CN116709324A - Authentication method, terminal, connection gateway, equipment, system and medium - Google Patents

Authentication method, terminal, connection gateway, equipment, system and medium Download PDF

Info

Publication number
CN116709324A
CN116709324A CN202310841682.8A CN202310841682A CN116709324A CN 116709324 A CN116709324 A CN 116709324A CN 202310841682 A CN202310841682 A CN 202310841682A CN 116709324 A CN116709324 A CN 116709324A
Authority
CN
China
Prior art keywords
local area
wireless local
area network
gateway
terminal
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202310841682.8A
Other languages
Chinese (zh)
Inventor
张笛
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China Telecom Technology Innovation Center
China Telecom Corp Ltd
Original Assignee
China Telecom Technology Innovation Center
China Telecom Corp Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China Telecom Technology Innovation Center, China Telecom Corp Ltd filed Critical China Telecom Technology Innovation Center
Priority to CN202310841682.8A priority Critical patent/CN116709324A/en
Publication of CN116709324A publication Critical patent/CN116709324A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W84/00Network topologies
    • H04W84/02Hierarchically pre-organised networks, e.g. paging networks, cellular networks, WLAN [Wireless Local Area Network] or WLL [Wireless Local Loop]
    • H04W84/10Small scale networks; Flat hierarchical networks
    • H04W84/12WLAN [Wireless Local Area Networks]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W88/00Devices specially adapted for wireless communication networks, e.g. terminals, base stations or access point devices
    • H04W88/16Gateway arrangements

Abstract

The embodiment of the disclosure provides a terminal service authentication method, a terminal, a connection gateway, network equipment, a network system and a readable storage medium, and relates to the technical field of communication. The method comprises the following steps: receiving information of authentication failure of a first wireless local area network gateway transmitted by a connecting gateway of a mobile communication network through the wireless local area network; searching a second wireless local area network gateway which is successful in historical authentication and meets the requirements; and retransmitting an authentication request to the connection gateway through the second wireless local area network gateway of the wireless local area network. The method provided by the embodiment of the disclosure can realize that the authentication is resent to the connection gateway through the second wireless local area network gateway after the authentication of the first wireless local area network gateway fails, thereby realizing successful authentication and ensuring the experience of users.

