WO2009135385A1 - 非3gpp接入系统信任类型的获取方法、系统及装置 - Google Patents
非3gpp接入系统信任类型的获取方法、系统及装置 Download PDFInfo
- Publication number
- WO2009135385A1 WO2009135385A1 PCT/CN2009/000491 CN2009000491W WO2009135385A1 WO 2009135385 A1 WO2009135385 A1 WO 2009135385A1 CN 2009000491 W CN2009000491 W CN 2009000491W WO 2009135385 A1 WO2009135385 A1 WO 2009135385A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- 3gpp access
- access system
- 3gpp
- information
- aaa server
- Prior art date
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/12—Applying verification of the received information
- H04L63/126—Applying verification of the received information the source of the received data
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0892—Network architectures or network communication protocols for network security for authentication of entities by using authentication-authorization-accounting [AAA] servers or protocols
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/06—Authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/08—Access security
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W48/00—Access restriction; Network selection; Access point selection
- H04W48/18—Selecting a network or a communication service
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W88/00—Devices specially adapted for wireless communication networks, e.g. terminals, base stations or access point devices
- H04W88/02—Terminal devices
- H04W88/06—Terminal devices adapted for operation in multiple networks or having at least two operational modes, e.g. multi-mode terminals
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W92/00—Interfaces specially adapted for wireless communication networks
- H04W92/04—Interfaces between hierarchically different network devices
- H04W92/10—Interfaces between hierarchically different network devices between terminal device and access point, i.e. wireless air interface
Definitions
- the present invention relates to the field of communications technologies, and in particular, to a method, system and device for acquiring a trust type of a non-3GPP (3rd Generation Partnership Project) access system.
- BACKGROUND With the continuous development and popularization of non-3GPP access technologies such as WLAN (Wireless Local Area Network) and Wimax (Worldwide Interoperability For Microwave Access), how to effectively utilize these existing non-3GPP technologies
- Access technology and access systems provide users with access services to become the trend of 3GPP's future development.
- SAE System Architecture Evolution
- IP-based 3GPP services will be provided through different access technologies, thus supporting seamless mobility between different access technologies, such as 3GPP access. Seamless mobility between systems and non-3GPP access systems such as WLAN.
- the access service provided by the UMRAN UMTS Territorial Radio Access Network
- the access service provided by the WLAN can be selected when entering the building, so that the cost can be reduced. It is also capable of enhancing the capabilities of 3GPP systems.
- the non-3GPP access system is divided into two types: Untrusted and Trusted.
- the UE User Equipment
- the UE accesses the EPS (Evolved Packet System) through the untrusted non-3GPP access system, the UE access needs to pass through the ePDG (evolved packet gate) entity, and between the UE and the ePDG.
- EPS Evolved Packet System
- IP security tunnel IP security tunnel
- the trust type of the non-3GPP access system is very very important for the UE to access the EPS system. Important and critical. If the UE cannot obtain the trust type of the non-3GPP access system for the EPS system, the UE may fail to know whether ePDG selection is required, thereby causing the connection to fail.
- the current 3GPP protocol there is no corresponding method for the UE to acquire the trust type of the non-3GPP access system.
- the following takes the system architecture and process of the UE switching to the non-3GPP access system as an example, and introduces the current regulations of the 3GPP protocol. It can be seen from this example that the current 3GPP protocol does not propose any method for the UE to acquire the trust type of the non-3GPP access system.
- FIG. 1 which is a system architecture diagram of a UE switching to a non-3GPP access system in the 3GPP protocol
- the UE when the UE switches to a non-3GPP access system, the UE can discover and select a suitable non-3GPP connection through the network discovery and selection process.
- FIG. 2 a flow chart for a UE switching to a non-3GPP access system in the 3GPP protocol includes the following steps:
- Step S201 The UE has accessed the EPS system through the 3GPP access system or the non-3GPP access system.
- Step S202 The UE establishes a connection with an ANDSF (Access Network Discovery and Selection Function) when it is considered that the handover is required. If the UE does not have an address of the ANDSF entity, the UE may perform an ANDSF discovery process to discover the IP address of the ANDSF entity.
- the ANDSF entity is a key entity for UE access, and includes data management and control functions for providing UEs with access system discovery and selection according to an operator's policy.
- the information that the ANDSF can provide to the UE is the information of the Inter-system mobility policy and the non-3GPP access system, where the information of the non-3GPP access system may be a non-3GPP access type (WLAN or Wimax), a non-3GPP access network identifier (eg The SSID of the WLAN, the PLMN providing access, and the non-3GPP type used preferentially.
- the information of the non-3GPP access system may be a non-3GPP access type (WLAN or Wimax), a non-3GPP access network identifier (eg The SSID of the WLAN, the PLMN providing access, and the non-3GPP type used preferentially.
- Step S203 The UE sends a non-3GPP access network information request message to the ANDSF.
- Step S204 The ANDSF selects an appropriate Inter-System mobility policy and information of the non-3GPP access system according to the location information of the UE, and sends the information to the UE.
- Step S205 The UE performs network selection and handover decision.
- Step S206 After the UE decides to switch to the non-3GPP access system, the handover process is initiated. It can be seen from the above process that when the UE switches to the non-3GPP access system, the ANDSF sends only the information of the Inter-System mobility policy and the non-3GPP access system to the UE, and does not notify the UE of the trust of the non-3GPP access system. Types of. The foregoing process is a process for the UE to switch from the 3GPP access system or the non-3GPP access system to the non-3GPP access system. Similarly, when the UE accesses the EPS system from the non-3GPP access system, the UE cannot obtain the non-3GPP access. The trust type of the system.
- a disadvantage of the prior art is that the UE cannot obtain the trust type of the non-3GPP access system, and the trust type of the non-3GPP access system is very important and critical for the UE to access the EPS system through the non-3GPP access system. Therefore, the prior art requires an efficient, convenient, and fast manner for the UE to obtain the trust type of the non-3GPP access system, thereby ensuring smooth access of the UE.
