parses to described access request, to obtain described non-3 GPP access network Name information;Described core network server determines whether to use institute according to the control strategy being preserved The title obtaining accesses described core net;If allowing to access described core net using acquired title, Judge that described name information passes through checking;If not allowing to access described core net using acquired title, Then judge that described name information is not verified.
For example:4G core network server receives the user terminal access request from non-3 GPP access network, Described access request is parsed, to obtain the title of the described non-3 GPP access network that access request carries Information (information such as the SSID of such as wlan network or the APN of eHRPD network);Described 4G Core network server passes through local roaming policy allocation list and reads Roaming control strategy, according to described control plan Slightly determine whether that user terminal uses acquired title to access 4G core net, if using described SSID Wlan network or APN eHRPD network in the permission access area of 4G core net, then Allow, judge that described address information passes through checking;If wlan network or the APN using described SSID EHRPD network in the restriction access area of 4G core net, then do not allow, judge described address letter Breath is not verified.
, when user passes through non-3 GPP access network core network access, core network server is according to connecing for the present embodiment The access request receiving obtains the name information of described non-3 GPP access network, and according to default Roaming control Strategy determines whether to access described core net using acquired title, is verified with this, if testing Card does not pass through, and described non-3 GPP access network allows in access area, then not allowing described terminal in core net By this non-3 GPP access network Access Core Network so that user terminal cannot be by limiting in access area Non-3 GPP access network Access Core Network, efficiently solve core network server cannot to request access Terminal carries out the problem of territorial restrictions.
It should be noted that herein, term " inclusion ", "comprising" or its any other variant Be intended to comprising of nonexcludability so that include a series of process of key elements, method, article or Person's device not only includes those key elements, but also includes other key elements being not expressly set out, or also Including for this process, method, article or the intrinsic key element of device.In the feelings not having more restrictions Under condition, the key element that limited by sentence "including a ..." it is not excluded that include this key element process, Also there is other identical element in method, article or device.
The embodiments of the present invention are for illustration only, do not represent the quality of embodiment.
Through the above description of the embodiments, those skilled in the art can be understood that above-mentioned Embodiment method can be realized by the mode of software plus necessary general hardware platform naturally it is also possible to lead to Cross hardware, but the former is more preferably embodiment in many cases.Based on such understanding, the present invention's Technical scheme substantially in other words prior art is contributed partly can in the form of software product body Reveal to come, this computer software product is stored in a storage medium (as ROM/RAM, magnetic disc, light Disk) in, including some instructions with so that a station terminal equipment (can be mobile phone, computer, service Device, air-conditioner, or network equipment etc.) execution each embodiment of the present invention described in method.
These are only the preferred embodiments of the present invention, not thereby limit the scope of the claims of the present invention, every The equivalent structure made using description of the invention and accompanying drawing content or equivalent flow conversion, or directly or Connect and be used in other related technical fields, be included within the scope of the present invention.

Claims (10)

1. a kind of connection control method of core net is it is characterised in that the Access Control side of described core net Method comprises the following steps:
Core network server receives the terminal access request from non-3 GPP access network;
Described core network server obtains corresponding access network information according to described access request, and according to pre- If control strategy described access network information is verified;
If checking is not passed through, do not allow described terminal access core net.
2. the connection control method of core net as claimed in claim 1 is it is characterised in that described access Net information is the address information of described non-3 GPP access network;And, described core network server is according to described Access request obtains corresponding access network information, and according to default control strategy to described access network information The step verified includes:
Described core network server parses described access request, and obtains the address of described non-3 GPP access network Information;
Described core network server determines whether to access from acquired address according to described control strategy Described core net;
If allowing, judge that described address information passes through checking;
If not allowing, judge that described address information is not verified.
3. the connection control method of core net as claimed in claim 1 is it is characterised in that described access Net information is the name information of described non-3 GPP access network;And, described core network server is according to described Access request obtains corresponding access network information, and according to default control strategy to described access network information The step verified includes:
Described core network server parses described access request, and obtains the title of described non-3 GPP access network Information;
Described core network server determines whether to connect using acquired title according to described control strategy Enter described core net;
If allowing, judge that described name information passes through checking;
If not allowing, judge that described name information is not verified.
4. the connection control method of core net as claimed in claim 1 is it is characterised in that described core Network server obtains corresponding access network information according to described access request, and according to default control strategy After the step that described access network information is verified, also include:
If being verified, authentication is carried out to described terminal, and determine whether to permit according to authentication result Permitted described terminal and accessed described core net.
5. the core net as described in any one of Claims 1-4 connection control method it is characterised in that Described core network server received before the step of terminal access request of non-3 GPP access network, also wrapped Include:
Described core network server configures default control strategy, with according to described control strategy to access network Information is verified.
6. a kind of access control apparatus of core net are it is characterised in that the Access Control of described core net fills Put including:
Receiver module, for receiving the terminal access request from non-3 GPP access network;
Authentication module, for obtaining corresponding access network information according to described access request, and according to default Control strategy described access network information is verified;
Authorization module, if not passing through for checking, does not allow described terminal access core net.
7. the access control apparatus of core net as claimed in claim 6 are it is characterised in that described access Net information is the positional information of described non-3 GPP access network;And, described authentication module includes the first parsing Unit, the first judging unit and the first determining unit;
Described first resolution unit, for parsing described access request, and obtains described non-3 GPP access network Address information;
Described first judging unit, for determining whether from acquired ground according to described control strategy Described core net is accessed in location;
Described first determining unit, if for allowing, judge that described address information passes through checking;
Described first determining unit, if being additionally operable to not allow, judges that described address information is not verified.
8. the access control apparatus of core net as claimed in claim 6 are it is characterised in that described access Net information is the name information of described non-3 GPP access network;And, described authentication module includes the second parsing Unit, the second judging unit and the second determining unit;
Described second resolution unit, for parsing described access request, and obtains described non-3 GPP access network Name information;
Described second judging unit, for determining whether using acquired according to described control strategy Title accesses described core net;
Described second determining unit, if for allowing, judge that described name information passes through checking;
Described second determining unit, if being additionally operable to not allow, judges that described name information is not verified.
9. the access control apparatus of core net as claimed in claim 6 are it is characterised in that described mandate Module, if being additionally operable to be verified, carries out authentication to described terminal, and true according to authentication result Determine whether to allow described terminal to access described core net.
10. the access control apparatus of the core net as described in any one of claim 6 to 9, its feature exists In the access control apparatus of described core net also include configuration module;
Described configuration module, for configuring default control strategy, with according to described control strategy to access Net information is verified.
CN201510557162.XA 2015-09-02 2015-09-02 The connection control method of core net and device Withdrawn CN106488527A (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CN201510557162.XA CN106488527A (en) 2015-09-02 2015-09-02 The connection control method of core net and device
PCT/CN2016/078132 WO2016177223A1 (en) 2015-09-02 2016-03-31 Core network access control method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201510557162.XA CN106488527A (en) 2015-09-02 2015-09-02 The connection control method of core net and device