Description

Authentication method, terminal, connection gateway, equipment, system and medium
Technical Field
The disclosure relates to the technical field of communication, and in particular relates to a terminal service authentication method, a terminal, a connection gateway, network equipment, a network system and a readable storage medium.
Background
Currently, a great challenge still exists in forming continuous wide area coverage by a 5G mobile network, and VoWiFi is an effective choice for effectively solving the problem of weak coverage voice call in residential areas. Currently, in VoWiFi service, in the case that the authentication of the end user service passes but the wireless lan Guan Jianquan fails, in order to prevent the terminal from frequently initiating the authentication procedure, the connection gateway issues an error code and a timer. And after the time of the timer is exceeded, the terminal can reinitiate authentication to influence the user experience.
Disclosure of Invention
The embodiment of the disclosure provides a terminal service authentication method, a terminal, a connection gateway, network equipment, a network system and a readable storage medium, and relates to the technical field of communication.
The embodiment of the disclosure provides a terminal service authentication method, which is applied to a terminal and comprises the following steps: receiving information of authentication failure of a first wireless local area network gateway transmitted by a connecting gateway of a mobile communication network through the wireless local area network; storing information which is transmitted by a connecting gateway of the mobile communication network through a wireless local area network and passes authentication of a second wireless local area network gateway; searching a second wireless local area network gateway which is successful in historical authentication and meets the requirements; and retransmitting an authentication request to the connection gateway through the second wireless local area network gateway of the wireless local area network.
In one embodiment, receiving information of authentication failure of a first wireless local area network gateway transmitted by a connection gateway of a mobile communication network through the wireless local area network includes: and receiving error codes and timers of authentication of the first wireless local area network gateway transmitted by the connecting gateway of the mobile communication network through the wireless local area network.
In one embodiment, the method further comprises: after the wireless lan Guan Jianquan is successful, the successfully authenticated data is saved locally for subsequent lookup.
In one embodiment, the connection gateway is an evolved packet data gateway ePDG.
The embodiment of the disclosure provides a terminal service authentication method, which is applied to a connection gateway of a mobile communication network and comprises the following steps: transmitting information of authentication failure of a first wireless local area network gateway and information of success of a history second wireless local area network Guan Jianquan to a terminal through the first wireless local area network gateway of the wireless local area network; receiving a re-authentication request transmitted by the terminal through a second wireless local area network gateway of the wireless local area network; and carrying out authentication operation according to the re-authentication request transmitted by the terminal through the second wireless local area network gateway of the wireless local area network.
In one embodiment, receiving a re-authentication request transmitted by the terminal through a second wireless local area network gateway of the wireless local area network comprises: and receiving a first service authentication request transmitted by the terminal through the second wireless local area network gateway of the wireless local area network.
In one embodiment, the authentication operation according to the re-authentication request transmitted by the terminal through the second wireless local area network gateway of the wireless local area network includes: forwarding the first service authentication request to the mobile communication network, and receiving a result message of the first service authentication request; responding to the result message of the first service authentication request to indicate that the service authentication is successful, and sending a second service authentication request to a broadband fixed network system to request the service authentication of the second wireless local area network; obtaining a second service authentication request result message about the second wireless local area network from the broadband fixed network system; and responding to the first service authentication request result message and the second service authentication request result message to indicate that service authentication is successful, and allowing the terminal to establish broadband mobile communication service connection with the mobile communication network through the second wireless local area network.
The embodiment of the disclosure provides a terminal, which comprises: the first receiving module is used for receiving the authentication failure information of the first wireless local area network and the success information of the history second wireless local area network Guan Jianquan transmitted by the connecting gateway of the mobile communication network through the wireless local area network; the storage module is used for storing the information of the second wireless local area network which is successfully authenticated by the history; the searching module is used for searching a second wireless local area network gateway which is successful in historical authentication and meets the requirements; and the first sending module is used for resending the authentication request to the connection gateway through the second wireless local area network gateway of the wireless local area network.
In one embodiment, the terminal further comprises: and the storage module is used for storing the data which is successfully authenticated to the local area network Guan Jianquan for subsequent searching after the wireless local area network Guan Jianquan is successful.
The embodiment of the disclosure provides a connection gateway, which comprises: the second sending module is used for transmitting the authentication failure information of the first wireless local area network gateway to the terminal through the first wireless local area network gateway of the wireless local area network and transmitting the success information of the history second wireless local area network Guan Jianquan to the terminal through the second wireless local area network gateway; the second receiving module is used for receiving a re-authentication request transmitted by the terminal through a second wireless local area network gateway of the wireless local area network; and the authentication module is used for carrying out authentication operation according to the re-authentication request transmitted by the terminal through the second wireless local area network gateway of the wireless local area network.
The embodiment of the disclosure provides a network device, comprising: a communicator, a memory, and a processor; the communicator is used for communicating with the outside; the memory is used for storing program instructions; the processor is configured to execute the program instructions to implement a connection gateway that performs the terminal service authentication method as described in any one of the method embodiments applied in connection gateways of mobile communication networks.
The embodiment of the disclosure provides a network system, which comprises the network equipment in the embodiment.
The disclosed embodiments provide a computer readable storage medium storing program instructions that when executed perform a terminal service authentication method as set forth in any one of the above method embodiments.
According to the terminal service authentication method, the terminal receives the authentication failure information of the first wireless local area network gateway transmitted by the connecting gateway of the mobile communication network through the wireless local area network; searching a second wireless local area network gateway which is successful in historical authentication and meets the requirements; the authentication request is resent to the connection gateway through the second wireless local area network gateway of the wireless local area network, so that the authentication is resent to the connection gateway through the second wireless local area network gateway after the authentication of the first wireless local area network gateway fails, and the successful authentication is realized, and the user experience is ensured.
Drawings
In order to more clearly illustrate the embodiments of the present disclosure or the technical solutions in the prior art, the drawings that are required in the embodiments or the description of the prior art will be briefly described below, and it is obvious that the drawings in the following description are only some embodiments of the present disclosure, and other drawings may be obtained according to these drawings without inventive effort to a person of ordinary skill in the art.
Fig. 1 is a schematic diagram showing a configuration of a communication system in an embodiment of the related art;
fig. 2 shows a schematic structural diagram of a network element connection for implementing the service authentication in an application example of the related art;
fig. 3 shows a flowchart of a terminal service authentication method in an embodiment of the related art;
fig. 4 shows a flow chart of a terminal service authentication method applied to a terminal in an embodiment of the application;
fig. 5 shows a flow chart of a terminal service authentication method applied to a terminal in an embodiment of the application;
fig. 6 shows a schematic structural diagram of a communication system compatible with VoWiFi service implementation of a 4G user and a 5G user in an example of the related art;
fig. 7 is a signaling interaction schematic diagram of a terminal service authentication method according to an embodiment of the present disclosure;
FIG. 8 shows a schematic block diagram of a terminal in an embodiment of the application;
FIG. 9 shows a schematic block diagram of a connection gateway in an embodiment of the application;
