WO2006000151A1 - Procede de gestion d'un materiel terminal local pour l'acces au reseau - Google Patents
Procede de gestion d'un materiel terminal local pour l'acces au reseau Download PDFInfo
- Publication number
- WO2006000151A1 WO2006000151A1 PCT/CN2005/000891 CN2005000891W WO2006000151A1 WO 2006000151 A1 WO2006000151 A1 WO 2006000151A1 CN 2005000891 W CN2005000891 W CN 2005000891W WO 2006000151 A1 WO2006000151 A1 WO 2006000151A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- information
- authentication
- network
- access
- identifier
- Prior art date
Links
- 238000000034 method Methods 0.000 title claims abstract description 94
- 230000004044 response Effects 0.000 claims abstract description 67
- 230000008569 process Effects 0.000 claims description 37
- 238000010295 mobile communication Methods 0.000 claims description 8
- 238000004891 communication Methods 0.000 claims description 6
- 230000002708 enhancing effect Effects 0.000 abstract 1
- 230000005577 local transmission Effects 0.000 description 10
- 238000010586 diagram Methods 0.000 description 8
- 230000005540 biological transmission Effects 0.000 description 7
- 238000005516 engineering process Methods 0.000 description 7
- 230000006855 networking Effects 0.000 description 5
- 238000013475 authorization Methods 0.000 description 4
- 238000001514 detection method Methods 0.000 description 3
- 230000006872 improvement Effects 0.000 description 3
- 230000004048 modification Effects 0.000 description 3
- 238000012986 modification Methods 0.000 description 3
- 230000008859 change Effects 0.000 description 2
- 238000011161 development Methods 0.000 description 2
- 230000003993 interaction Effects 0.000 description 2
- 238000012546 transfer Methods 0.000 description 2
- 230000008901 benefit Effects 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 230000008520 organization Effects 0.000 description 1
- 238000012545 processing Methods 0.000 description 1
- 238000011160 research Methods 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/06—Authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/102—Entity profiles
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/16—Implementing security features at a particular protocol layer
- H04L63/162—Implementing security features at a particular protocol layer at the data link layer
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/08—Access security
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0853—Network architectures or network communication protocols for network security for authentication of entities using an additional device, e.g. smartcard, SIM or a different communication terminal
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W74/00—Wireless channel access
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W8/00—Network data management
- H04W8/26—Network addressing or numbering for mobility support
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W84/00—Network topologies
- H04W84/02—Hierarchically pre-organised networks, e.g. paging networks, cellular networks, WLAN [Wireless Local Area Network] or WLL [Wireless Local Loop]
- H04W84/10—Small scale networks; Flat hierarchical networks
- H04W84/12—WLAN [Wireless Local Area Networks]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W88/00—Devices specially adapted for wireless communication networks, e.g. terminals, base stations or access point devices
- H04W88/02—Terminal devices
Definitions
- the present invention relates to the field of wireless access technologies, and in particular to a management local terminal device.
- Wireless local area network can provide high-speed wireless data access in a small range, it is widely used.
- Wireless LAN includes many different technologies.
- IEEE 802.11b which uses the 2.4GHz band and the highest data transmission rate of 11Mbps.
- the IEEE 802.1 lg and Bluetooth technologies are also used in this band.
- 802.11g has a maximum data transmission rate of 54Mbps.
- Other WLAN technologies such as IEEE 802.11a and ETSI BRAN Hiperlan2, use the 5 GHz band with a maximum transfer rate of 54 Mbps.
- IP Internet Protocol
- AP access point
- WLAN and various wireless mobile communication networks such as: Global System for Mobile Communications (GSM) systems, Code Division Multiple Access (CDMA) systems, Wideband Code Division Multiple Access (WCDMA) systems, time division duplexing - Interworking of CDMA-based systems and CDMA2000 systems is becoming the focus of current research.
- GSM Global System for Mobile Communications
- CDMA Code Division Multiple Access
- WCDMA Wideband Code Division Multiple Access
- 3GPP 3rd Generation Partnership Project
- user terminals can access the network through WLAN.
- 00891 is connected to the Internet (Internet), the intranet (Intranet), and can also be connected to the home network of the 3GPP system or the access network of the 3GPP system via the WLAN access network.
- FIG. 1 is a schematic diagram showing the networking structure of a WLAN system interworking with a 3GPP system in a roaming situation.
- the WLAN user terminal When the WLAN user terminal is roaming, it is connected to the 3GPP access network via the WLAN access network, because some entities in the 3GPP access network are respectively interconnected with corresponding entities in the 3GPP home network, for example, 3GPP authentication in the 3GPP access network.
- Authorized billing When the WLAN user terminal is roaming, it is connected to the 3GPP access network via the WLAN access network, because some entities in the 3GPP access network are respectively interconnected with corresponding entities in the 3GPP home network, for example, 3GPP authentication in the 3GPP access network.
