WO2009043262A1 - A method and device of accessing control - Google Patents

A method and device of accessing control Download PDF

Info

Publication number
WO2009043262A1
WO2009043262A1 PCT/CN2008/072401 CN2008072401W WO2009043262A1 WO 2009043262 A1 WO2009043262 A1 WO 2009043262A1 CN 2008072401 W CN2008072401 W CN 2008072401W WO 2009043262 A1 WO2009043262 A1 WO 2009043262A1
Authority
WO
WIPO (PCT)
Prior art keywords
access control
control list
hhss
identifier
imsi
Prior art date
Application number
PCT/CN2008/072401
Other languages
French (fr)
Chinese (zh)
Inventor
Xiaohan Liu
Min Huang
Original Assignee
Huawei Technologies Co., Ltd.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Huawei Technologies Co., Ltd. filed Critical Huawei Technologies Co., Ltd.
Priority to CN200880007243.0A priority Critical patent/CN101669327B/en
Publication of WO2009043262A1 publication Critical patent/WO2009043262A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/101Access control lists [ACL]

Definitions

  • the present invention relates to a method for access control in the field of communications, and in particular, to a method and apparatus for performing access control. Background technique
  • HNB home base stations
  • HNB refers to a small, small base station for home or office use. It may be completely private. It can also be opened to the public for use with different priorities and permissions. Its ownership is private, not government or operation. Business; its use of objects may be a small range of users, but also a wide range of users.
  • HNB is used to implement wireless access, which can better utilize existing network resources, save more network equipment operators' costs, and combine the advantages of mobile access networks and fixed access networks.
  • HNB is a private device that does not require outsiders to use it without the owner's permission.
  • the tariff covered by HNB is more favorable than the macro network, and it is desirable to limit the UEs that use HNB. Therefore, the HNB needs to provide access control functions to judge and limit the UEs trying to access the HNB. Only the access of the authorized UE is accepted, and the camping of the unlicensed UE is rejected, and the normal use of the unlicensed UE in the macro cell cannot be affected at the same time.
  • CSG Closed Subscriber Group
  • a CSG may contain one HNB cell and may also contain multiple HNB cells. Each CSG corresponds to an access control list. The UEs in the incoming control list can use all HNBs in the CSG, and other UEs will be denied access.
  • the owner of the HNB may wish to add the friend's UE to the access control list and delete the UE after the friend leaves, which will result in the change of the access control list. Will be more frequent. Users can change the access control list through the Web, HNB, and other means. Since the International Mobile Subscriber Identity (IMSI) is confidential information, the user cannot obtain it at all, so that the user can only use the mobile station integrated service digital network (MS-ISDN) of the UE, that is, The mobile phone number of the UE is used to modify the access control list.
  • IMSI mobile station integrated service digital network
  • the access control can be performed on the network side or in the HNB. Because there are too many signalings involved in access control on the network side, access control needs to be performed in the HNB, because the user usually uses temporary mobility. Temporary Mobile Station Identity (TMSI), so the implementation of access control can only use TMSI, and IMSI is rarely needed.
  • TMSI Temporary Mobile Station Identity
  • an embodiment of the present invention provides a method and an apparatus for performing access control, where the network for a home base station HNB includes: receiving a modify access control list request, and modifying the access control list request The first identifier of the user equipment UE is included; the access control list is modified according to the modified access control list, where the access control list includes the first identifier and the second identifier of the UE; The access control list performs access control on the UE.
  • the embodiment of the present invention further provides an apparatus for performing access control, which is used for performing access control on a UE, where the apparatus includes: a messaging module, an information storage module, and an access control module, where the message transceiver module For receiving a modify access control list request, the modified access control list requesting to carry the first identifier of the UE; the information storage module, configured to store an access control list, and receive according to the message receiving and receiving module
  • the modified access control list is requested to modify the access control list, where the access control list includes the first identifier and a second identifier of the UE; the access control module is configured to The access control list performs access control on the UE.
  • a method for performing access control provides a specific configuration and usage method of an access control list when using a device for performing access control, for example, a user can access the HNB at home, by inputting an MS-ISDN Alternatively, you can register, modify, or delete the authorized UE by setting the MS-ISDN through the customer service hotline or the WEB webpage provided by the operator. And gives specific details on how to use The scheme is used to restrict the UE from accessing the entity in which the device is located, that is, the entity may perform access control on the UE according to the IMSI, TMSI or other identifier and access control list of the UE.
  • FIG. 1 is a schematic flowchart of a user configuring an access control list according to an embodiment of the present invention
  • FIG. 2 is a schematic flowchart of an HHSS access control list update according to an embodiment of the present invention
  • FIG. 3 is a schematic diagram of a process for updating an access control list saved by an HNB by an HHSS according to an embodiment of the present invention
  • FIG. 4 is a schematic flow chart of updating an access control list saved by an HNB by an SGSN according to an embodiment of the present invention
  • FIG. 5 is a schematic structural diagram of an HNB according to an embodiment of the present invention. detailed description
  • the intermediate node between the HNB, or the GPRS GPRS Support Node (SGSN), or the HNB and the Core Network (CN) performs access control on the UE (hereinafter, the HNB is taken as an example).
  • the HNB determines whether the accessed UE is legal according to the IMSI (or other identifier) and the TMSI of the UE. Therefore, the access control list maintained by the HNB includes the IMSI (or other identifier) and the TMSI of the UE, as shown in Table 1 and Table. 2, an embodiment of an access control list saved for HNB:
  • the access control list saved by the HNB may further include a new identifier defined by the HHSS according to the IMSI to the UE, as shown in Table 2.
  • the HNB performs access control on the UE according to the foregoing access control list, that is, the UE is allowed to access only when there is related information of the UE in the access control list saved by the HNB.
  • the access control list in the HNB needs to be updated in time.
  • the entity that controls the access control list in the HNB to update may be an HNB Home Subscriber Server (HHSS), or an HSS, or a GPRS service support node (Severing GPRS Support). Node, SGSN), that is, when the access control list information in the HHSS or HSS or SGSN changes, the HNB is notified to modify its access control list.
  • HHSS HNB Home Subscriber Server
  • SHA-1 GPRS service support node
  • Node, SGSN that is, when the access control list information in the HHSS or HSS or SGSN changes, the HNB is notified to modify its access control list.
  • Embodiment 1 of the present invention provides a method for updating an access control list of an HNB by an HHSS or an HSS.
  • the first case occurs when the user configures the access control list using the MS-ISDN of the UE.
  • the HHSS on the network side stores the HNB subscription information, including: security information, HNB identifier, CSG identity (CSG ID) of the HNB, and UE access control list for each CSG.
  • a CSG may contain one or more HNBs.
  • the access control list may be the same. Therefore, an access control list can be maintained for each CSG on the HHSS, that is, each access control list is identified by a different CSG ID. HHSS does not have to have all HNBs belonging to one CSG To maintain its access control list, just maintain the access control list of the CSG. Alternatively, an access control list may be maintained for each HNB on the HHSS. For example, Table 3 lists the access control list of each HNB saved in the HHSS:
  • the HHSS may also be configured to define a new identifier for the UE according to the IMSI, and the identifier may be the sequence number of the UE, or may be other forms, but the UE may be uniquely identified, as shown in Table 4. .
  • a flow chart when a user configures an access control list by using an MS-ISDN of the UE includes:
  • Step 101 The HHSS receives the modified access control list request for adding or deleting the MS-ISDN of the UE.
  • the user sends an MS-ISDN request to add or delete the UE to the HHSS through the receiving station, or through the WEB webpage provided by the operator, or by setting or deleting the MS-ISDN of the UE in the OM interface of the HNB.
  • Step 102 The HHSS receives the request message of the MS-ISDN added or deleted by the UE, and sends an IMSI query request message to the HSS to which the UE belongs.
  • the query message carries the MS-ISDN of the UE.
  • Step 103 The HSS queries the corresponding information of the UE according to the received MS-ISDN.
  • Step 104 The HSS sends an IMSI query response message to the HHSS, where the message carries the IMSI of the UE.
  • Step 105 The HHSS modifies the access control list according to the received IMSI information, that is, adds or deletes the IMSI of the UE in the access control list saved by the HHSS.
  • Step 106 The HHSS sends a modify access control list response message to the requester that adds or deletes the MS-ISDN.
  • the HHSS may also define a new identifier for the UE according to the received IMSI in step 105, and add the IMSI of the UE and the new one in the saved access control list. logo.
  • the HSS in the above process can also save the access control list information.
  • the CSG information related to the CSG to be stored in the UE may be included in the UE, or may include the CSG ID of the CSG that the UE is allowed to access, or the UE may not be connected.
  • the CSG ID of the incoming CSG, which belongs to the UE's subscription information, is also stored in the HSS.