- An object of the present invention is to at least solve the technical drawback that a UE cannot acquire a trust type of a non-3GPP access system.
- the present invention provides a method for acquiring a trust type of a non-3GPP access system, including the following steps: the UE establishes an underlying link with a non-3GPP access system selected by the UE; and the UE initiates access authentication. request, and identification information of the UE and the information of the non-3GPP access system sent to the AAA server (authentication, Authorization 3 ⁇ 4 Accounting, authentication, 4 authorized by the non-3GPP access system, I have monthly fees
- the UE receives the returned access authentication response and the trust type of the non-3GPP access system, and the trust type of the non-3GPP access system is determined by the AAA server according to the identification information of the UE, The information of the non-3GPP access system and the operator policy are determined.
- the method before the UE establishes an underlying link with the UE selected non-3GPP access system, the method further includes: the UE discovering and selecting the non-3GPP access system, and receiving the non-3GPP connection from the ANDSF entity. Information into the system.
- the UE initiates an access authentication request, and sends the identifier information of the UE and the information of the non-3GPP access system to the AAA server through the non-3GPP access system.
- the method includes the following steps: the UE to the non-3GPP access system Initiating a non-3GPP access authentication request, and transmitting, in the non-3GPP access authentication request, the identifier information of the UE and the information of the non-3GPP access system to the non-3GPP access system; the non-3GPP And the access system sends the non-3GPP access authentication request to the AAA server, and sends the identifier information of the UE and the non-3GPP in the network access authentication request process.
- Information of the access system is sent to the non-3GPP access system.
- the UE receiving the access authentication response returned by the AAA server and the trust type of the non-3GPP access system includes: the UE receiving the returned access authentication response, the access The authentication response carries the trust type of the non-3GPP access system.
- the returning the access authentication response carrying the trust type of the non-3GPP access system specifically includes: sending, by the AAA server, a network access authentication response to the non-3GPP access system, where The network access authentication response carries the trust type of the non-3GPP access system; the non-3GPP access system converts the network access authentication response into the non-3GPP access authentication response, and sends the network access authentication response to the UE.
- the non-3GPP access authentication response carries a trust type of the non-3GPP access system.
- the trust type of the non-3GPP access system is determined by the AAA server according to the identifier information of the UE and the information of the non-3GPP access system, and specifically includes: The identification information of the UE acquires the subscription data of the UE; the AAA server determines the trust type of the non-3GPP access system according to the subscription data of the UE, the information of the non-3GPP access system, and the operator policy.
- the method further includes: the UE according to the trust type of the non-3GPP access system Select whether to access the EPS system through the ePDG entity.
- another aspect of the present invention provides a method for acquiring a trust type of a non-3GPP access system, including the following steps: a non-3GPP access system establishes an underlying link with a UE; the non-3GPP access system will Transmitting the non-3GPP access authentication request of the UE to the AAA server after the non-3GPP access authentication request is translated, and forwarding the identifier information of the UE and the information of the non-3GPP access system sent by the UE to the AAA server
- the non-3GPP access system converts the network access authentication response carrying the trust type of the non-3GPP access system into a non-3GPP access authentication response, and sends the response to the UE according to the non-3GPP Access
- the authentication response acquires the trust type of the non-3GPP access system.
- the trust type of the non-3GPP access system is determined by the AAA server according to the identifier information of the UE and the information of the non-3GPP access system.
- the trust type of the non-3GPP access system is determined by the AAA server according to the identifier information of the UE, the information of the non-3GPP access system, and the operator policy.
- the AAA server acquires the subscription data of the UE according to the identification information of the UE; the AAA server determines the trust type of the non-3GPP access system according to the subscription data of the UE and the information of the non-3GPP access system.
- the present invention further provides a method for obtaining a trust type of a non-3GPP access system, including the following steps:
- the AAA server receives an access authentication request initiated by the UE through the non-3GPP access system, and The identifier information of the UE and the information of the non-3GPP access system sent by the non-3GPP access system;
- the AAA server determines, according to the identifier information of the UE, the information of the non-3GPP access system, and the operator policy a trust type of the non-3GPP access system;
- the AAA server sends the trust type of the non-3GPP access system to the UE by using an access authentication response.
- the determining, by the AAA server, the trust type of the non-3GPP access system according to the identifier information of the UE and the information of the non-3GPP access system specifically: the AAA server acquiring the location according to the identifier information of the UE The subscription data of the UE; the AAA server determines the trust type of the non-3GPP access system according to the subscription data of the UE, the information of the non-3GPP access system, and the operator policy.
- the present invention also provides a method for determining a trust type of a non-3GPP access system, including the following steps:
- the AAA server receives the identification information of the UE and the information of the non-3GPP access system;
- the identification information, the information of the non-3GPP access system, and the operator policy determine a trust type of the non-3GPP access system.
- the determining, by the AAA server, the trust type of the non-3GPP access system according to the identifier information of the UE and the information of the non-3GPP access system specifically: the AAA server acquiring the location according to the identifier information of the UE The subscription data of the UE; the AAA server determines the trust type of the non-3GPP access system according to the subscription data of the UE, the information of the non-3GPP access system, and the operator policy.
- the present invention further provides a non-3GPP access system trust type acquisition system, including an AAA server, a non-3GPP access system, and at least one UE. The UE is configured to select non-3GPP with the UE.
- the non-3GPP access system After the underlying link of the access system, the non-3GPP access system initiates an access authentication request to the AAA server, and sends the identifier information of the UE and the information of the non-3GPP access system to the access authentication request process. And the AAA server; and receiving an access authentication response returned by the AAA server and a trust type of the non-3GPP access system; the non-3GPP access system, configured to perform an access authentication request initiated by the UE The access authentication response returned by the AAA server is converted; the AAA server is configured to determine a trust type of the non-3GPP access system according to the identifier information of the UE, the information of the non-3GPP access system, and the operator policy, and pass the The access authentication response sends the determined trust type of the non-3GPP access system to the UE.
- the system further includes a Home Subscriber Subscriber Server (HSS) for providing the AAA server with the required subscription data of the UE.
- HSS Home Subscriber Subscriber Server
- the present invention also provides a user equipment (UE), including an underlying link module, an access authentication request initiating module, an access authentication response receiving module, and a trust type obtaining module, and the underlying link module is configured to use the non-3GPP selected by the UE.
- UE user equipment
- the access system establishes an underlying link;
- the access authentication request initiating module is configured to initiate an access authentication request to the AAA server by using the non-3GPP access system, and the identity information of the UE and the non-3GPP access
- the information of the system is sent to the AAA server by the non-3GPP access system;
- the access authentication response receiving module is configured to receive an access authentication response returned by the AAA server; Parsing the access authentication response received by the access authentication response receiving module, and acquiring the trust type of the non-3GPP access system, where the trust type of the non-3GPP access system is determined by the AAA server according to the identifier information of the UE
- the information of the non-3GPP access system and the operator policy are determined.
- the user equipment further includes a discovery selection module, configured to discover and select the non-3GPP access system, and the ANDSF entity receives the information of the non-3GPP access system.
- the user equipment further includes: a selection module, configured to select, according to the trust type of the non-3GPP access system acquired by the trust type obtaining module, whether to pass the ePDG The entity accesses the EPS system.
- a selection module configured to select, according to the trust type of the non-3GPP access system acquired by the trust type obtaining module, whether to pass the ePDG The entity accesses the EPS system.
- the present invention also provides a non-3GPP access system, including a receiving module, a converting module, an adding module, and a sending module, where the receiving module is configured to receive a non-3GPP access authentication request initiated by the UE and a network access returned by the AAA server.
- the authentication module is configured to convert the UE-initiated non-3GPP access authentication request into a network access authentication request, and convert the network access authentication response returned by the AAA server into a non-3GPP access authentication response.
- An adding module configured to add identifier information of the UE to the network access authentication request converted by the conversion module, and add a trust type of the non-3GPP access system to the non-3GPP access authentication after the conversion module converts
- the sending module is configured to send the converted network access authentication request to the AAA server, and send the converted non-3GPP access authentication response to the UE.
- the present invention further provides an AAA server, including a receiving module, a trust type determining module, and an authentication response sending module, where the receiving module is configured to receive an access authentication request initiated by the UE through the non-3GPP access system, and pass the non- The identifier information of the UE and the information of the non-3GPP access system sent by the 3GPP access system; the trust type determining module, configured to use the identifier information of the UE received by the receiving module, the non-3GPP The information of the access system and the operator policy determine the trust type of the non-3GPP access system; the authentication response sending module is configured to carry the trust type of the non-3GPP access system to the UE by using an access authentication response send.
- an AAA server including a receiving module, a trust type determining module, and an authentication response sending module, where the receiving module is configured to receive an access authentication request initiated by the UE through the non-3GPP access system, and pass the non- The identifier information of the UE and the information of the non-3GPP access system sent by
- the present invention also provides an AAA server, including a receiving module and a trust type determining module, where the receiving module is configured to receive the identifier information of the UE and the non-3GPP access that are sent by the UE through the non-3GPP access system.
- the information of the system is used to determine the trust of the non-3GPP access system according to the identifier information of the UE, the information of the non-3GPP access system, and the operator policy received by the receiving module. Types of.
- the present invention further provides a network function entity, configured to determine a trust type of a non-3GPP access system, including a receiving module and a trust type determining module, where the receiving module is configured to receive, by the UE, the non-3GPP access The identification information of the UE and the information of the non-3GPP access system sent by the system; the trust type determining module, configured to: according to the identifier information of the UE received by the receiving module, the non-3GPP access system The information and the operator policy determine the trust type of the non-3GPP access system.
- a network function entity configured to determine a trust type of a non-3GPP access system, including a receiving module and a trust type determining module, where the receiving module is configured to receive, by the UE, the non-3GPP access The identification information of the UE and the information of the non-3GPP access system sent by the system; the trust type determining module, configured to: according to the identifier information of the UE received by the receiving module, the non-3GPP access system The
- the AAA server determines the trust type of the non-3GPP access system according to the identifier information of the UE and the information of the non-3GPP access system, and notifies the UE through the non-3GPP access system to enable the UE.
- FIG. 1 is a system architecture diagram of a UE switching to a non-3GPP access system in a 3GPP protocol
- FIG. 2 is a flowchart of a UE switching to a non-3GPP access system in a 3GPP protocol
- FIG. 3 is a flow chart of a method for acquiring a trust type of a non-3GPP access system according to Embodiment 1 of the present invention
- FIG. 4 is a flow chart of a method for acquiring a trust type of a non-3GPP access system according to Embodiment 2 of the present invention.
- FIG. 5 is a structural diagram of a system for acquiring a trust type of a non-3GPP access system according to the present invention
- FIG. 6 is a structural diagram of the AAA server according to the present invention
- FIG. 7 is a structural diagram of a network function entity according to the present invention.
- DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS The embodiments of the present invention are described in detail below, and the examples of the embodiments are illustrated in the drawings, wherein the same or similar reference numerals indicate the same or similar elements or elements having the same or similar functions.
- the embodiments described below with reference to the drawings are intended to be illustrative of the invention and are not to be construed as limiting.
- the present invention mainly provides that when the UE needs to access the EPS system through the non-3GPP access system, the network side determines the access type of the non-3GPP access system in the process of performing the access authentication, and Know UE. In this way, the UE can obtain the trust type of the non-3GPP access system, and can also determine the trust type of the non-3GPP access system according to the operator policy.
- the access type of the non-3GPP access system may be determined by the AAA server and notified to the UE.
- the information that the UE carries the identification information of the UE and the information of the non-3GPP access system by using the access authentication request is sent to the AAA server; and the trust type of the non-3GPP access system determined by the AAA server is carried by the access authentication response.
- the foregoing determining, by the AAA server, the access type of the non-3GPP access system is the preferred mode of the present invention, and may also be implemented by other network function entities;
- the information of the 3GPP access system is sent to the AAA server, which is also a preferred method, and can also be implemented by adding a new packet. Therefore, similar changes as described above by those skilled in the art should be covered by the scope of protection of the embodiments of the present invention.
- Embodiment 1 is a diagrammatic representation of Embodiment 1:
- a flowchart of a method for acquiring a trust type of a non-3GPP access system according to Embodiment 1 of the present invention includes the following steps:
- Step S301 The UE discovers the non-3GPP access system according to the network discovery and selection step, and selects to access the EPS system through the non-3GPP access system. For example, when the UE switches from the 3GPP access system to the non-3GPP access system or the UE directly accesses the EPS system from the non-3GPP access system, the network discovery and selection process is performed. In this process, the ANDSF will give the UE access. Some information about the system, such as Inter-System mobility policies and information on non-3GPP access systems such as PLMN-ID (identity of public land mobile network).
- PLMN-ID identity of public land mobile network.
- Step S302 If the UE selects the corresponding non-3GPP access system, the UE performs the underlying link with the information of the selected non-3GPP access system.
- Step S303 after the UE establishes the underlying link with the non-3GPP access system, the UE and the non-3GPP access system initiate an access authentication process, in which the UE will identify the PLMN-ID and the UE identification information ( Information such as network address identifier MN-NAI, etc., access type, etc., is notified to the non-3GPP access system.
- the above access authentication can be implemented by using an Extensible Authentication Protocol (EAP). It should be noted that the access authentication process is different according to different The types of non-3GPP access systems are different. For example, for WLAN, the corresponding EAP authentication mode is selected, and for Wimax, other EAP authentication modes are selected. There are also different numbers of EAP requests and responses for different authentication methods.
- EAP Extensible Authentication Protocol
- the present invention does not limit the authentication mode used when the UE initiates access authentication.
- the identity information of the UE and the information of the non-3GPP access system are sent to the non-3GPP access system in the process of the UE initiating the access authentication.
- Step S304 the non-3GPP access system performs authentication with the AAA server. Also in the authentication process, the non-3GPP access system also transmits the identity information of the UE received from the UE and the information of the non-3GPP access system to the AAA server. For roaming, the non-3GPP access system needs to interact with the AAA server through the AAA proxy.
- Step S305 the AAA server determines the trust type of the non-3GPP access system according to the identity information of the UE, the information of the non-3GPP access system, and the operator policy, and notifies the UE by the non-3GPP access system.
- the AAA server can notify the UE of the trust type of the non-3GPP access system according to the subscription data of the user and whether there is a roaming agreement with other operators. If the AAA server does not have the subscription information of the UE, the AAA server and the HSS (Home Subscriber Server) , the home subscriber network server interacts to obtain the subscription data of the UE from the HSS.
- the policy configured by the operator for the operator of the EPS system can be configured in the AAA server, and the configured operator policy can be flexibly modified.
- the AAA server may obtain the operator information of the non-3GPP access system accessed by the UE according to the PLMN ID, and determine the trust type of the non-3GPP access system according to whether there is a valid roaming protocol, if the operator considers the non-3GPP access The carrier to which the system belongs has a valid roaming agreement, and the non-3GPP access system can be considered to be secure and trusted. Therefore, the AAA server can set the trust type of the non-3GPP access network to Trusted; If the operator considers that the operator of the non-3GPP access network is untrustworthy according to the information such as the PLMN ID, the RAT type, or the non-3GPP access system is unsecure and untrustworthy, the AAA server connects the non-3GPP.
- the trust type entered into the system is set to Untrusted.
- the AAA server may send the trust type of the non-3GPP access system to the UE by using the access authentication response, and may optionally extend the access authentication response message to achieve the purpose of carrying the trust type.
- AAA server is also available.
- the UE is notified by a separate message.
- the AAA server may also send the trust type of the non-3GPP access system to the UE after the UE passes the access authentication. If the UE fails to pass the access authentication, the AAA server does not need to send the non-3GPP connection.
- the type of trust entered into the system is set to Untrusted.
- Step S306 The UE selects whether to access the EPS system through the ePDG entity according to the trust type of the non-3GPP access system. If the non-3GPP access system is trusted, the UE may proceed according to the Trusted non-3GPP access procedure or handover procedure. If the non-3GPP access system is untrusted, then the UE should perform ePDG selection, according to Untrusted non The 3GPP access procedure or handover procedure is performed, and an IPSEC tunnel needs to be established between the UE and the ePDG.
- Embodiment 2 is a Wi-Fi Protected Access Protocol (WPA)
- FIG. 4 is a flowchart of a method for acquiring a trust type of a non-3GPP access system according to Embodiment 2 of the present invention
- access between the UE and the non-3GPP access system is provided.
- the authentication process is called a non-3GPP access authentication process.
- the process varies according to the non-3GPP access system. If the non-3GPP access system is a WLAN, the WLAN access authentication process is adopted. Similarly, if the non-3GPP is used. If the access system is Wimax, Wimax's access authentication process will be adopted.
- the access authentication process between the non-3GPP access system and the AAA server is referred to as a network access authentication process, including but not limited to RADIUS authentication (Remote Authentication Dial-In User Service) and Diameter protocol. , and network authentication protocols that will emerge and develop in the future. Includes the following steps:
- Step S401 The UE discovers the non-3GPP access system according to the network discovery and selection step, and selects to access the EPS system through the non-3GPP access system. For example, when the UE switches from the 3GPP access system to the non-3GPP access system or the UE directly accesses the EPS system from the non-3GPP access system, the network discovery and selection process is performed. In this process, the ANDSF will give the UE access. Some information about the system, such as information about non-3GPP access systems such as Inter-System mobility policy and PLMN-ID.
- Step S402 if the UE selects the corresponding non-3GPP access system, the UE performs the underlying link with the information of the selected non-3GPP access system.
- Step S403 The UE initiates a non-3GPP access authentication request to the non-3GPP access system, which may be implemented by using an extensible authentication protocol EAP. And in the process of non-3GPP access authentication request The identity information of the UE (such as MN-NAI, etc.) and the information of the non-3GPP access system (such as PLMN-ID, access type of the non-3GPP access system, etc.) are sent to the non-3GPP access system. Preferably, the UE sends the identifier information of the UE and the information of the non-3GPP access system to the non-3GPP access system by using the non-3GPP access authentication request message.
- EAP extensible authentication protocol
- Step S404 The non-3GPP access system converts the non-3GPP access authentication request of the UE and sends the request to the AAA server. Specifically, the information is converted into a corresponding network access authentication request, for example, converted into a RADIUS authentication request, and the identity information of the UE and the information of the non-3GPP access system are also sent to the AAA server. Also preferably, the RADIUS authentication request may also carry the identity information of the UE and the information of the non-3GPP access system.
- Step S405 The AAA server determines the trust type of the non-3GPP access system according to the identity information of the UE, the information of the non-3GPP access system, and the operator policy.
- the policy of the operator configured for the operator of the EPS system can be configured in the AAA server, and the configured carrier policy can be flexibly modified.
- the AAA server notifies the UE of the trust type of the non-3GPP access system according to the subscription data of the user and whether there is a roaming agreement with other operators. If the AAA server does not have the subscription information of the UE, the AAA server interacts with the HSS to obtain the subscription data of the UE from the HSS.
- the AAA server may obtain the operator information accessed by the UE according to the PLMN ID, and determine the trust type of the non-3GPP access system according to whether there is a valid roaming protocol with the MME. If the operator considers that the non-3GPP access system belongs to the operator and If there is a valid roaming protocol, the non-3GPP access system can be considered to be secure and trusted.
- the AAA server can set the trust type of the non-3GPP access network to Trusted; conversely, if the operator is based on the PLMN ID, If the information such as the RAT type considers that the operator of the non-3GPP access network is untrustworthy or the non-3GPP access system is insecure, the AAA server sets the trust type of the non-3GPP access system to Untrusted.
- Step S406 The AAA server returns a network access authentication response to the non-3GPP access system, where the network access authentication response carries the trust type of the non-3GPP access system.
- the AAA server may return an authentication success response to the non-3GPP access system only when the UE is allowed to access the non-3GPP access system, and carry the non-3GPP access system in the authentication success response. Trust type; if the AAA server does not agree to the UE accessing the non-3GPP interface When entering the system, the authentication success response is not returned.
- Step S407 The non-3GPP access system converts the network access authentication response into a corresponding non-3GPP access authentication response, and sends the RADIUS authentication response to the WLAN corresponding access authentication response.
- the converted non-3GPP access authentication response also carries the trust type of the non-3GPP access system determined by the AAA server.
- Step S408 The UE acquires the trust type of the non-3GPP access system according to the received non-3GPP access authentication response, and selects whether to access the EPS system through the ePDG entity according to the acquired trust type of the non-3GPP access system. If the non-3GPP access system is trusted, the UE may proceed according to the Trusted non-3GPP access procedure or handover procedure. If the non-3GPP access system is untrusted, then the UE should perform ePDG selection, according to Untrusted non The 3GPP access procedure or handover procedure is performed, and an IPSEC tunnel needs to be established between the UE and the ePDG.
- FIG. 5 it is a structural diagram of an acquisition system of a non-3GPP access system trust type according to the present invention, including an AAA server 100, a non-3GPP access system 200, and at least one UE 300.
- the UE 300 is configured to select a non-UE with the UE 300.
- the non-3GPP access system 200 initiates an access authentication request to the AAA server 100, and sends the identity information of the UE 300 and the non-3GPP access system 200 in the access authentication request process.
- the trust type of the non-3GPP access system 200 is determined by the AAA server 100 according to the identification information of the UE 300, non-3GPP The information of the access system 200 and the operator policy are determined.
- the non-3GPP access system 200 is configured to convert the access authentication request initiated by the UE 300 and the access authentication response returned by the AAA server 100, such as converting the WLAN corresponding access authentication request into a RADIUS authentication request, and converting the RADIUS authentication response. Respond to the corresponding access authentication of the WLAN.
- the AAA server 100 is configured to determine the trust type of the non-3GPP access system 200 according to the identity information of the UE 300, the information of the non-3GPP access system 200, and the operator policy, and determine the non-3GPP access system 200 by using the access authentication response.
- the trust type is sent to the UE 300.
- the AAA server 100 notifies the UE 300 of the trust type of the non-3GPP access system 200 according to the subscription data of the user and whether there is a roaming agreement with other operators, if the AAA server 100 does not have the UE 300. Contract information, then AAA server 100
- the HSS 400 interacts with the HSS 400 to obtain subscription data for the UE 300.
- the system therefore also includes an HSS 400 for providing the AAA server 100 with the required subscription data for the UE 300.
- the AAA server 100 can obtain the operator information of the non-3GPP access system 200 accessed by the UE 300 according to the PLMN ID, and determine the trust type of the non-3GPP access system 200 according to whether there is a valid roaming agreement with it, if the operator considers If the operator to which the non-3GPP access system 200 belongs has a valid roaming agreement, the non-3GPP access system 200 can be considered to be secure and trusted. Therefore, the AAA server 100 can access the non-3GPP access network.
- the trust type of 200 is set to Trusted; on the contrary, if the operator considers that the operator of the non-3GPP access system 200 is untrustworthy according to the information such as the PLMN ID, the RAT type, or the like, or the non-3GPP access system 200 is unsecure, Untrusted, then the AAA server 100 sets the trust type of the non-3GPP access system 200 to Untrusted.