- AAA proxy and 3GPP Authentication and Authorization Accounting (AAA) server in the 3GPP home network 3GPP access network wireless local area network access gateway (WAG) and packet data gateway (PDG) in the 3GPP home network, etc., therefore, A home network in which the WLAN user terminal accesses the 3GPP is implemented.
- the shaded part in the figure is the 3GPP packet switched (PS) domain service, that is, the interworking scenario 3 (Scenario3) service in the 3GPP network.
- PS packet switched
- FIG. 2 is a schematic diagram showing the networking structure of a WLAN system interworking with a 3GPP system in a non-roaming situation.
- the WLAN user terminal accesses locally, it is directly connected to the home network of 3GPP via the WLAN access network.
- the shaded part in the figure is the 3GPP packet switched (PS) domain service, that is, the Scenario3 service in the 3GPP home network.
- PS packet switched
- a primary subscription subscriber server is mainly included.
- 3GPP AAA server (11 ⁇ 28) / home location register (1100, 3GPP AAA server, 3GPP AAA proxy, WAG, packet data gateway, billing gateway (CGw) / billing information collection system (CCF) and online billing system (OCS).
- CGw billing gateway
- CCF billing information collection system
- OCS online billing system
- User terminal WLAN
- the access network and all the entities of the 3GPP system form a 3GPP-WLAN interaction network, and the 3GPP-WLAN interaction network can be used as a wireless LAN service system.
- the 3GPP AAA server is responsible for authentication, authorization and charging of users.
- the charging information sent to the WLAN access network is collected and transmitted to the charging system;
- the packet data gateway (PDG) is responsible for transmitting user data from the WLAN access network to the 3GPP network or other packet network;
- the charging system mainly receives and records User billing information transmitted from the network, OCS indicates network periodicity according to the cost of online billing users Transfer online cost information and perform statistics and control.
- a terminal device such as a notebook computer
- a mobile device such as a user's mobile phone
- a user identification card such as a subscription user identifier of a second generation mobile communication system (SIM) GSM Subscriber Identity Module ) card or the Subscriber Subscriber Identity (USIM) card of the third generation mobile communication system, or the ISIM (IMS Subscriber Identity Module) card of the IP Multimedia Subsystem
- SIM second generation mobile communication system
- USIM Subscriber Subscriber Identity
- IMS Subscriber Identity Module IMS Subscriber Identity Module
- the terminal device such as the user's laptop can access the WLAN and the 3GPP/3GPP2 interworking network through the USIM/SIM authentication and authorization in the user's mobile phone, and use the Internet or 3GPP/3GPP2 packet domain network.
- FIG. 1 is a schematic diagram showing the flow of the prior art TE using the USIM to access the network.
- Step 301 When the TE accesses the network and wants to use the service in the network, it receives the authentication identifier request message sent by the network side, because the identifier of the TE itself is not the user identity recognized in the 3GPP/3GPP2 network, It will be linked to the adjacent mobile phone, MT, via a local transmission protocol such as Bluetooth (BLUETOOTH) or infrared interface, to take advantage of the identity of the USIM card in the MT as the identity of its own access network, ie the account.
- BLUETOOTH Bluetooth
- infrared interface infrared interface
- the above-mentioned local transmission protocol refers to a short-distance transmission protocol, that is, a transmission protocol in which the receiver and the sender are in close proximity, such as a BLUETOOTH or an infrared interface. That is to say, the local transmission protocol is effective when the distance between the TE and the MT is relatively close. When the distance between the TE and the MT is long, the local transmission protocol cannot be used, that is, the local transmission protocol is invalid. The same as below.
- Step 302 After establishing a link between the TE and the MT through the local transmission protocol, the TE forwards the authentication identifier request message on the network side to the MT.
- IMSI International Mobile Subscriber Identity
- pseudonym temporary user identity allocated by the 3GPP/3GPP2 network.
- Step 304 The MT applies a local transmission protocol to send a response message containing the identity information to the TE.
- Step 305 The TE forwards the obtained response message including the identity identification information to the network side.
- Step 306 The network side generates an authentication vector according to the received identity information, and sends an authentication request including an authentication vector to the TE.
- Step 307 The TE forwards the authentication request including the authentication vector to the MT.
- Step 308 After receiving the authentication request including the authentication vector, the MT requests the USIM to perform calculation according to the authentication vector information to detect the authenticity of the network. After the detection, the MT
- the authentication response value and key information are obtained in the calculation result of the USIM.
- Step 309 the MT returns an authentication response message including the authentication response value to the TE.
- Step 310 The TE returns an authentication response message including an authentication response value to the network side.
- Step 311 The network side checks whether the authentication response value matches the self. If yes, the message that the authentication succeeds is sent to the TE, and the TE is allowed to access the network. Otherwise, the authentication failure information is sent to the TE, and the TE access network is rejected. At the same time, the MT sends the key information to the TE for use when the TE accesses the network.
- the application layer between the network side, the TE, and the MT applies the EAP protocol
- the interface protocol between the terminal and the card of 3GPP/3GPP2 is used between the MT and the USIM.
