WO2011015091A1 - Procédé, dispositif, système et serveur d'authentification, d'autorisation et de comptabilité (aaa) permettant un accès à une station de base de nœud domestique - Google Patents

Procédé, dispositif, système et serveur d'authentification, d'autorisation et de comptabilité (aaa) permettant un accès à une station de base de nœud domestique Download PDF

Info

Publication number
WO2011015091A1
WO2011015091A1 PCT/CN2010/074088 CN2010074088W WO2011015091A1 WO 2011015091 A1 WO2011015091 A1 WO 2011015091A1 CN 2010074088 W CN2010074088 W CN 2010074088W WO 2011015091 A1 WO2011015091 A1 WO 2011015091A1
Authority
WO
WIPO (PCT)
Prior art keywords
base station
home base
server
identifier
access
Prior art date
Application number
PCT/CN2010/074088
Other languages
English (en)
Chinese (zh)
Inventor
骆文
楚俊生
Original Assignee
中兴通讯股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 中兴通讯股份有限公司 filed Critical 中兴通讯股份有限公司
Publication of WO2011015091A1 publication Critical patent/WO2011015091A1/fr

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W48/00Access restriction; Network selection; Access point selection
    • H04W48/08Access restriction or access information delivery, e.g. discovery data delivery
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/08Configuration management of networks or network elements
    • H04L41/085Retrieval of network configuration; Tracking network configuration history
    • H04L41/0853Retrieval of network configuration; Tracking network configuration history by actively collecting configuration information or by backing up configuration information
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0892Network architectures or network communication protocols for network security for authentication of entities by using authentication-authorization-accounting [AAA] servers or protocols

