CN114363878B - Communication area restriction control method, device, equipment and medium based on Radius message - Google Patents
Communication area restriction control method, device, equipment and medium based on Radius message Download PDFInfo
- Publication number
- CN114363878B CN114363878B CN202111612688.5A CN202111612688A CN114363878B CN 114363878 B CN114363878 B CN 114363878B CN 202111612688 A CN202111612688 A CN 202111612688A CN 114363878 B CN114363878 B CN 114363878B
- Authority
- CN
- China
- Prior art keywords
- radius message
- area
- restriction
- radius
- configuration information
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000004891 communication Methods 0.000 title claims abstract description 111
- 238000000034 method Methods 0.000 title claims abstract description 49
- 238000012795 verification Methods 0.000 claims abstract description 78
- 238000007726 management method Methods 0.000 claims description 87
- 238000004590 computer program Methods 0.000 claims description 16
- 230000004048 modification Effects 0.000 claims description 8
- 238000012986 modification Methods 0.000 claims description 8
- 230000005540 biological transmission Effects 0.000 claims description 6
- 230000009466 transformation Effects 0.000 abstract description 4
- 238000010295 mobile communication Methods 0.000 abstract description 3
- 238000010586 diagram Methods 0.000 description 10
- 230000006870 function Effects 0.000 description 6
- 230000008878 coupling Effects 0.000 description 3
- 238000010168 coupling process Methods 0.000 description 3
- 238000005859 coupling reaction Methods 0.000 description 3
- 238000012545 processing Methods 0.000 description 3
- 238000004519 manufacturing process Methods 0.000 description 2
- 230000008569 process Effects 0.000 description 2
- 238000003491 array Methods 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 238000010276 construction Methods 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 235000019800 disodium phosphate Nutrition 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 239000004984 smart glass Substances 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Landscapes
- Mobile Radio Communication Systems (AREA)
Abstract
The invention discloses a method, a device, equipment and a medium for controlling a communication area limitation based on Radius information, wherein the method comprises the following steps: subscribing a Radius message of a packet data network gateway according to region restriction configuration information sent by a card management terminal, judging whether a restriction type corresponding to the Radius message is a custom terminal region restriction if the subscribed Radius message is received, and verifying whether a connection region in the Radius message is matched with a corresponding historical Radius message if the restriction type is the custom terminal region restriction; if the terminal area limitation is not customized, verifying whether the connection areas are matched according to the area limitation configuration information; and generating a session control instruction corresponding to the Radius message according to the verification result so as to perform region restriction control. The invention belongs to the technical field of mobile communication, and can acquire the Radius information updated on line and combine the regional restriction configuration information to carry out matching verification, and carry out communication regional restriction control according to the verification result, thereby reducing the complexity of network transformation and greatly improving the flexibility of regional restriction control.
Description
Technical Field
The present invention relates to the field of mobile communications technologies, and in particular, to a method, an apparatus, a device, and a medium for controlling a communication area restriction based on a Radius message.
Background
The communication terminal, the terminal equipment such as the terminal of the internet of things and the like are connected with the communication server of the telecom operator through the base station, so that the terminal equipment is accessed to the Internet, however, in real life, the user can carry the communication terminal such as a mobile phone and the like to move, the vehicle-mounted terminal of the internet of things can also move along with the automobile, the terminal equipment can be accessed to the core network P-GW through the base station, when the position of the user carrying the terminal equipment changes, the base station for providing service for the terminal equipment is also switched along with the change, and the user needs to carry out communication restriction when using the terminal equipment in different areas. The existing area limitation is controlled by a mobile management entity area configured in an HSS (home subscriber server), for example, communication control is generally performed by a provincial control mode, but there is a problem that production places and use places are not consistent in application, and it is difficult to determine the use places in advance, a terminal device may have a plurality of use places, when cross-provincial use occurs, it is difficult to implement communication control in one provincial, so that the existing area limitation control method has relatively poor flexibility due to technical limitation, and is difficult to meet the production requirements of clients. Therefore, the method for performing area restriction control on the terminal device in the prior art has the problem of poor flexibility.
Disclosure of Invention
The embodiment of the invention provides a method, a device, equipment and a medium for controlling a communication area limitation based on a Radius message, which aim to solve the problem of poor flexibility in the method for controlling the area limitation of terminal equipment in the prior art.
In a first aspect, an embodiment of the present invention provides a method for controlling a communication area restriction based on a Radius message, where the method is applied to a management server, where the management server establishes a network connection with a card management terminal and a communication service network to transmit data information, and the communication service network includes a packet data network gateway, a coordination server and a home subscriber server, and the method includes:
If new region limitation configuration information from the card management terminal is received, subscribing a Radius message of the packet data network gateway according to the region limitation configuration information;
If the subscribed Radius message is received, judging whether the limitation type corresponding to the Radius message in the stored region limitation configuration information is a customized terminal region limitation;
If the limitation type is not the limitation of the customized terminal area, verifying whether the connection area in the Radius message is matched with the corresponding historical Radius message or not to obtain a verification result;
if the limiting type is the customized terminal area limiting, verifying whether the connection areas in the Radius message are matched according to the limiting area information in the area limiting configuration information so as to obtain a verification result;
and generating a session control instruction corresponding to the Radius message according to the verification result and sending the session control instruction to the coordination server or the home subscriber server so that the coordination server or the home subscriber server can conduct area restriction control on session communication connection corresponding to the Radius message according to the session control instruction.