fig. 10 shows a schematic circuit structure of a network device according to an embodiment of the application.
Detailed Description
Other advantages and effects of the present application will be readily apparent to those skilled in the art from the following detailed description of the embodiments of the application. The application may be practiced or carried out in other embodiments and with various details, and various modifications and alterations may be made to the details of the application from various points of view and applications without departing from the spirit of the application. It should be noted that, without conflict, the embodiments of the present application and features of the embodiments may be combined with each other.
The embodiments of the present application will be described in detail below with reference to the attached drawings so that those skilled in the art to which the present application pertains can easily implement the present application. This application may be embodied in many different forms and is not limited to the embodiments described herein.
In the context of the present description, reference to the terms "one embodiment," "some embodiments," "examples," "particular examples," or "some examples," etc., means that a particular feature, structure, material, or characteristic described in connection with the embodiment or example is included in at least one embodiment or example of the present application. Furthermore, the particular features, structures, materials, or characteristics may be combined in any suitable manner in any one or more embodiments or examples. Furthermore, various embodiments or examples, as well as features of various embodiments or examples, presented herein may be combined and combined by those skilled in the art without conflict.
Furthermore, the terms "first," "second," and the like, are used merely for purposes of referring to objects, and are not intended to indicate or imply relative importance or to implicitly indicate the number of technical features indicated. Thus, a feature defining "a first" or "a second" may explicitly or implicitly include at least one such feature. In the context of the present application, the meaning of "a plurality" is two or more, unless explicitly defined otherwise.
For the purpose of clarity of explanation of the present application, components that are not related to the explanation are omitted, and the same or similar components are given the same reference numerals throughout the description.
Throughout the specification, when a device is said to be "connected" to another device, this includes not only the case of "direct connection" but also the case of "indirect connection" with other elements interposed therebetween. In addition, when a certain component is said to be "included" in a certain device, unless otherwise stated, other components are not excluded, but it means that other components may be included.
Although the terms first, second, etc. may be used herein to connote various elements in some examples, the elements should not be limited by the terms. These terms are only used to distinguish one element from another element. For example, a first interface, a second interface, etc. Furthermore, as used herein, the singular forms "a", "an" and "the" are intended to include the plural forms as well, unless the context indicates otherwise. It will be further understood that the terms "comprises," "comprising," "includes," and/or "including" specify the presence of stated features, steps, operations, elements, modules, items, categories, and/or groups, but do not preclude the presence, presence or addition of one or more other features, steps, operations, elements, modules, items, categories, and/or groups. The terms "or" and/or "as used herein are to be construed as inclusive, or meaning any one or any combination. Thus, "A, B or C" or "A, B and/or C" means "any of the following: a, A is as follows; b, a step of preparing a composite material; c, performing operation; a and B; a and C; b and C; A. b and C). An exception to this definition will occur only when a combination of elements, functions, steps or operations are in some way inherently mutually exclusive.
The terminology used herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the application. As used herein, the singular forms "a", "an" and "the" are intended to include the plural forms as well, unless the language clearly indicates the contrary. The meaning of "comprising" in the specification is to specify the presence of stated features, regions, integers, steps, operations, elements, and/or components, but does not preclude the presence or addition of other features, regions, integers, steps, operations, elements, and/or components.
Although not differently defined, including technical and scientific terms used herein, all have the same meaning as commonly understood by one of ordinary skill in the art to which this application belongs. The term append defined in commonly used dictionaries is interpreted as having a meaning that is consistent with the meaning of the relevant technical literature and the currently prompted message, and is not excessively interpreted as an ideal or very formulaic meaning, so long as no definition is made.
The following first describes some terms of the present disclosure:
VoWiFi means that an operator provides voice services for a user by using WiFi hotspots. Through the VoWiFi technology, a user terminal can use WiFi access to dial and answer voice or video calls while using the mobile Internet. WiFi is a wireless network communication technology.
Wireless local area networks, such as home gateways, are the core of home networks, and provide corresponding interfaces for different types of service terminals, ranging from wired to wireless, and from low speed to high speed, in addition to broadband upstream ports.
A Wireless local area network (Wireless Local Area Network, wireless LAN, WLAN) is a local area network using Wireless connection.
Currently, in a VoWiFi scheme in a scenario where a mobile terminal (such as a mobile phone) such as a home and a wireless local area network are co-located, it is necessary to consider respective VoWiFi service authentications of the mobile terminal of the mobile network and a home gateway terminal of the home wide network (providing WLAN access to the mobile terminal) at the same time. At present, a mobile terminal and a home gateway of a user are required to realize VoWiFi, service subscription, service authentication and service control of the user are all realized in respective networks, for example, the mobile terminal is authenticated in a mobile communication network service, the home gateway terminal is required to be verified in a broadband fixed network, and service authentication results are required to be realized and acquired through different service flows to be integrated.
In the related art, a mobile communication network, a broadband fixed network system, a user mobile terminal and a wireless local area network where a wireless local area network gateway is located are realized in a network architecture through a connection gateway, and the two service authentication results are obtained in one service flow.
As shown in fig. 1, a schematic structural diagram of a communication system in an embodiment of the related art is shown.
In the application scenario of fig. 1, a communication system is illustrated, comprising: a user's mobile terminal 101, a wireless local area network gateway 102, a mobile communication network 103 and a broadband fixed network system 104.
In some embodiments, the mobile terminal 101 may include a mobile phone or a tablet computer, etc., and may access the mobile communication network 103 by setting a SIM card. The wireless local area gateway 102 may, for example, be a home gateway of the user, providing a wireless local area network (WLAN network) for the user's mobile terminal 101 to access via a WiFi connection. Based on the coverage characteristics of the WLAN network, the mobile terminal 101 accessing the WLAN network and the wireless lan gateway 102 are in the same scene, such as a user home scene.
In some embodiments, the mobile communication network 103 may include a mobile core network 105 (which may include 4G core networks and 5G core networks, i.e., EPC and 5GC, for compatibility with 4G and 5G users). Corresponding to the implementation of VoWiFi service authentication of the mobile terminal 101, a connection gateway 106 may be provided at the edge of the mobile core network 105, for example by an evolved packet data gateway (Evolevd Packet Data Gateway, ePDG). The connection gateway 106 communicates with the wireless lan gateway 102, so that the wireless lan can communicate with the mobile core network 105 of the mobile communication network 103, so that the mobile terminal 101 accessing the wireless lan can connect to the mobile core network 105 through the wireless lan gateway 102, thereby realizing the foundation of VoWiFi. The connection gateway 106 can also communicate with the broadband fixed network system 104 of the user, and the wireless local area network gateway 102 belongs to the broadband fixed network.
It can be appreciated that the connection gateway 106 can communicate with "mobile terminal 101", "mobile communication network 103", "wireless lan gateway 102" and "broadband fixed network system 104", the connection gateway 106 can perform service authentication on the mobile terminal 101 through the mobile communication network 103, and can perform service authentication on the wireless lan gateway 102 through the broadband fixed network system 104, while the connection gateway 106 that can communicate with both the mobile communication network 103 and the broadband fixed network system 104 can perform service authentication on the VoWiFi service of the mobile terminal 101 (i.e. the broadband mobile call service that needs to be combined with the fixed mobile terminal 101 and the wireless lan gateway 102) by obtaining the two service authentication results in one service authentication flow.
