WO2005069533A1 - A method of acquiring permanent user identification by the packet data gateway (pdg) in the wlan - Google Patents

A method of acquiring permanent user identification by the packet data gateway (pdg) in the wlan Download PDF

Info

Publication number
WO2005069533A1
WO2005069533A1 PCT/CN2005/000061 CN2005000061W WO2005069533A1 WO 2005069533 A1 WO2005069533 A1 WO 2005069533A1 CN 2005000061 W CN2005000061 W CN 2005000061W WO 2005069533 A1 WO2005069533 A1 WO 2005069533A1
Authority
WO
WIPO (PCT)
Prior art keywords
user
pdg
permanent
identity
tunnel
Prior art date
Application number
PCT/CN2005/000061
Other languages
French (fr)
Chinese (zh)
Inventor
Yingxin Huang
Wenlin Zhang
Original Assignee
Huawei Technologies Co., Ltd.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Huawei Technologies Co., Ltd. filed Critical Huawei Technologies Co., Ltd.
Publication of WO2005069533A1 publication Critical patent/WO2005069533A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0272Virtual private networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W80/00Wireless network protocols or protocol adaptations to wireless operation
    • H04W80/04Network layer protocols, e.g. mobile IP [Internet Protocol]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W84/00Network topologies
    • H04W84/02Hierarchically pre-organised networks, e.g. paging networks, cellular networks, WLAN [Wireless Local Area Network] or WLL [Wireless Local Loop]
    • H04W84/10Small scale networks; Flat hierarchical networks
    • H04W84/12WLAN [Wireless Local Area Networks]

