WO2010108357A1 - Method and system for policy control - Google Patents

Method and system for policy control Download PDF

Info

Publication number
WO2010108357A1
WO2010108357A1 PCT/CN2009/074022 CN2009074022W WO2010108357A1 WO 2010108357 A1 WO2010108357 A1 WO 2010108357A1 CN 2009074022 W CN2009074022 W CN 2009074022W WO 2010108357 A1 WO2010108357 A1 WO 2010108357A1
Authority
WO
WIPO (PCT)
Prior art keywords
wlan
cscf
terminal
ims
user
Prior art date
Application number
PCT/CN2009/074022
Other languages
French (fr)
Chinese (zh)
Inventor
佘坤
Original Assignee
中兴通讯股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 中兴通讯股份有限公司 filed Critical 中兴通讯股份有限公司
Publication of WO2010108357A1 publication Critical patent/WO2010108357A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W28/00Network traffic management; Network resource management
    • H04W28/16Central resource management; Negotiation of resources or communication parameters, e.g. negotiating bandwidth or QoS [Quality of Service]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L65/00Network arrangements, protocols or services for supporting real-time applications in data packet communication
    • H04L65/1066Session management
    • H04L65/1069Session establishment or de-establishment
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L65/00Network arrangements, protocols or services for supporting real-time applications in data packet communication
    • H04L65/80Responding to QoS
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L69/00Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
    • H04L69/24Negotiation of communication capabilities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W84/00Network topologies
    • H04W84/02Hierarchically pre-organised networks, e.g. paging networks, cellular networks, WLAN [Wireless Local Area Network] or WLL [Wireless Local Loop]
    • H04W84/10Small scale networks; Flat hierarchical networks
    • H04W84/12WLAN [Wireless Local Area Networks]