In a second aspect, an embodiment of the present invention provides a communication area restriction management and control device based on a Radius message, where the device is configured in a management server, where the management server establishes a network connection with a card management terminal and a communication service network to transmit data information, and the communication service network includes a packet data network gateway, a coordination server, and a home subscriber server, and the device includes:
A message subscribing unit, configured to subscribe a Radius message of the packet data network gateway according to the area restriction configuration information if new area restriction configuration information from the card management terminal is received;
A limitation type judging unit, configured to judge whether a limitation type corresponding to the Radius message in the stored area limitation configuration information is a customized terminal area limitation if the subscribed Radius message is received;
the first matching verification unit is used for verifying whether the connection area in the Radius message is matched with the corresponding historical Radius message or not if the restriction type is not the restriction of the customized terminal area so as to obtain a verification result;
The second matching verification unit is used for verifying whether the connection areas in the Radius message are matched according to the limiting area information in the area limiting configuration information if the limiting type is the customized terminal area limitation so as to obtain a verification result;
And the session control instruction sending unit is used for generating a session control instruction corresponding to the Radius message according to the verification result and sending the session control instruction to the coordination server or the home subscriber server so that the coordination server or the home subscriber server can conduct area restriction management control on session communication connection corresponding to the Radius message according to the session control instruction.
In a third aspect, an embodiment of the present invention further provides a computer apparatus, which includes a memory, a processor, and a computer program stored on the memory and executable on the processor, where the processor implements the method for controlling communication area limitation based on Radius messages according to the first aspect.
In a fourth aspect, an embodiment of the present invention further provides a computer readable storage medium, where the computer readable storage medium stores a computer program, which when executed by a processor, implements a Radius message based communication area restriction management method as described in the first aspect above.
The embodiment of the invention provides a method, a device, equipment and a medium for controlling communication area restriction based on Radius information. Subscribing a Radius message of a packet data network gateway according to region restriction configuration information sent by a card management terminal, judging whether a restriction type corresponding to the Radius message is a custom terminal region restriction if the subscribed Radius message is received, and verifying whether a connection region in the Radius message is matched with a corresponding historical Radius message if the restriction type is the custom terminal region restriction; if the terminal area limitation is not customized, verifying whether the connection areas are matched according to the area limitation configuration information; and generating a session control instruction corresponding to the Radius message according to the verification result and sending the session control instruction to the coordination server or the home subscriber server to perform regional restriction management control. According to the method, the Radius message updated online is acquired based on the packet data network gateway, matching verification is carried out by combining the Radius message with the configured regional restriction configuration information, and a session control instruction is sent to the coordination server or the home subscriber server according to the verification result so as to carry out communication restriction, so that the complexity of network transformation is reduced, and the flexibility of regional restriction management and control is greatly improved.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings required for the description of the embodiments will be briefly described below, and it is obvious that the drawings in the following description are some embodiments of the present invention, and other drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.
Fig. 1 is a schematic flow chart of a control method for limiting a communication area based on a Radius message according to an embodiment of the present invention;
Fig. 2 is a schematic diagram of an application scenario of a control method for limiting a communication area based on a Radius message according to an embodiment of the present invention;
fig. 3 is a schematic sub-flowchart of a control method for limiting a communication area based on a Radius message according to an embodiment of the present invention;
fig. 4 is another schematic sub-flowchart of a control method for limiting a communication area based on a Radius message according to an embodiment of the present invention;
Fig. 5 is a schematic diagram of another sub-flow of a control method for limiting a communication area based on a Radius message according to an embodiment of the present invention;
fig. 6 is a schematic diagram of still another sub-flow of a control method for limiting a communication area based on a Radius message according to an embodiment of the present invention;
Fig. 7 is a schematic diagram of a later sub-flow of a control method for limiting a communication area based on a Radius message according to an embodiment of the present invention;
fig. 8 is another flow chart of a control method for limiting a communication area based on a Radius message according to an embodiment of the present invention;
fig. 9 is a schematic block diagram of a communication area limiting control device based on a Radius message according to an embodiment of the present invention;
Fig. 10 is a schematic block diagram of a computer device according to an embodiment of the present invention.
Detailed Description
The following description of the embodiments of the present invention will be made clearly and fully with reference to the accompanying drawings, in which it is evident that the embodiments described are some, but not all embodiments of the invention. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.
It should be understood that the terms "comprises" and "comprising," when used in this specification and the appended claims, specify the presence of stated features, integers, steps, operations, elements, and/or components, but do not preclude the presence or addition of one or more other features, integers, steps, operations, elements, components, and/or groups thereof.
It is also to be understood that the terminology used in the description of the invention herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the invention. As used in this specification and the appended claims, the singular forms "a," "an," and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise.
It should be further understood that the term "and/or" as used in the present specification and the appended claims refers to any and all possible combinations of one or more of the associated listed items, and includes such combinations.
Referring to fig. 1 and fig. 2, fig. 1 is a flow chart of a method for controlling a communication area limitation based on a Radius message according to an embodiment of the present invention; fig. 2 is a schematic diagram of an application scenario of a control method for limiting a communication area based on a Radius message according to an embodiment of the present invention; the communication area limiting management method based on the Radius message is applied to the management server 10, the management server 10 establishes Network connection with the card management terminal 20 and the communication service Network 30 for data information transmission, the communication service Network 30 comprises a packet data Network Gateway (PGW, packet Data Network Gateway) 31, a coordination server (PFC, point Coordination Function) 32 and a home subscriber server (HSS, home Subscriber Server) 33, the communication area limiting management method based on the Radius message is executed through application software installed in the management server 10, the management server 10 can receive the Radius message from the packet data Network Gateway 31 and perform matching verification in combination with the configured area limiting configuration information to send corresponding session control instructions to the coordination server 32 or the home subscriber server 33, the terminal device 40 can establish session communication connection with the coordination server 32 through the packet data Network Gateway 31, and the terminal device 40 can also directly establish session communication connection with the home subscriber server 33, so that the session communication connection can be correspondingly limited after receiving the session control instructions, including, but not limited access rate of access to the terminal can be limited. The management server 10 is a server configured by a communication service enterprise and used for controlling a communication area limitation, the card management terminal 20 is a management terminal configured by the communication service enterprise, a user of the card management terminal 20 may be a service manager in the enterprise, the communication service network 30 is a communication network configured by the communication service enterprise and used for providing communication service for terminal devices, the terminal devices 40 may be mobile communication terminals such as mobile phones and tablet computers, and the terminal devices 40 may also be internet of things terminals such as vehicle-mounted tablet computers and vehicle-mounted intelligent sound boxes, and intelligent wearing devices (such as smart watches and smart glasses).