Definitions

  • the present invention relates to the field of wireless access technology, and particularly to a method for obtaining a permanent user identity in a packet data gateway (PDG, Packet Data Gateway) in a wireless local area network.
  • PGW Packet Data Gateway
  • Wireless local area networks can provide high-speed wireless data access in a small range, it is widely used.
  • Wireless local area network includes a variety of different technologies.
  • IEEE 802.11b which uses the 2.4GHz frequency band and has a maximum data transmission rate of 11Mbps.
  • IEEE 802.11g and Bluetooth technologies are also used in this frequency band. Among them, the highest data transmission rate of 802.11g can reach 54Mbps.
  • Other wireless LAN technologies such as IEEE 802.11a and ETSI BRAN Hiperlan2, use the 5GHz band, and the highest transmission rate can reach 54Mbps.
  • IP Internet Protocol
  • AP access point
  • GSM Global System for Mobile Communications
  • CDMA Code Division Multiple Access
  • WCDMA Wideband Code Division Multiple Access
  • TD-SCDMA2000 Time Division Duplex -Interworking of synchronous code division multiple access
  • 3GPP 3rd Generation Partnership Project
  • user terminals can both access the network through WLAN It is connected to the Internet (Internet) and the corporate intranet (Intranet), and can also be connected to the home network of the 3GPP system or the access network of the 3GPP system via a WLAN access network.
  • FIG. 1 shows the schematic diagram of the networking structure between the WLAN system and the 3GPP system in the case of roaming.
  • a WLAN user terminal roams and connects, it is connected to the 3GPP access network via the WLAN access network.
  • entities in the 3GPP access network are interconnected with corresponding entities in the 3GPP home network, such as: 3GPP authentication authorization in the 3GPP access network Accounting (AAA) proxy and 3GPP Authentication, Authorization and Accounting (AAA) server in 3GPP home network; Wireless Local Area Network Access Gateway (WAG) in 3GPP access network and Packet Data Gateway (PDG) in 3GPP home network, etc. Therefore, it is achieved that the WLAN user terminal accesses the 3GPP home network.
  • the shaded part in the figure is the 3GPP packet switching (PS) domain service, that is, the Scenario3 service in the 3GPP network.
  • PS packet switching
  • FIG. 2 shows a schematic diagram of the networking structure of the WLAN system and the 3GPP system in the non-roaming situation.
  • a WLAN user terminal accesses locally, it is directly connected to the 3GPP home network via the WLAN access network.
  • the shaded part in the figure is the 3GPP packet switching (PS) domain service, that is, the Scenario3 service in the 3GPP home network.
  • PS packet switching
  • the 3GPP system in the 3GPP system, it mainly includes a Home Subscriber Subscriber Server (HSS) / Home Location Register (HLR), a 3GPPAAA server, a 3GPPAAA proxy, a WAG, a packet data gateway, and a charging gateway (CGw) / Charging Information Collection System (CCF) and Online Charging System (OCS).
  • HSS Home Subscriber Subscriber Server
  • HLR Home Location Register
  • 3GPPAAA server 3GPPAAA proxy
  • WAG packet data gateway
  • CGw Charging Information Collection System
  • OCS Online Charging System
  • the user terminal, the WLAN access network, and all entities of the 3GPP system together constitute a 3GPP-WLAN interactive network, and the 3GPP-WLAN interactive network can serve as a wireless local area network service system.
  • the 3GPP AAA server is responsible for user authentication, authorization, and charging, and collects and transmits the charging information sent by the WLAN access network to the charging system;
  • the packet data gateway (PDG) is responsible for accessing user data from the WLAN
  • the network is transmitted to the 3GPP network or other packet networks.
  • the charging system mainly receives and records user charging information from the network.
  • OCS indicates the network cycle according to the online charging user's fee situation. Send online cost information, and perform statistics and control.
  • the WLAN user terminal If the WLAN user terminal wants to access the Internet / Intranet, it must send an access request message containing its permanent user identity information, such as the International Mobile Subscriber Identity (IMSI), to the AAA server (AS) through the WLAN access network. Basic access authentication and authorization. After passing the access authentication and authorization of the AS, the "WLAN user terminal can access the Internet / Intmnet through the WLAN access network.
  • the permanent user identity is unique to each user.
  • the AS assigns a temporary user identity to the WLAN user terminal to be applied for access, and the WLAN user authenticated and authorized uses the temporary user identity instead of the permanent user identity for communication.
  • the AS may assign a temporary user identity to the user in a subsequent re-authentication process or service authentication process, or update the temporary user identity in a subsequent re-authentication process or service authentication process.
  • WLAN user terminal authorized by the basic access authentication wants to access the PS domain services of 3GPP, it may further apply to the 3GPP home network for an interworking scenario 3 (Scenario3) service, that is:
  • the WLAN user terminal obtains a PDG address in the 3GPP packet network that can provide user-requested services from a domain name resolution server (DNS), and sends a tunnel establishment request message containing temporary user identification information to the PDG, and the PDG forwards the received request message Authenticate the AS.
  • DNS domain name resolution server
  • the AS After the AS completes the final authentication process for the WLAN user, it authorizes the user to access the 3GPP PS domain services through the PDG.
  • the PDG receiving the request is responsible for allocating a tunnel identifier, establishing a tunnel connection, and providing the required service to the WLAN user terminal that initiated the application.
  • the shortcomings of the existing solutions are: The PDG does not have a process of obtaining the permanent user identity of the WLAN user. Therefore, PDG does not know the true identity of the user when communicating with the WLAN terminal, so it cannot implement the control industry related to the user's permanent identity. Services, such as charging users or controlling access to users. Summary of the invention
  • an object of the present invention is to provide a method for a PDG to obtain a permanent identity of a user in a wireless local area network, so that the PDG can obtain a permanent user identity of a WLAN user.
  • a method for obtaining a permanent user identity through a packet data gateway (PDG) in a wireless local area network includes an AAA server, and there is information exchange between the AAA server and the PDG.
  • the method includes the following steps:
  • the AAA server assigns a temporary user identity to a user terminal that has passed basic access authentication, and stores the correspondence between the permanent user identity and the temporary user identity of the user terminal;
  • the PDG sends a message requesting identity authentication to the user terminal to the AAA server, and the message includes the temporary user identity of the user terminal applying for the service;
  • the AAA server After receiving the request message from the PDG, the AAA server performs authentication processing on the user terminal. If the authentication is successful, the AAA server obtains the request according to the temporary user identity and the corresponding relationship between the permanent user identity and the temporary user identity in the request message. The permanent user identity of the user terminal sends a successful authorization message containing the permanent user identity to the PDG, and performs step c. If the authentication is unsuccessful, the AAA server directly sends a failed authorization message to the PDG, and the process ends;
  • the PDG After receiving the successful authorization message from the AAA server, the PDG obtains and saves the permanent user identity of the user terminal.
  • the method further includes: assigning, by the PDG, a tunnel identifier to the authenticated user terminal, storing association information of a permanent user identity of the user terminal and the tunnel identifier, and establishing A tunnel for communication with user terminals.
  • the tunnel identifier allocated by the PDG to the authenticated user terminal is one or more, and the method by which the PDG saves the association information of the permanent user identity of the user terminal and the tunnel identifier is: Association information of the permanent user identity of the user terminal and one or one of the identity of the tunnel.
  • the method further includes: dismantling the communication tunnel, and the PDG deletes the associated information of the permanent user identity information and the tunnel identity of the removed tunnel.
  • the method further includes: the PDG determines whether there is association information between the permanent user identity and one or more tunnel identities; if so, no processing is performed; otherwise, the permanent user identity is deleted.
  • the method further includes: obtaining, by the PDG ⁇ tunnel identification information, the user's permanent user identification information to implement charging or access control for the user terminal.
  • the permanent user identity information is an international mobile subscriber identity IMSI.
  • the AAA server obtains the permanent user identity information of the user according to the request authentication message containing the temporary user identity information sent by the PDG, and sends an authorization message containing the permanent user identity information to the PDG, thereby Enable PDG to obtain permanent user identity information of WLAN users.
  • the PDG associates and saves the obtained permanent user identification information with the tunnel identification information of the user terminal, so that the PDG implements management of the WLAN user terminal, such as charging and / or access control for the user.
  • the present invention realizes a simple order, and has good compatibility with existing related processes. Brief description of the drawings
  • Figure 1 shows the schematic diagram of the networking structure of interworking between the WLAN system and the 3GPP system in the case of roaming
  • FIG. 3 is a flowchart of obtaining permanent user identity information by using the PDG of the present invention.
  • Figure 4 shows the association between permanent user identification information and more than one tunnel identification information.
  • the AAA server allocates temporary user identity information to a user who has passed basic access authentication, and at the same time saves the correspondence between the permanent user identity of the user and the temporary user identity; when the AAA server receives the After applying for the message of requesting the identity information of the temporary user of the business user to authenticate the user, the user terminal is authenticated. If the authentication is successful, the permanent user identity information of the user is obtained according to the saved correspondence, and After sending a successful authorization message containing the permanent user identity information to the PDG, the PDG saves the user's permanent user identity information.
  • FIG. 3 is a flowchart of obtaining the permanent user identification information by the PDG applying the present invention.
  • Step 301 The WLAN user sends an access request message including the permanent user identity information such as IMSI to the AAA server through the WLAN access network to perform basic access authentication, and the AS assigns a temporary user to the user terminal that passed the basic access authentication. Identity information, and at the same time, the correspondence between the permanent user identity and the temporary user identity of the user is saved; Or, the AS assigns a temporary user identity to the user in a subsequent re-authentication process or service authentication process, or updates the temporary user identity in a subsequent re-authentication process or service authentication process.
  • the permanent user identity information such as IMSI
  • the AS assigns a temporary user to the user terminal that passed the basic access authentication.
  • Step 302 After the WLAN user authorized by the basic access authentication obtains an address for providing the requested service PDG from the DNS, the WLAN user sends a tunnel establishment request message including the temporary user identity information to the PDG.
  • Step 303 The PDG sends to the AAA server an authentication message containing a request for the identity information of the user's temporary user to request authentication of the user to request the AAA server to authenticate and authorize the identity of the user terminal.
  • Step 304 The AAA server performs authentication processing on the user terminal designated by the PDG. 'If the authentication is successful, step 305 is performed. If the authentication is unsuccessful, the AAA server directly sends a failure response message to the PDG and ends the process.
  • Step 305 The AAA server obtains the permanent user identity information of the user according to the corresponding relationship saved in step 301, and sends a successful authorization message containing the permanent user identity information to the PDG, allowing the applicant user terminal to access services through the PDG;
  • Step 306 After receiving the authorization message from the AAA server, the PDG allocates tunnel identification information, such as a tunnel identifier, to the user terminal, and determines whether the user ’s permanent user identity information is stored locally. If so, the PDG directly saves the information. After the user's permanent user identity information is associated with the tunnel identity information, step 307 is performed, otherwise, the user's permanent user identity information is saved first, and then the user's permanent user identity information and the user's permanent user identity information are stored.
  • tunnel identification information such as a tunnel identifier
  • step 307 is performed; since a PDG may support multiple services, a WLAN user terminal may have multiple tunnel connections with a PDG, that is, a permanent user identity of a WLAN user may be simultaneously associated with Multiple tunnel identities are associated; as shown in FIG. 4, a user's permanent user identity 1 is associated with a PDG tunnel ID of 1, 2, 3 tunnels at the same time, and A user's permanent user identity 2 is associated with a tunnel with the PDG tunnel identifiers 4 and 5 at the same time;
  • Step 307 The PDG establishes a tunnel for communication with the user terminal.
  • Step 308 During the service communication process, the PDG obtains the permanent user identity information of the user according to the tunnel identity information in the service information of the user terminal, and implements services related to the permanent user identity, such as charging the user terminal. , And or access control, etc.
  • the so-called charging means that when a user terminal uses one or more services of a PDG, that is, one or more tunnels, PDG> according to the correspondence between the tunnel identifier and the user's permanent identity, to achieve the user Billing for all application services on the terminal.
  • the so-called implementation of access control refers to a certain type of business, and PDG implements more detailed control.
  • the AAA server provided by the operator is limited to checking whether the user terminal has ordered the service without performing a more detailed check.
  • the PDG can check the user terminal for more detailed information. For example, a WLAN user terminal orders a certain game service. After checking that the user has indeed ordered the game service, the AAA server will authorize the user to access the PDG that provides game services.
  • One PDG usually provides multiple game services, and users generally only order For one or more of them, the PDG can determine whether the WLAN user can participate in a certain game and implement control through the permanent user identity of the user.
  • PDG will delete the association information between the tunnel identity and the permanent user identity.
  • PDG finds that a permanent user identity has no associated tunnel identity information PDG The permanent user identification information will be deleted.