Definitions

  • the present invention relates to the field of 3G wireless communication technologies, and further relates to the field of IMS services, and in particular, to a policy control method and system.
  • IMS IP Multimedia Subsystem
  • TCP/IP Internet Protocol Transmission Control Protocol/Internet Protocol
  • SIP Session Initial Protocol
  • HTTP HyperText Transfer Protocol
  • IMS IP Multimedia Subsystem
  • IMS IP Multimedia Subsystem
  • TCP/IP Internet Protocol Transmission Control Protocol/Internet Protocol
  • SIP Session Initial Protocol
  • HTTP HyperText Transfer Protocol
  • IMS it is very convenient to transplant existing Internet services and wireless communication network services, such as web browsing and video on demand, and the wireless communication network services include voice calls and short messages (substituting instant messages) ), MMS and ring tones, etc.
  • the IMS is controlled, that is, the operator can control the usage of the user according to the customized service and the operation strategy.
  • Rel 5 version of IMS supports access to IMS with General Packet Radio Service (GPRS), while Rel 6 and later versions are access-independent, which can be accessed via Digital Subscriber Line (DSL). ), cable TV cable network (referred to as CABLE network), Integrated Services Digital Network (ISDN) and other fixed mode access, wireless access methods have also been extended, such as the Rel 6 version added wireless LAN (Wireless Local Area Network, referred to as WLAN) access.
  • GPRS General Packet Radio Service
  • DSL Digital Subscriber Line
  • CABLE network cable TV cable network
  • ISDN Integrated Services Digital Network
  • WLAN Wireless Local Area Network
  • IMS Internet Service Provider
  • the 3rd Generation Partnership Project (3GPP) technical specification includes verification, authorization, and access to the packet switched domain service of the WLAN access 3GPP network. (Packet Switching, PS for short) and emergency calls.
  • Packet Switching, PS for short Packet Switching, PS for short
  • emergency calls for related content, refer to the document "3GPP TS 23.234 3 GPP system to Wireless Local Area Network WLAN interworking", but there is no policy control mechanism for using IMS services through WLAN. . Summary of the invention
  • the technical problem to be solved by the present invention is to provide a policy control method for using IMS services through WLAN.
  • the present invention provides a policy control method using an IP multimedia subsystem IMS service, which includes:
  • the wireless local area network WLAN terminal accesses the WLAN by connecting to the access point AP, and the wireless local area network policy decision function WLAN-PDF collects information of the WLAN terminal from the AP, wherein the information includes the terminal identity, or the terminal identity and the link layer information. ;
  • the user initiates registration with the IMS network by using the WLAN terminal, and the proxy call session control function P-CSCF of the IMS network acquires information of the WLAN terminal from the WLAN-PDF and sends it to the service call session control of the IMS network.
  • Function S-CSCF and,
  • the S-CSCF performs policy control according to the received information of the WLAN terminal and a local policy.
  • the step of the S-CSCF performing policy control when the user can only access the IMS service by using the IMS user corresponding to the WLAN terminal used by the user includes:
  • the S-CSCF When the user registers the IMS user identity corresponding to the WLAN terminal in the IMS network by using the WLAN terminal, the S-CSCF allows the registration request of the user, otherwise the S-CSCF rejects the registration request of the user.
  • the S-CSCF after rejecting the registration request of the user, notifies the AP of the information of the WLAN terminal through the P-CSCF and the WLAN-PDF, and the AP disconnects from the WLAN terminal.
  • the S-CSCF performs policy control: When the S-CSCF receives the IMS service call of the user of the WLAN terminal as the terminating call, check whether the connection parameter in the link layer information of the WLAN terminal meets the service requirement of the IMS service, and if not, Then the S-CSCF rejects the IMS service call.
  • connection parameter is a connection rate.
  • the S-CSCF stores the information of the WLAN terminal, and sends the IMS user identity of the user and the information of the corresponding WLAN terminal to the AP through the WLAN-PDF.
  • the WLAN terminal when the WLAN terminal is connected to the AP, the WLAN terminal is used to authenticate and secure the infrastructure authentication WAPI certificate authentication and key management, thereby allowing the WLAN terminal to access the IMS service with high security requirements.
  • the WAPI pre-shared key authentication and key management are used, and only the WLAN terminal is allowed to access the IMS service with low security requirements.
  • the terminal identity is a holder name in a certificate of the WLAN terminal.
  • Another technical problem to be solved by the present invention is to provide a policy control system that uses IMS services over a WLAN.
  • the present invention provides a wireless communication system including a wireless local area network WLAN and an IP multimedia subsystem IMS network, the WLAN includes an access point AP, and the IMS network includes a proxy call session control function P-CSCF. , the service call session control function S-CSCF and the logical function entity WLAN-PDF; wherein
  • the WLAN-PDF is connected to the AP and the P-CSCF, and is configured to pass the
  • the connection interface of the WLAN collects information of the WLAN terminal from the AP, where the information includes a terminal identity, or a terminal identity and link layer information;
  • the P-CSCF is configured to acquire information of the WLAN terminal from the WLAN-PDF, and send information of the WLAN terminal to the S-CSCF;
  • the S-CSCF is configured to perform policy control according to the received information of the WLAN terminal and the local policy, and is further configured to store the information of the WLAN terminal when the user successfully registers the IMS service.
  • the method and system of the present invention corresponding to the WLAN access service and the IMS service User identity association allows operators to apply flexible control policies when providing both services.
  • the present invention provides a way for the IMS core network and the service server to obtain terminal service capabilities (such as bandwidth), so as to provide differentiated services, for example, automatically adjusting the bit rate of the media coding according to the terminal connection rate, compared to the capability parameters provided by the terminal.
  • terminal service capabilities such as bandwidth
  • Figure 1 shows the topology of the WLAN and IMS network interconnection.
  • FIG. 2 is a flow chart of the P-CSCF (Proxy-Call Session Control Function) exchanging identity information with the WLAN AP.
  • P-CSCF Proxy-Call Session Control Function
  • FIG. 3 is a process flow diagram of an example policy 1 in the embodiment.
  • FIG. 4 is a process flow diagram of an example strategy 2 in the embodiment.
  • Figure 5 is a process flow diagram of an example strategy 3 in an embodiment.
  • the preferred embodiment of the present invention when using the 802.11x standard of the wireless local area network, should use the WLAN Authentication and Privacy Infrastructure (WAPI) or Wi-Fi network secure access, referred to as WPA (Wireless Fidelity). , ie, Wireless Fidelity, WPA (Wi-Fi Protected Access); but there is no requirement for specific wireless access methods, such as access to 802. l lx or WIMAX, the full name of WINMAX is Worldwide Interoperability for Microwave Access , namely the global microwave interconnection access, or 802.16 wireless metropolitan area network.
  • WPA Wireless Fidelity
  • WPA Wi-Fi Protected Access
  • the WLAN access verification process verifies the "terminal identity", and the verification in the IMS registration process is the verification of the "user identity”, and the two identities are independent. If the operator does not perform access policy control, IMS users can access IMS services using any WLAN terminal authorized to access the network.
  • the present invention adds a logical functional entity to the original IMS architecture: Wireless LAN policy decision function (WLAN Policy Decision Function, Jane WLAN-PDF), the interface between the access point (Access Point, AP for short) and the IMS network element P-CSCF is called a reference point, which is respectively referred to as a reference point Qo and a reference point Qq, P-CSCF (Proxy-CSCF), which is the proxy CSCF.
  • Wireless LAN policy decision function Wired LAN policy decision function
  • Jane WLAN-PDF Wireless LAN Policy Decision Function
  • the interface between the access point (Access Point, AP for short) and the IMS network element P-CSCF is called a reference point, which is respectively referred to as a reference point Qo and a reference point Qq
  • P-CSCF Proxy-CSCF
  • the reference point Qo between the WLAN-PDF and the AP can implement the following functions:
  • connection parameters include parameters such as a connection rate, and the policy control related information is not limited to the above information, and may be set according to a policy control function to be implemented.
  • the reference point Qq between the WLAN-PDF and the network element P-CSCF can implement the following functions:
  • WLAN-PDF associates the IMS identity of the user with the WLAN terminal used by collecting information from the AP and the P-CSCF, and further implements the operator-predetermined control strategy based on the association.
  • Possible control strategies include but are not limited to the following two categories:
  • the P-CSCF can be added to the IMS registration request of the user.
  • the WLAN terminal identity information is sent to the S-CSCF (Service Call Session Control Function), which verifies whether the two types of identities correspond, thereby agreeing or refusing the user registration.
  • S-CSCF Service Call Session Control Function
  • the P-CSCF can determine its IMS service capability through the WLAN terminal access information collected by the WLAN-PDF, and send it to the S-CSCF along with the IMS registration request, according to which the latter can automatically reject the service when the WLAN terminal is used as the service termination call. call.
  • This policy is the step after the terminal identity is successfully associated with the IMS user identity.
  • the above two policy controls are implemented based on the technical solution "how to associate the WLAN terminal identity with the IMS user identity".
  • the contribution of the present invention is to provide a basis for implementing a similar control strategy, enabling the implementation of various control strategies. In fact, operators can extend other control strategies based on "associating terminal identity with IMS user identity.” For example, the operation strategy may simply associate the WLAN terminal with the IMS user for identity exchange, so as to further implement the control strategy.
  • the following is a detailed description of how the P-CSCF and the WLAN AP are successfully associated with each other after switching the identity of the terminal and the identity of the IMS user.
  • the WLAN-PDF associates the WLAN terminal identity with the IMS user identity according to the correspondence between the contact address in the IMS registration request and the physical address of the WLAN device. As shown in FIG. 2, the process of exchanging identity information between the ⁇ -CSCF and the WLAN AP is as follows:
  • the above information is stored.
  • the preset policy control is "User can only access the IMS service allowed by the terminal connection rate”
  • the information related to the policy control includes connection parameters, such as the connection rate.
  • the preset policy is controlled as "the user can only access the IMS service as the IMS user corresponding to the WLAN terminal used”
  • the collected "information related to the policy control” may not include the connection rate, or even the connection parameters, but includes Other link layer information.
  • the preset policy control is other embodiments not listed in the present invention, the WLAN and IMS according to the present invention may be configured correspondingly according to preset policy control.
  • the domain name contained in the terminal contact address is resolved to an IP address by the DNS, and the physical address of the terminal is further obtained.
  • IPv4 the address resolution protocol
  • ARP address resolution protocol
  • ARP IP protocol version number 6 protocol
  • IPv6 IP protocol version number 6 protocol
  • Step (6) The S-CSCF completes the IMS user identity verification, and sends the registration response back to the P-CSCF; if the registration is successful, the S-CSCF stores the connection parameters of the user terminal;
  • Step (7) If the user is successfully registered, the P-CSCF notifies the WLAN-PDF of the verified IMS user identity and the corresponding WLAN device identity information, and the WLAN-PDF stores the above information;
  • Step (8) WLAN-PDF notifies the WLAN terminal identity and the corresponding IMS user identity
  • the P-CSCF associates with the AP successfully and completes the user identity exchange.
  • the user can only access the IMS service by the IMS user corresponding to the WLAN terminal used. If the user violates this policy, as shown in Figure 3, the possible processing procedure is as follows:
  • Steps (1) to (5) are the same as steps (1) to (5) in the flow shown in Fig. 2.
  • Step (6) The S-CSCF queries the database to check whether the identity that the user wants to register corresponds to the identity of the WLAN terminal, and the result is "No";
  • Step (7) The S-CSCF rejects the registration request of the user, and sends the response back to the P-CSCF;
  • Step (10) The AP terminates the connection with the user terminal.
  • the user can only access the IMS service allowed by the terminal connection rate, and the terminal used by the user does not meet the requirement.
  • FIG. 4 omits the step of the service call, and assumes that the caller and the caller The terminating user belongs to the same IMS network.
  • the possible processing flow is as follows:
  • the S-CSCF receives the service call from the end user to check whether the connection parameters of the user terminal meet the service requirements, and the result is "No";
  • the WLAN terminal performs identity authentication through the WLAN Authentication and Privacy Infrastructure (WAPI standard), and the implementation steps of the example strategy 1 can be further refined.
  • WAPI verifies the identity of the terminal through a pre-issued certificate. Assuming that the certificate already exists in the terminal, the certificate issuance process is omitted.
  • the WAPI authentication involves three logical entities: an Authenticator Entity (abbreviated as ⁇ ), an Authentication Supplicant Entity (ASUE), and an Authentication Service Entity (ASE). Remaining in the UE (ie, WLAN terminal), the AE resides in the AP, and the ASE resides in an authentication service unit (ASU).
  • Authenticator Entity
  • ASUE Authentication Supplicant Entity
  • ASE Authentication Service Entity Remaining in the UE (ie, WLAN terminal), the AE resides in the AP, and the ASE resides in an authentication service unit (ASU).
  • ASU authentication service unit
  • Step (1) When the WLAN terminal is associated with the AP, sending an access authentication request to the AP, where the terminal includes an identity certificate, where the identity certificate further includes a holder name;
  • Step (2) After receiving the WLAN terminal access authentication request, the AP sends a certificate authentication request to the ASU, where the WLAN terminal identity certificate is included;
  • Step (3) After receiving the certificate authentication request of the AP, the ASU verifies the certificate of the WLAN terminal, and after the verification is completed, sends the certificate authentication response back to the AP, including the verification result of the WLAN terminal certificate; Step (4): The AP controls the WLAN terminal access according to the WLAN terminal certificate verification result in the certificate authentication response; if the authentication fails, disconnects from the WLAN terminal, the process ends; Steps (5) ⁇ (14) The same example The steps (1) ⁇ (10) of the strategy 1 and the "terminal identity" therein are specifically the holder names in the WLAN terminal identity certificate.
  • the foregoing embodiment may also have multiple transformation manners, for example: the policy control related information (link layer information) may further include: an authentication and a key used when the WLAN terminal is connected to the AP. Management method;
  • the local policy of the S-CSCF is:
  • the authentication and key management methods used when the WLAN terminal is connected to the AP are: WAPI certificate authentication and key management, allowing access to IMS services with high security requirements;
  • the authentication and key management methods used when the WLAN terminal is connected to the AP are: WAPI pre-shared key authentication and key management, only allowing access to IMS services with low security requirements.
  • the method and system of the present invention associates a WLAN access service with a user identity corresponding to the IMS service, so that the operator can apply a flexible control policy when providing two services at the same time.
  • the present invention provides a way for the IMS core network and the service server to obtain terminal service capabilities (such as bandwidth), so as to provide differentiated services, for example, automatically adjusting the bit rate of the media coding according to the terminal connection rate, compared to the capability parameters provided by the terminal.
  • the parameters obtained by the present invention are more reliable.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Multimedia (AREA)
  • Business, Economics & Management (AREA)
  • General Business, Economics & Management (AREA)
  • Quality & Reliability (AREA)
  • Computer Security & Cryptography (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

The present invention provides a method and system for policy control. The method comprises the following steps: a Wireless Local Area Network (WLAN) terminal accesses WLAN through an Access Point (AP); WLAN Policy Decision Function (WLAN-PDF) obtains the WLAN terminal information from the AP; the WLAN terminal initiates registration to IP Multimedia Subsystem (IMS) network. Proxy Call Session Control Function (P-CSCF) of IMS network obtains the WLAN terminal information from WLAN-PDF; P-CSCF sends the obtained terminal information to Serving Call Session Control Function (S-CSCF); S-CSCF performs policy control according to the received terminal information and local policy. Applying the method and system of the present invention, a manner for obtaining terminal service capability can be provided for IMS core network and a service server. Compared with the capability parameters provided by the terminal, the parameters obtained through the solution of the present invention are more reliable.

