WO2009132536A1 - Method, system and equipment of policy authorization - Google Patents

Method, system and equipment of policy authorization Download PDF

Info

Publication number
WO2009132536A1
WO2009132536A1 PCT/CN2009/070867 CN2009070867W WO2009132536A1 WO 2009132536 A1 WO2009132536 A1 WO 2009132536A1 CN 2009070867 W CN2009070867 W CN 2009070867W WO 2009132536 A1 WO2009132536 A1 WO 2009132536A1
Authority
WO
WIPO (PCT)
Prior art keywords
policy
terminal
location information
entity
authorization
Prior art date
Application number
PCT/CN2009/070867
Other languages
French (fr)
Chinese (zh)
Inventor
何贤会
Original Assignee
华为技术有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority to CNA2008100940539A priority Critical patent/CN101572854A/en
Priority to CN200810094053.9 priority
Application filed by 华为技术有限公司 filed Critical 华为技术有限公司
Publication of WO2009132536A1 publication Critical patent/WO2009132536A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general

Abstract

A method, system and equipment of policy authorization are provided by the embodiments of the present invention. The method of policy authorization includes the following steps: acquiring terminal's location information; generating a policy rule according to the terminal's location information. In the embodiments of the present invention, the policy authorization entity acquires terminal's location information, and it can perform policy authorization and generate a policy rule according to the terminal's location information, in this way, an accurate authorization of a policy can be realized.

Description

 Strategy authorization method, system and device

Technical field

 The present invention relates to the field of communications technologies, and in particular, to a policy authorization method, system, and device. Background technique

 The architecture of the Worldwide Interoperability for Microwave Access (WiMAX Access) network mainly includes MS (Mobile Station), ASN (Access Service Network), and CSN (Connective Service Network). Connect the business network) three parts. The ASN mainly includes a BS (Base Station) and an ASN-GW (Access Service Network Gateway); the CSN mainly includes a PPS (Prepaid Server, a sub-pay server) and an AAA (Authentication Authorization Accounting). Authentication, authorization, and accounting) Logical entities such as servers. The MS and the ASN are connected through the R1 interface. The MS and the CSN are connected through the R2 interface. The ASN and the CSN are connected through the R3 interface. The ASNs are connected through the R4 interface. The CSNs are connected through the R5 interface. The BS in the ASN is connected. Connected to the ASN-GW through the R6 interface.

 The PCC (Policy Control and Charging) framework is a policy control and charging control function framework applicable to various IP (Internet Protocol) connection access networks. The PCC is used to complete resource admission control. Mainly for the characteristics of the mobile access network to achieve certain quality of service control and charging policy control, the main functions provided include: based on user-defined information to achieve policy control and service data flow-based charging control. The PCC is located between the service control layer and the access or bearer layer, and shields the service control layer from the specific technology and topology information of the access or bearer layer. Among them, policy control mainly refers to Gating Control and QoS Control, and charging control refers to FBC (Flow Based Charging).

 In order to solve the dynamic policy control and authorization of services, the PCC architecture is introduced in WiMAX, as shown in Figure 1.

To support the migration of A-PCEF in WiMAX access networks, the WiMAX PCC architecture has also been introduced. A PDF (Policy Distribution Function), which is used to mask the PCC policy enforcement point (PCEF) in the WiMAX network to the PCRF (Policy Charging Rule Function). Mobility and distribution of PCC rules to A-PCEF (Access Network PCEF) and C-PCEF (Core Network PCEF). The WiMAX network has an access network PCEF and an optional core network PCEF. The access network A-PCEF functions in Anchor SFA (Anchor Service Flow Authorization, Anchor SFA), Accounting Client/Agent (accounting client). End/Proxy), Anchor DPF (Anchor Path Entity) implementation.

 In the process of implementing the foregoing solution, the inventor finds that the following disadvantages exist in the prior art: With the development of the upper layer service and the fine authorization of the QoS/accounting policy, the QoS and the charging policy authorization are required according to the location information of the terminal. , such as configuring different QoS policies and billing rates according to different regions or routing domains. However, the prior art policy authorization entity cannot authorize different QoS policies (such as bandwidth, bit rate) and charging policies (credit rates) according to policies of different location domains or routing domains.

Summary of the invention

 The embodiment of the invention provides a policy authorization method, system and device, so that the policy authorization entity can perform policy authorization according to the location information of the terminal.

 The embodiment of the invention provides a policy authorization method, which includes the following steps:

 Obtaining location information of the terminal;

 Generating a policy rule according to the location information of the terminal.