Abstract

The present invention provides a method of acquiring permanent user identification by the packet data gateway (PDG) in the WLAN, and it is characterized in that: AAA server acquires permanent user identification information according to the request authentication message comprising temporary user identification information sent by PDG, so that PDG acquires the permanent user identification information of WLAN user. Further, PDG relates the permanent user identification information acquired and the tunnel identification information of the user terminal, and stores them, so that PDG manages the user terminal of WLAN, for example, accounting to user and/or accessing control, and so on. The present invention is easy to implement, and it has better compatibility with current associated process.

Description

无线局域网中分组数据关口获取用户永久身份标识的方法 技术领域  Method for obtaining permanent identity of user in packet data gateway in wireless local area network
本发明涉及无线接入技术领域, 特别是指一种无线局域网中分组数 据关口 (PDG, Packet Data Gateway )获取永久用户身份标识的方法。 发明背景  The present invention relates to the field of wireless access technology, and particularly to a method for obtaining a permanent user identity in a packet data gateway (PDG, Packet Data Gateway) in a wireless local area network. Background of the invention
随着社会的发展, 用户对无线接入速率的要求越来越高, 由于无线 局域网 (WLAN, Wireless Local Area Network ) 能够在较小范围内提供 高速的无线数据接入, 因而其被广泛应用。 无线局域网包括多种不同技 术, 目前应用较为广泛的一个技术标准是 IEEE 802.11b, 它采用 2.4GHz 频段, 最高数据传输速率可达 11Mbps,使用该频段的还有 IEEE 802.11g 和蓝牙(Bluetooth )技术,其中, 802.11g最高数据传输速率可达 54Mbps。 其它无线局域网技术, 诸如 IEEE 802.11a和 ETSI BRAN Hiperlan2都使 用 5GHz频段, 最高传输速率也可达到 54Mbps。  With the development of society, users have higher and higher requirements for wireless access rates. Since wireless local area networks (WLAN, Wireless Local Area Network) can provide high-speed wireless data access in a small range, it is widely used. Wireless local area network includes a variety of different technologies. One of the more widely used technical standards is IEEE 802.11b, which uses the 2.4GHz frequency band and has a maximum data transmission rate of 11Mbps. IEEE 802.11g and Bluetooth technologies are also used in this frequency band. Among them, the highest data transmission rate of 802.11g can reach 54Mbps. Other wireless LAN technologies, such as IEEE 802.11a and ETSI BRAN Hiperlan2, use the 5GHz band, and the highest transmission rate can reach 54Mbps.
虽然有多种不同的 WLAN无线接入技术, 但大部分 WLAN都采用 因特网协议(IP )分組数据包进行数据传输。 对于一个无线 IP网络, 其 所采用的具体 WLAN接入技术对于上层 IP—般是透明的 , 其基本结构 都是利用接入点(AP )完成用户终端的无线接入, 并通过网络控制和连 接设备组成的 IP传输网络进行数据传输。  Although there are many different WLAN wireless access technologies, most WLANs use Internet Protocol (IP) packet data packets for data transmission. For a wireless IP network, the specific WLAN access technology it uses is generally transparent to the upper-layer IP. Its basic structure uses an access point (AP) to complete the wireless access of user terminals, and is controlled and connected through the network. The IP transmission network composed of equipment is used for data transmission.
随着 WLAN技术的兴起和发展, WLA 与各种无线移动通信网, 诸如: 全球移动通信(GSM ) 系统、 码分多址(CDMA ) 系统、 宽带码 分多址 (WCDMA ) 系统、 时分双工-同步码分多址(TD-SCDMA ) 系 统、 CDMA2000系统的互通正成为当前研究的重点。 在第三代合作伙伴 计划 ( 3GPP )标准化组织中, 用户终端既可以通过 WLAN的接入网络 与因特网( Internet )、企业内部互联网( Intranet )相连,还可以经由 WLAN 接入网络与 3GPP系统的归属网络或 3GPP系统的访问网络相连。 With the rise and development of WLAN technology, WLA and various wireless mobile communication networks, such as: Global System for Mobile Communications (GSM), Code Division Multiple Access (CDMA) system, Wideband Code Division Multiple Access (WCDMA) system, Time Division Duplex -Interworking of synchronous code division multiple access (TD-SCDMA) system and CDMA2000 system is becoming the focus of current research. In the 3rd Generation Partnership Project (3GPP) standardization organization, user terminals can both access the network through WLAN It is connected to the Internet (Internet) and the corporate intranet (Intranet), and can also be connected to the home network of the 3GPP system or the access network of the 3GPP system via a WLAN access network.
图 1所示为漫游情况下 WLAN系统与 3GPP系统互通的组网结构示 意图。 WLAN用户终端漫游接入时, 经由 WLAN接入网络与 3GPP的 访问网络相连, 由于 3GPP访问网络中的部分实体分别与 3GPP归属网 络中的相应实体互连, 比如: 3GPP访问网络中的 3GPP认证授权计费 ( AAA )代理和 3GPP归属网络中的 3GPP认证授权计费 (AAA )服务 器; 3GPP访问网络中的无线局域网接入关口 ( WAG ) 与 3GPP归属网 络中的分组数据关口 (PDG )等等, 因此, 实现了 WLAN用户终端接 入 3GPP的归属网络。 图中阴影部分为 3GPP分组交换( PS )域业务, 即 3GPP网络中的互通场景 3 ( Scenario3 )业务。  Figure 1 shows the schematic diagram of the networking structure between the WLAN system and the 3GPP system in the case of roaming. When a WLAN user terminal roams and connects, it is connected to the 3GPP access network via the WLAN access network. As some entities in the 3GPP access network are interconnected with corresponding entities in the 3GPP home network, such as: 3GPP authentication authorization in the 3GPP access network Accounting (AAA) proxy and 3GPP Authentication, Authorization and Accounting (AAA) server in 3GPP home network; Wireless Local Area Network Access Gateway (WAG) in 3GPP access network and Packet Data Gateway (PDG) in 3GPP home network, etc. Therefore, it is achieved that the WLAN user terminal accesses the 3GPP home network. The shaded part in the figure is the 3GPP packet switching (PS) domain service, that is, the Scenario3 service in the 3GPP network.
图 2所示为非漫游情况下 WLAN系统与 3GPP系统互通的组网结构 示意图。 WLAN用户终端在本地接入时, 经由 WLAN接入网络与 3GPP 的归属网络直接相连。 图中阴影部分为 3GPP分组交换(PS )域业务, 即 3GPP归属网络中的 Scenario3业务。  Figure 2 shows a schematic diagram of the networking structure of the WLAN system and the 3GPP system in the non-roaming situation. When a WLAN user terminal accesses locally, it is directly connected to the 3GPP home network via the WLAN access network. The shaded part in the figure is the 3GPP packet switching (PS) domain service, that is, the Scenario3 service in the 3GPP home network.