  • the correspondence between CSG and HHSS is also stored in the HSS, that is, which CSGs are included in an HHSS.
  • the HNB is notified to modify its saved access control list. The specific process will be analyzed in detail later.
  • the update of the access control list of the HHSS may also be after the UE Service Identity Module (USIM) is lost.
  • USIM UE Service Identity Module
  • the reissued USIM card will retain the original MS-ISDN, but the IMSI has changed.
  • the operator needs to update the original IMSI corresponding to the MS-ISDN on the HSS, and update the corresponding information of the IMSI in the access control list on the HHSS.
  • the HSS keeps the subscription information of the UE, including the CSG ID of the CSG that the UE is allowed to access or the CSG ID of the CSG that the UE does not allow access to.
  • the HSS also stores the correspondence between the CSG and the HHSS, that is, which HHSS is included in the HSS.
  • FIG. 1 is a schematic diagram of the process of refreshing the access control list saved by the HHSS in the above situation, including:
  • Step 201 The HSS searches for the corresponding original IMSI according to the MS-ISDN of the UE, and searches for the CSG to which the UE belongs and the HHSS to which the CSG belongs according to the IMSI, and then updates the original IMSI.
  • Step 202 The HSS sends a request to the HHSS to modify an IMSI request message, where the message carries the original IMSI and the updated IMSI.
  • Step 203 The HHSS searches for the access control list corresponding to the CSG according to the original IMSI, and updates the original IMSI in the access control list to a new IMSI.
  • step 203 becomes:
  • Step 2031 The HHSS searches for the access control list corresponding to the CSG according to the received old IMSI, updates the original IMSI in the access control list to a new IMSI, and defines a new identifier for the UE according to the new IMSI.
  • the HNB subscription information is stored in the HSS, the above process can be implemented directly between the user and the HSS.
  • the entity HHSS is optional.
  • the above describes two cases in which the access control list changes on the HHSS or the HSS.
  • the access control lists on the two entities change, they notify the HNB to update the access control list saved by the HNB, so that the HNB can The latest information to access control the UE.
  • HHSS or HSS controls the HNB to update the access control list.
  • FIG. 3 is a schematic diagram of the process of updating the access control list in the HNB by the HHSS, including the following steps:
  • Step 301 The HHSS modifies its saved access control list.
  • Step 302 The HHSS sends a modify access control list request message to the HNB, where the message carries
  • the information of the UE includes the IMSI of the UE, or the original IMSI of the UE and the updated IMSI.
  • Step 303 The HNB modifies its saved access control list according to the IMSI.
  • the access control list saved by the HNB in the foregoing step 303 may be added or deleted.
  • the IMSI of the UE or update the original IMSI to the new IMSI.
  • Step 304 The HNB sends a modify access control list acknowledgement message to the HHSS.
  • step 302 and step 303 are respectively changed to:
  • Step 3021 The HHSS sends a modify access control request message to the HNB, where the message carries the information of the UE, including the new identifier defined by the HHSS to the UE, or the original new identifier of the UE and the updated new identifier.
  • Step 3031 The HNB modifies its saved access control list.
  • the HNB modifies the saved access control list to add or delete a new identity of the UE for the HNB, or update the original new identity to a new new identity.
  • the HNB is controlled by the HSS. Update the access control list.
  • the embodiment of the present invention provides a specific method for performing access control on the HNB.
  • By performing access control on the HNB a large number of signaling processes during access control on the network side can be avoided, and the signaling load of the SGSN is reduced.
  • the access control can also be performed in the SGSN.
  • the SGSN stores the access control information as shown in Table 5.
  • the information of the UE is obtained from the HHSS and the HSS, or other databases according to the identity of the UE and the identity of the HNB itself.
  • the UE information maintained by the SGSN may further include a new identity of the UE defined by the HHSS according to the IMSI.
  • the process is the same as the process of the first embodiment of the present invention, that is, the HHSS or the HSS updates the access control information saved by the SGSN.
  • the second embodiment of the present invention provides a method for performing access control on a UE by using an IMSI or a TMSI of an UE and an access control list, including:
  • the access control on the HNB is performed after the radio resource control (RRC) connection is successfully established.
  • RRC radio resource control
  • the access control on the HNB is Performed after the switch request.
  • the HNB obtains the UE identity (IMSI or TMSI, etc.) information from the UE, and compares it with the access control list stored in the HNB to determine whether the UE is allowed to access, thereby implementing access control to the UE.
  • the IMSI is used only when the UE performs initial network attach (Attach) after power-on, and uses TMSI for communication in the subsequent communication process for security reasons. Each time the UE shuts down or the location is updated, the network will re-allocate the TMSI to the UE.
  • the access control is performed on the HNB, the HNB needs to perform access control on the UE according to the TMSI of the UE. Therefore, the SGSN needs to update the TMSI saved on the HNB in time.
  • the TMSI is constantly changing, and the efficiency is very low if the TMSI changes of the UE are synchronized to the HNB each time.
  • the TMSI of the UE when the TMSI of the UE is updated, and the UE is close to the HNB, the TMSI saved on the HNB is updated, thereby implementing access control on the HNB.
  • the SGSN determines, according to the access control information stored in Table 5, whether the routing area (RA) to which the macro cell belongs is adjacent to the RA to which the subscribed HNB belongs.
  • FIG. 4 is a schematic flowchart of an SGSN updating an access control list saved by an HNB according to an embodiment of the present disclosure, which specifically includes:
  • Step 401 The SGSN determines that the TMSI of the UE changes.
  • the SGSN obtains the following information according to the subscription information of the UE and the related information list of the HNB: 1) the HNB ID of the HNB that the UE subscribes to and the RA ID of the HNB; A list of RAs adjacent to the RA.
  • the SGSN determines whether the current RA of the UE is adjacent to the RA where the HNB of the UE is located according to the foregoing information. If yes, step 402 is performed, and if no, the process ends.
  • Step 402 The SGSN sends a modify access control list request message to the HNB that is subscribed by the UE, where the UE information carried in the message includes the IMSI of the UE and the changed TMSI.
  • Step 403 The HNB modifies the corresponding information in the access control list according to the foregoing UE information.
  • Step 404 The HNB returns a modify access control list acknowledgement message to the SGSN, where the message carries the modification success or the modification failure information.
  • step 402 and step 403 are respectively:
  • Step 4021 The SGSN sends a modify access control list request message to the HNB, where the message carries the UE information, including the new identifier of the UE and the changed TMSI.
  • Step 4031 The HNB modifies the corresponding information in the access control list according to the foregoing UE information.
  • the movement across the RA may occur. If the method of the second embodiment is still used, there is a problem. Because if the UE is shut down or powered off, it just enters the HNB across the adjacent RA of the HNB. Since the TMSI is not sent to the HNB when the UE is powered off or powered off, the access control list on the HNB is not new according to the UE. The TMSI is updated in a timely manner so that a legitimate UE cannot access the HNB.
  • the access control may be performed on the HNB by using the following schemes, including: if the UE is normally shut down, the UE sends a disconnection request to the SGSN, and after receiving the detach request, the SGSN sends a modified access control list to the HNB.
  • a request message carrying the IMSI of the UE and the TMSI when the UE is disconnected from the network. If the UE is shut down abnormally, for example, when the power is off, when the location update timer of the UE expires, the SGSN will set the state of the UE to the detach state.
  • the network side may adjust the location update timer period of the UE according to the distance of the UE from the HNB that is allowed to access, and notify the UE to perform corresponding adjustment. After the UE accesses the HNB, the network side adjusts the location update timer period of the UE to a normal value, and notifies the UE to perform adjustment.
  • This embodiment provides a method for updating the access control list saved by the HNB when the TMSI of the UE is changed, and updating based on the two judgments in the embodiment, which can improve the update efficiency and reduce the signaling process. save resources.
  • the embodiment of the present invention further provides an apparatus for performing access control, where the apparatus may be located in an intermediate node between the HNB, or the SGSN, or the HNB and the CN, for performing access control on the UE, where the apparatus includes a message transceiver module. 501, an information storage module 502, an access control module 503, wherein
  • the messaging module 501 is configured to receive a modified access control list request sent by the HHSS or the HSS or the SGSN; if the device is in the SGSN, the module is only used to receive the modified access control list request from the HHSS or the HSS.
  • the modified access control list request carries the information of the UE required to modify the list, and the information may carry the IMSI and TMSI of the UE, or the new identifier defined by the HHSS to the UE.
  • the information storage module 502 is configured to store access control information, and is used to update information of the information storage module.
  • the access control module 503 is configured to perform access control on the UE according to the access control information stored in the information storage module 502.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