 The embodiment of the invention provides a policy authorization system, including:

 The policy authorization entity is configured to acquire location information of the terminal, and generate a policy rule according to the location information of the terminal.

 An embodiment of the present invention provides a policy authorization entity, including:

 a terminal location information acquiring unit, configured to acquire location information of the terminal;

And a rule generating unit, configured to generate a policy rule according to the location information of the terminal. In the embodiment of the present invention, the policy authorization entity obtains the location information of the terminal, and performs policy authorization according to the location information of the terminal to generate a policy rule, so that the fine authorization of the policy can be implemented. DRAWINGS

 1 is a structural diagram of a WiMAX network in which a PCC is introduced in the prior art;

 2 is a schematic diagram of a method 1 in an embodiment of the present invention;

 3 is a schematic diagram of a method 2 in an embodiment of the present invention;

 4 is a flowchart of a method for authorizing a policy in Embodiment 1 of the present invention;

 5 is a flowchart of a method for authorizing a policy in Embodiment 2 of the present invention;

 6 is a flowchart of a method for authorizing a policy in Embodiment 3 of the present invention;

 7 is a flowchart of a method for authorizing a policy in Embodiment 4 of the present invention;

 8 is a flowchart of a method for authorizing a policy in Embodiment 6 of the present invention;

 9 is a flowchart of a method for authorizing a policy in Embodiment 7 of the present invention;

 FIG. 10 is a structural diagram of a policy authorization entity according to an embodiment of the present invention. detailed description

 The technical solutions in the embodiments of the present invention are clearly and completely described in the following with reference to the accompanying drawings in the embodiments of the present invention. It is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments obtained by a person of ordinary skill in the art based on the embodiments of the present invention without creative efforts are within the scope of the present invention.

 The embodiment of the invention provides a policy authorization method, which specifically includes:

 Obtaining location information of the terminal;

 Generating a policy rule according to the location information of the terminal.

 In the embodiment of the present invention, the policy authorization entity may acquire the location information of the terminal, and generate a policy rule according to the location information of the terminal. In this way, fine-grained authorization of the policy can be achieved.

Further, in the embodiment of the present invention, after the policy authorization entity generates the policy rule, the The policy rule is sent to the policy enforcement entity for policy enforcement.

 Method 1 of the embodiment of the present invention, as shown in FIG. 2, includes the following steps:

 Step 201: The policy enforcement entity sends a session establishment request or a session modification request to the policy authorization entity during the session establishment process, such as the IP-CAN session establishment process, where the session establishment request or the session modification request carries the location information of the terminal. Such as the location domain information or routing domain information of the terminal. The policy authorization entity performs policy authorization according to the location information of the terminal, and generates a policy rule, such as a QoS policy and/or a charging rate corresponding to the location information of the terminal, and other information (such as service information or User subscription information) performs policy authorization and generates policy rules.

 Step 202: After the policy authorization entity generates the policy rule according to the location information of the terminal, the policy rule is sent to the policy execution entity for execution by using a session establishment response or a session modification response.

 In the embodiment of the present invention, the policy enforcement entity may be a PCEF entity in a PCC system or an RCEF entity in a RACS (Resource and Admission Control Subsystem) system; the policy authorization entity may be a PCC The PCRF entity in the system or the A-RACF entity in the RACS system; the location information of the terminal includes not limited to: information of the current serving BS of the terminal, such as BS ID, or location domain information, or routing domain information, or FA (Foreign Agent, roaming agent) /HA (Home Agent, home agent) address, etc.

 In the embodiment of the present invention, the policy enforcement entity sends the location information of the terminal to the policy authorization entity, and the policy authorization entity can perform policy authorization according to the location information of the terminal to generate a policy rule, so that the policy can be implemented.

 Further, in the embodiment of the present invention, if the location of the terminal changes, such as the cross-BS handover, the FA handover, or the HA handover, the policy enforcement entity may carry the location information of the new terminal to the policy authorization entity. Policy authorization. The policy authorization entity performs policy authorization according to the new location information of the terminal, generates a new policy rule, and sends the new policy to the policy execution entity for execution through the session establishment response or the session modification response.

Method 2 of the embodiment of the present invention, as shown in FIG. 3, includes the following steps: Step 301: The application function entity (AF) sends a service authorization request to the policy authorization entity, where the request carries location information and service information of the terminal.

 In the embodiment of the present invention, if the terminal needs to establish a service, the terminal may send the location information to the application function entity AF, and after receiving the location information of the terminal, the AF sends a service 4 authorization request to the policy authorization entity. The location information and service information of the terminal may be carried in the request.

 In the embodiment of the present invention, the policy authorization entity may be a PCRF entity in a PCC system or a Service-based Policy Decision Function (SPDF) or an A-RACF entity in a RACS system.

 Step 302: The policy authorization entity performs policy authorization according to the location information of the terminal, generates a policy rule, and sends a session establishment request or a session modification request to the policy enforcement entity, and sends the policy rule to the policy execution entity.

 The policy authorization entity may perform policy authorization according to the QoS policy and/or the charging rate corresponding to the location information (location domain or routing domain) of the terminal, and generate a policy rule. Further, when the policy 4 is authorized, You can refer to other information, such as business information or user subscription information, to perform policy authorization and generate policy rules.

 Step 303: The policy enforcement entity receives the session establishment request or the session modification request, and returns a session establishment response or a session modification response to the policy authorization entity.

 Step 304: The policy authorization entity returns a service authorization response to the application function entity. In the embodiment of the present invention, in the process of newly establishing a service or modifying a service, the application function entity sends the location information of the terminal to the policy authorization entity, and the policy authorization entity performs policy authorization according to the location information of the terminal, and generates a policy rule. , you can achieve fine-grained authorization of the policy.

 Further, in the embodiment of the present invention, if the location of the terminal changes, for example, the terminal performs cross-BS handover, FA handover, or HA handover, the terminal may send new location information to the AF, where the AF will be The new location information is sent to the policy authorization entity to request the policy authorization entity to perform policy authorization, and a new policy rule is generated and sent to the policy execution entity for execution.

The following are organized in the PCC system and telecom and Internet convergence services and protocols. The method of applying the above method in the RACS system is described in detail as an example.

 As shown in FIG. 4, the embodiment of the foregoing method is applied to the PCC system as an example for detailed description, including the following steps:

 Step 401: The terminal MS or the base station BS triggers establishment or bearer modification of the IP-CAN (IP access network) bearer, and sends an IP-CAN bearer setup request message or an IP-CAN bearer modification request message to the access network gateway GW.

 Step 402: The access network gateway GW receives the IP-CAN bearer setup request message or the IP-CAN bearer modification request message, and sends an IP-CAN session setup request message or an IP-CAN session modification request message to the PCRF/PDF.

 In the embodiment of the present invention, the PCEF in the access network gateway GW may receive the IP-CAN 7 bearer setup request message or the IP-CAN ^f bearer request message, and send the IP address to the PCRF/PDF. The CAN session establishment request message or the IP-CAN session modification request message may carry the location information of the terminal, including but not limited to: BS ID, location domain information, routing domain information, FA address, or HA address.

 Step 403: The PCRF/PDF performs policy authorization according to the location information of the terminal, and generates a policy rule, such as generating a PCC rule.

 In the embodiment of the present invention, the PCRF/PDF performs policy authorization according to the location information of the terminal, and generates a policy rule, for example, may perform policy authorization according to the QoS and/or charging policy and the charging rate corresponding to the location information of the terminal. Generate policy rules, such as generating PCC rules. Further, you can refer to other information (such as terminal subscription information, service information, network configuration policy, etc.) to perform policy authorization and generate policy rules, such as generating PCC rules. In the embodiment of the present invention, the policy rule may include a QoS policy and a charging policy.

 Step 404: The PCRF/PDF sends an IP-CAN session establishment response or an IP-CAN session modification response to the PCEF, where the response carries the policy rule, such as carrying the policy rule.

Step 405: The PCEF installs the policy rule, initiates an IP-CAN bearer setup process, or The IP-CAN bearers the modification process.

 In the embodiment of the present invention, after the terminal or the base station triggers the policy enforcement entity (GW) to establish or modify the IP-CAN bearer, the GW notifies the location authorization information of the terminal to the policy authorization entity (PCRF/PDF), so that the PCRF/PDF is based on the location information of the terminal. Perform policy authorization and generate policy rules so that fine authorization of policies can be implemented.

 In the second embodiment of the present invention, the application of the foregoing method in the PCC system is taken as an example. If the terminal cross-BS handover occurs, the PCEF initiates an IP-CAN modification process. As shown in FIG. 5, the following steps are included:

 Step 501: The terminal is switched by the service BS to the target BS.

 Step 502: The target BS sends a service flow modification request to the GW, and the step is optional.

 Step 503: The PCEF in the GW receives the service flow modification request from the target BS or detects that the terminal is handed over to the target BS by the serving BS, and the PCEF sends an IP-CAN session modification request to the PCRF/PDF, where the request is The location information of the portable terminal.

 Step 504: The PCRF/PDF receives the IP-CAN session modification request, performs policy authorization according to the location information of the terminal carried in the IP-CAN session modification request, and generates a policy rule, such as a PCC rule.

 For example, the policy authorization may be performed according to a policy (such as a QoS policy or a charging policy) of a location domain corresponding to the BS (that is, the target BS) where the terminal is currently located, such as a PCC rule.

 Step 505: The PCRF/PDF sends an IP-CAN conference modification response message to the PCEF, where the message carries the generated policy rule, such as a PCC rule.

 Step 506: The PCEF performs a service flow modification process according to the policy rule.

 The PCEF updates the QoS and/or charging policy of the service flow according to the QoS policy information and/or the charging policy information carried in the policy rule, and initiates a service flow modification process to modify the service flow.

In the embodiment of the present invention, if the terminal cross-BS handover occurs, the PCEF initiates an IP-CAN modification process, and notifies the policy authorization entity (PCRF/PDF) of the location information of the terminal, so that the PCRF/PDF root Policy authorization is performed according to the location information of the terminal, and policy rules are generated, so that fine authorization of the policy can be implemented.

 In the third embodiment of the present invention, the above method is applied to the PCC system as an example for detailed description. If the terminal cross-anchor DPF/FA handover occurs, the PCEF initiates an IP-CAN session modification process.

 If a cross-Anchor DPF/FA handover occurs, the target ASN initiates service flow modification, and the PCEF carries the target anchor DPF/FA address request PCRF to re-authorize. As shown in FIG. 6, the method includes the following steps: Step 601: If a terminal cross-anchor DPF/FA handover occurs, if the terminal is switched from the source ASNa to the target ASNb.

 Step 602: The service flow authorization entity (and the anchor point DPF2/FA2 together) in the target ASNb sends a service flow modification request to the PCEF, for example, may send a service flow modification request, such as an RR-request message, to the PCEF. , this step is optional.

 Step 603, the PCEF receives a service flow modification request from the service flow authorization entity in the target ASNb or detects that the anchor DPF/FA is switched from the source ASNa to the target ASNb, and the PCEF sends an IP-CAN session to the PCRF/PDF. Modify the request, the request may carry the location information of the terminal (such as FA address, HA address, etc.).

 Step 604: The PCRF/PDF may perform policy authorization according to the location information of the terminal, and generate a policy rule, such as a PCC rule, to send an IP-CAN session modification response message to the PCEF, where the message carries a new policy rule.

 In the embodiment of the present invention, the PCRF/PDF may authorize the generation of a policy rule according to a policy of a routing domain corresponding to the location information of the terminal, such as a QoS policy or a charging policy.

 Step 605: The PCEF performs a service flow modification process according to the policy rule.

 In the embodiment of the present invention, if the cross-anchor DPF/FA handover occurs, the target ASNb initiates the service flow modification, and the PCEF carries the location information of the terminal to request the PCRF to re-authorize, so that the PCRF/PDF performs policy authorization according to the location information of the terminal. , generate policy rules.

In the fourth embodiment of the present invention, the AF sends the location information of the terminal to the policy 4 authorized entity in the service establishment request or the service modification request. As shown in FIG. 7, the method includes the following steps: Step 701: The terminal initiates service registration by using a high-level protocol, and sends location information (such as BS ID, routing domain information, FA address, or HA address) of the terminal to the AF.

 Step 702: The AF sends a service authorization request to the PCRF/PDF, where the service 4 authorized request can carry the location information and the service information of the terminal.

 Step 703: The PCRF/PDF performs policy authorization according to the location information of the terminal, and generates a policy rule, such as a PCC rule.

 In the embodiment of the present invention, the PCRF/PDF may perform policy authorization according to a policy corresponding to the location information of the terminal. If the location information includes the BS ID, the policy corresponding to the location domain or the routing domain (such as a QoS policy or a charging policy) may be found according to the BS ID for policy authorization. Further, the policy authorization may be performed by referring to the service information and the subscription information of the terminal, and the policy rule is generated.

 Step 704: The PCRF/PDF sends the policy rule, such as a PCC rule, to the PCEF, triggering an IP-CAN bearer setup or an IP-CAN bearer modification.

 Step 705: The PCRF/PDF sends an authorization response to the AF sending service 4, and the authorized response of the service 4 may carry an indication of whether the authorization is successful.

 Step 706: The PCEF performs a service flow modification process according to the policy rule, such as a PCC rule. In the embodiment of the present invention, the AF sends the location information of the terminal to the policy authorization entity in the service establishment or modification request, so that the policy authorization entity performs policy authorization according to the location information of the terminal, and generates a policy rule.

 In the fifth embodiment of the present invention, if the location information of the terminal changes, such as handover across a BS, migration of an anchor point DPF/FA, change of a routing domain, etc., the terminal will send new location information to the AF through a high layer protocol message, and the AF will send The service re-authorization request triggers the application session modification to the PCRF/PDF, and the service re-authorization request carries the new location information. The subsequent operation of the PCRF/PCEF is the same as that of the fourth embodiment.

In the sixth embodiment of the present invention, the policy authorization entity may also obtain the location information of the terminal from the location server for policy authorization, such as in the IP-CAN session establishment process or the IP-CAN session modification process (terminal/BS trigger), the policy authorization entity. The location information of the terminal can be obtained from the location server for policy granting Right. As shown in Figure 8, the following steps are included:

 Step 801: The terminal MS or the base station BS triggers establishment of an IP-CAN bearer or modification of an IP-CAN bearer, and sends an IP-CAN bearer setup request or an IP-CAN bearer modification request to the access network gateway GW.

 Step 802: The PCEF in the access network gateway GW receives the IP-CAN bearer setup request or the IP-CAN bearer modification request, and sends a session establishment request message or a session modification request message to the PCRF/PDF, such as an IP-CAN. Session establishment request message or IP-CAN session modification request message.

 Step 803: The PCRF/PDF sends a message to the location server to request location information of the terminal, such as a location information request message.

 Step 804: The location server returns a location information response to the PCRF/PDF, where the location information of the terminal is carried.

 Step 805: The PCRF/PDF performs policy authorization according to the location information of the terminal, and generates a policy rule, such as a PCC rule.

 For example, the policy authorization may be performed according to the QoS and/or charging policy, the charging rate, and the like corresponding to the location information. Further, other information (such as terminal subscription information, service information, network configuration policy, etc.) may also be referred to. Policy authorization, generating policy rules, such as PCC rules.

 Step 806, the PCRF/PDF sends an IP-CAN session establishment response or an IP-CAN session modification response to the PCEF, and carries the policy rule, such as a PCC rule.

 Step 807: The PCEF installs the received policy rule, initiates an IP-CAN bearer setup process, or IP-CAN 7 carries a tampering process.

 In this embodiment, the policy authorization entity is in the IP-CAN session modification process, and the policy authorization entity (PCRF) can obtain the location information of the terminal from the location server, and perform policy authorization according to the location information to generate a policy rule.

In the seventh embodiment of the present invention, the policy authorization entity acquires the location information of the terminal from the location server for policy authorization, the AF-triggered IP-CAN session establishment process or the IP-CAN session modification process, and the policy authorization entity acquires the location of the terminal from the location server. Information is authorized for policy. As shown in Figure 9, Includes the following steps:

 Step 901: The terminal initiates service registration through a high-level protocol, and sends location information (such as BS ID, routing domain information, FA address, or HA address) of the terminal to the AF.

 Step 902: The AF sends a service authorization request to the PCRF/PDF, and the service 4 carries the service information in the authorized request.

 Step 903: The PCRF/PDF requests location information of the terminal from the location server, and acquires location information of the terminal from the location server.

 Step 904: The PCRF/PDF performs policy authorization according to the location information of the terminal, and generates a policy rule, such as a PCC rule.

 In the embodiment of the present invention, the PCRF/PDF may perform policy authorization according to a policy corresponding to the location information of the terminal. If the location information includes the BS ID, the policy corresponding to the location domain or the routing domain (such as a QoS policy or a charging policy) may be found according to the BS ID for policy authorization. Further, the policy authorization may be performed by referring to the service information and the subscription information of the terminal, and the policy rule is generated.

 Step 905: The PCRF/PDF sends the policy rule, such as the PCC rule, to the PCEF, and triggers the IP-CAN bearer setup/IP-CAN bearer modification.

 Step 906: The PCRF/PDF sends a service 4 to the AF to be authorized to respond, and the authorized response of the service 4 may carry an indication of whether the authorization is successful.

 Step 907: The PCEF performs a service flow modification process according to the policy rule.

 In the seventh embodiment of the present invention, the IP-CAN session establishment or the IP-CAN session modification process triggered by the policy authorization entity AF obtains the location information of the terminal from the location server, performs policy authorization according to the location information, and generates a policy rule.

 In the eighth embodiment of the present invention, the access network gateway may send the location information of the terminal to the location server during the network access process or the IP address acquisition process, and the location server sends the terminal location information to the policy authorization entity for subsequent IP. The location information is applied for policy authorization in the -CAN session establishment procedure or the IP-CAN session modification procedure (same as in the implementation examples 1 and 4).

If the location information of the terminal changes, such as cross-BS handover, Anchor DPF/FA migration, routing The domain change, the access network gateway can send the location information of the terminal to the location server. The location server then sends the terminal location information to the policy authorization entity, the policy authorization entity applies the new location information for policy re-authorization, and initiates the IP-CAN session modification process (the same as the IP-CAN session modification procedure in the implementation examples 1 and 4) ).

 The location server in the embodiment of the present invention may be a separate functional entity, or integrated in an entity such as an AAA server, a NASS (Network Attachment Subsystem), a User Information Server, or the like.

 The methods of the first to sixth embodiments of the present invention are equally applicable to the TISPAN/NGN RACS system, except that the function of the PCEF is replaced by the execution entity RCEF of the RACS system, and the function of the PCRF/PDF is replaced by the SPDF/A-RACF entity of the RACS system, and the flow and The steps are the same as the method.

 The above embodiment is described by taking a WiMAX system as an example. The embodiment of the present invention is not limited to the WiMAX system, and may be applied to other systems such as 3GPP and 3GPP2.

 The embodiment of the present invention provides a policy authorization system, where the system includes a policy authorization entity, which is used to acquire location information of the terminal, and generate a policy rule according to the location information of the terminal.

 Further, the system further includes a policy enforcement entity, configured to receive an IP-CAN bearer setup request message or an IP-CAN bearer modification request message, or receive a service flow modification request from the target network, or detect that the terminal is from the original network. Switching to the target network, sending a session establishment request message or a session modification request message to the policy authorization entity, where the message carries location information of the terminal; the policy authorization entity is configured to receive a session from the policy enforcement entity Establishing a request message or a session modification request message, and acquiring location information of the terminal from the session establishment request message or the session modification request message.

 Further, the system further includes an application function entity, configured to send a service authorization request to the service authorization entity, where the service authorization request carries location information of the terminal, and the policy authorization entity is configured to receive from the The service authorization request of the application function entity acquires location information of the terminal from the service authorization request.

Further, the system further includes a location server, where the policy authorization entity is further configured to send a message to the location server to request location information of the terminal, and receive the location server from the location server. Location information of the terminal;

 The location server is configured to receive a request from the policy authorization entity, and send location information of the terminal to the policy authorization entity.

 Further, in the embodiment of the present invention, the policy authorization entity is further configured to send the policy rule to the policy enforcement entity, where the policy enforcement entity is further configured to receive the A policy rule that enforces the policy rule.

 In the embodiment of the present invention, the policy authorization entity obtains the location information of the terminal, and performs policy authorization according to the location information of the terminal to generate a policy rule, so that the fine authorization of the policy can be implemented.

 The embodiment of the present invention provides a policy authorization entity 100, as shown in FIG. 10, including a terminal location information acquiring unit 110, which is configured to acquire location information of a terminal, and a rule generating unit 120, configured to acquire a cell according to the terminal location information. The location information of the terminal acquired by 110 generates a policy rule.

 Further, in the embodiment of the present invention, the terminal location information acquiring unit 110 may include: a first acquiring subunit, configured to receive a session establishment request message or a session modification request message from a policy enforcement entity, from the session establishment request Acquiring the location information of the terminal in the message or the session modification request message; or the second obtaining subunit, configured to receive a service authorization request from the application function entity, and obtain location information of the terminal from the service authorization request Or a third obtaining subunit, configured to send a message to the location server to request location information of the terminal, and receive location information of the terminal from the location server.

 Further, in the embodiment of the present invention, the policy authorization entity 100 may further include a rule issuing entity.

 In the embodiment of the present invention, the policy authorization entity obtains the location information of the terminal, and performs policy authorization according to the location information of the terminal to generate a policy rule, so that the fine authorization of the policy can be implemented.

Through the description of the above embodiments, those skilled in the art can clearly understand the present invention. The embodiment may be implemented by hardware, or may be implemented based on the software plus the necessary general hardware platform. A person skilled in the art can understand that all or part of the steps of implementing the above embodiments can be completed by a program to instruct related hardware, and the program can be stored in a computer readable storage medium. , including the following steps: obtaining location information of the terminal;

 Generating a policy rule according to the location information of the terminal.

 The above mentioned storage medium may be a readable memory, a magnetic disk or an optical disk or the like.

 The above is only a preferred embodiment of the present invention, but the scope of the present invention is not limited thereto, and any person skilled in the art can easily think of changes or within the technical scope disclosed by the present invention. Alternatives are intended to be covered by the scope of the present invention. Therefore, the scope of protection of the present invention should be determined by the scope of the claims.

Claims

Claim
1. A strategy 4 authorized method, characterized in that it comprises the following steps:
 Obtaining location information of the terminal;
 Generating a policy rule according to the location information of the terminal.
 2. The policy authorization method according to claim 1, wherein the acquiring location information of the terminal specifically includes:
 The location information of the terminal is obtained from the policy enforcement entity, or from the application function entity, or from the location server.
 The method for authorizing the policy according to claim 2, wherein the obtaining the location information of the terminal from the policy enforcement entity specifically includes:
 Receiving a session establishment request message or a session modification request message from the policy enforcement entity, where the message carries the location information of the terminal;
 The policy authorization entity obtains the location information of the terminal from the session establishment request message or the session modification request message.
 The policy authorization method according to claim 3, wherein the receiving the session establishment request message or the session modification request message from the policy execution entity further includes:
 The policy enforcement entity receives the IP-CAN Bearer Setup Request message or the IP-CAN Bearer Modification Request message, or receives a service flow modification request from the target network, or detects that the terminal is handed over from the original network to the target network.
 The method for authorizing the policy according to claim 2, wherein the obtaining the location information of the terminal from the application function entity specifically includes:
 Receiving a service authorization request from an application function entity, where the service authorization request carries location information of the terminal;
 The policy authorization entity obtains location information of the terminal from the service authorization request.
6. The policy authorization method according to claim 2, wherein said obtaining from said location server The location information of the terminal specifically includes:
 The policy authorization entity sends a message to the location server to request location information of the terminal;
 The policy authorization entity receives location information of a terminal from the location server.
 The policy authorization method according to claim 6, wherein the policy authorization entity sends a message to the location server before:
 The policy authorization entity receives a session establishment request message or a session modification request message from the policy enforcement entity, or receives a service authorization request from the application function entity.
 8. The policy authorization method according to any one of claims 1-7, further comprising:
9. A strategy 4 authorized system, characterized in that it comprises:
 The policy authorization entity is configured to acquire location information of the terminal, and generate a policy rule according to the location information of the terminal.
 The policy authorization system according to claim 9, wherein the system further comprises: a policy enforcement entity, configured to receive an IP-CAN bearer setup request message or an IP-CAN bearer modification request message, or receive the The service flow modification request of the target network, or detecting that the terminal is handed over from the original network to the target network, and sending a session establishment request message or a session modification request message to the policy authorization entity, where the message carries the location information of the terminal;
 The policy authorization entity is configured to receive a session establishment request message or a session modification request message from the policy enforcement entity, and obtain location information of the terminal from the session establishment request message or the session modification request message.
 The policy authorization system according to claim 9, wherein the system further comprises: an application function entity, configured to send a service authorization request to the service authorization entity, where the service authorization request carries the Location information of the terminal;
 The policy authorization entity is configured to receive a service authorization request from the application function entity, and obtain location information of the terminal from the service authorization request.
12. The policy authorization system of claim 9, wherein the system further comprises a bit Set the server;
 The policy authorization entity is configured to send a message requesting to the location server to acquire location information of the terminal, and receive location information of the terminal from the location server;
 The location server is configured to receive a request from the policy authorization entity, and send location information of the terminal to the policy authorization entity.
 13. The policy authorization system according to any one of claims 9-12, wherein the policy enforcement entity is further configured to receive the policy rule from the policy authorization entity, and execute the policy rule.
 14. A policy authorization entity, characterized by comprising:
 a terminal location information acquiring unit, configured to acquire location information of the terminal;
 And a rule generating unit, configured to generate a policy rule according to the location information of the terminal acquired by the terminal location information acquiring unit.
 The policy authorization entity according to claim 14, wherein the terminal location information obtaining unit comprises any one of the following subunits:
 a first obtaining subunit, configured to receive a session establishment request message or a session modification request message from the policy enforcement entity, and obtain location information of the terminal from the session establishment request message or the session modification request message; or
 a second obtaining subunit, configured to receive a service authorization request from the application function entity, and obtain location information of the terminal from the service authorization request; or
 And a third obtaining subunit, configured to send a message to the location server to request location information of the terminal, and receive location information of the terminal from the location server.
 16. The policy authorization entity of claim 14, further comprising: an execution entity.
PCT/CN2009/070867 2008-04-28 2009-03-18 Method, system and equipment of policy authorization WO2009132536A1 (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CNA2008100940539A CN101572854A (en) 2008-04-28 2008-04-28 Method, system and equipment for strategy authorization
CN200810094053.9 2008-04-28

Publications (1)

Publication Number Publication Date
WO2009132536A1 true WO2009132536A1 (en) 2009-11-05

Family

ID=41232061

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2009/070867 WO2009132536A1 (en) 2008-04-28 2009-03-18 Method, system and equipment of policy authorization

Country Status (2)

Country Link
CN (1) CN101572854A (en)
WO (1) WO2009132536A1 (en)

Families Citing this family (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102238518B (en) * 2010-05-04 2015-06-10 中兴通讯股份有限公司 Method and system for obtaining position information of home base station
CN102511145B (en) * 2010-05-25 2014-11-05 华为技术有限公司 Method, system and corresponding apparatus for implementing policy and charging control
CN104301124B (en) * 2010-05-25 2018-08-14 华为技术有限公司 Implementation method, system and the relevant device of strategy and charging control
CN102457938B (en) * 2010-10-18 2016-03-30 中兴通讯股份有限公司 The method and system of terminal access restriction
CN102480718B (en) * 2010-11-29 2015-04-01 中兴通讯股份有限公司 Method for supporting sponsored data connectivity at roaming scene and system thereof
US20160249255A1 (en) * 2015-02-25 2016-08-25 Alcatel-Lucent Usa Inc. Network support for differential charging for data usage in licensed and unlicensed frequency bands
CN108632055A (en) * 2017-03-17 2018-10-09 华为技术有限公司 The method and apparatus and communication system of network-control

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20060014547A1 (en) * 2004-07-13 2006-01-19 Sbc Knowledge Ventures, L.P. System and method for location based policy management
CN101001401A (en) * 2006-01-10 2007-07-18 华为技术有限公司 Mobile communication system and method for using access network application function service
CN101272274A (en) * 2007-07-24 2008-09-24 华为技术有限公司 Method, device and system for implementing policy and charging control

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20060014547A1 (en) * 2004-07-13 2006-01-19 Sbc Knowledge Ventures, L.P. System and method for location based policy management
CN101001401A (en) * 2006-01-10 2007-07-18 华为技术有限公司 Mobile communication system and method for using access network application function service
CN101272274A (en) * 2007-07-24 2008-09-24 华为技术有限公司 Method, device and system for implementing policy and charging control

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
"Policy and charging control architecture", 3GPP, TS 23.203 V7.6.0, 31 March 2008 (2008-03-31) *

Also Published As

Publication number Publication date
CN101572854A (en) 2009-11-04

Similar Documents

Publication Publication Date Title
US8750825B2 (en) Methods, systems, and computer readable media for inter-carrier roaming cost containment
EP2664101B1 (en) Recovery of a system for policy control and charging, said system having a redundancy of policy and charging rules function
JP5468180B2 (en) System and method for generating PCC rules based on service requests
US8897747B2 (en) Long-term evolution (LTE) policy control and charging rules function (PCRF) selection
US8711847B2 (en) System and method for providing location and access network information support in a network environment
EP2294806B1 (en) Online charging for roaming users in a proxy online charging system of a visited network
TWI466563B (en) Charging in lte/epc communication networks
JP5038534B2 (en) Detection and reporting of restricted policies and billing control capabilities
JP4224461B2 (en) Enhanced QOS control
US8874715B2 (en) Charging method, system and reporting method for terminal accessing through multiple access networks
JP5296800B2 (en) Method and system for correlating authentication, authorization and accounting sessions
CA2682979C (en) Method, system and entity of realizing event detection
ES2397285T3 (en) Method, system and control policy and function of billing rules to process service data flows
KR101350007B1 (en) Communication controlling method for mobile communication system
US7889650B2 (en) Method for establishing diameter session for packet flow based charging
US8477607B2 (en) System and method for resource admission and control
EP2353252B1 (en) Charging control providing correction of charging control information
US9860752B2 (en) Handling of authorization requests for a packet-based service in a mobile network
EP2537312B1 (en) Facilitating a communication session
US8527634B2 (en) Method and apparatus for creating IP-CAN session
EP2493222B1 (en) Method and system for implementing usage monitoring control
KR100972891B1 (en) Method and system for accounting, accounting client and accounting processing unit
US9641697B2 (en) Policy and charging control method, V-PCRF and V-OCS
AU2005261447B2 (en) Dynamic service information for the access network
US8958322B2 (en) Method, apparatus and system for authorizing policy and charging control rule

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 09737647

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase in:

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 09737647

Country of ref document: EP

Kind code of ref document: A1