CN107295512A - Communication equipment and the method authenticated from LTE into WLAN handoff procedures - Google Patents

Communication equipment and the method authenticated from LTE into WLAN handoff procedures Download PDF

Info

Publication number
CN107295512A
CN107295512A CN201610200908.6A CN201610200908A CN107295512A CN 107295512 A CN107295512 A CN 107295512A CN 201610200908 A CN201610200908 A CN 201610200908A CN 107295512 A CN107295512 A CN 107295512A
Authority
CN
China
Prior art keywords
authentication
network
wlan
wlan network
lte
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201610200908.6A
Other languages
Chinese (zh)
Other versions
CN107295512B (en
Inventor
邓云
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Spreadtrum Communications Shanghai Co Ltd
Original Assignee
Spreadtrum Communications Shanghai Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Spreadtrum Communications Shanghai Co Ltd filed Critical Spreadtrum Communications Shanghai Co Ltd
Priority to CN201610200908.6A priority Critical patent/CN107295512B/en
Publication of CN107295512A publication Critical patent/CN107295512A/en
Application granted granted Critical
Publication of CN107295512B publication Critical patent/CN107295512B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W36/00Hand-off or reselection arrangements
    • H04W36/14Reselecting a network or an air interface
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W84/00Network topologies
    • H04W84/02Hierarchically pre-organised networks, e.g. paging networks, cellular networks, WLAN [Wireless Local Area Network] or WLL [Wireless Local Loop]
    • H04W84/10Small scale networks; Flat hierarchical networks
    • H04W84/12WLAN [Wireless Local Area Networks]

Abstract

A kind of communication equipment and the method authenticated from LTE into WLAN handoff procedures, methods described can include:When receiving the connection request for characterizing terminal request access LTE network, however, it is determined that there is accessible wlan network near terminal, send the information for the authentication vector for indicating the generation wlan network to HSS by mobility management entity MME;Received by MME from HSS and be adapted for the identification information that the wlan network is authenticated;The identification information for being adapted for the wlan network authentication is sent to the terminal.The duration of the handoff procedure authentication from LTE to WLAN can be reduced using such scheme, and improves Consumer's Experience.