In some embodiments, the users may be 4G (e.g. LTE) users or 5G (e.g. TDD) users may be connected to the mobile core network 105 by the base station 107 of the mobile communication network 103 through the respective mobile terminals 101, and these users may be connected to the connection gateway 106 through the respective mobile terminals 101 via the wireless local area network 102. In order to be compatible with service authentication of the 4G and 5G users, the mobile core network 105 may include a service authentication network element, a first network element and a second network element, where the first network element stores first authority information of a broadband mobile call service of the 4G user; the second network element stores second authority information of the broadband mobile communication service of the 5G user. The service authentication network element is connected with the first network element and the second network element, and for a 4G user, the service authentication network element carries out service authentication of broadband mobile communication service on the user based on first authority information of the first network element; or for the 5G user, the service authentication network element performs service authentication of the broadband mobile communication service on the user through the second authority information of the second network element. In a possible implementation example, the service Authentication network element may be a 3GPP AAA network element, where AAA refers to a combined abbreviation of Authentication (Authentication), authorization (Authorization) and Accounting (Accounting). The first network element may include a home subscriber (HSS) network element, and may store information such as a user identification, a number, and routing information of the 4G user. The second network element may be a hss+udm network element, UDM is an abbreviation of The Unified Data Management, i.e. "unified data management function", for 3GPP authentication and key agreement protocol (AKA) authentication, user identification, access authorization, registration, etc. of the 5G network user.
In some embodiments, the broadband fixed network system 104 may include a fixed network AAA/traceable network element, and may be used to access service authentication of the wireless lan gateway 102 of the broadband network, and may also provide related information of the wireless lan gateway 102, such as location information, etc. The connection gateway 106 may communicate with the fixed network AAA/trace source network element to request the wireless local area network 102 for service authentication and also obtain related information.
Fig. 2 shows a schematic structure of a network element connection for implementing the service authentication in an application example of the related art.
Fig. 2 shows that both the 4G user and the 5G user can be connected via a wireless local area network to a connection gateway, which in the embodiment of fig. 2 is exemplarily implemented as an ePDG, through respective mobile terminals. The ePDG is connected with the broadband fixed network system, wherein the broadband fixed network system comprises a fixed network AAA/traceability network element, and the mobile core network (EPC and 5 GC) comprises a 3GPP AAA network element, an HSS network element and an HSS+UDM network element. Specifically, for a mobile terminal of a 5G user, performing service authentication by using information in an HSS+UDM network element through a 3GPP AAA network element by using an ePDG; for the mobile terminal of the 4G user, the ePDG uses the information in the HSS network element to carry out service authentication through the 3GPP AAA network element; and the ePDG performs service authentication on the wireless local area network gateway of the wireless local area network accessed by the 4G user and the 5G user through the tracing network element and the fixed network AAA network element of the broadband fixed network system. As can be seen in fig. 2, the interactive messages in the service authentication process all pass through the ePDG, and the ePDG can obtain the service authentication result of the mobile terminal and the wireless local area network.
Fig. 3 shows a flowchart of a terminal service authentication method in an embodiment of the related art.
The terminal service authentication method can be applied to the connection gateway in the embodiment of fig. 1 or fig. 2, for example. The terminal service authentication method may include:
step S310: the connection gateway receives a first service authentication request transmitted by the mobile terminal through a wireless local area network and forwards the first service authentication request to the mobile communication network;
specifically, the mobile terminal sends the service authentication request to the wireless local area network gateway through the wireless local area network, and the wireless local area network gateway forwards the service authentication request to the connection gateway, and the connection gateway forwards the service authentication request to the mobile communication network to trigger the mobile communication network to authenticate the service of the mobile terminal.
In some embodiments, according to the difference that the user is a 4G user or a 5G user, the mobile core network of the mobile communication network may perform service authentication on the 4G user through a 3GPP AAA and an HSS network element, and may also perform service authentication on the 5G user through a 3GPP AAA and an hss+udm network element.
Step S320: the connection gateway obtains a first service authentication result message regarding the mobile terminal from a mobile communication network.
In some embodiments, if the user has opened the broadband mobile communication service, i.e. opened, for example, a VoWiFi service in the mobile communication network, the user has a VoWiFi service authority and service authentication is successful, and the first service authentication result message includes a service authentication success message; otherwise, the service authentication fails and the first service authentication result message is a service authentication failure message. In a possible example, when the service authentication is successful, the mobile communication network may also return, to the connection gateway, user subscription data for the user to open the VoWiFi service.
When the first service authentication result message is a service authentication success message, the connection gateway is triggered to authenticate the service of the wireless local area network gateway, in step S330.
Step S330: and responding to the first service authentication result message to indicate that service authentication is successful, and the connection gateway sends a second service authentication request to the broadband fixed network system so as to request service authentication to the wireless local area network.
In some embodiments, the second service authentication request may carry network information (for example, an IP address and a port number of the wireless local area network) of the wireless local area network, and the broadband fixed network system includes a fixed network AAA/traceable network element, configured to perform service authentication on the wireless local area network according to the network information. In a possible example, the service authentication of the wireless local area network gateway may also be related to whether the wireless local area network gateway has opened broadband mobile telephony service,
Step S340: the connection gateway obtains a second service authentication result message about the wireless local area network from a broadband fixed network system.
In some embodiments, if the service authentication of the wireless local area network gateway is successful, the second service authentication result message includes service authentication success information, and may also return location information of the wireless local area network gateway. The location information may be obtained by querying network information (for example, IP address and port number of the wireless lan) of the wireless lan in a fixed network AAA/trace source network element.
It should be noted that, since the mobile terminal accesses the WLAN of the WLAN gateway, the locations of the mobile terminal and the WLAN may be substantially the same, for example, both in the home of the user. Thus, the location information returned through the broadband fixed network system through the second service authentication result message may be regarded as location information of the mobile terminal. In a call session, determination of location information of a mobile terminal is very important, but in a general 3 GPP-defined 4G VoWiFi scheme, a mobile communication network side can only take an IP address of the mobile terminal or a BSSID of a currently connected wireless Access Point (AP), and cannot accurately locate a location of a user.
Therefore, in the above embodiment of the present application, through the connection between the connection gateway (e.g. ePDG) and the broadband fixed network system, the IP address and the port number of the wireless local area network are used to query the broadband fixed network system, so that the location information of the wireless local area network currently accessed can be obtained, and the connection gateway can send the location information to the mobile communication network, thereby meeting the requirement of the mobile terminal for being precisely located by the mobile communication network during VoWiFi call.
Step S350: and responding to the first service authentication result message and the second service authentication result message to indicate that service authentication is successful, and allowing the mobile terminal to establish the connection of the broadband mobile communication service between the mobile terminal and the mobile communication network by the connection gateway.
It will be appreciated that the connection gateway may allow the mobile terminal to use broadband mobile telephony services after successful authentication of both the mobile terminal and the wireless local area network.
In the terminal service authentication method of the related art of fig. 1 to 3, when the fixed network AAA/traceable network element of the broadband fixed network system performs service authentication on the wireless local area network according to the network information, if the authentication fails, the second service authentication result message includes service authentication failure information, for example, includes an authentication error code and a timer. After the timer time is exceeded, the terminal can initiate authentication to the connection gateway again. Considering the situation of a plurality of home gateways, in the time range of a timer, even if the terminal is reconnected to an Access Point (wireless Access Point) under the home gateway supporting the VoWiFi service, the terminal will not initiate re-authentication, so that the VoWiFi voice call cannot be performed, and the user experience is affected.