As shown in fig. 1, the method includes steps S110 to S150.
S110, if new region limitation configuration information is received from the card management terminal, subscribing the Radius message of the packet data network gateway according to the region limitation configuration information.
Specifically, the client may apply for opening a card (SIM card) to the client manager, and the user of the card management terminal may be the client manager, where the client manager opens a card at the IT of the internet of things through the card management terminal, configures a limiting policy for each opened card of the internet of things, and may obtain the information of the opened card of the internet of things and the configured limiting policy to combine to obtain corresponding regional limiting configuration information, and the card management terminal may synchronize the obtained regional limiting configuration information to the management server. In this embodiment, only one internet of things card is discussed and configured to limit configuration information for its configuration area, and batch card opening can be performed in the actual application process, and the configuration information is configured to limit the configuration area in batches.
After receiving the area limitation configuration information, the management server can store the newly added area limitation configuration information, and can subscribe to the Radius message of the packet data network gateway according to the area limitation configuration information, wherein the card information of the area limitation configuration information comprises card identifiers, namely, the card identifiers uniquely corresponding to each SIM card, and can register the card identifiers in the area limitation configuration information in the management server, so that the management server subscribes to the Radius message corresponding to the card identifiers, namely, can appoint to receive the Radius message corresponding to the card identifiers in the area limitation configuration information. The Radius message is a request message based on a remote user dialing authentication system (Remote Authentication Dial In User Service).
And S120, if the subscribed Radius message is received, judging whether the limitation type corresponding to the Radius message in the stored region limitation configuration information is a customized terminal region limitation.
The terminal equipment can access the packet data network gateway through the base station in a communication way, the packet data network gateway can acquire the access information of the terminal equipment, generate a corresponding Radius message and send the corresponding Radius message to the management server, wherein the Radius message comprises card information, ECGI information and TAC information, and the ECGI information and the TAC information can correspond to the base station accessed by the terminal equipment, namely when the packet data network gateway (PGW) is accessed to the terminal equipment, the packet data network gateway (PGW) copies and reports the card information, the ECGI information and the TAC information to the management server through a remote user dialing authentication system. The ECGI information is a cell global identifier (E-UTRAN Cell Global Identifier), and the TAC information is a tracking area Code (TRACKING AREA, code).
In one embodiment, as shown in FIG. 3, step S120 includes sub-steps S121 and S122.
S121, acquiring a limiting strategy corresponding to the region limiting configuration information and the card identifier according to the card identifier in the Radius message.
The Radius message contains corresponding card identifications, and the management server stores the area restriction configuration information corresponding to each registered card identification, so that a group of area restriction configuration information corresponding to the current card identification can be obtained from the stored groups of area restriction configuration information, and a corresponding restriction strategy can be obtained from the matched area restriction configuration information.
S122, judging whether the restriction type in the restriction strategy is the custom terminal area restriction.
The restriction policy includes a restriction type, and the restriction type in the restriction policy may be configured as a platform automatic area restriction or a customized terminal area restriction, and then it may be determined whether the restriction type in the restriction policy corresponding to the card identifier is a customized terminal area restriction.
And S130, if the limit type is not the limit of the customized terminal area, verifying whether the connection area in the Radius message is matched with the corresponding historical Radius message or not to obtain a verification result.
If the restriction type is not the customized terminal area restriction, the restriction type is platform automatic area restriction, namely the platform can acquire the area of the terminal equipment accessed to the network for the first time as the first access area, and automatically performs matching verification on the follow-up access process according to the recorded first access area. And verifying whether the Radius message is matched with the history Radius message stored in the management server or not, so as to obtain a verification result, and if the verification result is matched or not.
In one embodiment, as shown in FIG. 4, step S130 includes sub-steps S131 and S132.
S131, acquiring a first access area recorded in a history Radius message corresponding to the Radius message.
Specifically, the currently received Radius message and the history Radius message stored in the management server both include card identifiers, the history Radius message corresponding to the card identifier stored in the management server can be obtained according to the card identifier of the Radius message, and a recorded first access area is obtained from the history Radius message, specifically, the corresponding access area can be determined based on the ECGI information and the TAC information in the Radius message, then the corresponding access area can be determined based on the group of Radius messages with earliest receiving time in the history Radius message, and the corresponding access area can be determined according to the ECGI information and the TAC information of the earliest group of Radius messages, and the determined access area is recorded as the first access area corresponding to the history Radius message.
And S132, verifying whether the connection area in the Radius message is matched with the first access area or not to obtain a corresponding verification result.
The corresponding connection area can be determined according to the ECGI information and the TAC information in the Radius message, and whether the connection area in the Radius message is matched with the first access area or not is verified, so that a verification result is obtained. The connection area and the first access area can be represented in an area code mode, whether the two area codes are the same or not can be judged, and therefore whether the connection area is matched with the first access area or not is verified.