Description

一种策略控制方法及系统  Strategy control method and system
技术领域 Technical field
本发明涉及 3G无线通信技术领域, 进一步涉及 IMS业务领域, 尤其涉 及一种策略控制方法及系统。  The present invention relates to the field of 3G wireless communication technologies, and further relates to the field of IMS services, and in particular, to a policy control method and system.
背景技术 Background technique
IP多媒体子系统( IP Multimedia Subsystem, 简称 IMS )是 3G无线通讯 网络的业务框架和运行平台。 IMS基于标准的互联网协议的传输控制协议 /因 特网协议( Transfer Control Protocol/Internet Protocol, 简称 TCP/IP ) 、 初始会 话协议(Session Initial Protocol, 简称 SIP )和超文本传输协议 ( HyperText Transfer Protocol, 简称 HTTP )等构建, 基于 IMS可以十分方便地移植现有 的互联网业务以及无线通信网业务, 所述互联网业务包括网页浏览和视频点 播等, 所述无线通信网业务包括语音通话、 短信(以即时消息替代) 、 彩信 和彩铃等等。 同时, IMS是受控的, 即运营商可根据用户定制的服务以及运 营策略对用户的使用情况进行控制。 Rel 5版本的 IMS支持以通用分组无线服 务技术( General Packet Radio Service, 简称 GPRS )接入 IMS, 而 Rel 6以后 的版本是接入无关的, 即可通过数字用户线 ( Digital Subscriber Line , 简称 DSL )、有线电视电缆网络(简称 CABLE网络)、综合业务数字网(Integrated Services Digital Network, 简称 ISDN )等固定方式接入, 无线接入方式也有所 扩展, 例如 Rel 6版本增加了无线局域网( Wireless Local Area Network , 简称 WLAN )接入。  IP Multimedia Subsystem (IMS) is the business framework and operation platform of 3G wireless communication network. IMS is based on the standard Internet Protocol Transmission Control Protocol/Internet Protocol (TCP/IP), Session Initial Protocol (SIP) and HyperText Transfer Protocol (HTTP). ), etc., based on IMS, it is very convenient to transplant existing Internet services and wireless communication network services, such as web browsing and video on demand, and the wireless communication network services include voice calls and short messages (substituting instant messages) ), MMS and ring tones, etc. At the same time, the IMS is controlled, that is, the operator can control the usage of the user according to the customized service and the operation strategy. Rel 5 version of IMS supports access to IMS with General Packet Radio Service (GPRS), while Rel 6 and later versions are access-independent, which can be accessed via Digital Subscriber Line (DSL). ), cable TV cable network (referred to as CABLE network), Integrated Services Digital Network (ISDN) and other fixed mode access, wireless access methods have also been extended, such as the Rel 6 version added wireless LAN (Wireless Local Area Network, referred to as WLAN) access.
无线局域网技术在带宽、 安全性上的迅速成熟, 使其成为 DSL、 光纤等 互联网固定接入方式的有力竟争者。 然而, IMS接入的需求与互联网接入有 所不同。 对于互联网接入, 无线局域网仅替换了连接用户终端和互联网服务 提供商 (Internet Service Provider, 简称 ISP )之间的线缆。 而 IMS作为一个 受控网络, 要求所有接入途径都是可控的。  The rapid maturity of wireless LAN technology in terms of bandwidth and security has made it a powerful competitor for fixed access methods such as DSL and optical fiber. However, the need for IMS access is different from Internet access. For Internet access, the WLAN only replaces the cable between the connected user terminal and the Internet Service Provider (ISP). As a controlled network, IMS requires all access paths to be controllable.
第三代合作伙伴计划( 3rd Generation Partnership Project, 简称 3GPP )技 术规范包含了 WLAN接入 3GPP 网络的验证、 授权, 访问分组交换域业务 ( Packet Switching, 简称 PS ) 以及紧急呼叫等方面的内容, 相关内容可参考 文献《3GPP TS 23.234 3 GPP system to Wireless Local Area Network WLAN interworking》 , 但没有对通过 WLAN使用 IMS业务的策略控制机制进行规 定。 发明内容 The 3rd Generation Partnership Project (3GPP) technical specification includes verification, authorization, and access to the packet switched domain service of the WLAN access 3GPP network. (Packet Switching, PS for short) and emergency calls. For related content, refer to the document "3GPP TS 23.234 3 GPP system to Wireless Local Area Network WLAN interworking", but there is no policy control mechanism for using IMS services through WLAN. . Summary of the invention
本发明要解决的技术问题是, 提供一种通过 WLAN使用 IMS业务的策 略控制方法。  The technical problem to be solved by the present invention is to provide a policy control method for using IMS services through WLAN.
为了解决上述技术问题, 本发明提供了一种使用 IP 多媒体子系统 IMS 业务的策略控制方法, 其包括:  In order to solve the above technical problem, the present invention provides a policy control method using an IP multimedia subsystem IMS service, which includes:
无线局域网 WLAN终端通过连接到接入点 AP接入 WLAN,无线局域网 策略决策功能 WLAN-PDF从所述 AP收集 WLAN终端的信息, 其中所述信 息中包括终端身份、 或终端身份和链路层信息;  The wireless local area network WLAN terminal accesses the WLAN by connecting to the access point AP, and the wireless local area network policy decision function WLAN-PDF collects information of the WLAN terminal from the AP, wherein the information includes the terminal identity, or the terminal identity and the link layer information. ;
用户使用所述 WLAN终端向 IMS网络发起注册, IMS网络的代理呼叫 会话控制功能 P-CSCF从所述 WLAN-PDF中获取所述 WLAN终端的信息, 并将其发送给 IMS网络的服务呼叫会话控制功能 S-CSCF; 以及,  The user initiates registration with the IMS network by using the WLAN terminal, and the proxy call session control function P-CSCF of the IMS network acquires information of the WLAN terminal from the WLAN-PDF and sends it to the service call session control of the IMS network. Function S-CSCF; and,
所述 S-CSCF根据接收到的所述 WLAN终端的信息和本地策略进行策略 控制。  The S-CSCF performs policy control according to the received information of the WLAN terminal and a local policy.
进一步地, 所述本地策略是指用户只能以所用 WLAN终端对应的 IMS 用户身份访问 IMS业务时, S-CSCF进行策略控制的步骤包括:  Further, the step of the S-CSCF performing policy control when the user can only access the IMS service by using the IMS user corresponding to the WLAN terminal used by the user includes:
当用户使用所述 WLAN终端在 IMS 网络中注册该 WLAN终端对应的 IMS用户身份时, S-CSCF允许该用户的注册请求, 否则 S-CSCF拒绝该用户 的注册请求。  When the user registers the IMS user identity corresponding to the WLAN terminal in the IMS network by using the WLAN terminal, the S-CSCF allows the registration request of the user, otherwise the S-CSCF rejects the registration request of the user.
进一步地, S-CSCF 拒绝所述用户的注册请求后, 通过 P-CSCF 和 WLAN-PDF将所述 WLAN终端的信息通知 AP, AP断开与该 WLAN终端的 连接。  Further, after rejecting the registration request of the user, the S-CSCF notifies the AP of the information of the WLAN terminal through the P-CSCF and the WLAN-PDF, and the AP disconnects from the WLAN terminal.
进一步地,所述本地策略是指用户只能访问 WLAN终端的连接参数被允 许的 IMS业务时, S-CSCF进行策略控制的步骤包括: 当 S-CSCF收到以所述 WLAN终端的用户为终呼用户的 IMS业务呼叫 时, 检查所述 WLAN终端的链路层信息中的连接参数是否满足该 IMS业务 的业务需求, 如果不满足, 则 S-CSCF拒绝此 IMS业务呼叫。 Further, when the local policy is that the user can only access the IMS service whose connection parameters of the WLAN terminal are allowed, the S-CSCF performs policy control: When the S-CSCF receives the IMS service call of the user of the WLAN terminal as the terminating call, check whether the connection parameter in the link layer information of the WLAN terminal meets the service requirement of the IMS service, and if not, Then the S-CSCF rejects the IMS service call.
进一步地, 所述连接参数为连接速率。  Further, the connection parameter is a connection rate.
进一步地, 所述用户注册成功后, S-CSCF存储所述 WLAN终端的信息, 并将所述用户的 IMS用户身份和对应的 WLAN终端的信息通过 WLAN-PDF 发给 AP。  Further, after the user is successfully registered, the S-CSCF stores the information of the WLAN terminal, and sends the IMS user identity of the user and the information of the corresponding WLAN terminal to the AP through the WLAN-PDF.
进一步地, WLAN终端连接到 AP时, 釆用无线局域网鉴别与保密基础 架构 WAPI的证书鉴别和密钥管理,则允许 WLAN终端访问对安全性要求高 的 IMS业务。  Further, when the WLAN terminal is connected to the AP, the WLAN terminal is used to authenticate and secure the infrastructure authentication WAPI certificate authentication and key management, thereby allowing the WLAN terminal to access the IMS service with high security requirements.