A method and a device of accessing control is provided. This method is for the network with Home Node Base station HNB, comprising : receiving request of modifying access control list with UE's first identity; modifying the access control list, which includes the first identity and UE's second identity, according to the said request, and then the access of UE is controlled according to the modified access control list. Users will use and collocate ACL expediently through the invention to control the access of UE.

Description

一种进行接入控制的方法以及装置 本申请要求于 2007年 9月 27日提交中国专利局、申请号为 200710077386.6、 发明名称为 "一种家用基站接入控制的方法" 的中国专利申请的优先权, 其全 部内容通过引用结合在本申请中。 技术领域  Method and apparatus for performing access control The present application claims priority to Chinese patent application filed on September 27, 2007 by the Chinese Patent Office, application number 200710077386.6, and entitled "A method for access control of home base stations" The entire contents of which are incorporated herein by reference. Technical field
本发明涉及通信领域中的接入控制的方法, 尤其涉及一种进行接入控制的 方法以及装置。 背景技术  The present invention relates to a method for access control in the field of communications, and in particular, to a method and apparatus for performing access control. Background technique
随着 Internet (互联网) 业务的蓬勃发展, 以及宽带接入网络和无线网络的 广泛应用, 高速、 便捷地接入网络是人们追求的目标。 为了更好的利用现有网 络的资源, 保护网络设备运营商的成本, 3GPP开始了家用基站(Home NodeB, HNB ) 的研究工作。 HNB是指小型化的、 家庭或者办公室用的小基站, 可能是 完全私有的, 也可以在设置不同优先级、 权限的情况下, 开放给大众使用, 其 所有权归私人, 而不是归政府或者运营商; 其使用对象则可能是小范围的用户, 也可能是大范围的用户。 采用 HNB来实现无线接入, 能够更好的利用现有网络 资源, 更多的节约网络设备运营商的成本, 融合移动接入网络和固定接入网络 的各自优点。  With the rapid development of Internet (Internet) services and the wide application of broadband access networks and wireless networks, high-speed and convenient access to the network is the goal pursued by people. In order to make better use of the resources of existing networks and protect the cost of network equipment operators, 3GPP began research work on home base stations (HNBs). HNB refers to a small, small base station for home or office use. It may be completely private. It can also be opened to the public for use with different priorities and permissions. Its ownership is private, not government or operation. Business; its use of objects may be a small range of users, but also a wide range of users. HNB is used to implement wireless access, which can better utilize existing network resources, save more network equipment operators' costs, and combine the advantages of mobile access networks and fixed access networks.
从用户角度出发, HNB是私人设备, 未经主人允许, 不希望有外人来使用。 从运营商的角度出发, HNB 覆盖下的资费要比宏网络优惠, 希望对使用 HNB 的 UE加以限制。 所以 HNB需要提供接入控制的功能, 对试图接入 HNB的 UE 加以判断和限制。 只接受授权 UE的访问, 拒绝非授权 UE的驻留, 同时还不能 影响非授权 UE在宏小区的正常使用。 目前在 3GPP标准中提出了闭合用户群 ( Closed Subscriber Group, CSG ) 的概念, 一个 CSG可能包含一个 HNB小区 也可能包含多个 HNB小区, 每个 CSG与一张接入控制列表相对应, 在接入控 制列表内的 UE可以使用 CSG中所有的 HNB, 其它的 UE将被拒绝接入。  From the user's point of view, HNB is a private device that does not require outsiders to use it without the owner's permission. From the perspective of the operator, the tariff covered by HNB is more favorable than the macro network, and it is desirable to limit the UEs that use HNB. Therefore, the HNB needs to provide access control functions to judge and limit the UEs trying to access the HNB. Only the access of the authorized UE is accepted, and the camping of the unlicensed UE is rejected, and the normal use of the unlicensed UE in the macro cell cannot be affected at the same time. Currently, the concept of Closed Subscriber Group (CSG) is proposed in the 3GPP standard. A CSG may contain one HNB cell and may also contain multiple HNB cells. Each CSG corresponds to an access control list. The UEs in the incoming control list can use all HNBs in the CSG, and other UEs will be denied access.
当有朋友来家中做客时, HNB的拥有者可能希望将朋友的 UE加入到接入 控制列表中,在朋友离开后再将这些 UE删除,这就会使得接入控制列表的更改 会比较频繁。 用户可以通过 Web、 HNB等途径来进行更改接入控制列表。 由于 国际移动用户标识( International Mobile Subscriber Identity, IMSI )是机密信息, 用户根本无法获取, 这样用户只能使用 UE 的移动台综合业务数字网号码 ( Mobile Station Integrated Services Digital Network, MS-ISDN ), 即 UE的手机号 来进行接入控制列表的修改。 When a friend comes to the house, the owner of the HNB may wish to add the friend's UE to the access control list and delete the UE after the friend leaves, which will result in the change of the access control list. Will be more frequent. Users can change the access control list through the Web, HNB, and other means. Since the International Mobile Subscriber Identity (IMSI) is confidential information, the user cannot obtain it at all, so that the user can only use the mobile station integrated service digital network (MS-ISDN) of the UE, that is, The mobile phone number of the UE is used to modify the access control list.
接入控制可以在网络侧执行, 也可以在 HNB中执行, 由于在网络侧进行接 入控制涉及到的信令太多, 接入控制需要在 HNB中执行, 由于一般情况下用户 是使用临时移动台标识(Temporary Mobile Station Identity, TMSI ) 的, 所以接 入控制的执行也只能使用 TMSI, 很少情况下需要使用 IMSI。  The access control can be performed on the network side or in the HNB. Because there are too many signalings involved in access control on the network side, access control needs to be performed in the HNB, because the user usually uses temporary mobility. Temporary Mobile Station Identity (TMSI), so the implementation of access control can only use TMSI, and IMSI is rarely needed.
但是对于如何使用上述接入控制列表对接入 HNB的 UE进行限制, 用户如 何加入接入控制列表,如何将用户从接入控制列表删除,以及如何使用 MS-ISDN 来配置接入控制列表等问题, 现有技术中并没有相关的解决方案。 发明内容  However, how to use the above access control list to restrict access to the HNB UE, how to join the access control list, how to delete the user from the access control list, and how to use the MS-ISDN to configure the access control list. There is no related solution in the prior art. Summary of the invention
有鉴于此, 本发明实施例提供了一种进行接入控制的方法以及装置, 用于 具有家用基站 HNB的网络中, 包括: 接收修改接入控制列表请求, 所述修改接 入控制列表请求中包括用户设备 UE的第一标识;根据所述修改接入控制列表请 求修改接入控制列表,所述接入控制列表中包括所述第一标识和所述 UE的第二 标识; 根据修改后的接入控制列表对 UE进行接入控制。  In view of this, an embodiment of the present invention provides a method and an apparatus for performing access control, where the network for a home base station HNB includes: receiving a modify access control list request, and modifying the access control list request The first identifier of the user equipment UE is included; the access control list is modified according to the modified access control list, where the access control list includes the first identifier and the second identifier of the UE; The access control list performs access control on the UE.
本发明实施例还提供了一种进行接入控制的装置, 用于对 UE进行接入控 制, 所述装置包括: 消息收发模块、 信息存储模块和接入控制模块, 其中, 所 述消息收发模块, 用于接收修改接入控制列表请求, 所述修改接入控制列表请 求携带所述 UE的第一标识; 所述信息存储模块, 用于存储接入控制列表, 并根 据所述消息收发模块接收到的所述修改接入控制列表请求修改所述接入控制列 表,所述接入控制列表中包括所述第一标识和所述 UE的第二标识; 所述接入控 制模块, 用于根据所述接入控制列表对 UE进行接入控制。  The embodiment of the present invention further provides an apparatus for performing access control, which is used for performing access control on a UE, where the apparatus includes: a messaging module, an information storage module, and an access control module, where the message transceiver module For receiving a modify access control list request, the modified access control list requesting to carry the first identifier of the UE; the information storage module, configured to store an access control list, and receive according to the message receiving and receiving module The modified access control list is requested to modify the access control list, where the access control list includes the first identifier and a second identifier of the UE; the access control module is configured to The access control list performs access control on the UE.
本发明实施例提供的一种进行接入控制的方法, 给出了使用进行接入控制 的装置时接入控制列表的具体配置、 使用方法, 如, 用户可以在家访问 HNB , 通过输入 MS-ISDN , 或者通过客服热线或者运营商提供的 WEB 网页设置 MS-ISDN就可以实现注册、 修改或删除授权 UE。 而且给出了具体如何使用限 制列表来限制 UE接入上述装置所在的实体的方案, 即该实体可以根据 UE的 IMSI、 TMSI或者其它标识和接入控制列表来对 UE进行接入控制。 附图说明 例或现有技术描述中所需要使用的附图作筒单地介绍, 显而易见地, 下面描述 中的附图仅仅是本发明的一些实施例, 对于本领域普通技术人员来讲, 在不付 出创造性劳动性的前提下, 还可以根据这些附图获得其他的附图。 A method for performing access control according to an embodiment of the present invention provides a specific configuration and usage method of an access control list when using a device for performing access control, for example, a user can access the HNB at home, by inputting an MS-ISDN Alternatively, you can register, modify, or delete the authorized UE by setting the MS-ISDN through the customer service hotline or the WEB webpage provided by the operator. And gives specific details on how to use The scheme is used to restrict the UE from accessing the entity in which the device is located, that is, the entity may perform access control on the UE according to the IMSI, TMSI or other identifier and access control list of the UE. BRIEF DESCRIPTION OF THE DRAWINGS The accompanying drawings, which are incorporated in the claims Other drawings may also be obtained from these drawings without the inventive labor.