In one embodiment, as shown in fig. 5, step S131 is preceded by steps S1311 and S1312.
S1311, judging whether a card identifier in the Radius message is accessed to the packet data network gateway for the first time; s1312, if the card identifier is the first access to the packet data network gateway, recording a connection area in the Radius message as the first access area and obtaining a matched verification result; and if the card identifier is not the first access to the packet data network gateway, executing the step of acquiring the first access area recorded in the history Radius message corresponding to the Radius message.
When the first access area is acquired, whether the card identifier in the Radius message is first access or not can be judged, namely whether the first access area corresponding to the card identifier is stored in the management server is judged, and if the first access area corresponding to the card identifier is stored in the management server, the card identifier is judged not to be first access to the packet data network gateway; otherwise, judging the first access. If the card identifier is first access, a connection area corresponding to the Radius message may be obtained, and the connection area is recorded in the management server as the first access area, and at this time, a matched verification result may be obtained and the subsequent step S150 may be continuously executed. If the card identifier is not the first access, the step of obtaining the first access area recorded in the history Radius message may be performed, that is, step S131 is performed.
And S140, if the limit type is the customized terminal area limit, verifying whether the connection areas in the Radius message are matched according to the limit area information in the area limit configuration information so as to obtain a verification result.
If the dangerous type is the limitation of the customized terminal area, the limitation area information is configured in the limitation policy of the area limitation configuration information, and the limitation area information can be used for limiting the terminal equipment to be used in one or more areas preferentially, that is, one or more areas can be configured in the limitation area information, for example, the limitation is used in two areas of A, B preferentially, wherein the areas can be divided according to multiple dimensions of provinces, cities, counties, streets (towns), parks and the like. And verifying whether the connection areas in the Radius message are matched according to the limiting area information in the area limiting configuration information, namely judging whether the limiting area information is matched with the connection areas, so as to obtain a corresponding verification result.
In one embodiment, as shown in FIG. 6, step S140 includes sub-steps S141 and S142.
S141, acquiring a limiting strategy corresponding to the region limiting configuration information and the card identifier according to the card identifier in the Radius message.
Specifically, the management server stores the area restriction configuration information corresponding to each registered card identifier, and may obtain the restriction policy corresponding to the card identifier in the Radius message from the stored area restriction configuration information.
S142, judging whether the limiting area information in the limiting strategy contains a connection area in the Radius message or not so as to verify whether the limiting area information is matched with the connection area or not.
Judging whether the limiting area information in the limiting strategy contains a connecting area in the Radius message or not, namely judging whether the connecting area is subordinate to the limiting area information or not, and if so, verifying that the limiting area information is matched with the connecting area; otherwise, the verification results in no match.
And S150, generating a session control instruction corresponding to the Radius message according to the verification result and sending the session control instruction to the coordination server or the home subscriber server so that the coordination server or the home subscriber server can conduct area restriction management and control on session communication connection corresponding to the Radius message according to the session control instruction.
In one embodiment, as shown in FIG. 7, step S150 includes sub-steps S151, S152, and S153.
S151, judging whether the user type corresponding to the Radius message is an Internet of things user or not; and S152, if the user type is the user of the Internet of things, generating a session control instruction corresponding to the Radius message according to the verification result and sending the session control instruction to the home subscriber server, so that the home subscriber server performs area restriction management and control on the session communication connection corresponding to the Radius message according to the session control instruction.
Specifically, the card information of the Radius message further includes a user type, and the user type may be a 3G/4G/5G user, or may be an internet of things user (Narrow Band Internet of Things, NB-IoT, narrowband internet of things user), so as to determine whether the user type corresponding to the Radius message is the internet of things user.
If the user type is the Internet of things user, a session control instruction corresponding to the Radius message can be generated according to the verification result and sent to the home subscriber server, and at the moment, the terminal equipment can establish session communication connection with the home subscriber server. Specifically, if the verification result is passed, a session control instruction without rate limitation is generated and sent to the home subscriber server, and at this time, the terminal device can establish session communication connection without rate limitation with the home subscriber server, and the terminal device can obtain high-rate wireless communication service through the home subscriber server. If the verification result is that the user terminal does not pass through the wireless communication network, a session control instruction with rate limitation is generated according to a rate threshold value in a limitation strategy and sent to the home subscriber server, and at the moment, the terminal equipment can establish session communication connection with the home subscriber server with the rate limitation, namely, the home subscriber server can limit the data transmission rate of the user terminal accessing the wireless communication network, and the terminal equipment can acquire low-rate wireless communication service through the home subscriber server.
And S153, if the user type is not the Internet of things user, generating a session control instruction corresponding to the Radius message according to the verification result and sending the session control instruction to the coordination server so that the coordination server performs area restriction management and control on session communication connection corresponding to the Radius message according to the session control instruction.
If the user type is not the Internet of things user, a session control instruction corresponding to the Radius message can be generated according to the verification result and sent to the coordination server, and at the moment, the terminal equipment can establish session communication connection with the coordination server. Specifically, if the verification result is that the verification result is passed, a session control instruction without service access restriction is generated and sent to the coordination server, and at this time, the terminal device can establish session communication connection without service access restriction with the coordination server, so that the terminal device can access any service through the wireless communication service provided by the coordination server. If the verification result is that the user terminal does not pass through the service access authority, a session control instruction with service access restriction is generated according to the service access authority in the restriction strategy and sent to the coordination server, at this time, the terminal equipment can establish session communication connection with the coordination server with service access restriction, that is, the coordination server can restrict the user terminal to access to the service accessed by the wireless communication network, the terminal equipment cannot access the service beyond the access authority, for example, the terminal equipment can only access the call and short message service (only can dial a call, send and receive short messages, but cannot send and receive data information based on the wireless communication network), and other services cannot access the service.