Definitions

  • the present invention relates to the field of communications, and in particular to a method, device, system and AAA for authentication of a home base station (Authentication Authorization) Accounting, authentication ⁇ ⁇ authorized charging) server.
  • a home base station Authentication Authorization
  • AAA authentication ⁇ ⁇ authorized charging
  • home base stations are usually installed in homes, office areas, and the like.
  • the home base station is a small, low-power base station with advantages such as affordability, convenience, and low power output.
  • 1 is a schematic diagram of a communication network for a home base station. As shown in FIG. 1, the home base station can access the core network through the access gateway.
  • a security gateway exists between the home base station and the access gateway (Femto Gateway, referred to as Fe-GW).
  • the security gateway can be set up with the access gateway or with the access gateway.
  • the main function of the security gateway is to ensure link security between the home base station and the network elements such as the access gateway and the user data server.
  • the main functions of the access gateway include: verifying the security of the home base station, handling the registration of the home base station, performing operation and maintenance management on the home base station, configuring and controlling the home base station according to the operator's requirements, and between the core network and the home base station. Data exchange.
  • the AAA server is an important facility in the communication network. It is used to implement network operator control and management of data and users.
  • the home base station provides authentication and authorization and account services, usually with network access control, gateway server, database and user information. Directory and other work together.
  • the working and operating parameters of the home base station are dynamically configured by the network.
  • it is configured by a Self Organizing Network Server (SON Server).
  • the SON server is used to discover/extract a series of operation and maintenance parameters of the home base station (for example, the wireless environment around the home base station) without manual intervention, thereby providing initial configuration parameters (including wireless air interface parameters, etc.) for the home base station. Supports bootstrapping initialization of home base stations.
  • the SON server belongs to the access network operator and only provides services to the access network to which it belongs.
  • the network containing the home base station also includes a Femto Management System (not shown), which is connected to the home base station via the security gateway.
  • the home base station management system is responsible for the operation and maintenance management of the home base station to which it belongs, and is also responsible for saving a part of the home base station subscription information. Different from the ordinary macro cell base station, which is purchased and deployed by the access network operator, the home base station is purchased and placed by the user, and the user must sign the home base station with at least one home base station operator, where the home base station is subscribed. After connecting and registering to a suitable access network, the user can use the services provided by the home base station.
  • the home base station uses the IP broadband network as its backhaul connection to first access the registered home base station operator (Femto Network Service Provider, referred to as Femto-NSP), and accepts the operation of the home base station.
  • Femto-NSP Femto Network Service Provider
  • the home base station operator provides the home base station with a set of candidate access networks in the form of providing the home base station with a SON server in the candidate access network
  • the home base station finds permission
  • the SON server in the registered access network is connected, and the initial bootstrapping is completed by using the initial configuration parameters provided by the SON server, and finally the connection is registered to the access network.
  • the candidate access network allows the home base station to connect to the registration, an important basis is whether the home base station is within the 4 authorized operation Geography /® area of the operator to which the access network belongs. In other words, when the home base station is located in a specific geographic/urban area, some candidate access networks allow their connection registration, while some access networks do not allow their connection registration.
  • the SON server in the candidate access network decides whether to allow the home base station connection to register to the candidate access network.
  • the SON server provides initialization parameters only if allowed.
  • the access network operator provides the home base station operator with which the contract is associated with the SON server address in the access network, and the home base station operator configures the SON server address in the DHCP of the home base station operator domain. And / or DNS server.
  • the home base station obtains the SON server address in the candidate access network by querying the DHCP and/or DNS server in the home base station operator domain.
  • the DHCP and/or DNS server returns all the SON server addresses of the access network that have a contractual relationship with the home base station operator to the home base station in a list form, so that the home base station needs to connect to the above list one by one when accessing.
  • An object of the present invention is to provide a method, an apparatus, a system, and an AAA server for a home base station, which can solve the technical problem that the time delay of the home base station entering the network is too long and affects the user experience in the related art.
  • an access method for a home base station including: acquiring, by a network side, location information of a home base station; and providing, to the home base station, an identifier of the ad hoc network server of the mobile communication network according to the location information;
  • the base station is connected to the ad hoc network server according to the identifier to obtain initial configuration parameters, initializes the initialization configuration parameters, and accesses the mobile communication network.
  • the network side includes an AAA server of the home base station, a home base station management system server of the home base station, a location authentication server of the home base station, and the like.
  • the method further includes: the home base station acquiring an Internet Protocol IP address of the security gateway of the mobile communication network; and the home base station performing the security association initial interaction with the security gateway according to the IP address, establishing a security association.
  • the home base station sends an identity authentication request to the security gateway, where the identity of the home base station is carried; the security gateway sends an access request message to the authentication/acceptance charging AAA server of the home base station.
  • the network side acquires the location information of the home base station, and specifically includes at least one of the following: the AAA server or the home base station management system server acquires the location information of the home base station according to the subscription information of the home base station; the AAA server or the home base station management system The IP address of the home base station is used to find the IP broadband service operator of the home base station, and the location information of the home base station is obtained from the interface server of the IP broadband service provider; the AAA server obtains the home from the home base station management system server or the network management server Location information of the base station.
  • the AAA server or the home base station management system server acquires the location information of the home base station according to the subscription information of the home base station
  • the IP address of the home base station is used to find the IP broadband service operator of the home base station, and the location information of the home base station is obtained from the interface server of the IP broadband service provider
  • the AAA server obtains the home from the home base station management system server or the network management server Location information of the base station.
  • the providing the identifier of the ad hoc network server of the mobile communication network to the home base station according to the location information comprises: the AAA server or the home base station management system server querying the mobile communication that is allowed to be accessed by the home base station at the location indicated by the location information An ad hoc network server of the network; the AAA server or the home base station management system server provides the identity of the ad hoc network server to the home base station.
  • the providing the identifier of the ad hoc network server of the mobile communication network to the home base station according to the location information comprises: the AAA server or the home base station management system server querying the mobile communication that is allowed to be accessed by the home base station at the location indicated by the location information
  • the self-organizing network server of the network if the number of self-organizing network servers is greater than 1, the AAA server or the home base station management system server queries the current load of each self-organizing network server; AAA month