参见图 1、 图 2所示, 在 3GPP系统中, 主要包括归属签约用户服务 器(HSS ) /归属位置寄存器(HLR )、 3GPPAAA服务器、 3GPPAAA代 理、 WAG、分组数据关口、计费关口(CGw ) /计费信息收集系统(CCF ) 及在线计费系统(OCS )等。 用户终端、 WLAN接入网络与 3GPP系统 的所有实体共同构成了 3GPP-WLAN交互网络,该 3GPP-WLAN交互网 络可作为一种无线局域网服务系统。 其中, 3GPP AAA服务器负责对用 户的鉴权、 授权和计费, 对 WLAN接入网络送来的计费信息收集并传 送给计费系统; 分组数据关口 (PDG ) 负责将用户数据从 WLAN接入 网络传输到 3GPP网络或其他分组网络; 计费系统主要接收和记录网络 传来的用户计费信息, OCS根据在线计费用户的费用情况指示网络周期 性的传送在线费用信息, 并进行统计和控制。 Referring to FIG. 1 and FIG. 2, in the 3GPP system, it mainly includes a Home Subscriber Subscriber Server (HSS) / Home Location Register (HLR), a 3GPPAAA server, a 3GPPAAA proxy, a WAG, a packet data gateway, and a charging gateway (CGw) / Charging Information Collection System (CCF) and Online Charging System (OCS). The user terminal, the WLAN access network, and all entities of the 3GPP system together constitute a 3GPP-WLAN interactive network, and the 3GPP-WLAN interactive network can serve as a wireless local area network service system. Among them, the 3GPP AAA server is responsible for user authentication, authorization, and charging, and collects and transmits the charging information sent by the WLAN access network to the charging system; the packet data gateway (PDG) is responsible for accessing user data from the WLAN The network is transmitted to the 3GPP network or other packet networks. The charging system mainly receives and records user charging information from the network. OCS indicates the network cycle according to the online charging user's fee situation. Send online cost information, and perform statistics and control.
如果 WLAN用户终端希望接入 Internet/Intranet,则必须通过 WLAN 接入网将包含自身永久用户身份标识信息, 如国际移动用户识别码 ( IMSI ) 的接入请求消息发送到 AAA服务器 (AS ), 进行基本接入认 证授权,通过 AS的接入认证授权后,该 "WLAN用户终端才能通过 WLAN 接入网接入到 Intemet/Intmnet。 所述永久用户身份标识对每个用户是唯 一的。  If the WLAN user terminal wants to access the Internet / Intranet, it must send an access request message containing its permanent user identity information, such as the International Mobile Subscriber Identity (IMSI), to the AAA server (AS) through the WLAN access network. Basic access authentication and authorization. After passing the access authentication and authorization of the AS, the "WLAN user terminal can access the Internet / Intmnet through the WLAN access network. The permanent user identity is unique to each user.
在基本接入认证授权过程中, AS给待申请接入的 WLAN用户终端 指定临时用户身份标识, 通过认证授权的 WLAN用户使用临时用户身 份标识替代永久用户身份标识进行通信。 或者, AS 也可以在以后的再 认证过程或业务认证过程中给用户指定临时用户身份标识, 或者, 在以 后的再认证过程或业务认证过程来更新临时用户身份标识。  In the basic access authentication and authorization process, the AS assigns a temporary user identity to the WLAN user terminal to be applied for access, and the WLAN user authenticated and authorized uses the temporary user identity instead of the permanent user identity for communication. Alternatively, the AS may assign a temporary user identity to the user in a subsequent re-authentication process or service authentication process, or update the temporary user identity in a subsequent re-authentication process or service authentication process.
如果该通过基本接入认证授权的 WLAN用户终端希望接入 3GPP的 PS域业务, 则可进一步向 3GPP归属网络申请互通场景 3 ( Scenario3 ) 的业务, 即:  If the WLAN user terminal authorized by the basic access authentication wants to access the PS domain services of 3GPP, it may further apply to the 3GPP home network for an interworking scenario 3 (Scenario3) service, that is:
WLAN用户终端从域名解析服务器( DNS ),获得 3GPP分组网络中 可以提供用户请求业务的 PDG地址, 并向该 PDG发送包含临时用户身 份标识信息的隧道建立请求消息, PDG将接收到的请求消息转发给 AS 进行认证处理。 AS完成对该 WLAN用户终的认证处理后, 则授权该用 户可以通过该 PDG访问 3GPP的 PS域业务。 此时, 该接收请求的 PDG 负责分配隧道标识、 建立隧道连接, 并给发起申请的 WLAN用户终端 提供其所需的业务。  The WLAN user terminal obtains a PDG address in the 3GPP packet network that can provide user-requested services from a domain name resolution server (DNS), and sends a tunnel establishment request message containing temporary user identification information to the PDG, and the PDG forwards the received request message Authenticate the AS. After the AS completes the final authentication process for the WLAN user, it authorizes the user to access the 3GPP PS domain services through the PDG. At this time, the PDG receiving the request is responsible for allocating a tunnel identifier, establishing a tunnel connection, and providing the required service to the WLAN user terminal that initiated the application.
现有方案的缺陷在于: PDG没有获取 WLAN用户的永久用户身份 标识的过程。 因此, PDG在与 WLAN终端进行通信的时候并不知道用 户的真实身份, 因而也就不能实现与用户永久身份标识有关的控制业 务, 如对用户进行计费, 或对用户进行访问控制等。 发明内容 The shortcomings of the existing solutions are: The PDG does not have a process of obtaining the permanent user identity of the WLAN user. Therefore, PDG does not know the true identity of the user when communicating with the WLAN terminal, so it cannot implement the control industry related to the user's permanent identity. Services, such as charging users or controlling access to users. Summary of the invention
有鉴于此,本发明的目的在于提供一种无线局域网中 PDG获取用户 永久身份标识的方法, 使 PDG能够获取 WLAN用户的永久用户身份标 息  In view of this, an object of the present invention is to provide a method for a PDG to obtain a permanent identity of a user in a wireless local area network, so that the PDG can obtain a permanent user identity of a WLAN user.
为达到上述目的, 本发明的技术方案是这样实现的:  To achieve the above object, the technical solution of the present invention is implemented as follows:
一种无线局域网中分组数据关口 (PDG )获取永久用户身份标识的 方法, 无线局域网中包含有 AAA服务器, 且 AAA服务器与 PDG间有 信息交互, 该方法包括以下步驟:  A method for obtaining a permanent user identity through a packet data gateway (PDG) in a wireless local area network. The wireless local area network includes an AAA server, and there is information exchange between the AAA server and the PDG. The method includes the following steps:
a、 AAA服务器给通过基本接入认证的用户终端分配临时用户身份 标识, 保存该用户终端的永久用户身份标识与临时用户身份标识的对应 关系;  a. The AAA server assigns a temporary user identity to a user terminal that has passed basic access authentication, and stores the correspondence between the permanent user identity and the temporary user identity of the user terminal;
b、 PDG向 AAA服务器发送请求对用户终端进行身份认证的消息, 该消息中包含申请业务的用户终端的临时用户身份标识;  b. The PDG sends a message requesting identity authentication to the user terminal to the AAA server, and the message includes the temporary user identity of the user terminal applying for the service;
AAA服务器接收到来自 PDG的请求消息后, 对该用户终端进行认 证处理, 如果认证成功, 则根据请求消息中的临时用户身份标识以及所 述永久用户身份标识与临时用户身份标识的对应关系获取该用户终端 的永久用户身份标识, 向 PDG发送包含永久用户身份标识的成功授权 消息, 执行步骤 c, 如果认证不成功, AAA服务器直接向 PDG发送失 败的授权消息, 结束本流程;  After receiving the request message from the PDG, the AAA server performs authentication processing on the user terminal. If the authentication is successful, the AAA server obtains the request according to the temporary user identity and the corresponding relationship between the permanent user identity and the temporary user identity in the request message. The permanent user identity of the user terminal sends a successful authorization message containing the permanent user identity to the PDG, and performs step c. If the authentication is unsuccessful, the AAA server directly sends a failed authorization message to the PDG, and the process ends;