In an embodiment, as shown in fig. 8, step S1101 is further included after step S110.
S1101, if configuration modification information from the card management terminal is received, updating the stored area limitation configuration information according to the configuration modification information to obtain updated area limitation configuration information.
The client manager can also send configuration modification information to the management server through the card management terminal, so that the management server can modify the stored current configuration information of the region according to the received configuration modification information, and specifically, the configuration modification information can comprise information for modifying the limitation type and/or the limitation region information, and the region limitation configuration information can be uniformly modified according to the configuration modification information, so that the stored region limitation configuration information is updated.
In the method for controlling the communication area restriction based on the Radius message provided by the embodiment of the invention, the Radius message of the packet data network gateway is subscribed according to the area restriction configuration information sent by the card management terminal, if the subscribed Radius message is received, whether the restriction type corresponding to the Radius message is the custom terminal area restriction is judged, and if the restriction type is the custom terminal area restriction, whether the connection area in the Radius message is matched with the corresponding historical Radius message is verified; if the terminal area limitation is not customized, verifying whether the connection areas are matched according to the area limitation configuration information; and generating a session control instruction corresponding to the Radius message according to the verification result and sending the session control instruction to the coordination server or the home subscriber server to perform regional restriction management control. According to the method, the Radius message updated online is acquired based on the packet data network gateway, matching verification is carried out by combining the Radius message with the configured regional restriction configuration information, and a session control instruction is sent to the coordination server or the home subscriber server according to the verification result so as to carry out communication restriction, so that the complexity of network transformation is reduced, and the flexibility of regional restriction management and control is greatly improved.
The embodiment of the present invention further provides a Radius message-based communication area restriction control device, where the Radius message-based communication area restriction control device may be configured in the management server 10, and the management server establishes a network connection with the card management terminal and the communication service network to transmit data information, and the communication service network includes a packet data network gateway, a coordination server and a home subscriber server, where the Radius message-based communication area restriction control device is configured to execute any embodiment of the foregoing Radius message-based communication area restriction control method. Specifically, referring to fig. 9, fig. 9 is a schematic block diagram of a communication area limiting control device based on a Radius message according to an embodiment of the present invention.
As shown in fig. 9, the Radius message-based communication area restriction management control apparatus 100 includes a message subscription unit 110, a restriction type judgment unit 120, a first match verification unit 130, a second match verification unit 140, and a session control instruction transmission unit 150.
And the message subscribing unit 110 is configured to subscribe the Radius message of the packet data network gateway according to the area restriction configuration information if receiving the newly added area restriction configuration information from the card management terminal.
And the restriction type judging unit 120 is configured to judge whether the restriction type corresponding to the Radius message in the stored area restriction configuration information is a customized terminal area restriction if the subscribed Radius message is received.
In a specific embodiment, the constraint type determining unit 120 includes a subunit: a restriction policy obtaining unit, configured to obtain a restriction policy corresponding to the area restriction configuration information and the card identifier according to the card identifier in the Radius message; and the type judging unit is used for judging whether the limitation type in the limitation strategy is the limitation of the customized terminal area.
And the first matching verification unit 130 is configured to verify whether the connection area in the Radius message matches with the corresponding historical Radius message if the restriction type is not the customized terminal area restriction, so as to obtain a verification result.
In a specific embodiment, the first matching verification unit 130 includes a subunit: a first access area obtaining unit, configured to obtain a first access area recorded in a historical Radius message corresponding to the Radius message; and the region matching verification unit is used for verifying whether the connection region in the Radius message is matched with the first access region or not to obtain a corresponding verification result.
In a specific embodiment, the first matching verification unit 130 further includes a subunit: a card identifier judging unit, configured to judge whether a card identifier in the Radius message is first accessed to the packet data network gateway; the verification result acquisition unit is used for recording a connection area in the Radius message as a first access area and obtaining a matched verification result if the card identifier is the first access to the packet data network gateway; and if the card identifier is not the first access to the packet data network gateway, executing the step corresponding to the first access area acquisition unit.
And the second matching verification unit 140 is configured to verify whether the connection areas in the Radius message are matched according to the restriction area information in the area restriction configuration information if the restriction type is a custom terminal area restriction, so as to obtain a verification result.
In a specific embodiment, the second match verification unit 140 includes a subunit: a policy obtaining unit, configured to obtain a restriction policy corresponding to the area restriction configuration information and the card identifier according to the card identifier in the Radius message; and the connection region matching verification unit is used for judging whether the restriction region information in the restriction strategy contains a connection region in the Radius message or not so as to verify whether the restriction region information is matched with the connection region or not.
And a session control instruction sending unit 150, configured to generate a session control instruction corresponding to the Radius message according to the verification result, and send the session control instruction to the coordination server or the home subscriber server, so that the coordination server or the home subscriber server performs area restriction management control on the session communication connection corresponding to the Radius message according to the session control instruction.
In a specific embodiment, the session control instruction sending unit 150 includes a subunit: the user type judging unit is used for judging whether the user type corresponding to the Radius message is an Internet of things user or not; a first session control instruction sending unit, configured to generate a session control instruction corresponding to the Radius message according to the verification result and send the session control instruction to the home subscriber server if the user type is an internet of things user, so that the home subscriber server performs area restriction management and control on session communication connection corresponding to the Radius message according to the session control instruction; and the second session control instruction sending unit is used for generating a session control instruction corresponding to the Radius message according to the verification result and sending the session control instruction to the coordination server if the user type is not the Internet of things user, so that the coordination server performs area restriction management and control on the session communication connection corresponding to the Radius message according to the session control instruction.