图 1是本发明实施例用户对接入控制列表进行配置的流程示意图; 图 2是本发明实施例 HHSS接入控制列表更新的流程示意图;  1 is a schematic flowchart of a user configuring an access control list according to an embodiment of the present invention; FIG. 2 is a schematic flowchart of an HHSS access control list update according to an embodiment of the present invention;
图 3是本发明实施例 HHSS对 HNB保存的接入控制列表进行更新的流程示 意图;  FIG. 3 is a schematic diagram of a process for updating an access control list saved by an HNB by an HHSS according to an embodiment of the present invention; FIG.
图 4是本发明实施例 SGSN对 HNB保存的接入控制列表进行更新的流程示 意图;  4 is a schematic flow chart of updating an access control list saved by an HNB by an SGSN according to an embodiment of the present invention;
图 5是本发明实施例中 HNB的结构示意图。 具体实施方式  FIG. 5 is a schematic structural diagram of an HNB according to an embodiment of the present invention. detailed description
为使发明目的、 技术方案和有益效果更加清楚, 下面将结合附图对本发明 的具体实施方式进行详细说明。  The embodiments of the present invention will be described in detail below with reference to the accompanying drawings.
本发明中由 HNB、 或网关 GPRS支持节点 ( Servicing GPRS Support Node, SGSN )、 或 HNB与核心网 ( Core Network, CN )之间的中间节点对 UE进行接 入控制 (下面均以 HNB为例进行说明), HNB根据 UE的 IMSI (或其他标识 ) 和 TMSI来判断接入的 UE是否合法,所以 HNB维护的接入控制列表中包括 UE 的 IMSI (或其他标识 )和 TMSI, 如表 1和表 2所示, 为 HNB保存的接入控制 列表的实施例:  In the present invention, the intermediate node between the HNB, or the GPRS GPRS Support Node (SGSN), or the HNB and the Core Network (CN) performs access control on the UE (hereinafter, the HNB is taken as an example). The HNB determines whether the accessed UE is legal according to the IMSI (or other identifier) and the TMSI of the UE. Therefore, the access control list maintained by the HNB includes the IMSI (or other identifier) and the TMSI of the UE, as shown in Table 1 and Table. 2, an embodiment of an access control list saved for HNB:
表 1  Table 1
Figure imgf000005_0001
UE3 IMSI3 TMSI3
Figure imgf000005_0001
UE3 IMSI3 TMSI3
HNB保存的接入控制列表中还可以包括 HHSS根据 IMSI对 UE定义的新标 识, 如表 2所示。 The access control list saved by the HNB may further include a new identifier defined by the HHSS according to the IMSI to the UE, as shown in Table 2.
表 2  Table 2
Figure imgf000006_0001
Figure imgf000006_0001
HNB根据上述接入控制列表对 UE进行接入控制,即只有当 HNB保存的接 入控制列表中有该 UE的相关信息时, 才允许该 UE接入。 HNB中的接入控制 列表需要及时进行更新,控制 HNB中接入控制列表进行更新的实体可以是 HNB 用户归属服务器( HNB Home Subscriber Server, HHSS ), 或者 HSS, 或者 GPRS 业务支持节点( Severing GPRS Support Node, SGSN ),即当 HHSS或 HSS或 SGSN 中的接入控制列表信息发生改变时, 就通知 HNB对其接入控制列表进行修改。 下面分别介绍这几种实体控制 HNB更新接入控制列表的方法。 当然, 若对 UE 进行接入控制的实体即为 SGSN,则对该 SGSN中接入控制列表进行更新控制的 其他实体可以是 HSS或 HHSS。 The HNB performs access control on the UE according to the foregoing access control list, that is, the UE is allowed to access only when there is related information of the UE in the access control list saved by the HNB. The access control list in the HNB needs to be updated in time. The entity that controls the access control list in the HNB to update may be an HNB Home Subscriber Server (HHSS), or an HSS, or a GPRS service support node (Severing GPRS Support). Node, SGSN), that is, when the access control list information in the HHSS or HSS or SGSN changes, the HNB is notified to modify its access control list. The following describes the methods for controlling the HNB to update the access control list. Of course, if the entity that performs access control on the UE is the SGSN, the other entity that performs the update control on the access control list in the SGSN may be an HSS or an HHSS.
实施例一  Embodiment 1
本发明实施例一提供了 HHSS或 HSS对 HNB的接入控制列表进行更新的 方法。  Embodiment 1 of the present invention provides a method for updating an access control list of an HNB by an HHSS or an HSS.
第一种情况是发生在用户使用 UE的 MS-ISDN对接入控制列表进行配置。 网络侧的 HHSS中保存了 HNB的签约信息, 包括: 安全信息, HNB的标识, HNB所属 CSG的标识( CSG Identity, CSG ID ) , 每个 CSG相关的 UE接入控 制列表等。  The first case occurs when the user configures the access control list using the MS-ISDN of the UE. The HHSS on the network side stores the HNB subscription information, including: security information, HNB identifier, CSG identity (CSG ID) of the HNB, and UE access control list for each CSG.
CSG可能包含一个或者多个 HNB, 对多个 HNB来讲, 其接入控制列表可 能是相同的。 所以在 HHSS上可以对每个 CSG维护一个接入控制列表, 即每个 接入控制列表由不同的 CSG ID来标识。 HHSS不必对属于一个 CSG的所有 HNB 维护其接入控制列表,只要维护该 CSG的接入控制列表就可以了。或者,在 HHSS 上也可以对每个 HNB维护一张接入控制列表, 例如, 表 3为 HHSS中保存的每 个 HNB的接入控制列表: A CSG may contain one or more HNBs. For multiple HNBs, the access control list may be the same. Therefore, an access control list can be maintained for each CSG on the HHSS, that is, each access control list is identified by a different CSG ID. HHSS does not have to have all HNBs belonging to one CSG To maintain its access control list, just maintain the access control list of the CSG. Alternatively, an access control list may be maintained for each HNB on the HHSS. For example, Table 3 lists the access control list of each HNB saved in the HHSS:
表 3  table 3
Figure imgf000007_0001
Figure imgf000007_0001
该表中除保存 UE的 IMSI夕卜, 还可以保存 HHSS根据 IMSI对 UE定义新 的标识, 该标识可以是 UE 的序号, 也可以是其它形式, 但是都可以唯一标识 UE, 如表 4所示。  In the table, in addition to saving the IMSI of the UE, the HHSS may also be configured to define a new identifier for the UE according to the IMSI, and the identifier may be the sequence number of the UE, or may be other forms, but the UE may be uniquely identified, as shown in Table 4. .
表 4  Table 4
Figure imgf000007_0002
如图 1所示为当用户使用 UE的 MS-ISDN对接入控制列表进行配置时的流 程图, 包括:
Figure imgf000007_0002
As shown in FIG. 1 , a flow chart when a user configures an access control list by using an MS-ISDN of the UE, includes:
步骤 101: HHSS接收添加或删除 UE的 MS-ISDN的修改接入控制列表请 求。  Step 101: The HHSS receives the modified access control list request for adding or deleting the MS-ISDN of the UE.
该步骤中, 用户通过受理台, 或者通过运营商提供的 WEB 网页, 或者在 HNB的 OM界面设置添加或者删除 UE的 MS-ISDN,向 HHSS发送添加或删除 UE的 MS-ISDN请求。  In this step, the user sends an MS-ISDN request to add or delete the UE to the HHSS through the receiving station, or through the WEB webpage provided by the operator, or by setting or deleting the MS-ISDN of the UE in the OM interface of the HNB.
步骤 102: HHSS接收用户发送的添加或删除 UE的 MS-ISDN的请求消息, 向 UE所属的 HSS发送 IMSI查询请求消息,查询消息中携带该 UE的 MS-ISDN。  Step 102: The HHSS receives the request message of the MS-ISDN added or deleted by the UE, and sends an IMSI query request message to the HSS to which the UE belongs. The query message carries the MS-ISDN of the UE.
步骤 103: HSS根据收到的 MS-ISDN, 查询该 UE的相应信息。  Step 103: The HSS queries the corresponding information of the UE according to the received MS-ISDN.
步骤 104: HSS向 HHSS发送 IMSI查询响应消息,该消息中携带 UE的 IMSI。 步骤 105: HHSS根据接收到的 IMSI信息,修改接入控制列表, 即在 HHSS 保存的接入控制列表中添加或删除上述 UE的 IMSI。 Step 104: The HSS sends an IMSI query response message to the HHSS, where the message carries the IMSI of the UE. Step 105: The HHSS modifies the access control list according to the received IMSI information, that is, adds or deletes the IMSI of the UE in the access control list saved by the HHSS.
步骤 106: HHSS向添加或删除 MS-ISDN的请求方发送修改接入控制列表 响应消息。  Step 106: The HHSS sends a modify access control list response message to the requester that adds or deletes the MS-ISDN.
当步骤 101中用户请求添加 UE的 MS-ISDN时, 则步骤 105中 HHSS还可 以根据接收到的 IMSI对 UE定义新的标识, 并在其保存的接入控制列表中添加 UE的 IMSI和上述新标识。  When the user requests to add the MS-ISDN of the UE in step 101, the HHSS may also define a new identifier for the UE according to the received IMSI in step 105, and add the IMSI of the UE and the new one in the saved access control list. Logo.
上述流程中的 HSS也可以保存接入控制列表信息, 目前 3GPP标准中已经 提出, 在 UE中要保存与其相关的 CSG的信息, 可能包括允许 UE接入的 CSG 的 CSG ID, 或者不允许 UE接入的 CSG的 CSG ID, 这些信息都属于 UE的签 约信息, 同样保存在 HSS中。 在 HSS中还要保存 CSG与 HHSS的对应关系, 即一个 HHSS中包含哪些 CSG。  The HSS in the above process can also save the access control list information. Currently, the 3GPP standard has proposed that the CSG information related to the CSG to be stored in the UE may be included in the UE, or may include the CSG ID of the CSG that the UE is allowed to access, or the UE may not be connected. The CSG ID of the incoming CSG, which belongs to the UE's subscription information, is also stored in the HSS. The correspondence between CSG and HHSS is also stored in the HSS, that is, which CSGs are included in an HHSS.