- step 311 of the foregoing process the network side sends the authentication result to the TE.
- the process, and the process of sending the key information to the TE by the MT are performed simultaneously, and there is no constraint between each other, which wastes network resources. Summary of the invention
- a method for managing a local terminal device to access a network where a management list including a local terminal device TE identifier is set in the mobile device MT, and a user identification card is inserted in the MT, the method further includes the following steps:
- the MT After receiving the authentication identifier request message containing the TE identifier from the local TE, the MT determines whether to accept the request according to the TE identifier information in the management list, and if yes, performs step b; otherwise, performs step c;
- the MT obtains the identity information of the user identity card, and returns the identity information to the TE, and the TE accesses the network by using the identity information, and ends;
- the management list including the local TE identifier is a TE management list that allows access
- the method of determining in step a is: the MT determines whether the identifier in the received request message exists in the TE management list that is allowed to access, and if yes, performs step b, otherwise performs step c or determines according to the policy of the user. Returns the identity information of the user identification card to the TE.
- the management list including the local TE identifier is a TE management column that is forbidden to access.
- the method of determining in step a is: the MT determines whether the identifier in the received request message exists in the TE management list that is forbidden to access, and if yes, performs step c, otherwise, determines whether to return the TE according to the policy of the user.
- the identity information of the user identification card is:
- the management list including the local TE identifier is a management list including a TE list that allows access and a TE list that is forbidden to access;
- the method of determining in the step a is: the MT determines whether the identifier in the received request message exists in the TE list that is allowed to access, and if yes, performs step b, otherwise the MT determines whether the identifier in the received request information exists. In the TE list that is forbidden to access, if yes, step c is performed; otherwise, step c is performed or according to the policy of the user to determine whether to return the identity information of the user identification card to the TE.
- the method further includes: setting the rights information of the TE access network in the TE management list that is allowed to access; and the authentication identity request message sent by the TE to the MT includes the information of the service permission identifier to be requested;
- the method further includes: determining whether the information of the service authority identifier in the received request message matches the authority information of the TE in the management list, If yes, execute step b again, otherwise go to step c.
- the method further includes: setting a current state information of the TE in the TE management list that is allowed to be accessed;
- the MT in step a receives the authentication identifier request message including the TE identifier from the local TE, and first determines the self according to the current state information of the TE in the management list. Whether the service is being provided for a limited number of TEs. If yes, step c is directly performed. Otherwise, it is determined according to the TE identification information in the management list whether to accept the request, and the subsequent steps are continued.
- the step (b) that the TE uses the identity information to access the network includes the following steps: The TE sends the identity information to the network side, and after receiving the authentication request from the network side, obtains an authentication response through the MT. a value, sending the authentication response value to the network side again, and receiving an authentication response message from the network side;
- the TE After receiving the authentication success message from the network side, the TE determines that the authentication success message is forwarded to the MT, and after the MT receives the authentication success message from the network side that the TE forwards, the TE changes the TE management list that is allowed to access.
- the current state information of the TE is instructed to be in a networked state, and then the key information is sent to the TE, and the TE information received by the TE application is connected to the network; or
- the TE sends the identity identification information to the network side, and after receiving the authentication request from the network side, obtains the authentication response value through the MT, and sends the authentication response value to the network side again, and receives the network side from the network side.
- the authentication response message is directly forwarded to the MT;
- the MT After receiving the authentication success message from the network side, the MT determines that the current state information of the TE in the TE management list that is allowed to access is changed to indicate the network state, and then sends the key information to the TE, and the TE application receives the information. Key information is connected to the network.
- the method further includes: after the TE ends the service communication with the network side, the network side sends a logout notification including the logout authority identifier to the TE, and the TE forwards the received logout notification to the MT, and the MT receives the TE forwarding.
- the master sales notification change the current status information of the TE in the TE management list that is allowed to access, indicating that it is not in use.
- the method further includes: when the MT does not receive the logout notification sent by the TE that has been identified as the networked state for a predetermined period of time, actively modifying the state information of the TE to indicate that Unused state.
- the method further includes: time stamping the changed status information; when the MT receives the new authentication identifier request And according to the current status of the ⁇ in the management list
- the method further includes: determining whether the time difference between the current time and the time indicated by the time stamp in the state information exceeds a preset time threshold, and if yes, actively modifying the state of the TE Information, indicating that it is not in use, otherwise proceed directly to step c.
- the process of the TE using the identity information to access the network is: the TE uses the identity information to authenticate with the network side, and receives an authentication response message from the network side;
- the TE determines whether the received authentication response message is a successful authentication response message, and if yes, sends a notification of successful authentication to the MT, and receives key information from the MT, and applies the received key information to access Network, otherwise it ends directly; or,
- the TE uses the identity information to authenticate with the network side, and forwards the received authentication response message from the network side to the MT directly;
- the MT determines whether the received authentication response message is a successful authentication response message. If yes, the TE sends the key information to the TE, and the TE uses the received key information to access the network, otherwise it ends directly.