The communication area restriction control device based on the Radius message provided by the embodiment of the invention applies the communication area restriction control method based on the Radius message, subscribes the Radius message of the packet data network gateway according to the area restriction configuration information sent by the card management terminal, judges whether the restriction type corresponding to the Radius message is the custom terminal area restriction if the subscribed Radius message is received, and verifies whether the connection area in the Radius message is matched with the corresponding historical Radius message if the restriction type is the custom terminal area restriction; if the terminal area limitation is not customized, verifying whether the connection areas are matched according to the area limitation configuration information; and generating a session control instruction corresponding to the Radius message according to the verification result and sending the session control instruction to the coordination server or the home subscriber server to perform regional restriction management control. According to the method, the Radius message updated online is acquired based on the packet data network gateway, matching verification is carried out by combining the Radius message with the configured regional restriction configuration information, and a session control instruction is sent to the coordination server or the home subscriber server according to the verification result so as to carry out communication restriction, so that the complexity of network transformation is reduced, and the flexibility of regional restriction management and control is greatly improved.
The above-described Radius message based communication area limiting control apparatus may be implemented in the form of a computer program which may be run on a computer device as shown in fig. 10.
Referring to fig. 10, fig. 10 is a schematic block diagram of a computer device according to an embodiment of the present invention. The computer device may be a management server for executing a Radius message-based communication area restriction management method to perform area restriction management of communication of the terminal device.
With reference to fig. 10, the computer device 500 includes a processor 502, a memory, and a network interface 505, which are connected by a system bus 501, wherein the memory may include a storage medium 503 and an internal memory 504.
The storage medium 503 may store an operating system 5031 and a computer program 5032. The computer program 5032, when executed, may cause the processor 502 to perform a Radius message based communication area restriction management method, wherein the storage medium 503 may be a volatile storage medium or a non-volatile storage medium.
The processor 502 is used to provide computing and control capabilities to support the operation of the overall computer device 500.
The internal memory 504 provides an environment for the execution of a computer program 5032 in the storage medium 503, which computer program 5032, when executed by the processor 502, causes the processor 502 to perform a Radius message based communication area restriction management method.
The network interface 505 is used for network communication, such as wired network communication and/or wireless network communication, to provide for the transmission of data information. It will be appreciated by those skilled in the art that the structure shown in FIG. 10 is merely a block diagram of some of the structures associated with the present inventive arrangements and does not constitute a limitation of the computer device 500 to which the present inventive arrangements may be applied, and that a particular computer device 500 may include more or fewer components than shown, or may combine certain components, or may have a different arrangement of components.
The processor 502 is configured to execute a computer program 5032 stored in a memory, so as to implement the corresponding functions in the above-mentioned control method for limiting a communication area based on a Radius message.
Those skilled in the art will appreciate that the embodiment of the computer device shown in fig. 10 is not limiting of the specific construction of the computer device, and in other embodiments, the computer device may include more or less components than those shown, or certain components may be combined, or a different arrangement of components. For example, in some embodiments, the computer device may include only a memory and a processor, and in such embodiments, the structure and function of the memory and the processor are consistent with the embodiment shown in fig. 10, and will not be described again.
It should be appreciated that in embodiments of the present invention, the Processor 502 may be a central processing unit (Central Processing Unit, CPU), the Processor 502 may also be other general purpose processors, digital signal processors (DIGITAL SIGNAL processors, DSPs), application SPECIFIC INTEGRATED Circuits (ASICs), off-the-shelf Programmable gate arrays (Field-Programmable GATE ARRAY, FPGA) or other Programmable logic devices, discrete gate or transistor logic devices, discrete hardware components, or the like. Wherein the general purpose processor may be a microprocessor or the processor may be any conventional processor or the like.
In another embodiment of the invention, a computer-readable storage medium is provided. The computer readable storage medium may be a volatile or nonvolatile computer readable storage medium. The computer readable storage medium stores a first computer program, a second computer program or a third computer program, which when executed by a first processor, the second computer program is executed by a second processor and the third computer program is executed by a third processor collectively implement the steps included in the above-described Radius message-based communication area restriction management and control method.
It will be clearly understood by those skilled in the art that, for convenience and brevity of description, specific working procedures of the apparatus, device and unit described above may refer to corresponding procedures in the foregoing method embodiments, which are not repeated herein. Those of ordinary skill in the art will appreciate that the elements and algorithm steps described in connection with the embodiments disclosed herein may be embodied in electronic hardware, in computer software, or in a combination of the two, and that the elements and steps of the examples have been generally described in terms of function in the foregoing description to clearly illustrate the interchangeability of hardware and software. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the solution. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present invention.
In the several embodiments provided by the present invention, it should be understood that the disclosed apparatus, device and method may be implemented in other manners. For example, the apparatus embodiments described above are merely illustrative, and for example, the division of the units is merely a logical function division, there may be another division manner in actual implementation, or units having the same function may be integrated into one unit, for example, multiple units or components may be combined or may be integrated into another system, or some features may be omitted, or not performed. In addition, the coupling or direct coupling or communication connection shown or discussed with each other may be an indirect coupling or communication connection via some interfaces, devices, or elements, or may be an electrical, mechanical, or other form of connection.
The units described as separate units may or may not be physically separate, and units shown as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units may be selected according to actual needs to achieve the purpose of the embodiment of the present invention.
In addition, each functional unit in the embodiments of the present invention may be integrated in one processing unit, or each unit may exist alone physically, or two or more units may be integrated in one unit. The integrated units may be implemented in hardware or in software functional units.