In order to solve the problems, the application provides a terminal service authentication method.
Fig. 4 shows a flow chart of a terminal service authentication method applied to a terminal in an embodiment of the application.
The terminal service authentication method can be applied to the terminal in the embodiments of fig. 1, fig. 2 and/or fig. 3, for example, and the execution subject is the terminal. The terminal service authentication method may include:
step S410: and receiving the information of authentication failure of the first wireless local area network gateway transmitted by the connecting gateway of the mobile communication network through the wireless local area network.
In this step, the terminal receives information of authentication failure of the first wireless local area network transmitted by the connection gateway of the mobile communication network through the wireless local area network. Wherein is for example the information of authentication failure of the second service authentication request in fig. 3; the information of authentication failure may for example comprise an error code and a timer of authentication of the first wireless local area network gateway.
Step S420: searching a second wireless local area network gateway which is successful in historical authentication and meets the requirements.
In this step, the terminal searches for a second wireless local area network gateway that is successful in history authentication and meets the requirements. In one embodiment, after the wireless local area network Guan Jianquan is successful, the terminal stores the data with successful authentication to the local for subsequent searching, where the data with successful authentication may include, for example, an AP MAC address, an access WiFi SSID, and the terminal has successful IMS registration on WiFi, where AP (Access Point) is an access point; MAC (Multiple Access Channel) is a multiple access channel; SSID (Service Set Identifier) is a service set identifier; IMS (IP Multimedia Subsystem) is an IP multimedia system. After receiving the error code and the timer of the authentication of the first wireless local area network gateway, the terminal can inquire a second wireless local area network gateway which is kept to be local and successfully authenticated in a history manner and meets the requirements. The signal strength of WiFi may be the signal strength of WiFi.
Step S430: and retransmitting an authentication request to the connection gateway through the second wireless local area network gateway of the wireless local area network.
In this step, the terminal resends the authentication request to the connection gateway through the second wireless local area network gateway of the wireless local area network.
The terminal service authentication method of fig. 4, the terminal receives the authentication failure information of the first wireless local area network gateway transmitted by the connection gateway of the mobile communication network through the wireless local area network; searching a second wireless local area network gateway which is successful in historical authentication and meets the requirements; the authentication request is resent to the connection gateway through the second wireless local area network gateway of the wireless local area network, so that the authentication is resent to the connection gateway through the second wireless local area network gateway after the authentication of the first wireless local area network gateway fails, and the successful authentication is realized, and the user experience is ensured.
Fig. 5 shows a flow chart of a terminal service authentication method applied to a terminal in an embodiment of the application.
The terminal service authentication method can be applied to the connection gateway in the embodiments of fig. 1, fig. 2 and/or fig. 3, for example, and the execution subject is the connection gateway of the mobile communication network. The terminal service authentication method may include:
Step S510: and transmitting the authentication failure information of the first wireless local area network gateway to a terminal through the first wireless local area network gateway of the wireless local area network.
In the step, the connection gateway transmits the authentication failure information of the first wireless local area network gateway to the terminal through the first wireless local area network gateway of the wireless local area network. The information of authentication failure may for example comprise an error code and a timer of authentication of the first wireless local area network gateway.
Step S520: and receiving a re-authentication request transmitted by the terminal through a second wireless local area network gateway of the wireless local area network.
In this step, the connection gateway receives a re-authentication request transmitted by the terminal through a second wireless local area network gateway of the wireless local area network. The second wireless local area network gateway can be a wireless local area network gateway which is successfully authenticated by the terminal searching history and meets the requirements. In one embodiment, the connection gateway receives, for example, a first service authentication request transmitted by the terminal through the second wireless local area network gateway of the wireless local area network.
Step S530: and carrying out authentication operation according to the re-authentication request transmitted by the terminal through the second wireless local area network gateway of the wireless local area network.
In this step, the connection gateway performs authentication operation according to the re-authentication request transmitted by the terminal through the second wireless lan gateway of the wireless lan.
For example, the connection gateway forwards the first service authentication request to the mobile communication network and receives a result message of the first service authentication request; the connection gateway responds to the result message of the first service authentication request to indicate that the service authentication is successful, and sends a second service authentication request to the broadband fixed network system so as to request the service authentication of the second wireless local area network; the connection gateway obtains a second service authentication request result message about the second wireless local area network from the broadband fixed network system; and responding to the first service authentication request result message and the second service authentication request result message to indicate that service authentication is successful, and allowing the terminal to establish broadband mobile communication service connection with the mobile communication network through the second wireless local area network.
The terminal service authentication method shown in fig. 5, a connection gateway transmits information of authentication failure of a first wireless local area network gateway to a terminal through the first wireless local area network gateway of the wireless local area network; receiving a re-authentication request transmitted by the terminal through a second wireless local area network gateway of the wireless local area network; the authentication operation is carried out according to the re-authentication request transmitted by the terminal through the second wireless local area network gateway of the wireless local area network, so that the authentication request re-transmitted by the terminal is received through the second wireless local area network gateway after the authentication of the first wireless local area network gateway fails, the successful authentication is realized, and the user experience is ensured.
Fig. 6 shows a schematic structural diagram of a communication system compatible with VoWiFi service implementation of a 4G user and a 5G user in an example of the related art.
Fig. 6 is a more detailed structure based on the embodiment of fig. 1. For example, the mobile terminal 601 of the 4G user communicates with the IP multimedia subsystem technology system 505 (IMS) through the wireless local area GateWay 602, the connection GateWay 603, and the P-GW network element 604 (i.e., PDN GateWay) of the mobile core network to use VoWiFi service, as indicated by arrow a in the figure. The mobile terminal 606 of the 5G user communicates with the IP multimedia subsystem technical system 605 (IMS) through the wireless local area gateway 602, the connection gateway 603, the UPF of the mobile core network (i.e. user plane function) +p-GW network element 607 to use VoWiFi service, as indicated by arrow B in the figure.
In some embodiments, the service authentication for the mobile communication terminal and the wireless local area network may be embedded using the attachment procedure of the mobile terminal to the mobile communication network with respect to the VoWiFi service. In fig. 6, the IMS system (IP Multimedia Subsystem) is an IP multimedia system, which is a completely new form of multimedia service.
Fig. 7 is a signaling interaction diagram of a terminal service authentication method according to an embodiment of the present disclosure.
Referring to fig. 7, the terminal service authentication method includes:
In step 701, a connection gateway transmits information of authentication failure of a first wireless local area network gateway to a terminal through the first wireless local area network gateway of the wireless local area network;
in step 702, the terminal searches a second wireless local area network gateway which is successful in historical authentication and meets the requirements;
in step 703, the terminal resends an authentication request to the connection gateway through the second wlan gateway of the wlan;
in step 704, the connection gateway performs authentication operation according to the re-authentication request transmitted by the terminal through the second wireless lan gateway of the wireless lan.
As shown in fig. 8, a schematic block diagram of a terminal in an embodiment of the present application is shown. The implementation of the module of the terminal may refer to the terminal service authentication method in the previous embodiment, so that the technical features in the embodiment will not be repeated.