c、 PDG接收到来自 AAA服务器的成功授权消息后, 获取并保存该 用户终端的永久用户身份标识。  c. After receiving the successful authorization message from the AAA server, the PDG obtains and saves the permanent user identity of the user terminal.
较佳地,进一步包括: PDG给该通过认证的用户终端分配隧道标识, 保存该用户终端的永久用户身份标识与所述隧道标识的关联信息, 建立 与用户终端进行通信的隧道。 Preferably, the method further includes: assigning, by the PDG, a tunnel identifier to the authenticated user terminal, storing association information of a permanent user identity of the user terminal and the tunnel identifier, and establishing A tunnel for communication with user terminals.
较佳地,所述 PDG给该通过认证的用户终端分配的隧道标识为一个 或一个以上, 所述 PDG保存该用户终端的永久用户身份标识与所述隧 道标识的关联信息的方法为: 保存该用户终端的永久用户身份标识与一 个或一个以隧道标识的关联信息。  Preferably, the tunnel identifier allocated by the PDG to the authenticated user terminal is one or more, and the method by which the PDG saves the association information of the permanent user identity of the user terminal and the tunnel identifier is: Association information of the permanent user identity of the user terminal and one or one of the identity of the tunnel.
较佳地, 该方法进一步包括: 拆除进行通信的隧道, PDG删除永久 用户身份标识信息与已拆除隧道的隧道标识的关联信息。  Preferably, the method further includes: dismantling the communication tunnel, and the PDG deletes the associated information of the permanent user identity information and the tunnel identity of the removed tunnel.
较佳地, 该方法进一步包括: PDG判断永久用户身份标识是否与一 个或一个以上隧道标识之间有关联信息, 如果是, 则不做任何处理, 否 则删除该永久用户身份标识。  Preferably, the method further includes: the PDG determines whether there is association information between the permanent user identity and one or more tunnel identities; if so, no processing is performed; otherwise, the permanent user identity is deleted.
较佳地, 该方法进一步包括: PDG ^隧道标识信息获取用户的永 久用户身份标识信息, 实现对该用户终端的计费, 或访问控制。  Preferably, the method further includes: obtaining, by the PDG ^ tunnel identification information, the user's permanent user identification information to implement charging or access control for the user terminal.
较佳地, 所述永久用户身份标识信息为国际移动用户识别码 IMSI。 在本发明中 , AAA服务器根据 PDG发来的包含临时用户身份标识 信息的请求认证消息中, 获取该用户的永久用户身份标识信息 , 并将包 含永久用户身份标识信息的授权消息发送给 PDG, 从而使 PDG获取了 WLAN用户的永久用户身份标识信息。 进而, PDG将获取的永久用户 身份标识信息与该用户终端的隧道标识信息进行关联保存, 使得 PDG 对 WLAN用户终端实现了管理,如对该用户实现计费和 /或访问控制等。 本发明实现筒单, 且与现有的相关流程具有很好的兼容性。 附图简要说明  Preferably, the permanent user identity information is an international mobile subscriber identity IMSI. In the present invention, the AAA server obtains the permanent user identity information of the user according to the request authentication message containing the temporary user identity information sent by the PDG, and sends an authorization message containing the permanent user identity information to the PDG, thereby Enable PDG to obtain permanent user identity information of WLAN users. Further, the PDG associates and saves the obtained permanent user identification information with the tunnel identification information of the user terminal, so that the PDG implements management of the WLAN user terminal, such as charging and / or access control for the user. The present invention realizes a simple order, and has good compatibility with existing related processes. Brief description of the drawings
图 1所示为漫游情况下 WLAN系统与 3GPP系统互通的组网结构示 意图;  Figure 1 shows the schematic diagram of the networking structure of interworking between the WLAN system and the 3GPP system in the case of roaming;
'图 2所示为非漫游情况下 WLAN系统与 3GPP系统互通的組网结构 示意图; 'Figure 2 shows the networking structure of the WLAN system and the 3GPP system in a non-roaming situation. Schematic
图 3所示为应用本发明的 PDG获取永久用户身份标识信息的流程 图;  FIG. 3 is a flowchart of obtaining permanent user identity information by using the PDG of the present invention;
图 4所示为永久用户标识信息与一个以上隧道标识信息相关联的示 意图。 实施本发明的方式  Figure 4 shows the association between permanent user identification information and more than one tunnel identification information. Mode of Carrying Out the Invention
为使本发明的技术方案更加清楚, 下面结合附图对本发明再做进一 步详细说明。  To make the technical solution of the present invention clearer, the present invention will be further described in detail below with reference to the accompanying drawings.
本发明的思路是: AAA服务器给通过基本接入认证的用户分配临时 用户身份标识信息, 同时保存该用户的永久用户身份标识与临时用户身 份标识的对应关系; 当 AAA服务器接收到来自 PDG的包含申请业务用 户临时用户身份标识信息的请求对该用户进行身份认证的消息后 , 对该 用户终端进行认证处理, 如果认证成功, 则根据已保存的对应关系获取 该用户的永久用户身份标识信息, 并向 PDG发送包含永久用户身份标 识信息的成功授权消息后, 由 PDG保存该用户的永久用户身份标识信 息,如果认证不成功,则 AAA服务器直接向 PDG发送失败的消息; PDG 接收到上述成功授权消息后, 获取并保存该用户的永久用户身份标识信 图 3所示为应用本发明的 PDG获取永久用户身份标识信息的流程 图。  The idea of the present invention is: the AAA server allocates temporary user identity information to a user who has passed basic access authentication, and at the same time saves the correspondence between the permanent user identity of the user and the temporary user identity; when the AAA server receives the After applying for the message of requesting the identity information of the temporary user of the business user to authenticate the user, the user terminal is authenticated. If the authentication is successful, the permanent user identity information of the user is obtained according to the saved correspondence, and After sending a successful authorization message containing the permanent user identity information to the PDG, the PDG saves the user's permanent user identity information. If the authentication is unsuccessful, the AAA server directly sends a failure message to the PDG; the PDG receives the above successful authorization message After that, the permanent user identification letter of the user is obtained and saved. FIG. 3 is a flowchart of obtaining the permanent user identification information by the PDG applying the present invention.
步骤 301 , WLAN用户通过 WLAN接入网将包含自身永久用户身份 标识信息, 如 IMSI的接入请求消息发送到 AAA服务器, 进行基本接入 认证, AS给通过基本接入认证的用户终端分配临时用户身份标识信息, 同时保存该用户的永久用户身份标识与临时用户身份标识的对应关系; 者, AS 在以后的再认证过程或业务认证过程中给用户指定临时用户身 份标识, 或者, 在以后的再认证过程或业务认证过程来更新临时用户身 份标识。 Step 301: The WLAN user sends an access request message including the permanent user identity information such as IMSI to the AAA server through the WLAN access network to perform basic access authentication, and the AS assigns a temporary user to the user terminal that passed the basic access authentication. Identity information, and at the same time, the correspondence between the permanent user identity and the temporary user identity of the user is saved; Or, the AS assigns a temporary user identity to the user in a subsequent re-authentication process or service authentication process, or updates the temporary user identity in a subsequent re-authentication process or service authentication process.
步骤 302, 通过基本接入认证授权的 WLAN用户从 DNS获取提供 请求业务 PDG的地址后, 向该 PDG发送包含自身临时用户身份标识信 息的隧道建立请求消息;  Step 302: After the WLAN user authorized by the basic access authentication obtains an address for providing the requested service PDG from the DNS, the WLAN user sends a tunnel establishment request message including the temporary user identity information to the PDG.
步骤 303 , PDG向 AAA服务器发送包含申请用户临时用户身份标 识信息的请求对该用户进行身份认证的认证消息, 以请求 AAA服务器 对该用户终端的身份进行认证授权;  Step 303: The PDG sends to the AAA server an authentication message containing a request for the identity information of the user's temporary user to request authentication of the user to request the AAA server to authenticate and authorize the identity of the user terminal.
步驟 304, AAA服务器对 PDG指定的用户终端进行认证处理, '如 果认证成功, 则执行步骤 305, 如果认证不成功, 则 AAA服务器直接向 PDG发送失败的响应消息, 并结束本流程;  Step 304: The AAA server performs authentication processing on the user terminal designated by the PDG. 'If the authentication is successful, step 305 is performed. If the authentication is unsuccessful, the AAA server directly sends a failure response message to the PDG and ends the process.
步骤 305 , AAA服务器根据步骤 301所保存的对应关系, 获取该用 户的永久用户身份标识信息, 并向 PDG发送包含永久用户身份标识信 息的成功授权消息, 允许该申请用户终端通过该 PDG访问业务;  Step 305: The AAA server obtains the permanent user identity information of the user according to the corresponding relationship saved in step 301, and sends a successful authorization message containing the permanent user identity information to the PDG, allowing the applicant user terminal to access services through the PDG;
步骤 306, PDG接收到来自 AAA服务器的授权消息后, 给该用户 终端分配隧道标识等与建立隧道相关信息, 并判断本地是否保存有该用 户的永久用户身份标识信息, 如果有, 则直接保存该用户的永久用户身 份标识信息与所述隧道标识信息的关联信息后, 执行步骤 307, 否则, 先将该用户的永久用户身份标识信息进行保存, 再保存该用户的永久用 户身份标识信息与所述隧道标识信息的关联信息后, 执行步骤 307; 由于一个 PDG可能支持多种业务, 因此, 某个 WLAN用户终端可 能与一个 PDG存在多个隧道连接, 即一个 WLAN用户的永久用户身份 标识可能同时与多个隧道标识相关联; 如图 4所示, 一个用户的永久用 户身份标识 1与某个 PDG的隧道标识为 1、 2、 3的隧道同时关联, 另 一个用户的永久用户身份标识 2与该 PDG的隧道标识为 4、 5的隧道同 时关联; Step 306: After receiving the authorization message from the AAA server, the PDG allocates tunnel identification information, such as a tunnel identifier, to the user terminal, and determines whether the user ’s permanent user identity information is stored locally. If so, the PDG directly saves the information. After the user's permanent user identity information is associated with the tunnel identity information, step 307 is performed, otherwise, the user's permanent user identity information is saved first, and then the user's permanent user identity information and the user's permanent user identity information are stored. After the associated information of the tunnel identification information, step 307 is performed; since a PDG may support multiple services, a WLAN user terminal may have multiple tunnel connections with a PDG, that is, a permanent user identity of a WLAN user may be simultaneously associated with Multiple tunnel identities are associated; as shown in FIG. 4, a user's permanent user identity 1 is associated with a PDG tunnel ID of 1, 2, 3 tunnels at the same time, and A user's permanent user identity 2 is associated with a tunnel with the PDG tunnel identifiers 4 and 5 at the same time;
步骤 307, PDG建立其与该用户终端进行通信的隧道;  Step 307: The PDG establishes a tunnel for communication with the user terminal.
步骤 308, 在业务通信过程中, PDG根据该用户终端业务信息内的 隧道标识信息, 获取该用户的永久用户身份标识信息, 实现与该永久用 户身份标识有关的业务, 如对用户终端进行计费, 和或访问控制等。  Step 308: During the service communication process, the PDG obtains the permanent user identity information of the user according to the tunnel identity information in the service information of the user terminal, and implements services related to the permanent user identity, such as charging the user terminal. , And or access control, etc.
所谓实现计费是指,当某个用户终端使用了某个 PDG的一个或一个 以上业务, 即一个或一个以上隧道时, PDG >据隧道标识和用户永久身 份标识的对应关系, 实现对该用户终端所有应用业务的计费。  The so-called charging means that when a user terminal uses one or more services of a PDG, that is, one or more tunnels, PDG> according to the correspondence between the tunnel identifier and the user's permanent identity, to achieve the user Billing for all application services on the terminal.
所谓实现访问控制是指针对某一类业务,由 PDG来实现更详细的控 制。 通常, 运营商提供的 AAA服务器仅限于检查用户终端是否定购了 该业务, 而不做更详细的检查, 应用本发明, 可使 PDG对用户终端进 行更详细信息的检查。 比如, WLAN 用户终端定购了某个游戏业务, AAA服务器在检查用户确实定购了游戏业务后就会授权该用户访问提 供游戏业务的 PDG, —个 PDG通常提供多种游戏业务, 而用户一般只 定购其中的一个或几个, PDG通过用户的永久用户身份标识, 即可判 断该 WLAN用户是否可以参加某个游戏, 并实现控制。  The so-called implementation of access control refers to a certain type of business, and PDG implements more detailed control. Generally, the AAA server provided by the operator is limited to checking whether the user terminal has ordered the service without performing a more detailed check. By applying the present invention, the PDG can check the user terminal for more detailed information. For example, a WLAN user terminal orders a certain game service. After checking that the user has indeed ordered the game service, the AAA server will authorize the user to access the PDG that provides game services. One PDG usually provides multiple game services, and users generally only order For one or more of them, the PDG can determine whether the WLAN user can participate in a certain game and implement control through the permanent user identity of the user.
另外, 当用户使用某个隧道完毕并拆除后, PDG将删除该隧道标识 和永久用户身份标识之间的关联信息, 当 PDG发现某个永久用户身份 标识已经没有相关联的隧道标识信息时, PDG将删除该永久用户身份标 识信息。  In addition, when a user finishes using a tunnel and tears it down, PDG will delete the association information between the tunnel identity and the permanent user identity. When PDG finds that a permanent user identity has no associated tunnel identity information, PDG The permanent user identification information will be deleted.
以上所述仅为本发明的较佳实施例而已, 并不用以限制本发明, 凡 在本发明的精神和原则之内, 所作的任何修改、 等同替换、 改进等, 均 应包含在本发明的保护范围之内。  The above are only preferred embodiments of the present invention and are not intended to limit the present invention. Any modification, equivalent replacement, or improvement made within the spirit and principle of the present invention shall be included in the present invention. Within the scope of protection.