- the management list set in the MT is one or more, and each management list corresponds to a user identification card.
- the subscriber identity card is a subscription subscriber identity SIM card of the second generation mobile communication system, or a subscription subscriber identity USIM card of the third generation mobile communication system, or a subscription subscriber identity ISIM card of the IP multimedia subsystem.
- a method for managing a local terminal device accessing a network, wherein a user identification card is inserted in the MT comprising the following steps:
- the MT After receiving the authentication identifier request message from the local TE, the MT obtains the identity identification information of the user identity card, and returns the identity identification information to the TE, and the TE uses the identity identification information to authenticate with the network side.
- step II the process of determining whether the authentication is successful according to step II is:
- the TE After receiving the authentication response message from the network side, the TE determines whether the authentication response message is a successful authentication response message, and if yes, confirms that the authentication succeeds, otherwise directly ends; after determining that the authentication succeeds, the TE further includes: TE The MT sends a notification of successful authentication, and the MT sends the key information to the TE according to the received notification of successful authentication.
- step II the process of determining whether the authentication is successful according to step II is:
- the TE After receiving the authentication response message from the network side, the TE directly forwards the authentication response message to the MT, and the MT determines whether the received authentication response message is a successful authentication response message, and if yes, confirms that the authentication succeeds. , otherwise it ends directly.
- the method further comprises:
- the MT further includes: the MT determining, according to the TE identifier information in the management list, whether to accept the The request, if yes, continues to perform the subsequent steps. Otherwise, the TE is denied to return the identity identification information of the user identification card, and the process ends.
- the present invention sets a management list including the local terminal device TE identifier in the MT, and determines whether to accept the request message from the TE according to the information in the management list, thereby implementing management of the local TE accessing the network by using the MT resource, and improving
- the function of the MT increases the security of the user account and avoids cost loss.
- the user can also limit the access rights of the accessing TE, and at the same time, can understand the current state of the TE, which is convenient for the daily application of the user. Based on this, the existing process is further improved, so that the MT sends the key information to the TE after receiving the successful authentication notification from the TE, which makes the process more reasonable and saves network resources.
- the present invention can also improve the existing process based on the management list without adding the local terminal device TE identifier, that is, the prior art, so that the MT receives the notification of successful authentication from the TE. Or the MT determines that the TE forwards the authentication success response message, and then sends the key information to the TE, which makes the process more reasonable and saves network resources. Moreover, on the basis of the process improvement, the management list of the local terminal device TE identifier is further increased, so as to further implement management of the TE that accesses the network by using the MT resource.
- FIG. 1 is a schematic diagram of a networking structure in which a WLA system communicates with a 3GPP system in a roaming situation;
- FIG. 2 is a schematic diagram showing a networking structure of a WLAN system interworking with a 3GPP system in a non-roaming situation
- FIG. 3 is a schematic diagram of a process in which a TE of the prior art uses the USIM to access the network.
- FIG. 4 is a schematic diagram of a process of using the USIM to access the network by using the TE of the present invention. Mode for carrying out the invention
- the present invention will be further described in detail below with reference to the accompanying drawings and specific embodiments.
- the idea of the present invention is: setting a management list including a local TE identifier in the MT, and determining whether to accept the request message from the TE according to the information in the management list, thereby utilizing
- the MT resource accesses the TE of the network for management. At the same time, the existing processes are improved to make the process more reasonable and save network resources.
- FIG. 4 is a schematic diagram showing the flow of the TE using the USIM to access the network by applying the present invention.
- Step 401 Set an management list including a local TE identifier in the MT.
- the management list may be a TE management list that allows access, or may be forbidden.
- the TE management list may also be a management list including a TE list that allows access and a TE list that is prohibited from accessing.
- the management list in the MT is a management list including a TE list that allows access and a TE list that is prohibited from accessing.
- the authority information of the TE access network is further set in the TE management list that is allowed to access, to indicate whether the network that the TE can access through the WLAN is the Internet or the packet domain service in the 3GPP/3GPP2, that is, explicitly allowed.
- the service level used by TE because the rates of access to the two services are different, the former is lower, while the latter is relatively higher.
- the TE access management network further sets the state information of the TE access network to identify which TEs are in the networking state and which TEs are in the idle state.
- the MT can perform corresponding management according to the TE status information in the management list. For example, if the network only allows one MT to provide service to a TE, and the status of the TE is in the state of being used, then if the MT receives a connection request from another TE, it directly refuses to provide services.
- each list corresponds to one USIM, ISIM or SIM (USIM/ISIM/SIM) card, because each USIM/ISIM/SIM has a user identity.
- USIM/ISIM/SIM USIM/ISIM/SIM
- the management list in the MT corresponds to different management lists for different USIM/ISIM/SIM cards.
- PIN personal identification number
- Step 402 When the TE accesses the network and wants to use the service in the network, it receives the authentication identifier request message sent by the network side, because the identifier of the TE itself is not the user identity recognized in the 3GPP/3GPP2 network, , it will pass Bluetooth or infrared
- the local transmission protocol such as the interface is linked to the mobile phone next to the MT, which uses the identifier of the USIM card in the MT as the identifier of the access network, that is, the account.