Referring to fig. 8, the terminal may include: a first receiving module 810, configured to receive information of authentication failure of a first wireless lan gateway and information of success of a history second wireless lan Guan Jianquan transmitted by a connection gateway of a mobile communication network through the wireless lan; a searching module 820, configured to search for a second wireless local area network gateway that is successfully authenticated by the history and meets the requirement; a first sending module 830, configured to resend an authentication request to the connection gateway through the second wlan gateway of the wlan. The storage module 840 is configured to store the successfully authenticated data to the local area network Guan Jianquan for subsequent searching after the success.
As shown in fig. 9, a schematic block diagram of a connection gateway in an embodiment of the present application is shown. The module implementation of the connection gateway can refer to the terminal service authentication method in the previous embodiment, so the technical features in the embodiment will not be repeated.
Referring to fig. 9, the connection gateway may include:
a second sending module 910, configured to transmit, to a terminal through a first wireless local area network gateway of a wireless local area network, information that authentication of the first wireless local area network gateway fails; a second receiving module 920, configured to receive a re-authentication request transmitted by the terminal through a second wireless local area network gateway of the wireless local area network; and the authentication module 930 is configured to perform authentication operation according to a re-authentication request transmitted by the terminal through the second wireless local area network gateway of the wireless local area network.
It should be noted that, in the embodiments of fig. 8 and 9, each functional module may be implemented in whole or in part by software, hardware, firmware, or any combination thereof. When implemented in software, may be implemented in whole or in part in the form of a program instruction product. The program instruction product includes one or more program instructions. When the program instructions are loaded and executed on a computer, the processes or functions in accordance with the present application are produced in whole or in part. The computer may be a general purpose computer, a special purpose computer, a computer network, or other programmable apparatus. The program instructions may be stored in a computer-readable storage medium or transmitted from one computer-readable storage medium to another.
The apparatus disclosed in the embodiments of fig. 8 and 9 may be implemented by other module division methods. The above-described embodiments of the apparatus are merely illustrative, and the division of modules, for example, is merely a logical function division, and there may be additional divisions of actual implementation, for example, multiple modules or modules may be combined or may be dynamic to another system, or some features may be omitted, or not implemented. In addition, the coupling or direct coupling or communication connection shown or discussed with each other may be through some interfaces, indirect coupling or communication connection of devices or modules, and may be in electrical or other forms.
In addition, each functional module and sub-module in the embodiments of fig. 8 and 9 may be dynamically in one processing component, or each module may exist alone physically, or two or more modules may be dynamically in one component. The dynamic components described above may be implemented in hardware or in software functional modules. The dynamic components described above, if implemented in the form of software functional modules and sold or used as a stand-alone product, may also be stored in a computer-readable storage medium. The storage medium may be a read-only memory, a magnetic or optical disk, or the like.
It should be noted in particular that the flow or method representations of the flow chart representations of the above embodiments of the present application can be understood as representing modules, segments, or portions of code which include one or more executable instructions for implementing specific logical functions or steps of a process. And the scope of the preferred embodiments of the present application includes additional implementations in which functions may be performed in a substantially simultaneous manner or in an opposite order from that shown or discussed, including in accordance with the functions that are involved.
For example, the order of the steps in the embodiments of fig. 2, 3, 4, 5, and 7 may be changed in a specific scenario, and is not limited to the above description.
As shown in fig. 10, a schematic circuit diagram of a network device according to an embodiment of the application is shown.
In some embodiments, the network device 1000 is configured to implement the gateway-connecting function of the previous embodiments, by running a computer program to perform the terminal service authentication method and the like in the previous embodiments. The connection gateway may be implemented as a separate physical gateway device, or may be implemented by running a software program in the network device 1000, such as a virtual gateway, for example.
The network device 1000 includes a bus 1001, a processor 1002, a memory 1003, and a communicator 1004. The processor 1002 and the memory 1003 may communicate with each other via a bus 1001. The memory 1003 may have stored therein program instructions (such as system or application software). The processor 1002 implements the steps of the authentication method in the embodiment of the present application by running program instructions in the memory 1003.
Bus 1001 may be a peripheral component interconnect standard (Peripheral Component Interconnect, PCI) bus or an extended industry standard architecture (Extended Industry Standard Architecture, EISA) bus, or the like. The buses may be divided into address buses, data buses, control buses, etc. For ease of illustration, although only one thick line is shown in fig. 10, only one bus or one type of bus is not shown.
In some embodiments, the processor 1002 may be implemented as a central processing unit (Central Processing Unit, CPU), a micro-processing unit (MCU), a System On Chip (System On Chip), or a field programmable logic array (FPGA), or the like. The Memory 1003 may include Volatile Memory (RAM) for temporary use of data when running a program, such as random access Memory (Random Access Memory).
The Memory 1003 may also include a non-volatile Memory (non-volatile Memory) for data storage, such as Read-Only Memory (ROM), flash Memory, hard Disk Drive (HDD) or Solid State Disk (SSD).
The communicator 1004 is used for communicating with the outside. In particular examples, the communicator 1004 may include one or more wired and/or wireless communication circuit modules. For example, the wired communication circuit module may include, for example, one or more of a wired network card, a USB module, a serial interface module, and the like. As another example, the wireless communication protocol followed by the wireless communication module includes: such as one or more of near field wireless communication (Nearfield communication, NFC) technology, infrared (IR) technology, global system for mobile communications (Global System for Mobile communications, GSM), general packet radio service (General Packet Radio Service, GPRS), code division multiple access (Code Division Multiple Access, CDMA), wideband code division multiple access (Wideband Code division multiple access, WCDMA), time division code division multiple access (Time-Division Code Division Multiple Access, TD-SCDMA), long term evolution (Long Term Evolution, LTE), blueTooth (BT), global navigation satellite system (Global Navigation Satellite System, GNSS), etc.
The embodiment of the application also provides a network system, including a network device shown in fig. 10, for example. In a possible example, the network system may include a mobile core network (EPC and 5 GC), or may be an entire mobile communication network.
The embodiment of the application can also provide a computer readable storage medium storing program instructions which when executed perform the terminal service authentication method in the previous embodiment.
That is, the steps of the method in the above-described embodiments are implemented as software or computer code storable in a recording medium such as a CD ROM, RAM, floppy disk, hard disk, or magneto-optical disk, or as computer code originally stored in a remote recording medium or a non-transitory machine-readable medium and to be stored in a local recording medium downloaded through a network, so that the method represented herein may be processed by such software stored on a recording medium using a general-purpose computer, a special-purpose processor, or programmable or dedicated hardware (such as an ASIC or FPGA).
In summary, the embodiment of the application provides a terminal service authentication method, a terminal, a connection gateway, equipment, a system and a medium, which are used for service authentication of a mobile terminal and a wireless local area network gateway connected with the wireless local area network in broadband mobile call service of a mobile communication network; the connection gateway authenticates a first service of the mobile terminal through the mobile communication network, and authenticates a second service of the wireless local area network through the broadband fixed network system; the connection gateway allows the mobile terminal to establish a connection of the broadband mobile telephony service with the mobile communication network through the connection gateway when a message that both service authentications are successful is obtained. Therefore, the mobile terminal and the connection gateway can be authenticated together in one service flow, and the service processing efficiency is improved.
The above embodiments are merely illustrative of the principles of the present application and its effectiveness, and are not intended to limit the application. Modifications and variations may be made to the above-described embodiments by those skilled in the art without departing from the spirit and scope of the application. Accordingly, it is intended that all equivalent modifications and variations of the application be covered by the claims, which are within the ordinary skill of the art, be within the spirit and scope of the present disclosure.