The integrated units, if implemented in the form of software functional units and sold or used as stand-alone products, may be stored in a computer readable storage medium. Based on such understanding, the technical solution of the present invention is essentially or part of what contributes to the prior art, or all or part of the technical solution may be embodied in the form of a software product stored in a computer-readable storage medium, comprising several instructions for causing a computer device (which may be a personal computer, a server, a network device, etc.) to perform all or part of the steps of the method according to the embodiments of the present invention. And the aforementioned computer-readable storage medium includes: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a magnetic disk, an optical disk, or other various media capable of storing program codes.
While the invention has been described with reference to certain preferred embodiments, it will be understood by those skilled in the art that various changes and substitutions of equivalents may be made and equivalents will be apparent to those skilled in the art without departing from the scope of the invention. Therefore, the protection scope of the invention is subject to the protection scope of the claims.
Claims (9)
1. The utility model provides a communication area restriction management and control method based on Radius message, its characterized in that, this method is applied to in the management server, the management server establishes network connection with card management terminal and communication service network and carries out data information's transmission, the communication service network includes packet data network gateway, coordination server and home subscriber server, this method includes:
If the regional limit configuration information from the card management terminal is received, subscribing the Radius message of the packet data network gateway according to the regional limit configuration information;
If the subscribed Radius message is received, judging whether the limitation type corresponding to the Radius message in the stored region limitation configuration information is a customized terminal region limitation;
If the limitation type is not the limitation of the customized terminal area, verifying whether the connection area in the Radius message is matched with the corresponding historical Radius message or not to obtain a verification result;
if the limiting type is the customized terminal area limiting, verifying whether the connection areas in the Radius message are matched according to the limiting area information in the area limiting configuration information so as to obtain a verification result;
Generating a session control instruction corresponding to the Radius message according to the verification result and sending the session control instruction to the coordination server or the home subscriber server, so that the coordination server or the home subscriber server performs area restriction control on session communication connection corresponding to the Radius message according to the session control instruction;
Verifying whether the connection area in the Radius message is matched with the corresponding historical Radius message or not to obtain a verification result, wherein the verification method comprises the following steps:
acquiring a first access area recorded in a history Radius message corresponding to the Radius message;
And verifying whether the connection area in the Radius message is matched with the first access area or not to obtain a corresponding verification result.
2. The method for controlling communication area restrictions based on Radius messages according to claim 1, wherein the determining whether the restriction type corresponding to the Radius message in the stored area restriction configuration information is a customized terminal area restriction comprises:
acquiring a limiting strategy corresponding to the region limiting configuration information and the card identifier according to the card identifier in the Radius message;
And judging whether the restriction type in the restriction strategy is the custom terminal area restriction.
3. The method for controlling communication area restriction based on Radius message according to claim 1, wherein before obtaining the first access area recorded in the history Radius message corresponding to the Radius message, further comprises:
judging whether the card mark in the Radius message is accessed to the packet data network gateway for the first time;
If the card identifier is first access to the packet data network gateway, recording a connection area in the Radius message as a first access area and obtaining a matched verification result;
and if the card identifier is not the first access to the packet data network gateway, executing the step of acquiring the first access area recorded in the history Radius message corresponding to the Radius message.
4. The method for controlling communication area restriction based on Radius message according to claim 1, wherein verifying whether the connection areas in the Radius message are matched according to the restriction area information in the area restriction configuration information, to obtain a verification result, comprises:
acquiring a limiting strategy corresponding to the region limiting configuration information and the card identifier according to the card identifier in the Radius message;
and judging whether the limiting area information in the limiting strategy contains a connection area in the Radius message or not so as to verify whether the limiting area information is matched with the connection area or not.
5. The method for controlling communication area restriction based on Radius message according to claim 1, wherein the generating a session control command corresponding to the Radius message according to the verification result and transmitting the session control command to the coordination server or home subscriber server comprises:
Judging whether the user type corresponding to the Radius message is an Internet of things user or not;
If the user type is the Internet of things user, generating a session control instruction corresponding to the Radius message according to the verification result and sending the session control instruction to the home subscriber server, so that the home subscriber server performs area restriction management and control on session communication connection corresponding to the Radius message according to the session control instruction;
And if the user type is not the Internet of things user, generating a session control instruction corresponding to the Radius message according to the verification result and sending the session control instruction to the coordination server so that the coordination server performs area restriction control on session communication connection corresponding to the Radius message according to the session control instruction.
6. The Radius message-based communication area restriction management method according to claim 1, wherein the method further comprises:
And if configuration modification information from the card management terminal is received, updating the stored area limitation configuration information according to the configuration modification information to obtain the updated area limitation configuration information.
7. A Radius message-based communication area restriction management and control device, wherein the device is configured in a management server, the management server establishes a network connection with a card management terminal and a communication service network for data information transmission, the communication service network comprises a packet data network gateway, a coordination server and a home subscriber server, and the device comprises:
A message subscribing unit, configured to subscribe a Radius message of the packet data network gateway according to the area restriction configuration information if new area restriction configuration information from the card management terminal is received;
A limitation type judging unit, configured to judge whether a limitation type corresponding to the Radius message in the stored area limitation configuration information is a customized terminal area limitation if the subscribed Radius message is received;
the first matching verification unit is used for verifying whether the connection area in the Radius message is matched with the corresponding historical Radius message or not if the restriction type is not the restriction of the customized terminal area so as to obtain a verification result;
The second matching verification unit is used for verifying whether the connection areas in the Radius message are matched according to the limiting area information in the area limiting configuration information if the limiting type is the customized terminal area limitation so as to obtain a verification result;
A session control instruction sending unit, configured to generate a session control instruction corresponding to the Radius message according to the verification result, and send the session control instruction to the coordination server or the home subscriber server, so that the coordination server or the home subscriber server performs area restriction management control on session communication connection corresponding to the Radius message according to the session control instruction;
the first match verification unit includes a subunit: a first access area obtaining unit, configured to obtain a first access area recorded in a historical Radius message corresponding to the Radius message; and the region matching verification unit is used for verifying whether the connection region in the Radius message is matched with the first access region or not to obtain a corresponding verification result.