Publications (1)

Publication Number Publication Date
CN106488527A true CN106488527A (en) 2017-03-08

Family

ID=57217506

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201510557162.XA Withdrawn CN106488527A (en) 2015-09-02 2015-09-02 The connection control method of core net and device

Country Status (2)

Country Link
CN (1) CN106488527A (en)
WO (1) WO2016177223A1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109982362A (en) * 2017-12-28 2019-07-05 成都鼎桥通信技术有限公司 The network-building method and server of mobile communication system

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
TWI719445B (en) * 2018-04-17 2021-02-21 新加坡商聯發科技(新加坡)私人有限公司 Methods for handling access type restriction information and user equipment thereof

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101577909A (en) * 2008-05-05 2009-11-11 大唐移动通信设备有限公司 Method, system and device for acquiring trust type of non-3GPP access system
CN103313344A (en) * 2012-03-07 2013-09-18 中兴通讯股份有限公司 Integrated core network and accessing method thereof
US20140269551A1 (en) * 2011-06-22 2014-09-18 Alcatel Lucent Support of ip connections over trusted non-3gpp access

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102833718B (en) * 2011-06-16 2018-12-21 中兴通讯股份有限公司 Support the evolution block core net charging method and system of non-3 GPP access

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101577909A (en) * 2008-05-05 2009-11-11 大唐移动通信设备有限公司 Method, system and device for acquiring trust type of non-3GPP access system
US20140269551A1 (en) * 2011-06-22 2014-09-18 Alcatel Lucent Support of ip connections over trusted non-3gpp access
CN103313344A (en) * 2012-03-07 2013-09-18 中兴通讯股份有限公司 Integrated core network and accessing method thereof

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109982362A (en) * 2017-12-28 2019-07-05 成都鼎桥通信技术有限公司 The network-building method and server of mobile communication system
CN109982362B (en) * 2017-12-28 2021-11-23 成都鼎桥通信技术有限公司 Networking method and server of mobile communication system

Also Published As

Publication number Publication date
WO2016177223A1 (en) 2016-11-10

Similar Documents

Publication Publication Date Title
US9497630B2 (en) Enhanced manageability in wireless data communication systems
US20180124608A1 (en) Method, Apparatus, and System for Authenticating WIFI Network
CN103891330A (en) Mobile device authentication and access to a social network
CN108377574A (en) A kind of communication means, terminal, network and the system of double card bilateral
CN108200568B (en) Mobile communication electronic SIM card data processing method and device
CN105637940B (en) The method of wireless telecom equipment and initiation and the session of radio network node
CN107835204A (en) The security control of configuration file policing rule
CN114339755A (en) Registration verification method and device, electronic equipment and computer readable storage medium
CN106657154A (en) Wireless access method and system, WiFi platform and operator number taking platform
CN108600241A (en) A kind of fast registration method and system for the safety verification for supporting multi-mode
CN106488527A (en) The connection control method of core net and device
CN100438681C (en) Identification method and system for mobile equipment
CN113055342B (en) Information processing method and communication device
WO2018007461A1 (en) Method, server and system for sending data from a source device to a destination device
CN107852602B (en) Method and system for authenticating a user in a public wireless network
CN106912047B (en) Terminal authentication method, device and system
US20050102519A1 (en) Method for authentication of a user for a service offered via a communication system
CN113709729A (en) Data processing method and device, network equipment and terminal
CN115843029A (en) Network authentication method and device
CN107241720A (en) Pseudo-base station recognition methods and device
CN114710830B (en) Network registration method and related device
CN105744507B (en) The shared method of the communication resource, system between a kind of different operators of terminal agent
CN115379437B (en) Target terminal determining method and device
CN107548061A (en) The network access verifying method and aaa server of a kind of user equipment
WO2024061207A1 (en) User-level data management method and apparatus, communication device, and readable storage medium

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
WW01 Invention patent application withdrawn after publication

Application publication date: 20170308

WW01 Invention patent application withdrawn after publication