- the user equipment UE 300 includes an underlying link module 310, an access authentication request initiating module 320, an access authentication response receiving module 330, and a trust type obtaining module 340, and the underlying link module 310 is configured to select a non-3GPP access system with the UE 300. 200 establishes an underlying link; the access authentication request initiating module 320 is configured to initiate an access authentication request to the AAA server 100, and send the identity information of the UE 300 and the information of the non-3GPP access system 200 to the AAA through the non-3GPP access system 200.
- the server 100 wherein the information of the non-3GPP access system 200 is available from the ANDSF; the access authentication response receiving module 330 is configured to receive the access authentication response returned by the AAA server 100; the trust type obtaining module 340 is configured to parse the access authentication response.
- the access authentication response received by the module 330 is used to obtain the trust type of the non-3GPP access system 200.
- the trust type of the non-3GPP access system 200 is determined by the AAA server 100 according to the identification information of the UE 300 (such as MN-NAI, etc.), non-3GPP. Information of access system 200 (such as PLMN-ID, access type of non-3GPP access system, etc.) Business strategies OK.
- the user equipment UE 300 further includes a discovery selection module 350 for discovering and selecting the non-3GPP access system 200, and the NDSF entity receives information of the non-3GPP access system 200.
- the user equipment UE 300 further includes a selection module 360, configured to select whether to access the EPS system through the ePDG entity according to the trust type of the non-3GPP access system 200 acquired by the trust type obtaining module 340.
- the non-3GPP access system 200 includes a receiving module 210, a converting module 220, an adding module 230, and a sending module 240.
- the receiving module 210 is configured to receive the non-3GPP access authentication request initiated by the UE 300 and the network access returned by the AAA server 100.
- the authentication response 220 is used to convert the non-3GPP access authentication request initiated by the UE 300 into a network access authentication request, and convert the network access authentication response returned by the AAA server 100 into a non-3GPP access authentication response, such as
- the corresponding access authentication request of the WLAN is translated into a RADIUS authentication request, and the RADIUS authentication response is converted into a corresponding access authentication response of the WLAN.
- the adding module 230 is configured to add the identifier information of the UE 300 to the converted network access authentication request of the conversion module 220, and add the trust type of the non-3GPP access system 200 to the non-3GPP access authentication converted by the conversion module 220.
- the sending module 240 is configured to send the converted network access authentication request to the AAA server 100, and send the converted non-3GPP access authentication response to the UE 300.
- the AAA server 100 includes a receiving module 110, a trust type determining module 120, and an authentication response sending module 130.
- the receiving module 110 is configured to receive an access authentication request initiated by the UE 300 through the non-3GPP access system 200, and access through non-3GPP.
- the identifier information of the UE 300 and the information of the non-3GPP access system 200 are sent by the system 200.
- the trust type determining module 130 is configured to use the identifier information of the UE 300, the information of the non-3GPP access system 200, and the operator policy according to the receiving module 110. Determining the trust type of the non-3GPP access system 200; the authentication response sending module 130 is configured to send 300 to the UE by using the trust type of the non-3GPP access system 200.
- the AAA server can determine the trust type of the non-3GPP access system according to the identity information of the UE, the information of the non-3GPP access system, and the operator policy, and access the non-3GPP through the system.
- the system notifies the UE to enable the UE to acquire the trust type of the non-3GPP access system.
- the UE is thus able to further select whether to access the EPS system through the ePDG entity according to the trust type of the non-3GPP access system.
- An embodiment of the present invention further provides an AAA server for determining a trust type of a non-3GPP access system, as shown in FIG. 6, which is a structural diagram of the AAA server according to the present invention.
- the AAA server 500 is capable of determining the trust type of the non-3GPP access system 200 based on the identification information of the UE 300 and the information of the non-3GPP access system 200.
- the AAA server 500 includes a receiving module 510 and a trust type determining module 520, and the receiving module 510 is configured to receive the UE 300 through the non-3GPP access system 200.
- the trust type determining module 520 is configured to receive The identity information of the UE 300 received by the module 510, the information of the non-3GPP access system 200, and the operator policy configured on the AAA server 500 determine the trust type of the non-3GPP access system 200.
- the invention therefore also proposes a network functional entity for determining the type of trust of a non-3GPP access system.
- FIG. 7 it is a structural diagram of a network function entity of the present invention.
- the network function entity 600 includes a receiving module 610 and a trust type determining module 620.
- the receiving module 610 is configured to receive a UE that is sent by the UE 300 through the non-3GPP access system 200.
- the identification information of the information and the information of the non-3GPP access system 200; the trust type determining module 620 is configured to determine the non-3GPP connection according to the identity information of the UE received by the receiving module 610, the information of the non-3GPP access system 200, and the configured operator policy. The type of trust entered into system 200.
- the AAA server determines the trust type of the non-3GPP access system according to the identity information of the UE, the information of the non-3GPP access system, and the operator policy, and notifies the non-3GPP access system.
- the UE enables the UE to acquire the trust type of the non-3GPP access system. Therefore, the UE can further select whether to access the EPS system through the ePDG entity according to the trust type of the non-3GPP access system.
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Business, Economics & Management (AREA)
- Accounting & Taxation (AREA)
- Mobile Radio Communication Systems (AREA)
Description
Claims
Priority Applications (4)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
EP09741660.6A EP2276281B1 (en) | 2008-05-05 | 2009-05-05 | Method, system and device for obtaining a trust type of a non-3gpp access system |
MX2010012182A MX2010012182A (es) | 2008-05-05 | 2009-05-05 | Método, sistema y dispositivo para la obtención de un tipo de confianza de un sistema de acceso no-3gpp. |
JP2011507776A JP5348650B2 (ja) | 2008-05-05 | 2009-05-05 | 非3gppアクセスシステムにおけるトラストタイプの取得方法、システムおよび装置 |
US12/991,423 US20110138447A1 (en) | 2008-05-05 | 2009-05-05 | Method, System and Device for Obtaining a Trust Type of a Non-3GPP Access System |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN2008101057834A CN101577909B (zh) | 2008-05-05 | 2008-05-05 | 非3gpp接入系统信任类型的获取方法、系统及装置 |
CN200810105783.4 | 2008-05-05 |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2009135385A1 true WO2009135385A1 (zh) | 2009-11-12 |
Family
ID=41264420
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/CN2009/000491 WO2009135385A1 (zh) | 2008-05-05 | 2009-05-05 | 非3gpp接入系统信任类型的获取方法、系统及装置 |
Country Status (7)
Country | Link |
---|---|
US (1) | US20110138447A1 (zh) |
EP (1) | EP2276281B1 (zh) |
JP (1) | JP5348650B2 (zh) |
KR (1) | KR101210245B1 (zh) |
CN (1) | CN101577909B (zh) |
MX (1) | MX2010012182A (zh) |
WO (1) | WO2009135385A1 (zh) |
Families Citing this family (22)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103250446B (zh) * | 2011-12-02 | 2015-12-02 | 华为技术有限公司 | 确定用户设备接入方式的方法及系统、设备 |
WO2014017630A1 (ja) * | 2012-07-27 | 2014-01-30 | 日本電気株式会社 | 通信システムとノード装置と方法とプログラム |
WO2014054014A1 (en) * | 2012-10-02 | 2014-04-10 | Telefonaktiebolaget L M Ericsson (Publ) | Method and device for support of multiple pdn connections |
WO2014110821A1 (zh) * | 2013-01-18 | 2014-07-24 | 华为技术有限公司 | 一种用户设备接入网络的方法及装置 |
CN104010380B (zh) * | 2013-02-25 | 2017-07-21 | 华为终端有限公司 | 网络选择方法及用户设备 |
CN104521293B (zh) * | 2013-07-17 | 2018-06-15 | 华为技术有限公司 | 一种优选可信的wlan接入网的方法、装置及终端 |
WO2015062105A1 (zh) * | 2013-11-04 | 2015-05-07 | 华为技术有限公司 | 无线局域网的接入方法及装置 |
US9191872B2 (en) * | 2013-12-18 | 2015-11-17 | Tektronix, Inc. | System and method to correlate handover transitions between 3GPP network access and untrusted non-3GPP network access |
US9838957B2 (en) * | 2014-11-06 | 2017-12-05 | Intel Corporation | Apparatus, system and method of selecting a mobility mode of a user equipment (UE) |
CN105934918B (zh) * | 2014-12-26 | 2020-06-02 | 华为技术有限公司 | 用户设备的非可信无线局域网接入控制方法、设备和系统 |
US10182053B2 (en) * | 2015-05-11 | 2019-01-15 | Telefonaktiebolaget Lm Ericsson (Publ) | Methods and nodes for handling access to a service via an untrusted non-3GPP network |
US9900282B2 (en) * | 2015-05-12 | 2018-02-20 | Qualcomm Incorporated | Dynamic evolved packet gateway selection |
CN106488527A (zh) * | 2015-09-02 | 2017-03-08 | 中兴通讯股份有限公司 | 核心网的接入控制方法及装置 |
CN107005927B (zh) | 2015-09-22 | 2022-05-31 | 华为技术有限公司 | 用户设备ue的接入方法、设备及系统 |
WO2017084043A1 (en) * | 2015-11-18 | 2017-05-26 | Alcatel-Lucent Shanghai Bell Co., Ltd. | Handover between e-utran and wlan |
CN106817697B (zh) * | 2015-12-02 | 2019-06-07 | 中国电信股份有限公司 | 一种用于设备认证的方法、装置和系统 |
CN108282775B (zh) * | 2017-12-22 | 2021-01-01 | 中国科学院信息工程研究所 | 面向移动专用网络的动态附加认证方法及系统 |
CN110830996B (zh) * | 2018-08-08 | 2022-04-19 | 大唐移动通信设备有限公司 | 一种密钥更新方法、网络设备及终端 |
JP7351498B2 (ja) * | 2019-02-25 | 2023-09-27 | 株式会社closip | 通信システム及び通信制御方法 |
EP3923612A1 (en) * | 2020-06-09 | 2021-12-15 | Deutsche Telekom AG | Method and communication system for ensuring secure communication in a zero touch connectivity-environment |
WO2022127791A1 (en) * | 2020-12-15 | 2022-06-23 | Telefonaktiebolaget Lm Ericsson (Publ) | Methods, entities and computer readable media for non-3gpp access authentication |
US11659380B1 (en) | 2021-05-05 | 2023-05-23 | T-Mobile Usa, Inc. | UE-capability-based system information block transmission |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2006135216A1 (en) * | 2005-06-16 | 2006-12-21 | Samsung Electronics Co., Ltd. | System and method for tunnel management over a 3g-wlan interworking system |
CN101106812A (zh) * | 2006-07-11 | 2008-01-16 | 华为技术有限公司 | 通信网络及用户设备接入方法 |
CN101141822A (zh) * | 2007-09-30 | 2008-03-12 | 中兴通讯股份有限公司 | 一种无线网络的网关选择方法 |
CN101472263A (zh) * | 2008-05-04 | 2009-07-01 | 中兴通讯股份有限公司 | 一种网络连接方式的决定方法 |
Family Cites Families (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP2302972B1 (en) * | 2004-11-02 | 2013-10-16 | BlackBerry Limited | Network selection in a Generic Access Network (GAN) environment |
JP4687788B2 (ja) * | 2006-02-22 | 2011-05-25 | 日本電気株式会社 | 無線アクセスシステムおよび無線アクセス方法 |
EP2074720B1 (en) * | 2006-09-28 | 2018-11-14 | Samsung Electronics Co., Ltd. | A system and method of providing user equipment initiated and assisted backward handover in heterogeneous wireless networks |
US20080248747A1 (en) * | 2007-04-06 | 2008-10-09 | Research In Motion Limited | Apparatus, and associated method, for facilitating reconnection of a wireless device to a network |
CN101983517B (zh) * | 2008-04-02 | 2014-12-03 | 诺基亚通信公司 | 演进分组系统的非3gpp接入的安全性 |
-
2008
- 2008-05-05 CN CN2008101057834A patent/CN101577909B/zh active Active
-
2009
- 2009-05-05 MX MX2010012182A patent/MX2010012182A/es active IP Right Grant
- 2009-05-05 WO PCT/CN2009/000491 patent/WO2009135385A1/zh active Application Filing
- 2009-05-05 US US12/991,423 patent/US20110138447A1/en not_active Abandoned
- 2009-05-05 KR KR1020107027460A patent/KR101210245B1/ko active IP Right Grant
- 2009-05-05 JP JP2011507776A patent/JP5348650B2/ja active Active
- 2009-05-05 EP EP09741660.6A patent/EP2276281B1/en active Active
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2006135216A1 (en) * | 2005-06-16 | 2006-12-21 | Samsung Electronics Co., Ltd. | System and method for tunnel management over a 3g-wlan interworking system |
CN101106812A (zh) * | 2006-07-11 | 2008-01-16 | 华为技术有限公司 | 通信网络及用户设备接入方法 |
CN101141822A (zh) * | 2007-09-30 | 2008-03-12 | 中兴通讯股份有限公司 | 一种无线网络的网关选择方法 |
CN101472263A (zh) * | 2008-05-04 | 2009-07-01 | 中兴通讯股份有限公司 | 一种网络连接方式的决定方法 |
Also Published As
Publication number | Publication date |
---|---|
EP2276281A4 (en) | 2017-07-12 |
MX2010012182A (es) | 2011-02-22 |
CN101577909A (zh) | 2009-11-11 |
KR101210245B1 (ko) | 2012-12-10 |
CN101577909B (zh) | 2011-03-23 |
EP2276281B1 (en) | 2019-02-13 |
US20110138447A1 (en) | 2011-06-09 |
JP5348650B2 (ja) | 2013-11-20 |
JP2011523733A (ja) | 2011-08-18 |
KR20110030445A (ko) | 2011-03-23 |
EP2276281A1 (en) | 2011-01-19 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
WO2009135385A1 (zh) | 非3gpp接入系统信任类型的获取方法、系统及装置 | |
US20220225263A1 (en) | Interworking function using untrusted network | |
JP4383456B2 (ja) | 新しいパブリックランドモバイルネットワークにアクセスするwlanの移動端末のための方法及びシステム | |
JP6385337B2 (ja) | 無線通信デバイス、通信システム並びに無線通信デバイスと第1のアクセス・ネットワークとの間のデータ接続性を確立するための方法 | |
JP4707671B2 (ja) | 複数の異種アクセスネットワークを含む通信ネットワークにおけるコンテキストの転送 | |
EP1677455B1 (en) | A method of analyzing the accessing process of the selected service in the wireless local area network | |
US20060184795A1 (en) | System and method of reducing session transfer time from a cellular network to a Wi-Fi network | |
WO2009100676A1 (zh) | 用户设备选择网络的方法及装置 | |
KR20070058614A (ko) | 이종 네트워크에서 상호 작업을 위한 고속 컨텍스트 확립 | |
US20110078442A1 (en) | Method, device, system and server for network authentication | |
WO2005057858A1 (fr) | Procede de selection par un terminal d'abonne de la passerelle de paquets de donnees dans un reseau local sans fil | |
WO2008006314A1 (en) | A gateway system and the method for implementing various media accesses | |
WO2009000124A1 (fr) | Procede de selection de passerelle dans un reseau sans fil | |
WO2011015001A1 (zh) | 通过无线局域网接入网络实现接入的方法及系统 | |
WO2009043210A1 (fr) | Procédé servant à sélectionner une passerelle de réseau radio | |
WO2008119296A1 (fr) | Procédé et dispositif permettant de réaliser la négociation du protocole de gestion de la mobilité | |
WO2005074194A1 (en) | An interactive method of a wireless local area network user terminal rechoosing a management network | |
WO2010069202A1 (zh) | 认证协商方法及系统、安全网关、家庭无线接入点 | |
WO2013044759A1 (zh) | 一种有缝的业务分流控制的实现方法、系统和装置 | |
WO2009089762A1 (fr) | Procédé et dispositif pour qu'une passerelle d'accès non 3gpp acquière un mode interactif avec une entité de décision politique | |
WO2014017629A1 (ja) | 通信システムとノード装置と方法とプログラム | |
KR100623291B1 (ko) | 씨디엠에이 2000과 휴대인터넷 망간 핸드오프 시스템 및 이를 이용한 핸드오프 방법 | |
KR100623292B1 (ko) | 휴대 인터넷망에서 씨디엠에이 2000 망으로의 핸드오프 방법 | |
WO2005062631A1 (fr) | Procede de redirectionnement de passerelle de donnees en paquets dans un reseau local sans fil | |
KR100627804B1 (ko) | 이종 데이터망 간 핸드오프 처리 방법 |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 09741660 Country of ref document: EP Kind code of ref document: A1 |
|
WWE | Wipo information: entry into national phase |
Ref document number: 2011507776 Country of ref document: JP Ref document number: MX/A/2010/012182 Country of ref document: MX |
|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
WWE | Wipo information: entry into national phase |
Ref document number: 2009741660 Country of ref document: EP |
|
ENP | Entry into the national phase |
Ref document number: 20107027460 Country of ref document: KR Kind code of ref document: A |
|
WWE | Wipo information: entry into national phase |
Ref document number: 8651/DELNP/2010 Country of ref document: IN |
|
WWE | Wipo information: entry into national phase |
Ref document number: 12991423 Country of ref document: US |