- Step 403 After the TE and the MT establish a link through the local transmission protocol, the TE forwards the message of the request authentication identifier on the network side to the MT.
- the forwarded message contains the TE's identification.
- the TE forwards the message to the MT, it also needs to identify whether the authentication requirement of the ordinary Internet service is required or whether the 3GPP/3GPP2 packet domain service needs to be used, that is, the required access authority information is identified. It is better for TE not to insert the permission flag information directly in the authentication identification request message sent by the network, because the message needs to be kept simple.
- the TE can insert the privilege flag information in the forwarding process using the local transport protocol, such as the BLUETOOTH protocol.
- Step 404 After receiving the authentication identifier request, the MT performs the following operations according to the TE identifier in the request:
- step ii. Determine whether the TE is in the list of allowed TEs. If yes, perform step ii. Otherwise, determine whether the TE is in the TE list that is forbidden. If yes, the MT directly rejects the TE request, and ends the process. . If the above two conditions are not included, that is, the TE flag is not in the TE list that is allowed to be accessed, nor is it in the TE list that is forbidden to access, the following processing can be performed:
- ® directly rejects the TE request according to the pre-configuration. For example, the user is set to a DND state. At this time, the user terminal does not prompt the user in any way but directly rejects the TE request, and ends the process.
- the MT determines the permission information and the permission identified by the TE in the received request message. Whether the permission information of the TE in the list of accessing TE matches, if yes, accept the request and execute step 405, otherwise reject the request of the TE, and end the process.
- Step 405 The MT acquires user identity information in the 3GPP/3GPP2 network from the USIM, where the identity is IMSI, or pseudonym allocated by the 3GPP/3GPP2 network.
- Step 406 Send a response message containing the identity information to the TE by using the local transmission protocol MT.
- Step 407 The TE forwards the obtained response message including the identity identification information to the network side.
- Step 408 The network side generates an authentication vector according to the received identity information, and sends an authentication request including an authentication vector to the TE.
- Step 409 The TE forwards the authentication request including the authentication vector to the MT.
- Step 410 After receiving the authentication request including the authentication vector, the MT requests the USIM to perform calculation according to the authentication vector information, to detect the authenticity of the network, and after the detection, the MT
- the authentication response value and key information are obtained in the calculation result of the USIM.
- Step 411 The MT returns an authentication response message including an authentication response value to the TE.
- Step 412 The TE returns an authentication response message including an authentication response value to the network side.
- Step 413 The network side checks whether the authentication response value matches the self. If yes, the message that the authentication succeeds is sent to the TE, and the TE is allowed to access the network. Otherwise, the message that the authentication fails is sent to the TE, and the TE is denied to access the network. .
- Step 414 The TE determines whether the response message of the authentication success or the response message of the authentication failure is received. If the response message of the authentication failure fails, the TE directly ends the process, and the information is not sent to the MT. Otherwise, the TE sends the message to the MT. Notification of successful authentication.
- Step 415 After receiving the notification that the authentication succeeds, if the TE that initiates the request is in the TE list that is allowed to access, the MT changes the current state information of the TE device in the allowed TE list, that is, it identifies that it is currently connected to the network. Information; If the TE that initiated the request is not in the TE list that is allowed to access, step 416 is directly performed. Step 416: The MT sends the key information to the TE for use when the TE accesses the network. In step 417, the TE establishes a connection with the network side to perform normal communication.
- Step 418 After the service communication between the TE and the network ends, the network side sends a logout notification to step 419, and the TE forwards the received logout notification to the MT.
- the logout notification includes information on the type of logout authority, that is, whether the 3GPP/3GPP2 packet domain service logout or the INTERNET normal service logout is identified, so that the MT can know whether the TE is completely no longer using the account for communication.
- Step 420 After the MT receives the logout notification, if the TE that initiates the request is in the TE list that is allowed to access, the current state information of the TE device in the allowed TE list is changed, that is, it is identified as an idle state; if the request is initiated If the TE is not in the list of allowed TEs, the process ends directly.
- step 414 after receiving the authentication response message fed back by the network side, the TE may not determine whether the response message of the authentication success or the response message of the authentication failure is received, but the received message is received.
- the authentication response message is directly forwarded to the MT, and the MT performs a judgment operation, that is, in step 415, the MT first determines the received authentication response message, and if it determines that the received response message is successful, continues to execute. Subsequent operations, if it is judged to be a failure response message, the subsequent operations are not performed and the process ends.
- the flow is also slightly modified, mainly after the MT receives the authentication success notification from the TE or the MT determines that the TE forwards the authentication success response message.
- the key information is sent to the TE, which not only makes the process more reasonable, but also saves network resources.
- the MT may decide whether to join the requesting TE to the management list according to the operation of the user.
- the network does not limit an MT to provide services for several TEs. If the network has a limitation on this, in step 404, after receiving the request authentication identifier request from the TE, the MT first according to the management list. The current status information of the TE determines whether it is providing services for a limited number of TEs specified by the network. If yes, it directly refuses to provide services for the TE. Otherwise, the subsequent steps are performed.
- Method 1 Set the timer.
- the MT When the MT does not receive the logout notification sent by the TE that has been identified as the networked state within a predetermined period of time, the MT actively modifies the status information of the TE to indicate that it is in an unused state, that is, an idle state.
- the method is characterized in that: MT actively triggers modification, that is, as long as the set timer expires, the MT actively detects and modifies the TE status information that has timed out in the management list.
- Method 2 Time stamp the changed status information.
- the MT receives the new authentication identifier request and determines that it is providing services for a limited number of TEs according to the current state information of the TE in the management list, it further determines the time difference between the current time and the time indicated by the timestamp in the state information. Whether the value exceeds the preset time threshold. If yes, the status information of the TE is actively modified to indicate that it is in an unused state, that is, an idle state. Otherwise, no change is made, and the service for the new TE is refused.
- the method is characterized in that: MT passively triggers modification, that is, only when the MT receives the TE request, the detection is performed, and the TE that has timed out is modified. status information.
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Mobile Radio Communication Systems (AREA)
- Telephonic Communication Services (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Description
Claims
Priority Applications (3)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US10/591,151 US8208898B2 (en) | 2004-06-25 | 2005-06-21 | Method for managing local terminal equipment accessing a network |
EP05759363A EP1742410A4 (en) | 2004-06-25 | 2005-06-21 | METHOD FOR MANAGING A LOCAL DEVICE TO ACCESS A NETWORK |
US13/480,497 US9681294B2 (en) | 2004-06-25 | 2012-05-25 | Method for managing local terminal equipment accessing a network |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CNB2004100498831A CN1274181C (zh) | 2004-06-25 | 2004-06-25 | 管理本地终端设备接入网络的方法 |
CN200410049883.1 | 2004-06-25 |
Related Child Applications (2)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US10/591,151 A-371-Of-International US8208898B2 (en) | 2004-06-25 | 2005-06-21 | Method for managing local terminal equipment accessing a network |
US13/480,497 Continuation US9681294B2 (en) | 2004-06-25 | 2012-05-25 | Method for managing local terminal equipment accessing a network |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2006000151A1 true WO2006000151A1 (fr) | 2006-01-05 |
Family
ID=34868702
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/CN2005/000891 WO2006000151A1 (fr) | 2004-06-25 | 2005-06-21 | Procede de gestion d'un materiel terminal local pour l'acces au reseau |
Country Status (6)
Country | Link |
---|---|
US (2) | US8208898B2 (zh) |
EP (2) | EP1916867B2 (zh) |
CN (1) | CN1274181C (zh) |
AT (1) | ATE443415T1 (zh) |
DE (1) | DE602005016737D1 (zh) |
WO (1) | WO2006000151A1 (zh) |
Families Citing this family (24)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1921682B (zh) * | 2005-08-26 | 2010-04-21 | 华为技术有限公司 | 增强通用鉴权框架中的密钥协商方法 |
JP4334531B2 (ja) * | 2005-11-01 | 2009-09-30 | 株式会社エヌ・ティ・ティ・ドコモ | 通信システム、移動局、交換機及び通信方法 |
CN101111075B (zh) * | 2007-04-16 | 2010-12-15 | 华为技术有限公司 | 移动通信系统中准入判断和寻呼用户的方法、系统及装置 |
CN101170495B (zh) * | 2007-11-20 | 2012-07-04 | 华为技术有限公司 | 准入列表更新的方法、装置、系统和接入点 |
CN101547242B (zh) * | 2008-03-24 | 2010-12-22 | 华为技术有限公司 | 一种列表管理方法及其装置 |
EP2332053B1 (en) * | 2008-09-30 | 2015-12-02 | Hewlett-Packard Development Company, L.P. | Authentication of services on a partition |
CN102143504A (zh) * | 2010-02-01 | 2011-08-03 | 华为终端有限公司 | 一种远程管理无线移动终端方法及装置 |
US8774073B1 (en) * | 2010-03-04 | 2014-07-08 | Cellco Partnership | Issuance of sleep commands to mobile communication devices from radio network controller |
EP2622818B1 (en) | 2010-10-01 | 2019-05-15 | LG Electronics Inc. | Packet-domain-at-commands enhancement |
TWI457033B (zh) * | 2012-05-18 | 2014-10-11 | Asustek Comp Inc | 可攜式電子裝置及其網際網路連線設定方法 |
US8994800B2 (en) | 2012-07-25 | 2015-03-31 | Gopro, Inc. | Credential transfer management camera system |
US9036016B2 (en) | 2012-07-25 | 2015-05-19 | Gopro, Inc. | Initial camera mode management system |
US8995903B2 (en) * | 2012-07-25 | 2015-03-31 | Gopro, Inc. | Credential transfer management camera network |
JP5987707B2 (ja) | 2013-01-25 | 2016-09-07 | ソニー株式会社 | 端末装置、プログラム及び通信システム |
WO2014126518A1 (en) * | 2013-02-13 | 2014-08-21 | Telefonaktiebolaget L M Ericsson (Publ) | Method and network node for obtaining a permanent identity of an authenticating wireless device |
US9742767B1 (en) | 2014-09-25 | 2017-08-22 | Google Inc. | Systems, methods, and media for authenticating multiple devices |
WO2016182953A1 (en) | 2015-05-08 | 2016-11-17 | Simo Holdings Inc. | Virtual subscriber identity module for mobile communication device |
WO2016191956A1 (zh) * | 2015-05-29 | 2016-12-08 | 华为技术有限公司 | 在无线网络中进行身份识别的方法、装置和设备 |
US9946256B1 (en) | 2016-06-10 | 2018-04-17 | Gopro, Inc. | Wireless communication device for communicating with an unmanned aerial vehicle |
US10397415B1 (en) | 2016-09-30 | 2019-08-27 | Gopro, Inc. | Systems and methods for automatically transferring audiovisual content |
US10044972B1 (en) | 2016-09-30 | 2018-08-07 | Gopro, Inc. | Systems and methods for automatically transferring audiovisual content |
CN108965386B (zh) * | 2018-06-08 | 2021-12-14 | 奇安信科技集团股份有限公司 | 一种共享接入终端的识别方法及装置 |
CN112260985B (zh) * | 2020-09-03 | 2023-08-01 | 富联智能工坊(郑州)有限公司 | 终端安全管控设备及终端安全管控方法 |
US11991525B2 (en) | 2021-12-02 | 2024-05-21 | T-Mobile Usa, Inc. | Wireless device access and subsidy control |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20040076128A1 (en) * | 2002-10-17 | 2004-04-22 | Far Eastone Telecommunications Co., Ltd. | Wireless LAN authentication, authorization, and accounting system and method utilizing a telecommunications network |
EP1424617A1 (de) * | 2002-11-26 | 2004-06-02 | Siemens Aktiengesellschaft | Verfahren zur Authentisierung und Vergebührung eines Teilnehmers eines Funknetzes |
KR20040049188A (ko) * | 2002-12-05 | 2004-06-11 | 엘지전자 주식회사 | 무선랜망과 이동통신 시스템망간의 연동방법 |
Family Cites Families (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP3624802B2 (ja) * | 2000-06-30 | 2005-03-02 | 株式会社村田製作所 | 非可逆回路素子、およびその実装構造 |
US20020147926A1 (en) * | 2001-04-04 | 2002-10-10 | Pecen Mark E. | Method and apparatus for authentication using remote multiple access SIM technology |
DE60109585D1 (de) * | 2001-05-08 | 2005-04-28 | Ericsson Telefon Ab L M | Sicherer Zugang zu einem entfernten Teilnehmermodul |
US20020168962A1 (en) † | 2001-05-09 | 2002-11-14 | Docomo Communications Laboratories Usa | Customized service providing scheme |
US20020169958A1 (en) | 2001-05-14 | 2002-11-14 | Kai Nyman | Authentication in data communication |
US20030120920A1 (en) * | 2001-12-20 | 2003-06-26 | Svensson Sven Anders Borje | Remote device authentication |
ES2295336T3 (es) | 2002-05-01 | 2008-04-16 | Telefonaktiebolaget Lm Ericsson (Publ) | Sistema, aparato y metodo para la autentificacion y encriptacion basadas en sim (modulo de identificacion del suscriptor) en el acceso de una red de area local inalambrica (wlan). |
ATE383023T1 (de) | 2002-09-16 | 2008-01-15 | Ericsson Telefon Ab L M | Sicherer zugang zu einem teilnehmermodul |
WO2005107166A1 (en) * | 2004-05-03 | 2005-11-10 | Nokia Corporation | Selection of wireless local area network (wlan) with a split wlan user equipment |
-
2004
- 2004-06-25 CN CNB2004100498831A patent/CN1274181C/zh not_active Expired - Lifetime
-
2005
- 2005-06-21 US US10/591,151 patent/US8208898B2/en active Active
- 2005-06-21 DE DE602005016737T patent/DE602005016737D1/de active Active
- 2005-06-21 EP EP08151436A patent/EP1916867B2/en active Active
- 2005-06-21 EP EP05759363A patent/EP1742410A4/en not_active Withdrawn
- 2005-06-21 AT AT08151436T patent/ATE443415T1/de not_active IP Right Cessation
- 2005-06-21 WO PCT/CN2005/000891 patent/WO2006000151A1/zh not_active Application Discontinuation
-
2012
- 2012-05-25 US US13/480,497 patent/US9681294B2/en active Active
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20040076128A1 (en) * | 2002-10-17 | 2004-04-22 | Far Eastone Telecommunications Co., Ltd. | Wireless LAN authentication, authorization, and accounting system and method utilizing a telecommunications network |
EP1424617A1 (de) * | 2002-11-26 | 2004-06-02 | Siemens Aktiengesellschaft | Verfahren zur Authentisierung und Vergebührung eines Teilnehmers eines Funknetzes |
KR20040049188A (ko) * | 2002-12-05 | 2004-06-11 | 엘지전자 주식회사 | 무선랜망과 이동통신 시스템망간의 연동방법 |
Also Published As
Publication number | Publication date |
---|---|
EP1916867A1 (en) | 2008-04-30 |
EP1742410A1 (en) | 2007-01-10 |
US20080101276A1 (en) | 2008-05-01 |
EP1916867B2 (en) | 2012-06-06 |
EP1916867B1 (en) | 2009-09-16 |
US9681294B2 (en) | 2017-06-13 |
US20120276874A1 (en) | 2012-11-01 |
DE602005016737D1 (de) | 2009-10-29 |
US8208898B2 (en) | 2012-06-26 |
CN1642349A (zh) | 2005-07-20 |
ATE443415T1 (de) | 2009-10-15 |
EP1742410A4 (en) | 2007-07-25 |
CN1274181C (zh) | 2006-09-06 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
WO2006000151A1 (fr) | Procede de gestion d'un materiel terminal local pour l'acces au reseau | |
US8077688B2 (en) | Method of user access authorization in wireless local area network | |
US10206102B2 (en) | Network access control methods and apparatus | |
CN1781099B (zh) | 在公共热点中的客户终端的自动配置 | |
CN101150594B (zh) | 一种移动蜂窝网络和无线局域网的统一接入方法及系统 | |
JP4864094B2 (ja) | 通信制御システム | |
JP5008395B2 (ja) | 異なるユーザ装置を収容可能なフレキシブルwlanアクセスポイントアーキテクチャ | |
KR100450950B1 (ko) | 구내/공중망 무선 패킷데이터 서비스를 받는 이동단말기의 인증 방법 및 그 사설망 시스템 | |
US7480933B2 (en) | Method and apparatus for ensuring address information of a wireless terminal device in communications network | |
WO2006002601A1 (fr) | Procede pour l'etablissement de la connexion de session par les utilisateurs de reseau local sans fil | |
WO2019017837A1 (zh) | 网络安全管理的方法及装置 | |
WO2007019771A1 (en) | An access control method of the user altering the visited network, the unit and the system thereof | |
WO2008019615A1 (fr) | Procédé, dispositif et système pour authentification d'accès | |
JP2005525740A (ja) | シームレスな公衆無線ローカル・エリア・ネットワーク・ユーザ認証 | |
WO2005074194A1 (en) | An interactive method of a wireless local area network user terminal rechoosing a management network | |
WO2005039110A1 (fr) | Analyse du traitement d'acces a un service selectionne dans un reseau local radio | |
JP3931187B2 (ja) | ワイヤレスローカルネットワークをumts端末局に接続するための方法およびデータシステム | |
WO2005101729A1 (fr) | Procede de liberation d'une ressource reseau occupee par l'utilisateur dans un reseau local sans fil | |
WO2010124569A1 (zh) | 用户接入控制方法和系统 | |
WO2015100874A1 (zh) | 家庭网关接入管理方法和系统 | |
WO2014201766A1 (zh) | 一种应急通信方法、移动终端、认证服务器和无线接入点 | |
KR101049635B1 (ko) | 공중 무선랜과 기업 무선랜간의 로밍 서비스 제공 방법 | |
WO2013037264A1 (zh) | 一种接纳控制方法和系统 | |
WO2010124608A1 (zh) | 紧急业务的实现方法及家用基站 | |
WO2009129703A1 (zh) | 一种通用业务接口系统注册的方法与设备 |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
AK | Designated states |
Kind code of ref document: A1 Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BW BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE EG ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KM KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NA NG NI NO NZ OM PG PH PL PT RO RU SC SD SE SG SK SL SM SY TJ TM TN TR TT TZ UA UG US UZ VC VN YU ZA ZM ZW |
|
AL | Designated countries for regional patents |
Kind code of ref document: A1 Designated state(s): BW GH GM KE LS MW MZ NA SD SL SZ TZ UG ZM ZW AM AZ BY KG KZ MD RU TJ TM AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IS IT LT LU MC NL PL PT RO SE SI SK TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG |
|
121 | Ep: the epo has been informed by wipo that ep was designated in this application | ||
WWE | Wipo information: entry into national phase |
Ref document number: 2005759363 Country of ref document: EP |
|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
WWW | Wipo information: withdrawn in national office |
Country of ref document: DE |
|
WWP | Wipo information: published in national office |
Ref document number: 2005759363 Country of ref document: EP |
|
WWE | Wipo information: entry into national phase |
Ref document number: 10591151 Country of ref document: US |
|
WWW | Wipo information: withdrawn in national office |
Ref document number: 2005759363 Country of ref document: EP |
|
WWP | Wipo information: published in national office |
Ref document number: 10591151 Country of ref document: US |