进一步地, WLAN终端连接到 AP时, 釆用 WAPI的预共享密钥鉴别和 密钥管理, 则仅允许 WLAN终端访问对安全性要求低的 IMS业务。  Further, when the WLAN terminal is connected to the AP, the WAPI pre-shared key authentication and key management are used, and only the WLAN terminal is allowed to access the IMS service with low security requirements.
进一步地, 所述终端身份为所述 WLAN终端的证书中的持有者名称。 本发明所要解决的另一个技术问题是, 提供一种通过 WLAN使用 IMS 业务的策略控制系统。  Further, the terminal identity is a holder name in a certificate of the WLAN terminal. Another technical problem to be solved by the present invention is to provide a policy control system that uses IMS services over a WLAN.
为了解决上述技术问题, 本发明提供了一种无线通讯系统, 包括无线局 域网 WLAN和 IP多媒体子系统 IMS网络, 所述 WLAN包括接入点 AP, 所 述 IMS 网络包括代理呼叫会话控制功能 P-CSCF、 服务呼叫会话控制功能 S-CSCF以及逻辑功能实体 WLAN-PDF; 其中,  In order to solve the above technical problem, the present invention provides a wireless communication system including a wireless local area network WLAN and an IP multimedia subsystem IMS network, the WLAN includes an access point AP, and the IMS network includes a proxy call session control function P-CSCF. , the service call session control function S-CSCF and the logical function entity WLAN-PDF; wherein
所述 WLAN-PDF与所述 AP和所述 P-CSCF连接, 且设置为通过与所述 The WLAN-PDF is connected to the AP and the P-CSCF, and is configured to pass the
WLAN的连接接口从所述 AP收集 WLAN终端的信息, 所述信息中包括终端 身份、 或终端身份和链路层信息; The connection interface of the WLAN collects information of the WLAN terminal from the AP, where the information includes a terminal identity, or a terminal identity and link layer information;
所述 P-CSCF设置为从所述 WLAN-PDF中获取所述 WLAN终端的信息, 并将所述 WLAN终端的信息发送给所述 S-CSCF;  The P-CSCF is configured to acquire information of the WLAN terminal from the WLAN-PDF, and send information of the WLAN terminal to the S-CSCF;
所述 S-CSCF设置为根据接收到的所述 WLAN终端的信息和本地策略进 行策略控制, 还设置为在用户成功注册 IMS业务时存储所述 WLAN终端的 所述信息。  The S-CSCF is configured to perform policy control according to the received information of the WLAN terminal and the local policy, and is further configured to store the information of the WLAN terminal when the user successfully registers the IMS service.
本发明所述的方法和系统, 由于将 WLAN接入服务和 IMS服务对应的 用户身份关联, 使得运营商在同时提供两种服务时可施加灵活的控制策略。 同时,本发明为 IMS核心网及业务服务器提供获取终端业务能力(例如带宽) 的途径, 以便提供差异性服务, 例如根据终端连接速率自动调整媒体编码的 比特率, 相比终端提供的能力参数, 通过本发明获取的参数更加可靠。 附图概述 The method and system of the present invention, corresponding to the WLAN access service and the IMS service User identity association allows operators to apply flexible control policies when providing both services. In the meantime, the present invention provides a way for the IMS core network and the service server to obtain terminal service capabilities (such as bandwidth), so as to provide differentiated services, for example, automatically adjusting the bit rate of the media coding according to the terminal connection rate, compared to the capability parameters provided by the terminal. The parameters obtained by the present invention are more reliable. BRIEF abstract
图 1为 WLAN与 IMS网络互联拓朴图。  Figure 1 shows the topology of the WLAN and IMS network interconnection.
图 2为 P-CSCF (代理 -呼叫会话控制功能 )与 WLAN AP交换身份信息 的流程图。  Figure 2 is a flow chart of the P-CSCF (Proxy-Call Session Control Function) exchanging identity information with the WLAN AP.
图 3为实施例中示例策略 1的处理流程图。  FIG. 3 is a process flow diagram of an example policy 1 in the embodiment.
图 4为实施例中示例策略 2的处理流程图。  4 is a process flow diagram of an example strategy 2 in the embodiment.
图 5为实施例中示例策略 3的处理流程图。  Figure 5 is a process flow diagram of an example strategy 3 in an embodiment.
本发明的较佳实施方式 如当釆用无线局域网 802.11x标准时, 应使用无线局域网鉴别与保密基础架 构 ( WLAN Authentication and Privacy Infrastructure, 简称 WAPI )或 Wi-Fi网 络安全存取, 简称 WPA ( Wireless Fidelity, 即无线保真, WPA, 即 Wi-Fi Protected Access ) ; 但对具体的无线接入方式没有要求, 例如接入 802. l lx 或 WIMAX都适用, 所述 WINMAX的全称是 Worldwide Interoperability for Microwave Access , 即全球微波互联接入, 或称为 802.16无线城域网。 The preferred embodiment of the present invention, when using the 802.11x standard of the wireless local area network, should use the WLAN Authentication and Privacy Infrastructure (WAPI) or Wi-Fi network secure access, referred to as WPA (Wireless Fidelity). , ie, Wireless Fidelity, WPA (Wi-Fi Protected Access); but there is no requirement for specific wireless access methods, such as access to 802. l lx or WIMAX, the full name of WINMAX is Worldwide Interoperability for Microwave Access , namely the global microwave interconnection access, or 802.16 wireless metropolitan area network.
本发明中 WLAN接入验证过程是对 "终端身份" 进行验证, 而 IMS注 册过程中的验证是对 "用户身份" 的验证, 两种身份是独立的, 如果运营商 不进行访问策略控制, 某个 IMS用户可以使用任意授权入网的 WLAN终端 访问 IMS业务。  In the present invention, the WLAN access verification process verifies the "terminal identity", and the verification in the IMS registration process is the verification of the "user identity", and the two identities are independent. If the operator does not perform access policy control, IMS users can access IMS services using any WLAN terminal authorized to access the network.
为了实现将 WLAN与 IMS相关联,通过 WLAN使用 IMS业务的策略控 制, 如图 1的网络拓朴图所示, 本发明在 IMS原有架构基础上增加了一个逻 辑功能实体: 无线局域网策略决策功能(WLAN Policy Decision Function, 简 WLAN-PDF ) , 它与无线局域网的接入点 ( Access Point, 简称 AP ) 以及 IMS网元 P-CSCF之间的接口, 称为参考点, 分别记为参考点 Qo和参考点 Qq, 所述 P-CSCF ( Proxy-CSCF ) , 即代理 CSCF。 In order to implement the policy of associating the WLAN with the IMS and using the IMS service through the WLAN, as shown in the network topology diagram of FIG. 1, the present invention adds a logical functional entity to the original IMS architecture: Wireless LAN policy decision function (WLAN Policy Decision Function, Jane WLAN-PDF), the interface between the access point (Access Point, AP for short) and the IMS network element P-CSCF is called a reference point, which is respectively referred to as a reference point Qo and a reference point Qq, P-CSCF (Proxy-CSCF), which is the proxy CSCF.
所述 WLAN-PDF与 AP之间的参考点 Qo , 能实现以下功能:  The reference point Qo between the WLAN-PDF and the AP can implement the following functions:
1. 从 AP收集 WLAN终端的信息, 所述信息包括验证后的身份、设备物 理地址以及与策略控制相关的信息 (简称策略控制信息) , 所述策略控制相 关的信息, 可以是连接参数, 所述连接参数包括连接速率等参数, 所述策略 控制相关的信息, 不限于上述信息, 可以根据要实现的策略控制功能进行设 置。  1. Collecting information of the WLAN terminal from the AP, where the information includes the verified identity, the physical address of the device, and information related to policy control (referred to as policy control information), and the information related to the policy control may be a connection parameter. The connection parameters include parameters such as a connection rate, and the policy control related information is not limited to the above information, and may be set according to a policy control function to be implemented.
2. 向 AP反馈用户的 IMS注册状态。  2. Feed back the IMS registration status of the user to the AP.
所述 WLAN-PDF与网元 P-CSCF之间的参考点 Qq , 能实现以下功能: The reference point Qq between the WLAN-PDF and the network element P-CSCF can implement the following functions:
1. 从 P-CSCF收集 IMS用户的注册身份信息及所用终端的联系地址, 所 述联系地址包含域名或 IP地址; 1. Collecting, from the P-CSCF, the registration identity information of the IMS user and the contact address of the terminal used, the contact address including the domain name or the IP address;
2. 向 P-CSCF反馈 WLAN终端接入信息的变更, 例如反馈 IP地址的变 更。  2. Feed back to the P-CSCF for changes to the WLAN terminal access information, such as feedback IP address changes.
WLAN-PDF通过从 AP和 P-CSCF收集信息将用户的 IMS身份和所用 WLAN终端进行关联,并在关联的基础上进一步实施运营商预设的控制策略。 可能的控制策略包括但不限于以下两类:  WLAN-PDF associates the IMS identity of the user with the WLAN terminal used by collecting information from the AP and the P-CSCF, and further implements the operator-predetermined control strategy based on the association. Possible control strategies include but are not limited to the following two categories:
1、 将 WLAN终端身份与 IMS用户身份绑定, 例如, 当运营策略规定通 过入网验证的 WLAN终端只能通过对应的 IMS身份访问 IMS业务时, P-CSCF 可在用户的 IMS注册请求中附加所用 WLAN终端身份信息, 并发往 S-CSCF (服务呼叫会话控制功能) , 后者验证两类身份是否对应, 从而同意或拒绝 用户注册。  1. Bind the identity of the WLAN terminal to the IMS user identity. For example, when the WLAN terminal authenticated by the access network can only access the IMS service through the corresponding IMS identity, the P-CSCF can be added to the IMS registration request of the user. The WLAN terminal identity information is sent to the S-CSCF (Service Call Session Control Function), which verifies whether the two types of identities correspond, thereby agreeing or refusing the user registration.
2、 根据 WLAN接入状态 (例如接入比特率) 自动设置 IMS业务能力。 P-CSCF可通过 WLAN-PDF收集的 WLAN终端接入信息判断其 IMS业务能 力, 并随 IMS注册请求一起发往 S-CSCF, 后者根据此能力可在 WLAN终端 作为业务终呼时自动拒绝业务呼叫。 此策略为终端身份与 IMS用户身份成功 关联后的步骤。 以上两种策略控制, 都是基于技术方案 "WLAN终端身份与 IMS用户身 份如何进行关联" 实现的。 本发明的贡献在于, 为实现类似的控制策略提供 了基础, 使各种控制策略的实现成为可能。 实际上, 运营商可以在 "进行终 端身份与 IMS用户身份相关联" 的基础上扩展出其他的控制策略。 例如, 运 营策略可以只是简单地将 WLAN终端与 IMS用户成功关联进行身份交换, 以便在此基础上, 进一步实施控制策略。 2. Automatically set IMS service capabilities based on WLAN access status (eg, access bit rate). The P-CSCF can determine its IMS service capability through the WLAN terminal access information collected by the WLAN-PDF, and send it to the S-CSCF along with the IMS registration request, according to which the latter can automatically reject the service when the WLAN terminal is used as the service termination call. call. This policy is the step after the terminal identity is successfully associated with the IMS user identity. The above two policy controls are implemented based on the technical solution "how to associate the WLAN terminal identity with the IMS user identity". The contribution of the present invention is to provide a basis for implementing a similar control strategy, enabling the implementation of various control strategies. In fact, operators can extend other control strategies based on "associating terminal identity with IMS user identity." For example, the operation strategy may simply associate the WLAN terminal with the IMS user for identity exchange, so as to further implement the control strategy.
下文就 P-CSCF与 WLAN AP之间如何成功关联后交换终端身份和 IMS 用户身份做出具体的描述。  The following is a detailed description of how the P-CSCF and the WLAN AP are successfully associated with each other after switching the identity of the terminal and the identity of the IMS user.
WLAN终端身份和 IMS用户身份验证的过程不属于本发明的内容, 因此 在以下的实施方案描述中省略。  The procedure of WLAN terminal identity and IMS user identity verification is not part of the present invention and is therefore omitted in the following embodiment description.
如果运营商欲实施某项控制策略, 可同时对 AP和 /或 S-CSCF进行配置。 WLAN-PDF根据 IMS注册请求中的联系地址与 WLAN设备物理地址的对应 关系来关联 WLAN终端身份和 IMS用户身份,如图 2所示,Ρ-CSCF与 WLAN AP交换身份信息的流程如下:  If the operator wants to implement a control policy, it can configure the AP and/or S-CSCF at the same time. The WLAN-PDF associates the WLAN terminal identity with the IMS user identity according to the correspondence between the contact address in the IMS registration request and the physical address of the WLAN device. As shown in FIG. 2, the process of exchanging identity information between the Ρ-CSCF and the WLAN AP is as follows:
步骤(1 ) : AP完成对 WLAN终端身份的验证后, 将 WLAN终端的物 理地址、 验证后的终端身份以及任何与预设的策略控制相关的链路层信息, 通知 WLAN-PDF, WLAN-PDF对上述信息进行存储。 例如, 预设的策略控制 为 "用户只能访问终端连接速率允许的 IMS业务" 时, 则与策略控制相关的 信息包括连接参数, 例如连接速率等。 当预设的策略控制为 "用户只能以所 用 WLAN终端对应的 IMS用户身份访问 IMS业务" , 则收集的 "与策略控 制相关的信息" 中, 可以不包括连接速率, 甚至连接参数, 而包括其它的链 路层信息。 当预设的策略控制为其他在本发明中未——列举的实施例时, 可 以根据预设的策略控制, 来相应的配置本发明所述的 WLAN和 IMS。  Step (1): After the AP completes the verification of the identity of the WLAN terminal, the WLAN terminal's physical address, the verified terminal identity, and any link layer information related to the preset policy control are notified to the WLAN-PDF, WLAN-PDF. The above information is stored. For example, when the preset policy control is "User can only access the IMS service allowed by the terminal connection rate", the information related to the policy control includes connection parameters, such as the connection rate. When the preset policy is controlled as "the user can only access the IMS service as the IMS user corresponding to the WLAN terminal used", the collected "information related to the policy control" may not include the connection rate, or even the connection parameters, but includes Other link layer information. When the preset policy control is other embodiments not listed in the present invention, the WLAN and IMS according to the present invention may be configured correspondingly according to preset policy control.
步骤( 2 ) : 用户进行 IMS注册时, P-CSCF向 WLAN-PDF发出 IMS用 户设备身份查询请求, 请求中包含 IMS用户终端注册请求中的联系地址; 步骤( 3 ): WLAN-PDF将 IMS用户终端联系地址包含的域名经过 DNS 解析为 IP地址, 并进一步得到终端的物理地址, 对于 IP协议的版本号是 4 的协议(简称 IPv4 ) , 通过地址解析协议 ARP ( Address Resolution Protocol, 简称 ARP )解析; 对于 IP协议的版本号是 6的协议 (简称 IPv6 ) , 通过邻居 发现过程, 然后在存储的 WLAN终端设备信息中查询此物理地址, 找到对应 的 WLAN终端设备身份; Step (2): When the user performs IMS registration, the P-CSCF sends an IMS user equipment identity query request to the WLAN-PDF, where the request includes the contact address in the IMS user terminal registration request; Step (3): WLAN-PDF will be the IMS user The domain name contained in the terminal contact address is resolved to an IP address by the DNS, and the physical address of the terminal is further obtained. For the protocol with the version number of the IP protocol being 4 (abbreviated as IPv4), the address resolution protocol (ARP) is resolved by the address resolution protocol (ARP). For the IP protocol version number 6 protocol (referred to as IPv6), through the neighbor The discovery process, and then querying the physical address in the stored WLAN terminal device information to find the corresponding WLAN terminal device identity;
步骤( 4 ): WLAN-PDF向 P-CSCF发出设备身份查询响应, 响应中包含 经过验证的 WLAN终端身份以及与策略控制相关的信息, 例如连接参数; 步骤(5 ): P-CSCF将 WLAN终端身份及与策略控制相关的信息, 例如 连接参数等信息插入用户注册请求,并经 I-CSCF发往 S-CSCF进行 IMS注册, S-CSCF对 IMS用户身份进行验证;  Step (4): The WLAN-PDF sends a device identity query response to the P-CSCF, where the response includes the verified WLAN terminal identity and information related to policy control, such as connection parameters; Step (5): The P-CSCF will WLAN terminal The identity and information related to policy control, such as connection parameters, are inserted into the user registration request, and sent to the S-CSCF via the I-CSCF for IMS registration, and the S-CSCF verifies the identity of the IMS user;
步骤( 6 ) : S-CSCF完成 IMS用户身份验证, 将注册响应发回 P-CSCF; 如注册成功, S-CSCF存储用户终端的连接参数;  Step (6): The S-CSCF completes the IMS user identity verification, and sends the registration response back to the P-CSCF; if the registration is successful, the S-CSCF stores the connection parameters of the user terminal;
步骤( 7 ): 如果用户注册成功, P-CSCF将经过验证的 IMS用户身份和 对应的 WLAN设备身份信息通知 WLAN-PDF, WLAN-PDF对上述信息进行 存储;  Step (7): If the user is successfully registered, the P-CSCF notifies the WLAN-PDF of the verified IMS user identity and the corresponding WLAN device identity information, and the WLAN-PDF stores the above information;
步骤( 8 ): WLAN-PDF将 WLAN终端身份和对应的 IMS用户身份通知 Step (8): WLAN-PDF notifies the WLAN terminal identity and the corresponding IMS user identity
AP。 AP.
通过以上步骤, P-CSCF与 AP关联成功并完成了用户身份交换。  Through the above steps, the P-CSCF associates with the AP successfully and completes the user identity exchange.
下面, 对本发明所述的两种策略示例的实施方案, 做出具体的描述, 但 可能的控制策略及可能的实施方案不限于此。  In the following, specific descriptions of the embodiments of the two policy examples described in the present invention are made, but possible control strategies and possible implementations are not limited thereto.
示例策略 1 :  Example strategy 1 :
例如, 假设根据运营策略, 用户只能以所用 WLAN终端对应的 IMS用 户身份访问 IMS业务, 如果用户违反了此策略, 如图 3所示, 可能的处理流 程如下:  For example, it is assumed that according to the operation policy, the user can only access the IMS service by the IMS user corresponding to the WLAN terminal used. If the user violates this policy, as shown in Figure 3, the possible processing procedure is as follows:
步骤(1 ) ~ ( 5 )与图 2所示流程中的步骤(1 ) ~ ( 5 )相同。  Steps (1) to (5) are the same as steps (1) to (5) in the flow shown in Fig. 2.
步骤(6 ) : S-CSCF查询数据库, 检查用户欲注册的身份是否与 WLAN 终端身份相对应, 结果是 "否" ;  Step (6): The S-CSCF queries the database to check whether the identity that the user wants to register corresponds to the identity of the WLAN terminal, and the result is "No";
步骤(7 ) : S-CSCF拒绝用户的注册请求, 并将响应发回 P-CSCF;  Step (7): The S-CSCF rejects the registration request of the user, and sends the response back to the P-CSCF;
步骤( 8 ): P-CSCF将注册失败的用户身份及对应 WLAN终端身份信息 通知 WLAN-PDF; 步骤( 9 ) : WLAN-PDF将注册失败的用户身份及对应 WLAN终端身份 信息通知 AP; Step (8): The P-CSCF notifies the WLAN-PDF of the identity of the user who failed to register and the identity information of the corresponding WLAN terminal; Step (9): The WLAN-PDF notifies the AP of the identity of the user who failed to register and the identity information of the corresponding WLAN terminal;
步骤(10 ) : AP终止与用户终端的连接。  Step (10): The AP terminates the connection with the user terminal.
示例策略 2:  Example Strategy 2:
又例如, 根据运营策略, 用户只能访问终端连接速率允许的 IMS业务, 而用户所用终端不满足此要求, 如图 4所示, 图 4省略了业务起呼的步骤, 并且假设起呼者与终呼用户归属于同一个 IMS网络。 可能的处理流程如下: For another example, according to the operation policy, the user can only access the IMS service allowed by the terminal connection rate, and the terminal used by the user does not meet the requirement. As shown in FIG. 4, FIG. 4 omits the step of the service call, and assumes that the caller and the caller The terminating user belongs to the same IMS network. The possible processing flow is as follows:
( 1 ) S-CSCF收到终呼于某用户的业务呼叫, 检查用户终端的连接参数 是否满足业务需求, 结果是 "否" ; (1) The S-CSCF receives the service call from the end user to check whether the connection parameters of the user terminal meet the service requirements, and the result is "No";
( 2 ) S-CSCF拒绝此业务呼叫。  (2) The S-CSCF rejects this service call.
示例策略 3  Example strategy 3
又例如, WLAN 终端通过中国无线局域网安全强制性标准 (WLAN Authentication and Privacy Infrastructure,简称 WAPI标准 )进行身份认证,示例 策略 1 的实施步骤可进一步细化。 WAPI通过预颁发证书对终端身份进行验 证, 假设证书已存在于终端中, 即省略证书发布过程。 另外, WAPI 身份认 证涉及鉴别实体 ( Authenticator Entity , 简称为 ΑΕ ) 、 鉴别请求者实体 ( Authentication Supplicant Entity , 简称为 ASUE ) 和鉴别服务实体 ( Authentication Service Entity, 简称 ASE ) 三个逻辑实体, 其中 ASUE驻留 于 UE (即 WLAN终端)中, AE驻留在 AP中, 而 ASE驻留在鉴别服务单元 ( authentication service unit, 简称 ASU )中。 示例策略 1的处理流程重新描述 下:  For example, the WLAN terminal performs identity authentication through the WLAN Authentication and Privacy Infrastructure (WAPI standard), and the implementation steps of the example strategy 1 can be further refined. WAPI verifies the identity of the terminal through a pre-issued certificate. Assuming that the certificate already exists in the terminal, the certificate issuance process is omitted. In addition, the WAPI authentication involves three logical entities: an Authenticator Entity (abbreviated as ΑΕ), an Authentication Supplicant Entity (ASUE), and an Authentication Service Entity (ASE). Remaining in the UE (ie, WLAN terminal), the AE resides in the AP, and the ASE resides in an authentication service unit (ASU). The process flow of the example strategy 1 is re-described as follows:
步骤(1 ) : WLAN终端关联至 AP时, 向 AP发送接入鉴别请求, 其中 包含终端的身份证书, 身份证书中进一步包含持有者名称;  Step (1): When the WLAN terminal is associated with the AP, sending an access authentication request to the AP, where the terminal includes an identity certificate, where the identity certificate further includes a holder name;
步骤(2 ) : AP收到 WLAN终端接入鉴别请求后, 向 ASU发出证书鉴 别请求, 其中包含 WLAN终端身份证书;  Step (2): After receiving the WLAN terminal access authentication request, the AP sends a certificate authentication request to the ASU, where the WLAN terminal identity certificate is included;
步骤( 3 ) : ASU收到 AP的证书鉴别请求后, 对 WLAN终端的证书进 行验证, 验证完毕后, 将证书鉴别响应发回 AP, 其中包括 WLAN终端证书 的验证结果; 步骤(4 ) : AP根据证书鉴别响应中的 WLAN终端证书验证结果, 对 WLAN终端接入进行控制;若认证失败,断开与 WLAN终端连接,流程结束; 步骤( 5 ) ~ ( 14 ) 同示例策略 1的步骤( 1 ) ~ ( 10 ) , 且其中的 "终 端身份" 具体为 WLAN终端身份证书中的持有者名称。 Step (3): After receiving the certificate authentication request of the AP, the ASU verifies the certificate of the WLAN terminal, and after the verification is completed, sends the certificate authentication response back to the AP, including the verification result of the WLAN terminal certificate; Step (4): The AP controls the WLAN terminal access according to the WLAN terminal certificate verification result in the certificate authentication response; if the authentication fails, disconnects from the WLAN terminal, the process ends; Steps (5) ~ (14) The same example The steps (1) ~ (10) of the strategy 1 and the "terminal identity" therein are specifically the holder names in the WLAN terminal identity certificate.
根据本发明的基本原理, 上述实施例还可以有多种变换方式, 例如: 策略控制相关的信息(链路层信息) 中还可以包含: WLAN终端连接到 AP时所釆用的鉴别和密钥管理方式;  According to the basic principle of the present invention, the foregoing embodiment may also have multiple transformation manners, for example: the policy control related information (link layer information) may further include: an authentication and a key used when the WLAN terminal is connected to the AP. Management method;
相应地, S-CSCF的本地策略为:  Accordingly, the local policy of the S-CSCF is:
当 WLAN终端连接到 AP时所釆用的鉴别和密钥管理方式为: WAPI的 证书鉴别和密钥管理时, 允许其访问对安全性要求高的 IMS业务;  The authentication and key management methods used when the WLAN terminal is connected to the AP are: WAPI certificate authentication and key management, allowing access to IMS services with high security requirements;
当 WLAN终端连接到 AP时所釆用的鉴别和密钥管理方式为: WAPI的 预共享密钥鉴别和密钥管理时, 仅允许其访问对安全性要求低的 IMS业务。  The authentication and key management methods used when the WLAN terminal is connected to the AP are: WAPI pre-shared key authentication and key management, only allowing access to IMS services with low security requirements.
工业实用性 Industrial applicability
本发明所述的方法和系统, 由于将 WLAN接入服务和 IMS服务对应的 用户身份关联, 使得运营商在同时提供两种服务时可施加灵活的控制策略。 同时,本发明为 IMS核心网及业务服务器提供获取终端业务能力(例如带宽) 的途径, 以便提供差异性服务, 例如根据终端连接速率自动调整媒体编码的 比特率, 相比终端提供的能力参数, 通过本发明获取的参数更加可靠。  The method and system of the present invention associates a WLAN access service with a user identity corresponding to the IMS service, so that the operator can apply a flexible control policy when providing two services at the same time. In the meantime, the present invention provides a way for the IMS core network and the service server to obtain terminal service capabilities (such as bandwidth), so as to provide differentiated services, for example, automatically adjusting the bit rate of the media coding according to the terminal connection rate, compared to the capability parameters provided by the terminal. The parameters obtained by the present invention are more reliable.

Claims

权 利 要 求 书 Claim
1、 一种策略控制方法, 其包括:  1. A policy control method comprising:
无线局域网 WLAN终端通过连接到接入点 AP接入 WLAN,无线局域网 策略决策功能 WLAN-PDF从所述 AP收集 WLAN终端的信息, 其中所述信 息中包括终端身份、 或终端身份和链路层信息;  The wireless local area network WLAN terminal accesses the WLAN by connecting to the access point AP, and the wireless local area network policy decision function WLAN-PDF collects information of the WLAN terminal from the AP, wherein the information includes the terminal identity, or the terminal identity and the link layer information. ;
用户使用所述 WLAN终端向 IP多媒体子系统 IMS网络发起注册, 所述 IMS 网络的代理呼叫会话控制功能 P-CSCF从所述 WLAN-PDF 获取所述 WLAN终端的所述信息,并将所述信息发送给所述 IMS网络的服务呼叫会话 控制功能 S-CSCF; 以及,  The user initiates registration with the IP multimedia subsystem IMS network using the WLAN terminal, the proxy call session control function P-CSCF of the IMS network acquires the information of the WLAN terminal from the WLAN-PDF, and the information is a service call session control function S-CSCF sent to the IMS network;
所述 S-CSCF根据接收到的所述 WLAN终端的所述信息和本地策略进行 策略控制。  The S-CSCF performs policy control according to the received information of the WLAN terminal and a local policy.
2、 如权利要求 1所述的方法, 其中,  2. The method of claim 1 wherein
所述本地策略指用户只能以所用 WLAN终端对应的 IMS用户身份访问 IMS业务时, 所述 S-CSCF进行策略控制的步骤包括:  The local policy refers to: when the user can only access the IMS service by using the IMS user corresponding to the WLAN terminal, the step of the S-CSCF performing policy control includes:
当用户使用所述 WLAN终端在所述 IMS网络中注册所述 WLAN终端对 应的 IMS 用户身份时, 所述 S-CSCF允许所述用户的注册请求, 否则所述 S-CSCF拒绝所述用户的注册请求。  When the user registers the IMS user identity corresponding to the WLAN terminal in the IMS network by using the WLAN terminal, the S-CSCF allows the registration request of the user, otherwise the S-CSCF rejects the registration of the user. request.
3、 如权利要求 2所述的方法, 其还包括:  3. The method of claim 2, further comprising:
所述 S-CSCF拒绝所述用户的注册请求后, 通过所述 P-CSCF 和所述 WLAN-PDF将所述 WLAN终端的所述信息通知所述 AP, 所述 AP断开与所 述 WLAN终端的连接。  After the S-CSCF rejects the registration request of the user, notifying the AP of the information of the WLAN terminal by using the P-CSCF and the WLAN-PDF, the AP disconnecting from the WLAN terminal Connection.
4、 如权利要求 1所述的方法, 其中,  4. The method of claim 1, wherein
所述本地策略指用户只能访问所述 WLAN终端的连接参数被允许的 IMS 业务时, 所述 S-CSCF进行策略控制的步骤包括:  The local policy refers to: when the user can only access the IMS service in which the connection parameter of the WLAN terminal is allowed, the step of performing policy control by the S-CSCF includes:
当所述 S-CSCF收到以所述 WLAN终端的用户为终呼用户的 IMS业务呼 叫时, 检查所述 WLAN终端的链路层信息中的连接参数是否满足所述 IMS 业务的业务需求, 如果满足, 则所述 S-CSCF接受所述 IMS业务呼叫, 否则 所述 S-CSCF拒绝所述 IMS业务呼叫。 When the S-CSCF receives the IMS service call of the user of the WLAN terminal as the terminating call, check whether the connection parameter in the link layer information of the WLAN terminal meets the service requirement of the IMS service, if If satisfied, the S-CSCF accepts the IMS service call, otherwise The S-CSCF rejects the IMS service call.
5、 如权利要求 4所述的方法, 其中, 所述连接参数为连接速率。  5. The method of claim 4, wherein the connection parameter is a connection rate.
6、 如权利要求 2所述的方法, 其还包括:  6. The method of claim 2, further comprising:
所述用户注册成功后, 所述 S-CSCF存储所述 WLAN终端的所述信息, 并将所述用户的 IMS 用户身份和对应的 WLAN 终端的信息通过所述 WLAN-PDF发给所述 AP。  After the user is successfully registered, the S-CSCF stores the information of the WLAN terminal, and sends the IMS user identity of the user and the information of the corresponding WLAN terminal to the AP through the WLAN-PDF.
7、 如权利要求 1所述的方法, 其还包括:  7. The method of claim 1 further comprising:
所述 WLAN终端连接到所述 AP时, 釆用无线局域网鉴别与保密基础架 构 WAPI的证书鉴别和密钥管理,则允许所述 WLAN终端访问对安全性要求 高的 IMS业务。  When the WLAN terminal is connected to the AP, the WLAN terminal is authenticated and the security infrastructure WAPI certificate authentication and key management is enabled, and the WLAN terminal is allowed to access the IMS service with high security requirements.
8、 如权利要求 1所述的方法, 其还包括:  8. The method of claim 1 further comprising:
所述 WLAN终端连接到所述 AP时, 釆用保密基础架构 WAPI的预共享 密钥鉴别和密钥管理,则仅允许所述 WLAN终端访问对安全性要求低的 IMS 业务。  When the WLAN terminal is connected to the AP, the pre-shared key authentication and key management of the security infrastructure WAPI is used, and only the WLAN terminal is allowed to access the IMS service with low security requirements.
9、如权利要求 1至 6任一所述的方法,其中,所述终端身份为所述 WLAN 终端的证书中的持有者名称。  The method of any one of claims 1 to 6, wherein the terminal identity is a holder name in a certificate of the WLAN terminal.
10、 一种无线通讯系统, 其包括无线局域网 WLAN和 IP多媒体子系统 IMS网络,  10. A wireless communication system comprising a wireless local area network WLAN and an IP multimedia subsystem IMS network,
所述 WLAN包括接入点 AP,  The WLAN includes an access point AP,
所述 IMS网络包括代理呼叫会话控制功能 P-CSCF、 服务呼叫会话控制 功能 S-CSCF以及逻辑功能实体 WLAN-PDF; 其中,  The IMS network includes a proxy call session control function P-CSCF, a service call session control function S-CSCF, and a logical function entity WLAN-PDF;
所述 WLAN-PDF与所述 AP和所述 P-CSCF连接, 且设置为通过与所述 WLAN的连接接口从所述 AP收集 WLAN终端的信息, 所述信息包括终端身 份、 或终端身份和链路层信息;  The WLAN-PDF is connected to the AP and the P-CSCF, and is configured to collect information of a WLAN terminal from the AP through a connection interface with the WLAN, where the information includes a terminal identity, or a terminal identity and a chain Road layer information;
所述 P-CSCF设置为从所述 WLAN-PDF中获取所述 WLAN终端的所述 信息, 并将所述 WLAN终端的所述信息发送给所述 S-CSCF;  The P-CSCF is configured to acquire the information of the WLAN terminal from the WLAN-PDF, and send the information of the WLAN terminal to the S-CSCF;
所述 S-CSCF设置为根据接收到的所述 WLAN终端的所述信息和本地策 略进行策略控制, 还设置为在用户成功注册 IMS业务时存储所述 WLAN终 端的所述信息。 Setting the S-CSCF according to the received information and the local policy of the WLAN terminal The policy control is slightly performed, and is also set to store the information of the WLAN terminal when the user successfully registers the IMS service.
PCT/CN2009/074022 2009-03-25 2009-09-18 Method and system for policy control WO2010108357A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN200910132331.X 2009-03-25
CN 200910132331 CN101521930B (en) 2009-03-25 2009-03-25 Policy control method and system

Publications (1)

Publication Number Publication Date
WO2010108357A1 true WO2010108357A1 (en) 2010-09-30

Family

ID=41082247

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2009/074022 WO2010108357A1 (en) 2009-03-25 2009-09-18 Method and system for policy control

Country Status (2)

Country Link
CN (1) CN101521930B (en)
WO (1) WO2010108357A1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US11265294B2 (en) 2015-09-15 2022-03-01 Telefonaktiebolaget Lm Ericsson (Publ) Method for secure WiFi calling connectivity over managed public WLAN access

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101521930B (en) * 2009-03-25 2011-09-21 中兴通讯股份有限公司 Policy control method and system
CN103702457A (en) * 2013-12-27 2014-04-02 于扬 Wireless access equipment and service operation system

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1878173A (en) * 2006-03-20 2006-12-13 华为技术有限公司 IP multimedia subsystem domain user access controlling method and its system
US20080089308A1 (en) * 2006-10-16 2008-04-17 Motorola, Inc. Method and apparatus for re-registration of connections for service continuity in an agnostic access internet protocol multimedia communication system
CN101252770A (en) * 2007-12-27 2008-08-27 华为技术有限公司 Method for terminal access authentication of IMS, communicating system and relevant equipment
CN101521930A (en) * 2009-03-25 2009-09-02 中兴通讯股份有限公司 Policy control method and system

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20040187021A1 (en) * 2003-02-10 2004-09-23 Rasanen Juha A. Mobile network having IP multimedia subsystem (IMS) entities and solutions for providing simplification of operations and compatibility between different IMS entities
DK1658746T3 (en) * 2003-08-26 2012-09-17 Ericsson Telefon Ab L M Device and method for authenticating a user by gaining access to multimedia services

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1878173A (en) * 2006-03-20 2006-12-13 华为技术有限公司 IP multimedia subsystem domain user access controlling method and its system
US20080089308A1 (en) * 2006-10-16 2008-04-17 Motorola, Inc. Method and apparatus for re-registration of connections for service continuity in an agnostic access internet protocol multimedia communication system
CN101252770A (en) * 2007-12-27 2008-08-27 华为技术有限公司 Method for terminal access authentication of IMS, communicating system and relevant equipment
CN101521930A (en) * 2009-03-25 2009-09-02 中兴通讯股份有限公司 Policy control method and system

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US11265294B2 (en) 2015-09-15 2022-03-01 Telefonaktiebolaget Lm Ericsson (Publ) Method for secure WiFi calling connectivity over managed public WLAN access

Also Published As

Publication number Publication date
CN101521930A (en) 2009-09-02
CN101521930B (en) 2011-09-21

Similar Documents

Publication Publication Date Title
US7809003B2 (en) Method for the routing and control of packet data traffic in a communication system
EP2084882B1 (en) Authentication in a communications network
EP1816825A1 (en) A method and system for authenticating user terminal
WO2007036123A1 (en) A method and communication system for the cs domain user accessing the ims domain
JP5091569B2 (en) Communication control apparatus, system and method for each service
WO2006125359A1 (en) A method for implementing the access domain security of an ip multimedia subsystem
US20110026510A1 (en) Method for Enabling Communication between a User Equipment and an IMS Gateway
WO2006047925A1 (en) A method for selecting the authentication manner at the network side
JP5351181B2 (en) One-pass authentication mechanism and system for heterogeneous networks
WO2019017837A1 (en) Network security management method and apparatus
WO2008000192A1 (en) Network access method of terminals, network access system and gateway equipment
WO2007121663A1 (en) A system, device and method for a mobile user equipment (ue) in circuit switching networks to access ims
WO2006099815A1 (en) A method for implementing the user registering in the ip multimedia subsystem and the system thereof
WO2009124445A1 (en) Method for realizing user registration
WO2005039110A1 (en) A method of analyzing the accessing process of the selected service in the wireless local area network
WO2007025429A1 (en) A method for preventing the media stream from bypassing and the device thereof
WO2007097101A1 (en) Radio access system and radio access method
US20110173687A1 (en) Methods and Arrangements for an Internet Multimedia Subsystem (IMS)
WO2008025280A1 (en) A method and system of authentication
WO2006111078A1 (en) A method for obtaining the user access information in the next generation network
WO2010069202A1 (en) Authentication negotiation method and the system thereof, security gateway, home node b
US20130212646A1 (en) Usage authentication via intercept and challege for network services
WO2006072219A1 (en) An ip multimedia subsystem network authentication system and the method thereof
JP5670933B2 (en) Authentication information conversion apparatus and authentication information conversion method
WO2009094910A1 (en) Method, system and apparatus for fixed mobile convergence

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 09842091

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 09842091

Country of ref document: EP

Kind code of ref document: A1