Claims (13)

1. The terminal service authentication method is characterized by being applied to a terminal and comprising the following steps:
receiving information of authentication failure of a first wireless local area network gateway transmitted by a connecting gateway of a mobile communication network through the wireless local area network;
searching a second wireless local area network gateway which is successful in historical authentication and meets the requirements;
and retransmitting an authentication request to the connection gateway through the second wireless local area network gateway of the wireless local area network.
2. The method of claim 1, wherein receiving the information of the authentication failure of the first wireless local area network gateway transmitted by the connection gateway of the mobile communication network through the wireless local area network comprises:
and receiving error codes and timers of authentication of the first wireless local area network gateway transmitted by the connecting gateway of the mobile communication network through the wireless local area network.
3. The method as recited in claim 1, further comprising:
after the wireless lan Guan Jianquan is successful, the successfully authenticated data is saved locally for subsequent lookup.
4. The method of claim 1, wherein the connection gateway is an evolved packet data gateway, ePDG.
5. The terminal service authentication method is characterized by being applied to a connection gateway of a mobile communication network and comprising the following steps:
transmitting information of authentication failure of a first wireless local area network gateway to a terminal through the first wireless local area network gateway of the wireless local area network;
receiving a re-authentication request transmitted by the terminal through a second wireless local area network gateway of the wireless local area network;
and carrying out authentication operation according to the re-authentication request transmitted by the terminal through the second wireless local area network gateway of the wireless local area network.
6. The method of claim 5, wherein receiving the re-authentication request transmitted by the terminal through a second wireless local area network gateway of the wireless local area network comprises:
and receiving a first service authentication request transmitted by the terminal through the second wireless local area network gateway of the wireless local area network.
7. The method of claim 6, wherein authenticating according to the re-authentication request transmitted by the terminal through the second wireless local area network gateway of the wireless local area network comprises:
Forwarding the first service authentication request to the mobile communication network, and receiving a result message of the first service authentication request;
responding to the result message of the first service authentication request to indicate that the service authentication is successful, and sending a second service authentication request to a broadband fixed network system to request the service authentication of the second wireless local area network;
obtaining a second service authentication request result message about the second wireless local area network from the broadband fixed network system;
and responding to the first service authentication request result message and the second service authentication request result message to indicate that service authentication is successful, and allowing the terminal to establish broadband mobile communication service connection with the mobile communication network through the second wireless local area network.
8. A terminal, comprising:
the first receiving module is used for receiving the information of authentication failure of the first wireless local area network gateway transmitted by the connecting gateway of the mobile communication network through the wireless local area network;
the searching module is used for searching a second wireless local area network gateway which is successful in historical authentication and meets the requirements;
and the first sending module is used for resending the authentication request to the connection gateway through the second wireless local area network gateway of the wireless local area network.
9. The terminal of claim 8, further comprising:
and the storage module is used for storing the data which is successfully authenticated to the local area network Guan Jianquan for subsequent searching after the wireless local area network Guan Jianquan is successful.
10. A connectivity gateway, comprising:
the second sending module is used for transmitting the authentication failure information of the first wireless local area network gateway to the terminal through the first wireless local area network gateway of the wireless local area network;
the second receiving module is used for receiving a re-authentication request transmitted by the terminal through a second wireless local area network gateway of the wireless local area network;
and the authentication module is used for carrying out authentication operation according to the re-authentication request transmitted by the terminal through the second wireless local area network gateway of the wireless local area network.
11. A network device, comprising: a communicator, a memory, and a processor; the communicator is used for communicating with the outside; the memory is used for storing program instructions; the processor is configured to execute the program instructions to implement a connection gateway that performs the terminal service authentication method according to any one of claims 5 to 7.
12. A network system comprising the network device of claim 10.
13. A computer readable storage medium, characterized in that program instructions are stored, which program instructions, when executed, perform the terminal service authentication method according to any of claims 1 to 4 or claims 5 to 7.
CN202310841682.8A 2023-07-10 2023-07-10 Authentication method, terminal, connection gateway, equipment, system and medium Pending CN116709324A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202310841682.8A CN116709324A (en) 2023-07-10 2023-07-10 Authentication method, terminal, connection gateway, equipment, system and medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202310841682.8A CN116709324A (en) 2023-07-10 2023-07-10 Authentication method, terminal, connection gateway, equipment, system and medium