  • the server or the home base station management system server compares the current load of each self-organizing network server, and obtains the identifier of the self-organizing network server with the smallest current load; the AAA server or the home base station management system server minimizes the current load
  • the identity of the organization network server is provided to the home base station as an identity of the ad hoc network server.
  • the AAA server provides the identifier of the ad hoc network server to the home base station, specifically: the AAA server sends an access success message to the security gateway of the mobile communication network, where the identifier of the self-organizing network server is carried; The base station sends an identity authentication response message, where the access success message and the identifier of the ad hoc network server are carried.
  • the AAA server provides the identifier of the ad hoc network server to the home base station, and the method includes: the AAA server sending an access success message to the security gateway of the mobile communication network, where the identifier of the self-organizing network server is carried; The identifier of the network server is sent, and the identity authentication response message is sent to the home base station, where the access success message is sent; the home base station sends an identity authentication request message to the security gateway, where the identity of the home base station is carried; and the security gateway performs the home base station After the authentication is passed, the identity authentication response message is sent to the home base station, where the identifier of the self-organizing network server is carried.
  • the identifier of the ad hoc network server that provides the mobile communication network to the home base station according to the location information specifically includes: the home base station sends the request information to the home base station management system server; the home base station management system server acquires the location information of the home base station; The system server provides the home base station with an identification of the ad hoc network server of the mobile communication network based on the location information.
  • the identity authentication request message further carries an identifier of the ad hoc network server identifier that is required to return to the home base station.
  • the method further includes: the home base station authenticating the identity of the security gateway of the mobile communication network.
  • the method further comprises: establishing a secure tunnel between the home base station and the security gateway of the mobile communication network, wherein the secure tunnel is an Internet Security Protocol IPSec tunnel.
  • the identifier of the ad hoc network server is an IP address of the ad hoc network server or a domain name of the ad hoc network server.
  • an AAA server including: an obtaining module, configured to acquire location information of a home base station; and an allocation module, configured to provide a self-organizing network server of the mobile communication network to the home base station according to the location information Logo.
  • an access device for a home base station including: an acquiring module, configured to acquire location information of a home base station; and a providing module, configured to provide mobile communication to the home base station according to the location information
  • An identifier of the ad hoc network server of the network an access module, configured to connect to the ad hoc network server according to the identifier to obtain an initial configuration parameter, complete initialization according to the initial configuration parameter, and access the mobile communication network.
  • an access system for a home base station including: an AAA server, configured to acquire location information of a home base station, and provide a mobile communication network to the home base station according to the location information.
  • the security gateway configured to authenticate the home base station, and forward the access request of the home base station to the AAA
  • the server forwards the access success response of the AAA server to the home base station, and the identifier of the self-organizing network server is carried in the access success response;
  • the self-organizing network server is configured to configure initial configuration parameters for the home base station;
  • the method includes an access module, configured to connect to the ad hoc network server according to the identifier to obtain initial configuration parameters, complete initialization according to the initial configuration parameter, and connect the home base station to the mobile communication network.
  • the identifier of the SON server is provided to the home base station according to the location information of the home base station, so that the home base station only needs to connect to the SON server that is allowed to access when accessing, thereby
  • the home base station when the home base station is connected, it is necessary to try to connect the SON server in the list one by one until it finds the SON server in the access network that allows the connection to register, which causes the home base station to enter the network for a long time delay.
  • a technical problem affecting the user's body-risk achieving the technical effect of improving the network access efficiency of the home base station and improving the user experience.
  • FIG. 1 is a schematic diagram of a communication network for a home base station in the related art
  • 2 is a flowchart of an access method for a home base station according to a first embodiment of the present invention
  • FIG. 3 is a flowchart of an access method for a home base station according to a second embodiment of the present invention
  • FIG. 5 is a block diagram of an AAA server according to a fourth embodiment of the present invention.
  • FIG. 6 is a view for a fifth embodiment of the present invention.
  • a block diagram of an access device of a home base station A block diagram of an access device of a home base station
  • Fig. 7 is a block diagram showing the structure of an access system for a home base station according to a sixth embodiment of the present invention.
  • the access success message returned by the AAA server to the security gateway is enhanced to carry the SON server identifier assigned by the AAA server to the home base station; and the identity authentication response returned by the security gateway to the home base station is enhanced to be carried.
  • the AAA server may acquire location information of the home base station and provide the home base station with the identifier of the SON server during the process of authenticating the home base station.
  • FIG. 2 is a flowchart of an access method for a home base station according to a first embodiment of the present invention. As shown in FIG.
  • the access method for the home base station according to the first embodiment of the present invention includes: Step S202: The network side acquires location information of the home base station; Step S204, provides the mobile communication network to the home base station according to the location information.
  • the DHCP and/or DNS server returns the SON server address of the access network that has a contractual relationship with the home base station operator to the home base station, and the access method for the home base station according to the first embodiment of the present invention passes.
  • the home base station Providing the identity (IP address, domain name, etc.) of the SON server according to the location information (geographic/city location information) of the home base station, so that the home base station only needs to connect to the SON server that allows access to the home base station when accessing, thereby
  • the home base station when the home base station is connected, it is necessary to try to connect the SON server in the list one by one until it finds the SON server in the access network that allows the connection to register, which causes the home base station to enter the network for a long time delay.
  • the technical problem affecting the user experience achieves the technical effect of improving the network access efficiency of the home base station and improving the user experience.
  • the access network of the mobile communication network may perform location authentication again on the home base station to ensure the home based on the operator's policy.
  • the geographic/urban area in which the base station is located is within the authorized operating area of the access network operator, and the process can be performed by the SON server in the access network.
  • the method before the acquiring, by the network side, the location information of the home base station, the method further includes: the home base station acquiring an Internet Protocol IP address of the security gateway of the mobile communication network; and the home base station performing the security association initial interaction with the security gateway according to the IP address, establishing a security association.
  • the home base station sends an identity authentication request to the security gateway, where the identity of the home base station is carried; the security gateway sends an access request message to the authentication/acceptance charging AAA server of the home base station.
  • the home base station can obtain the IP address of the security gateway through a mechanism such as a DHCP request and a DNS query, or can also configure an IP address of the security gateway in the home base station, for example, by using a local management interface of the home base station to obtain a security gateway by manual configuration. IP address.
  • the home base station negotiates a set of security keys with the security gateway, and establishes a security association between the home base station and the security gateway to protect the base station.
  • the interaction process of the IKE_SA_INIT message in Internet Key Exchange version 2 can be used to interact with the Internet Key.
  • the identity authentication request sent by the home base station to the security gateway may further carry information requesting to provide the identifier of the SON server.
  • the security gateway sends an access to the AAA server of the home base station. The message is requested to request the home base station AAA to perform authentication and authentication on the home base station.
  • the network side acquires location information of the home base station, and specifically includes at least one of the following: the AAA server acquires location information of the home base station according to the subscription information of the home base station; and the AAA server searches for the IP broadband monthly service of the home base station according to the IP address of the home base station.
  • the operator obtains the location information of the home base station from the interface server of the IP broadband service provider; the AAA server manages the home base station operator from the home base station (ie, the home base station management system, the home base station management server) or The network management server obtains location information of the home base station.
  • the AAA server can provide the SON server to the home base station according to the subscription information of the home base station. For example, according to the subscription information, the home base station can only be used in a certain geographical area, and the AAA server can provide the home base station with the identifier of the SON server of the access network that can accept the home base station connection registration in the area.
  • the AAA server finds an IP broadband service operator that provides IP broadband backhaul connection service for the home base station (eg, through the IP address of the home base station), and then obtains geographic/city location information of the home base station from the operator (eg, through the home base station) IP address ;).
  • the AAA server can directly access the appropriate server from the carrier domain (for example, the management system, the network management system) Get the geographic/city location information of the home base station in the server, etc.).
  • the location information of the home base station is extracted from the DOCSIS system based on the Cable modem associated with the home base station in the DOCSIS network, which is especially applicable to home base stations with built-in Cable modems.
  • the AAA service can also obtain the location information of the terminal by directly accessing the home base station operator intra-domain management system or the network management server of the home base station; the management system or the network management server specifically executes the process of acquiring the terminal location information, and the AAA month can be used.
  • the method used by the server to obtain the location information eg, obtained from the subscription information, obtained from the IP broadband service operator.
  • the identifier of the SON server that provides the mobile communication network to the home base station according to the location information specifically includes: the AAA server queries the SON server of the mobile communication network that is allowed to access the home base station at the location; the AAA server The identity of the SON server is provided to the home base station.
  • the SON server of the mobile communication network is provided to the home base station according to the location information.
  • the AAA server queries the SON server of the mobile communication network that is allowed to access the home base station at the location; if the number of the SON server is greater than 1, the AAA server queries the current load of each SON server; The current load of the SON server, and obtain the identifier of the SON server with the smallest current load; the AAA server provides the identifier of the SON server to the home base station.
  • the home base station operator If the home base station operator only has the address of one SON server in the selected access network, the home base station operator directly provides the identifier of the SON server to the home base station; if the home base station operator owns the connection After multiple SON server addresses in the network, the AAA server can also preferentially select the SON server with the smallest current load or less than a certain threshold, and provide its identifier to the home base station. For example, the AAA server can query the load of the SON server in the access network, or query other network elements (for example, the network management server) to obtain related parameters.
  • the AAA server can query the load of the SON server in the access network, or query other network elements (for example, the network management server) to obtain related parameters.
  • the home base station can be prevented from being connected to the SON server with a large load, and the SON server redirection in the access domain needs to be performed, thereby further reducing the access delay of the home base station.
  • the providing, by the AAA server, the identifier of the SON server to the home base station specifically includes:
  • the AAA server sends an access success message to the security gateway of the mobile communication network, which carries the identifier of the SON server.
  • the security gateway sends an identity authentication response message to the home base station, where the AAA server carries the access success message and the identifier of the SON server.
  • the AAA server can send the identifier of the SON server to the security gateway through a RADIUS/Diameter message; the security gateway can send the identifier to the home base station through IKEv2.
  • IKEv2 protocol you can use the configuration parameters in the configuration payload to carry the above SON server identifier.
  • the identifier is an IP address
  • the address is placed in the value field of the parameter of the type SON_Server_IP_Address described above.
  • the providing, by the AAA server, the identifier of the SON server to the home base station specifically includes:
  • the AAA server sends an access success message to the security gateway of the mobile communication network, where the identifier of the SON server is carried; the security gateway saves the identifier of the SON server, and sends an identity authentication response message to the home base station, which carries the access success message; The security gateway sends an identity authentication request message, where the identity of the home base station is carried. The security gateway authenticates the home base station, and after the authentication is passed, sends an identity authentication response message to the home base station, where the identifier of the SON server is carried.
  • the AAA server may send the identifier of the SON server to the security gateway through a RADIUS/Diameter message; the security gateway may send the identifier to the home base station through IKEv2.
  • the configuration parameters in the configuration payload can carry the above SON server identifier.
  • the identifier is an IP address
  • the address is placed in the value field of the parameter of the type SON_Server_IP_Address described above.
  • the identifier of the ad hoc network server that provides the mobile communication network to the home base station according to the location information specifically includes: the AAA server provides the home base station with the management system server in the home base station operator domain (ie, the above-mentioned home base station management system, the home base station management) The address of the server; the home base station sends a request to the management system server; the location information of the home base station is obtained by the management system server, and the identifier of the ad hoc network server of the mobile communication network is provided to the home base station according to the location information.
  • the AAA server provides the home base station with the management system server in the home base station operator domain (ie, the above-mentioned home base station management system, the home base station management) The address of the server; the home base station sends a request to the management system server; the location information of the home base station is obtained by the management system server, and the identifier of the ad hoc network server of the mobile communication network is provided to the home base station according to
  • the AAA does not return the SON identifier to the home base station in the process of access authentication, but returns the address of the management system server in the home base station operator domain, or may be another server capable of allocating the SON server to the home base station, such as a location authentication server;
  • the home base station queries the server for the address of the SON server, and finally the server obtains the location information of the home base station, allocates the SON server to the home base station according to the location information, and returns the identifier of the SON server to the home.
  • Base station This/some services can use the method used by the above AAA server to select a suitable self-SON server (for example, querying a SON server that allows access to a home base station at that location, etc.).
  • the identity authentication request message further carries an identifier of the SON server identifier that is required to return to the home base station.
  • the configuration parameter (Configuration Attributes) in the configuration payload of the IKEv2 protocol can be used to carry the identifier of the SON server identifier that is required to return to the home base station, and the identifier includes the parameter type (Attribute TYPE) and the value. (Value ) Two fields.
  • a parameter can be newly defined and assigned a new parameter type (for example, the parameter type is defined as SON_Server_IP_Address), which is used to indicate that the home base station is to the security gateway. Request the address of the SON server.
  • the home base station is connected to the SON server according to the identifier to obtain the initial configuration parameter.
  • the number, and before the access to the mobile communication network according to the initial configuration parameters, further includes: the home base station authenticates the identity of the security gateway of the mobile communication network.
  • the method further comprises: establishing a secure tunnel between the home base station and the security gateway of the mobile communication network, wherein the secure tunnel is an Internet Security Protocol IPSec tunnel.
  • the secure tunnel is an Internet Security Protocol IPSec tunnel.
  • the identifier of the SON server is an IP address of the SON server or a Fully Qualified Domain Name (FQDN).jpg
  • the home address is provided by the IP address of the SON server provided to the home base station.
  • the base station can be directly connected to the SON server.
  • the identifier can also be a domain name of the SON server or another identifier capable of indicating the location of the SON server.
  • FIG. 3 is a flowchart of an access method for a home base station according to a second embodiment of the present invention.
  • the authentication process of the home base station is performed between the home base station and the AAA server of the home base station.
  • the AAA server of the home base station provides the preferred SON server for the home base station according to the location information of the home base station.
  • the SON server is located in an access network that can accept the registration of the home base station, and the specific steps are as follows: Step 301: The home base station first connects to the IP broadband backhaul network, and can obtain an IP address capable of accessing the Internet network by performing a DHCP-related process. Step 302: Initiating a security association between the home base station and the security gateway by the home base station Initial interaction; through the security association initial interaction, the home base station negotiates a set of security keys with the security gateway, and establishes a security association between the home base station and the security gateway to protect the home base station and the security gateway.
  • Step 303 The home base station sends an identity authentication request message to the security gateway to implement mutual authentication between the home base station and the security gateway.
  • the identity authentication request message carries the identifier of the home base station, such as BSID, NAI, etc.
  • Step 304 The security gateway sends an access request message to the AAA server of the home base station to request the AAA server to authenticate the home base station.
  • the AAA server initiates an access authentication process for the home base station, and after the authentication of the home base station is successfully authenticated, the AAA and the home base station use the secrets (for example, passwords, certificates, etc.) jointly learned by the two base stations, and are used for authentication.
  • secrets for example, passwords, certificates, etc.
  • MSK Master Session Key
  • Step 306 The AAA server provides the preferred SON server for the home base station IP address;
  • Step 307 The AAA server sends an access success message to the security gateway, where the MSK generated by the AAA server and the IP address of the SON server provided by the AAA server for the home base station are included;
  • Step 309 The security gateway sends an identity authentication response message to the home base station, where the access success message is carried;
  • Step 314 The home base station interacts with the AAA server for the SON server to implement the configuration.
  • the initialization parameters of the base station for example, wireless parameters such as the working frequency point
  • the home base station is connected to the access gateway to complete the initial attachment process of the home base station; thereafter, the home base station can serve as a real base station.
  • step 303, step 309 to step 311 may correspond to the IKE_AUTH message in the IKEv2 protocol.
  • the AAA server may provide the SON server to the home base station according to the subscription information of the home base station.
  • the home base station can only be used in a certain geographical area, and the AAA server can provide the home base station with the identifier of the SON server that can accept the access network registered by the home base station in the area; the AAA server can also Find an IP broadband service provider that provides IP broadband backhaul connectivity for the home base station (eg, through the IP address of the home base station), and then obtain the geographic/city location information of the home base station from the operator (eg, via the home base station) IP address), and then provide the home base station with the identity of the SON server that allows it to access according to its location information; in addition, when the home base station operator is the same as the IP broadband monthly service operator described above When the quotient is used, the AAA server can directly obtain the geographic/city location information of the home base station from the appropriate server in the carrier domain, and then provide the home base station with the identifier of the SON server that is allowed to access according to its location information, for example, according to A cable modem associated with a home base station in the area;
  • step 306 if the home base station operator only has the address of one of the selected access networks, the home base station operator provides the address of the SON server to the home base station;
  • the home base station operator has multiple SON server addresses in the access network, and the AAA server can also preferentially select the SON server whose current load is the smallest, or whose load is less than a certain threshold, and provide it to the home base station.
  • the AAA server can query the load of the SON server in the access network, or query other network elements (for example, the network management server) to obtain related parameters. In this way, the home base station can be prevented from selecting a SON server with a large load, and the SON server redirection in the access domain needs to be performed.
  • the AAA server may not provide the identifier of the ad hoc network server for the home base station, but provide the home base station with a server in the home base station operator domain that can allocate the ad hoc network server to the home base station. For example, the address of the server of the home base station operator's management system (ie, the home base station management system, the home base station management server), the network management server, or the location authentication server, and then the access authentication and the security gateway are completed at the home base station.
  • the home base station may request the server to allocate an ad hoc network server, and after obtaining the location information of the home base station, the server returns a status to the home base station according to the location information.
  • the identifier of the selected ad hoc network server which may also be the IP address of the ad hoc network server or its domain name.
  • These servers can obtain the location information of the home base station by using the method used by the AAA server (for example, obtaining according to the subscription information of the home base station, acquiring from the interface server of the IP broadband service provider, etc.); these servers can also use the above AAA server.
  • the method used selects a suitable ad hoc network server (eg, queries the SON server that is allowed to access the home base station at that location).
  • the above method for the server to acquire the location information of the home base station is that the home base station can place its own location information in the above request sent to the server, and send its own location information to the server.
  • the access method for the home base station according to the second embodiment of the present invention avoids that the home base station in the related art needs to try to connect the SON server in the list one by one until accessing the access network that allows the connection registration thereof.
  • FIG. 4 is a flowchart of an access method for a home base station according to a third embodiment of the present invention.
  • Step 401 The home base station first connects to the IP broadband backhaul network, and can obtain an IP address capable of accessing the Internet network by performing a DHCP-related process.
  • Step 402 Initiating a security association initial interaction between the home base station and the security gateway by the home base station; and performing a security association initial interaction, the home base station negotiates a set of security keys with the security gateway, and on the basis of the home base station and A security association is established between the security gateways to protect the signaling security between the home base station and the security gateway.
  • the signaling between the home base station and the security gateway refers to the message in steps 403 to 411.
  • Step 403 Home The base station sends an identity authentication request message to the security gateway to implement mutual authentication between the home base station and the security gateway.
  • the identity authentication request message carries the identifier of the home base station, for example, BSID, NAI, etc.
  • Step 404 The security gateway sends an access request message to the AAA server of the home base station to request the AAA server to authenticate the home base station; 405: The AAA server initiates an access authentication process for the home base station, and after the authentication of the home base station is successfully authenticated, the AAA and the home base station use the secrets (for example, passwords, certificates, etc.) jointly learned by the two base stations, and are used for authentication.
  • secrets for example, passwords, certificates, etc.
  • MSK Master Session Key
  • Step 406 The AAA server provides the preferred SON server for the home base station IP address;
  • Step 407 The AAA server sends an access success message to the security gateway, where the MSK generated by the AAA server and the IP address of the SON server allocated by the AAA server to the home base station are used;
  • the home base station saves the address of the SON server allocated by the AAA server locally;
  • Step 411 The security gateway authenticates the home base station by using an MSK from the AAA server and an authentication vector from the home base station After the authentication is passed, the security gateway also generates a set of authentication vectors based on the MSK; and sends an identity authentication response message to the home base station;
  • Step 412 The home base station and the security gateway generate a set of security associations based on the respective MSKs. Based on the security association, an IPSec security tunnel is established between the home base station and the security gateway to ensure subsequent connection between the home base station and the security gateway.
  • Step 413 The home base station and the AAA server interact with each other for the SON server assigned thereto, and implement initialization functions (for example, working frequency points, etc.) for configuring the home base station; finally, the home base station is connected to the access gateway.
  • the initial network access procedure of the home base station is completed; thereafter, the home base station can start serving the terminal as a real base station.
  • the identity authentication request message may further carry an identifier of the ad hoc network server address that the security gateway is required to return to the home base station.
  • the AAA server may provide the SON server to the home base station according to the subscription information of the home base station.
  • the home base station can only be used in a certain geographical area, and the AAA server can provide the home base station with the identifier of the SON server that can accept the access network registered by the home base station in the area; the AAA server can also Find an IP broadband service provider that provides IP broadband backhaul connectivity for the home base station (eg, through the IP address of the home base station), and then obtain geographic/city location information for the home base station from the carrier (eg, via the home base station) IP address), and then provide the home base station with the identity of the SON server that allows it to access according to its location information; in addition, when the home base station operator is the same as the IP broadband monthly service operator described above When the quotient is used, the AAA server can directly obtain the geographic/city location information of the home base station from the appropriate server in the carrier domain, and then provide the home base station with the identifier of the SON server that is allowed to access according to its location information, for example, according to Cable modem associated with a home base station in a
  • step 406 if the home base station operator only has the address of one of the selected access networks, the home base station operator provides the address of the SON server to the home base station;
  • the home base station operator has multiple SON server addresses in the access network, and the AAA server can also preferentially select the SON server whose current load is the smallest, or whose load is less than a certain threshold, and provide it to the home base station.
  • the AAA server can query the load of the SON server in the access network, or query other network elements (for example, the network management server) to obtain related parameters.
  • FIG. 5 is a block diagram showing an AAA server according to a fourth embodiment of the present invention.
  • the AAA server 500 includes: an obtaining module 502, configured to acquire location information of a home base station; and an allocation module 504, configured to provide a SON of the mobile communication network to the home base station according to the location information.
  • the identity of the server The AAA server according to the fourth embodiment of the present invention uses the obtaining module to query the location information of the home base station, and then uses the allocation module to provide the identifier of the SON server to the home base station according to the location information, so that the home base station only needs to connect when accessing.
  • the access device for the home base station according to the fifth embodiment of the present invention includes: an obtaining module 502, configured to acquire location information of the home base station, and a providing module 602, configured to provide the home base station according to the location information.
  • the access device for the home base station uses the acquisition module to acquire the location information of the home base station, and then uses the allocation module to provide the identifier of the SON server to the home base station according to the location information, so that the home base station is connected.
  • the SON server prevents the home base station in the related art from trying to connect to the SON server in the list one by one until it finds the SON server in the access network that allows the connection to register, causing the home base station to enter the network for a long delay.
  • the technical problem affecting the user's body-risk to achieve the technical effect of improving the network access efficiency of the home base station and improving the user experience.
  • an access system for a home base station according to a sixth embodiment of the present invention includes: an AAA server 500, configured to acquire location information of a home base station, and provide a SON server of the mobile communication network to the home base station according to the location information.
  • the identifier is sent to the security gateway of the mobile communication network; the security gateway 702 is configured to authenticate the home base station, and forward the access request of the home base station to the AAA server, and the AAA monthly service
  • the access success response of the device is forwarded to the home base station, and the access success response carries the identifier of the SON server; the SON server 704 is configured to configure initial configuration parameters for the home base station; and the access module 706 is configured to connect to the SON server according to the identifier. Get initialization configuration parameters, complete initialization according to the initialization configuration parameters, and access to the mobile communication network.
  • the access module is an access gateway 708 that accesses the mobile terminal network.
  • the security gateway 702 can also be combined with the access gateway 708 of the mobile communication network; the access mode is set in the home base station.
  • An access system for a home base station according to a sixth embodiment of the present invention uses an AAA server to acquire location information of a home base station, and provides an identifier of the SON server to the home base station according to the location information, so that when the home base station is connected, It only needs to be connected to the SON server that allows it to access, so that the home base station in the related art needs to try to connect to the SON server in the list one by one until it finds the SON server in the access network that allows it to connect and register.
  • the access method, the device, the system, and the AAA server for the home base station prevent the home base station in the related art from attempting to connect the SON server in the list one by one until the access is performed. Finding the SON server in the access network that allows it to connect to the registration, causing the home base station to enter the network for a long delay, affecting the user experience, and improving the home base station. Network access efficiency, improving the technical effect of the user experience.
  • modules or steps of the present invention can be implemented by a general-purpose computing device, which can be concentrated on a single computing device or distributed over a network composed of multiple computing devices. Alternatively, they may be implemented by program code executable by the computing device, such that they may be stored in the storage device by the computing device, or they may be separately fabricated into individual integrated circuit modules, or they may be Multiple modules or steps are made into a single integrated circuit module.
  • the invention is not limited to any specific combination of hardware and software.
  • the above is only the preferred embodiment of the present invention, and is not intended to limit the present invention, and various modifications and changes can be made to the present invention. Any modifications, equivalent substitutions, improvements, etc. made within the scope of the present invention are intended to be included within the scope of the present invention.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Business, Economics & Management (AREA)
  • Accounting & Taxation (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

La présente invention se rapporte à un procédé, à un dispositif, à un système et à un serveur d'authentification, d'autorisation et de comptabilité (AAA) permettant un accès à une station de base de nœud domestique. Le procédé comprend les étapes suivantes : le côté réseau obtient des informations de localisation de la station de base de nœud domestique et transmet un identifiant d'un serveur de réseau auto-organisateur d'un réseau de communication mobile à la station de base de nœud domestique selon les informations de localisation ; la station de base de nœud domestique se connecte au serveur de réseau auto-organisateur selon l'identifiant pour obtenir des paramètres de configuration d'initialisation, termine l'initialisation selon les paramètres de configuration d'initialisation et a accès au réseau de communication mobile. La présente invention améliore l'efficacité d'accès de la station de base de nœud domestique et améliore l'expérience de l'utilisateur.
PCT/CN2010/074088 2009-08-05 2010-06-18 Procédé, dispositif, système et serveur d'authentification, d'autorisation et de comptabilité (aaa) permettant un accès à une station de base de nœud domestique WO2011015091A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN200910160393.1 2009-08-05
CN2009101603931A CN101990218A (zh) 2009-08-05 2009-08-05 用于家用基站的接入方法、装置、系统及aaa服务器

Publications (1)

Publication Number Publication Date
WO2011015091A1 true WO2011015091A1 (fr) 2011-02-10

Family

ID=43543911

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2010/074088 WO2011015091A1 (fr) 2009-08-05 2010-06-18 Procédé, dispositif, système et serveur d'authentification, d'autorisation et de comptabilité (aaa) permettant un accès à une station de base de nœud domestique

Country Status (2)

Country Link
CN (1) CN101990218A (fr)
WO (1) WO2011015091A1 (fr)

Families Citing this family (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104040997B (zh) * 2012-01-16 2017-11-07 诺基亚通信公司 供应商特定的基站自动配置框架
CN104023093B (zh) * 2014-05-09 2018-09-14 京信通信系统(中国)有限公司 家庭基站接入网关的方法、系统以及接入导引服务器
CN104168566B (zh) * 2014-08-19 2018-11-06 京信通信系统(中国)有限公司 一种接入网络的方法及装置
CN104320771A (zh) * 2014-10-15 2015-01-28 京信通信系统(中国)有限公司 一种家庭基站参数配置方法、设备及系统
CN109479046A (zh) * 2016-11-30 2019-03-15 华为技术有限公司 数据传输方法及设备

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1623311A (zh) * 2001-11-19 2005-06-01 艾利森电话股份有限公司 利用数据通信的节点的地理位置标识该节点的方法和设备
WO2007057732A1 (fr) * 2005-11-15 2007-05-24 Alcatel Lucent Reseau d'acces, passerelle et serveur de gestion pour un systeme de communication sans fil cellulaire
CN101321101A (zh) * 2007-06-05 2008-12-10 华为技术有限公司 接入网节点自配置的方法及其系统
CN101374073A (zh) * 2007-08-25 2009-02-25 华为技术有限公司 一种家用基站的管理方法和系统
CN101437223A (zh) * 2007-11-16 2009-05-20 华为技术有限公司 一种家庭基站接入的方法、系统和装置

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8855007B2 (en) * 2007-11-19 2014-10-07 Qualcomm Incorporated Configuring an identifier for an access point

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1623311A (zh) * 2001-11-19 2005-06-01 艾利森电话股份有限公司 利用数据通信的节点的地理位置标识该节点的方法和设备
WO2007057732A1 (fr) * 2005-11-15 2007-05-24 Alcatel Lucent Reseau d'acces, passerelle et serveur de gestion pour un systeme de communication sans fil cellulaire
CN101321101A (zh) * 2007-06-05 2008-12-10 华为技术有限公司 接入网节点自配置的方法及其系统
CN101374073A (zh) * 2007-08-25 2009-02-25 华为技术有限公司 一种家用基站的管理方法和系统
CN101437223A (zh) * 2007-11-16 2009-05-20 华为技术有限公司 一种家庭基站接入的方法、系统和装置

Also Published As

Publication number Publication date
CN101990218A (zh) 2011-03-23

Similar Documents

Publication Publication Date Title
US20220225263A1 (en) Interworking function using untrusted network
US20200153830A1 (en) Network authentication method, related device, and system
CN107852407B (zh) 用于集成小型小区和Wi-Fi网络的统一认证
US9648019B2 (en) Wi-Fi integration for non-SIM devices
US9219816B2 (en) System and method for automated whitelist management in an enterprise small cell network environment
JP3869392B2 (ja) 公衆無線lanサービスシステムにおけるユーザ認証方法および該方法をコンピュータで実行させるためのプログラムを記録した記録媒体
ES2432072T3 (es) Un punto de acceso, un servidor y un sistema para distribuir un número ilimitado de redes inalámbricas IEEE 802.11 virtuales a través de una infraestructura heterogénea
WO2009000206A1 (fr) Procédé et système de commande d'accès de nœud initial b
WO2019017837A1 (fr) Procédé de gestion de sécurité de réseau et appareil
US9125053B2 (en) Communication system, connection control apparatus, mobile terminal, base station control method, service request method, and program
US20120208504A1 (en) Femto access point initialization and authentication
CA2818507A1 (fr) Acces a distance automatique a des reseaux ieee 802.11
RU2009138223A (ru) Профиль пользователя, политика и распределение ключей pmip в сети беспроводной связи
WO2015196396A1 (fr) Procédé d'établissement d'une connexion de réseau, passerelle et terminal
CN102917356A (zh) 将用户设备接入演进的分组核心网络的方法、设备和系统
WO2016023262A1 (fr) Procédé de partage de ressources et système de partage de ressources
CN106797539A (zh) 建立和配置动态订阅
US10219309B2 (en) D2D service authorizing method and device and home near field communication server
WO2011015091A1 (fr) Procédé, dispositif, système et serveur d'authentification, d'autorisation et de comptabilité (aaa) permettant un accès à une station de base de nœud domestique
CN102026163A (zh) 通过无线保真技术接入网选择接入因特网的方法及装置
WO2010130118A1 (fr) Système et procédé permettant de réaliser une authentification des utilisateurs d'un noeud b domestique
CN116746214A (zh) 在电信网络与网关设备之间移动的ue的pdu会话连续性
WO2010139147A1 (fr) Procede et systeme d'acces abonne, procede et systeme de gestion d'abonne d'un groupe ferme d'abonnes
TWI592001B (zh) 用於對非蜂巢式裝置在wifi之上提供電話服務之系統與方法
AU2018366777A1 (en) Authentication method and apparatus

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 10805995

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 10805995

Country of ref document: EP

Kind code of ref document: A1