Claims

权利要求书 Claim
1、 一种无线局域网中分组数据关口(PDG )获取永久用户身份标识 的方法, 无线局域网中包含有 AAA服务器, 且 AAA服务器与 PDG间 有信息交互, 其特征在于, 该方法包括以下步驟: 1. A method for obtaining a permanent user identity through a packet data gateway (PDG) in a wireless local area network. The wireless local area network includes an AAA server, and information exchange between the AAA server and the PDG is characterized in that the method includes the following steps:
a、 AAA服务器给通过基本接入认证的用户终端分配临时用户身份 标识, 保存该用户终端的永久用户身份标识与临时用户身份标识的对应 关系;  a. The AAA server assigns a temporary user identity to a user terminal that has passed basic access authentication, and stores the correspondence between the permanent user identity and the temporary user identity of the user terminal;
b、 PDG向 AAA服务器发送请求对用户终端进行身份认证的消息, 该消息中包含申请业务的用户终端的临时用户身份标识;  b. The PDG sends a message requesting identity authentication to the user terminal to the AAA server, and the message includes the temporary user identity of the user terminal applying for the service;
AAA服务器接收到来自 PDG的请求消息后, 对该用户终端进行认 证处理, 如果认证成功, 则根据请求消息中的临时用户身份标识以及所 述永久用户身份标识与临时用户身份标识的对应关系获取该用户终端 的永久用户身份标识, 向 PDG发送包含永久用户身份标识的成功授权 消息, 执行步骤 c, 如果认证不成功, AAA服务器直接向 PDG发送失 败的授权消息, 结束本流程;  After receiving the request message from the PDG, the AAA server performs authentication processing on the user terminal. If the authentication is successful, the AAA server obtains the request according to the temporary user identity and the corresponding relationship between the permanent user identity and the temporary user identity in the request message. The permanent user identity of the user terminal sends a successful authorization message containing the permanent user identity to the PDG, and performs step c. If the authentication is unsuccessful, the AAA server directly sends a failed authorization message to the PDG, and the process ends;
c、 PDG接收到来自 AAA服务器的成功授权消息后, 获取并保存该 用户终端的永久用户身份标识。  c. After receiving the successful authorization message from the AAA server, the PDG obtains and saves the permanent user identity of the user terminal.
2、 根据权利要求 1 所述的方法, 其特征在于, 进一步包括: PDG 给该通过认证的用户终端分配隧道标识, 保存该用户终端的永久用户身 份标识与所述隧道标识的关联信息, 建立与用户终端进行通信的隧道。  2. The method according to claim 1, further comprising: PDG assigning a tunnel identifier to the authenticated user terminal, storing association information of the permanent user identity of the user terminal and the tunnel identifier, and establishing a connection with the tunnel identifier. A tunnel through which user terminals communicate.
3、 根据权利要求 2所述的方法, 其特征在于, 所述 PDG给该通过 认证的用户终端分配的隧道标识为一个或一个以上, 所述 PDG保存该 用户终端的永久用户身份标识与所述隧道标识的关联信息的方法为: 保 存该用户终端的永久用户身份标识与一个或一个以隧道标识的关联信 息。 3. The method according to claim 2, wherein the PDG assigns one or more tunnel identifiers to the authenticated user terminal, and the PDG stores the permanent user identifier of the user terminal and the user identifier. The method for associating information of the tunnel identifier is: storing the permanent user identity of the user terminal and one or one of the association information using the tunnel identifier. Interest.
4、根据权利要求 2或 3所述的方法, 其特征在于, 该方法进一步包 括: 拆除进行通信的隧道, PDG删除永久用户身份标识信息与已拆除隧 道的隧道标识的关联信息。  4. The method according to claim 2 or 3, further comprising: dismantling a communication tunnel, and deleting, by the PDG, the associated information of the permanent user identity information and the tunnel identity of the removed tunnel.
5、 根据权利要求 4所述的方法, 其特征在于, 该方法进一步包括: 5. The method according to claim 4, further comprising:
PDG 判断永久用户身份标识是否与一个或一个以上隧道标识之间有关 联信息, 如果是, 则不做任何处理, 否则删除该永久用户身份标识。 The PDG determines whether the permanent user identity is associated with one or more tunnel identities. If so, no processing is performed, otherwise the permanent user identity is deleted.
6、根据权利要求 2或 3所述的方法, 其特征在于, 该方法进一步包 括: PDG根据隧道标识信息获取用户的永久用户身份标识信息, 实现对 该用户的计费, 和 /或访问控制。  6. The method according to claim 2 or 3, further comprising: obtaining, by the PDG, the user's permanent user identification information according to the tunnel identification information, realizing charging for the user, and / or access control.
7、根据权利要求 1所述的方法, 其特征在于, 所述永久用户身份标 识信息为国际移动用户识别码 IMSI。  7. The method according to claim 1, wherein the permanent user identification information is an International Mobile Subscriber Identity (IMSI).
PCT/CN2005/000061 2004-01-14 2005-01-14 A method of acquiring permanent user identification by the packet data gateway (pdg) in the wlan WO2005069533A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CNB2004100005849A CN100411335C (en) 2004-01-14 2004-01-14 Method for obtaiing user identification by packet data gate for wireless LAN
CN200410000584.9 2004-01-14