Publications (1)

Publication Number Publication Date
CN116709324A true CN116709324A (en) 2023-09-05

Family

ID=87824002

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202310841682.8A Pending CN116709324A (en) 2023-07-10 2023-07-10 Authentication method, terminal, connection gateway, equipment, system and medium

Country Status (1)

Country Link
CN (1) CN116709324A (en)

Similar Documents

Publication Publication Date Title
US9392435B2 (en) Method, system and apparatus for accessing a visited network
JP5992554B2 (en) System and method for authenticating a second client station using first client station credentials
CN108377574B (en) Dual-card bi-pass communication method, terminal, network and system
CN105052184B (en) Method, equipment and controller for controlling user equipment to access service
US8064904B2 (en) Internetworking between a first network and a second network
WO2019070668A1 (en) Authenticating user equipments through relay user equipments
US20060109827A1 (en) Method for transmitting service data to wireless local area network users
WO2016161832A1 (en) System and corresponding method for realizing mobile communication via sim card management
US10897791B2 (en) Methods and devices for configuring and acquiring emergency number
CN114338157B (en) Terminal service authentication method, device, equipment, system and medium
EP1424810B1 (en) A communication system and method of authentication therefore
US11290926B2 (en) Discovering handover capabilities of a mobile communication network
CN102572831B (en) Method and system for access of multi-mode terminal to wireless local area network, and equipment
US20220232506A1 (en) NID Provisioning under UE Mobility Scenarios
US11109219B2 (en) Mobile terminal, network node server, method and computer program
WO2017141175A1 (en) Roaming management in communication systems
CN116709324A (en) Authentication method, terminal, connection gateway, equipment, system and medium
WO2013174319A2 (en) Access authentication method and device for wireless local area network
CN115942305A (en) Session establishment method and related device
WO2023216932A1 (en) Communication method and apparatus
WO2018103732A1 (en) Method and apparatus for configuring and acquiring emergency number
CN113596836A (en) Single-card multi-point access and authentication method, device and system based on IMS (IP multimedia subsystem) environment

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination