WO2012000285A1 - Evdo系统区域移动性限制的方法及系统 - Google Patents
Evdo系统区域移动性限制的方法及系统 Download PDFInfo
- Publication number
- WO2012000285A1 WO2012000285A1 PCT/CN2010/079312 CN2010079312W WO2012000285A1 WO 2012000285 A1 WO2012000285 A1 WO 2012000285A1 CN 2010079312 W CN2010079312 W CN 2010079312W WO 2012000285 A1 WO2012000285 A1 WO 2012000285A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- area
- access
- authentication
- attribute
- mobile authentication
- Prior art date
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/06—Authentication
- H04W12/062—Pre-authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W8/00—Network data management
- H04W8/18—Processing of user or subscriber data, e.g. subscribed services, user preferences or user profiles; Transfer of user or subscriber data
Definitions
- the present invention relates to the field of mobile communications, and in particular, to a method and system for area mobility limitation of an EVDO (Evolution-Data Only) system in Code Division Multiple Access (CDMA). Background technique
- the EVDO protocol specifies the method of user authentication.
- the network model of the EVDO protocol is shown in Figure 1:
- the AT When the user (AT, Access Terminal) accesses the access network (AN, Access Network), the AT sends the Um request information to the AN, and the AN sends the A12 request message to the access network authentication, authorization, and accounting server on the core network side. (AN-AAA, AN Authentication Authorization and Accounting Entity) for authentication. If the user is authenticated and the authentication is successful, the AN-AAA returns to the A12 to allow access to the message. If the authentication fails, the A12 rejects the access message.
- AN-AAA AN Authentication Authorization and Accounting Entity
- the main object of the present invention is to provide a method and system for regional mobility limitation of an EVDO system, which aims to solve the problem that the operator proposes to restrict the movement and use of EVDO users between different service areas.
- the present invention provides a method for regional mobility limitation of an EVDO system.
- the method includes: when a user needs to access or switch an AN, the AN sends an attribute carrying the area mobile authentication identifier attribute and the area mobile authentication to the AN-AAA.
- the AN-AAA performs regional mobile authentication based on the mobile authentication identity attribute and the attributes required for the area mobile authentication.
- the required attributes of the mobile mobility authentication area mobile authentication include: access cell list attribute.
- the AN when the user needs to access or switch the AN, the AN sends an Access-Request message carrying the area mobile authentication identity attribute and the area mobility authentication to the AN-AAA, including:
- the AN receives a request from the user to establish a connection or handover
- the AN returns an air interface response to the user
- the AN sends an Access-Request message carrying the area mobile authentication identity attribute and the area mobility authentication required attribute to the AN-AAA.
- the AN-AAA performs regional mobile authentication according to the mobile authentication identifier attribute and the required attribute of the regional mobile authentication, including:
- the AN-AAA receives an Access-Request message sent by the AN and carries the area mobile authentication identity attribute and the area mobility authentication required attribute;
- the Access-Request message When the Access-Request message carries the mobile authentication identifier attribute, the attribute required for the area mobile authentication in the Access-Request message is extracted; Query the user subscription service area and the service area configuration data;
- the AN-AAA When the area mobility authentication succeeds, the AN-AAA returns an Access-Accept message to the AN; when the area mobility authentication fails, the AN-AAA returns an Access-Reject message to the AN.
- the AN sends an Access-Request message carrying the area mobile authentication identifier attribute and the area mobile authentication required attribute to the AN-AAA, and the method further includes:
- the AN-AAA manages the subscription service area and manages the mapping relationship between the service area and the cell list and service type.
- the method further includes:
- the AN-AAA obtains the mapping relationship between the user and the subscription service area and saves it to the local.
- the method further includes:
- the AN feeds back to the user whether the connection or handover response information is allowed to be established based on the regional mobile authentication result.
- the present invention also provides a system for regional mobility limitation of an EVDO system, including an AN and an AN-AAA, where the AN includes: a request processing module, configured to send to the AN-AAA when the user needs to access or switch the AN An Access-Request message of the area mobile authentication identity attribute and the attribute required for the area mobility authentication;
- the AN-AAA includes: an authentication processing module, configured to identify attributes and regions according to mobile authentication
- the domain mobility authentication requires attributes for area mobility authentication.
- the request processing module includes:
- a first receiving unit configured to receive a request for establishing a connection or a handover sent by a user
- a first sending unit configured to return an air interface response to the user
- a first sending unit configured to send the area mobile authentication identifier attribute and the area mobile to the AN-AAA An Access-Request message that authenticates the required attributes.
- the authentication processing module includes:
- a second receiving unit configured to receive an Access-Request message sent by the AN and carrying an area mobile authentication identifier attribute and an area mobile authentication required attribute;
- a determining unit configured to determine whether the mobile authentication identifier attribute is carried in the Access-Request message
- An extracting unit configured to: when the Access-Request message carries the mobile authentication identifier attribute, extract an attribute required for regional mobile authentication in the Access-Request message;
- the query unit is configured to query the user subscription service area and the service area configuration data
- the authentication unit is configured to: according to the cell list attribute in the attribute required for the mobile mobility authentication carried in the Access-Request message, and according to the mapping relationship between the locally saved user and the subscription service area that is queried by the user identifier in the Access-Request message, and The service area is mapped to the cell list and the service type option to perform regional mobile authentication;
- the second sending unit is configured to return an Access-Accept message to the AN when the area mobile authentication succeeds, and return an Access-Reject message to the AN when the area mobile authentication fails.
- the AN-AAA further includes a management module, configured to manage a subscription service area for the user, and manage the mapping relationship between the service area and the cell list and the service type.
- a management module configured to manage a subscription service area for the user, and manage the mapping relationship between the service area and the cell list and the service type.
- the AN-AAA further includes an obtaining module, configured to acquire a mapping relationship between the user and the subscription service area and save the information to the local.
- the first sending unit is further configured to reverse the user according to the regional mobile authentication result. Whether the feed allows the connection information to be established or switched.
- the AN when the user needs to access or switch the AN, the AN sends an Access-Request carrying the attribute of the regional mobile authentication identifier and the area mobile authentication to the AN-AAA through the AN.
- the message is performed by the AN-AAA according to the mobile authentication identifier attribute and the required attribute of the regional mobile authentication, and the regional mobile authentication result is fed back to the AN, and the AN determines whether the user can use the network according to the regional mobile authentication result. Whether it can be moved in different areas, it is convenient for the operator to reasonably plan the service area and realize the mobility restriction function for the service area.
- FIG. 1 is a schematic diagram of a network model of an EVDO protocol in the prior art
- FIG. 2 is a schematic flow chart of an embodiment of a method for restricting regional mobility of an EVDO system according to the present invention
- FIG. 3 is a schematic flowchart of a step 101 of the method for restricting mobility of an EVDO system in the foregoing FIG.
- step 102 is a schematic diagram of a specific process of step 102 in the method for restricting mobility of an EVDO system region shown in FIG. 2;
- FIG. 5 is a schematic flow chart of another embodiment of a method for regional mobility limitation of an EVDO system according to the present invention.
- FIG. 6 is a schematic structural diagram of an embodiment of a system for restricting mobility of an EVDO system according to the present invention
- FIG. 7 is a schematic diagram showing a specific structure of a request processing module in a system for restricting mobility of an EVDO system region shown in FIG. 6;
- FIG. 8 is a schematic diagram showing the specific structure of an authentication processing module in the system for restricting the mobility of the EVDO system shown in FIG. 6;
- FIG. 9 is a schematic structural view of another embodiment of a system for restricting regional mobility of an EVDO system according to the present invention. detailed description
- FIG. 2 is a flow chart showing an embodiment of a method for restricting regional mobility of an EVDO system according to the present invention. As shown in FIG. 2, a method for regional mobility limitation of an EVDO system provided by this embodiment includes the following steps:
- Step 101 When the user needs to access or switch the AN, the AN sends an Access-Request message carrying the area mobile authentication identity attribute and the area mobility authentication required attribute to the AN-AAA.
- the AN When the EVDO user needs to access or switch the AN, the AN sends an Access-Request message to the AN-AAA, requesting regional mobile authentication, and the message must carry the regional mobile authentication identifier attribute to indicate that this is the regional mobile authentication request. It must also carry the attributes required for regional mobile authentication, such as the cell list attribute at the time of access.
- the required attributes for the area mobile authentication include: an access cell list attribute.
- the AN-AAA manages the subscription service area for the user, and manages the mapping relationship between the service area and the cell list and service type.
- the AN sends an Access-Request message to the AN-AAA.
- the AAA receives the Access-Request message sent by the AN, if the Access-Request message carries the area mobile authentication identity attribute, the area mobile authentication is performed. If the area mobility authentication is passed, an Access-Accept message is returned to the AN, otherwise the authentication fails, and an Access-Reject message is returned to the AN. move.
- the Access-Accept message returned by the AN-AAA is received, the user is allowed to use the network; otherwise, the Access-Reject message is received, and the user is denied to use the network.
- step 101 in this embodiment specifically includes:
- Step 1011 The AN receives a request from the user to establish a connection or handover.
- step 1012 the AN returns an air interface response to the user.
- Step 1013 The AN sends an Access-Request message carrying the area mobile authentication identity attribute and the area mobility authentication required attribute to the AN-AAA.
- step 102 of this embodiment specifically includes:
- Step 1020 The AN-AAA receives an Access-Request message sent by the AN and carries an area mobile authentication identity attribute and an area mobility authentication required attribute.
- Step 1021 Determine whether the mobile authentication identifier attribute is carried in the Access-Request message; if yes, go to step 1022; otherwise, go to step 1027.
- Step 1022 Extract the attributes required for the area mobile authentication in the Access-Request message.
- Step 1023 Query the user subscription service area and the service area configuration data.
- Step 1024 According to the cell list attribute in the area required for the mobile mobility authentication carried in the Access-Request message, and according to the mapping relationship between the locally saved user and the subscription service area in the Access-Request message, and the service area and the service area and The cell list and the service type option mapping relationship perform regional mobile authentication.
- the access-request message further carries the user identifier.
- the mapping relationship between the user and the subscription server stored locally is queried according to the user identifier in the Access-Request message, that is, the user subscription relationship, and the user is obtained.
- Authorized access cell list if the access cell list attribute carried in the Access-Request message meets the preset rule in the access cell list authorized by the user, the authentication succeeds, otherwise, the authentication is unsuccessful .
- the mapping relationship between the user and the subscription service area, and the mapping between the service area and the cell list and the service type option may be configured in advance on the AN-AAA or partially configured, and partially saved from the external network element to the local.
- Step 1025 When the regional mobile authentication succeeds, the AN-AAA returns an Access-Accept to the AN. Message; otherwise, proceed to step 1026.
- step 1026 the AN-AAA returns an Access-Reject message to the AN.
- Step 1027 If the user is authenticated, go to the normal authentication process.
- Figure 5 is a flow chart showing another embodiment of a method for regional mobility limitation of an EVDO system of the present invention.
- the embodiment further includes: before step 101:
- Step 100 The AN-AAA manages the subscription service area and the management service area to the cell list and the service type mapping relationship.
- the method before step 100, the method further includes:
- Step 90 The AN-AAA obtains the mapping relationship between the user and the subscription service area and saves it to the local.
- the mapping relationship between the user and the subscription service area can be saved and managed by the AN-AAA, or can be provided by other network elements.
- the AN-AAA can When the mapping relationship between the user and the subscription service area is provided by other network elements, the AN-AAA can When the user identity is authenticated, the mapping relationship between the user and the subscription service area is obtained from the network element and saved to the local.
- step 102 the method further includes:
- Step 1028 The AN feeds back to the user whether the connection or handover response information is allowed to be established according to the regional mobile authentication result.
- FIG. 6 is a block diagram showing an embodiment of a system for restricting regional mobility of an EVDO system according to the present invention.
- the present invention proposes a system for regional mobility limitation of an EVDO system, including AN 60 and AN-AAA 61, wherein:
- the AN 60 includes a request processing module 601 for transmitting an Access-Request message carrying the attributes required for the area mobile authentication identity attribute and the area mobility authentication to the AN-AAA 61 when the user needs to access or switch the AN 60.
- AN-AAA 61 includes: The authentication processing module 611 is configured to perform regional mobile authentication according to the mobile authentication identifier attribute and the required attribute of the regional mobile authentication.
- the request processing module 601 specifically includes:
- the first receiving unit 6011 is configured to receive a request sent by a user to establish a connection or handover.
- the first sending unit 6012 is configured to return an air interface response to the user, and is configured to send, to the AN-AAA 61, an attribute required to carry the area mobile authentication identifier attribute and the area mobile authentication.
- the authentication processing module 611 specifically includes:
- the second receiving unit 6111 is configured to receive an Access-Request message sent by the AN 60 that carries an area mobile authentication identifier attribute and an area mobility authentication required attribute.
- the determining unit 6112 is configured to determine whether the mobile authentication identifier attribute is carried in the Access-Request message.
- the extracting unit 6113 is configured to: when the Access-Request message carries the mobile authentication identifier attribute, extract an attribute required for the area mobile authentication in the Access-Request message.
- the query unit 6114 is configured to query the user subscription service area and the service area configuration data.
- the authentication unit 6115 is configured to: according to the cell list attribute in the attribute required for the mobile mobility authentication carried in the Access-Request message, and according to the mapping relationship between the locally saved user and the subscription service area that is queried by the user identifier in the Access-Request message, And the service area is mapped to the cell list and the service type option to perform regional mobile authentication.
- the second sending unit 6116 is configured to return an Access-Accept message to the AN 60 when the area mobility authentication succeeds; otherwise, return an Access-Reject message to the AN 60.
- the user when the EVDO user needs to access or switch the AN 60, the user sends a request to the AN 60 to establish a connection or switch between the ANs 60, and the first receiving unit 6011 in the request processing module 601 of the AN 60 receives the user.
- the first sending unit 6012 returns an air interface response to the user, and at the same time, the request processing module 601 of the AN 60
- a sending unit 6011 sends an Access-Request message to the AN-AAA 61, requesting area mobile authentication, and the Access-Reques message carries the area mobile authentication identifier attribute to indicate that this is a regional mobile authentication request, and also carries the connection.
- the attributes required for regional mobile authentication such as the cell list attribute of the incoming time.
- the required attributes for the area mobile authentication include: an access cell list attribute.
- the second receiving unit 6111 in the authentication processing module 611 of the AN-AAA 61 receives the Access-Request message sent by the first sending unit 6011 and carries the area mobile authentication identifier attribute and the area mobile authentication required attribute, and then The determining unit 6112 determines whether the Access-Request message carries the mobile authentication identifier attribute. When the acknowledgment that the Access-Request message carries the mobile authentication identifier attribute, the extracting unit 6113 extracts the area in the Access-Request message.
- the authentication authentication unit 6114 queries the user subscription service area and the service area configuration data, and then the authentication unit 6115 moves the cell list attribute in the attribute required for the authentication according to the area carried by the Access-Request message, and According to the mapping relationship between the locally saved user and the subscription service area in the Access-Request message, and the mapping relationship between the service area and the cell list and the service type option, when performing regional mobile authentication, according to Access-
- the user ID in the Request message queries the locally saved
- the mapping relationship between the user and the subscription server is the user subscription relationship, and the access cell list authorized by the user is obtained. If the access cell list attribute carried in the Access-Request message meets the above-mentioned query, the user in the access cell list is authorized. If the rule is set, the authentication is successful. Otherwise, the authentication is unsuccessful.
- the second transmitting unit 6116 returns an Access-Accept message to the AN 60; otherwise, the second transmitting unit 6116 returns an Access-Reject message to the AN 60.
- the AN60 determines whether the user can use the network or move in different areas according to the regional mobile authentication result.
- the Access-Accept message returned by the AN-AAA 61 is received, the user is allowed to use the network; otherwise, the Access-Reject message is received, and the user is denied to use the network.
- the AN-AAA 61 can be used for the user to manage the subscription service area and the mapping relationship between the management service area and the cell list and the service type.
- the mapping relationship between the user and the subscription service area can also be provided in other network elements, and the AN-AAA 61 can be When the user identity is authenticated, the mapping relationship between the user and the subscription service area is obtained from the network element and saved to the local.
- Figure 9 is a block diagram showing another embodiment of a system for restricting regional mobility of an EVDO system of the present invention.
- this embodiment is based on the above embodiment, and the AN-AAA further includes a management module 612.
- the management module 612 is configured to manage the subscription service area for the user and manage the mapping relationship between the service area and the cell list and the service type.
- the AN-AAA 61 further includes an obtaining module 613, and an obtaining module 613, configured to acquire a mapping relationship between the user and the subscription service area and save the information to the local.
- the first sending unit 6012 is further configured to feed back to the user whether the connection or handover response information is allowed to be established according to the regional mobile authentication result.
- the AN 60 when the user needs to access or switch the AN 60, the AN 60 sends an Access-Request message carrying the area mobile authentication identifier attribute and the area mobile authentication required attribute to the AN-AAA 61 by the AN 60. 61.
- the regional mobile authentication is performed, and the regional mobile authentication result is fed back to the AN 60, and the AN domain moves, so that the operator can reasonably plan the service area and realize the service.
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
本发明涉及一种EVDO系统区域移动性限制的方法及系统,其方法包括:当用户需要接入或切换AN时,AN向AN-AAA发送携带有区域移动鉴权标识属性和区域移动鉴权所需属性的Access-Request消息;AN-AAA根据移动鉴权标识属性和区域移动鉴权所需属性进行区域移动鉴权。本发明通过区域移动鉴权的方式,决定用户是否可以使用网络或是否可以在不同区域内移动,方便运营商合理规划服务区,实现对业务区域进行移动性限制的功能。
Description
EVDO系统区域移动性限制的方法及系统 技术领域
本发明涉及移动通讯领域, 尤其涉及一种码分多址 (CDMA, Code Division Multiple Access ) 中数据传输演进( EVDO, Evolution-Data Only ) 系统区域移动性限制的方法及系统。 背景技术
在移动通讯技术领域中, 移动用户常常需要在不同区域间移动及使用 业务, 而在 CDMA中 EVDO系统的商用过程中,运营商对用户在不同区域 间移动和使用业务提出了限制要求。 比如, 运营商将运营区域划分为多个 服务区, 每个服务区提供不同的区域范围和业务, 用户入网时需要签约具 体服务区。 因此, 签约用户只能在签约服务区内使用签约业务, 不能在签 约服务区使用非签约业务, 也不能在非签约服务区使用任何业务等。
目前, EVDO协议规定了用户鉴权的方法, EVDO协议的网络模型如 图 1所示:
用户 (AT, Access Terminal )接入到接入网 (AN, Access Network ) 时, AT向 AN发送 Um请求信息, AN发送 A12 请求消息到核心网侧的接 入网鉴权、 授权与计帐服务器 (AN- AAA, AN Authentication Authorization and Accounting Entity )进行鉴权。 如果用户合法, 鉴权成功, AN-AAA返 回 A12允许接入消息 , 如果鉴权失败, 则返回 A12拒绝接入消息。
以上协议规定的流程只是对 EVDO用户身份进行认证鉴权, 而没有提 供对于 EVDO用户业务区域等的鉴权, 即对用户区域移动性限制没有提出 解决方案。
发明内容
本发明的主要目的在于提供一种 EVDO系统区域移动性限制的方法及 系统, 旨在解决运营商提出的对 EVDO用户在不同服务区域间移动和使用 业务进行限制的问题。
本发明提出一种 EVDO系统区域移动性限制的方法, 该方法包括: 当用户需要接入或切换 AN时, AN向 AN-AAA发送携带有区域移动 鉴权标识属性和区域移动鉴权所需属性的接入请求( Access-Request )消息;
AN-AAA根据移动鉴权标识属性和区域移动鉴权所需属性进行区域移 动鉴权。
优选地, 区域移动鉴权区域移动鉴权所需属性包括: 接入小区列表属 性。
优选地, 所述当用户需要接入或切换 AN时, AN向 AN-AAA发送携 带有区域移动鉴权标识属性和区域移动鉴权所需属性的 Access-Request 消 息包括:
AN接收用户发出的建立连接或切换的请求;
AN 向用户返回空口回应;
AN向 AN-AAA发送携带有区域移动鉴权标识属性和区域移动鉴权所 需属性的 Access-Request消息。
优选地, 所述 AN-AAA根据移动鉴权标识属性和区域移动鉴权所需属 性进行区域移动鉴权包括:
AN-AAA接收 AN发送的携带有区域移动鉴权标识属性和区域移动鉴 权所需属性的 Access-Request消息;
判断 Access-Request消息中是否携带有移动鉴权标识属性;
当 Access-Request 消息中携带有移动鉴权标识属性时, 提取 Access-Request消息中区域移动鉴权所需属性;
查询用户签约服务区以及服务区配置数据;
根据 Access-Request 消息携带的区域移动鉴权所需属性中的小区列表 属性,并根据 Access-Request消息中用户标识查询的本地保存的用户与签约 服务区的映射关系, 以及服务区与小区列表、 业务类型选项映射关系进行 区域移动鉴权;
当区域移动鉴权成功时 , AN- AAA向 AN返回接入接受( Access- Accept ) 消息; 当区域移动鉴权失败时, AN-AAA 向 AN 返回接入拒绝 ( Access-Reject ) 消息。
优选地, 所述当用户需要接入或切换 AN时, AN向 AN-AAA发送携 带有区域移动鉴权标识属性和区域移动鉴权所需属性的 Access-Request 消 息之前, 该方法还包括:
AN-AAA为用户管理签约服务区以及管理服务区与小区列表、 业务类 型映射关系。
优选地, 所述 AN-AAA为用户管理签约服务区以及管理服务区与小区 列表、 业务类型映射关系之前, 该方法还包括:
AN-AAA获取用户与签约服务区的映射关系并保存到本地。
优选地, 所述 AN-AAA根据移动鉴权标识属性和区域移动鉴权所需属 性进行区域移动鉴权之后, 该方法还包括:
AN根据区域移动鉴权结果向用户反馈是否允许建立连接或切换的应 答信息。
本发明还提出一种 EVDO系统区域移动性限制的系统, 包括 AN以及 AN-AAA, 所述 AN包括: 请求处理模块, 用于当用户需要接入或切换 AN 时, 向 AN-AAA发送携带有区域移动鉴权标识属性和区域移动鉴权所需属 性的 Access-Request消息;
所述 AN-AAA包括: 鉴权处理模块, 用于根据移动鉴权标识属性和区
域移动鉴权所需属性进行区域移动鉴权。
优选地, 所述请求处理模块包括:
第一接收单元, 用于接收用户发出的建立连接或切换的请求; 第一发送单元, 用于向用户返回空口回应; 以及用于向 AN-AAA发送 携带有区域移动鉴权标识属性和区域移动鉴权所需属性的 Access-Request 消息。
优选地, 所述鉴权处理模块包括:
第二接收单元, 用于接收 AN发送的携带有区域移动鉴权标识属性和 区域移动鉴权所需属性的 Access-Request消息;
判断单元,用于判断 Access-Request消息中是否携带有移动鉴权标识属 性;
提取单元, 用于当 Access-Request消息中携带有移动鉴权标识属性时, 提取 Access-Request消息中区域移动鉴权所需属性;
查询单元, 用于查询用户签约服务区以及服务区配置数据;
鉴权单元,用于根据 Access-Request消息携带的区域移动鉴权所需属性 中的小区列表属性,并根据 Access-Request消息中用户标识查询的本地保存 的用户与签约服务区的映射关系, 以及服务区与小区列表、 业务类型选项 映射关系进行区域移动鉴权;
第二发送单元,用于当区域移动鉴权成功时,向 AN返回 Access-Accept 消息; 当区域移动鉴权失败时, 向 AN返回 Access-Reject消息。
优选地, 所述 AN-AAA还包括管理模块, 用于为用户管理签约服务区 以及管理服务区与小区列表、 业务类型映射关系。
优选地, 所述 AN-AAA还包括获取模块, 用于获取用户与签约服务区 的映射关系并保存到本地。
优选地, 所述第一发送单元, 还用于根据区域移动鉴权结果向用户反
馈是否允许建立连接或切换的应答信息。
本发明 EVDO系统区域移动性限制的方法及系统, 当用户需要接入或 切换 AN时 , 通过 AN向 AN- AAA发送携带有区域移动鉴权标识属性和区 域移动鉴权所需属性的 Access-Request消息, 由 AN-AAA根据移动鉴权标 识属性和区域移动鉴权所需属性进行区域移动鉴权, 并将区域移动鉴权结 果反馈给 AN, AN根据区域移动鉴权结果决定用户是否可以使用网络或是 否可以在不同区域内移动, 方便运营商合理规划服务区, 实现对业务区域 进行移动性限制的功能。 附图说明
图 1是现有技术中 EVDO协议的网络模型示意图;
图 2是本发明 EVDO系统区域移动性限制的方法一实施例流程示意图; 图 3是上述图 2所示 EVDO系统区域移动性限制的方法中步骤 101的 具体流程示意图;
图 4是上述图 2所示 EVDO系统区域移动性限制的方法中步骤 102的 具体流程示意图;
图 5是本发明 EVDO系统区域移动性限制的方法另一实施例流程示意 图;
图 6是本发明 EVDO系统区域移动性限制的系统一实施例结构示意图; 图 7是上述图 6所示 EVDO系统区域移动性限制的系统中请求处理模 块具体结构示意图;
图 8是上述图 6所示 EVDO系统区域移动性限制的系统中鉴权处理模 块具体结构示意图;
图 9是本发明 EVDO系统区域移动性限制的系统另一实施例结构示意 图。
具体实施方式
为了使本发明的技术方案更加清楚、 明了, 下面将结合附图作进一步 详述:
图 2是本发明 EVDO系统区域移动性限制的方法一实施例流程示意图。 如图 2所示,本实施例提供的一种 EVDO系统区域移动性限制的方法, 包括以下步骤:
步骤 101 , 当用户需要接入或切换 AN时, AN向 AN- AAA发送携带有 区域移动鉴权标识属性和区域移动鉴权所需属性的接入请求 ( Access-Request ) 消息。
当 EVDO用户需要接入或切换 AN时, AN发送 Access-Request消息给 AN- AAA, 请求进行区域移动鉴权, 消息中必须携带区域移动鉴权标识属 性表明此次为区域移动鉴权请求, 同时还必须携带接入时的小区列表属性 等区域移动鉴权所需属性。
本实施例中, 所述区域移动鉴权所需属性包括: 接入小区列表属性。 步骤 102, AN-AAA根据移动鉴权标识属性和区域移动鉴权所需属性 进行区域移动鉴权。
AN-AAA为用户管理签约服务区, 同时管理服务区与小区列表、 业务 类型等映射关系; 当用户需要接入 AN或在 AN间切换时, AN向 AN-AAA 发送 Access-Request消息, 当 AN-AAA收到 AN发来的 Access-Request消 息时,如果 Access-Request消息中携带有区域移动鉴权标识属性,则进行区 域移动鉴权。 如果区域移动鉴权通过, 则返回接入接受 (Access-Accept ) 消息给 AN, 否则鉴权失败, 则返回接入拒绝( Access-Reject )消息给 AN 。 动。 当收到 AN-AAA返回的 Access-Accept消息, 则允许用户使用网络; 否则, 即收到 Access-Reject消息, 拒绝用户使用网络。
如图 3所示, 本实施例步骤 101具体包括:
步骤 1011 , AN接收用户发出的建立连接或切换的请求。
步骤 1012, AN 向用户返回空口回应。
步骤 1013 , AN向 AN-AAA发送携带有区域移动鉴权标识属性和区域 移动鉴权所需属性的 Access-Request消息。
如图 4所示, 本实施例步骤 102具体包括:
步骤 1020, AN-AAA接收 AN发送的携带有区域移动鉴权标识属性和 区域移动鉴权所需属性的 Access-Request消息。
步骤 1021 ,判断 Access-Request消息中是否携带有移动鉴权标识属性; 如果是, 则进入步骤 1022; 否则, 进入步骤 1027。
步骤 1022, 提取 Access-Request消息中区域移动鉴权所需属性。
步骤 1023 , 查询用户签约服务区以及服务区配置数据。
步骤 1024, 根据 Access-Request消息携带的区域移动鉴权所需属性中 的小区列表属性,并根据 Access-Request消息中用户标识查询的本地保存的 用户与签约服务区的映射关系, 以及服务区与小区列表、 业务类型选项映 射关系进行区域移动鉴权。
本实施例中, Access-Request消息中还携带有用户标识, 在进行区域移 动鉴权时,根据 Access-Request消息中用户标识查询本地保存的该用户与签 约服务器的映射关系即用户签约关系, 得到用户授权的接入小区列表, 如 果 Access-Request 消息中携带的接入小区列表属性符合上述经查询得到的 用户授权的接入小区列表中的预设规则, 则鉴权成功, 否则, 鉴权不成功。
其中, 用户与签约服务区的映射关系, 以及服务区与小区列表、 业务 类型选项映射关系可以是预先在 AN-AAA上配置或者部分配置, 部分从外 网元获取保存到本地的。 步骤 1025 ,当区域移动鉴权成功时, AN-AAA向 AN返回 Access-Accept
消息; 否则, 进入步骤 1026。
步骤 1026, AN-AAA向 AN返回 Access-Reject消息。
步骤 1027, 如果是用户身份鉴权, 则走正常鉴权流程。
图 5是本发明 EVDO系统区域移动性限制的方法另一实施例流程示意 图。
如图 5所示, 本实施例在上述实施例的基础上, 在步骤 101之前还包 括:
步骤 100, AN-AAA为用户管理签约服务区以及管理服务区与小区列 表、 业务类型映射关系。
本实施例中, 步骤 100之前还包括:
步骤 90 , AN-AAA获取用户与签约服务区的映射关系并保存到本地。 在实际部署时, 用户与签约服务区的映射关系可以由 AN-AAA保存并 管理, 也可以由其它网元提供, 当由其它网元提供用户与签约服务区的映 射关系时, AN-AAA可以在用户身份合法性鉴权时从该网元获取到用户与 签约服务区的映射关系并保存到本地。
在步骤 102之后还包括:
步骤 1028, AN根据区域移动鉴权结果向用户反馈是否允许建立连接 或切换的应答信息。
图 6是本发明 EVDO系统区域移动性限制的系统一实施例结构示意图。 如图 6所示, 本发明提出一种 EVDO系统区域移动性限制的系统, 包 括 AN 60以及 AN-AAA 61 , 其中:
AN 60包括请求处理模块 601 , 用于当用户需要接入或切换 AN 60时, 向 AN-AAA 61发送携带有区域移动鉴权标识属性和区域移动鉴权所需属性 的 Access-Request消息。
AN-AAA 61包括:
鉴权处理模块 611 ,用于根据移动鉴权标识属性和区域移动鉴权所需属 性进行区域移动鉴权。
如图 7所示, 请求处理模块 601具体包括:
第一接收单元 6011 , 用于接收用户发出的建立连接或切换的请求。 第一发送单元 6012,用于向用户返回空口回应;以及用于向 AN-AAA 61 发送携带有区域移动鉴权标识属性和区域移动鉴权所需属性的
Access-Request消息。
如图 8所示, 鉴权处理模块 611具体包括:
第二接收单元 6111 , 用于接收 AN 60发送的携带有区域移动鉴权标识 属性和区域移动鉴权所需属性的 Access-Request消息。
判断单元 6112, 用于判断 Access-Request消息中是否携带有移动鉴权 标识属性。
提取单元 6113 , 用于当 Access-Request消息中携带有移动鉴权标识属 性时, 提取 Access-Request消息中区域移动鉴权所需属性。
查询单元 6114, 用于查询用户签约服务区以及服务区配置数据。
鉴权单元 6115 , 用于根据 Access-Request消息携带的区域移动鉴权所 需属性中的小区列表属性,并根据 Access-Request消息中用户标识查询的本 地保存的用户与签约服务区的映射关系, 以及服务区与小区列表、 业务类 型选项映射关系进行区域移动鉴权。
第二发送单元 6116 , 用于当区域移动鉴权成功时, 向 AN 60 返回 Access-Accept消息; 否则, 向 AN 60返回 Access-Reject消息。
本实施例中, 当 EVDO用户需要接入或切换 AN 60时, 用户向 AN 60 发送建立连接或在 AN 60间进行切换的请求,由 AN 60的请求处理模块 601 中第一接收单元 6011接收用户发出的建立连接或切换的请求, 第一发送单 元 6012向用户返回空口回应, 同时, 由 AN 60的请求处理模块 601中的第
一发送单元 6011发送 Access-Request消息给 AN-AAA 61 ,请求进行区域移 动鉴权, Access-Reques消息中携带有区域移动鉴权标识属性表明此次为区 域移动鉴权请求, 同时还携带有接入时的小区列表属性等区域移动鉴权所 需属性。
本实施例中, 所述区域移动鉴权所需属性包括: 接入小区列表属性。
AN-AAA 61的鉴权处理模块 611中的第二接收单元 6111接收第一发送 单元 6011发送的携带有区域移动鉴权标识属性和区域移动鉴权所需属性的 Access-Request 消息, 之后, 鉴权处理模块 611 中判断单元 6112 判断 Access-Request 消息中是否携带有移动鉴权标识属性, 当确认 Access-Request消息中携带有移动鉴权标识属性时, 由提取单元 6113提取 Access-Request消息中区域移动鉴权所需属性, 同时, 查询单元 6114查询 用户签约服务区以及服务区配置数据, 再由鉴权单元 6115 根据 Access-Request消息携带的区域移动鉴权所需属性中的小区列表属性,并根 据 Access-Request 消息中用户标识查询的本地保存的用户与签约服务区的 映射关系, 以及服务区与小区列表、 业务类型选项映射关系进行区域移动 鉴权,在进行区域移动鉴权时,根据 Access-Request消息中用户标识查询本 地保存的该用户与签约服务器的映射关系即用户签约关系, 得到用户授权 的接入小区列表,如果 Access-Request消息中携带的接入小区列表属性符合 上述经查询得到的用户授权的接入小区列表中的预设规则, 则鉴权成功, 否则,鉴权不成功。当区域移动鉴权成功时,由第二发送单元 6116向 AN 60 返回 Access-Accept 消息; 否则, 由第二发送单元 6116 向 AN 60 返回 Access-Reject消息。
AN60根据区域移动鉴权结果决定用户是否可以使用网络或在不同区 域内移动。 当收到 AN-AAA61返回的 Access- Accept消息, 则允许用户使 用网络; 否则, 即收到 Access-Reject消息, 拒绝用户使用网络。
本实施例中, AN-AAA61 可以为用户管理签约服务区以及管理服务区 与小区列表、 业务类型等映射关系, 用户与签约服务区的映射关系也可以 在其它网元提供, AN-AAA61 可以在用户身份合法性鉴权时从该网元获取 到用户与签约服务区的映射关系并保存到本地。
图 9是本发明 EVDO系统区域移动性限制的系统另一实施例结构示意 图。
如图 9所示, 本实施例在上述实施例的基础上, AN-AAA还包括管理 模块 612。
管理模块 612, 用于为用户管理签约服务区以及管理服务区与小区列 表、 业务类型映射关系。
更进一步的, 该 AN- AAA 61还包括获取模块 613 , 获取模块 613 , 用 于获取用户与签约服务区的映射关系并保存到本地。
在本实施例中, 第一发送单元 6012, 还用于根据区域移动鉴权结果向 用户反馈是否允许建立连接或切换的应答信息。
本发明实施例当用户需要接入或切换 AN 60 时, 通过 AN 60 向 AN-AAA 61发送携带有区域移动鉴权标识属性和区域移动鉴权所需属性的 Access-Request消息, 由 AN-AAA 61才艮据移动鉴权标识属性和区域移动鉴 权所需属性进行区域移动鉴权, 并将区域移动鉴权结果反馈给 AN 60, AN 域内移动, 方便运营商合理规划服务区, 实现对业务区域进行移动性限制 的功能。
以上所述仅为本发明的优选实施例, 并非因此限制本发明的专利范围, 凡是利用本发明说明书及附图内容所作的等效结构或流程变换, 或直接或 间接运用在其他相关的技术领域, 均同理包括在本发明的专利保护范围内。
Claims
1、一种 EVD0系统区域移动性限制的方法,其特征在于,该方法包括: 当用户需要接入或切换接入网 (AN ) 时, AN 向接入网鉴权、 授权与 计帐服务器 (AN-AAA )发送携带有区域移动鉴权标识属性和区域移动鉴 权所需属性的请求接入请求(Access-Request ) 消息;
AN-AAA根据移动鉴权标识属性和区域移动鉴权所需属性进行区域移 动鉴权。
2、根据权利要求 1所述的 EVDO系统区域移动性限制的方法, 其特征 在于, 区域移动鉴权区域移动鉴权所需属性包括: 接入小区列表属性。
3、根据权利要求 2所述的 EVDO系统区域移动性限制的方法, 其特征 在于, 所述当用户需要接入或切换 AN时, AN向 AN-AAA发送携带有区 域移动鉴权标识属性和区域移动鉴权所需属性的 Access-Request消息包括:
AN接收用户发出的建立连接或切换的请求;
AN 向用户返回空口回应;
AN向 AN-AAA发送携带有区域移动鉴权标识属性和区域移动鉴权所 需属性的 Access-Request消息。
4、根据权利要求 2所述的 EVDO系统区域移动性限制的方法, 其特征 在于, 所述 AN-AAA根据移动鉴权标识属性和区域移动鉴权所需属性进行 区域移动鉴权包括:
AN-AAA接收 AN发送的携带有区域移动鉴权标识属性和区域移动鉴 权所需属性的 Access-Request消息;
判断 Access-Request消息中是否携带有移动鉴权标识属性;
当 Access-Request 消息中携带有移动鉴权标识属性时, 提取 Access-Request消息中区域移动鉴权所需属性;
查询用户签约服务区以及服务区配置数据; 根据 Access-Request 消息携带的区域移动鉴权所需属性中的小区列表 属性,并根据 Access-Request消息中用户标识查询的本地保存的用户与签约 服务区的映射关系, 以及服务区与小区列表、 业务类型选项映射关系进行 区域移动鉴权;
当区域移动鉴权成功时, AN-AAA 向 AN 返回允许接入接入接受 ( Access-Accept ) 消息; 当区域移动鉴权失败时, AN-AAA向 AN返回接 入拒绝 ( Access-Reject ) 消息。
5、根据权利要求 1至 4中任一项所述的 EVDO系统区域移动性限制的 方法, 其特征在于, 所述当用户需要接入或切换 AN时, AN向 AN-AAA 发送携带有区域移动鉴权标识属性和区域移动鉴权所需属性的 Access-Request消息之前 , 该方法还包括:
AN-AAA为用户管理签约服务区以及管理服务区与小区列表、 业务类 型映射关系。
6、根据权利要求 5所述的 EVDO系统区域移动性限制的方法, 其特征 在于, 所述 AN-AAA为用户管理签约服务区以及管理服务区与小区列表、 业务类型映射关系之前, 该方法还包括:
AN-AAA获取用户与签约服务区的映射关系并保存到本地。
7、根据权利要求 1至 4中任一项所述的 EVDO系统区域移动性限制的 方法, 其特征在于, 所述 AN-AAA根据移动鉴权标识属性和区域移动鉴权 所需属性进行区域移动鉴权之后, 该方法还包括:
AN根据区域移动鉴权结果向用户反馈是否允许建立连接或切换的应 答信息。
8、 一种 EVDO系统区域移动性限制的系统, 包括 AN以及 AN-AAA , 其特征在于,
所述 AN包括: 请求处理模块, 用于当用户需要接入或切换 AN时, 向 AN-AAA 发送携带有区域移动鉴权标识属性和区域移动鉴权所需属性的
Access-Request消息;
所述 AN-AAA包括: 鉴权处理模块, 用于根据移动鉴权标识属性和区 域移动鉴权所需属性进行区域移动鉴权。
9、根据权利要求 8所述的 EVDO系统区域移动性限制的系统, 其特征 在于, 所述请求处理模块包括:
第一接收单元, 用于接收用户发出的建立连接或切换的请求; 第一发送单元, 用于向用户返回空口回应; 以及用于向 AN-AAA发送 携带有区域移动鉴权标识属性和区域移动鉴权所需属性的 Access-Request 消息。
10、 根据权利要求 8所述的 EVDO系统区域移动性限制的系统, 其特 征在于, 所述鉴权处理模块包括:
第二接收单元, 用于接收 AN发送的携带有区域移动鉴权标识属性和 区域移动鉴权所需属性的 Access-Request消息;
判断单元 ,用于判断 Access-Request消息中是否携带有移动鉴权标识属 性;
提取单元, 用于当 Access-Request消息中携带有移动鉴权标识属性时, 提取 Access-Request消息中区域移动鉴权所需属性;
查询单元, 用于查询用户签约服务区以及服务区配置数据;
鉴权单元,用于根据 Access-Request消息携带的区域移动鉴权所需属性 中的小区列表属性,并根据 Access-Request消息中用户标识查询的本地保存 的用户与签约服务区的映射关系, 以及服务区与小区列表、 业务类型选项 映射关系进行区域移动鉴权;
第二发送单元,用于当区域移动鉴权成功时,向 AN返回 Access-Accept 消息; 当区 i或移动鉴权失败时, 向 AN返回 Access-Rej ect消息。
11、 根据权利要求 8、 9或 10所述的 EVDO系统区域移动性限制的系 统, 其特征在于, 所述 AN-AAA还包括管理模块, 用于为用户管理签约服 务区以及管理服务区与小区列表、 业务类型映射关系。
12、根据权利要求 11所述的 EVDO系统区域移动性限制的系统, 其特 征在于, 所述 AN-AAA还包括获取模块, 用于获取用户与签约服务区的映 射关系并保存到本地。
13、根据权利要求 12所述的 EVDO系统区域移动性限制的系统, 其特 征在于, 所述第一发送单元, 还用于根据区域移动鉴权结果向用户反馈是 否允许建立连接或切换的应答信息。
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201010223505.6 | 2010-06-29 | ||
CN201010223505.6A CN101895860B (zh) | 2010-06-29 | 2010-06-29 | Evdo系统区域移动性限制的方法及系统 |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2012000285A1 true WO2012000285A1 (zh) | 2012-01-05 |
Family
ID=43104893
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/CN2010/079312 WO2012000285A1 (zh) | 2010-06-29 | 2010-12-01 | Evdo系统区域移动性限制的方法及系统 |
Country Status (2)
Country | Link |
---|---|
CN (1) | CN101895860B (zh) |
WO (1) | WO2012000285A1 (zh) |
Families Citing this family (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101895860B (zh) * | 2010-06-29 | 2014-08-20 | 中兴通讯股份有限公司 | Evdo系统区域移动性限制的方法及系统 |
CN102098757A (zh) * | 2011-02-14 | 2011-06-15 | 中兴通讯股份有限公司 | 控制用户接入网络的方法、装置和系统 |
CN113905381B (zh) * | 2021-10-18 | 2024-04-16 | 中国联合网络通信集团有限公司 | 业务处理方法、装置、设备及可读存储介质 |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1867183A (zh) * | 2005-12-31 | 2006-11-22 | 华为技术有限公司 | 一种接入终端的业务实现系统和方法 |
CN1870807A (zh) * | 2005-05-23 | 2006-11-29 | 中兴通讯股份有限公司 | 一种1x/evdo双模手机鉴权方法 |
US20060268907A1 (en) * | 2005-05-30 | 2006-11-30 | Samsung Electronics Co., Ltd. | System for enabling heterogeneous communication systems to cooperate in providing communication services and method therefor |
CN101895860A (zh) * | 2010-06-29 | 2010-11-24 | 中兴通讯股份有限公司 | Evdo系统区域移动性限制的方法及系统 |
-
2010
- 2010-06-29 CN CN201010223505.6A patent/CN101895860B/zh not_active Expired - Fee Related
- 2010-12-01 WO PCT/CN2010/079312 patent/WO2012000285A1/zh active Application Filing
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1870807A (zh) * | 2005-05-23 | 2006-11-29 | 中兴通讯股份有限公司 | 一种1x/evdo双模手机鉴权方法 |
US20060268907A1 (en) * | 2005-05-30 | 2006-11-30 | Samsung Electronics Co., Ltd. | System for enabling heterogeneous communication systems to cooperate in providing communication services and method therefor |
CN1867183A (zh) * | 2005-12-31 | 2006-11-22 | 华为技术有限公司 | 一种接入终端的业务实现系统和方法 |
CN101895860A (zh) * | 2010-06-29 | 2010-11-24 | 中兴通讯股份有限公司 | Evdo系统区域移动性限制的方法及系统 |
Also Published As
Publication number | Publication date |
---|---|
CN101895860B (zh) | 2014-08-20 |
CN101895860A (zh) | 2010-11-24 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US8275355B2 (en) | Method for roaming user to establish security association with visited network application server | |
US11212678B2 (en) | Cross access login controller | |
WO2015101125A1 (zh) | 网络接入控制方法和设备 | |
CN114268943B (zh) | 授权方法及装置 | |
US8880688B2 (en) | Apparatus and method for providing profile of terminal in communication system | |
EP1713204A1 (en) | A method for managing the user equipment accessed to the network by using the generic authentication architecture | |
CN102111766B (zh) | 网络接入方法、装置及系统 | |
DK2924944T3 (en) | Presence authentication | |
WO2017054617A1 (zh) | 一种对wifi网络的认证方法、装置和系统 | |
CA2552917C (en) | A method of obtaining the user identification for the network application entity | |
JP2016506152A (ja) | タグ付けによるデバイスの認証 | |
US8958792B2 (en) | Method and system for selecting mobility management entity of terminal group | |
EP2744250B1 (en) | Method and apparatus for binding universal integrated circuit card and machine type communication device | |
TWI516151B (zh) | 通訊方法與通訊系統 | |
WO2019056971A1 (zh) | 一种鉴权方法及设备 | |
WO2011147156A1 (zh) | 一种限制接入特定区域的方法及系统 | |
WO2015089969A1 (zh) | 一种m2m终端/终端外设的可及性管理方法及设备 | |
WO2012000285A1 (zh) | Evdo系统区域移动性限制的方法及系统 | |
US9872124B2 (en) | Mobility management method and system in M2M network | |
CN101568116B (zh) | 一种证书状态信息的获取方法及证书状态管理系统 | |
CN102858026B (zh) | 一种触发特定位置终端的方法、系统和终端 | |
KR101434750B1 (ko) | 이동통신망에서 지리 정보를 이용한 무선랜 선인증 방법 및 장치 | |
WO2012062115A1 (zh) | 一种机器类通信接入控制的方法、系统及装置 | |
CN110933669A (zh) | 一种跨rat用户的快速注册的方法 | |
KR20060115781A (ko) | 데이터 로밍을 이용한 분실여권 인증시스템 및 그 인증방법 |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 10853988 Country of ref document: EP Kind code of ref document: A1 |
|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
122 | Ep: pct application non-entry in european phase |
Ref document number: 10853988 Country of ref document: EP Kind code of ref document: A1 |