CN106797565A - A kind of communication means, mobile network appliance, terminal, application server and system - Google Patents

A kind of communication means, mobile network appliance, terminal, application server and system Download PDF

Info

Publication number
CN106797565A
CN106797565A CN201480081665.8A CN201480081665A CN106797565A CN 106797565 A CN106797565 A CN 106797565A CN 201480081665 A CN201480081665 A CN 201480081665A CN 106797565 A CN106797565 A CN 106797565A
Authority
CN
China
Prior art keywords
application server
mobile network
packet
network appliance
address
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201480081665.8A
Other languages
Chinese (zh)
Other versions
CN106797565B (en
Inventor
王涛
龙水平
高林毅
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Honor Device Co Ltd
Original Assignee
Huawei Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Huawei Technologies Co Ltd filed Critical Huawei Technologies Co Ltd
Publication of CN106797565A publication Critical patent/CN106797565A/en
Application granted granted Critical
Publication of CN106797565B publication Critical patent/CN106797565B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/08Access security
    • H04W12/088Access security using filters or firewalls

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

The embodiment of the invention discloses a kind of communication means, including:MNO equipment obtains the Packet Filtering rule of the first application server, and the IP address of first application server is carried in the Packet Filtering rule;The packet that the MNO equipment receiving terminal sends, purpose IP address are carried in the packet;The MNO equipment judges whether the purpose IP address are identical with the IP address of the first application server described in Packet Filtering rule;If the purpose IP address are identical with the IP address of the first application server described in Packet Filtering rule, the packet is forwarded to first application server by the MNO.The embodiment of the invention also discloses a kind of mobile network appliance, terminal and system.Using the present invention, it is possible to resolve the private access between eUICC and application server is disturbed, the big problem of application server processes pressure.

Description

A kind of communication means, mobile network appliance, terminal, application server and system
The present invention relates to communication technical field, more particularly to a kind of communication means, mobile network appliance, terminal, application server and system for a kind of communication means, mobile network appliance, terminal, application server and systems technology field.
Universal Integrated Circuit Card(Universal Integrated Circuit Card, abbreviation UICC) user identity, user authentication parameter (key etc.) and the information such as algorithm, the telephone directory of user and note data, the customized parameter of operator are stored using smart card more than research and development GSM, with facilitate realize user identity and user data portability and operator between differentiation customize.Terminal needs more compact, UICC also must accordingly reduce size in many applications, and Internet of Things application in part also proposes requirements at the higher level to UICC, such as:Use environment is more severe, therefore UICC physical electrical characteristic (such as environment temperature, humidity) Capability Requirement is greatly improved;Read-write operation is more frequent, therefore requires that UICC has longer service life and Geng Gao reliability;It may be used in the scene significantly jolted, therefore need UICC physical connection contact relatively reliable and more resistant to abrasion;Some application scenarios have the demands such as Remote configuration, long-range activation, aerial replacing user identity, therefore need UICC flexibly to upgrade.
In face of sustainable growth, increasingly huge Internet of Things market, ordered in order to be able to more effectively manage Internet of Things, more flexible effectively carry out internet-of-things terminal configuration, especially for meeting the particular/special requirement proposed under application scenes and use environment to terminal size, price and physical/electrical characteristic etc., embedded UICC (embedded UICC, abbreviation eUICC) is arisen at the historic moment.Wherein, eUICC can configure multiple sets of attribute parameters (Profile), and each Profile is eUICC and some Mobile Network Operator(Mobile Network Operator, abbreviation MNO) a series of related files, the general designation of data, in order to realize the Profile related to some MNO to eUICC flexible management, eUICC needs and application server such as long-range signing administrative unit-Security routing(Subscription Manager-Securely Routing, abbreviation SM-SR) or SM etc. set up data cube computation, download for Profile, install, and the order or the transmission of data etc. such as management.In the prior art, terminal utilizes configuration file(Provisioning Profile, Abbreviation PP) realize connection and communication between eUICC and application server, but during the information exchange of reality, the connection set up using PP may also be used for transmission and the incoherent business datums of PP or order, other business datums or order are there may be in the upstream data for causing application server reception, interference is caused to the private access between eUICC and application server, the path resource between eUICC and application server is occupied, the processing pressure of application server is increased.The content of the invention
The embodiments of the invention provide a kind of communication means, mobile network appliance, terminal, application server and system, it is disturbed with the private access solved between eUICC and application server, the problem of application server processes pressure is big.First aspect of the embodiment of the present invention provides a kind of communication means, it may include:
Mobile network appliance obtains the IP address that first application server is carried in the Packet Filtering rule related to the first application server, the Packet Filtering rule;
Purpose IP address is carried in the packet that the mobile network appliance receiving terminal is sent, the packet;
The mobile network appliance judges whether the purpose IP address is identical with the IP address of the first application server described in Packet Filtering rule;
If the purpose IP address is identical with the IP address of the first application server described in Packet Filtering rule, the packet is forwarded to first application server by the mobile network appliance.
In the first possible implementation of first aspect, the mobile network appliance obtains the Packet Filtering rule of the first application server, including:
The attach request that the mobile network appliance receiving terminal is sent;
Mobile management unit in the mobile network appliance by position update flow after the attribution server in the mobile network appliance obtains signatory mark, APN and data packet filtering rules, the establishment conversation request message that sends of the mobile management unit; The packet data gateway obtains the signatory mark, APN and data packet filtering rules from the establishment conversation request message.
In second of possible implementation of first aspect, the mobile network appliance obtains the Packet Filtering rule of the first application server, including:
The domain name of first application server is carried in the domain name mapping request message that the mobile network appliance receiving terminal is sent, domain name analysis request message;
The mobile network appliance forwards domain name analysis request message to name server, and receives at least one IP address that first application server is carried in the domain name mapping result of domain name server transmission, domain name analysis result;
The mobile network appliance is used as the Packet Filtering rule related to first application server using the IP address carried in domain name analysis result.
In the third possible implementation of first aspect, the mobile network appliance obtains the Packet Filtering rule of the first application server, including:
The attach request that the mobile network appliance receiving terminal is sent;
Mobile management unit in the mobile network appliance is completed after position update flow with the home subscribed services device in the mobile network appliance, retransmit the gateway for creating conversation request message into the mobile network appliance, so that the gateway forwards the packet data gateway for creating conversation request message into the mobile network appliance, complete to create session flow;
The session establishment and modification process of IP connected reference networks are initiated between Policy and Charging Rules Function and the packet data gateway in the mobile network appliance, the Packet Filtering rule is sent to the packet data gateway so that the packet data gateway is when receiving the packet of terminal transmission, judges whether the purpose IP address of the packet is identical with the IP address of the first application server described in the Packet Filtering rule that the session establishment and modification message of the IP connected references network are carried.
With reference to the first possible implementation of first aspect, in the 4th kind of possible implementation, when first application server receives handover request message, when needing the first application server for connecting terminal to switch to the second application server, home subscribed services device in the mobile network appliance by strategy with Charging rule functions unit receives the subscription data renewal request message that first application server is sent, and subscription data renewal response message is returned to first application server by the Policy and Charging Rules Function, so that second application server is after the universal embedded integrated circuit card information collection that first application server is sent is received, key generation is carried out with the universal embedded integrated circuit card and is connected foundation and is indicated the key set of the universal embedded integrated circuit card removal and first application server, wherein, the subscription data, which updates, carries that the Packet Filtering after updating is regular and access point of the affiliated dedicated network of the second application server in request message.
With reference to the third possible implementation of first aspect, in the 5th kind of possible implementation, when first application server receives handover request message, when needing the first application server for connecting terminal to switch to the second application server, Policy and Charging Rules Function in the mobile network appliance receives the policing rule renewal request message that first application server is sent, and policing rule renewal response message is returned to first application server, so that second application server is after the universal embedded integrated circuit card information collection that first application server is sent is received, key generation is carried out with the universal embedded integrated circuit card and is connected foundation and is indicated the key set of the universal embedded integrated circuit card removal and first application server, wherein, the policing rule updates the Packet Filtering rule carried in request message after updating.
With reference to first aspect or first or second or the 3rd or the 4th or the 5th kind of possible implementation of combination first aspect, the identifying of universal embedded integrated circuit card, the mark of sets of attribute parameters and source IP address on the universal embedded integrated circuit card are also carried in the 6th kind of possible implementation, in the packet.
With reference to the 6th kind of possible implementation of first aspect, in the 7th kind of possible implementation, the Packet Filtering is regular or the renewal after the Packet Filtering rule also capacity including packet limit, the mark of universal embedded integrated circuit card is limited, the mark of sets of attribute parameters is limited on universal embedded integrated circuit card or the source IP address of packet is limited.
With reference to first aspect or first or second or the 3rd or the 4th or the 5th or the 6th or the 7th kind of possible implementation of combination first aspect, in the 8th kind of possible implementation, if the purpose IP address Differed with the IP address of the first application server described in Packet Filtering rule, then send refuse information to the terminal Bing Lost and abandon the packet.
With reference to first aspect or first or second or the 3rd or the 4th or the 5th or the 6th or the 7th or the 8th kind of possible implementation of combination first aspect, in the 9th kind of possible implementation, first application server or second application server are signing administrative unit-Security routing SM-SR or signing administrative unit SM.Second aspect of the embodiment of the present invention provides a kind of communication means, including:
Terminal sends attach request to mobile network appliance, completes attachment;
The terminal sends IP address acquisition request to obtain the IP addresses of the first application server to name server;
The terminal sends the packet for the IP address for carrying first application server to the mobile network appliance, so that the mobile network appliance forwards the packet to first application server when the purpose IP address carried in judging the packet is identical with the IP address of the first application server described in the Packet Filtering rule that the mobile network appliance is obtained in advance;
If the mobile network appliance judges that the purpose IP address carried in the packet is different from the IP address of the first application server described in the Packet Filtering rule that the mobile network appliance is obtained in advance, the terminal receives the refuse information that the mobile network appliance is returned.
In the first possible embodiment of second aspect, the identifying of universal embedded integrated circuit card, the mark of sets of attribute parameters and source IP address on the universal embedded integrated circuit card are also carried in the packet;
The Packet Filtering rule also capacity including packet is limited, the mark of universal embedded integrated circuit card is limited, the source IP address of the mark limit fixed sum data bag of sets of attribute parameters is limited on universal embedded integrated circuit card.The third aspect of the embodiment of the present invention provides a kind of communication means, it may include: If desired the first application server that terminal is connected is switched into the second application server, first application server receives handover request message;
Send subscription data and update request message or policing rule renewal request message to mobile network appliance;If the message sent updates request message for subscription data, the subscription data renewal response message that the mobile network appliance is returned then is received, the policing rule renewal response message that the mobile network appliance is returned is received if the message sent updates request message for policing rule;
Universal embedded integrated circuit card information collection is sent to second application server so that second application server carries out key generation with the universal embedded integrated circuit card and is connected foundation and indicates the key set of the universal embedded integrated circuit card removal and first application server;
Wherein, carried out during the packet of the first application server receiving terminal based on Packet Filtering rule, the subscription data, which updates, carries that the Packet Filtering after updating is regular and access point of the affiliated dedicated network of the second application server in request message, the policing rule updates the Packet Filtering rule carried in request message after updating.
In the first possible implementation of the third aspect, the transmission subscription data updates request message to mobile network appliance;Receive the subscription data renewal response message that the mobile network appliance is returned;Including:First application server sends subscription data and updates Policy and Charging Rules Function of the request message into the mobile network appliance so that the subscription data is updated the home subscribed services device that request message is transmitted in the mobile network appliance by the Policy and Charging Rules Function;
After the attribution server, which sends subscription data, updates response message to the Policy and Charging Rules Function, first application server receives the subscription data forwarded after the Policy and Charging Rules Function and updates response message.
In second of possible implementation of the third aspect, the sending strategy Policy Updates request message to mobile network appliance;The policing rule renewal response message that the mobile network appliance is returned is received, including:Policy and Charging Rules Function of the first application server sending strategy Policy Updates request message into the mobile network appliance;
Receive the policing rule renewal response message that the Policy and Charging Rules Function is returned. Fourth aspect of the embodiment of the present invention provides a kind of mobile network appliance, it may include:
Acquiring unit, Packet Filtering rule for obtaining the first application server, carry the IP address of first application server in Packet Filtering rule, the acquiring unit is home subscribed services device or is Policy and Charging Rules Function or is packet data gateway;
Purpose IP address is carried in base station, the packet sent for receiving terminal and output, the packet;
The packet data gateway, for judging whether the purpose IP address is identical with the IP address of the first application server described in Packet Filtering rule, if the purpose IP address is identical with the IP address of the first application server described in Packet Filtering rule, the packet is forwarded to first application server.
In the first possible implementation of fourth aspect, the mobile network appliance also includes mobile management unit and gateway;
The base station is additionally operable to the attach request of receiving terminal transmission, and the attach request is forwarded into the mobile management unit in the mobile network appliance;
The mobile management unit, for sending home subscribed services device of the location update request message into the mobile network appliance;
The home subscribed services device is used for home position and updates response message to the mobile management unit, and the carrying Packet Filtering rule in the location updating response message;
The mobile management unit is additionally operable to send gateway of the establishment conversation request message for carrying the Packet Filtering rule into the mobile network appliance;
The gateway is used to forward packet data gateway of the establishment conversation request message into the mobile network appliance, so that the packet data gateway is when receiving the packet of terminal transmission, judge whether the purpose IP address of the packet is identical with the IP address of the first application server described in the Packet Filtering rule that the establishment conversation request message is carried.
In second of possible implementation of fourth aspect, the fractional data gateway specifically for: The domain name of first application server is carried in the domain name mapping request message that receiving terminal is sent, domain name analysis request message;
Domain name analysis request message is forwarded to name server, and receives at least one IP address that first application server is carried in the domain name mapping result of domain name server transmission, domain name analysis result;
Using the IP address carried in domain name analysis result, the Packet Filtering rule related to first application server is used as.
In the third possible implementation of fourth aspect, the mobile network appliance also includes mobile management unit, gateway and Policy and Charging Rules Function;
The base station is additionally operable to the attach request of receiving terminal transmission, and the attach request is forwarded into the mobile management unit in the mobile network appliance;
The mobile management unit is used to complete after position update flow with the home subscribed services device in the mobile network appliance, retransmit the gateway for creating conversation request message into the mobile network appliance, so that the gateway forwards the packet data gateway for creating conversation request message into the mobile network appliance, complete to create session flow;
The Policy and Charging Rules Function is used for the session establishment and modification process that IP connected reference networks are initiated between the packet data gateway, the Packet Filtering rule is sent to the packet data gateway so that the packet data gateway is when receiving the packet of terminal transmission, judges whether the purpose IP address of the packet is identical with the IP address of the first application server described in the Packet Filtering rule that the session establishment and modification message of the IP connected references network are carried.
With reference to the first possible implementation of fourth aspect, in the 4th kind of possible implementation, when first application server receives handover request message, when needing the first application server for connecting terminal to switch to the second application server, the home subscribed services device is additionally operable to receive the subscription data renewal request message that first application server is sent by Policy and Charging Rules Function, and subscription data renewal response message is returned to first application server by the Policy and Charging Rules Function, so that second application server is receiving the universal embedded integrated of the first application server transmission After circuit card information collection, key generation is carried out with the universal embedded integrated circuit card and is connected foundation and is indicated the key set of the universal embedded integrated circuit card removal and first application server, wherein, the subscription data, which updates, carries that the Packet Filtering after updating is regular and access point of the affiliated dedicated network of the second application server in request message.
With reference to the third possible implementation of fourth aspect, in the 5th kind of possible implementation, when first application server receives handover request message, when needing the first application server for connecting terminal to switch to the second application server, the Policy and Charging Rules Function is additionally operable to receive the policing rule renewal request message that first application server is sent, and policing rule renewal response message is returned to first application server, so that second application server is after the universal embedded integrated circuit card information collection that first application server is sent is received, key generation is carried out with the universal embedded integrated circuit card and is connected foundation and is indicated the key set of the universal embedded integrated circuit card removal and first application server, wherein, the policing rule updates the Packet Filtering rule carried in request message after updating.
With reference to fourth aspect or first or second or the 3rd or the 4th or the 5th kind of possible implementation of combination fourth aspect, the identifying of universal embedded integrated circuit card, the mark of sets of attribute parameters and source IP address on the universal embedded integrated circuit card are also carried in the 6th kind of possible implementation, in the packet.
With reference to the 6th kind of possible implementation of fourth aspect, in the 7th kind of possible implementation, the Packet Filtering rule also capacity including packet is limited, the mark of universal embedded integrated circuit card is limited, the mark of sets of attribute parameters is limited on universal embedded integrated circuit card or the source IP address of packet is limited.
With reference to fourth aspect or first or second or the 3rd or the 4th or the 5th or the 6th or the 7th kind of possible implementation of combination fourth aspect, in the 8th kind of possible implementation, if the purpose IP address and the IP address of the first application server described in Packet Filtering rule are differed, the packet data gateway is additionally operable to send refuse information to the terminal Bing Lost abandons the packet.
With reference to fourth aspect or with reference to the first or second or the 3rd or the 4th or the 5th or the 6th of fourth aspect Or the 7th or the 8th kind of possible implementation, in the 9th kind of possible implementation, first application server or second application server are signing administrative unit-Security routing SM-SR or signing administrative unit SM.The aspect of the embodiment of the present invention the 5th provides a kind of terminal, including:
Attach request transmitting element, for sending attach request to mobile network appliance, completes attachment;IP address acquiring unit, is asked to obtain the IP address of the first application server for sending IP address acquisition to name server;
Data transmission unit, the packet of IP address of first application server is carried for transmission to the mobile network appliance, so that the mobile network appliance forwards the packet to first application server when the purpose IP addresses carried in judging the packet are identical with the IP address of the first application server described in the Packet Filtering rule that the mobile network appliance is obtained in advance;
Receiving unit, if the mobile network appliance judges that the purpose IP address carried in the packet is different from the IP address of the first application server described in the Packet Filtering rule that the mobile network appliance is obtained in advance, the refuse information that the mobile network appliance is returned is received.
In the first possible implementation of the 5th aspect, the identifying of universal embedded integrated circuit card, the mark of sets of attribute parameters and source IP address on the universal embedded integrated circuit card are also carried in the packet;
The Packet Filtering rule also capacity including packet is limited, the mark of universal embedded integrated circuit card is limited, the source IP address of the mark limit fixed sum data bag of sets of attribute parameters is limited on universal embedded integrated circuit card.The aspect of the embodiment of the present invention the 6th provides a kind of terminal, including:
Input unit, output device, memory, processor and bus, the input unit, output device, memory and processor are connected with the bus, wherein:
The memory is used for storage program, and the processor is used to call described program to follow the steps below: Attach request is sent to mobile network appliance, attachment is completed;
Send IP address acquisition request to obtain the IP address of the first application server to name server;The packet for the IP address for carrying first application server is sent to the mobile network appliance, so that the mobile network appliance forwards the packet to first application server when the purpose IP address carried in judging the packet is identical with the IP address of the first application server described in the Packet Filtering rule that the mobile network appliance is obtained in advance;
If the mobile network appliance judges that the purpose IP address carried in the packet is different from the IP address of the first application server described in the Packet Filtering rule that the mobile network appliance is obtained in advance, the refuse information that the mobile network appliance is returned is received.
In the first possible implementation of the 6th aspect, the identifying of universal embedded integrated circuit card, the mark of sets of attribute parameters and source IP address on the universal embedded integrated circuit card are also carried in the packet;
The Packet Filtering rule also capacity including packet is limited, the mark of universal embedded integrated circuit card is limited, the source IP address of the mark limit fixed sum data bag of sets of attribute parameters is limited on universal embedded integrated circuit card.
The aspect of the embodiment of the present invention the 7th provides a kind of application server system, including:
First receiving unit, for the first application server that terminal is connected if desired to be switched into the second application server, receives handover request message;
First transmitting element, for sending, subscription data updates request message or policing rule updates request message to mobile network appliance;
Second receiving unit, if the message for sending is subscription data renewal request message, the subscription data renewal response message that the mobile network appliance is returned then is received, the policing rule renewal response message that the mobile network appliance is returned is received if the message sent updates request message for policing rule;
Second transmitting element, for send universal embedded integrated circuit card information collection to second application server so that second application server and the universal embedded integrated circuit card carry out key generation and Connection is set up and indicates the key set of the universal embedded integrated circuit card removal and first application server;
Wherein, carried out during the packet of the first application server receiving terminal based on Packet Filtering rule, the subscription data, which updates, carries that the Packet Filtering after updating is regular and access point of the affiliated dedicated network of the second application server in request message, the policing rule updates the Packet Filtering rule carried in request message after updating.
In the first possible implementation of the 7th aspect, first transmitting element updates Policy and Charging Rules Function of the request message into the mobile network appliance so that the subscription data is updated the home subscribed services device that request message is transmitted in the mobile network appliance by the Policy and Charging Rules Function specifically for sending subscription data;
Second receiving unit is specifically for after the attribution server sends subscription data and updates response message to the Policy and Charging Rules Function, receiving the subscription data forwarded after the Policy and Charging Rules Function and updating response message.
In second of possible implementation of the 7th aspect, Policy and Charging Rules Function of first transmitting element specifically for sending strategy Policy Updates request message into the mobile network appliance;Second receiving unit updates response message specifically for receiving the policing rule that the Policy and Charging Rules Function is returned.Eighth aspect of the embodiment of the present invention provides a kind of application server, including:
Input unit, output device, memory, processor and bus, the input unit, output device, memory and processor are connected with the bus, wherein:
The memory is used for storage program, and the processor is used to call described program to follow the steps below:If desired the first application server that terminal is connected is switched into the second application server, the processor receives handover request message;
Send subscription data and update request message or policing rule renewal request message to mobile network appliance;If the message sent updates request message for subscription data, receive what the mobile network appliance was returned Subscription data updates response message, and the policing rule that the mobile network appliance return is received if the message sent updates request message for policing rule updates response message;
Universal embedded integrated circuit card information collection is sent to second application server so that second application server carries out key generation with the universal embedded integrated circuit card and is connected foundation and indicates the key set of the universal embedded integrated circuit card removal and first application server;
Wherein, carried out during the packet of the first application server receiving terminal based on Packet Filtering rule, the subscription data, which updates, carries that the Packet Filtering after updating is regular and access point of the affiliated dedicated network of the second application server in request message, the policing rule updates the Packet Filtering rule carried in request message after updating.
In the first possible implementation of eighth aspect, the transmission subscription data updates request message to mobile network appliance;When receiving the subscription data that the mobile network appliance returns and updating response message, the processor specifically for:
Send subscription data and update Policy and Charging Rules Function of the request message into the mobile network appliance so that the subscription data is updated the home subscribed services device that request message is transmitted in the mobile network appliance by the Policy and Charging Rules Function;
After the attribution server, which sends subscription data, updates response message to the Policy and Charging Rules Function, receive the subscription data forwarded after the Policy and Charging Rules Function and update response message.
In second of possible implementation of eighth aspect, Policy and Charging Rules Function of first transmitting element specifically for sending strategy Policy Updates request message into the mobile network appliance;Second receiving unit updates response message specifically for receiving the policing rule that the Policy and Charging Rules Function is returned.The aspect of the embodiment of the present invention the 9th provides a kind of communication system, including:
Mobile network appliance as described in fourth aspect of the embodiment of the present invention or fourth aspect any embodiment;Such as the terminal in terms of the embodiment of the present invention the 5th or as described in any embodiment in terms of the 5th; And, at least one is such as the application server in terms of the embodiment of the present invention the 7th or as described in any embodiment in terms of the 7th, the signing information for managing the terminal, to the terminal data communication that to carry out sets of attribute parameters related.
Implement the embodiment of the present invention, have the advantages that:
By the Packet Filtering rule for obtaining the IP address for carrying application server, then when receiving the packet of carrying purpose IP address of terminal transmission, purpose IP address can be judged and be matched, only when purpose IP address is identical with the IP address in data packet filtering rules, just packet can be transmitted to application server, so as to which filtering of the logarithm according to bag can be realized, avoid other private access between the incoherent business datum of configuration file or order occupancy eUICC and application server, reduce the Communication Jamming and the processing pressure of application server of the private access between eUICC and application server.Brief description of the drawings is in order to illustrate more clearly about the embodiment of the present invention or technical scheme of the prior art, the required accompanying drawing used in embodiment will be briefly described below, apparently, drawings in the following description are only some embodiments of the present invention, for those of ordinary skill in the art, on the premise of not paying creative work, other accompanying drawings can also be obtained according to these accompanying drawings.
Fig. 1 is the schematic flow sheet of the first embodiment of communication means of the present invention;
Fig. 2 is the schematic flow sheet of the second embodiment of communication means of the present invention;Fig. 3 is the schematic flow sheet of the 3rd embodiment of communication means of the present invention;Fig. 4 is the schematic flow sheet that SM-SR switchings are carried out in Fig. 2 communication means;Fig. 5 is the schematic flow sheet that SM-SR switchings are carried out in Fig. 3 communication means;Fig. 6 is the schematic flow sheet of the fourth embodiment of communication means of the present invention;
Fig. 7 is the schematic flow sheet of the 5th embodiment of communication means of the present invention;Fig. 8 is the composition schematic diagram of the first embodiment of mobile network appliance of the present invention;
Fig. 9 is the composition schematic diagram of the second embodiment of mobile network appliance of the present invention; Figure 10 is the composition schematic diagram of the first embodiment of terminal of the present invention;Figure 11 is the composition schematic diagram of the second embodiment of terminal of the present invention;Figure 12 is the composition schematic diagram of the first embodiment of application server of the present invention;Figure 13 is the composition schematic diagram of the second embodiment of application server of the present invention;Figure 14 is the composition schematic diagram of communication system of the embodiment of the present invention.
The technical scheme in the embodiment of the present invention is clearly and completely described below in conjunction with the accompanying drawing in the embodiment of the present invention for embodiment, it is clear that described embodiment is only a part of embodiment of the invention, rather than whole embodiments.Based on the embodiment in the present invention, the every other embodiment that those of ordinary skill in the art are obtained under the premise of creative work is not made belongs to the scope of protection of the invention.
The scene worked in single SM-SR can be used in communication means described herein, certainly more than two SM-SR are can be used with to work simultaneously, the scene switched may be needed, it is particularly suitable for use in and is worked simultaneously in more than two SM-SR, the scene switched as the SM-SR that terminal is accessed.Because in switching, the filtration treatment of the packet sent for terminal, avoid other the incoherent business datum of configuration file or private access that order is taken between eUICC and application server is extremely important, detailed process can be found in the detailed description of following embodiments.Fig. 1 is refer to, is the schematic flow sheet of the first embodiment of communication means of the present invention;In the present embodiment, methods described includes:S101, mobile network appliance obtains the Packet Filtering rule related to the first application server.Wherein, the IP address of first application server is carried in the Packet Filtering rule.First SM.Can also be other application servers.Available for the signing information of management terminal, enter with terminal The related data communication of row sets of attribute parameters.Route work etc. can be completed with management terminal and the passage of PERCOM peripheral communication.
Alternatively, the Packet Filtering rule be may be embodied in subscription data, and (Access Point Name, abbreviation APN M speeches breath are preserved and sent together the access point of the affiliated dedicated network of the first application server.Described access point information is used for node, gateway or the transmission channel that instruction terminal is accessed.
Purpose IP address is carried in S102, the packet that the mobile network appliance receiving terminal is sent, the packet.Alternatively, the mark of universal embedded integrated circuit card can also be carried in the packet(EID Embedded Identity, abbreviation EID), on the universal embedded integrated circuit card sets of attribute parameters mark(Integrated Circuit Card Identity, abbreviation ICCID) and source IP address.So, the gateway of packet is received it is known that source and the identification information of packet, so as to form new filter condition.
For example, the Packet Filtering rule is in addition to carrying the IP address of the first application server, the capacity that can also include packet is limited, the mark of universal embedded integrated circuit card is limited, the mark of sets of attribute parameters is limited on universal embedded integrated circuit card or the source IP address of packet is limited
The first application server can not be then transmitted to when packet size is more than some value, the first application server then can not also be transmitted to when packet size is less than some value;Or when the mark that packet is carried is with the mark or identical identification sets carried in Packet Filtering rule, the first application server can not be then transmitted to, now blacklist is designated in filtering rule, can also be when the mark that packet is carried be different from the mark carried in Packet Filtering rule, the first application server is not transmitted to, is now designated white list in filtering rule;Or when can also to work as the source IP address of packet identical with the source IP address carried in Packet Filtering rule, do not forward then, can also be when the source IP address of packet be different from the source IP address carried in Packet Filtering rule, forwarded, certainly, the mark or source IP address carried in Packet Filtering rule can be the identification sets or source IP address set that 1 or multiple marks or source IP address are constituted. Multiple qualifications can with it is single consider, can also multiple qualifications consider simultaneously, be not limited in any way herein.
S 103, the mobile network appliance judges whether the purpose IP address is identical with the IP address of the first application server described in Packet Filtering rule.Step S104 is performed if identical, step S 105 is otherwise performed.
The packet is forwarded to first application server by S 104, the mobile network appliance.S 105, transmission refuse information to the terminal Bing Lost abandons the packet.By the Packet Filtering rule for obtaining the IP address for carrying application server, then when receiving the packet of carrying purpose IP address of terminal transmission, purpose IP address can be judged and be matched, only when purpose IP address is identical with the IP address in data packet filtering rules, just packet can be transmitted to application server, so as to which filtering of the logarithm according to bag can be realized, avoid other private access between the incoherent business datum of configuration file or order occupancy eUICC and application server, reduce the Communication Jamming and the processing pressure of application server of the private access between eUICC and application server.
Fig. 2 is refer to, is the schematic flow sheet of the second embodiment of communication means of the present invention;In the present embodiment, eUICC is embedded in terminal, and application server is SM-SR, and mobile network appliance includes multiple entities, such as base station(ENB), mobile management unit(Mobile Management Entity, abbreviation MME), the moon good business gateway(Serving Gateway, abbreviation S-GW), packet data gateway(Packet Data Network Gateway, abbreviation P-GW), home subscribed services device(Home Subscription Server, abbreviation HSS), various information exchanges can be carried out between these entities to set up connection and data communication.
The mobile network appliance can receiving terminal send attach request;
Mobile management unit in the mobile network appliance by position update flow after the attribution server in the mobile network appliance obtains signatory mark, APN and data packet filtering rules, institute
The packet data gateway obtains the signatory mark, access point from the establishment conversation request message Title and data packet filtering rules.
Specifically, the implementation process of methods described may include:
1. UE sends attach request to eNodeB;
2. attach request is transmitted to MME by eNodeB;
3. MME sends position updating request to HSS(Update Location Request) message;
Responded 4. HSS updates to MME home positions(Update Location Response) message, subscription data is carried, subscription data here includes SM-SR1 Packet Filtering rules etc.;The APN of the affiliated dedicated networks of SM-SR1 can also alternatively be included.
5. MME sends to S-GW and creates session request(Create Session Request) message, carry Packet Filtering rule etc.;
6. S-GW sends to P-GW and creates session request(Create Session Request) message, carry Packet Filtering rule packet filter criteria etc.;
7. P-GW is returned to S-GW and is created conversational response(Create Session Response) message;
8. S-GW is returned to MME and is created conversational response(Create Session Response) message;Request/attachment is set to receive 9. MME sends initial context to eNodeB(Initial Context
Setup Request I Attach Request) message;
10. eNodeB sends radio resource control connection to UE and reconstructed(RRC Connection Reconfiguration) message;
11. UE returns to radio resource control connection reconstruct to eNodeB and completed(RRC Connection Reconfiguration Complete) message;
12. eNodeB returns to initial context to MME and sets response(Initial Context Setup Response) message;
13. UE sends to eNodeB and direct transferred(Direct Transfer) message;
14. eNodeB sends attachment to MME and completed(Attach Complete) message;
15. UE sends NAS layers of signaling to eNodeB:Service request(Service Request) message;
16. eNodeB sends NAS layers of signaling to MME:Service request(Service Request) disappear Breath;
17. MME sends Sl-AP layers of signaling to eNodeB:Initial context sets request(Initial Context Setup Request) message;
18. radio bearer is set up between eNodeB and UE;
19. eNodeB sends S1-AP layers of signaling to MME:Initial context is provided with(Initial
Context Setup Complete) message;
20. UE is to name server(DNS Server) obtain SM-SR1 IP address;
21. UE is forwarded by eNodeB, S-GW, upstream data bag is sent to P-GW, purpose IP address is carried;Alternatively, EID, ICCID, source IP address etc. can also be carried
22. P-GW is filtered according to the Packet Filtering rule obtained in step 6 to upstream data bag;Purpose IP address if up packet is different from the IP address of the SM-SR1 in Packet Filtering rule, then performs step 23, identical then to perform step 24.
23. refuse the forwarding of the upstream data, and refuse information is sent to UE to S-GW, eNodeB is passed sequentially through;
24. the purpose IP address if up data is identical with the IP address of the SM-SR1 in Packet Filtering rule, then the upstream data is forwarded to SM-SR1 by P-GW.
In the present embodiment, by carrying Packet Filtering rule in the location updating response message that HSS is returned to MME, and inform P-GW by MME, S-GW, so that P-GW can be filtered when receiving the packet of UE transmissions according to Packet Filtering rule to packet.Wherein, Packet Filtering rule in HSS can be set by the user or the information exchange between HSS and SM-SR1 is obtained, Packet Filtering rule can immobilize, and can also be needed to carry out adaptability renewal according to business, be not limited in any way herein.
Fig. 3 is refer to, is the schematic flow sheet of the 3rd embodiment of communication means of the present invention;In the present embodiment, the mobile network appliance also includes Policy and Charging Rules Function(Policy and Charging Rules Function, abbreviation PCRF).
The step 1- steps 3 of methods described are identical with the step 1-3 of embodiment illustrated in fig. 2. 1. UE sends attach request to eNodeB;
2. attach request is transmitted to MME by eNodeB;
3. MME sends position updating request to HSS(Update Location Request) message;
Responded 4. HSS updates to MME home positions(Update Location Response) message, subscription data is carried, subscription data here includes APN of the affiliated dedicated networks of SM-SR1 etc.;(With figure
2 illustrated embodiments are compared, and have lacked Packet Filtering rule)
Step 5- steps 6 are identical with embodiment illustrated in fig. 2.
5. MME sends to S-GW and creates session request(Create Session Request) message, carry Packet Filtering rule etc.;
6. S-GW sends to P-GW and creates session request(Create Session Request) message, carry Packet Filtering rule packet filter criteria etc.;
7. strategy and charge execution function are initiated between P-GW and PCRF(Policy and Charging Enforcement Function, abbreviation PCEF) initiate IP connected reference networks session establishment/modification
(PCEF initiated IP-CAN Session Establishment/Modification) flow, and then P-GW obtains Packet Filtering rule from PCRF;
Follow-up step 8-25 is identical with the step 7-24 of embodiment illustrated in fig. 2.
8. P-GW is returned to S-GW and is created conversational response(Create Session Response) message;
9. S-GW is returned to MME and is created conversational response(Create Session Response) message;
Request/attachment is set to receive 10. MME sends initial context to eNodeB(Initial Context Setup Request/Attach Request) message;
11. eNodeB sends radio resource control connection to UE and reconstructed(RRC Connection Reconfiguration) message;
12. UE returns to radio resource control connection reconstruct to eNodeB and completed(RRC Connection Reconfiguration Complete) message;
13. eNodeB returns to initial context to MME and sets response(Initial Context Setup
Response) message; 14. UE sends to eNodeB and direct transferred(Direct Transfer) message;
15. eNodeB sends attachment to MME and completed(Attach Complete) message;
16. UE sends NAS layers of signaling to eNodeB:Service request(Service Request) message;
17. eNodeB sends NAS layers of signaling to MME:Service request(Service Request) message;
18. MME sends S1-AP layers of signaling to eNodeB:Initial context sets request(Initial Context Setup Request) message;
19. radio bearer is set up between eNodeB and UE;
20. eNodeB sends S1-AP layers of signaling to MME:Initial context is provided with(Initial Context Setup Complete) message;
21. UE is to name server(DNS Server) obtain SM-SR1 IP address;
22. UE is forwarded by eNodeB, S-GW, upstream data bag is sent to P-GW, purpose IP address is carried;Alternatively, EID, ICCID, source IP address etc. can also be carried
23. P-GW is filtered according to the Packet Filtering rule obtained in step 6 to upstream data bag;Purpose IP address if up packet is different from the IP address of the SM-SR1 in Packet Filtering rule, then performs step 23, identical then to perform step 24.
24. refuse the forwarding of the upstream data, and refuse information is sent to UE to S-GW, eNodeB is passed sequentially through;
25. the purpose IP address if up data is identical with the IP address of the SM-SR1 in Packet Filtering rule, then the upstream data is forwarded to SM-SR1 by P-GW.
In the present embodiment, Packet Filtering rule is obtained from PCRF by P-GW.So that P-GW can be filtered when receiving the packet of UE transmissions according to Packet Filtering rule to packet.Wherein, Packet Filtering rule in PCRF can be set by the user or the information exchange between PCRF and SM-SR1 is obtained, Packet Filtering rule can immobilize, and can also be needed to carry out adaptability renewal according to business, be not limited in any way herein.
Certainly, in addition to the mode that above two obtains signing rule, mobile network appliance can also be passed through Realized with the information exchange of name server, it, which implements flow, to be:
1. described in the domain name mapping request message that sends of mobile network appliance receiving terminal, the domain name of first application server is carried in domain name analysis request message;
Wherein, domain name analysis request message is the application for the application server for being exclusively used in domain name signing management.
2. described in mobile network appliance forward domain name analysis request message to name server, and receive the domain name mapping result of domain name server transmission, at least one IP address of first application server carried in domain name analysis result;
3. described in mobile network appliance using the IP address carried in domain name analysis result, be used as the Packet Filtering rule related to first application server.
The IP address obtained by such a mode is the IP address in the related Packet Filtering rule of first application server, and both are identical, so as to provide reference conditions for follow-up Packet Filtering.
Fig. 4 is refer to, is the schematic flow sheet that SM-SR switchings are carried out in Fig. 2 communication means;In the present embodiment, methods described includes:
1. SM-SR 2 receives SM-SR handover requests;
2. SM-SR 2 replys confirmation message;
3. SM-SR 1 receives SM-SR handover requests;
4. SM-SR 1 sends subscription data by PCRF to HSS updates request(Subscription Data Update) message, carry the APN of Packet Filtering rule and signing;
5. HSS returns to confirmation message by PCRF to SM-SR 1;
6. SM-SR 1 sends eUICC information collection to SM-SR 2(EIS) information;
7. SM-SR 2 carries out key generation with the eUICC in UE and is connected foundation;
8. SM-SR 2 indicates that the eUICC in UE deletes the key set with SM-SR 1;
9. SM-SR 2 sends switching to SM-SR 1 and completes confirmation message;
10. SM-SR 2 is to initiator(Initiator) confirmation message is completed as service provider sends switching;
11. SM-SR 1 deletes EIS information corresponding with the eUICC in target UE. The renewal that HSS carries out subscription data is updated messages to by sending subscription data, so as to realize SM-SR switching.Only illustrated in the present embodiment with SM-SR switching, when SM switchings or the switching of other application server, method is identical, and here is omitted.
Fig. 5 is refer to, is the schematic flow sheet that SM-SR switchings are carried out in Fig. 3 communication means;In the present embodiment, the step 1-3 of methods described and the step 1-3 of embodiment illustrated in fig. 4 are identical.
1. SM-SR 2 receives SM-SR handover requests;
2. SM-SR 2 replys confirmation message;
3. SM-SR 1 receives SM-SR handover requests;
4. SM-SR 1 is asked to PCRF sending strategys Policy Updates(Policy Rules Update) message, carry Packet Filtering rule;
5. PCRF returns to confirmation message to SM-SR 1;
The step 6-11 of methods described is identical with the step 6-11 of embodiment illustrated in fig. 4.
6. SM-SR 1 sends eUICC information collection to SM-SR 2(EIS) information;
7. SM-SR 2 carries out key generation with the eUICC in UE and is connected foundation;
8. SM-SR 2 indicates that the eUICC in UE deletes the key set with SM-SR 1;
9. SM-SR 2 sends switching to SM-SR 1 and completes confirmation message;
10. SM-SR 2 is to initiator(Initiator) confirmation message is completed as service provider sends switching;
11. SM-SR 1 deletes EIS information corresponding with the eUICC in target UE.
The renewal that PCRF carries out subscription data is updated messages to by sending subscription data, so as to realize SM-SR switching.
Fig. 6 is refer to, is the schematic flow sheet of the fourth embodiment of communication means of the present invention;In the present embodiment, methods described includes:
5601, terminal sends attach request to mobile network appliance, completes attachment.
5602, the terminal sends IP address acquisition request to obtain the IP address of the first application server to name server. S603, the terminal sends the packet for the IP address for carrying first application server to the mobile network appliance, so that the first application server described in the Packet Filtering rule that the purpose IP address that the mobile network appliance is carried in the packet is judged is obtained in advance with the mobile network appliance
The packet is forwarded when IP address is identical to first application server.S604, if the mobile network appliance judges that the purpose IP address carried in the packet is different from the IP address of the first application server described in the Packet Filtering rule that the mobile network appliance is obtained in advance, the terminal receives the refuse information that the mobile network appliance is returned.
Fig. 7 is refer to, is the schematic flow sheet of the 5th embodiment of communication means of the present invention;In the present embodiment, methods described includes:S701, if desired switches to the second application server by the first application server that terminal is connected, and first application server receives handover request message
5702, send subscription data and update request message or policing rule renewal request message to mobile network appliance;
5703, if the message sent updates request message for subscription data, the subscription data renewal response message that the mobile network appliance is returned then is received, the policing rule renewal response message that the mobile network appliance is returned is received if the message sent updates request message for policing rule;
S704, sends universal embedded integrated circuit card information collection to second application server so that second application server carries out key generation with the universal embedded integrated circuit card and is connected foundation and indicates the key set of the universal embedded integrated circuit card removal and first application server;
Wherein, carried out during the packet of the first application server receiving terminal based on Packet Filtering rule, the subscription data, which updates, carries that the Packet Filtering after updating is regular and access point of the affiliated dedicated network of the second application server in request message, the policing rule updates the Packet Filtering rule carried in request message after updating.
Alternatively, the transmission subscription data updates request message to mobile network appliance;Receive the subscription data renewal response message that the mobile network appliance is returned;Including: First application server sends subscription data and updates Policy and Charging Rules Function of the request message into the mobile network appliance so that the subscription data is updated the home subscribed services device that request message is transmitted in the mobile network appliance by the Policy and Charging Rules Function;
After the attribution server, which sends subscription data, updates response message to the Policy and Charging Rules Function, first application server receives the subscription data forwarded after the Policy and Charging Rules Function and updates response message.
The specific flow that can refer to shown in Fig. 4, here is omitted.Alternatively, the sending strategy Policy Updates request message is to mobile network appliance;The policing rule renewal response message that the mobile network appliance is returned is received, including:
Policy and Charging Rules Function of the first application server sending strategy Policy Updates request message into the mobile network appliance;
Receive the policing rule renewal response message that the Policy and Charging Rules Function is returned.
The specific flow that can refer to shown in Fig. 5, here is omitted.Fig. 8 is refer to, is the composition schematic diagram of the first embodiment of mobile network appliance of the present invention;In the present embodiment, the mobile network appliance includes:Acquiring unit 100, Packet Filtering rule for obtaining the first application server, carry the IP address of first application server in Packet Filtering rule, the acquiring unit 100 is home subscribed services device or is Policy and Charging Rules Function or is packet data gateway 300;
Purpose IP addresses are carried in base station 200, the packet sent for receiving terminal and output, the packet;
The packet data gateway 300, for judging whether the purpose IP address is identical with the IP address of the first application server described in Packet Filtering rule, if the purpose IP address is identical with the IP address of the first application server described in Packet Filtering rule, the packet is forwarded to first application server.
Wherein, the IP address of first application server is carried in the Packet Filtering rule.It is described First application server can be signing administrative unit-Security routing SM-SR or signing administrative unit SM.Can also be other application servers.Available for the signing information of management terminal, the data communication related to terminal progress sets of attribute parameters.Route work etc. can be completed with management terminal and the passage of PERCOM peripheral communication.
Alternatively, the Packet Filtering rule be may be embodied in subscription data, and (Access Point Name, abbreviation APN M speeches breath are preserved and sent together the access point of the affiliated dedicated network of the first application server.Described access point information is used for node, gateway or the transmission channel that instruction terminal is accessed.Alternatively, also carried in the packet the identifying of universal embedded integrated circuit card, on the universal embedded integrated circuit card sets of attribute parameters mark and source IP address.
Alternatively, the Packet Filtering rule also capacity including packet is limited, the mark of universal embedded integrated circuit card is limited, the mark of sets of attribute parameters is limited on universal embedded integrated circuit card or the source IP address of packet is limited.
For example, the Packet Filtering rule is in addition to carrying the IP address of the first application server, the capacity that can also include packet is limited, the mark of universal embedded integrated circuit card is limited, the mark of sets of attribute parameters is limited on universal embedded integrated circuit card or the source IP address of packet is limited, the first application server can not be then transmitted to when packet size is more than some value, the first application server then can not also be transmitted to when packet size is less than some value;Or when the mark that packet is carried is with the mark or identical identification sets carried in Packet Filtering rule, the first application server can not be then transmitted to, now blacklist is designated in filtering rule, can also be when the mark that packet is carried be different from the mark carried in Packet Filtering rule, the first application server is not transmitted to, is now designated white list in filtering rule;Or when can also to work as the source IP address of packet identical with the source IP address carried in Packet Filtering rule, do not forward then, can also be when the source IP address of packet be different from the source IP address carried in Packet Filtering rule, forwarded, certainly, the mark or source IP address carried in Packet Filtering rule can be the identification sets or source IP address collection that 1 or multiple marks or source IP address are constituted.Multiple qualifications can with it is single consider, can also multiple qualifications consider simultaneously, be not limited in any way herein.
If the purpose IP address and the IP address of the first application server described in Packet Filtering rule are differed, the packet data gateway 300 is additionally operable to send refuse information to the terminal Bing Lost abandons institute State packet.
Fig. 9 is refer to, is the composition schematic diagram of the second embodiment of mobile network appliance of the present invention;In the present embodiment, the mobile network appliance includes:The IP address of first application server is carried in acquiring unit, the Packet Filtering rule for obtaining the first application server, the Packet Filtering rule, the acquiring unit is home subscribed services device 100;
Purpose IP addresses are carried in base station 200, the packet sent for receiving terminal and output, the packet;
Packet data gateway 300, for judging whether the purpose IP address is identical with the IP address of the first application server described in Packet Filtering rule, if the purpose IP address is identical with the IP address of the first application server described in Packet Filtering rule, the packet is forwarded to first application server.
The mobile network appliance also includes mobile management unit 400, gateway 500 and Policy and Charging Rules Function 600;
The base station 200 is additionally operable to the attach request of receiving terminal transmission, and the attach request is forwarded to the mobile management unit 400 in the mobile network appliance;
The mobile management unit 400, for sending home subscribed services device 300 of the location update request message into the mobile network appliance;
The home subscribed services device 300 is used for home position and updates response message to the mobile management unit 400, and the carrying Packet Filtering rule in the location updating response message;
The mobile management unit 400 is additionally operable to send gateway 500 of the establishment conversation request message for carrying the Packet Filtering rule into the mobile network appliance;
The gateway 500 is used to forward packet data gateway 300 of the establishment conversation request message into the mobile network appliance, so that the packet data gateway 300 is when receiving the packet of terminal transmission, judge whether the purpose IP address of the packet is identical with the IP address of the first application server described in the Packet Filtering rule that the establishment conversation request message is carried. Alternatively, when first application server receives handover request message, when needing the first application server for connecting terminal to switch to the second application server, the home subscribed services device 500 is additionally operable to receive the subscription data renewal request message that first application server is sent by Policy and Charging Rules Function 600, and subscription data renewal response message is returned to first application server by the Policy and Charging Rules Function 600, so that second application server is after the universal embedded integrated circuit card information collection that first application server is sent is received, key generation is carried out with the universal embedded integrated circuit card and is connected foundation and is indicated the key set of the universal embedded integrated circuit card removal and first application server, wherein, the subscription data, which updates, carries that the Packet Filtering after updating is regular and access point of the affiliated dedicated network of the second application server in request message.
By carrying Packet Filtering rule in the location updating response message that HSS is returned to MME, and inform P-GW by MME, S-GW, so that P-GW can be filtered when receiving the packet of UE transmissions according to Packet Filtering rule to packet.Wherein, Packet Filtering rule in HSS can be set by the user or the information exchange between HSS and SM-SR1 is obtained, Packet Filtering rule can immobilize, and can also be needed to carry out adaptability renewal according to business, be not limited in any way herein.
Or the acquiring unit is Policy and Charging Rules Function 600;
Then the base station 200 is additionally operable to the attach request of receiving terminal transmission, and the attach request is forwarded to the mobile management unit 400 in the mobile network appliance;
The mobile management unit 400 is used to complete after position update flow with the home subscribed services device 100 in the mobile network appliance, retransmit the gateway 500 for creating conversation request message into the mobile network appliance, so that the gateway 500 forwards packet data gateway 300 of the establishment conversation request message into the mobile network appliance, complete to create session flow;
The session establishment and modification process of IP connected reference networks, the Packet Filtering rule is sent to the packet data gateway 300 so that the packet data gateway 300 is when receiving the packet of terminal transmission, judges whether the purpose IP address of the packet disappears with the session establishment of the IP connected references network and modification The IP address for ceasing the first application server described in the Packet Filtering rule carried is identical.
When first application server receives handover request message, when needing the first application server for connecting terminal to switch to the second application server, the Policy and Charging Rules Function 600 is additionally operable to receive the policing rule renewal request message that first application server is sent, and policing rule renewal response message is returned to first application server, so that second application server is after the universal embedded integrated circuit card information collection that first application server is sent is received, key generation is carried out with the universal embedded integrated circuit card and is connected foundation and is indicated the key set of the universal embedded integrated circuit card removal and first application server, wherein, the policing rule updates the Packet Filtering rule carried in request message after updating.
By P-GW Packet Filtering rule is obtained from PCRF.So that P-GW can received
During the packet that UE is sent, packet is filtered according to Packet Filtering rule.Wherein, Packet Filtering rule in PCRF can be set by the user or the information exchange between PCRF and SM-SR1 is obtained, Packet Filtering rule can immobilize, and can also be needed to carry out adaptability renewal according to business, be not limited in any way herein.
Or the acquiring unit be packet data gateway 300, the packet data gateway 300 specifically for:The domain name of first application server is carried in the domain name mapping request message that receiving terminal is sent, domain name analysis request message;
Domain name analysis request message is forwarded to name server, and receives at least one IP address that first application server is carried in the domain name mapping result of domain name server transmission, domain name analysis result;
Using the IP address carried in domain name analysis result, the Packet Filtering rule related to first application server is used as.
Figure 10 is refer to, is the composition schematic diagram of the first embodiment of terminal of the present invention;In the present embodiment, the terminal includes:Attach request transmitting element 110, for sending attach request to mobile network appliance, completes attachment;
IP address acquiring unit 120, request is obtained to obtain for sending IP address to name server The IP address of one application server;
Data transmission unit 130, the packet of IP address of first application server is carried for transmission to the mobile network appliance, so that the mobile network appliance forwards the packet to first application server when the purpose IP address carried in judging the packet is identical with the IP address of the first application server described in the Packet Filtering rule that the mobile network appliance is obtained in advance;
Receiving unit 140, if the mobile network appliance judges that the purpose IP address carried in the packet is different from the IP address of the first application server described in the Packet Filtering rule that the mobile network appliance is obtained in advance, the refuse information that the mobile network appliance is returned is received.
Also carried in the packet the identifying of universal embedded integrated circuit card, on the universal embedded integrated circuit card sets of attribute parameters mark and source IP address;
The Packet Filtering rule also capacity including packet is limited, the mark of universal embedded integrated circuit card is limited, the source IP address of the mark limit fixed sum data bag of sets of attribute parameters is limited on universal embedded integrated circuit card.
For example, the Packet Filtering rule is in addition to carrying the IP address of the first application server, the capacity that can also include packet is limited, the mark of universal embedded integrated circuit card is limited, the mark of sets of attribute parameters is limited on universal embedded integrated circuit card or the source IP address of packet is limited, the first application server can not be then transmitted to when packet size is more than some value, the first application server then can not also be transmitted to when packet size is less than some value;Or when the mark that packet is carried is with the mark or identical identification sets carried in Packet Filtering rule, the first application server can not be then transmitted to, now blacklist is designated in filtering rule, can also be when the mark that packet is carried be different from the mark carried in Packet Filtering rule, the first application server is not transmitted to, is now designated white list in filtering rule;Or when can also to work as the source IP address of packet identical with the source IP address carried in Packet Filtering rule, do not forward then, can also be when the source IP address of packet be different from the source IP address carried in Packet Filtering rule, forwarded, certainly, the mark or source IP address carried in Packet Filtering rule can be the identification sets or source IP address collection that 1 or multiple marks or source IP address are constituted.Multiple qualifications can with it is single consider, can also multiple qualifications consider simultaneously, be not limited in any way herein. Figure 11 is refer to, is the composition schematic diagram of the second embodiment of terminal of the present invention;In the present embodiment, the terminal includes:Input unit 210, output device 220, memory 230, processor 240 and bus, the input unit 210, output device 220, memory 230 and processor 240 are connected with the bus, wherein:
The memory 230 is used for storage program, and the processor 240 is used to call described program to follow the steps below:
Attach request is sent to mobile network appliance, attachment is completed;
Send IP address acquisition request to obtain the IP address of the first application server to name server;The packet for the IP address for carrying first application server is sent to the mobile network appliance, so that the mobile network appliance forwards the packet to first application server when the purpose IP address carried in judging the packet is identical with the IP address of the first application server described in the Packet Filtering rule that the mobile network appliance is obtained in advance;
If the mobile network appliance judges that the purpose IP address carried in the packet is different from the IP address of the first application server described in the Packet Filtering rule that the mobile network appliance is obtained in advance, the refuse information that the mobile network appliance is returned is received.
Alternatively, also carried in the packet the identifying of universal embedded integrated circuit card, on the universal embedded integrated circuit card sets of attribute parameters mark and source IP address;
The Packet Filtering rule also capacity including packet is limited, the mark of universal embedded integrated circuit card is limited, the source IP address of the mark limit fixed sum data bag of sets of attribute parameters is limited on universal embedded integrated circuit card.
Figure 12 is refer to, is the composition schematic diagram of the first embodiment of application server of the present invention;In the present embodiment, the application server includes:First receiving unit 310, for the first application server that terminal is connected if desired to be switched into the second application server, receives handover request message;
First transmitting element 320, for sending, subscription data updates request message or policing rule updates request Message is to mobile network appliance;
Second receiving unit 330, if the message for sending is subscription data renewal request message, the subscription data renewal response message that the mobile network appliance is returned then is received, the policing rule renewal response message that the mobile network appliance is returned is received if the message sent updates request message for policing rule;
Second transmitting element 340, for sending universal embedded integrated circuit card information collection to second application server so that second application server carries out key generation with the universal embedded integrated circuit card and be connected foundation and indicate the key set of the universal embedded integrated circuit card removal and first application server;
Wherein, carried out during the packet of the first application server receiving terminal based on Packet Filtering rule, the subscription data, which updates, carries that the Packet Filtering after updating is regular and access point of the affiliated dedicated network of the second application server in request message, the policing rule updates the Packet Filtering rule carried in request message after updating.
Alternatively, first transmitting element 310 updates Policy and Charging Rules Function of the request message into the mobile network appliance so that the subscription data is updated the home subscribed services device that request message is transmitted in the mobile network appliance by the Policy and Charging Rules Function specifically for sending subscription data;
Second receiving unit 330 is specifically for after the attribution server sends subscription data and updates response message to the Policy and Charging Rules Function, receiving the subscription data forwarded after the Policy and Charging Rules Function and updating response message.
Or, Policy and Charging Rules Function of first transmitting element 310 specifically for sending strategy Policy Updates request message into the mobile network appliance;
Second receiving unit 330 updates response message specifically for receiving the policing rule that the Policy and Charging Rules Function is returned.
Figure 13 is refer to, is the composition schematic diagram of the second embodiment of application server of the present invention;In the present embodiment, the application server includes:Input unit 410, output device 420, memory 430, processor 440 and bus, it is described Input unit 410, output device 420, memory 430 and processor 440 are connected with the bus, wherein:
The memory 430 is used for storage program, and the processor 440 is used to call described program to follow the steps below:
If desired the first application server that terminal is connected is switched into the second application server, the processor
440 receive handover request message;
Send subscription data and update request message or policing rule renewal request message to mobile network appliance;If the message sent updates request message for subscription data, the subscription data renewal response message that the mobile network appliance is returned then is received, the policing rule renewal response message that the mobile network appliance is returned is received if the message sent updates request message for policing rule;
Universal embedded integrated circuit card information collection is sent to second application server so that second application server carries out key generation with the universal embedded integrated circuit card and is connected foundation and indicates the key set of the universal embedded integrated circuit card removal and first application server;
Wherein, carried out during the packet of the first application server receiving terminal based on Packet Filtering rule, the subscription data, which updates, carries that the Packet Filtering after updating is regular and access point of the affiliated dedicated network of the second application server in request message, the policing rule updates the Packet Filtering rule carried in request message after updating.
The transmission subscription data updates request message to mobile network appliance;When receiving the subscription data that the mobile network appliance returns and updating response message, the processor 440 specifically for:
Send subscription data and update Policy and Charging Rules Function of the request message into the mobile network appliance so that the subscription data is updated the home subscribed services device that request message is transmitted in the mobile network appliance by the Policy and Charging Rules Function;
After the attribution server, which sends subscription data, updates response message to the Policy and Charging Rules Function, receive the subscription data forwarded after the Policy and Charging Rules Function and update response message.
The sending strategy Policy Updates request message is to mobile network appliance; When receiving the policing rule that the mobile network appliance returns and updating response message, the processor 440 specifically for:
Policy and Charging Rules Function of the sending strategy Policy Updates request message into the mobile network appliance;
Receive the policing rule renewal response message that the Policy and Charging Rules Function is returned.
Figure 14 is refer to, is the composition schematic diagram of communication system of the embodiment of the present invention.In the present embodiment, the communication system includes:Mobile network appliance as described in the first or second any embodiment of mobile network appliance of the present invention;Terminal as described in the first or second any embodiment of terminal of the present invention;
And, the application server as described at least one first or second any embodiment such as application server of the present invention, the signing information for managing the terminal, to the terminal data communication that to carry out sets of attribute parameters related.
Each embodiment in this specification is described by the way of progressive, what each embodiment was stressed be between the difference with other embodiments, each embodiment identical similar part mutually referring to.For device embodiment, because it is substantially similar to embodiment of the method, so description is fairly simple, the relevent part can refer to the partial explaination of embodiments of method.
By the description of above-described embodiment, the present invention has advantages below:By the Packet Filtering rule for obtaining the IP address for carrying application server, then when receiving the packet of carrying purpose IP address of terminal transmission, purpose IP address can be judged and be matched, only when purpose IP address is identical with the IP address in data packet filtering rules, just packet can be transmitted to application server, so as to which filtering of the logarithm according to bag can be realized, avoid other private access between the incoherent business datum of configuration file or order occupancy eUICC and application server, reduce the Communication Jamming and SM-SR processing pressure of the private access between eUICC and application server.
One of ordinary skill in the art will appreciate that:Realizing all or part of step of above method embodiment can be completed by the related hardware of programmed instruction, and foregoing program can be stored in an embodied on computer readable and deposit In storage media, the program upon execution, performs the step of including above method embodiment;And foregoing storage medium includes:ROM, RAM, magnetic disc or CD etc. are various can be with the medium of store program codes.
A kind of communication means, mobile network appliance, terminal, application server and the system provided above the embodiment of the present invention is described in detail, specific case used herein is set forth to the principle and embodiment of the present invention, and the explanation of above example is only intended to help to understand method and its core concept of the invention;Simultaneously for those of ordinary skill in the art, according to the thought of the present invention, it will change in specific embodiments and applications, in summary, this specification content should not be construed as limiting the invention.

Claims (1)

  1. Claim
    1st, a kind of communication means, it is characterised in that including:
    Mobile network appliance obtains the IP address that first application server is carried in the Packet Filtering rule related to the first application server, the Packet Filtering rule;
    Purpose IP address is carried in the packet that the mobile network appliance receiving terminal is sent, the packet;
    The mobile network appliance judges whether the purpose IP address is identical with the IP address of the first application server described in Packet Filtering rule;
    If the purpose IP address is identical with the IP address of the first application server described in Packet Filtering rule, the packet is forwarded to first application server by the mobile network appliance.
    2nd, the method as described in claim 1, it is characterised in that the mobile network appliance obtains the Packet Filtering rule of the first application server, including:
    The attach request that the mobile network appliance receiving terminal is sent;
    Mobile management unit in the mobile network appliance by position update flow after the attribution server in the mobile network appliance obtains signatory mark, APN and data packet filtering rules, the establishment conversation request message that sends of the mobile management unit;
    The packet data gateway obtains the signatory mark, APN and data packet filtering rules from the establishment conversation request message.
    3rd, the method as described in claim 1, it is characterised in that the mobile network appliance obtains the Packet Filtering rule of the first application server, including:
    The domain name mapping request message that the mobile network appliance receiving terminal is sent, domain name analysis request The domain name of first application server is carried in message;
    The mobile network appliance forwards domain name analysis request message to name server, and receives at least one IP address that first application server is carried in the domain name mapping result of domain name server transmission, domain name analysis result;
    The mobile network appliance is used as the Packet Filtering rule related to first application server using the IP address carried in domain name analysis result.
    4th, the method as described in claim 1, it is characterised in that the mobile network appliance obtains the Packet Filtering rule of the first application server, including:
    The attach request that the mobile network appliance receiving terminal is sent;
    Mobile management unit in the mobile network appliance is completed after position update flow with the home subscribed services device in the mobile network appliance, retransmit the gateway for creating conversation request message into the mobile network appliance, so that the gateway forwards the packet data gateway for creating conversation request message into the mobile network appliance, complete to create session flow;
    The session establishment and modification process of IP connected reference networks are initiated between Policy and Charging Rules Function and the packet data gateway in the mobile network appliance, the Packet Filtering rule is sent to the packet data gateway so that the packet data gateway is when receiving the packet of terminal transmission, judges whether the purpose IP address of the packet is identical with the IP address of the first application server described in the Packet Filtering rule that the session establishment and modification message of the IP connected references network are carried.
    5, method as claimed in claim 2, it is characterized in that, when first application server receives handover request message, when needing the first application server for connecting terminal to switch to the second application server, home subscribed services device in the mobile network appliance receives the subscription data renewal request message that first application server is sent by Policy and Charging Rules Function, and subscription data renewal response message is returned to first application server by the Policy and Charging Rules Function, so that second application server is receiving the universal embedded integrated circuit card information that first application server is sent After collection, key generation is carried out with the universal embedded integrated circuit card and is connected foundation and is indicated the key set of the universal embedded integrated circuit card removal and first application server, wherein, the subscription data, which updates, carries that the Packet Filtering after updating is regular and access point of the affiliated dedicated network of the second application server in request message.
    6, method as claimed in claim 4, it is characterized in that, when first application server receives handover request message, when needing the first application server for connecting terminal to switch to the second application server, Policy and Charging Rules Function in the mobile network appliance receives the policing rule renewal request message that first application server is sent, and policing rule renewal response message is returned to first application server, so that second application server is after the universal embedded integrated circuit card information collection that first application server is sent is received, key generation is carried out with the universal embedded integrated circuit card and is connected foundation and is indicated the key set of the universal embedded integrated circuit card removal and first application server, wherein, the policing rule updates the Packet Filtering rule carried in request message after updating.7th, the method as described in claim any one of 1-6, it is characterised in that also carried in the packet the identifying of universal embedded integrated circuit card, on the universal embedded integrated circuit card sets of attribute parameters mark and source IP address.
    8th, method as claimed in claim 7, characterized in that, the Packet Filtering is regular or the renewal after the Packet Filtering rule also capacity including packet limit, the mark of universal embedded integrated circuit card is limited, the mark of sets of attribute parameters is limited on universal embedded integrated circuit card or the source IP address of packet is limited.
    9th, the method as described in claim any one of 1-8, it is characterized in that, if the IP address of the first application server is differed described in the purpose IP address and Packet Filtering rule, transmission refuse information to the terminal Bing Lost abandons the packet. 10th, the method as described in claim any one of 1-9, it is characterised in that first application server or second application server are signing administrative unit-Security routing SM-SR or signing administrative unit SM.
    11st, a kind of communication means, it is characterised in that including:
    Terminal sends attach request to mobile network appliance, completes attachment;
    The terminal sends IP address acquisition request to obtain the IP addresses of the first application server to name server;
    The terminal sends the packet for the IP address for carrying first application server to the mobile network appliance, so that the mobile network appliance forwards the packet to first application server when the purpose IP address carried in judging the packet is identical with the IP address of the first application server described in the Packet Filtering rule that the mobile network appliance is obtained in advance;
    If the mobile network appliance judges that the purpose IP address carried in the packet is different from the IP address of the first application server described in the Packet Filtering rule that the mobile network appliance is obtained in advance, the terminal receives the refuse information that the mobile network appliance is returned.
    12nd, method as claimed in claim 10, it is characterised in that also carried in the packet the identifying of universal embedded integrated circuit card, on the universal embedded integrated circuit card sets of attribute parameters mark and source IP address;
    The Packet Filtering rule also capacity including packet is limited, the mark of universal embedded integrated circuit card is limited, the source IP address of the mark limit fixed sum data bag of sets of attribute parameters is limited on universal embedded integrated circuit card.13rd, a kind of communication means, it is characterised in that including:
    If desired the first application server that terminal is connected is switched into the second application server, described first should Handover request message is received with server;
    Send subscription data and update request message or policing rule renewal request message to mobile network appliance;If the message sent updates request message for subscription data, the subscription data renewal response message that the mobile network appliance is returned then is received, the policing rule renewal response message that the mobile network appliance is returned is received if the message sent updates request message for policing rule;
    Universal embedded integrated circuit card information collection is sent to second application server so that second application server carries out key generation with the universal embedded integrated circuit card and is connected foundation and indicates the key set of the universal embedded integrated circuit card removal and first application server;
    Wherein, carried out during the packet of the first application server receiving terminal based on Packet Filtering rule, the subscription data, which updates, carries that the Packet Filtering after updating is regular and access point of the affiliated dedicated network of the second application server in request message, the policing rule updates the Packet Filtering rule carried in request message after updating.
    14th, communication means as claimed in claim 13, it is characterised in that the transmission subscription data updates request message to mobile network appliance;Receive the subscription data renewal response message that the mobile network appliance is returned;Including:
    First application server sends subscription data and updates Policy and Charging Rules Function of the request message into the mobile network appliance so that the subscription data is updated the home subscribed services device that request message is transmitted in the mobile network appliance by the Policy and Charging Rules Function;
    After the attribution server, which sends subscription data, updates response message to the Policy and Charging Rules Function, first application server receives the subscription data forwarded after the Policy and Charging Rules Function and updates response message.
    15th, communication means as claimed in claim 14, it is characterised in that the sending strategy Policy Updates request message to mobile network appliance;The policing rule renewal response message that the mobile network appliance is returned is received, including: Policy and Charging Rules Function of the first application server sending strategy Policy Updates request message into the mobile network appliance;
    Receive the policing rule renewal response message that the Policy and Charging Rules Function is returned.16th, a kind of mobile network appliance, it is characterised in that including:
    Acquiring unit, the Packet Filtering rule related for obtaining the first application server, carry the IP address of first application server in Packet Filtering rule, the acquiring unit is home subscribed services device or is Policy and Charging Rules Function or is packet data gateway;
    Purpose IP address is carried in base station, the packet sent for receiving terminal and output, the packet;
    The packet data gateway, for judging whether the purpose IP address is identical with the IP address of the first application server described in Packet Filtering rule, if the purpose IP address is identical with the IP address of the first application server described in Packet Filtering rule, the packet is forwarded to first application server.
    17th, mobile network appliance as claimed in claim 16, it is characterised in that the mobile network appliance also includes mobile management unit and gateway;
    The base station is additionally operable to the attach request of receiving terminal transmission, and the attach request is forwarded into the mobile management unit in the mobile network appliance;
    The mobile management unit, for sending home subscribed services device of the location update request message into the mobile network appliance;
    The home subscribed services device is used for home position and updates response message to the mobile management unit, and the carrying Packet Filtering rule in the location updating response message;
    The mobile management unit is additionally operable to send gateway of the establishment conversation request message for carrying the Packet Filtering rule into the mobile network appliance;
    The gateway is used to forward the establishment conversation request message into the mobile network appliance Packet data gateway, so that the packet data gateway is when receiving the packet of terminal transmission, judge whether the purpose IP address of the packet is identical with the IP address of the first application server described in the Packet Filtering rule that the establishment conversation request message is carried.18th, mobile network appliance as claimed in claim 16, it is characterised in that the fractional data gateway specifically for:
    The domain name of first application server is carried in the domain name mapping request message that receiving terminal is sent, domain name analysis request message;
    Domain name analysis request message is forwarded to name server, and receives at least one IP address that first application server is carried in the domain name mapping result of domain name server transmission, domain name analysis result;
    Using the IP address carried in domain name analysis result, the Packet Filtering rule related to first application server is used as.19th, mobile network appliance as claimed in claim 16, it is characterised in that the mobile network appliance also includes mobile management unit, gateway and Policy and Charging Rules Function;
    The base station is additionally operable to the attach request of receiving terminal transmission, and the attach request is forwarded into the mobile management unit in the mobile network appliance;
    The mobile management unit is used to complete after position update flow with the home subscribed services device in the mobile network appliance, retransmit the gateway for creating conversation request message into the mobile network appliance, so that the gateway forwards the packet data gateway for creating conversation request message into the mobile network appliance, complete to create session flow;
    The Policy and Charging Rules Function is used for the session establishment and modification process that IP connected reference networks are initiated between the packet data gateway, Packet Filtering rule is sent to the packet data gateway so that the packet data gateway is when receiving the packet of terminal transmission, judges whether the purpose IP address of the packet with the session establishment of the IP connected references network and changes the packet mistake of message carrying The IP address of the first application server is identical described in filter rule.
    20, mobile network appliance as claimed in claim 16, it is characterized in that, when first application server receives handover request message, when needing the first application server for connecting terminal to switch to the second application server, the home subscribed services device is additionally operable to receive the subscription data renewal request message that first application server is sent by Policy and Charging Rules Function, and subscription data renewal response message is returned to first application server by the Policy and Charging Rules Function, so that second application server is after the universal embedded integrated circuit card information collection that first application server is sent is received, key generation is carried out with the universal embedded integrated circuit card and is connected foundation and is indicated the key set of the universal embedded integrated circuit card removal and first application server, wherein, the subscription data, which updates, carries that the Packet Filtering after updating is regular and access point of the affiliated dedicated network of the second application server in request message.
    21, mobile network appliance as claimed in claim 18, it is characterized in that, when first application server receives handover request message, when needing the first application server for connecting terminal to switch to the second application server, the Policy and Charging Rules Function is additionally operable to receive the policing rule renewal request message that first application server is sent, and policing rule renewal response message is returned to first application server, so that second application server is after the universal embedded integrated circuit card information collection that first application server is sent is received, key generation is carried out with the universal embedded integrated circuit card and is connected foundation and is indicated the key set of the universal embedded integrated circuit card removal and first application server, wherein, the policing rule updates the Packet Filtering rule carried in request message after updating.
    22nd, the mobile network appliance as described in claim any one of 16-20, characterized in that, also carried in the packet the identifying of universal embedded integrated circuit card, on the universal embedded integrated circuit card sets of attribute parameters mark and source IP address. 23rd, the mobile network appliance as described in right wants 21, characterized in that, the Packet Filtering rule also capacity including packet is limited, the mark of universal embedded integrated circuit card is limited, the mark of sets of attribute parameters is limited on universal embedded integrated circuit card or the source IP address of packet is limited.24th, the mobile network appliance as described in claim any one of 16-22, it is characterized in that, if the purpose IP address and the IP address of the first application server described in Packet Filtering rule are differed, the packet data gateway is additionally operable to send refuse information to the terminal Bing Lost abandons the packet.
    25th, the mobile network appliance as described in claim any one of 16-23, it is characterised in that first application server or second application server are signing administrative unit-Security routing SM-SR or signing administrative unit SM.
    26th, a kind of terminal, it is characterised in that including:
    Attach request transmitting element, for sending attach request to mobile network appliance, completes attachment;IP address acquiring unit, is asked to obtain the IP address of the first application server for sending IP address acquisition to name server;
    Data transmission unit, the packet of IP address of first application server is carried for transmission to the mobile network appliance, so that the mobile network appliance forwards the packet to first application server when the purpose IP addresses carried in judging the packet are identical with the IP address of the first application server described in the Packet Filtering rule that the mobile network appliance is obtained in advance;
    Receiving unit, if the mobile network appliance judges that the purpose IP address carried in the packet is different from the IP address of the first application server described in the Packet Filtering rule that the mobile network appliance is obtained in advance, the refuse information that the mobile network appliance is returned is received.27th, terminal as claimed in claim 26, it is characterised in that the identifying of universal embedded integrated circuit card is also carried in the packet, on the universal embedded integrated circuit card mark of sets of attribute parameters and Source IP address;
    The Packet Filtering rule also capacity including packet is limited, the mark of universal embedded integrated circuit card is limited, the source IP address of the mark limit fixed sum data bag of sets of attribute parameters is limited on universal embedded integrated circuit card.
    28th, a kind of terminal, it is characterised in that including:
    Input unit, output device, memory, processor and bus, the input unit, output device, memory and processor are connected with the bus, wherein:
    The memory is used for storage program, and the processor is used to call described program to follow the steps below:Attach request is sent to mobile network appliance, attachment is completed;
    Send IP address acquisition request to obtain the IP address of the first application server to name server;The packet for the IP address for carrying first application server is sent to the mobile network appliance, so that the mobile network appliance forwards the packet to first application server when the purpose IP address carried in judging the packet is identical with the IP address of the first application server described in the Packet Filtering rule that the mobile network appliance is obtained in advance;
    If the mobile network appliance judges that the purpose IP address carried in the packet is different from the IP address of the first application server described in the Packet Filtering rule that the mobile network appliance is obtained in advance, the refuse information that the mobile network appliance is returned is received.29th, terminal as claimed in claim 28, it is characterised in that also carried in the packet the identifying of universal embedded integrated circuit card, on the universal embedded integrated circuit card sets of attribute parameters mark and source IP address;
    The Packet Filtering rule also capacity including packet is limited, the mark of universal embedded integrated circuit card is limited, the source IP address of the mark limit fixed sum data bag of sets of attribute parameters is limited on universal embedded integrated circuit card. 30th, a kind of application server, it is characterised in that including:
    First receiving unit, for the first application server that terminal is connected if desired to be switched into the second application server, receives handover request message;
    First transmitting element, for sending, subscription data updates request message or policing rule updates request message to mobile network appliance;
    Second receiving unit, if the message for sending is subscription data renewal request message, the subscription data renewal response message that the mobile network appliance is returned then is received, the policing rule renewal response message that the mobile network appliance is returned is received if the message sent updates request message for policing rule;
    Second transmitting element, for sending universal embedded integrated circuit card information collection to second application server so that second application server carries out key generation with the universal embedded integrated circuit card and be connected foundation and indicate the key set of the universal embedded integrated circuit card removal and first application server;
    Wherein, carried out during the packet of the first application server receiving terminal based on Packet Filtering rule, the subscription data, which updates, carries that the Packet Filtering after updating is regular and access point of the affiliated dedicated network of the second application server in request message, the policing rule updates the Packet Filtering rule carried in request message after updating.
    31st, application server as claimed in claim 30, characterized in that, first transmitting element updates Policy and Charging Rules Function of the request message into the mobile network appliance so that the subscription data is updated the home subscribed services device that request message is transmitted in the mobile network appliance by the Policy and Charging Rules Function specifically for sending subscription data;
    Second receiving unit is specifically for after the attribution server sends subscription data and updates response message to the Policy and Charging Rules Function, receiving the subscription data forwarded after the Policy and Charging Rules Function and updating response message.
    32nd, application server as claimed in claim 30, it is characterised in that first transmitting element Specifically for Policy and Charging Rules Function of the sending strategy Policy Updates request message into the mobile network appliance;
    Second receiving unit updates response message specifically for receiving the policing rule that the Policy and Charging Rules Function is returned.
    33rd, a kind of application server, it is characterised in that including:
    Input unit, output device, memory, processor and bus, the input unit, output device, memory and processor are connected with the bus, wherein:
    The memory is used for storage program, and the processor is used to call described program to follow the steps below:If desired the first application server that terminal is connected is switched into the second application server, the processor receives handover request message;
    Send subscription data and update request message or policing rule renewal request message to mobile network appliance;If the message sent updates request message for subscription data, the subscription data renewal response message that the mobile network appliance is returned then is received, the policing rule renewal response message that the mobile network appliance is returned is received if the message sent updates request message for policing rule;
    Universal embedded integrated circuit card information collection is sent to second application server so that second application server carries out key generation with the universal embedded integrated circuit card and is connected foundation and indicates the key set of the universal embedded integrated circuit card removal and first application server;
    Wherein, carried out during the packet of the first application server receiving terminal based on Packet Filtering rule, the subscription data, which updates, carries that the Packet Filtering after updating is regular and access point of the affiliated dedicated network of the second application server in request message, the policing rule updates the Packet Filtering rule carried in request message after updating.
    34th, application server as claimed in claim 32, it is characterised in that the transmission subscription data updates request message to mobile network appliance;When receiving the subscription data that the mobile network appliance returns and updating response message, the processor specifically for: Send subscription data and update Policy and Charging Rules Function of the request message into the mobile network appliance so that the subscription data is updated the home subscribed services device that request message is transmitted in the mobile network appliance by the Policy and Charging Rules Function;
    After the attribution server, which sends subscription data, updates response message to the Policy and Charging Rules Function, receive the subscription data forwarded after the Policy and Charging Rules Function and update response message.
    35th, application server as claimed in claim 32, it is characterised in that the sending strategy Policy Updates request message to mobile network appliance;When receiving the policing rule that the mobile network appliance returns and updating response message, the processor specifically for:
    Policy and Charging Rules Function of the sending strategy Policy Updates request message into the mobile network appliance;
    Receive the policing rule renewal response message that the Policy and Charging Rules Function is returned.36th, a kind of communication system, it is characterised in that including:
    Mobile network appliance as described in claim any one of 16-25;
    Terminal as described in claim 26 or 27;
    And, at least one application server as described in claim any one of 30-32, the signing information for managing the terminal, to the terminal data communication that to carry out sets of attribute parameters related.
CN201480081665.8A 2014-09-01 2014-09-01 Communication method, mobile network equipment, terminal, application server and system Active CN106797565B (en)

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/CN2014/085654 WO2016033716A1 (en) 2014-09-01 2014-09-01 Communication method, mobile network device, terminal, application server and system

Publications (2)

Publication Number Publication Date
CN106797565A true CN106797565A (en) 2017-05-31
CN106797565B CN106797565B (en) 2020-07-14

Family

ID=55438966

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201480081665.8A Active CN106797565B (en) 2014-09-01 2014-09-01 Communication method, mobile network equipment, terminal, application server and system

Country Status (2)

Country Link
CN (1) CN106797565B (en)
WO (1) WO2016033716A1 (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114731544B (en) * 2019-11-28 2024-09-24 华为技术有限公司 Data transmission method, device and system based on network slice

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101106533A (en) * 2007-08-21 2008-01-16 中兴通讯股份有限公司 Method for initializing filtering rule download and its processing system
CN101860531A (en) * 2010-04-21 2010-10-13 北京星网锐捷网络技术有限公司 Filtering rule matching method of data packet and device thereof
CN101959192A (en) * 2009-07-17 2011-01-26 华为技术有限公司 Business processing method and communication device
WO2011085803A1 (en) * 2010-01-12 2011-07-21 Nokia Siemens Networks Oy Controlling traffic flow template generation
CN103415008A (en) * 2013-07-24 2013-11-27 牟大同 Encryption communication method and encryption communication system
CN103731823A (en) * 2012-10-15 2014-04-16 华为终端有限公司 Subscription manager-secure routing equipment switching method and equipment

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2013039900A1 (en) * 2011-09-16 2013-03-21 Alcatel-Lucent Usa Inc. Network operator-neutral provisioning of mobile devices
WO2015027485A1 (en) * 2013-08-30 2015-03-05 华为终端有限公司 Method of remotely changing subscription and apparatus thereof

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101106533A (en) * 2007-08-21 2008-01-16 中兴通讯股份有限公司 Method for initializing filtering rule download and its processing system
CN101959192A (en) * 2009-07-17 2011-01-26 华为技术有限公司 Business processing method and communication device
WO2011085803A1 (en) * 2010-01-12 2011-07-21 Nokia Siemens Networks Oy Controlling traffic flow template generation
CN101860531A (en) * 2010-04-21 2010-10-13 北京星网锐捷网络技术有限公司 Filtering rule matching method of data packet and device thereof
CN103731823A (en) * 2012-10-15 2014-04-16 华为终端有限公司 Subscription manager-secure routing equipment switching method and equipment
CN103415008A (en) * 2013-07-24 2013-11-27 牟大同 Encryption communication method and encryption communication system

Also Published As

Publication number Publication date
WO2016033716A1 (en) 2016-03-10
CN106797565B (en) 2020-07-14

Similar Documents

Publication Publication Date Title
CN105282732B (en) Method and apparatus for updating a profile management server
CN110278096B (en) Communication method and device based on network slice
CN104798391B (en) The report of service network, time zone and UCI
EP3944675A1 (en) Network slice selection method and apparatus
EP2528406B1 (en) Method based on a machine to machine (m2m) application
CN108513290A (en) A kind of selection method and device of network slice
CN105338511B (en) Network topology hidden method and equipment
CN104618891A (en) Communication method, terminal and core network entity
CN104105050A (en) Adjacent communication service realizing method and device
CN105246022B (en) D2D service authorization method and device, and home near field communication server
CN108123783A (en) Data transmission method, apparatus and system
CN109041220A (en) Method of calling and calling system
CN113301613A (en) Mode switching method and device
CN103262611A (en) Gateway relocation control method in mobile communication system, and control device
CN103384380A (en) Machine-type communication event reporting method and corresponding device
CN104601561A (en) Registration method of network, registration terminal, registration device and home network
CN109196886A (en) Method, apparatus, access network entity and the terminal device of wireless communication
CN104427568A (en) Method and device for realizing unloading of 3GPP network flow
CN110140416A (en) Customer equipment context management method, device and equipment
CN102413457B (en) Uplink data messages sending method and device
CN106797565A (en) A kind of communication means, mobile network appliance, terminal, application server and system
CN112839372A (en) Network access method and device for user and computer readable storage medium
CN107615238A (en) Access the method and relevant device of local network
CN101877841A (en) Method, system and network equipment for realizing urgent services
JP7270845B2 (en) Mobile service access method, device, system, storage medium, electronic device

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
TR01 Transfer of patent right

Effective date of registration: 20210426

Address after: Unit 3401, unit a, building 6, Shenye Zhongcheng, No. 8089, Hongli West Road, Donghai community, Xiangmihu street, Futian District, Shenzhen, Guangdong 518040

Patentee after: Honor Device Co.,Ltd.

Address before: 518129 Bantian HUAWEI headquarters office building, Longgang District, Guangdong, Shenzhen

Patentee before: HUAWEI TECHNOLOGIES Co.,Ltd.

TR01 Transfer of patent right