Publications (1)

Publication Number Publication Date
WO2005069533A1 true WO2005069533A1 (en) 2005-07-28

Family

ID=34763035

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2005/000061 WO2005069533A1 (en) 2004-01-14 2005-01-14 A method of acquiring permanent user identification by the packet data gateway (pdg) in the wlan

Country Status (2)

Country Link
CN (1) CN100411335C (en)
WO (1) WO2005069533A1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP2621203A4 (en) * 2010-09-24 2017-09-20 Nec Corporation Gateway, server, method of communication control for same, and gateway system

Families Citing this family (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8477731B2 (en) 2005-07-25 2013-07-02 Qualcomm Incorporated Method and apparatus for locating a wireless local area network in a wide area network
US8483704B2 (en) 2005-07-25 2013-07-09 Qualcomm Incorporated Method and apparatus for maintaining a fingerprint for a wireless network
CN100414889C (en) * 2005-12-29 2008-08-27 中山大学 Intermediate system used for distinguishing and tracing user
CN101127629B (en) * 2006-08-18 2012-08-22 华为技术有限公司 Policy and billing execution device, online billing system and method for communication system
CN101459904B (en) * 2008-06-17 2010-12-29 中兴通讯股份有限公司 AAA server, P-GW, PCRF, obtaining method and system for customer equipment identification
CN101998444B (en) * 2009-08-14 2014-02-05 中国电信股份有限公司 Proxy mobile IPv4 processing method and system
CN101969643B (en) * 2010-09-21 2014-04-16 国家无线电监测中心检测中心 Combined wireless network crosslinking method
CN102595406B (en) * 2012-02-15 2014-08-20 电信科学技术研究院 Management method and equipment for subscription information
CN106713057B (en) * 2015-07-30 2019-11-29 华为技术有限公司 For carrying out the method, apparatus and system of Tunnel testing
CN106685889B (en) * 2015-11-05 2020-09-01 阿里巴巴集团控股有限公司 Service implementation method and device based on user identity

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1191763A2 (en) * 2000-09-22 2002-03-27 Roke Manor Research Limited Access authentication system for a wireless environment
WO2003047294A1 (en) * 2001-11-30 2003-06-05 Motorola Inc Authentication, authorisation and accounting for a roaming user terminal

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20030139180A1 (en) * 2002-01-24 2003-07-24 Mcintosh Chris P. Private cellular network with a public network interface and a wireless local area network extension

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1191763A2 (en) * 2000-09-22 2002-03-27 Roke Manor Research Limited Access authentication system for a wireless environment
WO2003047294A1 (en) * 2001-11-30 2003-06-05 Motorola Inc Authentication, authorisation and accounting for a roaming user terminal

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP2621203A4 (en) * 2010-09-24 2017-09-20 Nec Corporation Gateway, server, method of communication control for same, and gateway system

Also Published As

Publication number Publication date
CN1642076A (en) 2005-07-20
CN100411335C (en) 2008-08-13

Similar Documents

Publication Publication Date Title
JP3984993B2 (en) Method and system for establishing a connection through an access network
WO2005069533A1 (en) A method of acquiring permanent user identification by the packet data gateway (pdg) in the wlan
EP1330073B1 (en) Method and apparatus for access control of a wireless terminal device in a communications network
KR100967749B1 (en) Address management method, address management system, mobile terminal and home domain server
EP1693988B1 (en) A method of the subscriber terminal selecting the packet data gateway in the wireless local network
US7454207B2 (en) Service access control interface for an unlicensed wireless communication system
CA2495343C (en) Method and system for gsm billing during wlan roaming
CA2530891C (en) Apparatus and method for a single sign-on authentication through a non-trusted access network
WO2006002601A1 (en) A method for wireless lan users set-up session connection
WO2006000149A1 (en) A method for implementing access authentication of wlan user
WO2005018140A1 (en) Method of user terminal accessing quickly home network in wireless local area network
WO2007019771A1 (en) An access control method of the user altering the visited network, the unit and the system thereof
WO2005039110A1 (en) A method of analyzing the accessing process of the selected service in the wireless local area network
WO2004114588A1 (en) Method for transmitting traffic data to wireless local area network users
WO2005004384A1 (en) An alternation disposal method for network selection information of user terminal in wlan
WO2005071981A1 (en) A interactive method of subscriber terminal determining the network selective information in wlan
Leu et al. Running cellular/PWLAN services: practical considerations for cellular/PWLAN architecture supporting interoperator roaming
WO2005062631A1 (en) Method of redirecting packet data gateway in wireless local area network
WO2014121613A1 (en) Method and corresponding device for acquiring location information
WO2005074192A1 (en) A method of obtaining the packet data gateway (pdg) address for the user terminal in wireless local area network (wlan)
WO2005074193A1 (en) A method for the user terminal to acquire the information of the packet data gateway in the wlan
WO2004114589A1 (en) A method of transmitting traffic data to the users of wireless local area network
WO2005004504A1 (en) A method about network transmit information to user terminal
EP1847136A2 (en) Service access control interface for an unlicensed wireless communication system
Janevski et al. Interworking of cellular networks and hotspot wireless LANs via integrated accounting system

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A1

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BW BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE EG ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NA NI NO NZ OM PG PH PL PT RO RU SC SD SE SG SK SL SY TJ TM TN TR TT TZ UA UG US UZ VC VN YU ZA ZM ZW

AL Designated countries for regional patents

Kind code of ref document: A1

Designated state(s): BW GH GM KE LS MW MZ NA SD SL SZ TZ UG ZM ZW AM AZ BY KG KZ MD RU TJ TM AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IS IT LT LU MC NL PL PT RO SE SI SK TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG

121 Ep: the epo has been informed by wipo that ep was designated in this application
NENP Non-entry into the national phase

Ref country code: DE

WWW Wipo information: withdrawn in national office

Country of ref document: DE

122 Ep: pct application non-entry in european phase