当 HHSS接入控制列表更新后,就会通知 HNB修改其保存的接入控制列表, 具体流程在后面将进行详细分析。  After the HHSS access control list is updated, the HNB is notified to modify its saved access control list. The specific process will be analyzed in detail later.
HHSS的接入控制列表进行更新还可以是在 UE服务识别模块( User Service Identity Module, USIM )丟失之后。 补办的 USIM卡会保持原来的 MS-ISDN, 但是 IMSI 更改了。 在用户补办 USIM卡的时候, 需要运营商在 HSS 上将该 MS-ISDN对应的原 IMSI进行更新,并且在 HHSS上更新接入控制列表中该 IMSI 的对应信息。 HSS中保存着 UE的签约信息,包括 UE允许接入的 CSG的 CSG ID 或者 UE不允许接入的 CSG的 CSG ID,在 HSS中还保存着 CSG与 HHSS的对 应关系, 即一个 HHSS中包含哪些 CSG。 在 HHSS中保存着每个 CSG相关的用 户接入控制列表。 根据 HHSS和 HSS上保存的上述信息, 就可以对 HHSS上的 接入控制信息进行更新。 图 2为上述情况下 HHSS保存的接入控制列表进行刷 新的流程示意图, 包括:  The update of the access control list of the HHSS may also be after the UE Service Identity Module (USIM) is lost. The reissued USIM card will retain the original MS-ISDN, but the IMSI has changed. When the user reissues the USIM card, the operator needs to update the original IMSI corresponding to the MS-ISDN on the HSS, and update the corresponding information of the IMSI in the access control list on the HHSS. The HSS keeps the subscription information of the UE, including the CSG ID of the CSG that the UE is allowed to access or the CSG ID of the CSG that the UE does not allow access to. The HSS also stores the correspondence between the CSG and the HHSS, that is, which HHSS is included in the HSS. CSG. Each CSG-related user access control list is stored in the HHSS. Based on the above information stored on the HHSS and HSS, the access control information on the HHSS can be updated. Figure 2 is a schematic diagram of the process of refreshing the access control list saved by the HHSS in the above situation, including:
步骤 201: HSS根据 UE的 MS-ISDN查找其对应的原 IMSI,并根据此 IMSI 查找 UE所属的 CSG以及该 CSG所属的 HHSS, 然后将原 IMSI进行更新。  Step 201: The HSS searches for the corresponding original IMSI according to the MS-ISDN of the UE, and searches for the CSG to which the UE belongs and the HHSS to which the CSG belongs according to the IMSI, and then updates the original IMSI.
步骤 202: HSS向 HHSS发送请求修改 IMSI请求消息,该消息中携带原 IMSI 和更新后的 IMSI。  Step 202: The HSS sends a request to the HHSS to modify an IMSI request message, where the message carries the original IMSI and the updated IMSI.
步骤 203: HHSS根据收到原 IMSI查找其所在的与 CSG对应的接入控制列 表, 将接入控制列表中原 IMSI更新为新的 IMSI。 步骤 204: HHSS向 HSS发送 IMSI修改响应消息。 Step 203: The HHSS searches for the access control list corresponding to the CSG according to the original IMSI, and updates the original IMSI in the access control list to a new IMSI. Step 204: The HHSS sends an IMSI modification response message to the HSS.
其中, 如果 HHSS上的接入控制列表还保存 HHSS对 UE定义的新标识, 则步骤 203变为:  If the access control list on the HHSS further saves the new identifier defined by the HHSS to the UE, step 203 becomes:
步骤 2031: HHSS根据收到的旧的 IMSI查找其所在的与 CSG对应的接入 控制列表, 将接入控制列表中原 IMSI更新为新的 IMSI , 并根据新 IMSI对 UE 定义新的标识。  Step 2031: The HHSS searches for the access control list corresponding to the CSG according to the received old IMSI, updates the original IMSI in the access control list to a new IMSI, and defines a new identifier for the UE according to the new IMSI.
以上两种情况中, 如果 HNB的签约信息保存在 HSS 中, 则以上过程都可 以直接在用户和 HSS之间实现, 此时实体 HHSS是可选项。  In both cases, if the HNB subscription information is stored in the HSS, the above process can be implemented directly between the user and the HSS. In this case, the entity HHSS is optional.
以上描述了 HHSS或 HSS上接入控制列表发生改变的两种情况, 当这两个 实体上的接入控制列表发生改变时, 它们都会通知 HNB更新 HNB保存的接入 控制列表, 使得 HNB能根据最新的信息来对 UE进行接入控制。  The above describes two cases in which the access control list changes on the HHSS or the HSS. When the access control lists on the two entities change, they notify the HNB to update the access control list saved by the HNB, so that the HNB can The latest information to access control the UE.
下面说明 HHSS或 HSS如何控制 HNB对接入控制列表进行更新。  The following describes how HHSS or HSS controls the HNB to update the access control list.
图 3为 HHSS对 HNB中接入控制列表进行更新的流程示意图,具体包括以 下步骤:  Figure 3 is a schematic diagram of the process of updating the access control list in the HNB by the HHSS, including the following steps:
步骤 301: HHSS修改其保存的接入控制列表。  Step 301: The HHSS modifies its saved access control list.
步骤 302: HHSS向 HNB发送修改接入控制列表请求消息, 该消息中携带 Step 302: The HHSS sends a modify access control list request message to the HNB, where the message carries
UE的信息, 包括 UE的 IMSI, 或者 UE的原 IMSI和更新后的 IMSI。 The information of the UE includes the IMSI of the UE, or the original IMSI of the UE and the updated IMSI.
步骤 303: HNB根据 IMSI修改其保存的接入控制列表。  Step 303: The HNB modifies its saved access control list according to the IMSI.
其中, 上述步骤 303中 HNB修改其保存的接入控制列表可以为添加或删除 The access control list saved by the HNB in the foregoing step 303 may be added or deleted.
UE的 IMSI, 或者将原 IMSI更新为新的 IMSI。 The IMSI of the UE, or update the original IMSI to the new IMSI.
步骤 304: HNB向 HHSS发送修改接入控制列表确认消息。  Step 304: The HNB sends a modify access control list acknowledgement message to the HHSS.
其中, 如果 HHSS和 HNB上保存的接入控制列表都保存了 HHSS对 UE定 义的新标识, 则步骤 302和步骤 303分别改为:  If the access control list saved on the HHSS and the HNB saves the new identifier defined by the HHSS to the UE, step 302 and step 303 are respectively changed to:
步骤 3021: HHSS向 HNB发送修改接入控制请求消息, 该消息中携带 UE 的信息, 包括 HHSS对 UE定义的新标识, 或者 UE原来的新标识和更新后的新 标识。  Step 3021: The HHSS sends a modify access control request message to the HNB, where the message carries the information of the UE, including the new identifier defined by the HHSS to the UE, or the original new identifier of the UE and the updated new identifier.
步骤 3031: HNB修改其保存的接入控制列表。  Step 3031: The HNB modifies its saved access control list.
其中,上述步骤 3031中 HNB修改其保存的接入控制列表可以为 HNB添加 或删除 UE的新标识, 或将原来的新标识更新为新的新标识。  In the foregoing step 3031, the HNB modifies the saved access control list to add or delete a new identity of the UE for the HNB, or update the original new identity to a new new identity.
图 3的流程中, 如果 HNB的签约信息保存在 HSS中, 则由 HSS控制 HNB 对接入控制列表进行更新。 In the flow of FIG. 3, if the subscription information of the HNB is stored in the HSS, the HNB is controlled by the HSS. Update the access control list.
本发明实施例给出了在 HNB进行接入控制的具体方法, 通过在 HNB进行 接入控制, 可以避免在网络侧进行接入控制时的大量的信令流程, 减少 SGSN 的信令负荷。  The embodiment of the present invention provides a specific method for performing access control on the HNB. By performing access control on the HNB, a large number of signaling processes during access control on the network side can be avoided, and the signaling load of the SGSN is reduced.
接入控制也可以在 SGSN进行, 此时 SGSN保存如表 5所示的接入控制信 息, 其中 UE的信息根据 UE的标识和 HNB 自身的标识从 HHSS和 HSS中, 或 者其它数据库中获得。 SGSN维护的 UE信息还可以包括 HHSS根据 IMSI定义 的 UE的新标识。  The access control can also be performed in the SGSN. At this time, the SGSN stores the access control information as shown in Table 5. The information of the UE is obtained from the HHSS and the HSS, or other databases according to the identity of the UE and the identity of the HNB itself. The UE information maintained by the SGSN may further include a new identity of the UE defined by the HHSS according to the IMSI.
表 5  table 5
Figure imgf000010_0001
Figure imgf000010_0001
当 SGSN进行接入控制时, 流程与本发明实施例一的流程一样, 即 HHSS 或 HSS对 SGSN保存的接入控制信息进行更新。  When the SGSN performs the access control, the process is the same as the process of the first embodiment of the present invention, that is, the HHSS or the HSS updates the access control information saved by the SGSN.
实施例二  Embodiment 2
本发明实施例二提供了使用 UE的 IMSI或 TMSI以及接入控制列表对 UE 进行接入控制的方法, 包括:  The second embodiment of the present invention provides a method for performing access control on a UE by using an IMSI or a TMSI of an UE and an access control list, including:
UE处于空闲(Idle )状态时, HNB上的接入控制是在无线资源控制(Radio Resource Control, RRC )连接建立成功之后进行的, UE处于激活 (Active )状 态时, HNB上的接入控制是在切换请求之后进行的。 HNB从 UE获取 UE标识 ( IMSI或者 TMSI等)信息, 和保存在 HNB中的接入控制列表对照, 判断是否 允许该 UE接入, 从而实现对 UE的接入控制。  When the UE is in the idle state, the access control on the HNB is performed after the radio resource control (RRC) connection is successfully established. When the UE is in the active state, the access control on the HNB is Performed after the switch request. The HNB obtains the UE identity (IMSI or TMSI, etc.) information from the UE, and compares it with the access control list stored in the HNB to determine whether the UE is allowed to access, thereby implementing access control to the UE.
只有当 UE在开机后, 进行初始网络附着(Attach )时才会使用 IMSI, 而在 后续的通信过程中为了安全起见, 会使用 TMSI进行通信。 UE每次关机或位置 更新后, 网络会给 UE重新分配 TMSI。 当在 HNB进行接入控制时, HNB需要 根据 UE的 TMSI来对 UE进行接入控制,因此 SGSN需要对 HNB上保存的 TMSI 进行及时更新。 TMSI是经常变化的, 如果每次 UE的 TMSI变化都同步到 HNB 上, 效率很低。 在本发明实施例中, 当 UE的 TMSI更新, 并且当 UE靠近 HNB 时, 才对 HNB上保存的 TMSI进行更新, 从而实现在 HNB上的接入控制。 SGSN根据其保存的如表 5所示的接入控制信息判断 UE所在的宏小区所属 的路由区域( Routing Area, RA )是否与其签约的 HNB所属的 RA相邻。 The IMSI is used only when the UE performs initial network attach (Attach) after power-on, and uses TMSI for communication in the subsequent communication process for security reasons. Each time the UE shuts down or the location is updated, the network will re-allocate the TMSI to the UE. When the access control is performed on the HNB, the HNB needs to perform access control on the UE according to the TMSI of the UE. Therefore, the SGSN needs to update the TMSI saved on the HNB in time. The TMSI is constantly changing, and the efficiency is very low if the TMSI changes of the UE are synchronized to the HNB each time. In the embodiment of the present invention, when the TMSI of the UE is updated, and the UE is close to the HNB, the TMSI saved on the HNB is updated, thereby implementing access control on the HNB. The SGSN determines, according to the access control information stored in Table 5, whether the routing area (RA) to which the macro cell belongs is adjacent to the RA to which the subscribed HNB belongs.
如图 4所示为本发明实施例中 SGSN对 HNB保存的接入控制列表进行更新 的流程示意图, 具体包括:  FIG. 4 is a schematic flowchart of an SGSN updating an access control list saved by an HNB according to an embodiment of the present disclosure, which specifically includes:
步骤 401: SGSN确定 UE的 TMSI发生变化, SGSN根据其保存的 UE的 签约信息和 HNB的相关信息列表, 得到以下信息: 1 ) UE签约的 HNB的 HNB ID以及该 HNB所在的 RA ID; 2 )与该 RA相邻的 RA列表。 SGSN根据上述信 息判断 UE当前所在的 RA是否与 UE签约的 HNB所在的 RA相邻, 如果是, 则执行步骤 402, 如果否, 则流程结束。  Step 401: The SGSN determines that the TMSI of the UE changes. The SGSN obtains the following information according to the subscription information of the UE and the related information list of the HNB: 1) the HNB ID of the HNB that the UE subscribes to and the RA ID of the HNB; A list of RAs adjacent to the RA. The SGSN determines whether the current RA of the UE is adjacent to the RA where the HNB of the UE is located according to the foregoing information. If yes, step 402 is performed, and if no, the process ends.
步骤 402: SGSN向 UE所签约的 HNB发送修改接入控制列表请求消息, 消息中携带的 UE信息包括 UE的 IMSI和改变后的 TMSI。  Step 402: The SGSN sends a modify access control list request message to the HNB that is subscribed by the UE, where the UE information carried in the message includes the IMSI of the UE and the changed TMSI.
步骤 403: HNB根据上述 UE信息修改接入控制列表中相应的信息。  Step 403: The HNB modifies the corresponding information in the access control list according to the foregoing UE information.
步骤 404: HNB向 SGSN返回修改接入控制列表确认消息, 该消息中携带 修改成功或修改失败信息。  Step 404: The HNB returns a modify access control list acknowledgement message to the SGSN, where the message carries the modification success or the modification failure information.
其中, 如果 SGSN上的接入控制列表还保存了 HHSS对 UE定义的新标识, 则步骤 402和步骤 403分别为:  If the access control list on the SGSN further stores the new identifier defined by the HHSS to the UE, step 402 and step 403 are respectively:
步骤 4021: SGSN向 HNB发送修改接入控制列表请求消息, 该消息中携带 UE信息, 包括上述 UE的新标识和改变后的 TMSI。  Step 4021: The SGSN sends a modify access control list request message to the HNB, where the message carries the UE information, including the new identifier of the UE and the changed TMSI.
步骤 4031: HNB根据上述 UE信息来修改接入控制列表中相应的信息。 除上述实施例所述的应用场景外,在某些特殊情况下,例如 UE关机或者断 电后, 可能会发生跨 RA的移动, 此时如果仍然采用实施例二的方法, 就会存在 问题。因为如果 UE关机或者断电后,恰好跨越了 HNB的相邻 RA而进入了 HNB , 由于 UE关机或者断电时的 TMSI并没有发送给 HNB,导致 HNB上的接入控制 列表并没有根据 UE新的 TMSI进行及时的更新, 从而使得合法的 UE不能接入 该 HNB。  Step 4031: The HNB modifies the corresponding information in the access control list according to the foregoing UE information. In addition to the application scenarios described in the foregoing embodiments, in some special cases, for example, after the UE is powered off or powered off, the movement across the RA may occur. If the method of the second embodiment is still used, there is a problem. Because if the UE is shut down or powered off, it just enters the HNB across the adjacent RA of the HNB. Since the TMSI is not sent to the HNB when the UE is powered off or powered off, the access control list on the HNB is not new according to the UE. The TMSI is updated in a timely manner so that a legitimate UE cannot access the HNB.
在上述情形下, 可以通过以下方案在 HNB进行接入控制, 包括: 如果 UE 正常关机, UE向 SGSN发送断开网络(detach )请求, SGSN接收到 detach请 求后, 向 HNB发送修改接入控制列表请求消息, 消息中携带发生 UE的 IMSI 以及 UE与网络断开时的 TMSI。 如果 UE非正常关机, 例如断电时, 当 UE的 位置更新定时器超时, SGSN会把 UE的状态置为 detach状态, 此时 SGSN也要 向 HNB发送修改接入控制列表请求消息,该消息中携带 UE的 IMSI和 UE与网 络断开时的 TMSI。 网络侧可以根据 UE距离允许它接入的 HNB的距离, 调整 UE的位置更新定时器周期, 并通知 UE进行相应调整。 当 UE接入 HNB后, 网 络侧将 UE的位置更新定时器周期调整为正常值, 并通知 UE进行调整。 In the above scenario, the access control may be performed on the HNB by using the following schemes, including: if the UE is normally shut down, the UE sends a disconnection request to the SGSN, and after receiving the detach request, the SGSN sends a modified access control list to the HNB. A request message carrying the IMSI of the UE and the TMSI when the UE is disconnected from the network. If the UE is shut down abnormally, for example, when the power is off, when the location update timer of the UE expires, the SGSN will set the state of the UE to the detach state. Sending a modified access control list request message to the HNB, where the message carries the IMSI of the UE and the TMSI when the UE disconnects from the network. The network side may adjust the location update timer period of the UE according to the distance of the UE from the HNB that is allowed to access, and notify the UE to perform corresponding adjustment. After the UE accesses the HNB, the network side adjusts the location update timer period of the UE to a normal value, and notifies the UE to perform adjustment.
本实施例给出了当 UE的 TMSI发生改变时, 对 HNB保存的接入控制列表 进行更新的方法, 基于本实施例中的两个判断依据来更新, 可以提高更新效率, 减少信令流程, 节省资源。  This embodiment provides a method for updating the access control list saved by the HNB when the TMSI of the UE is changed, and updating based on the two judgments in the embodiment, which can improve the update efficiency and reduce the signaling process. save resources.
实施例三  Embodiment 3
本发明实施例还提供一种进行接入控制的装置, 该装置可位于 HNB、 或 SGSN、 或 HNB与 CN之间的中间节点中, 用于对 UE进行接入控制, 该装置包 括消息收发模块 501、 信息存储模块 502、 接入控制模块 503, 其中,  The embodiment of the present invention further provides an apparatus for performing access control, where the apparatus may be located in an intermediate node between the HNB, or the SGSN, or the HNB and the CN, for performing access control on the UE, where the apparatus includes a message transceiver module. 501, an information storage module 502, an access control module 503, wherein
消息收发模块 501: 用于接收 HHSS或 HSS或 SGSN发送的修改接入控制 列表请求; 若该装置处于 SGSN中, 则本模块仅用于接收来自 HHSS或 HSS的 修改接入控制列表请求。  The messaging module 501: is configured to receive a modified access control list request sent by the HHSS or the HSS or the SGSN; if the device is in the SGSN, the module is only used to receive the modified access control list request from the HHSS or the HSS.
上述修改接入控制列表请求中携带修改该列表所需的 UE的信息,该信息可 以携带 UE的 IMSI和 TMSI, 或者 HHSS对 UE定义的新标识。  The modified access control list request carries the information of the UE required to modify the list, and the information may carry the IMSI and TMSI of the UE, or the new identifier defined by the HHSS to the UE.
信息存储模块 502: 用于存储接入控制信息, 用于对信息存储模块的信息进 行更新。  The information storage module 502 is configured to store access control information, and is used to update information of the information storage module.
接入控制模块 503: 用于根据信息存储模块 502 中存储的接入控制信息对 UE进行接入控制。  The access control module 503 is configured to perform access control on the UE according to the access control information stored in the information storage module 502.
以上是对本发明所提供的一种 HNB接入控制的方法的详细介绍, 本文中应 用了具体个例对本发明的原理及实施方式进行了阐述, 以上实施例的说明只是 用于帮助理解本发明的方法及其核心思想; 同时, 对于本领域的一般技术人员, 依据本发明的思想, 在具体实施方式及应用范围上均会有改变之处, 综上所述, 本说明书内容不应理解为对本发明的限制。  The foregoing is a detailed description of a method for access control of an HNB provided by the present invention. The principles and embodiments of the present invention are described herein by using specific examples. The description of the above embodiments is only for helping to understand the present invention. The method and its core idea; at the same time, those skilled in the art, according to the idea of the present invention, there will be changes in the specific embodiments and application scope. In summary, the contents of this specification should not be construed as Limitations of the invention.

Claims

权 利 要 求 Rights request
1、 一种进行接入控制的方法, 所述方法用于具有家用基站 HNB的网络中, 所述方法包括: A method for performing access control, where the method is used in a network with a home base station HNB, the method includes:
接收修改接入控制列表请求, 所述修改接入控制列表请求中包括用户设备 UE的第一标识;  Receiving a request for modifying an access control list, where the request for modifying the access control list includes a first identifier of the user equipment UE;
根据所述修改接入控制列表请求修改接入控制列表, 所述接入控制列表中 包括所述第一标识和所述 UE的第二标识;  Modifying an access control list according to the modified access control list, where the access control list includes the first identifier and a second identifier of the UE;
根据修改后的接入控制列表对 UE进行接入控制。  Performing access control on the UE according to the modified access control list.
2、 如权利要求 1所述的方法, 其特征在于, 所述 UE的第二标识为 UE的 临时移动台标识 TMSI。 2. The method according to claim 1, wherein the second identifier of the UE is a temporary mobile station identifier TMSI of the UE.
3、 如权利要求 1或 2所述的方法, 其特征在于, 所述接收修改接入控制列 表请求包括: The method according to claim 1 or 2, wherein the receiving the modify access control list request comprises:
接收家用基站用户归属服务器 HHSS发送的所述修改接入控制列表请求; 或, 接收用户归属服务器 HSS发送的所述修改接入控制列表请求; 或, 接收服务通用无线分组业务支持节点 SGSN发送的所述修改接入控制 列表请求。  Receiving the modified access control list request sent by the home base station user home server HHSS; or receiving the modified access control list request sent by the user home server HSS; or receiving the service sent by the serving general wireless packet service support node SGSN Modify the access control list request.
4、 如权利要求 3所述的方法, 其特征在于, 所述接收修改接入控制列表请 求之前还包括: 4. The method according to claim 3, wherein the receiving the modify access control list request further comprises:
HHSS或 HSS收到添加或删除接入控制列表中的 UE的请求, 所述请求携 带所述 UE的移动台综合业务数字网号码 MS-ISDN;  The HHSS or the HSS receives a request to add or delete a UE in the access control list, where the request carries the mobile station integrated service digital network number MS-ISDN of the UE;
HHSS 或 HSS 在各自保存的接入控制列表中添加或删除与所述 UE 的 MS-ISDN对应的 UE的第一标识;  The HHSS or the HSS adds or deletes the first identifier of the UE corresponding to the MS-ISDN of the UE in the respective saved access control list;
所述 HHSS或 HSS发送所述修改接入控制列表请求。  The HHSS or HSS sends the modify access control list request.
5、 如权利要求 4所述的方法, 其特征在于, 所述 HHSS收到添加或删除接 入控制列表中的 UE的请求之后, 进一步包括: 修改页(条约第 19条) HHSS向 HSS发送国际移动台标识 IMSI查询请求, 所述查询请求中携带 UE的 MS-ISDN; The method according to claim 4, after the HHSS receives the request to add or delete the UE in the access control list, the method further includes: modifying the page (Article 19 of the Treaty) The HHSS sends an International Mobile Station Identity IMSI Query Request to the HSS, where the query request carries the MS-ISDN of the UE;
HHSS 从所迷 HSS 接收查询响应, 所述查询响应中携带与所述 UE 的 MS-ISDN对应的所述 UE的 IMSI;  The HHSS receives the query response from the HSS, where the query response carries the IMSI of the UE corresponding to the MS-ISDN of the UE;
所述 HHSS在其保存的接入控制列表中添加或删除所述 UE的 IMSI;  The HHSS adds or deletes the IMSI of the UE in its saved access control list;
所述 UE的第一标识为 UE的 IMSI。  The first identifier of the UE is the IMSI of the UE.
6、 如权利要求 4所述的方法, 其特征在于, 所述 HHSS收到添加或删除接 入控制列表中的 UE的请求之后, 进一步包括: The method of claim 4, after the HHSS receives the request to add or delete the UE in the access control list, the method further includes:
所述 HHSS 向 HSS 发送 MSI 查询请求, 所述查询请求中携带 UE 的 MS-ISDN;  The HHSS sends an MSI query request to the HSS, where the query request carries the MS-ISDN of the UE;
HHSS 从所述 HSS 接收查询响应, 所述查询响应中携带与所述 UE 的 MS-ISDN对应的所述 UE的 IMSI;  The HHSS receives a query response from the HSS, where the query response carries an IMSI of the UE corresponding to the MS-ISDN of the UE;
所述 HHSS根据所述 IMSI对所述 UE定义新标识, 并在其保存的接入控制 列表中添加或删除所述 SI和所述新标识;  Determining, by the HHSS, a new identifier to the UE according to the IMSI, and adding or deleting the SI and the new identifier in an saved access control list;
所述 UE的第一标识为所述新标识。  The first identifier of the UE is the new identifier.
7、 如权利要求 3所述的方法, 其特征在于, 所述接收所述 HHSS发送的所 述修改接入控制列表请求之前还包括: The method according to claim 3, wherein the receiving the modified access control list request sent by the HHSS further includes:
HSS根据 UE的 MS-ISDN对所述 UE的 IMSI进行更新;  The HSS updates the IMSI of the UE according to the MS-ISDN of the UE;
所述 HSS向 HHSS发送修改 IMSI请求消息, 所述修改 IMSI请求消息中携 带所述 UE的原 IMSI和更新后的新 IMSI;  The HSS sends a modified IMSI request message to the HHSS, where the modified IMSI request message carries the original IMSI of the UE and the updated new IMSI;
所述 HHSS将其保存的接入控制列表中的原 IMSI更新为新 IMSI;  The HHSS updates the original IMSI in the saved access control list to a new IMSI;
所述 UE的第一标识为 UE的原 IMSI和新 IMSI。  The first identifier of the UE is the original IMSI and the new IMSI of the UE.
8、 如权利要求 7所述的方法, 其特征在于, 所述 HHSS将其保存的接入控 制列表中的原 IMSI更新为新 MSI进一步包括: The method of claim 7, wherein the updating, by the HHSS, the original IMSI in the saved access control list to the new MSI further includes:
HHSS根据所述新 IMSI对 UE定义新标识;  The HHSS defines a new identifier for the UE according to the new IMSI;
所述 UE的第一标识为所述新标识。 修改页(条约第 19条) The first identifier of the UE is the new identifier. Revision page (Article 19 of the Treaty)
9、 如权利要求 3所述的方法, 其特征在于, 所述接收 SGSN发送的所述修 文接入控制列表请求之前, 还包括: The method of claim 3, wherein before receiving the request for the access control list sent by the SGSN, the method further includes:
所述 SGSN获取所述 UE的状态信息;  Obtaining, by the SGSN, status information of the UE;
所述 UE的状态信息包括: UE处于接通状态, 而且 UE的临时移动台标识 TMSI发生改变, 而且 UE当前所在的路由区域 RA与 UE签约 H B所在的 RA 相邻, 或者, UE处于断电或关机状态。  The status information of the UE includes: the UE is in an ON state, and the Temporary Mobile Station Identity (TMSI) of the UE is changed, and the routing area RA where the UE is currently located is adjacent to the RA where the UE is subscribed to the HB, or the UE is powered off or Off state.
10、 如权利要求 9所述的方法, 其特征在于, 10. The method of claim 9 wherein:
所述 UE的第一标识为 UE的 IMSI和改变后的 TMSI;  The first identifier of the UE is an IMSI of the UE and a changed TMSI;
或者,  Or,
如果 SGSN和 HNB中的接入控制列表都保存了 HHSS对 UE定义的新标识, 则所述 UE的第一标识为所述新标识和改变后的 TMSI。  If the access control list in the SGSN and the HNB both hold the new identifier defined by the HHSS to the UE, the first identifier of the UE is the new identifier and the changed TMSI.
11、 如权利要求 1至 10中任一项所述的方法, 其特征在于, 所述根据修改 后的接入控制列表对 UE进行接入控制包括: The method according to any one of claims 1 to 10, wherein the performing access control on the UE according to the modified access control list comprises:
HNB、 或 SGSN、 或 HNB与核心网 CN之间的中间节点根据修改后的接入 控制列表对 UE进行接入控制。  The intermediate node between the HNB, or the SGSN, or the HNB and the core network CN performs access control on the UE according to the modified access control list.
12、 一种进行接入控制的装置, 其特征在于, 所述装置包括: 消息收发模 块、 信息存储模块和接入控制模块, 其中, 12. An apparatus for performing access control, the apparatus comprising: a messaging module, an information storage module, and an access control module, where
所述消息收发模块, 用于接收修改接入控制列表请求, 所述修改接入控制 列表请求携带所述 UE的第一标识;  The message sending and receiving module is configured to receive a request for modifying an access control list, where the modified access control list request carries a first identifier of the UE;
所述信息存储模块, 用于存储接入控制列表, 并根据所述消息收发模块接 收到的所述修改接入控制列表请求修改所述接入控制列表, 所述接入控制列表 中包括所述第一标识和所述 UE的第二标识;  The information storage module is configured to store an access control list, and request to modify the access control list according to the modified access control list received by the message sending and receiving module, where the access control list includes the a first identifier and a second identifier of the UE;
所述接入控制模块, 用于根据所述接入控制列表对 UE进行接入控制。  The access control module is configured to perform access control on the UE according to the access control list.
13、 如权利要求 12所述的装置, 其特征在于, 13. Apparatus according to claim 12 wherein:
所述消息收发模块,进一步用于接收第一标识是 UE的 IMSI、或者是 HHSS 对 UE定义的新标识、或者是所述新标识和 UE的 TMSI、或者是原 IMSI和更新 修改页(条约第 19条) 后的新 IMSI的修改接入控制列表请求。 The messaging module is further configured to receive an IMSI whose first identifier is a UE, or a new identifier defined by the HHSS for the UE, or a TMSI of the new identifier and the UE, or an original IMSI and an update modification page (Treaty 19) The new IMSI is modified to access the control list request.
14、 如权利要求 12或 13所述的装置, 其特征在于, 所述信息存储模块, 进一步用于存储包含第二标识为 UE的 TMSI的接入控制列表。 The device according to claim 12 or 13, wherein the information storage module is further configured to store an access control list including a TMSI whose second identifier is a UE.
15、 如权利要求 12-14 中任一项所述的装置, 其特征在于, 所述装置位于 HNB、 或 SGSN、 或 HNB与 CN之间的中间节点中。 The apparatus according to any one of claims 12-14, wherein the apparatus is located in an intermediate node between the HNB, or the SGSN, or the HNB and the CN.
修改页(条约第 19条) Amendment page (Article 19 of the Treaty)
PCT/CN2008/072401 2007-09-27 2008-09-18 A method and device of accessing control WO2009043262A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN200880007243.0A CN101669327B (en) 2007-09-27 2008-09-18 A method and device of accessing control