8. A computer device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, characterized in that the processor implements a Radius message based communication area restriction management method according to any of claims 1 to 6 when the computer program is executed.
9. A computer readable storage medium, characterized in that the computer readable storage medium stores a computer program, which when executed by a processor implements the Radius message based communication area restriction management method according to any of claims 1 to 6.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111612688.5A CN114363878B (en) | 2021-12-27 | 2021-12-27 | Communication area restriction control method, device, equipment and medium based on Radius message |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111612688.5A CN114363878B (en) | 2021-12-27 | 2021-12-27 | Communication area restriction control method, device, equipment and medium based on Radius message |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN114363878A CN114363878A (en) | 2022-04-15 |
| CN114363878B true CN114363878B (en) | 2024-05-17 |
Family
ID=81102091
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111612688.5A Active CN114363878B (en) | 2021-12-27 | 2021-12-27 | Communication area restriction control method, device, equipment and medium based on Radius message |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114363878B (en) |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| KR20100072973A (en) * | 2008-12-22 | 2010-07-01 | 주식회사 케이티 | Method of access authentication based on policy for wireless network access service |
| CN102404798A (en) * | 2010-09-09 | 2012-04-04 | 中国移动通信集团河南有限公司 | Method, equipment and system for position information acquisition and service control |
| CN109842535A (en) * | 2017-11-28 | 2019-06-04 | 华为技术有限公司 | A kind of method and apparatus accessing local network |
| CN110324819A (en) * | 2019-07-02 | 2019-10-11 | 中国联合网络通信集团有限公司 | The management method and management server of vice card terminal |
| US10750350B1 (en) * | 2019-12-16 | 2020-08-18 | Cisco Technology, Inc. | Techniques for decoupling authentication and subscription management from a home subscriber server |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| KR101308336B1 (en) * | 2008-10-30 | 2013-09-17 | 노키아 코포레이션 | Methods, apparatuses, system, related computer program product and data structures for informing of roaming restrictions |
-
2021
- 2021-12-27 CN CN202111612688.5A patent/CN114363878B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| KR20100072973A (en) * | 2008-12-22 | 2010-07-01 | 주식회사 케이티 | Method of access authentication based on policy for wireless network access service |
| CN102404798A (en) * | 2010-09-09 | 2012-04-04 | 中国移动通信集团河南有限公司 | Method, equipment and system for position information acquisition and service control |
| CN109842535A (en) * | 2017-11-28 | 2019-06-04 | 华为技术有限公司 | A kind of method and apparatus accessing local network |
| CN110324819A (en) * | 2019-07-02 | 2019-10-11 | 中国联合网络通信集团有限公司 | The management method and management server of vice card terminal |
| US10750350B1 (en) * | 2019-12-16 | 2020-08-18 | Cisco Technology, Inc. | Techniques for decoupling authentication and subscription management from a home subscriber server |
Non-Patent Citations (1)
| Title |
|---|
| 基于移动信息化的安全接入平台建设;利业鞑;刘恒;;计算机工程(第15期);128-133 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN114363878A (en) | 2022-04-15 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10462647B2 (en) | Communication control method and apparatus, terminal, and network platform | |
| CN102870443B (en) | For providing the apparatus and method of subscriber identity data in the wireless network | |
| US20110202460A1 (en) | Method and system for authorizing transactions based on relative location of devices | |
| WO2015085943A1 (en) | Method and terminal for data service transmission | |
| US9344353B2 (en) | Mobile device application for automatic filtering of transmitted data content | |
| US8260885B2 (en) | Method and system for bootstrap of a device | |
| EP3079306B1 (en) | System and method for controlling wireless network access information in using removable external modem | |
| CN104541525A (en) | Methods, systems and devices for dynamic HPLMN configuration | |
| CN104637131A (en) | Authorization method and authorization device for access control system and access control system | |
| CN109041140B (en) | Method for rapidly switching wireless network, intelligent hardware and terminal equipment | |
| CN103813314A (en) | Soft SIM card enabling method and network access method, terminal, and network access device | |
| WO2013008048A1 (en) | Method and apparatus for provisioning network access credentials | |
| CN106304193A (en) | A kind of realize the method for flow-control, server and terminal | |
| WO2016041171A1 (en) | Method and apparatus for determining terminal roaming status, terminal and server | |
| US20200358653A1 (en) | Method, apparatus and system for changing a network based on received network information | |
| CN113114782A (en) | Internet of things equipment comprehensive control method and device and intelligent terminal | |
| CN114363878B (en) | Communication area restriction control method, device, equipment and medium based on Radius message | |
| EP2144458B1 (en) | A system operable to enable mobile access | |
| US20190387447A1 (en) | Communication system, base station, and control method | |
| CN116321112A (en) | 5G terminal NSA (service oriented architecture) SA (SA upgrading method and device, computer equipment and storage medium | |
| US20100029297A1 (en) | Wireless data communication system and method for providing wireless data service to sdr terminal | |
| CN102026197A (en) | Method and device for acquiring WAPI (wireless LAN authentication and privacy infrastructure) digital certificate | |
| WO2024146316A1 (en) | Location information reporting method and apparatus | |
| CN110545225B (en) | Local and internet equipment authentication and authorization method | |
| CN108834145B (en) | Equipment wireless module, running method thereof and household appliance |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |