WO2009092225A1 - Method for obtaining network information and communication system and correlative devices - Google Patents

Method for obtaining network information and communication system and correlative devices Download PDF

Info

Publication number
WO2009092225A1
WO2009092225A1 PCT/CN2008/073423 CN2008073423W WO2009092225A1 WO 2009092225 A1 WO2009092225 A1 WO 2009092225A1 CN 2008073423 W CN2008073423 W CN 2008073423W WO 2009092225 A1 WO2009092225 A1 WO 2009092225A1
Authority
WO
WIPO (PCT)
Prior art keywords
authentication
host
network
request
identifier
Prior art date
Application number
PCT/CN2008/073423
Other languages
French (fr)
Chinese (zh)
Inventor
Liang Gu
Wenliang Liang
Original Assignee
Huawei Technologies Co., Ltd.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Huawei Technologies Co., Ltd. filed Critical Huawei Technologies Co., Ltd.
Publication of WO2009092225A1 publication Critical patent/WO2009092225A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication

Definitions

  • the present invention relates to the field of communications, and in particular, to a network information acquisition method, a communication system, and related devices.
  • the Worldwide Interoperability for Microwave Access (WiMAX) technology is a wireless metropolitan area network technology based on the 802.16 standard of the Institute of Electrical and Electronics Engineers (IEEE).
  • the WiMAX network includes: a client 101, an access service network 102, and a connection service network 103.
  • the client 101 and the access service network 102 are connected through an air interface chain R1.
  • one access service network 102 may be shared by multiple network service providers (NSPs), so users access WiMAX.
  • NSPs network service providers
  • the access service network 102 needs to send the corresponding network information to the client 101.
  • the network information obtaining method in the prior art is: the access service network 102 and the client 101 transmit relevant network information (for example, the identifier of the available NSP) to the client through the air interface connection interface R1 in the process of performing basic capability negotiation.
  • the terminal 101 enables the client 101 to select a corresponding NSP according to the network information to access the WiMAX network.
  • the multi-host architecture includes host 201 and gateway mobile device.
  • G-MS Gateway-Mobile Subscriber
  • ASN Access Service Network
  • connection service network 204 connection service network 204, wherein several hosts 201 are connected to the gateway mobile device 202 through a wired or wireless network, and through the gateway
  • the mobile device 202 performs communication, and the gateway mobile device 202 and the access service network 203 pass The air port chain R1 is connected.
  • the prior art does not provide a method for how each host in the multi-host structure acquires network information and accesses the WiMAX network.
  • the embodiment of the invention provides a network information acquisition method, a communication system and a related device, which enable each host to acquire relevant network information and access the network under the multi-host architecture.
  • the network information obtaining method provided by the embodiment of the present invention includes: the gateway mobile device receives an authentication request sent by the host; acquires corresponding network information according to the authentication request; and feeds back, to the host, an authentication identifier that includes the network information. request.
  • the communication system includes: a host and a gateway mobile device; the host is configured to send an authentication request, and receive an authentication identifier request that includes network information from the gateway mobile device; Receiving an authentication request from the host, acquiring network information corresponding to the authentication request, and feeding back the network information to the host by using an authentication identifier request.
  • the communication system includes: a host, a gateway mobile device, and an access service network; the host is configured to send an authentication request, and receive an authentication identifier request including network information from the gateway mobile device;
  • the gateway mobile device is configured to receive an authentication request from the host, and forward the authentication request to the access service network, receive network information fed back by the access service network, and pass the network information
  • the right identifier request is fed back to the host;
  • the access service network is configured to receive an authentication request sent by the gateway mobile device, obtain network information corresponding to the authentication request, and feed back the network information to the gateway mobile device.
  • the gateway mobile device provided by the embodiment of the present invention includes: a data receiving unit, configured to receive an authentication request sent by the host, and receive an authentication identifier request that includes the network information fed back by the access service network, where the network information includes at least a network service Provider information; a data forwarding unit, configured to forward the received authentication request to the access service network, and feed the received network information to the host by using an authentication identifier request.
  • the gateway mobile device provided by the embodiment of the present invention includes: a data receiving unit, configured to receive an authentication request sent by the host; and a query unit, configured to check, according to the authentication request received by the data receiving unit Corresponding network information is sent, and the queried network information is carried in the authentication identifier request and sent to the data feedback unit.
  • the data feedback unit is configured to feed back the authentication identifier request to the host.
  • the host provided by the embodiment of the present invention includes: an authentication request sending unit, which sends an authentication request to the gateway mobile device, where the authentication request is used to request network information; and an authentication identifier request receiving unit is configured to receive the gateway from the gateway An authentication identifier request of the mobile device, where the authentication identifier request includes network information.
  • the embodiments of the present invention have the following advantages:
  • the gateway mobile device G-MS after the gateway mobile device G-MS obtains the authentication request message from the host, the G-MS obtains the corresponding network information (including at least the NSP identifier), and feeds the network information to the host, so The host can select the corresponding NSP according to the NSP identifier to access the network. Therefore, in the multi-host architecture, each host can obtain related network information and access the network.
  • FIG. 1 is a schematic diagram of a WiMAX network architecture in the prior art
  • FIG. 2 is a schematic diagram of a multi-host architecture in the prior art
  • FIG. 3 is a signaling flowchart of a first embodiment of a method for acquiring network information according to an embodiment of the present invention
  • FIG. 4 is a signaling flowchart of a second embodiment of a method for acquiring network information according to an embodiment of the present invention
  • FIG. 6 is a signaling flow chart of a fourth embodiment of a network information acquisition method according to an embodiment of the present invention
  • FIG. 7 is a schematic diagram of an embodiment of a communication system according to an embodiment of the present invention.
  • FIG. 8 is a schematic diagram of a first embodiment of a gateway mobile device according to an embodiment of the present invention.
  • FIG. 9 is a schematic diagram of a second embodiment of a gateway mobile device according to an embodiment of the present invention.
  • FIG. 10 is a schematic diagram of an embodiment of a host in an embodiment of the present invention.
  • the embodiment of the invention provides a network information acquisition method, a communication system and a related device, which are used to enable the hosts to obtain relevant network information and access the WiMAX network under the multi-host architecture.
  • the G-MS obtains the network information corresponding to the network indication information (including at least the NSP identifier), and the network information is received by the G-MS.
  • the network information is fed back to the host, so that the host can select the corresponding NSP according to the NSP identifier to access the WiMAX network. Therefore, each host can obtain the multi-host architecture. Access the WiMAX network to relevant network information.
  • the authentication process is taken as an example. According to different authentication modes, the following can be divided into two cases:
  • the G-MS does not need to authenticate the host, but only needs to be authenticated by the Access Service Network (ASN), that is, in this mode, local authentication is not required. Only network authentication is required.
  • ASN Access Service Network
  • the ASN feeds back the network information to the host through the G-MS:
  • the first embodiment of the network information obtaining method in the embodiment of the present invention includes:
  • the host sends an authentication request to the gateway mobile device.
  • the authentication process is first performed, and the host needs to send an authentication request to the G-MS, such as an EAP-Start message.
  • the host needs to generate the network indication information according to the network configuration information of the network.
  • the network indication information may include the user identifier of the host, where the network indication information is used to instruct the ASN network to send network information to the host, so that the host Ability to choose the right network.
  • the network configuration information refers to information about the NSP that the host can access, including one or more of the NSP type, capacity, identity, official name, and authentication mode.
  • the network indication information is carried in the authentication request sent to the G-MS, and the authentication request is sent to the G-MS.
  • the network indication information is carried in the authentication request. It can be understood that, in actual applications, the network indication information may not be carried. If the network indication information is not carried, the system may be configured at the time of system construction. After receiving the authentication request sent by the host, the network information is unconditionally fed back to the host without the triggering of the network indication information. The authentication request at this time can trigger the ASN network to send network information to the host.
  • the G-MS forwards the authentication request to the ASN.
  • the G-MS After receiving the authentication request sent by the host, the G-MS forwards the authentication request to the ASN. 303. The ASN feeds back an authentication identifier request to the G-MS.
  • the ASN may know that the host that sends the authentication request needs to obtain related network information according to the network indication information carried in the authentication request, and then locally stored according to the network indication information.
  • the NSP lists the NSPs that meet the network indication information, and records the identifiers of the NSPs, and carries the identifiers of the NSPs in the authentication identifier request, such as carrying the identifiers of the NSPs in the EAP-Request, and the ASN.
  • a mode for authenticating the host may be queried, for example, a single authentication or multiple authentication.
  • the authentication mode may also indicate whether device authentication or user authentication is required. In the embodiment of the present invention, the authentication mode is a single authentication.
  • the authentication mode is carried in the authentication identifier request, and the authentication identifier request is sent to the G-MS.
  • the network information in this embodiment includes at least the identifier of the NSP, and the identifier of the NSP described herein may be the ID of the NSP. Or the name. It can be understood that other information related to the host to access the WiMAX network, such as an authentication mode, may be included. Other information is not limited herein.
  • the G-MS acquires the network information according to the received authentication request.
  • the G-MS forwards the authentication identifier request to the host.
  • the G-MS After receiving the authentication identity request sent by the ASN, the G-MS forwards the request to the host.
  • the G-MS after receiving the authentication request from the host, the G-MS forwards the authentication request to the ASN, requests network information from the ASN, and after receiving the authentication identifier request from the ASN feedback, It is forwarded to the host, so that the host obtains network information.
  • the host may access the corresponding network according to the network information, as follows:
  • the host sends an authentication identifier response to the G-MS.
  • the host After receiving the authentication identifier request sent by the G-MS, the host reads the corresponding network information from the authentication identifier request, and selects an appropriate NSP according to its own access rule, and extracts the identifier of the NSP. And receiving the authentication mode, carrying the identifier of the NSP and the authentication mode in the authentication identifier response, and sending the authentication identifier response to the G-MS.
  • the authentication identity response sent by the host to the G-MS may not carry the authentication mode.
  • the G-MS forwards the authentication identifier response to the ASN.
  • the authentication mode is a single authentication, that is, the G-MS does not need to authenticate the host, but only needs to be authenticated by the access service network ASN, so G- After receiving the authentication identity response, the MS forwards the authentication identity response to the ASN.
  • the ASN selects a corresponding AAA, Authentication, Authorization and Accounting according to the selected information.
  • the ASN After receiving the authentication identifier response sent by the G-MS, the ASN selects the corresponding AAA server according to the NSP information selected by the host in the authentication identifier response and the authentication mode as the AAA server of the host accessing the WiMAX network, and the specific The process of selecting an AAA server based on the NSP identity and the authentication mode is prior art and will not be discussed here.
  • the ASN sends an authentication authentication request to the selected AAA server.
  • the authentication request is sent to the AAA server, and the authentication authentication request carries the authentication mode selected by the user and the user identifier.
  • the AAA server After receiving the authentication request, the AAA server authenticates the host requesting access to the WiMAX network according to the authentication mode contained therein. If the host can authenticate, the WiMAX network can be accessed.
  • Specific processes for authentication include: AAA server, ASN, G-MS, and the process of replying confirmation messages between hosts and the sending process of authentication response and authentication failure response. This process is prior art, here is not Say it again.
  • the ASN sends the network information to the host through the G-MS.
  • the host can obtain the network information through the G-MS, so that the host can obtain the host under the multi-host architecture. Access the WiMAX network to relevant network information.
  • G-MS directly feeds back network information to the host:
  • the second embodiment of the network information obtaining method in the embodiment of the present invention includes:
  • the host sends an authentication request to the gateway mobile device.
  • the authentication process is first performed, and the host needs to send an authentication request to the G-MS, such as an EAP-Start message.
  • the host needs to generate network indication information according to its network configuration information, and the network indication information may include The user identifier of the host, the network indication information is used to instruct the network side to send network information to the host, so that the host can select an appropriate network.
  • the network configuration information refers to information about the NSP that the host can access, including one or more of the NSP type, capacity, identity, official name, and authentication mode.
  • the network indication information is carried in the authentication request sent to the G-MS, and the authentication request is sent to the G-MS.
  • the network indication information is carried in the authentication request. It can be understood that, in actual applications, the network indication information may not be carried. If the network indication information is not carried, the system may be configured at the time of system construction. After receiving the authentication request sent by the host, the network information is unconditionally fed back to the host without the triggering of the network indication information, that is, the authentication request at this time can trigger the ASN network side to send the network information to the host.
  • the G-MS feeds back an authentication identifier request to the host.
  • the G-MS may know that the host that sends the authentication request needs to obtain the related first network information according to the network indication information carried in the authentication request, and then locally according to the network indication information.
  • the stored NSP list queries the NSPs that meet the network indication information, and records the identifiers of the NSPs, and carries the identifiers of the NSPs in the authentication identifier request, for example, the identifiers of the NSPs may be carried in the EAP-Request message.
  • the G-MS can query the mode that needs to be authenticated according to the related information of the host, for example, it can be single authentication or multiple authentication.
  • the authentication mode can also indicate whether device authentication or user authentication is required.
  • the case of single authentication is described in this embodiment. Therefore, the authentication mode queried by the G-MS is "single authentication", the authentication mode is carried in the authentication identifier request, and the authentication is performed.
  • the identification request is sent to the host.
  • the first network information in this embodiment includes at least the identifier of the NSP.
  • the identifier of the NSP described herein may be an ID or a name of the NSP. That can also contain other information indicating the host WiMAX access network, such as authentication mode, additional information is not limited here.
  • the G-MS acquires the network information according to the received authentication request.
  • the G-MS first accesses the WiMAX network, and when it accesses the WiMAX network, it communicates with the ASN to obtain the network information saved by the ASN, and at least includes information about the NSP (including the NSP identifier list and the NSP name). List).
  • the G-MS after receiving the authentication request from the host, the G-MS sends the network information saved by the host to the host, so that the host can acquire the network information.
  • the G-MS may further forward the authentication request to the ASN, and further request the network information to the ASN, as follows: 403, G-MS Forwarding the authentication request to the ASN;
  • the G-MS may also select to send the authentication request sent by the host to the ASN, because in this case, if the G-MS fails to be timely Updating the network information of the network may result in the network information sent to the host not being the latest information. Therefore, the G-MS may forward the authentication request to the ASN, requesting the ASN to send the authentication identifier request containing the latest network information to the host again.
  • the ASN feeds back the authentication identifier request to the G-MS.
  • the ASN may know that the host that sends the authentication request needs to obtain the related second network information according to the network indication information carried in the authentication request, and then the local indication information is locally according to the network indication information.
  • the stored NSP list queries the NSPs that meet the network indication information, and records the identifiers of the NSPs, and carries the identifiers of the NSPs in the authentication identifier request, for example, the identifiers of the NSPs may be carried in the EAP-Request message.
  • the ASN can query the mode that needs to be authenticated according to the related information of the host, for example, it can be single authentication or multiple authentication.
  • the authentication mode can also indicate whether device authentication or user authentication is required.
  • the authentication mode is carried in the authentication identifier request, and the authentication identifier request is sent to the G-MS.
  • the second network information in this embodiment includes at least the identifier of the NSP. It can be understood that the authentication mode may also include other The information about the host accessing the WiMAX network, such as the authentication mode, is not limited herein.
  • the network request information may not be carried in the authentication request forwarded by the G-MS to the ASN.
  • the G-MS forwards the authentication identifier request to the host.
  • the G-MS After receiving the authentication identity request sent by the ASN, the G-MS forwards the request to the host.
  • step 403 to step 405 are optional steps.
  • the G-MS requests the network information from the ASN and sends the network information obtained from the ASN to the host, so as to ensure that the network information acquired by the host is complete and correct. Further, in the embodiment of the present invention, after acquiring the network information, the host may access the corresponding network according to the network information, as follows:
  • the host sends an authentication identifier response to the G-MS.
  • the host may select to compare the first network information and the second network information in the two authentication identifier requests, and if the two network information are inconsistent, Based on the network information sent by the ASN, it can be understood that if the step 403 to the step 405 are not required, the host directly takes the network information received from the G-MS, and the host reads the request from the authentication identifier.
  • the identifier of the corresponding NSP is obtained, and an appropriate NSP is selected according to the access rule of the user, and the identifier of the NSP and the corresponding authentication mode are extracted, and the identifier of the NSP and the corresponding authentication mode are carried in the authentication identifier response. And send the authentication identity response to the G-MS.
  • the authentication identity response sent by the host to the G-MS may not carry the authentication mode.
  • the G-MS forwards the authentication identifier response to the ASN.
  • the authentication mode is a single authentication, that is, the G-MS does not need to authenticate the host, but only needs to be authenticated by the access service network ASN, so G- After receiving the authentication identity response, the MS forwards the authentication identity response to the ASN.
  • the ASN selects a corresponding AAA server according to the selected information.
  • the ASN After receiving the authentication identifier response sent by the G-MS, the ASN selects the corresponding AAA server as the AAA server of the host to access the WiMAX network according to the NSP information selected by the host in the authentication identifier response and the corresponding authentication mode.
  • the process of selecting an AAA server according to the NSP identifier and the corresponding authentication mode is a prior art, and details are not described herein again.
  • the ASN sends an authentication authentication request to the selected AAA server.
  • the authentication request is sent to the AAA server, and the authentication authentication request carries the authentication mode selected by the user and the user identifier.
  • the AAA server After receiving the authentication request, the AAA server authenticates the host requesting access to the WiMAX network according to the authentication mode contained therein. If the host can authenticate, the WiMAX network can be accessed.
  • Specific authentication other processes include: AAA server, ASN, G-MS and host back
  • AAA server AAA server
  • ASN ASN
  • G-MS G-MS
  • host back The process of re-confirming the message and the sending process of the response through the response and the authentication failure response are all prior art, and are not mentioned here.
  • steps 403, 404, and 405 may not be performed, that is, the host directly refers to the first network information queried by the G-MS. It can be understood that if this method is adopted, the G-MS needs to be timely.
  • the data is synchronized with the ASN.
  • the G-MS can directly feed back the network information stored by the host to the host, so the signaling interaction between the networks can be reduced, thereby improving the network working efficiency.
  • the G-MS or the host's own authenticator needs to authenticate the host, and also needs to
  • the ASN authenticates the host. In this mode, both local authentication and network authentication are required.
  • the ASN feeds back the network information to the host through the G-MS;
  • the third embodiment of the network information obtaining method in the embodiment of the present invention includes:
  • the host sends an authentication request to the gateway mobile device.
  • the authentication process is first performed, and the host needs to send an authentication request to the G-MS, such as an EAP-Start message.
  • the host needs to generate the network indication information according to the network configuration information of the network.
  • the network indication information may include the user identifier of the host, where the network indication information is used to indicate that the ASN network side sends the network information to the host, so that The host can choose the appropriate network to enter.
  • the network configuration information refers to information about the NSP that the host can access, including one or more of the NSP type, capacity, identity, official name, and authentication mode.
  • the network indication information is carried in the authentication request sent to the G-MS, and the authentication request is sent to the G-MS.
  • the network indication information is carried in the authentication request. It can be understood that, in actual applications, the network indication information may not be carried. If the network indication information is not carried, the system may be configured at the time of system construction. After receiving the authentication request sent by the host, the network information is unconditionally fed back to the host without triggering the network indication information, that is, the authentication request at this time can trigger the ASN network. The host sends network information to the host.
  • the G-MS forwards the authentication request to the ASN.
  • the G-MS After receiving the authentication request sent by the host, the G-MS forwards the authentication request to the ASN.
  • the ASN feeds back the authentication identifier request to the G-MS.
  • the ASN may know that the host that sends the authentication request needs to obtain related network information according to the network indication information carried in the authentication request, and then locally stored according to the network indication information. Querying the NSPs that meet the network indication information in the NSP list, and recording the identifiers of the NSPs, and carrying the identifiers of the NSPs in the authentication identifier request, for example, the identifiers of the NSPs may be carried in the EAP-Request message. At the same time, the ASN queries the mode that needs to be authenticated according to the information about the host. For example, the ASN can be a single authentication or multiple authentication. The authentication mode can also indicate whether device authentication or user authentication is required.
  • the authentication mode that the ASN queries is "multiple authentication”
  • the authentication mode is carried in the authentication identifier request
  • the authentication identifier request is sent to the G.
  • the network information in this embodiment includes at least the identifier of the NSP, and the identifier of the NSP described herein may be the ID or the name of the NSP. It can be understood that Other information related to the host to access the WiMAX network, such as the authentication mode, may be included. Other information is not limited herein.
  • the G-MS acquires the network information according to the received authentication request.
  • the G-MS forwards the authentication identifier request to the host.
  • the G-MS After receiving the authentication identity request sent by the ASN, the G-MS forwards the request to the host.
  • the G-MS after receiving the authentication request from the host, the G-MS forwards the authentication request to the ASN, requests network information from the ASN, and after receiving the authentication identifier request from the ASN feedback, It is forwarded to the host, so that the host obtains network information.
  • the host may access the corresponding network according to the network information, as follows:
  • the host sends an authentication identifier response to the G-MS.
  • the host After receiving the authentication identifier request sent by the G-MS, the host can learn from the authentication mode that the current authentication needs to be performed multiple times. First, local authentication is performed, that is, the host is authenticated by the G-MS. , the host sends an authentication identifier response including the authentication mode to the G-MS, and the G-MS performs the host Local authentication.
  • the G-MS sends an authentication success indication to the host.
  • the G-MS can learn from the authentication mode that the user needs to perform multiple authentications at the current time. First, local authentication is performed, and the host is locally authenticated and authenticated. After the completion, an authentication success indication is sent to the host.
  • the G-MS sends a second authentication identity request to the host.
  • the G-MS sends a secondary authentication identity request to the host, where the request carries network information and/or authentication mode.
  • the host sends a second authentication identifier response that includes the selected NSP information and the authentication mode to the G-MS.
  • the host After receiving the second authentication identifier request sent by the G-MS, the host learns that the next step needs to perform network authentication, and then reads the corresponding NSP identifier from the second authentication identifier request, and according to its own access.
  • the rule selects an appropriate NSP, and extracts the identifier of the NSP and the corresponding authentication mode, and carries the identifier of the NSP and the corresponding authentication mode in the second authentication identifier response, and sends the second authentication identifier response.
  • G-MS To G-MS.
  • step 507 and step 508 may not be performed.
  • the G-MS After the G-MS returns the authentication success indication to the host, the authentication identifier response is directly forwarded to the ASN.
  • the G-MS forwards the second authentication identifier response to the ASN.
  • the G-MS After receiving the second authentication identifier response, the G-MS forwards the second authentication identifier response to the ASN. It can be understood that if step 507 and step 508 need not be performed, the G-MS receives the step 505. The authentication identity response is forwarded to the ASN.
  • the secondary authentication identity response sent by the host to the G-MS may not carry the authentication mode.
  • the ASN selects a corresponding AAA server according to the selected information.
  • the ASN After receiving the authentication identifier response or the secondary authentication identifier response sent by the G-MS, the ASN selects the corresponding NSP information selected by the host in the authentication identifier response or the secondary authentication identifier response and the corresponding authentication mode.
  • the AAA server serves as the AAA server for the host to access the WiMAX network. The process of selecting an AAA server according to the NSP identifier and the corresponding authentication mode is a prior art, and details are not described herein again.
  • the ASN sends an authentication authentication request to the selected AAA server.
  • the authentication request is sent to the AAA server, and the authentication authentication request carries the authentication mode selected by the user and the user identifier.
  • the AAA server After receiving the authentication request, the AAA server authenticates the host requesting access to the WiMAX network according to the authentication mode contained therein. If the host can authenticate, the WiMAX network can be accessed.
  • Specific processes for authentication include: AAA server, ASN, G-MS, and the process of replying confirmation messages between hosts and the sending process of authentication response and authentication failure response. This process is prior art, here is not Say it again.
  • the ASN sends the network information to the host through the G-MS.
  • the host can obtain the network information through the G-MS, so that the host can obtain the host under the multi-host architecture. Access the WiMAX network to relevant network information.
  • the above describes the case of multiple authentications. Since the flow of local authentication is increased, the above embodiment further improves the reliability of the authentication process based on the foregoing embodiments.
  • G-MS directly feeds back network information to the host:
  • the fourth embodiment of the method for acquiring network information in the embodiment of the present invention includes:
  • the host sends an authentication request to the gateway mobile device.
  • the authentication process is first performed, and the host needs to send an authentication request to the G-MS, which may be an EAP-Start message. Before that, the host needs to generate the network indication information according to the network configuration information of the network.
  • the network indication information may include the user identifier of the host, where the network indication information is used to indicate that the ASN network side sends the network information to the host, so that The host can choose the appropriate network to enter.
  • the network configuration information refers to information about the NSP that the host can access, including one or more of the NSP type, capacity, identifier, official name, and authentication mode.
  • the network indication information is carried in the G-MS.
  • the authentication request is sent to the G-MS.
  • the network indication information is carried in the authentication request. It can be understood that, in actual applications, the network indication information may not be carried. If the network indication information is not carried, the system may be configured at the time of system construction. After receiving the authentication request sent by the host, the network information is unconditionally fed back to the host without the triggering of the network indication information, that is, the authentication request at this time can trigger the ASN network side to send the network information to the host.
  • the G-MS feeds back an authentication identifier request to the host.
  • the G-MS may know that the host that sends the authentication request needs to obtain the related first network information according to the network indication information carried in the authentication request, and then locally according to the network indication information. Querying the NSPs that meet the network indication information in the stored NSP list, and recording the identifiers of the NSPs, and carrying the identifiers of the NSPs in the authentication identifier request EAP-Request, and the G-MS according to the related information of the host Querying the mode of authentication, for example, a single authentication or multiple authentication, the authentication mode may also indicate whether device authentication or user authentication is required, because multiple authentication is described in this embodiment.
  • the authentication mode that is queried by the G-MS is "multiple authentication", the authentication mode is carried in the authentication identifier request, and the authentication identifier request is sent to the host, in this embodiment
  • a network information includes at least an identifier of the NSP, and the identifier of the NSP described herein may be an ID or a name of the NSP. It is understood that the same may also include other Host Access WiMAX network-related information, such as authentication mode, other information is not limited herein.
  • the G-MS acquires the network information according to the received authentication request.
  • the G-MS first accesses the WiMAX network, and when it accesses the WiMAX network, it communicates with the ASN to obtain the network information saved by the ASN, and at least includes information about the NSP (including the NSP identifier list and the NSP name). List).
  • the G-MS after receiving the authentication request from the host, the G-MS sends the network information saved by the host to the host, so that the host can acquire the network information.
  • the G-MS may forward the authentication request to the ASN, and further request the network information to the ASN, as follows:
  • the G-MS forwards the authentication request to the ASN. Further, in the embodiment of the present invention, after the G-MS sends the authentication identifier request to the host, the G-MS may also select to send the authentication request sent by the host to the ASN, because in this case, if the G-MS fails to be timely Updating the network information of the network may result in the network information sent to the host not being the latest information. Therefore, the G-MS may forward the authentication request to the ASN, requesting the ASN to send the authentication identifier request containing the latest network information to the host again.
  • the ASN feeds back the authentication identifier request to the G-MS.
  • the ASN may know that the host that sends the authentication request needs to obtain the related second network information according to the network indication information carried in the authentication request, and then the local indication information is locally according to the network indication information.
  • the stored NSP list queries the NSPs that meet the network indication information, and records the identifiers of the NSPs, and carries the identifiers of the NSPs in the authentication identifier request, for example, the identifiers of the NSPs may be carried in the EAP-Request message.
  • the ASN can query the mode that needs to be authenticated according to the related information of the host, for example, it can be single authentication or multiple authentication.
  • the authentication mode can also indicate whether device authentication or user authentication is required.
  • the multiple authentication is described. Therefore, the authentication mode that the ASN queries is "multiple authentication", the authentication mode is carried in the authentication identifier request, and the authentication identifier request is sent.
  • the second network information in this embodiment includes at least the identifier of the NSP. It can be understood that the other may also include other means for indicating that the host accesses the WiMAX. Network-related information, such as authentication mode is not limited herein.
  • the G-MS acquires the network information according to the received authentication request.
  • the G-MS forwards the authentication identifier request to the host.
  • the G-MS After receiving the authentication identity request sent by the ASN, the G-MS forwards the request to the host.
  • Steps 603 through 605 are optional steps.
  • the G-MS requests the network information from the ASN and sends the network information obtained from the ASN to the host, so as to ensure that the network information acquired by the host is complete and correct.
  • the host may access the corresponding network according to the network information, as follows:
  • the host sends an authentication identifier response to the G-MS.
  • the host will receive two authentication tokens. For the request, one is that the G-MS itself feeds back to the host, and the other is that the G-MS forwards the ASN, and the host checks whether the two authentication identifier requests are consistent. If they are inconsistent, the authentication identifier sent by the ASN is used. The request shall prevail.
  • the host directly determines the authentication identifier request of the G-MS feedback received in step 602.
  • the host After receiving the authentication identifier request, the host can learn from the authentication mode that the current authentication needs to be performed multiple times. First, local authentication is performed, that is, the G-MS authenticates the host, and the host sends the G to the host. - The MS sends an authentication identity response including an authentication mode.
  • the G-MS sends an authentication success indication to the host.
  • the G-MS can learn from the authentication mode that the user needs to perform multiple authentications at the current time. First, local authentication is performed, and the host is locally authenticated and authenticated. After the completion, an authentication success indication is sent to the host.
  • the G-MS sends a second authentication identity request to the host.
  • the G-MS sends a secondary authentication identity request to the host, where the request carries network information and/or an authentication mode on the network side.
  • the host sends a second authentication identifier response that includes the selected NSP information and the authentication mode to the G-MS.
  • the host may select to compare the first network information and the second network information in the two authentication identifier requests, and if the two network information are inconsistent, send the ASN.
  • the network information is correct, the host reads the identifier of the corresponding NSP from the authentication identifier request, and selects an appropriate NSP according to its own access rule, and extracts the identifier of the NSP and the corresponding authentication mode.
  • the identifier of the NSP and the corresponding authentication mode are carried in the secondary authentication identifier response, and the secondary authentication identifier response is sent to the G-MS.
  • the secondary authentication identity response sent by the host to the G-MS may not carry the authentication mode.
  • step 608 and step 609 may not be performed.
  • the G-MS After the G-MS returns the authentication success indication to the host, the authentication identifier response is directly forwarded to the ASN. 610.
  • the G-MS forwards the second authentication identifier response to the ASN.
  • the G-MS After receiving the second authentication identifier response, the G-MS forwards the second authentication identifier response to the ASN. It can be understood that if the step 608 and the step 609 are not performed, the G-MS forwards the authentication identifier to the ASN. response.
  • the ASN selects a corresponding AAA server according to the selected information.
  • the ASN After receiving the authentication identifier response or the secondary authentication identifier response sent by the G-MS, the ASN selects the corresponding NSP information selected by the host in the authentication identifier response or the secondary authentication identifier response and the corresponding authentication mode.
  • the AAA server is used as the AAA server of the host to access the WiMAX network. The process of selecting the AAA server according to the NSP identifier and the corresponding authentication mode is prior art, and is not mentioned here.
  • the ASN sends an authentication authentication request to the selected AAA server.
  • the authentication request is sent to the AAA server, and the authentication authentication request carries the authentication mode selected by the user and the user identifier.
  • the AAA server After receiving the authentication request, the AAA server authenticates the host requesting access to the WiMAX network according to the authentication mode contained therein. If the host can authenticate, the WiMAX network can be accessed.
  • Specific processes for authentication include: AAA server, ASN, G-MS, and the process of replying confirmation messages between hosts and the sending process of authentication response and authentication failure response. This process is prior art, here is not Let me repeat.
  • steps 603, 604, and 605 may not be performed, that is, the host directly refers to the first network information queried by the G-MS. It can be understood that if this method is adopted, the G-MS needs to be timely.
  • the data is synchronized with the ASN.
  • the G-MS obtains the network information corresponding to the network indication information (including at least the NSP identifier), and the network information is received by the G-MS.
  • the network information is fed back to the host, so that the host can select the corresponding NSP according to the NSP identifier to access the WiMAX network. Therefore, in the multi-host architecture, each host can obtain related network information and access the WiMAX network.
  • the host must access the WiMAX network in any way, there must be The authentication process, so the above-mentioned embodiments based on the authentication process can be generally applied to various access modes. It can be understood that in actual applications, different network information acquisition methods can also be adopted for different access modes. For example, if the host uses the Internet Protocol (IP) access method, the network information may be obtained in the process of address resolution, that is, the network information acquisition request may be an authentication request message or an address resolution request message. It can also be a corresponding request message in other processes, but the means is similar to the above processing in the authentication process, and details are not described herein again.
  • IP Internet Protocol
  • the embodiment of the communication system in the embodiment of the present invention specifically includes two cases:
  • gateway mobile device 702 directly feeds back the network information to the host 701:
  • the communication system includes: a host 701 and a gateway mobile device 702;
  • the host 701 is configured to send an authentication request, and receive an authentication identifier request that includes network information from the gateway mobile device 702.
  • the gateway mobile device 702 is configured to receive an authentication request from the host 701, obtain network information corresponding to the authentication request, and feed back the network information to the host 701 by using an authentication identifier request.
  • the host 701 may be further configured to: select a network service provider according to the network information in the authentication identifier request, and send an authentication identifier response that includes the selected network service provider information.
  • the authentication identifier response of the quotient information is forwarded to the access service network.
  • the communication system further includes:
  • the access service network 703 is configured to receive an authentication identifier response that is sent by the gateway mobile device 702 and includes the selected network service provider information, and select a corresponding network service provider according to the selected network service provider information, Querying an AAA server corresponding to the network service provider, and sending an authentication request to the AAA server.
  • the gateway mobile device 702 is further configured to forward the authentication request sent by the host 701 to the access service network 703, and receive the network information fed back by the access service network 703.
  • the network information is obtained by the gateway mobile device after acquiring the authentication request message from the host, and the network information is fed back to the host, so that the host can obtain the network information.
  • the host can select the corresponding NSP according to the NSP identifier to access the WiMAX network. Therefore, in the multi-host architecture, each host can obtain related network information and access the WiMAX network.
  • the gateway mobile device 702 forwards the access service network 703 feedback network information:
  • the communication system includes: a host 701, a gateway mobile device 702 and an access service network 703;
  • the host 701 is configured to send an authentication request, and receive an authentication identifier request from the gateway mobile device 702 that includes network information.
  • the gateway mobile device 702 is configured to receive an authentication request from the host 701, and forward the authentication request to the access service network 703, and receive network information fed back by the access service network 703. The network information is fed back to the host 701 through an authentication identifier request;
  • the access service network 703 is configured to receive an authentication request sent by the gateway mobile device 702, obtain network information corresponding to the authentication request, and feed back the network information to the gateway mobile device 702.
  • the host 701 may be further configured to: select, according to the network information requested by the authentication identifier, a network service provider, and send an authentication identifier response that includes the selected network service provider information;
  • the gateway mobile device 702 receives an authentication identifier response sent by the host 701 and includes the selected network service provider information, and forwards the authentication identifier response to the access service network.
  • the gateway mobile device after the gateway mobile device receives the authentication request message from the host, the authentication request is forwarded to the ASN, and the network information is requested from the ASN, and after receiving the authentication identifier request from the ASN feedback. Forward it to the host so that the host gets the network information. Further, the host can select the corresponding NSP according to the NSP identifier to access the WiMAX network. Therefore, in the multi-host architecture, each host can obtain related network information and access the WiMAX network.
  • the first embodiment of the gateway mobile device in the embodiment of the present invention includes:
  • the data receiving unit 801 is configured to receive an authentication request sent by the host, and receive an authentication identifier request that includes the network information that is sent by the access service network;
  • the data forwarding unit 802 is configured to forward the authentication request received by the data receiving unit 801 And the access service network feeds back the authentication identifier request received by the data receiving unit 801 to the host.
  • the gateway mobile device after receiving the authentication request from the host, forwards the authentication request to the access service network, and feeds back the received authentication identifier request from the access service network to the The host, the authentication identifier request includes network information, so that the host can obtain the network information.
  • the query unit 803 is configured to query the corresponding network information according to the authentication request received by the data receiving unit 801, and carry the queried network information in the authentication identifier request and send it to the data forwarding unit 802;
  • the data forwarding unit 802 is further configured to send the authentication identification request from the query unit 803 to the host.
  • the gateway mobile device may further query the network information saved by the gateway after receiving the authentication request from the host, and feed back the queried network information to the host, The host can get network information.
  • the second embodiment of the gateway mobile device in the embodiment of the present invention includes:
  • the data receiving unit 901 is configured to receive an authentication request sent by the host.
  • the query unit 902 is configured to query the corresponding network information according to the authentication request received by the data receiving unit 901, and carry the queried network information in the authentication identifier request and send it to the data feedback unit 902;
  • the data feedback unit 903 is configured to feed back the authentication identifier request to the host.
  • the gateway mobile device after receiving the authentication request from the host, the gateway mobile device queries the network information saved by itself according to the authentication request, and feeds back the queried network information to the host, so that the host You can get network information.
  • an embodiment of a host in an embodiment of the present invention includes:
  • the authentication request sending unit 1001 sends an authentication request to the gateway mobile device, where the authentication request is used to request network information;
  • the authentication identifier request receiving unit 1002 is configured to receive an authentication identifier request from the gateway mobile device, where the authentication identifier request includes network information.
  • the host sends an authentication request to the gateway mobile device to request network information, and receives an authentication identifier request from the gateway mobile device to obtain a network carried in the authentication identifier request. information.
  • the network information confirming unit 1003 is configured to confirm the selected network service provider according to the received authentication identifier request;
  • the authentication identifier response sending unit 1004 is configured to send the selected network service provider identifier to the gateway mobile device by carrying the identifier in the authentication identifier response.
  • the host may select a network according to the acquired network information, and carry the information of the selected network in the authentication identifier response, and send the information to the gateway mobile device, where the host can According to the network information, the corresponding NSP is selected to access the WiMAX network.
  • the gateway mobile device receives an authentication request sent by the host
  • An authentication identification request containing the network information is fed back to the host.
  • the above-mentioned storage medium may be a read only memory, a magnetic disk or an optical disk or the like.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

A method for obtaining network information and a communication system and correlative devices are used for each host to obtain correlative network information under a multi-host configuration, so as to access a network. The method includes steps: a gateway mobile device receives an authentication request sent by a host; obtaining correlative network information according to the authentication request; feeding back an authentication identifier request which contains the network information to the host. Also a communication system and correlative devices are provided.

Description

网络信息获取方法及通讯系统以及相关设备  Network information acquisition method and communication system and related equipment
本申请要求于 2007 年 12 月 27 日提交中国专利局、 申请号为 200710300295.4、 发明名称为 "网络信息获取方法及通讯系统以及相关设备" 的中国专利申请的优先权, 以及 2008年 1月 8日提交中国专利局、 申请号为 200810002318.8、 发明名称为 "网络信息获取方法及通讯系统以及相关设备" 的中国专利申请的优先权, 其全部内容通过引用结合在本申请中。  This application claims priority to Chinese patent application filed on December 27, 2007, the Chinese Patent Office, application number 200710300295.4, the invention titled "Network Information Acquisition Method and Communication System and Related Equipment", and January 8, 2008 Priority is claimed on Chinese Patent Application No. 200810002318.8, the entire disclosure of which is hereby incorporated by reference in its entirety in its entirety in its entirety in the the the the the the the the the
技术领域 Technical field
本发明涉及通讯领域,尤其涉及一种网络信息获取方法及通讯系统以及相 关设备。  The present invention relates to the field of communications, and in particular, to a network information acquisition method, a communication system, and related devices.
背景技术 Background technique
全球接入微波互操作 ( WiMAX, Worldwide Interoperability for Microwave Access )技术是一种基于电气电子工程师协会( IEEE, Institute of Electrical and Electronics Engineers ) 802.16标准的无线城域网技术。 目前 WiMAX网络如图 1所示, 具体包括: 客户端 101 , 接入服务网络 102以及连接服务网络 103, 其中客户端 101与接入服务网络 102之间通过空口链 矣口 R1相连, 在实际 应用中, 由于接入服务网络 102与连接服务网络 103可能属于不同的运营商, 所以一个接入服务网络 102 可能会被多个网络服务提供商 (NSP, Network Service Provider )共享, 所以用户接入 WiMAX网络时需要确定可用的 NSP , 则接入服务网络 102需要将相应的网络信息发送至客户端 101。  The Worldwide Interoperability for Microwave Access (WiMAX) technology is a wireless metropolitan area network technology based on the 802.16 standard of the Institute of Electrical and Electronics Engineers (IEEE). As shown in FIG. 1 , the WiMAX network includes: a client 101, an access service network 102, and a connection service network 103. The client 101 and the access service network 102 are connected through an air interface chain R1. In the case that the access service network 102 and the connection service network 103 may belong to different operators, one access service network 102 may be shared by multiple network service providers (NSPs), so users access WiMAX. When the network needs to determine the available NSP, the access service network 102 needs to send the corresponding network information to the client 101.
现有技术中的网络信息获取方法为:接入服务网络 102与客户端 101在进 行基本能力协商的过程中, 将相关的网络信息(例如可用的 NSP的标识)通 过空口连接接口 R1传输给客户端 101 , 从而使得客户端 101能够根据该网络 信息选择对应的 NSP从而接入 WiMAX网络。  The network information obtaining method in the prior art is: the access service network 102 and the client 101 transmit relevant network information (for example, the identifier of the available NSP) to the client through the air interface connection interface R1 in the process of performing basic capability negotiation. The terminal 101 enables the client 101 to select a corresponding NSP according to the network information to access the WiMAX network.
但是随着 WiMAX网络技术的发展,目前 WiMAX网络的研究方向为多主 机架构, 该结构是在 WiMAX网络现有架构上的演进, 具体请参阅图 2, 多主 机架构中包含主机 201,网关移动设备 G-MS( Gateway-Mobile Subscriber )202, 接入服务网络 ASN ( Access Service Network ) 203以及连接服务网络 204, 其 中若干个主机 201通过有线或无线网络连接在网关移动设备 202上,且通过该 网关移动设备 202进行通讯,网关移动设备 202与接入服务网络 203之间通过 空口链 矣口 R1相连。在该多主机架构中,由于主机 201与接入服务网络 203 之间并没有直接相连, 则无法通过空口链路接口 R1向主机 201发送相关的网 络信息, 从而主机 201无法选择合适的 NSP接入 WiMAX网络, 现有技术中 并没有提供多主机结构下各主机如何获取网络信息从而接入 WiMAX 网络的 方法。 However, with the development of WiMAX network technology, the current research direction of WiMAX network is multi-host architecture, which is an evolution of the existing architecture of WiMAX network. For details, please refer to Figure 2. The multi-host architecture includes host 201 and gateway mobile device. G-MS (Gateway-Mobile Subscriber) 202, access service network ASN (Access Service Network) 203 and connection service network 204, wherein several hosts 201 are connected to the gateway mobile device 202 through a wired or wireless network, and through the gateway The mobile device 202 performs communication, and the gateway mobile device 202 and the access service network 203 pass The air port chain R1 is connected. In the multi-host architecture, since the host 201 and the access service network 203 are not directly connected, the related network information cannot be sent to the host 201 through the air interface link interface R1, so that the host 201 cannot select an appropriate NSP access. In the WiMAX network, the prior art does not provide a method for how each host in the multi-host structure acquires network information and accesses the WiMAX network.
发明内容 Summary of the invention
本发明实施例提供了一种网络信息获取方法及通讯系统以及相关设备,能 够在多主机架构下使得各主机获取到相关网络信息从而接入网络。  The embodiment of the invention provides a network information acquisition method, a communication system and a related device, which enable each host to acquire relevant network information and access the network under the multi-host architecture.
本发明实施例提供的网络信息获取方法, 包括: 网关移动设备接收主机发 送的鉴权请求;根据所述鉴权请求获取对应的网络信息; 向所述主机反馈包含 所述网络信息的鉴权标识请求。  The network information obtaining method provided by the embodiment of the present invention includes: the gateway mobile device receives an authentication request sent by the host; acquires corresponding network information according to the authentication request; and feeds back, to the host, an authentication identifier that includes the network information. request.
本发明实施例提供的通讯系统, 包括: 主机以及网关移动设备; 所述主机 用于发送鉴权请求,接收来自所述网关移动设备的包含网络信息的鉴权标识请 求; 所述网关移动设备用于接收来自所述主机的鉴权请求,获取与所述鉴权请 求对应的网络信息, 将所述网络信息通过鉴权标识请求反馈至所述主机。  The communication system provided by the embodiment of the present invention includes: a host and a gateway mobile device; the host is configured to send an authentication request, and receive an authentication identifier request that includes network information from the gateway mobile device; Receiving an authentication request from the host, acquiring network information corresponding to the authentication request, and feeding back the network information to the host by using an authentication identifier request.
本发明实施例提供的通讯系统, 包括: 主机, 网关移动设备以及接入服务 网络; 所述主机用于发送鉴权请求,接收来自所述网关移动设备的包含网络信 息的鉴权标识请求; 所述网关移动设备用于接收来自所述主机的鉴权请求, 并 向所述接入服务网络转发所述鉴权请求 ,接收所述接入服务网络反馈的网络信 息,将所述网络信息通过鉴权标识请求反馈给所述主机; 所述接入服务网络用 于接收网关移动设备发送的鉴权请求, 获取与所述鉴权请求对应的网络信息, 向所述网关移动设备反馈所述网络信息。  The communication system provided by the embodiment of the present invention includes: a host, a gateway mobile device, and an access service network; the host is configured to send an authentication request, and receive an authentication identifier request including network information from the gateway mobile device; The gateway mobile device is configured to receive an authentication request from the host, and forward the authentication request to the access service network, receive network information fed back by the access service network, and pass the network information The right identifier request is fed back to the host; the access service network is configured to receive an authentication request sent by the gateway mobile device, obtain network information corresponding to the authentication request, and feed back the network information to the gateway mobile device. .
本发明实施例提供的网关移动设备, 包括: 数据接收单元, 用于接收主机 发送的鉴权请求,接收接入服务网络反馈的包含网络信息的鉴权标识请求, 所 述网络信息至少包含网络服务提供商信息; 数据转发单元, 用于将接收到的鉴 权请求转发给接入服务网络,将接收到的网络信息通过鉴权标识请求反馈给所 述主机。  The gateway mobile device provided by the embodiment of the present invention includes: a data receiving unit, configured to receive an authentication request sent by the host, and receive an authentication identifier request that includes the network information fed back by the access service network, where the network information includes at least a network service Provider information; a data forwarding unit, configured to forward the received authentication request to the access service network, and feed the received network information to the host by using an authentication identifier request.
本发明实施例提供的网关移动设备, 包括: 数据接收单元, 用于接收主机 发送的鉴权请求; 查询单元, 用于根据所述数据接收单元接收到的鉴权请求查 询对应的网络信息,并将查询到的网络信息携带于鉴权标识请求中并发送给所 述数据反馈单元; 数据反馈单元, 用于向主机反馈所述鉴权标识请求。 The gateway mobile device provided by the embodiment of the present invention includes: a data receiving unit, configured to receive an authentication request sent by the host; and a query unit, configured to check, according to the authentication request received by the data receiving unit Corresponding network information is sent, and the queried network information is carried in the authentication identifier request and sent to the data feedback unit. The data feedback unit is configured to feed back the authentication identifier request to the host.
本发明实施例提供的主机, 包括: 鉴权请求发送单元, 向网关移动设备发 送鉴权请求, 所述鉴权请求用于请求网络信息; 鉴权标识请求接收单元, 用于 接收来自所述网关移动设备的鉴权标识请求,所述鉴权标识请求中包含有网络 信息。  The host provided by the embodiment of the present invention includes: an authentication request sending unit, which sends an authentication request to the gateway mobile device, where the authentication request is used to request network information; and an authentication identifier request receiving unit is configured to receive the gateway from the gateway An authentication identifier request of the mobile device, where the authentication identifier request includes network information.
从以上技术方案可以看出, 本发明实施例具有以下优点:  As can be seen from the above technical solutions, the embodiments of the present invention have the following advantages:
本发明实施例中,由于网关移动设备 G-MS从主机获取到的鉴权请求消息 后 G-MS会获取该对应的网络信息(至少包括 NSP标识), 并将该网络信息反 馈至主机,所以使得主机能够按照该 NSP标识选取对应的 NSP从而接入网络, 因此, 在多主机架构下各主机能够获取到相关网络信息从而接入网络。  In the embodiment of the present invention, after the gateway mobile device G-MS obtains the authentication request message from the host, the G-MS obtains the corresponding network information (including at least the NSP identifier), and feeds the network information to the host, so The host can select the corresponding NSP according to the NSP identifier to access the network. Therefore, in the multi-host architecture, each host can obtain related network information and access the network.
附图说明 DRAWINGS
图 1为现有技术中 WiMAX网络架构示意图;  1 is a schematic diagram of a WiMAX network architecture in the prior art;
图 2为现有技术中多主机架构示意图;  2 is a schematic diagram of a multi-host architecture in the prior art;
图 3为本发明实施例中网络信息获取方法第一实施例信令流程图; 图 4为本发明实施例中网络信息获取方法第二实施例信令流程图; 图 5为本发明实施例中网络信息获取方法第三实施例信令流程图; 图 6为本发明实施例中网络信息获取方法第四实施例信令流程图; 图 7为本发明实施例中通讯系统实施例示意图;  3 is a signaling flowchart of a first embodiment of a method for acquiring network information according to an embodiment of the present invention; FIG. 4 is a signaling flowchart of a second embodiment of a method for acquiring network information according to an embodiment of the present invention; Network information acquisition method third embodiment signaling flow chart; FIG. 6 is a signaling flow chart of a fourth embodiment of a network information acquisition method according to an embodiment of the present invention; FIG. 7 is a schematic diagram of an embodiment of a communication system according to an embodiment of the present invention;
图 8为本发明实施例中网关移动设备第一实施例示意图;  8 is a schematic diagram of a first embodiment of a gateway mobile device according to an embodiment of the present invention;
图 9为本发明实施例中网关移动设备第二实施例示意图;  FIG. 9 is a schematic diagram of a second embodiment of a gateway mobile device according to an embodiment of the present invention;
图 10为本发明实施例中主机实施例示意图。  FIG. 10 is a schematic diagram of an embodiment of a host in an embodiment of the present invention.
具体实施方式 detailed description
本发明实施例提供了一种网络信息获取方法及通讯系统以及相关设备,用 于在多主机架构下使得各主机获取到相关网络信息从而接入 WiMAX网络。  The embodiment of the invention provides a network information acquisition method, a communication system and a related device, which are used to enable the hosts to obtain relevant network information and access the WiMAX network under the multi-host architecture.
本发明实施例中,由于 G-MS从主机获取到的鉴权请求消息中携带有网络 指示信息, 则 G-MS会获取该网络指示信息对应的网络信息(至少包括 NSP 标识), 并将该网络信息反馈至主机, 所以使得主机能够按照该 NSP标识选取 对应的 NSP从而接入 WiMAX网络, 因此, 在多主机架构下各主机能够获取 到相关网络信息从而接入 WiMAX网络。 In the embodiment of the present invention, the G-MS obtains the network information corresponding to the network indication information (including at least the NSP identifier), and the network information is received by the G-MS. The network information is fed back to the host, so that the host can select the corresponding NSP according to the NSP identifier to access the WiMAX network. Therefore, each host can obtain the multi-host architecture. Access the WiMAX network to relevant network information.
下面对本发明实施例中的网络信息获取方法实施例进行伴细描述,在下述 各个实施例中, 均以鉴权流程为例进行说明, 按照鉴权模式的不同, 可以分为 两种情况:  The following is a detailed description of the network information acquisition method in the embodiment of the present invention. In the following embodiments, the authentication process is taken as an example. According to different authentication modes, the following can be divided into two cases:
一、 单次鉴权的方式:  First, the method of single authentication:
本方式中, G-MS不需要对主机进行鉴权,而只需要由接入服务网^ ( ASN, Access Service Network )对主机进行鉴权, 即在本方式中, 不需要进行本地鉴 权, 而只需要进行网络鉴权。  In this mode, the G-MS does not need to authenticate the host, but only needs to be authenticated by the Access Service Network (ASN), that is, in this mode, local authentication is not required. Only network authentication is required.
具体包括以下几种方式:  Specifically, the following methods are included:
1、 ASN通过 G-MS向主机反馈网络信息:  1. The ASN feeds back the network information to the host through the G-MS:
本方式中, ASN通过 G-MS向主机反馈网络信息, 具体请参阅图 3, 本发 明实施例中网络信息获取方法第一实施例包括:  In this manner, the ASN feeds back the network information to the host through the G-MS. For details, refer to FIG. 3. The first embodiment of the network information obtaining method in the embodiment of the present invention includes:
301、 主机向网关移动设备发送鉴权请求;  301. The host sends an authentication request to the gateway mobile device.
本实施例中, 当主机需要接入 WiMAX网络时, 会首先进行鉴权流程, 则 主机需要向 G-MS发送鉴权请求, 如可以是 EAP-Start消息。 在此之前, 主机 需要根据自身的选网配置信息生成网络指示信息,该网络指示信息中可包含有 主机的用户标识,该网络指示信息用于指示 ASN网络向该主机下发网络信息, 以便主机能够选择合适的网 ^矣入。其中,选网配置信息是指该主机所能够接 入的 NSP的相关信息, 包括不限于 NSP的类型, 容量, 标识, 正式名字和鉴 权模式中的一个或多个。  In this embodiment, when the host needs to access the WiMAX network, the authentication process is first performed, and the host needs to send an authentication request to the G-MS, such as an EAP-Start message. Prior to this, the host needs to generate the network indication information according to the network configuration information of the network. The network indication information may include the user identifier of the host, where the network indication information is used to instruct the ASN network to send network information to the host, so that the host Ability to choose the right network. The network configuration information refers to information about the NSP that the host can access, including one or more of the NSP type, capacity, identity, official name, and authentication mode.
当主机生成了网络指示信息后将该网络指示信息携带于发送给 G-MS 的 鉴权请求中, 并将该鉴权请求发送至 G-MS。  After the host generates the network indication information, the network indication information is carried in the authentication request sent to the G-MS, and the authentication request is sent to the G-MS.
上述描述的是在鉴权请求中携带网络指示信息的情况,可以理解的是,在 实际应用中, 同样可以不携带网络指示信息, 若不携带网络指示信息, 则可在 系统构建时约定,当接收到主机发送的鉴权请求之后即无条件向该主机反馈网 络信息, 而无需网络指示信息的触发, 即此时的鉴权请求可以触发 ASN网络 向该主机下发网络信息。  The foregoing describes the case where the network indication information is carried in the authentication request. It can be understood that, in actual applications, the network indication information may not be carried. If the network indication information is not carried, the system may be configured at the time of system construction. After receiving the authentication request sent by the host, the network information is unconditionally fed back to the host without the triggering of the network indication information. The authentication request at this time can trigger the ASN network to send network information to the host.
302、 G-MS向 ASN转发所述鉴权请求;  302. The G-MS forwards the authentication request to the ASN.
当 G-MS接收到主机发送的鉴权请求之后, 将该鉴权请求转发至 ASN。 303、 ASN向 G-MS反馈鉴权标识请求; After receiving the authentication request sent by the host, the G-MS forwards the authentication request to the ASN. 303. The ASN feeds back an authentication identifier request to the G-MS.
ASN在接收到 G-MS发送的鉴权请求之后, 根据该鉴权请求中携带的网 络指示信息可知发送该鉴权请求的主机需要获取相关的网络信息 ,则根据该网 络指示信息在本地存储的 NSP列表中查询满足该网络指示信息的 NSP, 并将 记录这些 NSP的标识, 将这些 NSP的标识携带于鉴权标识请求中, 如可以是 将这些 NSP的标识携带于 EAP-Request中, 同时 ASN会查询该主机所需要进 行鉴权的模式, 例如可以为单次鉴权或多次鉴权,该鉴权模式还可以指示是要 求设备鉴权还是用户鉴权。 本发明实施例中, 所述鉴权模式为单次鉴权。 将鉴 权模式携带于鉴权标识请求中, 并将该鉴权标识请求发送至 G-MS, 本实施例 中的网络信息至少包括 NSP的标识,此处描述的 NSP的标识可以是 NSP的 ID 或者是名称,可以理解的是, 同样可以包含其他用于指示主机接入 WiMAX网 络的相关信息, 例如鉴权模式等, 其他信息此处不做限定。  After receiving the authentication request sent by the G-MS, the ASN may know that the host that sends the authentication request needs to obtain related network information according to the network indication information carried in the authentication request, and then locally stored according to the network indication information. The NSP lists the NSPs that meet the network indication information, and records the identifiers of the NSPs, and carries the identifiers of the NSPs in the authentication identifier request, such as carrying the identifiers of the NSPs in the EAP-Request, and the ASN. A mode for authenticating the host may be queried, for example, a single authentication or multiple authentication. The authentication mode may also indicate whether device authentication or user authentication is required. In the embodiment of the present invention, the authentication mode is a single authentication. The authentication mode is carried in the authentication identifier request, and the authentication identifier request is sent to the G-MS. The network information in this embodiment includes at least the identifier of the NSP, and the identifier of the NSP described herein may be the ID of the NSP. Or the name. It can be understood that other information related to the host to access the WiMAX network, such as an authentication mode, may be included. Other information is not limited herein.
可以理解的是, 若鉴权请求中不携带网络指示信息, 则 G-MS根据接收到 的鉴权请求获取网络信息。  It can be understood that if the network indication information is not carried in the authentication request, the G-MS acquires the network information according to the received authentication request.
304、 G-MS向主机转发鉴权标识请求;  304. The G-MS forwards the authentication identifier request to the host.
G-MS接收到 ASN发送的鉴权标识请求后, 将该请求转发至主机。  After receiving the authentication identity request sent by the ASN, the G-MS forwards the request to the host.
本实施例中 , G-MS在收到来自主机的鉴权请求后将所述鉴权请求转发给 ASN, 向所述 ASN请求网络信息, 并在接收到来自 ASN反馈的鉴权标识请求 后将其转发给所述主机, 这样主机就获取到了网络信息。  In this embodiment, after receiving the authentication request from the host, the G-MS forwards the authentication request to the ASN, requests network information from the ASN, and after receiving the authentication identifier request from the ASN feedback, It is forwarded to the host, so that the host obtains network information.
进一步的,本发明实施例中, 所述主机获取到所述网络信息后可以根据该 网络信息接入对应的网络, 具体如下所述:  Further, in the embodiment of the present invention, after acquiring the network information, the host may access the corresponding network according to the network information, as follows:
305、 主机向 G-MS发送鉴权标识响应;  305. The host sends an authentication identifier response to the G-MS.
进一步的, 主机接收到 G-MS发送的鉴权标识请求后,从该鉴权标识请求 中读取出相应的网络信息,并且按照自身的接入规则选择合适的 NSP,并提取 该 NSP的标识以及接收到的鉴权模式, 将该 NSP的标识以及该鉴权模式携带 于鉴权标识响应中, 并将该鉴权标识响应发送至 G-MS。  Further, after receiving the authentication identifier request sent by the G-MS, the host reads the corresponding network information from the authentication identifier request, and selects an appropriate NSP according to its own access rule, and extracts the identifier of the NSP. And receiving the authentication mode, carrying the identifier of the NSP and the authentication mode in the authentication identifier response, and sending the authentication identifier response to the G-MS.
本实施例中, 若鉴权模式为默认的鉴权模式, 则主机发送给 G-MS的鉴权 标识响应中可以不携带鉴权模式。  In this embodiment, if the authentication mode is the default authentication mode, the authentication identity response sent by the host to the G-MS may not carry the authentication mode.
306、 G-MS向 ASN转发鉴权标识响应; 因为本发明实施例中, 所述鉴权模式为单次鉴权, 即所述 G-MS不需要对 主机进行鉴权, 而只需要由接入服务网络 ASN对主机进行鉴权, 所以 G-MS 接收到鉴权标识响应之后, 将该鉴权标识响应转发至 ASN。 306. The G-MS forwards the authentication identifier response to the ASN. In the embodiment of the present invention, the authentication mode is a single authentication, that is, the G-MS does not need to authenticate the host, but only needs to be authenticated by the access service network ASN, so G- After receiving the authentication identity response, the MS forwards the authentication identity response to the ASN.
307、 ASN根据选定的信息选取对应的认证授权计费( AAA, Authentication, Authorization and Accounting )月良务器;  307. The ASN selects a corresponding AAA, Authentication, Authorization and Accounting according to the selected information.
ASN接收到 G-MS发送的鉴权标识响应之后, 根据该鉴权标识响应中主 机选定的 NSP信息以及鉴权模式选定对应的 AAA服务器作为该主机接入 WiMAX网络的 AAA服务器, 具体的根据 NSP标识以及鉴权模式选定 AAA 服务器的过程为现有技术, 此处不再赞述。  After receiving the authentication identifier response sent by the G-MS, the ASN selects the corresponding AAA server according to the NSP information selected by the host in the authentication identifier response and the authentication mode as the AAA server of the host accessing the WiMAX network, and the specific The process of selecting an AAA server based on the NSP identity and the authentication mode is prior art and will not be discussed here.
308、 ASN向选定的 AAA服务器发送鉴权认证请求;  308. The ASN sends an authentication authentication request to the selected AAA server.
当 ASN选定了 AAA服务器之后,即向该 AAA服务器发送鉴权认证请求, 在该鉴权认证请求中携带有用户选定的鉴权模式以及用户标识。  After the ASN selects the AAA server, the authentication request is sent to the AAA server, and the authentication authentication request carries the authentication mode selected by the user and the user identifier.
309、 鉴权其他流程。  309. Other processes for authentication.
在 AAA服务器接收到该鉴权认证请求之后 , 即根据其中包含的鉴权模式 对请求接入 WiMAX网络的主机进行鉴权,若该主机能够通过鉴权, 则可接入 WiMAX网络。  After receiving the authentication request, the AAA server authenticates the host requesting access to the WiMAX network according to the authentication mode contained therein. If the host can authenticate, the WiMAX network can be accessed.
具体的鉴权其他流程包括: AAA服务器, ASN, G-MS 以及主机之间回 复确认消息的流程以及鉴权通过响应和鉴权失败响应的发送流程,此流程均为 现有技术, 此处不再赞述。  Specific processes for authentication include: AAA server, ASN, G-MS, and the process of replying confirmation messages between hosts and the sending process of authentication response and authentication failure response. This process is prior art, here is not Say it again.
上述实施例中描述了 ASN通过 G-MS向主机发送网络信息的情况, 在上 述实施例中, 由于主机能够通过 G-MS获取到网络信息,所以使得主机能够按 多主机架构下各主机能够获取到相关网络信息从而接入 WiMAX网络。  In the above embodiment, the ASN sends the network information to the host through the G-MS. In the foregoing embodiment, the host can obtain the network information through the G-MS, so that the host can obtain the host under the multi-host architecture. Access the WiMAX network to relevant network information.
2、 G-MS直接向主机反馈网络信息:  2. G-MS directly feeds back network information to the host:
具体请参阅图 4, 本发明实施例中网络信息获取方法第二实施例包括: Referring to FIG. 4, the second embodiment of the network information obtaining method in the embodiment of the present invention includes:
401、 主机向网关移动设备发送鉴权请求; 401. The host sends an authentication request to the gateway mobile device.
本实施例中, 当主机需要接入 WiMAX网络时, 会首先进行鉴权流程, 则 主机需要向 G-MS发送鉴权请求, 如可以是 EAP-Start消息。 在此之前, 主机 需要根据自身的选网配置信息生成网络指示信息 ,该网络指示信息中可包含有 主机的用户标识,该网络指示信息用于指示网络侧向该主机下发网络信息, 以 便主机能够选择合适的网 ^矣入。其中,选网配置信息是指该主机所能够接入 的 NSP的相关信息, 包括不限于 NSP的类型, 容量, 标识, 正式名字和鉴权 模式中的一个或多个。 In this embodiment, when the host needs to access the WiMAX network, the authentication process is first performed, and the host needs to send an authentication request to the G-MS, such as an EAP-Start message. Before this, the host needs to generate network indication information according to its network configuration information, and the network indication information may include The user identifier of the host, the network indication information is used to instruct the network side to send network information to the host, so that the host can select an appropriate network. The network configuration information refers to information about the NSP that the host can access, including one or more of the NSP type, capacity, identity, official name, and authentication mode.
当主机生成了网络指示信息后将该网络指示信息携带于发送给 G-MS 的 鉴权请求中, 并将该鉴权请求发送至 G-MS。  After the host generates the network indication information, the network indication information is carried in the authentication request sent to the G-MS, and the authentication request is sent to the G-MS.
上述描述的是在鉴权请求中携带网络指示信息的情况,可以理解的是,在 实际应用中, 同样可以不携带网络指示信息, 若不携带网络指示信息, 则可在 系统构建时约定,当接收到主机发送的鉴权请求之后即无条件向该主机反馈网 络信息, 而无需网络指示信息的触发, 即此时的鉴权请求可以触发 ASN网络 侧向该主机下发网络信息。  The foregoing describes the case where the network indication information is carried in the authentication request. It can be understood that, in actual applications, the network indication information may not be carried. If the network indication information is not carried, the system may be configured at the time of system construction. After receiving the authentication request sent by the host, the network information is unconditionally fed back to the host without the triggering of the network indication information, that is, the authentication request at this time can trigger the ASN network side to send the network information to the host.
402、 G-MS向主机反馈鉴权标识请求;  402. The G-MS feeds back an authentication identifier request to the host.
G-MS在接收到主机发送的鉴权请求之后, 根据该鉴权请求中携带的网络 指示信息可知发送该鉴权请求的主机需要获取相关的第一网络信息 ,则根据该 网络指示信息在本地存储的 NSP列表中查询满足该网络指示信息的 NSP, 并 将记录这些 NSP的标识, 同时将这些 NSP的标识携带于鉴权标识请求中, 如 可以是将这些 NSP的标识携带于 EAP-Request消息中, 同时 G-MS会根据该 主机的相关信息查询需要进行鉴权的模式, 例如可以为单次鉴权或多次鉴权, 该鉴权模式还可以指示是要求设备鉴权还是用户鉴权,本实施例中描述的为单 次鉴权的情况, 所以 G-MS查询到的鉴权模式为 "单次鉴权", 将鉴权模式携 带于鉴权标识请求中, 并将该鉴权标识请求发送至主机,本实施例中的第一网 络信息至少包括 NSP的标识, 此处描述的 NSP的标识可以是 NSP的 ID或者 是名称,可以理解的是, 同样可以包含其他用于指示主机接入 WiMAX网络的 相关信息, 例如鉴权模式等, 其他信息此处不做限定。  After receiving the authentication request sent by the host, the G-MS may know that the host that sends the authentication request needs to obtain the related first network information according to the network indication information carried in the authentication request, and then locally according to the network indication information. The stored NSP list queries the NSPs that meet the network indication information, and records the identifiers of the NSPs, and carries the identifiers of the NSPs in the authentication identifier request, for example, the identifiers of the NSPs may be carried in the EAP-Request message. In the meantime, the G-MS can query the mode that needs to be authenticated according to the related information of the host, for example, it can be single authentication or multiple authentication. The authentication mode can also indicate whether device authentication or user authentication is required. The case of single authentication is described in this embodiment. Therefore, the authentication mode queried by the G-MS is "single authentication", the authentication mode is carried in the authentication identifier request, and the authentication is performed. The identification request is sent to the host. The first network information in this embodiment includes at least the identifier of the NSP. The identifier of the NSP described herein may be an ID or a name of the NSP. That can also contain other information indicating the host WiMAX access network, such as authentication mode, additional information is not limited here.
可以理解的是, 若鉴权请求中不携带网络指示信息, 则 G-MS根据接收到 的鉴权请求获取网络信息。  It can be understood that if the network indication information is not carried in the authentication request, the G-MS acquires the network information according to the received authentication request.
本实施例中, 由于 G-MS会先接入 WiMAX网络, 当其接入 WiMAX网络 之后则会与 ASN通讯以获取 ASN保存的网络信息, 至少包括 NSP的相关信 息 (包括 NSP标识列表以及 NSP名称列表)。 本实施例中, G-MS在收到来自主机的鉴权请求后向主机发送自身保存的 网络信息, 这样, 所述主机就可以获取网络信息。 In this embodiment, the G-MS first accesses the WiMAX network, and when it accesses the WiMAX network, it communicates with the ASN to obtain the network information saved by the ASN, and at least includes information about the NSP (including the NSP identifier list and the NSP name). List). In this embodiment, after receiving the authentication request from the host, the G-MS sends the network information saved by the host to the host, so that the host can acquire the network information.
本发明实施例中, G-MS除了将自身存储的网络信息反馈给所述主机, 还 可以进一步的将所述鉴权请求转发给 ASN,向 ASN请求网络信息,具体如下: 403、 G-MS向 ASN转发所述鉴权请求;  In the embodiment of the present invention, the G-MS may further forward the authentication request to the ASN, and further request the network information to the ASN, as follows: 403, G-MS Forwarding the authentication request to the ASN;
进一步的, 本发明实施例中, 当 G-MS向主机发送鉴权标识请求之后, 还 可以选择将主机发送的鉴权请求发送至 ASN, 因为在此情况下, 如有 G-MS 未能及时更新自身的网络信息,则有可能导致发送给主机的网络信息并非最新 的信息, 所以 G-MS可以向 ASN转发鉴权请求,请求 ASN再次向主机发送包 含最新的网络信息的鉴权标识请求。  Further, in the embodiment of the present invention, after the G-MS sends the authentication identifier request to the host, the G-MS may also select to send the authentication request sent by the host to the ASN, because in this case, if the G-MS fails to be timely Updating the network information of the network may result in the network information sent to the host not being the latest information. Therefore, the G-MS may forward the authentication request to the ASN, requesting the ASN to send the authentication identifier request containing the latest network information to the host again.
404、 ASN向 G-MS反馈鉴权标识请求;  404. The ASN feeds back the authentication identifier request to the G-MS.
ASN在接收到 G-MS发送的鉴权请求之后, 根据该鉴权请求中携带的网 络指示信息可知发送该鉴权请求的主机需要获取相关的第二网络信息 ,则根据 该网络指示信息在本地存储的 NSP列表中查询满足该网络指示信息的 NSP, 并将记录这些 NSP的标识, 同时将这些 NSP的标识携带于鉴权标识请求中, 如可以是将这些 NSP的标识携带于 EAP-Request消息中, 同时 ASN会根据该 主机的相关信息查询需要进行鉴权的模式, 例如可以为单次鉴权或多次鉴权, 该鉴权模式还可以指示是要求设备鉴权还是用户鉴权,将鉴权模式携带于鉴权 标识请求中, 并将该鉴权标识请求发送至 G-MS, 本实施例中的第二网络信息 至少包括 NSP的标识, 可以理解的是, 同样可以包含其他用于指示主机接入 WiMAX网络的相关信息, 例如鉴权模式等, 此处不做限定。  After receiving the authentication request sent by the G-MS, the ASN may know that the host that sends the authentication request needs to obtain the related second network information according to the network indication information carried in the authentication request, and then the local indication information is locally according to the network indication information. The stored NSP list queries the NSPs that meet the network indication information, and records the identifiers of the NSPs, and carries the identifiers of the NSPs in the authentication identifier request, for example, the identifiers of the NSPs may be carried in the EAP-Request message. In the meantime, the ASN can query the mode that needs to be authenticated according to the related information of the host, for example, it can be single authentication or multiple authentication. The authentication mode can also indicate whether device authentication or user authentication is required. The authentication mode is carried in the authentication identifier request, and the authentication identifier request is sent to the G-MS. The second network information in this embodiment includes at least the identifier of the NSP. It can be understood that the authentication mode may also include other The information about the host accessing the WiMAX network, such as the authentication mode, is not limited herein.
可以理解的是, 由 G-MS转发给 ASN的鉴权请求中同样可以不携带网络 指示信息。  It can be understood that the network request information may not be carried in the authentication request forwarded by the G-MS to the ASN.
405、 G-MS向主机转发鉴权标识请求;  405. The G-MS forwards the authentication identifier request to the host.
G-MS接收到 ASN发送的鉴权标识请求后, 将该请求转发至主机。  After receiving the authentication identity request sent by the ASN, the G-MS forwards the request to the host.
本实施例中, 步骤 403至步骤 405为可选步骤。  In this embodiment, step 403 to step 405 are optional steps.
本实施例中, 更进一步的, G-MS向 ASN请求网络信息并将所述从 ASN 获取的网络信息发送给所述主机, 可以更好的保证主机获取的网络信息的完 整、 正确。 进一步的,本发明实施例中, 所述主机获取到所述网络信息后可以根据该 网络信息接入对应的网络, 具体如下所述: In this embodiment, the G-MS requests the network information from the ASN and sends the network information obtained from the ASN to the host, so as to ensure that the network information acquired by the host is complete and correct. Further, in the embodiment of the present invention, after acquiring the network information, the host may access the corresponding network according to the network information, as follows:
406、 主机向 G-MS发送鉴权标识响应;  406. The host sends an authentication identifier response to the G-MS.
进一步的, 主机接收到 G-MS发送的两个鉴权标识请求后, 可以选择比较 这两个鉴权标识请求中的第一网络信息以及第二网络信息,若这两个网络信息 不一致, 则以 ASN发送的网络信息为准, 可以理解的是, 若不需要执行步骤 403至步骤 405 , 则主机直接以从 G-MS接收到的网络信息为准 , 主机从该鉴 权标识请求中读取出相应的 NSP的标识, 并且按照自身的接入规则选择合适 的 NSP, 并提取该 NSP的标识以及对应的鉴权模式, 将该 NSP的标识以及对 应的鉴权模式携带于鉴权标识响应中, 并将该鉴权标识响应发送至 G-MS。  Further, after receiving the two authentication identifier requests sent by the G-MS, the host may select to compare the first network information and the second network information in the two authentication identifier requests, and if the two network information are inconsistent, Based on the network information sent by the ASN, it can be understood that if the step 403 to the step 405 are not required, the host directly takes the network information received from the G-MS, and the host reads the request from the authentication identifier. The identifier of the corresponding NSP is obtained, and an appropriate NSP is selected according to the access rule of the user, and the identifier of the NSP and the corresponding authentication mode are extracted, and the identifier of the NSP and the corresponding authentication mode are carried in the authentication identifier response. And send the authentication identity response to the G-MS.
本实施例中, 若鉴权模式为默认的鉴权模式, 则主机发送给 G-MS的鉴权 标识响应中可以不携带鉴权模式。  In this embodiment, if the authentication mode is the default authentication mode, the authentication identity response sent by the host to the G-MS may not carry the authentication mode.
407、 G-MS向 ASN转发鉴权标识响应;  407. The G-MS forwards the authentication identifier response to the ASN.
因为本发明实施例中 , 所述鉴权模式为单次鉴权, 即所述 G-MS不需要对 主机进行鉴权, 而只需要由接入服务网络 ASN对主机进行鉴权, 所以 G-MS 接收到鉴权标识响应之后, 将该鉴权标识响应转发至 ASN。  In the embodiment of the present invention, the authentication mode is a single authentication, that is, the G-MS does not need to authenticate the host, but only needs to be authenticated by the access service network ASN, so G- After receiving the authentication identity response, the MS forwards the authentication identity response to the ASN.
408、 ASN根据选定的信息选取对应的 AAA服务器;  408. The ASN selects a corresponding AAA server according to the selected information.
ASN接收到 G-MS发送的鉴权标识响应之后, 根据该鉴权标识响应中主 机选定的 NSP信息以及对应的鉴权模式选定对应的 AAA服务器作为该主机接 入 WiMAX网络的 AAA服务器 ,具体的根据 NSP标识以及对应的鉴权模式选 定 AAA服务器的过程为现有技术, 此处不再赘述。  After receiving the authentication identifier response sent by the G-MS, the ASN selects the corresponding AAA server as the AAA server of the host to access the WiMAX network according to the NSP information selected by the host in the authentication identifier response and the corresponding authentication mode. The process of selecting an AAA server according to the NSP identifier and the corresponding authentication mode is a prior art, and details are not described herein again.
409、 ASN向选定的 AAA服务器发送鉴权认证请求;  409. The ASN sends an authentication authentication request to the selected AAA server.
当 ASN选定了 AAA服务器之后,即向该 AAA服务器发送鉴权认证请求, 在该鉴权认证请求中携带有用户选定的鉴权模式以及用户标识。  After the ASN selects the AAA server, the authentication request is sent to the AAA server, and the authentication authentication request carries the authentication mode selected by the user and the user identifier.
410、 鉴权其他流程。  410. Other processes for authentication.
在 AAA服务器接收到该鉴权认证请求之后, 即根据其中包含的鉴权模式 对请求接入 WiMAX网络的主机进行鉴权,若该主机能够通过鉴权, 则可接入 WiMAX网络。  After receiving the authentication request, the AAA server authenticates the host requesting access to the WiMAX network according to the authentication mode contained therein. If the host can authenticate, the WiMAX network can be accessed.
具体的鉴权其他流程包括: AAA服务器, ASN, G-MS 以及主机之间回 复确认消息的流程以及鉴权通过响应和鉴权失败响应的发送流程,此流程均为 现有技术, 此处不再赞述。 Specific authentication other processes include: AAA server, ASN, G-MS and host back The process of re-confirming the message and the sending process of the response through the response and the authentication failure response are all prior art, and are not mentioned here.
本实施例中, 可以不执行步骤 403 , 404 以及 405, 即主机直接以 G-MS 查询到的第一网络信息为准, 可以理解的是, 若采取这种方式, 则需要 G-MS 能够及时地与 ASN进行数据同步。  In this embodiment, steps 403, 404, and 405 may not be performed, that is, the host directly refers to the first network information queried by the G-MS. It can be understood that if this method is adopted, the G-MS needs to be timely. The data is synchronized with the ASN.
上述实施例中, G-MS可以直接向主机反馈自身存储的网络信息, 所以能 够减少网络间的信令交互, 因此提高网络工作效率。  In the above embodiment, the G-MS can directly feed back the network information stored by the host to the host, so the signaling interaction between the networks can be reduced, thereby improving the network working efficiency.
上面介绍了单次鉴权的实施例, 下面介绍多次鉴权的实施例:  The embodiment of single authentication is described above. The following describes an embodiment of multiple authentication:
二、 多次鉴权的方式:  Second, the method of multiple authentication:
本方式中, G-MS或主机自身的鉴权器需要对主机进行鉴权, 同时也需要 In this mode, the G-MS or the host's own authenticator needs to authenticate the host, and also needs to
ASN对主机进行鉴权, 即在本方式中, 既需要进行本地鉴权, 也需要进行网 络鉴权。 The ASN authenticates the host. In this mode, both local authentication and network authentication are required.
在本方式中, 具体的多次鉴权的方式有以下几种:  In this mode, the specific multiple authentication methods are as follows:
1、 ASN通过 G-MS向主机反馈网络信息;  1. The ASN feeds back the network information to the host through the G-MS;
具体请参阅图 5, 本发明实施例中网络信息获取方法第三实施例包括: Referring to FIG. 5, the third embodiment of the network information obtaining method in the embodiment of the present invention includes:
501、 主机向网关移动设备发送鉴权请求; 501. The host sends an authentication request to the gateway mobile device.
本实施例中, 当主机需要接入 WiMAX网络时, 会首先进行鉴权流程, 则 主机需要向 G-MS发送鉴权请求, 如可以是 EAP-Start消息。 在此之前, 主机 需要根据自身的选网配置信息生成网络指示信息,该网络指示信息中可包含有 主机的用户标识, 该网络指示信息用于指示 ASN网络侧向该主机下发网络信 息, 以便主机能够选择合适的网 ^矣入。 其中, 选网配置信息是指该主机所能 够接入的 NSP的相关信息, 包括 NSP的类型, 容量, 标识, 正式名字和鉴权 模式中的一个或多个。  In this embodiment, when the host needs to access the WiMAX network, the authentication process is first performed, and the host needs to send an authentication request to the G-MS, such as an EAP-Start message. Prior to this, the host needs to generate the network indication information according to the network configuration information of the network. The network indication information may include the user identifier of the host, where the network indication information is used to indicate that the ASN network side sends the network information to the host, so that The host can choose the appropriate network to enter. The network configuration information refers to information about the NSP that the host can access, including one or more of the NSP type, capacity, identity, official name, and authentication mode.
当主机生成了网络指示信息后将该网络指示信息携带于发送给 G-MS 的 鉴权请求中, 并将该鉴权请求发送至 G-MS。  After the host generates the network indication information, the network indication information is carried in the authentication request sent to the G-MS, and the authentication request is sent to the G-MS.
上述描述的是在鉴权请求中携带网络指示信息的情况,可以理解的是,在 实际应用中, 同样可以不携带网络指示信息, 若不携带网络指示信息, 则可在 系统构建时约定,当接收到主机发送的鉴权请求之后即无条件向该主机反馈网 络信息, 而无需网络指示信息的触发, 即此时的鉴权请求可以触发 ASN网络 侧向该主机下发网络信息。 The foregoing describes the case where the network indication information is carried in the authentication request. It can be understood that, in actual applications, the network indication information may not be carried. If the network indication information is not carried, the system may be configured at the time of system construction. After receiving the authentication request sent by the host, the network information is unconditionally fed back to the host without triggering the network indication information, that is, the authentication request at this time can trigger the ASN network. The host sends network information to the host.
502、 G-MS向 ASN转发所述鉴权请求;  502. The G-MS forwards the authentication request to the ASN.
当 G-MS接收到主机发送的鉴权请求之后, 将该鉴权请求转发至 ASN。 After receiving the authentication request sent by the host, the G-MS forwards the authentication request to the ASN.
503、 ASN向 G-MS反馈鉴权标识请求; 503. The ASN feeds back the authentication identifier request to the G-MS.
ASN在接收到 G-MS发送的鉴权请求之后, 根据该鉴权请求中携带的网 络指示信息可知发送该鉴权请求的主机需要获取相关的网络信息,则根据该网 络指示信息在本地存储的 NSP列表中查询满足该网络指示信息的 NSP, 并将 记录这些 NSP的标识, 同时将这些 NSP的标识携带于鉴权标识请求中, 如可 以是将这些 NSP的标识携带于 EAP-Request消息中, 同时 ASN会根据该主机 的相关信息查询需要进行鉴权的模式, 例如可以为单次鉴权或多次鉴权,该鉴 权模式还可以指示是要求设备鉴权还是用户鉴权,由于本实施例中描述的为多 次鉴权的情况, 所以 ASN查询到的鉴权模式为 "多次鉴权", 将鉴权模式携带 于鉴权标识请求中, 并将该鉴权标识请求发送至 G-MS, 本实施例中的网络信 息至少包括 NSP的标识, 此处描述的 NSP的标识可以是 NSP的 ID或者是名 称,可以理解的是, 同样可以包含其他用于指示主机接入 WiMAX网络的相关 信息, 例如鉴权模式等, 其他信息此处不做限定。  After receiving the authentication request sent by the G-MS, the ASN may know that the host that sends the authentication request needs to obtain related network information according to the network indication information carried in the authentication request, and then locally stored according to the network indication information. Querying the NSPs that meet the network indication information in the NSP list, and recording the identifiers of the NSPs, and carrying the identifiers of the NSPs in the authentication identifier request, for example, the identifiers of the NSPs may be carried in the EAP-Request message. At the same time, the ASN queries the mode that needs to be authenticated according to the information about the host. For example, the ASN can be a single authentication or multiple authentication. The authentication mode can also indicate whether device authentication or user authentication is required. The case described in the example is the case of multiple authentication. Therefore, the authentication mode that the ASN queries is "multiple authentication", the authentication mode is carried in the authentication identifier request, and the authentication identifier request is sent to the G. -MS, the network information in this embodiment includes at least the identifier of the NSP, and the identifier of the NSP described herein may be the ID or the name of the NSP. It can be understood that Other information related to the host to access the WiMAX network, such as the authentication mode, may be included. Other information is not limited herein.
可以理解的是, 若鉴权请求中不携带网络指示信息, 则 G-MS根据接收到 的鉴权请求获取网络信息。  It can be understood that if the network indication information is not carried in the authentication request, the G-MS acquires the network information according to the received authentication request.
504、 G-MS向主机转发鉴权标识请求;  504. The G-MS forwards the authentication identifier request to the host.
G-MS接收到 ASN发送的鉴权标识请求后, 将该请求转发至主机。  After receiving the authentication identity request sent by the ASN, the G-MS forwards the request to the host.
本实施例中 , G-MS在收到来自主机的鉴权请求后将所述鉴权请求转发给 ASN, 向所述 ASN请求网络信息, 并在接收到来自 ASN反馈的鉴权标识请求 后将其转发给所述主机, 这样主机就获取到了网络信息。  In this embodiment, after receiving the authentication request from the host, the G-MS forwards the authentication request to the ASN, requests network information from the ASN, and after receiving the authentication identifier request from the ASN feedback, It is forwarded to the host, so that the host obtains network information.
进一步的,本发明实施例中, 所述主机获取到所述网络信息后可以根据该 网络信息接入对应的网络, 具体如下所述:  Further, in the embodiment of the present invention, after acquiring the network information, the host may access the corresponding network according to the network information, as follows:
505、 主机向 G-MS发送鉴权标识响应;  505. The host sends an authentication identifier response to the G-MS.
主机接收到 G-MS发送的鉴权标识请求后,从其中的鉴权模式中可以获知 当前需要进行多次鉴权, 则首先要进行本地鉴权, 即由 G-MS对该主机进行鉴 权, 则主机向 G-MS发送包括鉴权模式的鉴权标识响应, G-MS对该主机进行 本地鉴权。 After receiving the authentication identifier request sent by the G-MS, the host can learn from the authentication mode that the current authentication needs to be performed multiple times. First, local authentication is performed, that is, the host is authenticated by the G-MS. , the host sends an authentication identifier response including the authentication mode to the G-MS, and the G-MS performs the host Local authentication.
506、 G-MS向主机发送鉴权成功指示;  506. The G-MS sends an authentication success indication to the host.
当 G-MS接收到主机发送的鉴权标识响应后,从其中的鉴权模式中可以获 知当前需要进行多次鉴权, 则首先要进行本地鉴权, 则对主机进行本地鉴权, 鉴权完成后向该主机发送鉴权成功指示。  After receiving the authentication identifier response sent by the host, the G-MS can learn from the authentication mode that the user needs to perform multiple authentications at the current time. First, local authentication is performed, and the host is locally authenticated and authenticated. After the completion, an authentication success indication is sent to the host.
507、 G-MS向主机发送二次鉴权标识请求;  507. The G-MS sends a second authentication identity request to the host.
G-MS向主机发送二次鉴权标识请求,该请求中携带网络信息和 /或鉴权模 式。  The G-MS sends a secondary authentication identity request to the host, where the request carries network information and/or authentication mode.
508、主机向 G-MS发送包含选定的 NSP信息以及鉴权模式的二次鉴权标 识响应;  508. The host sends a second authentication identifier response that includes the selected NSP information and the authentication mode to the G-MS.
主机接收到 G-MS发送的二次鉴权标识请求之后,即获知下一步需要进行 网络鉴权, 则从二次鉴权标识请求中读取出相应的 NSP的标识, 并且按照自 身的接入规则选择合适的 NSP, 并提取该 NSP的标识以及对应的鉴权模式, 将该 NSP的标识以及对应的鉴权模式携带于二次鉴权标识响应中, 并将该二 次鉴权标识响应发送至 G-MS。  After receiving the second authentication identifier request sent by the G-MS, the host learns that the next step needs to perform network authentication, and then reads the corresponding NSP identifier from the second authentication identifier request, and according to its own access. The rule selects an appropriate NSP, and extracts the identifier of the NSP and the corresponding authentication mode, and carries the identifier of the NSP and the corresponding authentication mode in the second authentication identifier response, and sends the second authentication identifier response. To G-MS.
可以理解的是, 若在步骤 505中, 主机向 G-MS发送鉴权标识响应时, 在 该鉴权标识响应中携带了选定的 NSP以及鉴权模式, 则可以不执行步骤 507 以及步骤 508, 而由 G-MS再向主机反馈鉴权成功指示之后, 直接将该鉴权标 识响应转发至 ASN。  It can be understood that, if the host sends the authentication identifier response to the G-MS in step 505, and the selected NSP and the authentication mode are carried in the authentication identifier response, step 507 and step 508 may not be performed. After the G-MS returns the authentication success indication to the host, the authentication identifier response is directly forwarded to the ASN.
509、 G-MS向 ASN转发二次鉴权标识响应;  509. The G-MS forwards the second authentication identifier response to the ASN.
G-MS 接收到二次鉴权标识响应之后, 将该二次鉴权标识响应转发至 ASN, 可以理解的是, 若不需要执行步骤 507以及步骤 508, 则 G-MS将步骤 505中接收到的鉴权标识响应转发至 ASN。  After receiving the second authentication identifier response, the G-MS forwards the second authentication identifier response to the ASN. It can be understood that if step 507 and step 508 need not be performed, the G-MS receives the step 505. The authentication identity response is forwarded to the ASN.
本实施例中, 若鉴权模式为默认的鉴权模式, 则主机发送给 G-MS的二次 鉴权标识响应中可以不携带鉴权模式。  In this embodiment, if the authentication mode is the default authentication mode, the secondary authentication identity response sent by the host to the G-MS may not carry the authentication mode.
510、 ASN根据选定的信息选取对应的 AAA服务器;  510. The ASN selects a corresponding AAA server according to the selected information.
ASN接收到 G-MS发送的鉴权标识响应或二次鉴权标识响应之后, 根据 该鉴权标识响应或二次鉴权标识响应中主机选定的 NSP信息以及对应的鉴权 模式选定对应的 AAA服务器作为该主机接入 WiMAX网络的 AAA服务器, 具体的根据 NSP标识以及对应的鉴权模式选定 AAA服务器的过程为现有技 术, 此处不再赘述。 After receiving the authentication identifier response or the secondary authentication identifier response sent by the G-MS, the ASN selects the corresponding NSP information selected by the host in the authentication identifier response or the secondary authentication identifier response and the corresponding authentication mode. The AAA server serves as the AAA server for the host to access the WiMAX network. The process of selecting an AAA server according to the NSP identifier and the corresponding authentication mode is a prior art, and details are not described herein again.
511、 ASN向选定的 AAA服务器发送鉴权认证请求;  511. The ASN sends an authentication authentication request to the selected AAA server.
当 ASN选定了 AAA服务器之后,即向该 AAA服务器发送鉴权认证请求, 在该鉴权认证请求中携带有用户选定的鉴权模式以及用户标识。  After the ASN selects the AAA server, the authentication request is sent to the AAA server, and the authentication authentication request carries the authentication mode selected by the user and the user identifier.
512、 鉴权其他流程。  512, authentication other processes.
在 AAA服务器接收到该鉴权认证请求之后, 即根据其中包含的鉴权模式 对请求接入 WiMAX网络的主机进行鉴权,若该主机能够通过鉴权, 则可接入 WiMAX网络。  After receiving the authentication request, the AAA server authenticates the host requesting access to the WiMAX network according to the authentication mode contained therein. If the host can authenticate, the WiMAX network can be accessed.
具体的鉴权其他流程包括: AAA服务器, ASN, G-MS 以及主机之间回 复确认消息的流程以及鉴权通过响应和鉴权失败响应的发送流程,此流程均为 现有技术, 此处不再赞述。  Specific processes for authentication include: AAA server, ASN, G-MS, and the process of replying confirmation messages between hosts and the sending process of authentication response and authentication failure response. This process is prior art, here is not Say it again.
上述实施例中描述了 ASN通过 G-MS向主机发送网络信息的情况, 在上 述实施例中, 由于主机能够通过 G-MS获取到网络信息,所以使得主机能够按 多主机架构下各主机能够获取到相关网络信息从而接入 WiMAX网络。上述描 述了多次鉴权的情况, 由于增加了本地鉴权的流程, 所以上述实施例在前面的 实施例的基础上更进一步提高了鉴权流程的可靠性。  In the above embodiment, the ASN sends the network information to the host through the G-MS. In the foregoing embodiment, the host can obtain the network information through the G-MS, so that the host can obtain the host under the multi-host architecture. Access the WiMAX network to relevant network information. The above describes the case of multiple authentications. Since the flow of local authentication is increased, the above embodiment further improves the reliability of the authentication process based on the foregoing embodiments.
2、 G-MS直接向主机反馈网络信息:  2. G-MS directly feeds back network information to the host:
具体请参阅图 6, 本发明实施例中网络信息获取方法第四实施例包括: For details, please refer to FIG. 6. The fourth embodiment of the method for acquiring network information in the embodiment of the present invention includes:
601、 主机向网关移动设备发送鉴权请求; 601. The host sends an authentication request to the gateway mobile device.
本实施例中, 当主机需要接入 WiMAX网络时, 会首先进行鉴权流程, 则 主机需要向 G-MS发送鉴权请求, 可以是 EAP-Start消息。 在此之前, 主机需 要根据自身的选网配置信息生成网络指示信息,该网络指示信息中可包含有主 机的用户标识,该网络指示信息用于指示 ASN网络侧向该主机下发网络信息, 以便主机能够选择合适的网 ^矣入。其中,选网配置信息是指该主机所能够接 入的 NSP的相关信息, 包括 NSP的类型, 容量, 标识, 正式名字和鉴权模式 中的一个或多个。  In this embodiment, when the host needs to access the WiMAX network, the authentication process is first performed, and the host needs to send an authentication request to the G-MS, which may be an EAP-Start message. Before that, the host needs to generate the network indication information according to the network configuration information of the network. The network indication information may include the user identifier of the host, where the network indication information is used to indicate that the ASN network side sends the network information to the host, so that The host can choose the appropriate network to enter. The network configuration information refers to information about the NSP that the host can access, including one or more of the NSP type, capacity, identifier, official name, and authentication mode.
当主机生成了网络指示信息后将该网络指示信息携带于发送给 G-MS 的 鉴权请求中, 并将该鉴权请求发送至 G-MS。 After the host generates the network indication information, the network indication information is carried in the G-MS. In the authentication request, the authentication request is sent to the G-MS.
上述描述的是在鉴权请求中携带网络指示信息的情况,可以理解的是,在 实际应用中, 同样可以不携带网络指示信息, 若不携带网络指示信息, 则可在 系统构建时约定,当接收到主机发送的鉴权请求之后即无条件向该主机反馈网 络信息, 而无需网络指示信息的触发, 即此时的鉴权请求可以触发 ASN网络 侧向该主机下发网络信息。  The foregoing describes the case where the network indication information is carried in the authentication request. It can be understood that, in actual applications, the network indication information may not be carried. If the network indication information is not carried, the system may be configured at the time of system construction. After receiving the authentication request sent by the host, the network information is unconditionally fed back to the host without the triggering of the network indication information, that is, the authentication request at this time can trigger the ASN network side to send the network information to the host.
602、 G-MS向主机反馈鉴权标识请求;  602. The G-MS feeds back an authentication identifier request to the host.
G-MS在接收到主机发送的鉴权请求之后, 根据该鉴权请求中携带的网络 指示信息可知发送该鉴权请求的主机需要获取相关的第一网络信息 ,则根据该 网络指示信息在本地存储的 NSP列表中查询满足该网络指示信息的 NSP, 并 将记录这些 NSP 的标识, 同时将这些 NSP 的标识携带于鉴权标识请求 EAP-Request中, 同时 G-MS会根据该主机的相关信息查询需要进行鉴权的模 式, 例如可以为单次鉴权或多次鉴权,该鉴权模式还可以指示是要求设备鉴权 还是用户鉴权, 由于本实施例中描述的为多次鉴权的情况, 所以 G-MS查询到 的鉴权模式为 "多次鉴权", 将鉴权模式携带于鉴权标识请求中, 并将该鉴权 标识请求发送至主机, 本实施例中的第一网络信息至少包括 NSP的标识, 此 处描述的 NSP的标识可以是 NSP的 ID或者是名称, 可以理解的是, 同样可 以包含其他用于指示主机接入 WiMAX网络的相关信息,例如鉴权模式等,其 他信息此处不做限定。  After receiving the authentication request sent by the host, the G-MS may know that the host that sends the authentication request needs to obtain the related first network information according to the network indication information carried in the authentication request, and then locally according to the network indication information. Querying the NSPs that meet the network indication information in the stored NSP list, and recording the identifiers of the NSPs, and carrying the identifiers of the NSPs in the authentication identifier request EAP-Request, and the G-MS according to the related information of the host Querying the mode of authentication, for example, a single authentication or multiple authentication, the authentication mode may also indicate whether device authentication or user authentication is required, because multiple authentication is described in this embodiment. In this case, the authentication mode that is queried by the G-MS is "multiple authentication", the authentication mode is carried in the authentication identifier request, and the authentication identifier request is sent to the host, in this embodiment A network information includes at least an identifier of the NSP, and the identifier of the NSP described herein may be an ID or a name of the NSP. It is understood that the same may also include other Host Access WiMAX network-related information, such as authentication mode, other information is not limited herein.
可以理解的是, 若鉴权请求中不携带网络指示信息, 则 G-MS根据接收到 的鉴权请求获取网络信息。  It can be understood that if the network indication information is not carried in the authentication request, the G-MS acquires the network information according to the received authentication request.
本实施例中, 由于 G-MS会先接入 WiMAX网络, 当其接入 WiMAX网络 之后则会与 ASN通讯以获取 ASN保存的网络信息, 至少包括 NSP的相关信 息 (包括 NSP标识列表以及 NSP名称列表)。  In this embodiment, the G-MS first accesses the WiMAX network, and when it accesses the WiMAX network, it communicates with the ASN to obtain the network information saved by the ASN, and at least includes information about the NSP (including the NSP identifier list and the NSP name). List).
本实施例中, G-MS在收到来自主机的鉴权请求后向主机发送自身保存的 网络信息, 这样, 所述主机就可以获取网络信息。  In this embodiment, after receiving the authentication request from the host, the G-MS sends the network information saved by the host to the host, so that the host can acquire the network information.
本发明实施例中, G-MS除了将自身存储的网络信息反馈给所述主机, 还 可以进一步的将所述鉴权请求转发给 ASN,向 ASN请求网络信息,具体如下: In the embodiment of the present invention, the G-MS may forward the authentication request to the ASN, and further request the network information to the ASN, as follows:
603、 G-MS向 ASN转发所述鉴权请求; 进一步的, 本发明实施例中, 当 G-MS向主机发送鉴权标识请求之后, 还 可以选择将主机发送的鉴权请求发送至 ASN, 因为在此情况下, 如有 G-MS 未能及时更新自身的网络信息,则有可能导致发送给主机的网络信息并非最新 的信息, 所以 G-MS可以向 ASN转发鉴权请求,请求 ASN再次向主机发送包 含最新的网络信息的鉴权标识请求。 603. The G-MS forwards the authentication request to the ASN. Further, in the embodiment of the present invention, after the G-MS sends the authentication identifier request to the host, the G-MS may also select to send the authentication request sent by the host to the ASN, because in this case, if the G-MS fails to be timely Updating the network information of the network may result in the network information sent to the host not being the latest information. Therefore, the G-MS may forward the authentication request to the ASN, requesting the ASN to send the authentication identifier request containing the latest network information to the host again.
604、 ASN向 G-MS反馈鉴权标识请求;  604. The ASN feeds back the authentication identifier request to the G-MS.
ASN在接收到 G-MS发送的鉴权请求之后, 根据该鉴权请求中携带的网 络指示信息可知发送该鉴权请求的主机需要获取相关的第二网络信息 ,则根据 该网络指示信息在本地存储的 NSP列表中查询满足该网络指示信息的 NSP, 并将记录这些 NSP的标识, 同时将这些 NSP的标识携带于鉴权标识请求中, 如可以是将这些 NSP的标识携带于 EAP-Request消息中, 同时 ASN会根据该 主机的相关信息查询需要进行鉴权的模式, 例如可以为单次鉴权或多次鉴权, 该鉴权模式还可以指示是要求设备鉴权还是用户鉴权,由于本实施例中描述的 为多次鉴权的情况, 所以 ASN查询到的鉴权模式为 "多次鉴权", 将鉴权模式 携带于鉴权标识请求中, 并将该鉴权标识请求发送至 G-MS, 本实施例中的第 二网络信息至少包括 NSP的标识, 可以理解的是, 同样可以包含其他用于指 示主机接入 WiMAX网络的相关信息, 例如鉴权模式等, 此处不做限定。  After receiving the authentication request sent by the G-MS, the ASN may know that the host that sends the authentication request needs to obtain the related second network information according to the network indication information carried in the authentication request, and then the local indication information is locally according to the network indication information. The stored NSP list queries the NSPs that meet the network indication information, and records the identifiers of the NSPs, and carries the identifiers of the NSPs in the authentication identifier request, for example, the identifiers of the NSPs may be carried in the EAP-Request message. In the meantime, the ASN can query the mode that needs to be authenticated according to the related information of the host, for example, it can be single authentication or multiple authentication. The authentication mode can also indicate whether device authentication or user authentication is required. In this embodiment, the multiple authentication is described. Therefore, the authentication mode that the ASN queries is "multiple authentication", the authentication mode is carried in the authentication identifier request, and the authentication identifier request is sent. To the G-MS, the second network information in this embodiment includes at least the identifier of the NSP. It can be understood that the other may also include other means for indicating that the host accesses the WiMAX. Network-related information, such as authentication mode is not limited herein.
可以理解的是, 若鉴权请求中不携带网络指示信息, 则 G-MS根据接收到 的鉴权请求获取网络信息。  It can be understood that if the network indication information is not carried in the authentication request, the G-MS acquires the network information according to the received authentication request.
605、 G-MS向主机转发鉴权标识请求;  605. The G-MS forwards the authentication identifier request to the host.
G-MS接收到 ASN发送的鉴权标识请求后, 将该请求转发至主机。  After receiving the authentication identity request sent by the ASN, the G-MS forwards the request to the host.
步骤 603到 605是可选的步骤。  Steps 603 through 605 are optional steps.
本实施例中, 更进一步的, G-MS向 ASN请求网络信息并将所述从 ASN 获取的网络信息发送给所述主机, 可以更好的保证主机获取的网络信息的完 整、 正确。  In this embodiment, further, the G-MS requests the network information from the ASN and sends the network information obtained from the ASN to the host, so as to ensure that the network information acquired by the host is complete and correct.
进一步的,本发明实施例中, 所述主机获取到所述网络信息后可以根据该 网络信息接入对应的网络, 具体如下所述:  Further, in the embodiment of the present invention, after acquiring the network information, the host may access the corresponding network according to the network information, as follows:
606、 主机向 G-MS发送鉴权标识响应;  606. The host sends an authentication identifier response to the G-MS.
可以理解的是, 若上述步骤 603至 605执行, 则主机会接收到两个鉴权标 识请求, 一个是 G-MS 自身向主机反馈的, 另外一个是 G-MS转发 ASN发送 的, 则主机校验这两个鉴权标识请求是否一致, 若不一致, 则以 ASN发送的 鉴权标识请求为准。 It can be understood that if the above steps 603 to 605 are performed, the host will receive two authentication tokens. For the request, one is that the G-MS itself feeds back to the host, and the other is that the G-MS forwards the ASN, and the host checks whether the two authentication identifier requests are consistent. If they are inconsistent, the authentication identifier sent by the ASN is used. The request shall prevail.
本实施例中, 若步骤 603至步骤 605不执行, 则主机直接以步骤 602中接 收到的 G-MS反馈的鉴权标识请求为准。  In this embodiment, if the step 603 to the step 605 are not performed, the host directly determines the authentication identifier request of the G-MS feedback received in step 602.
主机接收到鉴权标识请求后 ,从其中的鉴权模式中可以获知当前需要进行 多次鉴权, 则首先要进行本地鉴权, 即由 G-MS对该主机进行鉴权, 则主机向 G-MS发送包括鉴权模式的鉴权标识响应。  After receiving the authentication identifier request, the host can learn from the authentication mode that the current authentication needs to be performed multiple times. First, local authentication is performed, that is, the G-MS authenticates the host, and the host sends the G to the host. - The MS sends an authentication identity response including an authentication mode.
607、 G-MS向主机发送鉴权成功指示;  607. The G-MS sends an authentication success indication to the host.
当 G-MS接收到主机发送的鉴权标识响应后,从其中的鉴权模式中可以获 知当前需要进行多次鉴权, 则首先要进行本地鉴权, 则对主机进行本地鉴权, 鉴权完成后向该主机发送鉴权成功指示。  After receiving the authentication identifier response sent by the host, the G-MS can learn from the authentication mode that the user needs to perform multiple authentications at the current time. First, local authentication is performed, and the host is locally authenticated and authenticated. After the completion, an authentication success indication is sent to the host.
608、 G-MS向主机发送二次鉴权标识请求;  608. The G-MS sends a second authentication identity request to the host.
G-MS向主机发送二次鉴权标识请求,该请求中携带网络信息和 /或网络侧 的鉴权模式。  The G-MS sends a secondary authentication identity request to the host, where the request carries network information and/or an authentication mode on the network side.
609、主机向 G-MS发送包含选定的 NSP信息以及鉴权模式的二次鉴权标 识响应;  609. The host sends a second authentication identifier response that includes the selected NSP information and the authentication mode to the G-MS.
主机接收到 G-MS发送的两个鉴权标识请求后,可以选择比较这两个鉴权 标识请求中的第一网络信息以及第二网络信息, 若这两个网络信息不一致, 则 以 ASN发送的网络信息为准,主机从该鉴权标识请求中读取出相应的 NSP的 标识, 并且按照自身的接入规则选择合适的 NSP, 并提取该 NSP的标识以及 对应的鉴权模式, 将该 NSP的标识以及对应的鉴权模式携带于二次鉴权标识 响应中, 并将该二次鉴权标识响应发送至 G-MS。  After receiving the two authentication identifier requests sent by the G-MS, the host may select to compare the first network information and the second network information in the two authentication identifier requests, and if the two network information are inconsistent, send the ASN. The network information is correct, the host reads the identifier of the corresponding NSP from the authentication identifier request, and selects an appropriate NSP according to its own access rule, and extracts the identifier of the NSP and the corresponding authentication mode. The identifier of the NSP and the corresponding authentication mode are carried in the secondary authentication identifier response, and the secondary authentication identifier response is sent to the G-MS.
本实施例中, 若鉴权模式为默认的鉴权模式, 则主机发送给 G-MS的二次 鉴权标识响应中可以不携带鉴权模式。  In this embodiment, if the authentication mode is the default authentication mode, the secondary authentication identity response sent by the host to the G-MS may not carry the authentication mode.
可以理解的是, 若在步骤 606中, 主机向 G-MS发送鉴权标识响应时, 在 该鉴权标识响应中携带了选定的 NSP以及鉴权模式, 则可以不执行步骤 608 以及步骤 609, 而由 G-MS再向主机反馈鉴权成功指示之后, 直接将该鉴权标 识响应转发至 ASN。 610、 G-MS向 ASN转发二次鉴权标识响应; It can be understood that, if the host sends the authentication identifier response to the G-MS in step 606, and the selected NSP and the authentication mode are carried in the authentication identifier response, step 608 and step 609 may not be performed. After the G-MS returns the authentication success indication to the host, the authentication identifier response is directly forwarded to the ASN. 610. The G-MS forwards the second authentication identifier response to the ASN.
G-MS 接收到二次鉴权标识响应之后, 将该二次鉴权标识响应转发至 ASN, 可以理解的是, 若不需要执行步骤 608以及步骤 609, 则 G-MS向 ASN 转发鉴权标识响应。  After receiving the second authentication identifier response, the G-MS forwards the second authentication identifier response to the ASN. It can be understood that if the step 608 and the step 609 are not performed, the G-MS forwards the authentication identifier to the ASN. response.
611、 ASN根据选定的信息选取对应的 AAA服务器;  611. The ASN selects a corresponding AAA server according to the selected information.
ASN接收到 G-MS发送的鉴权标识响应或二次鉴权标识响应之后, 根据 该鉴权标识响应或二次鉴权标识响应中主机选定的 NSP信息以及对应的鉴权 模式选定对应的 AAA服务器作为该主机接入 WiMAX网络的 AAA服务器, 具体的根据 NSP标识以及对应的鉴权模式选定 AAA服务器的过程为现有技 术, 此处不再赞述。  After receiving the authentication identifier response or the secondary authentication identifier response sent by the G-MS, the ASN selects the corresponding NSP information selected by the host in the authentication identifier response or the secondary authentication identifier response and the corresponding authentication mode. The AAA server is used as the AAA server of the host to access the WiMAX network. The process of selecting the AAA server according to the NSP identifier and the corresponding authentication mode is prior art, and is not mentioned here.
612、 ASN向选定的 AAA服务器发送鉴权认证请求;  612. The ASN sends an authentication authentication request to the selected AAA server.
当 ASN选定了 AAA服务器之后,即向该 AAA服务器发送鉴权认证请求, 在该鉴权认证请求中携带有用户选定的鉴权模式以及用户标识。  After the ASN selects the AAA server, the authentication request is sent to the AAA server, and the authentication authentication request carries the authentication mode selected by the user and the user identifier.
613、 鉴权其他流程。  613. Other processes for authentication.
在 AAA服务器接收到该鉴权认证请求之后 , 即根据其中包含的鉴权模式 对请求接入 WiMAX网络的主机进行鉴权,若该主机能够通过鉴权, 则可接入 WiMAX网络。  After receiving the authentication request, the AAA server authenticates the host requesting access to the WiMAX network according to the authentication mode contained therein. If the host can authenticate, the WiMAX network can be accessed.
具体的鉴权其他流程包括: AAA服务器, ASN, G-MS 以及主机之间回 复确认消息的流程以及鉴权通过响应和鉴权失败响应的发送流程,此流程均为 现有技术, 此处不再赘述。  Specific processes for authentication include: AAA server, ASN, G-MS, and the process of replying confirmation messages between hosts and the sending process of authentication response and authentication failure response. This process is prior art, here is not Let me repeat.
本实施例中, 可以不执行步骤 603, 604以及 605, 即主机直接以 G-MS 查询到的第一网络信息为准, 可以理解的是, 若采取这种方式, 则需要 G-MS 能够及时地与 ASN进行数据同步。  In this embodiment, steps 603, 604, and 605 may not be performed, that is, the host directly refers to the first network information queried by the G-MS. It can be understood that if this method is adopted, the G-MS needs to be timely. The data is synchronized with the ASN.
上述各个实施例中,由于 G-MS从主机获取到的鉴权请求消息中携带有网 络指示信息,则 G-MS会获取该网络指示信息对应的网络信息(至少包括 NSP 标识), 并将该网络信息反馈至主机, 所以使得主机能够按照该 NSP标识选取 对应的 NSP从而接入 WiMAX网络, 因此, 在多主机架构下各主机能够获取 到相关网络信息从而接入 WiMAX网络。  In the above embodiments, the G-MS obtains the network information corresponding to the network indication information (including at least the NSP identifier), and the network information is received by the G-MS. The network information is fed back to the host, so that the host can select the corresponding NSP according to the NSP identifier to access the WiMAX network. Therefore, in the multi-host architecture, each host can obtain related network information and access the WiMAX network.
需要说明的是,由于主机无论采取何种方式接入 WiMAX网络都必须会有 鉴权流程, 所以上述基于鉴权流程的实施例可以普遍的应用于各种接入方式, 可以理解的是,在实际的应用中, 同样可以针对不同的接入方式采取不同的网 络信息获取手段, 例如若主机采用互联网协议(IP, Internet Protocol )接入的 方式,还可以在地址解析的流程中获取网络信息, 即网络信息获取请求可以是 鉴权请求消息,还可以是地址解析请求消息, 同样还可以是其他的流程中对应 的请求消息, 但手段与上述在鉴权流程中的处理方式类似, 此处不再赘述。 It should be noted that because the host must access the WiMAX network in any way, there must be The authentication process, so the above-mentioned embodiments based on the authentication process can be generally applied to various access modes. It can be understood that in actual applications, different network information acquisition methods can also be adopted for different access modes. For example, if the host uses the Internet Protocol (IP) access method, the network information may be obtained in the process of address resolution, that is, the network information acquisition request may be an authentication request message or an address resolution request message. It can also be a corresponding request message in other processes, but the means is similar to the above processing in the authentication process, and details are not described herein again.
下面对本发明实施例中的通讯系统进行伴细描述, 请参阅图 7, 本发明实 施例中通讯系统实施例具体包括两种情况:  The following is a detailed description of the communication system in the embodiment of the present invention. Referring to FIG. 7, the embodiment of the communication system in the embodiment of the present invention specifically includes two cases:
一、 网关移动设备 702直接向主机 701反馈网络信息的方式:  1. The manner in which the gateway mobile device 702 directly feeds back the network information to the host 701:
本方式中, 通讯系统包括: 主机 701以及网关移动设备 702;  In this mode, the communication system includes: a host 701 and a gateway mobile device 702;
所述主机 701, 用于发送鉴权请求, 接收来自所述网关移动设备 702的包 含网络信息的鉴权标识请求;  The host 701 is configured to send an authentication request, and receive an authentication identifier request that includes network information from the gateway mobile device 702.
所述网关移动设备 702用于接收来自所述主机 701的鉴权请求,获取与所 述鉴权请求对应的网络信息 ,将所述网络信息通过鉴权标识请求反馈至所述主 机 701。  The gateway mobile device 702 is configured to receive an authentication request from the host 701, obtain network information corresponding to the authentication request, and feed back the network information to the host 701 by using an authentication identifier request.
进一步的,本实施例中, 所述主机 701还可以用于根据所述鉴权标识请求 中的网络信息选定网络服务提供商,并发送包含选定的网络服务提供商信息的 鉴权标识响应; 商信息的鉴权标识响应, 将该鉴权标识响应转发给接入服务网络。  Further, in this embodiment, the host 701 may be further configured to: select a network service provider according to the network information in the authentication identifier request, and send an authentication identifier response that includes the selected network service provider information. The authentication identifier response of the quotient information is forwarded to the access service network.
本实施例中, 通讯系统还包括:  In this embodiment, the communication system further includes:
接入服务网络 703 , 用于接收所述网关移动设备 702发送的包含选定的网 络服务提供商信息的鉴权标识响应,根据该选定的网络服务提供商信息选择对 应的网络服务提供商, 查询该网络服务提供商对应的 AAA服务器, 并向所述 AAA服务器发送鉴权认证请求。  The access service network 703 is configured to receive an authentication identifier response that is sent by the gateway mobile device 702 and includes the selected network service provider information, and select a corresponding network service provider according to the selected network service provider information, Querying an AAA server corresponding to the network service provider, and sending an authentication request to the AAA server.
本实施例中,所述网关移动设备 702还用于将主机 701发送的鉴权请求转 发至接入服务网络 703 , 并接收所述接入服务网络 703反馈的网络信息。  In this embodiment, the gateway mobile device 702 is further configured to forward the authentication request sent by the host 701 to the access service network 703, and receive the network information fed back by the access service network 703.
上述实施例中,由于网关移动设备从主机获取到鉴权请求消息后获取网络 信息并所述网络信息反馈给所述主机,这样主机就可以获取到网络信息。进一 步的 ,所述主机能够按照该 NSP标识选取对应的 NSP从而接入 WiMAX网络, 因此, 在多主机架构下各主机能够获取到相关网络信息从而接入 WiMAX 网 络。 In the above embodiment, the network information is obtained by the gateway mobile device after acquiring the authentication request message from the host, and the network information is fed back to the host, so that the host can obtain the network information. Enter one In step, the host can select the corresponding NSP according to the NSP identifier to access the WiMAX network. Therefore, in the multi-host architecture, each host can obtain related network information and access the WiMAX network.
二、 网关移动设备 702转发接入服务网络 703反馈的网络信息的方式: 本方式中, 通讯系统包括: 主机 701, 网关移动设备 702以及接入服务网 络 703;  Second, the gateway mobile device 702 forwards the access service network 703 feedback network information: In this mode, the communication system includes: a host 701, a gateway mobile device 702 and an access service network 703;
所述主机 701用于发送鉴权请求,接收来自所述网关移动设备 702的包含 网络信息的鉴权标识请求;  The host 701 is configured to send an authentication request, and receive an authentication identifier request from the gateway mobile device 702 that includes network information.
所述网关移动设备 702用于接收来自所述主机 701的鉴权请求,并向所述 接入服务网络 703转发所述鉴权请求,接收所述接入服务网络 703反馈的网络 信息, 将所述网络信息通过鉴权标识请求反馈至所述主机 701;  The gateway mobile device 702 is configured to receive an authentication request from the host 701, and forward the authentication request to the access service network 703, and receive network information fed back by the access service network 703. The network information is fed back to the host 701 through an authentication identifier request;
所述接入服务网络 703用于接收网关移动设备 702发送的鉴权请求,获取 与所述鉴权请求对应的网络信息, 向所述网关移动设备 702反馈所述网络信 进一步的,本实施例中, 所述主机 701还可以用于根据所述鉴权标识请求 的网络信息选定网络服务提供商,并发送包含选定的网络服务提供商信息的鉴 权标识响应;  The access service network 703 is configured to receive an authentication request sent by the gateway mobile device 702, obtain network information corresponding to the authentication request, and feed back the network information to the gateway mobile device 702. The host 701 may be further configured to: select, according to the network information requested by the authentication identifier, a network service provider, and send an authentication identifier response that includes the selected network service provider information;
所述网关移动设备 702接收所述主机 701发送的包含选定的网络服务提供 商信息的鉴权标识响应, 将该鉴权标识响应转发至接入服务网络。  The gateway mobile device 702 receives an authentication identifier response sent by the host 701 and includes the selected network service provider information, and forwards the authentication identifier response to the access service network.
上述实施例中,由于网关移动设备接收到来自主机的鉴权请求消息后将所 述鉴权请求转发给 ASN, 向所述 ASN请求网络信息, 并在接收到来自 ASN 反馈的鉴权标识请求后将其转发给所述主机, 这样主机就获取到了网络信息。 进一步的 , 所述主机能够按照该 NSP标识选取对应的 NSP从而接入 WiMAX 网络, 因此, 在多主机架构下各主机能够获取到相关网络信息从而接入 WiMAX网络。  In the above embodiment, after the gateway mobile device receives the authentication request message from the host, the authentication request is forwarded to the ASN, and the network information is requested from the ASN, and after receiving the authentication identifier request from the ASN feedback. Forward it to the host so that the host gets the network information. Further, the host can select the corresponding NSP according to the NSP identifier to access the WiMAX network. Therefore, in the multi-host architecture, each host can obtain related network information and access the WiMAX network.
请参阅图 8, 本发明实施例中的网关移动设备第一实施例包括:  Referring to FIG. 8, the first embodiment of the gateway mobile device in the embodiment of the present invention includes:
数据接收单元 801, 用于接收主机发送的鉴权请求, 接收接入服务网络反 馈的包含网络信息的鉴权标识请求;  The data receiving unit 801 is configured to receive an authentication request sent by the host, and receive an authentication identifier request that includes the network information that is sent by the access service network;
数据转发单元 802, 用于将所述数据接收单元 801接收到的鉴权请求转发 给接入服务网络,将所述数据接收单元 801接收到的鉴权标识请求反馈给所述 主机。 The data forwarding unit 802 is configured to forward the authentication request received by the data receiving unit 801 And the access service network feeds back the authentication identifier request received by the data receiving unit 801 to the host.
本发明实施例中 ,所述网关移动设备在接收到来自主机的鉴权请求后将其 转发给接入服务网络,将接收到的来自所述接入服务网络的鉴权标识请求反馈 给所述主机, 所述鉴权标识请求中包含有网络信息, 这样主机就可以获得网络 信息了。  In the embodiment of the present invention, after receiving the authentication request from the host, the gateway mobile device forwards the authentication request to the access service network, and feeds back the received authentication identifier request from the access service network to the The host, the authentication identifier request includes network information, so that the host can obtain the network information.
本实施例中的网关移动设备还可以包括:  The gateway mobile device in this embodiment may further include:
查询单元 803, 用于根据所述数据接收单元 801接收到的鉴权请求查询对 应的网络信息,并将查询到的网络信息携带于鉴权标识请求中并发送给所述数 据转发单元 802;  The query unit 803 is configured to query the corresponding network information according to the authentication request received by the data receiving unit 801, and carry the queried network information in the authentication identifier request and send it to the data forwarding unit 802;
所述数据转发单元 802还用于将来自查询单元 803的所述鉴权标识请求发 送给所述主机。  The data forwarding unit 802 is further configured to send the authentication identification request from the query unit 803 to the host.
进一步的,本发明实施例中, 所述的网关移动设备还可以是在收到来自主 机的鉴权请求后查询自身保存的网络信息,并将所查询到的网络信息反馈给所 述主机, 这样主机就可以获得网络信息了。  Further, in the embodiment of the present invention, the gateway mobile device may further query the network information saved by the gateway after receiving the authentication request from the host, and feed back the queried network information to the host, The host can get network information.
请参阅图 9, 本发明实施例中网关移动设备第二实施例包括:  Referring to FIG. 9, the second embodiment of the gateway mobile device in the embodiment of the present invention includes:
数据接收单元 901, 用于接收主机发送的鉴权请求;  The data receiving unit 901 is configured to receive an authentication request sent by the host.
查询单元 902, 用于根据所述数据接收单元 901接收到的鉴权请求查询对 应的网络信息,并将查询到的网络信息携带于鉴权标识请求中并发送给所述数 据反馈单元 902;  The query unit 902 is configured to query the corresponding network information according to the authentication request received by the data receiving unit 901, and carry the queried network information in the authentication identifier request and send it to the data feedback unit 902;
数据反馈单元 903, 用于向主机反馈所述鉴权标识请求。  The data feedback unit 903 is configured to feed back the authentication identifier request to the host.
本发明实施例中,所述网关移动设备在接收到来自主机的鉴权请求后根据 所述鉴权请求查询自身保存的网络信息,并将所查询到的网络信息反馈给所述 主机, 这样主机就可以获得网络信息了。  In the embodiment of the present invention, after receiving the authentication request from the host, the gateway mobile device queries the network information saved by itself according to the authentication request, and feeds back the queried network information to the host, so that the host You can get network information.
请参阅图 10, 本发明实施例中主机实施例包括:  Referring to FIG. 10, an embodiment of a host in an embodiment of the present invention includes:
鉴权请求发送单元 1001 , 向网关移动设备发送鉴权请求, 所述鉴权请求 用于请求网络信息;  The authentication request sending unit 1001 sends an authentication request to the gateway mobile device, where the authentication request is used to request network information;
鉴权标识请求接收单元 1002, 用于接收来自所述网关移动设备的鉴权标 识请求, 所述鉴权标识请求中包含有网络信息。 这样, 本发明实施例中, 所述主机通过向网关移动设备发送鉴权请求用以 请求网络信息, 并接收来自所述网关移动设备的鉴权标识请求,获取该鉴权标 识请求中携带的网络信息。 The authentication identifier request receiving unit 1002 is configured to receive an authentication identifier request from the gateway mobile device, where the authentication identifier request includes network information. In this embodiment, the host sends an authentication request to the gateway mobile device to request network information, and receives an authentication identifier request from the gateway mobile device to obtain a network carried in the authentication identifier request. information.
本实施例中的主机还可以包括:  The host in this embodiment may further include:
网络信息确认单元 1003 , 用于根据接收到的鉴权标识请求, 确认选定的 网络服务提供商;  The network information confirming unit 1003 is configured to confirm the selected network service provider according to the received authentication identifier request;
鉴权标识响应发送单元 1004, 用于将选定的网络服务提供商标识携带于 鉴权标识响应中发送至网关移动设备。  The authentication identifier response sending unit 1004 is configured to send the selected network service provider identifier to the gateway mobile device by carrying the identifier in the authentication identifier response.
本发明实施例中,进一步的, 所述主机可以根据所述获取的网络信息选择 网络并将所述选择的网络的信息携带在所述鉴权标识响应中发送给所述网关 移动设备, 主机能够按照网络信息选取对应的 NSP从而接入 WiMAX网络。  In the embodiment of the present invention, the host may select a network according to the acquired network information, and carry the information of the selected network in the authentication identifier response, and send the information to the gateway mobile device, where the host can According to the network information, the corresponding NSP is selected to access the WiMAX network.
本领域普通技术人员可以理解实现上述实施例方法中的全部或部分步骤 是可以通过程序来指令相关的硬件完成,所述的程序可以存储于一种计算机可 读存储介质中, 该程序在执行时, 包括如下步骤:  It will be understood by those skilled in the art that all or part of the steps of implementing the foregoing embodiments may be performed by a program to instruct related hardware, and the program may be stored in a computer readable storage medium. , including the following steps:
网关移动设备接收主机发送的鉴权请求;  The gateway mobile device receives an authentication request sent by the host;
根据所述鉴权请求获取对应的网络信息;  Obtaining corresponding network information according to the authentication request;
向所述主机反馈包含所述网络信息的鉴权标识请求。  An authentication identification request containing the network information is fed back to the host.
上述提到的存储介质可以是只读存储器, 磁盘或光盘等。  The above-mentioned storage medium may be a read only memory, a magnetic disk or an optical disk or the like.
以上对本发明所提供的一种网络信息获取方法及通讯系统以及相关设备 进行了详细介绍, 对于本领域的一般技术人员, 依据本发明实施例的思想, 在 具体实施方式及应用范围上均会有改变之处, 综上所述,本说明书内容不应理 解为对本发明的限制。  The network information acquisition method, the communication system, and the related device provided by the present invention are described in detail above. For those skilled in the art, according to the idea of the embodiment of the present invention, there will be a specific implementation manner and application scope. The details of the description are not to be construed as limiting the invention.

Claims

权 利 要 求 Rights request
1、 一种网络信息获取方法, 其特征在于, 包括:  A method for acquiring network information, which is characterized by comprising:
网关移动设备接收主机发送的鉴权请求;  The gateway mobile device receives an authentication request sent by the host;
根据所述鉴权请求获取对应的网络信息;  Obtaining corresponding network information according to the authentication request;
向所述主机反馈包含所述网络信息的鉴权标识请求。  An authentication identification request containing the network information is fed back to the host.
2、 根据权利要求 1所述的方法, 其特征在于, 所述鉴权请求中包含网络 指示信息, 所述网络指示信息用于指示网关移动设备向所述主机下发网络信  The method according to claim 1, wherein the authentication request includes network indication information, where the network indication information is used to instruct the gateway mobile device to send a network message to the host
3、 根据权利要求 2所述的方法, 其特征在于, 所述网络指示信息包括: 所述主机的用户标识; The method according to claim 2, wherein the network indication information comprises: a user identifier of the host;
所述根据所述鉴权请求获取对应的网络信息具体为:  The obtaining the corresponding network information according to the authentication request is specifically:
网关移动设备查询与所述主机的用户标识对应的网络信息;  The gateway mobile device queries network information corresponding to the user identifier of the host;
所述向所述主机反馈包含所述网络信息的鉴权标识请求具体为: 将所述网络信息携带于鉴权标识请求中;  And the requesting, by the host, the authentication identifier request that includes the network information is: carrying the network information in an authentication identifier request;
将所述鉴权标识请求发送至所述主机。  Sending the authentication identification request to the host.
4、 根据权利要求 1所述的方法, 其特征在于, 所述根据鉴权请求获取对 应的网络信息具体包括:  The method according to claim 1, wherein the obtaining the corresponding network information according to the authentication request specifically includes:
网关移动设备在本地查询所述鉴权请求对应的网络信息,所述网络信息包 括网络服务提供商标识;  The gateway mobile device locally queries the network information corresponding to the authentication request, where the network information includes a network service provider identifier;
或,  Or,
网关移动设备向接入服务网络转发所述鉴权请求;  Transmitting, by the gateway mobile device, the authentication request to the access service network;
接收来自所述接入服务网络的鉴权标识请求消息,所述鉴权标识请求消息 包含网络信息 , 所述网络信息包括网络服务提供商标识。  Receiving an authentication identity request message from the access service network, the authentication identity request message includes network information, and the network information includes a network service provider identity.
5、 根据权利要求 4所述的方法, 其特征在于, 所述网络信息还包括: 鉴 权模式, 所述鉴权模式指示当前鉴权为单次鉴权;  The method according to claim 4, wherein the network information further includes: an authentication mode, where the authentication mode indicates that the current authentication is a single authentication;
所述向主机反馈包含所述网络信息的鉴权标识请求的步骤之后包括: 接收来自所述主机的鉴权标识响应,所述鉴权标识响应中包含所述主机选 择的网络服务提供商标识和鉴权模式;  After the step of feeding back to the host the authentication identifier request that includes the network information, the method includes: receiving an authentication identifier response from the host, where the authentication identifier response includes a network service provider identifier selected by the host and Authentication mode
向所述接入服务网络发送所述鉴权标识响应。 Sending the authentication identity response to the access service network.
6、 根据权利要求 4所述的方法, 其特征在于, 所述网络信息还包括: 鉴 权模式, 所述鉴权模式指示当前鉴权为多次鉴权; The method according to claim 4, wherein the network information further includes: an authentication mode, where the authentication mode indicates that the current authentication is multiple authentication;
所述向主机反馈包含所述网络信息的鉴权标识请求的步骤之后包括: 网关移动设备接收来自所述主机的鉴权标识响应,所述鉴权标识响应中包 含所述主机选择的网络服务提供商标识和鉴权模式;  The step of feeding back to the host the authentication identifier request including the network information includes: the gateway mobile device receiving an authentication identifier response from the host, where the authentication identifier response includes the network service provision selected by the host Business identity and authentication mode;
根据所述鉴权标识响应对所述主机进行本地鉴权, 若鉴权通过, 则向所述 主机发送二次鉴权标识请求;  Performing local authentication on the host according to the authentication identifier response, and sending a secondary authentication identifier request to the host if the authentication is passed;
接收所述主机发送的二次鉴权标识响应,所述鉴权标识响应中包含所述主 机选择的网络服务提供商标识和鉴权模式;  Receiving a second authentication identifier response sent by the host, where the authentication identifier response includes a network service provider identifier and an authentication mode selected by the host;
向所述接入服务网络发送所述二次鉴权标识响应。  Sending the secondary authentication identity response to the access service network.
7、 根据权利要求 4所述的方法, 其特征在于, 所述网络信息还包括: 鉴 权模式, 所述鉴权模式指示当前鉴权为多次鉴权;  The method according to claim 4, wherein the network information further includes: an authentication mode, where the authentication mode indicates that the current authentication is multiple authentication;
所述向主机反馈包含所述网络信息的鉴权标识请求之后进一步包括: 网关移动设备接收来自所述主机的鉴权标识响应,所述鉴权标识响应中包 含所述主机选择的网络服务提供商标识和鉴权模式;  After the requesting the host to feed back the authentication identifier request including the network information, the method further includes: the gateway mobile device receiving an authentication identifier response from the host, where the authentication identifier response includes the network service provider selected by the host Identification and authentication mode;
根据所述鉴权标识响应对所述主机进行本地鉴权, 若鉴权通过, 则向所述 接入服务网络发送所述鉴权标识响应。  And authenticating the host according to the authentication identifier response, and if the authentication passes, sending the authentication identifier response to the access service network.
8、 一种通讯系统, 其特征在于, 包括:  8. A communication system, comprising:
主机以及网关移动设备;  Host and gateway mobile device;
所述主机用于发送鉴权请求,接收来自所述网关移动设备的包含网络信息 的鉴权标识请求;  The host is configured to send an authentication request, and receive an authentication identifier request that includes network information from the gateway mobile device;
所述网关移动设备用于接收来自所述主机的鉴权请求,获取与所述鉴权请 求对应的网络信息 , 将所述网络信息通过鉴权标识请求反馈至所述主机。  The gateway mobile device is configured to receive an authentication request from the host, obtain network information corresponding to the authentication request, and feed back the network information to the host by using an authentication identifier request.
9、 根据权利要求 8所述的通讯系统, 其特征在于,  9. The communication system of claim 8 wherein:
所述主机还用于根据所述鉴权标识请求的网络信息选定网络服务提供商, 并发送包含选定网络服务提供商信息的鉴权标识响应;  The host is further configured to select a network service provider according to the network information requested by the authentication identifier, and send an authentication identifier response including the selected network service provider information;
所述网关移动设备接收所述主机发送的包含选定网络服务提供商信息的 鉴权标识响应, 将该鉴权标识响应转发给接入服务网络。  The gateway mobile device receives an authentication identifier response that is sent by the host and includes the selected network service provider information, and forwards the authentication identifier response to the access service network.
10、根据权利要求 9所述的通讯系统,其特征在于,所述通讯系统还包括: 接入服务网络,用于接收所述网关移动设备发送的包含选定网络服务提供 商信息的鉴权标识响应 ,根据该选定网络服务提供商信息选择对应的网络服务 提供商, 查询该网络服务提供商对应的 AAA服务器, 并向所述 AAA服务器 发送鉴权认证请求。 10. The communication system of claim 9, wherein the communication system further comprises: And an access service network, configured to receive an authentication identifier response that is sent by the gateway mobile device and includes the selected network service provider, select a corresponding network service provider according to the selected network service provider information, and query the network service. An AAA server corresponding to the provider, and sending an authentication request to the AAA server.
11、 根据权利要求 10所述的通讯系统, 其特征在于, 所述网关移动设备 还用于将主机发送的鉴权请求转发至接入服务网络,并接收所述接入服务网络 反馈的网络信息。  The communication system according to claim 10, wherein the gateway mobile device is further configured to forward an authentication request sent by the host to the access service network, and receive network information fed back by the access service network. .
12、 一种通讯系统, 其特征在于, 包括:  12. A communication system, comprising:
主机, 网关移动设备以及接入服务网络;  Host, gateway mobile device, and access service network;
所述主机用于发送鉴权请求,接收来自所述网关移动设备的包含网络信息 的鉴权标识请求;  The host is configured to send an authentication request, and receive an authentication identifier request that includes network information from the gateway mobile device;
所述网关移动设备用于接收来自所述主机的鉴权请求,并向所述接入服务 网络转发所述鉴权请求,接收所述接入服务网络反馈的网络信息,将所述网络 信息通过鉴权标识请求反馈给所述主机;  The gateway mobile device is configured to receive an authentication request from the host, and forward the authentication request to the access service network, receive network information fed back by the access service network, and pass the network information. The authentication identifier request is fed back to the host;
所述接入服务网络用于接收网关移动设备发送的鉴权请求,获取与所述鉴 权请求对应的网络信息, 向所述网关移动设备反馈所述网络信息。  The access service network is configured to receive an authentication request sent by the gateway mobile device, obtain network information corresponding to the authentication request, and feed back the network information to the gateway mobile device.
13、 根据权利要求 12所述的通讯系统, 其特征在于,  13. The communication system according to claim 12, wherein:
所述主机还用于根据所述鉴权标识请求的网络信息选定网络服务提供商, 并发送包含选定的网络服务提供商信息的鉴权标识响应;  The host is further configured to: select a network service provider according to the network information requested by the authentication identifier, and send an authentication identifier response that includes the selected network service provider information;
所述网关移动设备接收所述主机发送的包含选定网络服务提供商信息的 鉴权标识响应, 将该鉴权标识响应转发给接入服务网络。  The gateway mobile device receives an authentication identifier response that is sent by the host and includes the selected network service provider information, and forwards the authentication identifier response to the access service network.
14、 一种网关移动设备, 其特征在于, 包括:  14. A gateway mobile device, comprising:
数据接收单元, 用于接收主机发送的鉴权请求,接收接入服务网络反馈的 包含网络信息的鉴权标识请求, 所述网络信息至少包含网络服务提供商信息; 数据转发单元, 用于将接收到的鉴权请求转发给接入服务网络, 将接收到 的网络信息通过鉴权标识请求反馈给所述主机。  a data receiving unit, configured to receive an authentication request sent by the host, and receive an authentication identifier request that includes network information fed back by the access service network, where the network information includes at least network service provider information; and a data forwarding unit, configured to receive The obtained authentication request is forwarded to the access service network, and the received network information is fed back to the host through the authentication identifier request.
15、 根据权利要求 14所述的网关移动设备, 其特征在于, 所述网关移动 设备还包括:  The gateway mobile device according to claim 14, wherein the gateway mobile device further comprises:
查询单元,用于根据所述数据接收单元接收到的鉴权请求查询对应的网络 信息 , 将查询到的网络信息携带于鉴权标识请求中并发送给所述数据转发单 元; a querying unit, configured to query a corresponding network according to the authentication request received by the data receiving unit The information, the queried network information is carried in the authentication identifier request and sent to the data forwarding unit;
所述数据转发单元还用于将所述来自查询单元的鉴权标识请求发送给所 述主机。  The data forwarding unit is further configured to send the authentication identifier request from the query unit to the host.
16、 一种网关移动设备, 其特征在于, 包括:  16. A gateway mobile device, comprising:
数据接收单元, 用于接收主机发送的鉴权请求;  a data receiving unit, configured to receive an authentication request sent by the host;
查询单元,用于根据所述数据接收单元接收到的鉴权请求查询对应的网络 信息 ,并将查询到的网络信息携带于鉴权标识请求中并发送给所述数据反馈单 元;  The querying unit is configured to query the corresponding network information according to the authentication request received by the data receiving unit, and carry the queried network information in the authentication identifier request and send the information to the data feedback unit;
数据反馈单元, 用于向主机反馈所述鉴权标识请求。  a data feedback unit, configured to feed back the authentication identifier request to the host.
17、 一种主机, 其特征在于, 包括:  17. A host computer, comprising:
鉴权请求发送单元, 向网关移动设备发送鉴权请求, 所述鉴权请求用于请 求网络信息;  The authentication request sending unit sends an authentication request to the gateway mobile device, where the authentication request is used to request network information;
鉴权标识请求接收单元, 用于接收来自所述网关移动设备的鉴权标识请 求, 所述鉴权标识请求中包含有网络信息。  The authentication identifier request receiving unit is configured to receive an authentication identifier request from the gateway mobile device, where the authentication identifier request includes network information.
18、 根据权利要求 17所述的主机, 其特征在于, 所述主机还包括: 网络信息确认单元, 用于根据接收到的鉴权标识请求,确认选定的网络服 务提供商;  The host according to claim 17, wherein the host further comprises: a network information confirming unit, configured to confirm the selected network service provider according to the received authentication identifier request;
鉴权标识响应发送单元,用于将选定的网络服务提供商标识携带于鉴权标 识响应中发送给网关移动设备。  The authentication identifier response sending unit is configured to send the selected network service provider identifier to the gateway mobile device by carrying the identifier in the authentication identifier.
PCT/CN2008/073423 2007-12-27 2008-12-10 Method for obtaining network information and communication system and correlative devices WO2009092225A1 (en)

Applications Claiming Priority (4)

Application Number Priority Date Filing Date Title
CN200710300295 2007-12-27
CN200710300295.4 2007-12-27
CNA2008100023188A CN101471778A (en) 2007-12-27 2008-01-08 Method for obtaining network information and communication system as well as relevant equipment
CN200810002318.8 2008-01-08

Publications (1)

Publication Number Publication Date
WO2009092225A1 true WO2009092225A1 (en) 2009-07-30

Family

ID=40828920

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2008/073423 WO2009092225A1 (en) 2007-12-27 2008-12-10 Method for obtaining network information and communication system and correlative devices

Country Status (2)

Country Link
CN (1) CN101471778A (en)
WO (1) WO2009092225A1 (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103685210B (en) * 2012-09-26 2018-02-13 中兴通讯股份有限公司 The register method and device of terminal

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20010009025A1 (en) * 2000-01-18 2001-07-19 Ahonen Pasi Matti Kalevi Virtual private networks
CN1802839A (en) * 2003-01-13 2006-07-12 摩托罗拉公司(在特拉华州注册的公司) Method and apparatus for providing network service information to a mobile station by a wireless local area network
CN101052035A (en) * 2006-04-27 2007-10-10 华为技术有限公司 Multiple hosts safety frame and its empty port key distributing method
CN101064605A (en) * 2006-04-29 2007-10-31 华为技术有限公司 AAA framework of multi-host network and authentication method

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20010009025A1 (en) * 2000-01-18 2001-07-19 Ahonen Pasi Matti Kalevi Virtual private networks
CN1802839A (en) * 2003-01-13 2006-07-12 摩托罗拉公司(在特拉华州注册的公司) Method and apparatus for providing network service information to a mobile station by a wireless local area network
CN101052035A (en) * 2006-04-27 2007-10-10 华为技术有限公司 Multiple hosts safety frame and its empty port key distributing method
CN101064605A (en) * 2006-04-29 2007-10-31 华为技术有限公司 AAA framework of multi-host network and authentication method

Also Published As

Publication number Publication date
CN101471778A (en) 2009-07-01

Similar Documents

Publication Publication Date Title
US20200153830A1 (en) Network authentication method, related device, and system
JP3869392B2 (en) User authentication method in public wireless LAN service system and recording medium storing program for causing computer to execute the method
US7633953B2 (en) Method, system and device for service selection via a wireless local area network
US8413215B2 (en) System and method for extending secure authentication using unique session keys derived from entropy
CN105052184B (en) Method, equipment and controller for controlling user equipment to access service
CN110650076B (en) VXLAN implementation method, network equipment and communication system
US20080294891A1 (en) Method for Authenticating a Mobile Node in a Communication Network
US20070113269A1 (en) Controlling access to a network using redirection
JP5982389B2 (en) Cross-access login controller
US9549318B2 (en) System and method for delayed device registration on a network
JP2005339093A (en) Authentication method, authentication system, authentication proxy server, network access authenticating server, program, and storage medium
CN103067337B (en) Identity federation method, identity federation intrusion detection & prevention system (IdP), identity federation service provider (SP) and identity federation system
WO2012167500A1 (en) Method for establishing data security channel for tunnel
CN110401951B (en) Method, device and system for authenticating terminal in wireless local area network
JP7135206B2 (en) access authentication
JP2010503318A (en) System and method for gaining network access
WO2013040957A1 (en) Single sign-on method and system, and information processing method and system
US8191153B2 (en) Communication system, server apparatus, information communication method, and program
JP2006352223A (en) Network connection system
WO2023143244A1 (en) Terminal management method and core network device
JP6861285B2 (en) Methods and devices for parameter exchange during emergency access
WO2009092225A1 (en) Method for obtaining network information and communication system and correlative devices
US20110153819A1 (en) Communication system, connection apparatus, information communication method, and program
JP2014186703A (en) Authentication apparatus and authentication method
US20110093604A1 (en) Communication system, server apparatus, information communication method, and program

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 08871622

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

WWE Wipo information: entry into national phase

Ref document number: 4032/CHENP/2010

Country of ref document: IN

122 Ep: pct application non-entry in european phase

Ref document number: 08871622

Country of ref document: EP

Kind code of ref document: A1