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN200710077386.6 2007-09-27
CNA2007100773866A CN101400106A (en) 2007-09-27 2007-09-27 Method for household base station access control

Publications (1)

Publication Number Publication Date
WO2009043262A1 true WO2009043262A1 (en) 2009-04-09

Family

ID=40518295

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2008/072401 WO2009043262A1 (en) 2007-09-27 2008-09-18 A method and device of accessing control

Country Status (2)

Country Link
CN (2) CN101400106A (en)
WO (1) WO2009043262A1 (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2011015047A1 (en) * 2009-08-04 2011-02-10 中兴通讯股份有限公司 Method and system for a home nodeb of hybrid access mode to obtain the access mode of a user equipment
WO2013053552A1 (en) * 2011-10-10 2013-04-18 Ip.Access Limited Method for enabling the management of an access control list, a home nodeb management system and cellular communication system therefor
US8838644B2 (en) 2009-11-25 2014-09-16 International Business Machines Corporation Extensible access control list framework

Families Citing this family (24)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2010121433A1 (en) * 2009-04-24 2010-10-28 华为技术有限公司 Method and apparatus for carrying out admission controlling of closed subscriber group csg terminal
CN101877852B (en) * 2009-04-29 2013-08-07 中兴通讯股份有限公司 User access control method and system
CN101730187A (en) * 2009-05-13 2010-06-09 中兴通讯股份有限公司 Method and system for realizing local access control of home base station
CN101730102B (en) * 2009-05-15 2012-07-18 中兴通讯股份有限公司 System and method for implementing authentication on user of home base station
CN101925015B (en) * 2009-06-17 2013-01-16 电信科学技术研究院 Synchronous updating method allowing closed user group list information and equipment
CN105939534A (en) * 2009-06-30 2016-09-14 中兴通讯股份有限公司 Method and system for processing access control list
CN101990207B (en) * 2009-08-06 2013-01-16 中兴通讯股份有限公司 Access control method, home base station (HBS) and HBS authorization server
CN101990313B (en) * 2009-08-06 2014-01-01 中兴通讯股份有限公司 Method, informing method and system for realizing local IP access control
CN101998562A (en) 2009-08-26 2011-03-30 中兴通讯股份有限公司 Systems and methods for acquiring access information of user by core network in the switching process
CN102026333B (en) * 2009-09-15 2014-01-01 中兴通讯股份有限公司 Method and device for managing casual subscribers
CN102026400A (en) * 2009-09-21 2011-04-20 中兴通讯股份有限公司 System and method for realizing local access
CN102045895A (en) * 2009-10-20 2011-05-04 中兴通讯股份有限公司 Management method and device of members in closed subscriber group (CSG)
CN102045894B (en) * 2009-10-24 2015-09-16 中兴通讯股份有限公司 The update method of closed subscriber group information and device
CN102131266B (en) * 2010-01-13 2015-08-12 中兴通讯股份有限公司 The method and system of a kind of triggering terminal switching or logout
CN101771704B (en) * 2010-01-22 2016-03-30 中兴通讯股份有限公司 A kind of method and system of safe transfer of data
CN102291806B (en) * 2010-06-21 2014-08-13 中国联合网络通信集团有限公司 Method, device and system for controlling user equipment access
CN102404821B (en) * 2010-09-15 2015-07-22 电信科学技术研究院 Access control method and device for magnetic tape controller (MTC) terminal
CN102547913B (en) * 2010-12-14 2017-11-24 上海贝尔股份有限公司 Method and apparatus for carrying out user equipment access control
CN102104923B (en) * 2011-01-13 2013-04-24 华为技术有限公司 Method and device for controlling UE (User Equipment) residency by AP (Access point)
CN102187714A (en) * 2011-04-29 2011-09-14 华为终端有限公司 Method, equipment and communication system for mobile terminal accessing to a wireless network
CN103096398B (en) 2011-11-08 2016-08-03 华为技术有限公司 A kind of method and apparatus of network switching
CN104902582B (en) * 2015-04-13 2019-01-11 国网内蒙古东部电力有限公司 A kind of interim cut-in method and system of wireless network
CN110602697B (en) * 2018-06-13 2021-08-31 华为技术有限公司 Method and device for limiting terminal equipment access
CN114554570A (en) * 2020-11-19 2022-05-27 中国电信股份有限公司 User access control method, device and system

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1753364A (en) * 2005-10-26 2006-03-29 杭州华为三康技术有限公司 Method of controlling network access and its system
EP1691525A1 (en) * 2005-02-11 2006-08-16 Samsung Electronics Co., Ltd. System and method for user access control to content in a network
CN1863376A (en) * 2005-05-12 2006-11-15 中兴通讯股份有限公司 Method for protecting mobile terminal identity in mobile communication system
CN1926811A (en) * 2004-03-08 2007-03-07 艾利森电话股份有限公司 Non-permissive radio accessed network in mobile honeycomb communication network

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1926811A (en) * 2004-03-08 2007-03-07 艾利森电话股份有限公司 Non-permissive radio accessed network in mobile honeycomb communication network
EP1691525A1 (en) * 2005-02-11 2006-08-16 Samsung Electronics Co., Ltd. System and method for user access control to content in a network
CN1863376A (en) * 2005-05-12 2006-11-15 中兴通讯股份有限公司 Method for protecting mobile terminal identity in mobile communication system
CN1753364A (en) * 2005-10-26 2006-03-29 杭州华为三康技术有限公司 Method of controlling network access and its system

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2011015047A1 (en) * 2009-08-04 2011-02-10 中兴通讯股份有限公司 Method and system for a home nodeb of hybrid access mode to obtain the access mode of a user equipment
US8559911B2 (en) 2009-08-04 2013-10-15 Zte Corporation Method and system for a home NodeB of hybrid access mode to obtain the access mode of a user equipment
US8838644B2 (en) 2009-11-25 2014-09-16 International Business Machines Corporation Extensible access control list framework
WO2013053552A1 (en) * 2011-10-10 2013-04-18 Ip.Access Limited Method for enabling the management of an access control list, a home nodeb management system and cellular communication system therefor

Also Published As

Publication number Publication date
CN101669327A (en) 2010-03-10
CN101400106A (en) 2009-04-01
CN101669327B (en) 2013-08-07

Similar Documents

Publication Publication Date Title
WO2009043262A1 (en) A method and device of accessing control
JP5199486B2 (en) Maintaining limited subscriber group information for access control
CA2741688C (en) Support for multiple access modes for home base stations
AU2009205545B2 (en) Wireless communication paging utilizing multiple types of node identifiers
EP2394449B1 (en) Managing access control to closed subscriber groups
US20110237250A1 (en) Management of allowed csg list and vplmn-autonomous csg roaming
US20110223912A1 (en) Access control based on receipt of message from access terminal
CA2712045A1 (en) Wireless communication paging and registration utilizing multiple types of node identifiers
JP2014014122A (en) Provisioning communication nodes
JP2013521745A (en) Method and apparatus for controlling access of device to staying network
US20110009113A1 (en) Access control using temporary identities in a mobile communication system including femto base stations
US20110223886A1 (en) Access point-based control of access control list
JP5270009B2 (en) CSG membership indicator
JP2012517143A (en) Access control for access terminals
KR101475431B1 (en) Method and apparatus to control local internet protocol access for devices
WO2010078785A1 (en) Method, server and system for configuring paging group and neighbor cell list of femto access point
WO2008113284A1 (en) Method and device for managing users, measuring and reporting in restricted network
EP2742706B1 (en) Communication system
WO2011097989A1 (en) Optimization method for local access paging and apparatus thereof
WO2012116640A1 (en) Cell access processing method and device, and communication system
WO2011147156A1 (en) Method and system for restricting access to specific area
WO2011020411A1 (en) System, device and method for synchronizing closed subscriber group list
WO2013152715A1 (en) Subscription information transmission method and device for closed subscription group
US20110223902A1 (en) Access control based on receipt of defined information from access terminal
WO2011003310A1 (en) Method, apparatus and system for implementing access control determination by core network

Legal Events

Date Code Title Description
WWE Wipo information: entry into national phase

Ref document number: 200880007243.0

Country of ref document: CN

121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 08800895

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 08800895

Country of ref document: EP

Kind code of ref document: A1