Description

Communication equipment and the method authenticated from LTE into WLAN handoff procedures
Technical field
The present invention relates to the communications field, more particularly to a kind of communication equipment and from LTE to WLAN handoff procedures The method of middle authentication.
Background technology
By unique advantage, WLAN (Wireless Local Area Networks, WLAN) Good complementation is formd with mobile network, thus application in a mobile network is more and more extensive.From state Outer operator is to Domestic Carriers, all in the intercommunication for constantly extending, improving between mobile network and WLAN Technology, purpose is exactly quick, economically disposes WLAN, accomplishes doing existing network framework minimum In the case of change, user is attracted with simple and practical technology, the mobile data industry of current rapid growth is shunted Business, alleviates the resource of mobile network in busy or the pressure of busy area's wretched insufficiency, lifts network service quality, Improve the usage rate of the user of network.
At present, terminal (User Equipment, UE) is authenticated first, can just access Long Term Evolution (Long Term Evolution, LTE) communication network, then sets up one or more by LTE network The connection of public data network (Public Data Network, PDN), when UE has found suitable WLAN After network, it is possible to be switched to wlan network.Namely in LTE system it is some or all The PDN connections being set up are switched to wlan network, and before switching really starts, the UE will be obtained Obtain the authentication of the wlan network.Also, used in the LTE network and the wlan network It is identical in the environment division authenticated to the UE.
But, if making to carry out the switching from LTE network to wlan network with the aforedescribed process, it can lead Cause the time authenticated in handoff procedure long, poor user experience.
The content of the invention
The problem of present invention is solved is the duration for how reducing the handoff procedure authentication from LTE to WLAN, And improve Consumer's Experience.
To solve the above problems, the embodiments of the invention provide one kind from LTE into WLAN handoff procedures The method of authentication, methods described includes:
When receiving the connection request for characterizing terminal request access LTE network, however, it is determined that in the terminal Nearby there is accessible wlan network, sent by MME to HSS and indicate to generate the WLAN The information of the authentication vector of network;
Received by MME from HSS and be adapted for the identification information that the wlan network is authenticated;
The identification information for being adapted for the wlan network authentication is sent to the terminal.
Alternatively, in the authentication for sending the instruction generation wlan network to HSS by MME During the information of vector, in addition to:Indicate the type of the wlan network.
Alternatively, the type of the wlan network is wlan network trust or non-trusted.
Alternatively, the identification information is fast re-authentication identification information.
It is described the embodiments of the invention provide a kind of method authenticated from LTE into WLAN handoff procedures Method includes:
It is that terminal distribution is adapted for institute when receiving the authentication vector of the wlan network from HSS State the identification information of wlan network authentication;
To the identification information that the wlan network authentication is adapted for described in HSS transmissions;
When receiving from the identification information that wlan network authentication is adapted for described in the terminal When, the terminal is authenticated according to the flow of fast authentication.
It is described the embodiments of the invention provide a kind of method authenticated from LTE into WLAN handoff procedures Method includes:
When receiving the information for the authentication vector for indicating to generate the LTE network and the wlan network, When generating the authentication vector of the LTE network, the authentication vector of the wlan network is generated;
The authentication vector of the wlan network is sent to aaa server;
Receive the identification information for being adapted for the wlan network authentication from the aaa server;
The identification information for being used to carry out the wlan network authentication is sent to MME.
Alternatively, the identification information for being adapted for the wlan network authentication is fast re-authentication mark Know information.
It is described the embodiments of the invention provide a kind of method authenticated from LTE into WLAN handoff procedures Method includes:
When receiving the connection request of the sign for the carrying out self terminal terminal request access LTE network, sentence The disconnected information for whether receiving the authentication vector for indicating the generation wlan network;
When receiving the information of the authentication vector for indicating the generation wlan network, to HSS Send the information for the authentication vector for indicating the generation wlan network;
Receive the identification information for carrying out the wlan network authentication from the HSS;
The identification information for being used to carry out the wlan network authentication is sent to base station.
The embodiments of the invention provide a kind of base station, the base station includes:First receiving unit, suitable for connecing Receive and characterize the connection request that terminal request accesses LTE network;
First transmitting element, suitable for receiving sign terminal request access LTE when first receiving unit During the connection request of network, however, it is determined that there is accessible wlan network near the terminal, pass through MME sends the information for the authentication vector for indicating to generate the wlan network to HSS;
Second receiving unit, the wlan network mirror is adapted for suitable for being received by MME from HSS The identification information of power;
Second transmitting element, suitable for the identification information for being adapted for the wlan network authentication is sent out Give the terminal.
Alternatively, first transmitting element, is further adapted for indicating in described send to HSS by MME During the information for the authentication vector for generating the wlan network, the type of the wlan network is indicated.
Alternatively, the type of the wlan network is wlan network trust or non-trusted.
Alternatively, the identification information is fast re-authentication identification information.
The embodiments of the invention provide a kind of aaa server, the aaa server includes:
Allocation unit, suitable for being terminal when receiving the authentication vector of the wlan network from HSS Distribution is adapted for the identification information of the wlan network authentication;
3rd transmitting element, described the mark that the wlan network is authenticated is adapted for suitable for being sent to HSS Know information;
Authenticating unit, suitable for when receiving from being adapted for the wlan network described in the terminal During the identification information of authentication, the terminal is authenticated according to the flow of fast authentication.
The embodiments of the invention provide a kind of HSS, the HSS includes:
3rd receiving unit, the authentication vector of generation LTE network and wlan network is indicated suitable for receiving Information;
Authentication vector generation unit, suitable for receiving the instruction generation LTE when the 3rd receiving unit During the information of the authentication vector of network and the wlan network, the authentication arrow of the LTE network is being generated During amount, the authentication vector of the wlan network is generated;
4th transmitting element, suitable for the authentication vector of the wlan network is sent into aaa server;
4th receiving unit, the WLAN is adapted for suitable for receiving from the aaa server The identification information of network authentication;
5th transmitting element, suitable for the identification information for being used to carry out the wlan network authentication is sent out Give MME.
Alternatively, the identification information for being adapted for the wlan network authentication is fast re-authentication mark Know information.
The embodiments of the invention provide a kind of MME, the MME includes:
5th receiving unit, the sign terminal request access LTE network of self terminal is carried out suitable for receiving Connection request;
Judging unit, suitable for when the 5th receiving unit receives the connection request, judging whether Receive the information for the authentication vector for indicating the generation wlan network;
6th transmitting element, suitable for determining to receive described indicate described in generation when the judging unit During the information of the authentication vector of wlan network, sent to HSS and indicate to generate the wlan network The information of authentication vector;
6th receiving unit, is used to carry out the wlan network authentication suitable for receiving from the HSS Identification information;
7th transmitting element, suitable for the identification information for being used to carry out the wlan network authentication is sent out Give base station.
Compared with prior art, technical scheme has advantages below:
When being authenticated due to the LTE network and the wlan network to the UE, it is required to HSS participation, that is, the Signalling exchange between terminal and HSS is needed, therefore sign is received in base station When terminal request accesses the connection request of LTE network, however, it is determined that have what be can access near terminal Wlan network, the authentication vector for indicating to generate the wlan network is sent by MME to HSS Information, and then by HSS and aaa server, generation is adapted for the wlan network authentication Identification information, and user equipment is sent to by the base station so that user equipment from LTE to When wlan network switches, directly the identification information can be sent to aaa server so that AAA Server can be authenticated according to the flow of fast authentication to the terminal.Due to receiving from eventually During the LTE access requests at end, need to interact between the terminal and the HSS, and by causing The authentication message of the wlan network is just generated when terminal accesses the LTE network, can be avoided When wlan network carries out authentication process to terminal, interacting again between terminal and HSS, so as to Save user equipment to expend in the time of access authentication, therefore the speed switched from LTE to WLAN can be improved Degree, improves the usage experience of user.
On the one hand, by being adapted for the identification information that the wlan network is authenticated for terminal distribution, and And when receiving from the identification information that the wlan network authentication is adapted for described in the terminal, The terminal can be authenticated according to the flow of fast authentication, it is possible thereby to save aaa server Process resource, lifts the speed of communication.
On the other hand, when the authentication arrow for receiving the instruction generation LTE network and the wlan network During the information of amount, by when generating the authentication vector of the LTE network, generating the wlan network Authentication vector, and then by being interacted with aaa server, acquisition is adapted for the WLAN nets The identification information of network authentication, can cause terminal to be saved when subsequently switching wlan network from LTE network With the Signalling exchange of itself, so as to save HSS process resource, the speed entirely communicated is improved.
On the other hand, the connection request that terminal request accesses LTE network is characterized by working as to receive, and When receiving the information of the authentication vector for indicating the generation LTE network and the wlan network, The information for the authentication vector for indicating to generate the LTE network and the wlan network is sent to HSS, And then the identification information from the HSS for carrying out the wlan network authentication can be received, then The identification information is sent to by terminal by base station so that subsequently switching WLAN nets from LTE network The Signalling exchange with itself is saved during network, so as to save the process resource of base station, the speed entirely communicated is improved Degree.
Brief description of the drawings
Fig. 1 is a kind of core net network architecture schematic diagram in the embodiment of the present invention;
Fig. 2 is a kind of stream from the LTE methods authenticated into WLAN handoff procedures in the embodiment of the present invention Journey schematic diagram;
Fig. 3 is a kind of stream from the LTE methods authenticated into WLAN handoff procedures in the embodiment of the present invention Journey schematic diagram;
Fig. 4 is a kind of stream from the LTE methods authenticated into WLAN handoff procedures in the embodiment of the present invention Journey schematic diagram;
Fig. 5 is a kind of stream from the LTE methods authenticated into WLAN handoff procedures in the embodiment of the present invention Journey schematic diagram;
Fig. 6 is a kind of stream from the LTE methods authenticated into WLAN handoff procedures in the embodiment of the present invention Journey schematic diagram;
Fig. 7 is a kind of structural representation of base station in the embodiment of the present invention;
Fig. 8 is a kind of structural representation of aaa server in the embodiment of the present invention;
Fig. 9 is a kind of HSS structural representation in the embodiment of the present invention;
Figure 10 is a kind of MME structural representation in the embodiment of the present invention.
Embodiment
By unique advantage, WLAN (Wireless Local Area Networks, WLAN) Good complementation is formd with mobile network, thus application in a mobile network is more and more extensive.From state Outer operator is to Domestic Carriers, all in the intercommunication for constantly extending, improving between mobile network and WLAN Technology, purpose is exactly quick, economically disposes WLAN, accomplishes doing existing network framework minimum In the case of change, user is attracted with simple and practical technology, the mobile data industry of current rapid growth is shunted Business, alleviates the resource of mobile network in busy or the pressure of busy area's wretched insufficiency, lifts network service quality, Improve the usage rate of the user of network.
At present, terminal (User Equipment, UE) is authenticated first, can just access Long Term Evolution (Long Term Evolution, LTE) communication network, then sets up one or more by LTE network The connection of public data network (Public Data Network, PDN), when UE has found suitable WLAN After network, switching can be started.Namely some or all PDN having built up in LTE system Connection is switched to wlan network, and before switching really starts, the UE will obtain the WLAN The authentication of network.
The flow of the authentication of specific access wlan network includes many steps, such as can be related to UE and HSS multiple interaction, HSS can run the generation of AKA algorithms after UE identification information is obtained The parameters such as AUTN, are then sent to UE so that UE implements the authentication to network, network meeting by network Other parameter such as information authentication codes (Message Authentication Code, MAC) are sent to UE, UE operation AKA algorithms generation AUTN, if UE itself generations are sent to its AUTN with HSS Unanimously, UE can then verify that network (Authenticate The Network) is reliable.
At the same time, UE also needs to check the MAC received, and one new MAC of generation, this New MAC can be sent to checking in network, authorization and accounting (Authentication, Authorization, Accounting, AAA) server, AAA Server need to verify the parameters such as the MAC that receives, if It is verified, then authentication is completed.UE and WLAN communication will use the key produced in authentication process Material (Keying materials).
Also, it is used for what the UE was authenticated in the LTE network and the wlan network Equipment component is identical.Specifically it may be referred to Fig. 1, wherein non-3 gpp IP interfaces (non-3GPP IP Access) Refer to and be provided with SWx interfaces between WLAN, HSS and AAA server, with the MME in LTE There are S6a interfaces, home signature user server (Home Subscriber in the equipment authenticated to UE Server, HSS) it is identical.It is understood that being specifically defined for interface described above may be referred to TS24.302, will not be repeated here.
But, if making to carry out the switching from LTE network to wlan network with the aforedescribed process, it can lead Cause the time authenticated in handoff procedure long, poor user experience.
To solve the above problems, authenticated the embodiments of the invention provide LTE into WLAN handoff procedures Method, due to when the LTE network and the wlan network are authenticated to the UE, being required to HSS participation, that is, the Signalling exchange between terminal and HSS is needed, therefore sign is received in base station When terminal request accesses the connection request of LTE network, however, it is determined that have what be can access near terminal Wlan network, the authentication vector for indicating to generate the wlan network is sent by MME to HSS Information, and then by HSS and aaa server, generation is adapted for the wlan network authentication Identification information, and user equipment is sent to by the base station so that user equipment from LTE to When wlan network switches, directly the identification information can be sent to aaa server so that AAA Server can be authenticated according to the flow of fast authentication to the terminal, due to receiving from eventually During the LTE access requests at end, need to interact between the terminal and the HSS, and by causing The authentication message of the wlan network is just generated when terminal accesses the LTE network, can be avoided When wlan network carries out authentication process to terminal, interacting again between terminal and HSS, so as to Save user equipment to expend in the time of access authentication, therefore the speed switched from LTE to WLAN can be improved Degree, improves the usage experience of user.
It is understandable to enable the above objects, features and advantages of the present invention to become apparent, below in conjunction with the accompanying drawings The specific embodiment of the present invention is described in detail.
To cause those skilled in the art to more fully understand and realizing the present invention, reality of the present invention has been illustrated below The method that a kind of LTE in example is authenticated into WLAN handoff procedures is applied, as shown in Fig. 2 methods described It can include:
S21:When receiving the connection request for the request access LTE network for characterizing terminal, the base in LTE Stand if it is determined that in the presence of accessible wlan network near terminal, passing through mobility management entity (Mobility Management Entity, MME) sends the mirror for indicating generation wlan network to HSS The information of weight vector.
S22:Received by MME from HSS and be adapted for the identification information that the wlan network is authenticated.
S23:The identification information for being adapted for the wlan network authentication is sent to the terminal.
In specific implementation, generation is indicated in described sent by mobility management entity MME to HSS During the information of the authentication vector of wlan network, in addition to:Indicate the type of the wlan network.
In specific implementation, the type of the wlan network can be divided into trust or non-trusted Wlan network.
To cause those skilled in the art to more fully understand and realizing the present invention, reality of the present invention has been illustrated below A kind of method authenticated from LTE into WLAN handoff procedures in example is applied, as shown in figure 3, the side Method can include:
S31:It is that terminal distribution is suitable to when receiving the authentication vector of the wlan network from HSS Carry out the identification information of the wlan network authentication.
In specific implementation, when receiving the authentication vector of the wlan network from HSS, AAA Server can be adapted for the identification information of the wlan network authentication for terminal distribution.
S32:To the identification information that the wlan network authentication is adapted for described in HSS transmissions.
In specific implementation, it can be transmitted by HSS and described be adapted for the wlan network authentication Identification information, and terminal is ultimately sent to, in order to which terminal determines to switch to WLAN from LTE network Fast authentication during network.
S33:When receiving from the mark that wlan network authentication is adapted for described in the terminal When knowing information, the terminal is authenticated according to the flow of fast authentication.
In specific implementation, because the identification information is in terminal access LTE nets by aaa server Just generated during network, therefore when receiving from being adapted for the WLAN nets described in the terminal During the identification information of network authentication, the terminal can be authenticated according to the flow of fast authentication.
To cause those skilled in the art to more fully understand and realizing the present invention, reality of the present invention has been illustrated below A kind of method authenticated from LTE network into wlan network handoff procedure in example is applied, as shown in figure 4, Methods described may include steps of:
S41:When the information for receiving the authentication vector for indicating the generation LTE network and wlan network When, when generating the authentication vector of the LTE network, generate the authentication vector of the wlan network.
S42:The authentication vector of the wlan network is sent to aaa server.
S43:Receive the mark for being adapted for the wlan network authentication from the aaa server Information.
S44:The identification information for being used to carry out the wlan network authentication is sent to MME.
In specific implementation, the identification information for being adapted for the wlan network authentication is quick weight Authenticate identification information.
To cause those skilled in the art to more fully understand and realizing the present invention, reality of the present invention has been illustrated below A kind of method authenticated from LTE into WLAN handoff procedures in example is applied, as shown in figure 5, methods described It can include:
S51:When receiving the connection request of the sign for the carrying out self terminal terminal request access LTE network, Judge whether to receive the information for the authentication vector for indicating the generation wlan network.
S52:When receiving the information of the authentication vector for indicating the generation wlan network, to HSS sends the information for the authentication vector for indicating the generation wlan network.
S53:Receive the identification information for carrying out the wlan network authentication from the HSS.
S54:The identification information for being used to carry out the wlan network authentication is sent to base station.
Below in conjunction with Fig. 6 to handoff procedure from the LTE network in the embodiment of the present invention to wlan network The method of middle authentication is further described in detail, the equipment for participating in the authentication in the network switching process Including:UE61, base station 62, mobile management entity MME 63, gateway 64, PDN networks 65, Tactful and charging rule functions equipment 66 (Policy and Charging Rules Function, PCRF), HSS67 and aaa server 68, methods described can be divided into following steps:
S601:UE61 is sent to base station 62 characterizes the connection request that UE61 requests access LTE network, And send Non-Access Stratum signaling (Non-Access Stratum, NAS) during connection is set up.
In specific implementation, when UE61 accesses LTE network, it is necessary to set up RRC between base station 62 Connection, and Non-Access Stratum signaling (Service request) is sent to by base station 62 by NAS signaling.
S602:Base station 62 is judged near UE61 with the presence or absence of accessible wlan network.
In specific implementation, when UE61 accesses LTE network, base station 62 can be according to network topology And UE61 measurement report is known with the presence or absence of wlan network near UE61, and base station 62 is also It is the WLAN for the WLAN or non-trusted trusted that these wlan networks, which can be known,.Base station 62 can To send the parameter (signal intensity of the reception of the Beacon frames of such as WLAN sides of switch decision to UE61 Indicate (RSSI), the signal of the parameter such as link backhaul speed (Backhaul Rate) and serving cell is strong The thresholding of degree), it is to be switched to WLAN from LTE to cause UE61 to be adjudicated according to these parameters, or will Business is switched to LTE from WLAN.
When there is accessible wlan network near the determination of base station 62 UE61, it can perform simultaneously S603 and S604,;Conversely, S603 can be performed simply, and after the completion of S603 execution, S604 is skipped, Then S605-S613 is performed, and ignores the authentication action for being related to WLAN sides in step.
S603:Base station 62 sends the service request of the UE61 to MME63 and indicates to perform LTE sides Authentication.
In specific implementation, when base station 62 receives the request of the access LTE network from the UE61 During information, the service request of the UE61 can be sent to MME63, to cause network side equipment to assist to build Vertical PDN connection, and indicate that LTE sides perform the authentication to UE61.In the step, it can not refer to Show the authentication for performing LTE sides, acquiescence needs to perform the authentication of LTE sides.
S604:Base station 62 indicates to perform the authentication of WLAN sides to MME63.
In specific implementation, the base station 62 can indicate to perform the authentication of WLAN sides to MME63, And indicate to perform the type of the WLAN sides of authentication to MME63.
In specific implementation, the type of the wlan network can be WLAN trust or mistrustful.
S605:MME63 indicates to carry out UE61 the authentication of LTE and WLAN sides to HSS67.
In specific implementation, if after MME63 receives UE61 service request, from the UE61 Service request in parse UE61 mark, then MME63 can by with HSS67 interact come Implement to UE61 authentication, UE61 mark and the scheduling request UE61 can be sent to HSS67 Authentication vector, and indicate the WLAN sides be trust WLAN authentication or non-trusted WLAN. In the process, MME63 and UE61 need to verify mutual safety mutually.
It should be noted that because LTE network and wlan network are to involved in LTE authentication process And be same to HSS67 equipment, and UE61 determines to access LTE network, therefore anyway, Network side needs to complete authentication of the LTE network to UE61, that is to say, that authentication of the LTE sides to UE61 The step of it is indispensable, and base station 62 is by indicating to perform the authentications of LTE and WLAN sides simultaneously, can With in the authentication process for completing LTE and WLAN, it is to avoid institute when WLAN is authenticated to UE61 Interacting between the UE61 needed again and HSS67, pertains only to the authentication between UE61 and HSS67 Required once interacts, and switches so as to reduce follow-up UE61 from LTE network to wlan network Duration in journey, therefore the efficiency of network switching can be improved.
S606:HSS67 generates the authentication vector authenticated for LTE and WLAN sides to UE61.
In specific implementation, HSS67 can be generated simultaneously to be carried out for LTE and WLAN sides to UE61 The authentication vector of authentication, as previously described, because indicate HSS67 generation authentication vector during, it is necessary to It is many between UE61 and HSS67 to interact, and pass through the step, it is possible to the progress of less interaction, Therefore improve the efficiency of communication.
S607:The authentication vector of WLAN sides is sent to aaa server 68 by HSS67.
In specific implementation, HSS67 can send the authentication vector of WLAN sides to AAA server.
S608:Aaa server is UE61 distribution fast re-authentication identification informations (Fast Re-authentication), and it is sent to HSS67.
In specific implementation, aaa server can be UE61 distribution Fast re-authentication marks Information, and HSS67 is sent to, HSS67 and AAA server can be located at same network entity Interaction between Different Logic network element, therefore HSS67 and AAA server can be in consolidated network entity Portion is carried out.
S609:HSS67 is identified to the MME63 authentication vectors and fast re-authentication for sending LTE sides.
In specific implementation, HSS67 to MME63 when returning to authentication vector, and can carry is used for The fast re-authentication mark (Fast re-authentication) of WLAN sides authentication.
S610:MME63 generates key and the access of the Non-Access Stratum for UE61 access LTE networks The key of layer.
In specific implementation, after MME63 receives LTE to the authentication vector of the UE61, it can generate The key and the key of Access Layer of the Non-Access Stratum of LTE network are accessed for UE61, and carries out LTE Authentication of the side to UE61.
In specific implementation, if authentication passes through, MME63 can send initial context to base station 62 Request is set up, wherein the parameter of carrying is set up comprising needs, and then base station 62 interacts and set up with UE61 Data Radio Bearer, then after radio bearer is successfully established, UE61 can send upstream data, base station 62 send initial context to MME63 sets up response, and optimizes carrying request.Then mobile management is real Body MME63 can send optimization carrying request (Modify Bearer Request) to gateway 64, Then gateway 64 can send Modify Bearer Request to PDN Gateway.In this process, MME63 can with the relevant parameter (such as IP address) of the notification gateway bearing downlink data transfer, so as to Gateway can be sent to the downlink data of the carrying IP address that base station 62 is specified, so as to complete UE61 Access LTE network.
S611:MME63 sends Fast re-authentication to base station 62 and identified.
It should be noted that in specific implementation, the sequencing that S610 and S611 are not carried out can To perform parallel.
S612:Base station 62 sends Fast re-authentication to UE61 and identified.
In specific implementation, base station 62 can by RRC signaling to UE61 send Fast Re-authentication is identified.
S613:UE61 judges whether to switch to wlan network from LTE network.
When the UE61 determines to switch to wlan network from LTE network, S614 can be performed, conversely, S613 can be performed.
S614:Fast re-authentication marks are sent to aaa server 68 by UE61.
S615:Aaa server 68 performs fast authentication flow to UE61.
In specific implementation, when aaa server 68 receives the Fast re-authentication from UE61 Mark, can perform fast authentication flow so that quickly performed WLAN sides to UE61 to the UE61 Authentication, accelerate the process switched to WLAN.So, because the authentication process does not need HSS67 Generation authentication vector is participated in, that is, is reduced between UE61 and HSS67 and aaa server 68 Interaction, therefore the duration of network switching can be reduced.
Understand in summary, because the LTE network and the wlan network reflect to the UE Temporary, HSS participation is required to, that is, needs the Signalling exchange between terminal and HSS, therefore in base When station receives the connection request for characterizing terminal request access LTE network, however, it is determined that exist near terminal Accessible wlan network, is sent to HSS by MME and indicates to generate the wlan network The information of authentication vector, and then by HSS and aaa server, generation is adapted for the WLAN The identification information of network authentication, and user equipment is sent to by the base station, exist so as to obtain user equipment From LTE to wlan network switch when, directly the identification information can be sent to aaa server, Aaa server is authenticated according to the flow of fast authentication to the terminal, due to receiving During the LTE access requests of arrival self terminal, need to interact between the terminal and the HSS, and , can by causing the authentication message of the wlan network just to be generated when terminal accesses the LTE network During avoiding wlan network from carrying out authentication process to terminal, interacting again between terminal and HSS, from And user equipment can be saved and expended in the time of access authentication, therefore can improve and be cut from LTE to WLAN The speed changed, improves the usage experience of user.
To cause those skilled in the art to more fully understand and realizing the present invention, the following providing to realize The above-mentioned communication equipment from the LTE methods authenticated into WLAN handoff procedures, the communication equipment can be with Including:Terminal, aaa server, base station, HSS and MME.
Reference picture 7, the base station can include:First receiving unit 71, the first transmitting element 72, Two receiving units 73 and the second transmitting element 74, wherein:
First receiving unit 71, the connection request that terminal request accesses LTE network is characterized suitable for receiving;
First transmitting element 72, suitable for receiving the connection request when first receiving unit 71 When, however, it is determined that there is accessible wlan network near terminal, pass through mobility management entity MME The information for the authentication vector for indicating to generate the wlan network is sent to HSS;
Second receiving unit 73, the WLAN is adapted for suitable for being received by MME from HSS The identification information of network authentication;
Second transmitting element 74, suitable for being adapted for the mark that the wlan network is authenticated by described Information is sent to the terminal.
In specific implementation, first transmitting element 72 is further adapted for described real by mobile management When body MME sends the information for the authentication vector for indicating to generate the wlan network to HSS, institute is indicated State the type of wlan network.
In specific implementation, the type of the wlan network is WLAN nets trust or non-trusted Network.
In specific implementation, the identification information is fast re-authentication identification information.
Reference picture 8, the aaa server can include:Allocation unit 81, the 3rd transmitting element 82 And authenticating unit 83, wherein:
The allocation unit 81, suitable for when receiving the authentication vector of the wlan network from HSS, The identification information of the wlan network authentication is adapted for for terminal distribution;
3rd transmitting element 82, suitable for HSS send described in be adapted for the wlan network The identification information of authentication;
The authenticating unit 83, suitable for described from being adapted for described in the terminal when receiving During the identification information of wlan network authentication, the terminal is authenticated according to the flow of fast authentication.
Reference picture 9, the HSS can include:3rd receiving unit 91, authentication vector generation unit 92, 4th transmitting element 93, the 4th receiving unit 94 and the 5th transmitting element 95, wherein:
3rd receiving unit 91, indicates to generate the LTE network and the WLAN suitable for receiving The information of the authentication vector of network;
The authentication vector generation unit 92, suitable for receiving instruction generation when the 3rd receiving unit 91 During the information of the authentication vector of the LTE network and the wlan network, the LTE nets are being generated During the authentication vector of network, the authentication vector of the wlan network is generated;
4th transmitting element 93, suitable for the authentication vector of the wlan network is sent into AAA Server;
4th receiving unit 94, suitable for receive from the aaa server be adapted for it is described The identification information of wlan network authentication;
5th transmitting element 95, suitable for being used to carry out the mark of the wlan network authentication by described Information is sent to MME.
In specific implementation, the identification information for being adapted for the wlan network authentication is quick weight Authenticate identification information.
Reference picture 10, the MME can include:5th receiving unit 101, judging unit 102, 6th transmitting element 103, the 6th receiving unit 104 and the 7th transmitting element 105, wherein:
5th receiving unit 101, the sign terminal request access LTE of self terminal is carried out suitable for receiving The connection request of network;
The judging unit 102, suitable for when the 5th receiving unit 101 receives the connection request, Judge whether to receive the information for the authentication vector for indicating the generation wlan network;
6th transmitting element 103, suitable for determining to receive the instruction life when the judging unit 102 Into the authentication vector of the wlan network information when, sent to HSS and indicate to generate the WLAN The information of the authentication vector of network;
6th receiving unit 104, is used to carry out the WLAN nets suitable for receiving from the HSS The identification information of network authentication;
7th transmitting element 105, suitable for being used to carry out the mark of the wlan network authentication by described Know information and be sent to base station.
One of ordinary skill in the art will appreciate that all or part of step in the various methods of above-described embodiment Rapid to can be by program to instruct the hardware of correlation to complete, the program can be stored in can with computer Read in storage medium, storage medium can include:ROM, RAM, disk or CD etc..
Although present disclosure is as above, the present invention is not limited to this.Any those skilled in the art, Without departing from the spirit and scope of the present invention, it can make various changes or modifications, therefore the guarantor of the present invention Shield scope should be defined by claim limited range.

Claims (16)

1. a kind of method authenticated from LTE into WLAN handoff procedures, it is characterised in that including:
When receiving the connection request for characterizing terminal request access LTE network, however, it is determined that attached in the terminal It is near to there is accessible wlan network, sent by MME to HSS and indicate to generate the WLAN The information of the authentication vector of network;
Received by MME from HSS and be adapted for the identification information that the wlan network is authenticated;
The identification information for being adapted for the wlan network authentication is sent to the terminal.
2. the method according to claim 1 authenticated from LTE into WLAN handoff procedures, its feature It is, indicates that the authentication for generating the wlan network is sweared in described sent by MME to HSS During the information of amount, in addition to:Indicate the type of the wlan network.
3. the method according to claim 1 authenticated from LTE into WLAN handoff procedures, its feature It is, the type of the wlan network is wlan network trust or non-trusted.
4. the method according to claim 1 authenticated from LTE into WLAN handoff procedures, its feature It is, the identification information is fast re-authentication identification information.
5. a kind of method authenticated from LTE into WLAN handoff procedures, it is characterised in that including:
It is that terminal distribution is adapted for institute when receiving the authentication vector of the wlan network from HSS State the identification information of wlan network authentication;
To the identification information that the wlan network authentication is adapted for described in HSS transmissions;
When receiving from the identification information that wlan network authentication is adapted for described in the terminal When, the terminal is authenticated according to the flow of fast authentication.
6. a kind of method authenticated from LTE into WLAN handoff procedures, it is characterised in that including:
When receiving the information for the authentication vector for indicating to generate the LTE network and the wlan network, When generating the authentication vector of the LTE network, the authentication vector of the wlan network is generated;
The authentication vector of the wlan network is sent to aaa server;
Receive the identification information for being adapted for the wlan network authentication from aaa server;
The identification information for being used to carry out the wlan network authentication is sent to MME.
7. the method according to claim 6 authenticated from LTE into WLAN handoff procedures, its feature It is, the identification information for being adapted for the wlan network authentication identifies letter for fast re-authentication Breath.
8. a kind of method authenticated from LTE into WLAN handoff procedures, it is characterised in that including:
When receiving the connection request of the sign for the carrying out self terminal terminal request access LTE network, judge Whether the information of the authentication vector that indicates the generation wlan network is received;
When receiving the information of the authentication vector for indicating the generation wlan network, sent out to HSS Send the information for the authentication vector for indicating the generation wlan network;
Receive the identification information for carrying out the wlan network authentication from the HSS;
The identification information for being used to carry out the wlan network authentication is sent to base station.
9. a kind of base station, it is characterised in that including:
First receiving unit, the connection request that terminal request accesses LTE network is characterized suitable for receiving;
First transmitting element, suitable for receiving sign terminal request access LTE nets when first receiving unit During the connection request of network, however, it is determined that there is accessible wlan network near the terminal, pass through MME sends the information for the authentication vector for indicating to generate the wlan network to HSS;
Second receiving unit, the wlan network mirror is adapted for suitable for being received by MME from HSS The identification information of power;
Second transmitting element, suitable for the identification information for being adapted for the wlan network authentication is sent To the terminal.
10. base station according to claim 9, it is characterised in that first transmitting element, is further adapted for The information for sending the authentication vector for indicating to generate the wlan network to HSS by MME When, indicate the type of the wlan network.
11. base station according to claim 10, it is characterised in that the type of the wlan network is letter Wlan network appoint or non-trusted.
12. base station according to claim 9, it is characterised in that the identification information is fast re-authentication mark Know information.
13. a kind of aaa server, it is characterised in that including:
Allocation unit, suitable for being terminal when receiving the authentication vector of the wlan network from HSS Distribution is adapted for the identification information of the wlan network authentication;
3rd transmitting element, described the mark that the wlan network is authenticated is adapted for suitable for being sent to HSS Know information;
Authenticating unit, suitable for when receiving from being adapted for wlan network mirror described in the terminal During the identification information of power, the terminal is authenticated according to the flow of fast authentication.
14. a kind of HSS, it is characterised in that including:
3rd receiving unit, the authentication vector of generation LTE network and wlan network is indicated suitable for receiving Information;
Authentication vector generation unit, suitable for receiving the instruction generation LTE nets when the 3rd receiving unit During the information of the authentication vector of network and the wlan network, the authentication of the LTE network is being generated During vector, the authentication vector of the wlan network is generated;
4th transmitting element, suitable for the authentication vector of the wlan network is sent into aaa server;
4th receiving unit, the wlan network mirror is adapted for suitable for receiving from aaa server The identification information of power;
5th transmitting element, suitable for the identification information for being used to carry out the wlan network authentication is sent To MME.
15. HSS according to claim 14, it is characterised in that described to be adapted for the WLAN nets The identification information of network authentication is fast re-authentication identification information.
16. a kind of MME, it is characterised in that including:
5th receiving unit, the sign terminal request that self terminal is carried out suitable for receiving accesses the company of LTE network Connect request;
Judging unit, suitable for when the 5th receiving unit receives the connection request, judging whether to connect Receive the information for the authentication vector for indicating the generation wlan network;
6th transmitting element, suitable for determining to receive the instruction generation WLAN when the judging unit During the information of the authentication vector of network, the authentication for indicating to generate the wlan network is sent to HSS The information of vector;
6th receiving unit, is used to carry out the wlan network authentication suitable for receiving from the HSS Identification information;
7th transmitting element, suitable for the identification information for being used to carry out the wlan network authentication is sent To base station.
CN201610200908.6A 2016-03-31 2016-03-31 Communication equipment and method for authenticating in process of switching from LTE (Long term evolution) to WLAN (Wireless local area network) Active CN107295512B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201610200908.6A CN107295512B (en) 2016-03-31 2016-03-31 Communication equipment and method for authenticating in process of switching from LTE (Long term evolution) to WLAN (Wireless local area network)

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201610200908.6A CN107295512B (en) 2016-03-31 2016-03-31 Communication equipment and method for authenticating in process of switching from LTE (Long term evolution) to WLAN (Wireless local area network)

Publications (2)

Publication Number Publication Date
CN107295512A true CN107295512A (en) 2017-10-24
CN107295512B CN107295512B (en) 2021-01-08

Family

ID=60087454

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201610200908.6A Active CN107295512B (en) 2016-03-31 2016-03-31 Communication equipment and method for authenticating in process of switching from LTE (Long term evolution) to WLAN (Wireless local area network)

Country Status (1)

Country Link
CN (1) CN107295512B (en)

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102238544A (en) * 2010-05-06 2011-11-09 中兴通讯股份有限公司 Mobile network authentication method and system
US20120159151A1 (en) * 2010-12-21 2012-06-21 Tektronix, Inc. Evolved Packet System Non Access Stratum Deciphering Using Real-Time LTE Monitoring
CN102595405A (en) * 2012-01-21 2012-07-18 华为技术有限公司 Authentication method, system and equipment for network access
CN103139754A (en) * 2011-12-02 2013-06-05 中国移动通信集团上海有限公司 Network attachment method, network attachment device and network attachment system
WO2013181847A1 (en) * 2012-06-08 2013-12-12 华为技术有限公司 Method, apparatus and system for wlan access authentication
CN103906056A (en) * 2012-12-26 2014-07-02 中国电信股份有限公司 Unified certification method under hybrid networking and system thereof

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102238544A (en) * 2010-05-06 2011-11-09 中兴通讯股份有限公司 Mobile network authentication method and system
US20120159151A1 (en) * 2010-12-21 2012-06-21 Tektronix, Inc. Evolved Packet System Non Access Stratum Deciphering Using Real-Time LTE Monitoring
CN103139754A (en) * 2011-12-02 2013-06-05 中国移动通信集团上海有限公司 Network attachment method, network attachment device and network attachment system
CN102595405A (en) * 2012-01-21 2012-07-18 华为技术有限公司 Authentication method, system and equipment for network access
WO2013181847A1 (en) * 2012-06-08 2013-12-12 华为技术有限公司 Method, apparatus and system for wlan access authentication
CN103906056A (en) * 2012-12-26 2014-07-02 中国电信股份有限公司 Unified certification method under hybrid networking and system thereof

Also Published As

Publication number Publication date
CN107295512B (en) 2021-01-08

Similar Documents

Publication Publication Date Title
US11178576B2 (en) Parameter conversions between an evolved packet system network and a 5G network
CN109792600B (en) Service provisioning for home carriers
US20160261596A1 (en) Wi-fi integration for non-sim devices
CN102905266B (en) Mobile equipment (ME) attaching method and device
CN102917332B (en) Method and device for achieving attachment of mobile equipment
WO2013082984A1 (en) Method for attaching e-utran and mobility management entity
TW201419915A (en) Initiation of inter-device communication in wireless communication systems
CN110505714B (en) Multi-link communication method, equipment and terminal
CN103002511A (en) Data distribution triggering method, network side equipment, user equipment and network system
CN102905265A (en) Mobile equipment (ME) attaching method and device
CN108811035B (en) Method for accessing wireless fidelity Wi-Fi (wireless fidelity) by user equipment and Wi-Fi access node
CN101959177B (en) Processing method and device for switching to WiFi network from non-WiFi network
US9491656B2 (en) Method for selecting bearer mode, packet gateway, and policy and charging rule function entity
CN111466131B (en) Method and computing device for partitioning traffic between multiple accesses
CN107431953A (en) The method and apparatus of Business Stream shunting
CN114600485B (en) Subscription data configuration method and device
EP2648437B1 (en) Method, apparatus and system for key generation
US11558813B2 (en) Apparatus and method for network automation in wireless communication system
CN107295511B (en) WLAN terminal, base station and method for controlling switching from LTE network to WLAN network
CN105493573B (en) Enhancing for the user equipment in cellular telecommunication network accesses the system that method, telecommunication network and the enhancing for user equipment of selection access selection
US10959097B1 (en) Method and system for accessing private network services
US20230132454A1 (en) Method and apparatus for supporting edge computing service for roaming ue in wireless communication system
WO2014134819A1 (en) Billing method, access network device and gateway device
CN103024738A (en) Seaming service shunt control implementation method and system
Xu et al. An IEEE 802.21 MIS‐based mobility management for D2D communications over heterogeneous networks (HetNets)

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
CB03 Change of inventor or designer information

Inventor after: Fan Wei

Inventor before: Deng Yun

CB03 Change of inventor or designer information
GR01 Patent grant
GR01 Patent grant