WO2012119450A1 - A mapping server in subscriber identifier & locator separation network and a implementing method thereof - Google Patents

A mapping server in subscriber identifier & locator separation network and a implementing method thereof Download PDF

Info

Publication number
WO2012119450A1
WO2012119450A1 PCT/CN2011/080645 CN2011080645W WO2012119450A1 WO 2012119450 A1 WO2012119450 A1 WO 2012119450A1 CN 2011080645 W CN2011080645 W CN 2011080645W WO 2012119450 A1 WO2012119450 A1 WO 2012119450A1
Authority
WO
WIPO (PCT)
Prior art keywords
terminal
rid
aid
access
mapping
Prior art date
Application number
PCT/CN2011/080645
Other languages
French (fr)
Chinese (zh)
Inventor
沈炯
王晓明
Original Assignee
中兴通讯股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 中兴通讯股份有限公司 filed Critical 中兴通讯股份有限公司
Publication of WO2012119450A1 publication Critical patent/WO2012119450A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/09Mapping addresses
    • H04L61/10Mapping addresses of different types
    • H04L61/103Mapping addresses of different types across network layers, e.g. resolution of network layer into physical layer addresses or address resolution protocol [ARP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0892Network architectures or network communication protocols for network security for authentication of entities by using authentication-authorization-accounting [AAA] servers or protocols
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/107Network architectures or network communication protocols for network security for controlling access to devices or network resources wherein the security policies are location-dependent, e.g. entities privileges depend on current location or allowing specific operations only from locally connected terminals

Abstract

Disclosed in the invention are a mapping server in the subscriber identifier & locator separation network and a implementing method thereof. The method comprises the following steps: An Authentication, Authorization and Accounting (AAA) server stores and maintains a mapping relationships of user ID, authentication ID(AID) and locator ID (RID); after receiving the mapping query request which is initiated by the access service router or the internet service node according to the user ID or the AID of the subscriber, the AAA server returns the RID corresponding to the user ID or the AID according to the user ID or the AID in the mapping query request. The invention utilizes the AAA server to realize the main function of the mapping server in the WCDMA-based subscriber identifier & locator separation network. The invention can make full use of the existing AAA server and the messages and flow between the Gateway GPRS Support Node (GGSN) and the AAA server, thus the invention has a preferable economy and feasibility.

Description

一种身份位置分离网络中的映射服务器及其实现方法  Mapping server in identity location separation network and implementation method thereof
技术领域 Technical field
本发明涉及移动通信技术领域, 尤其涉及一种身份位置分离网络中的映 射服务器及其实现方法。 背景技术  The present invention relates to the field of mobile communication technologies, and in particular, to a mapping server in an identity location separation network and an implementation method thereof. Background technique
在移动通讯领域, 广泛使用 AAA服务器(Authentication、 Authorization、 Accounting, 验证、 授权和记账) 为移动设备用户进行验证、 授权、 记账。 AAA服务器的主要目的是管理哪些用户可以访问网络服务器, 具有访问权的 用户可以得到哪些服务, 如何对正在使用网络资源的用户进行记账。 其具体 功能主要包括:  In the field of mobile communications, AAA servers (Authentication, Authorization, Accounting, Authentication, Authorization, and Accounting) are widely used for authentication, authorization, and accounting for mobile device users. The main purpose of the AAA server is to manage which users can access the network server, which services are available to users with access rights, and how to account for users who are using network resources. Its specific functions mainly include:
1、 验证 (Authentication) , 验证用户是否可以获得访问权限;  1. Authenticate to verify whether the user can gain access rights;
2、 授权 (Authorization), 授权用户可以使用哪些服务;  2. Authorization, which services can be used by authorized users;
3、 记账 (Accounting), 记录用户使用网络资源的情况。  3. Accounting, recording the user's use of network resources.
RADIUS ( Remote Authentication Dial In User Service, 远程认证拨号用户 服务 )协议是 AAA服务器的接口标准, RADIUS是基于 UDP ( User Datagram Protocol , 用户数据报协议) 的一种客户机 /服务器协议, 在 IETF ( Internet Engineering Task Force, 互联网工程任务组 )的 RFC ( Request For Comments , 请求注解) 2865和 2866中定义。  RADIUS (Remote Authentication Dial In User Service) protocol is the interface standard of AAA server. RADIUS is a client/server protocol based on UDP (User Datagram Protocol). In IETF (Internet) Engineering Task Force, Internet Engineering Task Force) RFC (Request For Comments, Request for Comments) defined in 2865 and 2866.
业界目前提出了多种新的移动管理技术, 其本质思想是用户身份和位置 分离技术。 现有技术中已有有关身份标识和位置分离 ( Subscriber Identifier & Locator Separation Network, 简称为 SILSN )的解决方案, 如基于主机的实现 如 HIP技术, 以及基于路由器的实现如位置身份分离协议 (LISP)技术, 每种 实现中又有相关的多种技术进行支持, 这些方案中终端用户的身份标识(文 中表示为 AID )在移动过程中不改变,根据终端的位置另行分配位置标识(文 中表示为 RID )来实现数据报文的路由和转发。  The industry is currently proposing a variety of new mobile management technologies, the essence of which is user identity and location separation technology. There are solutions for the Identity and Identifier & Locator Separation Network (SILSN) in the prior art, such as host-based implementations such as HIP technology, and router-based implementations such as Location Identity Separation Protocol (LISP). Technology, each implementation has a variety of related technologies to support, in which the identity of the end user (indicated as AID in the text) does not change during the move, and the location identifier is additionally assigned according to the location of the terminal (represented as RID in the text) ) to achieve routing and forwarding of data packets.
图 1示出了一种身份标识和位置分离(SILSN)的网络架构,该 SILSN架构 的网络拓朴划分为拓朴关系上没有重叠的接入网和骨干网, 接入网位于骨干 网的边缘, 负责所有终端的接入, 骨干网负责接入的终端间数据报文的路由 和转发。 网络中, AID作为终端的用户身份标识, 在终端移动过程中始终保 持不变; RID是网络为终端分配的位置标识, 在骨干网使用。 应说明的是, 身份标识和位置标识在不同的 SILSN架构可以有不同的名称, 但实质是一样 的。 Figure 1 shows a network architecture for identity and location separation (SILSN), the SILSN architecture The network topology is divided into an access network and a backbone network that do not overlap in the topology relationship. The access network is located at the edge of the backbone network and is responsible for accessing all terminals, and the backbone network is responsible for routing data packets between terminals accessed by the backbone network. Forward. In the network, the user ID of the AID as the terminal remains unchanged during the terminal movement; the RID is the location identifier assigned by the network to the terminal and is used in the backbone network. It should be noted that the identity and location identifiers may have different names in different SILSN architectures, but the essence is the same.
SILSN架构中, 终端可以是移动终端、 固定终端和游牧终端中的一种或 多种, 如手机、 固定电话、 电脑和服务器等等。  In the SILSN architecture, the terminal may be one or more of a mobile terminal, a fixed terminal, and a nomadic terminal, such as a mobile phone, a landline telephone, a computer, a server, and the like.
SILSN架构中, 接入网用于为终端提供二层(物理层和链路层)接入手 段, 维护终端与 ASR之间的物理接入链路。  In the SILSN architecture, the access network is used to provide a Layer 2 (physical layer and link layer) access device for the terminal, and maintains a physical access link between the terminal and the ASR.
SILSN架构中, 骨干网的主要网元包括:  In the SILSN architecture, the main network elements of the backbone network include:
接入服务路由器 (Access Service Router, 简称为 ASR)是骨干网的边缘路 由器, 用于为终端分配 RID, 维护终端的 AID-RID映射信息, 到 ILR登记注 册和查询终端的 AID-RID绑定关系, 以及实现数据报文的路由和转发等。 终 端须经过 ASR接入骨干网。 ASR为终端分配的 RID包含该 ASR的地址信息, 或者说指向本 ASR, 将该 RID作为数据报文的目的地址时, 该数据报文将被 路由到该 ASR。  An Access Service Router (ASR) is an edge router of the backbone network. It is used to assign RIDs to terminals, maintain AID-RID mapping information of terminals, and register AID-RID bindings to ILRs. , and implement routing and forwarding of data packets. The terminal must access the backbone network through the ASR. The RID assigned by the ASR to the terminal contains the address information of the ASR, or the ASR, and the RID is used as the destination address of the data packet, and the data packet is routed to the ASR.
通用路由器(Common Router, 简称为 CR ) , 骨干网的核心路由器, 用 于根据数据报文中的 RID进行选路, 转发以 RID为目的地址的数据报文。  A common router (referred to as CR), a core router of the backbone network, is configured to perform routing according to the RID in the data packet, and forward the data packet with the RID as the destination address.
身份位置寄存器(Identity Location Register, 简称为 ILR ) , 身份位置寄 存器又可被称为映射服务器等, 当身份位置寄存器以分布式的形态部署时, 可称之为映射平面。 ILR用于保存和维护归属用户终端的身份标识 AID和位 置标识 RID的映射信息, 文中也写为 AID-RID映射信息, 处理对终端位置的 注册、 去注册和查询。  The Identity Location Register (ILR), which can be called a mapping server, etc., can be called a mapping plane when the identity location register is deployed in a distributed manner. The ILR is used to store and maintain the mapping information of the identity identifier AID and the location identifier RID of the home user terminal, and is also written as AID-RID mapping information to process registration, deregistration and query of the terminal location.
可选地, 骨干网还可以包括:  Optionally, the backbone network may further include:
互联服务节点 (Internet Service Router, 简称为 ISR), 具有与传统 IP网络、 ASR和 ILR的接口,用于实现身份、位置分离网络与传统 IP网络的互联互通。  An Internet Service Router (ISR) has interfaces with traditional IP networks, ASRs, and ILRs to implement interworking between identity and location separation networks and traditional IP networks.
可以看出, ASR为了实现报文的正常转发, 需要在终端接入时为该终端 分配 RID, 并需要到 ILR注册该用户的 AID与 RID的绑定, 以更新 ILR中的 该终端的绑定的 RID。 在一个示例中, ASR为每个终端维护该终端的对端信 息 (也可称为终端与通信对端的连接信息, 或终端与通信对端的通信关系信 息), 其中包含该终端 AID及其通信对端 AID的对应关系信息, 还可以包括 该终端的 AID-RID映射信息。 It can be seen that, in order to implement normal forwarding of packets, the ASR needs to be the terminal when the terminal accesses. The RID is assigned, and the ILR is required to register the binding of the user's AID with the RID to update the bound RID of the terminal in the ILR. In an example, the ASR maintains the peer information of the terminal for each terminal (also referred to as connection information between the terminal and the communication peer, or communication relationship information between the terminal and the communication peer), where the terminal includes the terminal AID and its communication pair. The correspondence information of the terminal AID may further include AID-RID mapping information of the terminal.
现有宽带码分多址(Wideband Code Division Multiple Access, 简称为 WCDMA )系统是当前基于无线 WCDMA技术实现业务接入的重要系统和方 法。 WCDMA的核心网架构如图 2所示,包括服务 GPRS( General Packet Radio Service , 通用无线分组服务) 节点 (Serving GPRS Support Node, 简称为 SGSN )、 关口 GPRS节点(Gateway GPRS Support Node, 简称为 GGSN )和 归属用户签约寄存器等网元, 本文中将 2G (第二代移动通信技术)中的归属 位置寄存器 (Home Location Register, 简称为 HLR)和 3G中的归属用户服务器 ( Home Subscriber Server, 简称为 HSS ) 统称为归属用户签约寄存器, 用 HLR/HSS 表示。 由于现有 TD-SCDMA ( Time Division- Synchronous Code Division Multiple Access, 时分同步码分多址)核心网络使用与 WCDMA相同 架构, 以下 WCDMA统指 WCDMA及 TD-SCDMA。 The existing Wideband Code Division Multiple Access (WCDMA) system is an important system and method for implementing service access based on wireless WCDMA technology. The core network architecture of WCDMA is shown in Figure 2. It includes the Serving GPRS Support Node (SGSN) and the Gateway GPRS Support Node (GGSN). Network element such as home subscriber registration register, in this paper, 2G (second generation mobile communication technology) home location register (HLR) and home subscriber server in 3G (Home Subscriber Server, HSS for short) ) collectively referred to as the home subscriber subscription register, denoted by HLR/HSS. Since the existing TD-SCDMA (Time Division-Synchronous Code Division Multiple Access) core network uses the same architecture as WCDMA, the following WCDMA refers to WCDMA and TD-SCDMA.
SGSN是 GPRS网络的一个基本的组成网元, 是为了提供 GPRS业务而 在全球移动通讯系统( Globle System for Mobile Communication,简称为 GSM ) 网络中引进的一个新的网元设备。 其主要完成分组数据包的路由转发、 移动 性管理、 会话管理、 逻辑链路管理、 鉴权和加密等功能。  The SGSN is a basic component network element of the GPRS network. It is a new network element device introduced in the Globle System for Mobile Communication (GSM) network to provide GPRS services. It mainly performs the functions of routing and forwarding, mobility management, session management, logical link management, authentication and encryption of packet data packets.
GGSN提供数据报文在 WCDMA网内和外部数据网之间的路由和封装, 起网关作用, 可称为接入网关, 它包括 PS附着用户的路由信息, 路由信息用 于把数据报文隧道到 MS的当前附着点, 即, SGSN。  The GGSN provides routing and encapsulation of data packets between the WCDMA network and the external data network. It acts as a gateway and can be called an access gateway. It includes routing information of the PS attached user. The routing information is used to tunnel data packets. The current attachment point of the MS, ie, the SGSN.
WCDMA网络可以使用 AAA服务器来完成对 GPRS上网用户的认证、 授权和计费, GGSN与 AAA服务器的 Gi接口使用 RADIUS协议, 接口消息 包括:  The WCDMA network can use the AAA server to complete the authentication, authorization, and accounting for the GPRS Internet users. The Gi interface between the GGSN and the AAA server uses the RADIUS protocol. The interface messages include:
接入类: Access-Request (接入请求), Access-Accept (接入接受响应) , Access-Reject ( 4妻入巨色 p向 ) ; 计费类: Accounting-Request Start (计费开始请求) , Accounting- Response Start (计费开始请求响应) , Accounting-Request Stop (计费停止请求) , Accounting-Response Stop (计费停止请求响应 ) , Accounting Request Interim-Update (中间计费请求) , Accounting-Response Interim-Update (中间 计费请求响应) 。 Access class: Access-Request (access request), Access-Accept (access acceptance response), Access-Reject (4 wife into giant color p- direction); Accounting class: Accounting-Request Start, Accounting-Response Start, Accounting-Request Stop, Accounting-Response Stop, Accounting Request Interim-Update, Accounting-Response Interim-Update.
综上所述, 现有技术中存在如下技术问题: 在现有 WCDMA 或 TD-SCDMA网络中如何实施身份位置分离网络的映射服务器, 实现映射服务 器的相应功能。 发明内容  In summary, the following technical problems exist in the prior art: How to implement a mapping server of an identity location separation network in an existing WCDMA or TD-SCDMA network, and implement a corresponding function of the mapping server. Summary of the invention
本发明解决的技术问题是提供一种身份位置分离网络中的映射服务器及 其实现方法,利用 AAA服务器实现身份位置分离网络中映射服务器的主要功 能。  The technical problem to be solved by the present invention is to provide a mapping server in an identity location separation network and an implementation method thereof, and use the AAA server to implement the main functions of the mapping server in the identity location separation network.
为解决上述技术问题, 本发明提供了一种身份位置分离网络映射服务器 的实现方法, 所述方法包括:  To solve the above technical problem, the present invention provides an implementation method of an identity location separation network mapping server, where the method includes:
验证、 授权和记账(AAA )服务器保存并维护终端的用户标识、 身份标 识(AID )与位置标识(RID ) 的映射关系;  The Authentication, Authorization, and Accounting (AAA) server maintains and maintains the mapping relationship between the user identity, identity identifier (AID), and location identifier (RID) of the terminal;
接收到接入服务路由器或互联服务节点 (ISR )根据终端的用户标识或 AID发起的映射查询请求后,所述 AAA服务器根据该映射查询请求中的用户 标识或 AID返回对应的 RID。  After receiving the mapping query request initiated by the access service router or the interconnection service node (ISR) according to the user identifier or the AID of the terminal, the AAA server returns the corresponding RID according to the user identifier or the AID in the mapping query request.
优选地, 所述 AAA服务器保存并维护所述映射关系包括:  Preferably, the saving and maintaining the mapping relationship by the AAA server includes:
所述 AAA服务器上预先保存有终端的用户标识与 AID的对应关系; 所述终端接入的接入服务路由器为所述终端分配 RID后, 将为所述终端 分配的所述 RID发送给所述 AAA服务器;  The AAA server pre-stores the correspondence between the user identifier of the terminal and the AID; after the access service router accessed by the terminal allocates the RID to the terminal, the RID allocated for the terminal is sent to the AAA server;
所述 AAA服务器收到所述 RID后, 保存或更新所述终端的用户标识、 After receiving the RID, the AAA server saves or updates the user identifier of the terminal,
AID与 RID的映射关系。 The mapping between AID and RID.
优选地,所述用户标识包括国际移动用户识别码( IMSI ) ,或者包括 IMSI 和接入点名称(APN ) 。 优选地, 所述方法应用于宽带码分多址(WCDMA )或时分同步码分多 址(TD-SCDMA ) 网络, 所述接入路由服务器为接入网关 (GGSN ) ; Preferably, the user identity comprises an International Mobile Subscriber Identity (IMSI) or an IMSI and an Access Point Name (APN). Preferably, the method is applied to a Wideband Code Division Multiple Access (WCDMA) or Time Division Synchronous Code Division Multiple Access (TD-SCDMA) network, and the access routing server is an access gateway (GGSN);
所述 GGSN在收到终端的激活请求后、 向所述 AAA服务器发送接入请 求时,将为所述终端分配的所述 RID携带在所述接入请求中发送给所述 AAA 服务器;  After receiving the activation request from the terminal, the GGSN sends the RID that is allocated to the terminal to the AAA server in the access request, and sends the access request to the AAA server;
或者,在收到所述 AAA服务器的接入响应后,将为所述终端分配的所述 RID发送给所述 AAA服务器。  Or, after receiving the access response of the AAA server, sending the RID allocated to the terminal to the AAA server.
优选地, 所述 GGSN向所述 AAA服务器发送的所述接入请求中还携带 所述终端的用户标识及认证信息;  Preferably, the access request sent by the GGSN to the AAA server further carries the user identifier and the authentication information of the terminal;
所述 AAA服务器接收到所述接入请求后,根据所述认证信息对所述终端 进行认证, 同时根据所述用户标识查询对应的 AID, 如果所述终端通过认证、 且查询到有效的 AID, 则通过所述接入网关向所述终端发送接入响应, 并在 所述接入响应中携带所述 AID作为分配给所述终端的 IP地址;如果所述终端 未通过验证, 则向所述 GGSN返回接入拒绝消息。  After receiving the access request, the AAA server authenticates the terminal according to the authentication information, and queries the corresponding AID according to the user identifier. If the terminal passes the authentication and queries for a valid AID, And sending, by the access gateway, an access response to the terminal, and carrying the AID as an IP address allocated to the terminal in the access response; and if the terminal fails to pass the verification, The GGSN returns an access reject message.
优选地,所述 GGSN根据收到的所述接入响应中包含的 AID ,将所述 AID 作为分配给所述终端的 IP地址返回给所述终端, 同时在本地保存所述终端的 AID与 RID的绑定关系。  Preferably, the GGSN returns the AID as an IP address assigned to the terminal to the terminal according to the received AID included in the access response, and locally saves the AID and RID of the terminal locally. Binding relationship.
优选地, 所述保存或更新是指: AAA服务器根据收到的所述 RID, 将所 述 RID添加到所述映射关系中, 或者对所述映射关系中的 RID进行更新。  Preferably, the saving or updating means: the AAA server adds the RID to the mapping relationship according to the received RID, or updates the RID in the mapping relationship.
优选地,所述 AAA服务器接收到所述接入请求后,如果所述终端通过验 证、 但根据所述用户标识未能查询有效的 AID, 则通过所述接入网关向所述 终端发送接入响应, 所述接入响应中包含特定的 AID值;  Preferably, after receiving the access request, the AAA server sends an access to the terminal through the access gateway if the terminal passes the verification but fails to query the valid AID according to the user identifier. In response, the access response includes a specific AID value;
所述 GGSN根据所述接入响应中包含的特定的 AID值,为所述终端分配 一个动态 IP地址, 或者拒绝所述终端的用户激活请求。  The GGSN allocates a dynamic IP address to the terminal according to a specific AID value included in the access response, or rejects a user activation request of the terminal.
优选地, 所述映射关系的更新, 还包括:  Preferably, the updating of the mapping relationship further includes:
所述接入网关在收到所述终端的去激活消息后,向所述 AAA服务器发送 去激活消息, 携带所述终端的用户标识;  After receiving the deactivation message of the terminal, the access gateway sends a deactivation message to the AAA server, and carries the user identifier of the terminal;
所述 AAA服务器收到所述去激活消息后,根据所述终端的用户标识,删 除保存的所述终端的映射关系中的 RID,并向所述接入网关发送去激活响应。 优选地, 当所述终端的用户标识对应多个 RID 时, 所述接入网关在向 AAA服务器发送的所述去激活消息中, 携带待删除的指定 RID。 After receiving the deactivation message, the AAA server deletes according to the user identifier of the terminal. And deleting the RID in the mapping relationship of the terminal, and sending a deactivation response to the access gateway. Preferably, when the user identifier of the terminal corresponds to multiple RIDs, the access gateway carries the specified RID to be deleted in the deactivation message sent to the AAA server.
优选地, 所述映射关系的更新, 还包括:  Preferably, the updating of the mapping relationship further includes:
所述接入网关在收到所述终端的上下文更改请求或切换请求后, 向所述 After receiving the context change request or the handover request of the terminal, the access gateway sends the
AAA服务器发送接入请求, 所述接入请求中携带所述终端的用户标识及为所 述终端分配的新的 RID; The AAA server sends an access request, where the access request carries the user identifier of the terminal and a new RID allocated to the terminal;
所述 AAA服务器收到所述接入请求后, 根据所述新的 RID对保存的所 述终端的映射关系中的 RID进行更新。  After receiving the access request, the AAA server updates the RID in the saved mapping relationship of the terminal according to the new RID.
本发明还提供了一种身份位置分离网络映射服务器的实现方法, 所述方 法包括:  The present invention also provides an implementation method of an identity location separation network mapping server, where the method includes:
AAA服务器保存终端的第一标识, 并维护终端的第一标识与第二标识的 映射关系;  The AAA server saves the first identifier of the terminal, and maintains a mapping relationship between the first identifier and the second identifier of the terminal.
所述 AAA服务器接收到 GGSN或 ISR根据终端的第一标识发起的映射 查询请求后, 根据该映射查询请求中的第一标识返回对应的第二标识。  After receiving the mapping query request initiated by the GGSN or the ISR according to the first identifier of the terminal, the AAA server returns a corresponding second identifier according to the first identifier in the mapping query request.
优选地, 所述方法应用于 WCDMA或 TD-SCDMA网络, 所述第二标识 包括 RID;  Preferably, the method is applied to a WCDMA or TD-SCDMA network, and the second identifier includes an RID;
所述终端接入的 GGSN为所述终端分配的 RID后,将为所述终端分配的 所述 RID发送给所述 AAA服务器;  After the GGSN accessed by the terminal is the RID allocated by the terminal, the RID allocated to the terminal is sent to the AAA server;
所述 AAA服务器收到所述 RID后, 保存或更新所述终端的第一标识与 After receiving the RID, the AAA server saves or updates the first identifier of the terminal and
RID的映射关系。 The mapping relationship of RIDs.
优选地, 所述第一标识包括用户标识、 和 /或 AID;  Preferably, the first identifier includes a user identifier, and/or an AID;
其中, 所述用户标识包括 IMSI, 或者包括 IMSI和 APN。  The user identifier includes an IMSI, or includes an IMSI and an APN.
本发明还提供了一种身份位置分离网络的映射服务器, 所述映射服务器 包括:  The present invention also provides a mapping server for an identity location separation network, the mapping server comprising:
映射关系存储模块, 其设置为: 保存并维护终端的用户标识、 身份标识 ( AID )与位置标识(RID ) 的映射关系; 查询请求处理模块,其设置为:接收到所述身份位置分离网络中的 GGSN 或 ISR根据终端的用户标识或 AID发起的映射查询请求后, 根据该映射查询 请求中的用户标识或 AID返回对应的 RID。 a mapping relationship storage module, configured to: save and maintain a mapping relationship between a user identifier, an identity (AID), and a location identifier (RID) of the terminal; The query request processing module is configured to: after receiving the mapping query request initiated by the GGSN or the ISR in the identity location separation network according to the user identifier or the AID of the terminal, return the corresponding user identifier or AID according to the mapping query request. RID.
优选地, 所述映射关系存储模块还设置为: 按照以下方式保存并维护所 述映射关系:  Preferably, the mapping relationship storage module is further configured to: save and maintain the mapping relationship as follows:
预先保存终端的用户标识与 AID的对应关系;  Pre-storing the correspondence between the user identifier of the terminal and the AID;
接收到所述终端接入的接入服务路由器发送的为所述终端分配的 RID 后, 保存或更新所述终端的用户标识、 AID与 RID的映射关系。  After receiving the RID allocated by the access service router accessed by the terminal for the terminal, the mapping between the user identifier, the AID, and the RID of the terminal is saved or updated.
优选地,所述映射服务器应用于 WCDMA或 TD-SCDMA网络中的 AAA 服务器,  Preferably, the mapping server is applied to an AAA server in a WCDMA or TD-SCDMA network,
所述映射关系存储模块设置为: 收到 WCDMA或 TD-SCDMA网络中的 GGSN发送的接入请求时, 根据所述接入请求中包含的终端的用户标识及认 证信息对所述终端进行认证, 同时根据所述用户标识查询对应的 AID, 如果 所述终端通过认证、 且查询到有效的 AID, 则通过所述 GGSN向所述终端发 送接入响应, 并在所述接入响应中携带所述 AID作为分配给所述终端的 IP 地址; 如果所述终端未通过验证, 则向所述 GGSN返回接入拒绝消息。  The mapping relationship storage module is configured to: when receiving an access request sent by the GGSN in the WCDMA or TD-SCDMA network, authenticating the terminal according to the user identifier and the authentication information of the terminal included in the access request, At the same time, the corresponding AID is queried according to the user identifier. If the terminal passes the authentication and the valid AID is queried, the GGSN sends an access response to the terminal, and carries the The AID is used as an IP address assigned to the terminal; if the terminal fails the verification, an access reject message is returned to the GGSN.
优选地, 所述映射关系存储模块还设置为: 接收到所述接入请求后, 如 果所述终端通过验证、 但根据所述用户标识未能查询有效的 AID, 则通过所 述接入网关向所述终端发送接入响应, 所述接入响应中包含特定的 AID值, 通知所述 GGSN为所述终端分配一个动态 IP地址,或者拒绝所述终端的用户 激活请求。  Preferably, the mapping relationship storage module is further configured to: after receiving the access request, if the terminal passes the verification, but fails to query the valid AID according to the user identifier, the access gateway is used to The terminal sends an access response, where the access response includes a specific AID value, and the GGSN is notified to allocate a dynamic IP address to the terminal, or reject the user activation request of the terminal.
优选地, 所述映射关系存储模块还设置为: 收到所述 GGSN发送的去激 活消息后, 根据所述去激活消息中携带的所述终端的用户标识, 删除保存的 所述终端的映射关系中的 RID, 并向所述 GGSN发送去激活响应。  Preferably, the mapping relationship storage module is further configured to: after receiving the deactivation message sent by the GGSN, delete the saved mapping relationship of the terminal according to the user identifier of the terminal carried in the deactivation message The RID in the middle, and sends a deactivation response to the GGSN.
优选地, 所述映射关系存储模块还设置为: 根据所述 GGSN发送的所述 去激活消息中携带的待删除的指定 RID, 删除保存的所述终端的映射关系中 的所述待删除的指定 RID; 和 /或  Preferably, the mapping relationship storage module is further configured to: delete the specified to be deleted in the saved mapping relationship of the terminal according to the specified RID to be deleted that is carried in the deactivation message sent by the GGSN RID; and / or
收到终端切换到的新接入网关发送的接入请求后, 根据所述接入请求中 包含的所述终端的用户标识及为所述终端分配的新的 RID, 对保存的所述终 端的映射关系中的 RID进行更新。 After receiving the access request sent by the new access gateway to which the terminal is handed over, according to the access request The user identifier of the terminal and the new RID allocated to the terminal are updated, and the RID in the mapping relationship of the saved terminal is updated.
本发明实施例利用 AAA服务器实现基于 WCDMA的身份位置分离网络 中映射服务器的主要功能, 能够充分利用现有 AAA服务器及 GGSN与 AAA 服务器之间的消息和流程, 因而具有较好的经济性和可行性。 附图概述  The embodiment of the invention utilizes the AAA server to implement the main functions of the mapping server in the WCDMA-based identity location separation network, and can fully utilize the existing AAA server and the message and process between the GGSN and the AAA server, thereby having better economy and feasibility. Sex. BRIEF abstract
此处所说明的附图用来提供对本发明的进一步理解, 构成本申请的一部 分, 本发明的示意性实施例及其说明用于解释本发明, 并不构成对本发明的 不当限定。 在附图中:  The drawings are intended to provide a further understanding of the invention, and are intended to be illustrative of the invention. In the drawing:
图 1为现有 WCDMA系统分组域的架构图;  1 is an architectural diagram of a packet domain of an existing WCDMA system;
图 2为依据本发明实施例的一种 SILSN网络架构的示意图;  2 is a schematic diagram of a SILSN network architecture according to an embodiment of the present invention;
图 3为依据本发明实施例的另一种 SILSN网络架构的示意图;  3 is a schematic diagram of another SILSN network architecture according to an embodiment of the present invention;
图 4为依据本发明实施例的 GGSN从 AAA服务器获取用户 AID和注册 RID的流程示意图;  4 is a schematic diagram of a process for a GGSN to obtain a user AID and a registered RID from an AAA server according to an embodiment of the present invention;
图 5为依据本发明实施例的用户去激活时 AAA服务器删除用户的 RID 的流程示意图;  5 is a schematic flowchart of deleting an RID of a user by an AAA server when a user is deactivated according to an embodiment of the present invention;
图 6为依据本发明实施例的 GGSN或 ISR向 AAA服务器发起映射查询 的流程示意图;  6 is a schematic flowchart of a GGSN or an ISR initiating a mapping query to an AAA server according to an embodiment of the present invention;
图 7为依据本发明实施例的终端切换过程中 AAA服务器更新终端映射关 系的流程示意图。 本发明的较佳实施方式  FIG. 7 is a schematic flowchart of an AAA server updating a terminal mapping relationship in a terminal handover process according to an embodiment of the present invention. Preferred embodiment of the invention
图 2和图 3示出了具有 SILSN架构的 WCDMA核心网的架构, 将上述 SILSN架构应用于 WCDMA系统,需要说明的是,使用 SILSN架构只是为了 具体说明本发明的实施例, 本发明的流程也可广泛适用于其它身份位置分离 架构。 结合图 2和图 3 , GGSN用作 ASR的功能, 负责报文的转发, 与 ILR之 间有接口 S1 , 接口 S1用于向 ILR查询通信对端的 RID, 注册、 更新、 去注 册终端的 AID-RID映射关系等。 2 and FIG. 3 show an architecture of a WCDMA core network having a SILSN architecture, and the above SILSN architecture is applied to a WCDMA system. It should be noted that the SILSN architecture is used only to specifically describe an embodiment of the present invention, and the flow of the present invention is also Can be widely applied to other identity location separation architecture. Referring to FIG. 2 and FIG. 3, the GGSN is used as the function of the ASR, and is responsible for forwarding the message. There is an interface S1 with the ILR. The interface S1 is used to query the ILR for the RID of the communication peer, and register, update, and register the AID of the terminal. RID mapping relationship, etc.
图 3中的 ISR是在 WCDMA核心网中新引入网元, 用于身份、位置分离 网络与传统 IP网络的互联互通, 其使用接口 S1查询通信对端的 RID。  The ISR in Figure 3 is a new network element introduced in the WCDMA core network for interworking between the identity and location separation network and the traditional IP network. The interface S1 is used to query the RID of the communication peer.
GGSN与 ISR之间有信令接口 S2及数据接口 D2, 信令接口 S2用于在 GGSN切换时,通知 ISR相关 AID-RID绑定的更改,也可用于 GGSN通知 ISR 注册、 删除 AID-RID绑定。 GGSN与 ISR之间的数据接口 D2用于 GGSN向 ISR转发 MS发送的发往外部网络的数据及 ISR向 GGSN转发发往 MS的数 据。 ISR与外部网络的数据接口 D3不在本专利描述的范围。  There is a signaling interface S2 and a data interface D2 between the GGSN and the ISR. The signaling interface S2 is used to notify the ISR of the AID-RID binding change when the GGSN is switched, and can also be used for the GGSN to notify the ISR to register and delete the AID-RID binding. set. The data interface D2 between the GGSN and the ISR is used by the GGSN to forward the data sent by the MS to the external network and the ISR forwards the data addressed to the MS to the GGSN. The data interface D3 between the ISR and the external network is outside the scope of this patent.
本发明的主要目的在于,提供一种基于 AAA服务器作为身份、位置分离 网络的 ILR的实现方法。 需要说明的是, 由于 TD-SCDMA核心网络架构与 WCDMA核心网络架构一致, 本发明方案在 TD-SCDMA核心网络中同样适 用, 以下所述 WCDMA统指 WCDMA及 TD-SCDMA。 The main object of the present invention is to provide an implementation method of an ILR based on an AAA server as an identity and location separation network. It should be noted that, since the TD-SCDMA core network architecture is consistent with the WCDMA core network architecture, the inventive scheme is equally applicable in the TD-SCDMA core network. The following WCDMA refers to WCDMA and TD-SCDMA.
此外, 本发明并不局限于上述架构。 由于无线接入网可能釆用其他的结 构, 在其他架构中目标 RNC可能是其他的无线侧网元。  Further, the present invention is not limited to the above architecture. Since the radio access network may employ other structures, in other architectures the target RNC may be other radio side network elements.
结合图 3所示的具有 SILSN架构的 WCDMA核心网的架构,本发明提供 的使用 AAA作为身份位置分离网络 ILR的方法, 即: 在 WCDMA网络中使 用 AAA服务器作为 ILR, 实现 ILR 的功能, 其主要负责维护用户标识与 AID-RID映射关系的绑定, 提供接口 S1 , 用于 AID-RID绑定的查询及注册、 更新、 去注册终端的 AID-RID 映射关系。 其中, 用户标识可以包括 IMSI ( International Mobile Subscriber Identification Number,国际移动用户 i只另 ll码 ), 也可以包括 IMSI和 APN ( Access Point Name, 接入点名称 ) 。  In combination with the architecture of the WCDMA core network with the SILSN architecture shown in FIG. 3, the present invention provides a method for using AAA as an identity location separation network ILR, namely: using an AAA server as an ILR in a WCDMA network, implementing ILR functions, mainly Responsible for maintaining the binding between the user ID and the AID-RID mapping relationship, providing the interface S1, for querying the AID-RID binding, and registering, updating, and deregistering the AID-RID mapping relationship of the terminal. The user identifier may include an IMSI (International Mobile Subscriber Identification Number), and may also include an IMSI and an APN (Access Point Name).
具体地, 在 WCDMA网络中使用 AAA服务器时, 是使用 IMSI和 APN 唯一标识一个用户, 如无特别说明, 则下文中的用户标识是指 IMSI加 APN。  Specifically, when the AAA server is used in the WCDMA network, one user is uniquely identified by using IMSI and APN. Unless otherwise specified, the following user identifier refers to IMSI plus APN.
本发明提供的身份位置分离网络映射服务器的实现方法, 主要包括: AAA服务器保存终端的第一标识, 并维护终端的第一标识与第二标识的 映射关系; The method for implementing the identity location separation network mapping server provided by the present invention mainly includes: the AAA server saves the first identifier of the terminal, and maintains the first identifier and the second identifier of the terminal. Mapping relations;
所述 AAA服务器接收到 GGSN或 ISR根据终端的第一标识发起的映射 查询请求后, 根据该映射查询请求中的第一标识返回对应的第二标识。  After receiving the mapping query request initiated by the GGSN or the ISR according to the first identifier of the terminal, the AAA server returns a corresponding second identifier according to the first identifier in the mapping query request.
进一步地, 所述方法应用于 WCDMA或 TD-SCDMA网络, 所述第二标 识包括 RID;  Further, the method is applied to a WCDMA or TD-SCDMA network, and the second identifier includes an RID;
所述终端接入的 GGSN为所述终端分配的 RID后,将为所述终端分配的 所述 RID发送给所述 AAA服务器;  After the GGSN accessed by the terminal is the RID allocated by the terminal, the RID allocated to the terminal is sent to the AAA server;
所述 AAA服务器收到所述 RID后, 保存或更新所述终端的第一标识与 RID的映射关系。  After receiving the RID, the AAA server saves or updates the mapping relationship between the first identifier of the terminal and the RID.
进一步地, 所述第一标识包括用户标识、 和 /或 AID;  Further, the first identifier includes a user identifier, and/or an AID;
其中, 所述用户标识包括 IMSI, 或者包括 IMSI和 APN。  The user identifier includes an IMSI, or includes an IMSI and an APN.
此外, 本发明还提供了一种身份位置分离网络映射服务器的实现方法, 主要包括: In addition, the present invention also provides an implementation method of an identity location separation network mapping server, which mainly includes:
AAA服务器保存并维护终端的用户标识、 身份标识(AID )与位置标识 The AAA server saves and maintains the user ID, identity (AID) and location identifier of the terminal.
( RID ) 的映射关系; The mapping relationship of (RID);
接收到接入服务路由器或互联服务节点发起的映射查询请求后, 根据该 映射查询请求中的终端的用户标识或 AID返回对应的 RID。  After receiving the mapping query request initiated by the access service router or the interconnection service node, the corresponding RID is returned according to the user identifier or AID of the terminal in the mapping query request.
其中, 所述用户标识包括 IMSI和 APN。  The user identifier includes an IMSI and an APN.
进一步地, 所述 AAA服务器上保存有终端用户标识与 AID的对应关系 Further, the correspondence between the terminal user identifier and the AID is saved on the AAA server.
( AAA服务器可以仅保存本地终端的, 也可以保存所有终端的对应关系) ; 终端接入的接入服务路由器为终端分配 RID后, 向所述 AAA服务器发 起注册, 携带所述终端的用户标识及所述 RID; (The AAA server may only store the corresponding relationship of the local terminal, and may also store the correspondence between all the terminals); after the access service router that the terminal accesses allocates the RID to the terminal, initiates registration with the AAA server, and carries the user identifier of the terminal and The RID;
所述 AAA服务器根据所述终端的用户标识查找到所述对应关系 ,并保存 所述终端的用户标识、 AID与 RID的映射关系 (如在该对应关系上增加 RID 的信息) 。  The AAA server searches for the corresponding relationship according to the user identifier of the terminal, and saves the mapping relationship between the user identifier, the AID, and the RID of the terminal (for example, adding RID information to the corresponding relationship).
可选的,所述接入网关在向所述 AAA服务器发送的接入请求中也可不携 带为用户分配的 RID信息; 而是在收到 AAA服务器的接入响应, 并且用户 认证成功后, 再使用一条新的消息将为该终端分配的 RID信息发送给 AAA 服务器。 Optionally, the access gateway may also not carry the access request sent to the AAA server. With the RID information assigned to the user; but after receiving the access response of the AAA server, and the user authentication is successful, a new message is used to send the RID information allocated for the terminal to the AAA server.
其中, 所述保存或更新, 是指: 根据收到的所述 RID信息, 将所述 RID 信息添加到所述映射关系中, 或者将所述映射关系中的 RID信息进行更新。  The saving or updating means: adding the RID information to the mapping relationship according to the received RID information, or updating the RID information in the mapping relationship.
进一步地, 当用户标识可以绑定多个 RID时, 所述接入网关在发送给所 述 AAA服务器的所述终端的 RID信息中可包含多个 RID。  Further, when the user identifier can be bound to multiple RIDs, the access gateway may include multiple RIDs in the RID information of the terminal sent to the AAA server.
进一步的,为了重用现有 AAA服务器消息,接入请求及响应使用现有的 Access-Request, Access-Accept/Access-Reject消息。  Further, in order to reuse the existing AAA server message, the access request and response use the existing Access-Request, Access-Accept/Access-Reject message.
进一步地, 所述映射关系的更新, 还包括: Further, the updating of the mapping relationship further includes:
所述接入网关在收到终端的去激活消息后,向 AAA服务器发送去激活消 息, 携带所述终端的用户标识;  After receiving the deactivation message of the terminal, the access gateway sends a deactivation message to the AAA server, and carries the user identifier of the terminal;
AAA服务器收到去激活消息后, 根据所述终端的用户标识, 删除该终端 的映射关系中的 RID信息, 并向接入网关发送去激活消息响应。  After receiving the deactivation message, the AAA server deletes the RID information in the mapping relationship of the terminal according to the user identifier of the terminal, and sends a deactivation message response to the access gateway.
进一步的, 如果一个用户标识可以绑定多个 RID, 所述接入网关向 AAA 服务器发送的去激活消息中, 还携带指定的 RID, 用于删除指定的 RID。  Further, if a user identifier can be bound to multiple RIDs, the deactivation message sent by the access gateway to the AAA server also carries the specified RID, which is used to delete the specified RID.
进一步的,为了重用现有的 AAA服务器消息,去激活消息及响应使用现 有的 AAA月良务器的 Accounting-Request Stop, Accounting-Response Sto 消息。  Further, in order to reuse the existing AAA server message, the activation message and the response use the Accounting-Request Stop, Accounting-Response Sto message of the existing AAA server.
进一步的, 为了与 Accounting-Request Stop, Accounting-Response Sto 消 息匹配,在所述接入网关向所述 AAA服务器发送激活消息, 并收到激活消息 响应后, 所述接入网关向所述 AAA月良务器发 Accounting-Request Start,所述 AAA月良务器返回 Accounting- Response Start„  Further, in order to match the Accounting-Request Stop, Accounting-Response Sto message, after the access gateway sends an activation message to the AAA server, and receives an activation message response, the access gateway goes to the AAA month. The server sends an Accounting-Request Start, and the AAA server returns an Accounting- Response Start.
此外, 如果允许用户无缝切换接入网关, 则新接入网关在收到 PDP上下 文更改请求或切换请求后, 向所述 AAA服务器发送接入请求,接入请求中携 带用户的用户标识, 及为所述用户分配的新 RID; AAA服务器在收到接入请求后,将所述用户的用户标识所绑定的 RID替 换成新 RID, 向所述新接入网关发送接入请求响应, 携带所述用户的身份标 识 AID。 In addition, if the user is allowed to seamlessly switch the access gateway, the new access gateway sends an access request to the AAA server after receiving the PDP context change request or the handover request, where the access request carries the user identifier of the user, and a new RID assigned to the user; After receiving the access request, the AAA server replaces the RID bound to the user identifier of the user with a new RID, and sends an access request response to the new access gateway, carrying the identity identifier AID of the user.
进一步的, 如果一个用户标识可以绑定多个 RID, 所述新接入网关向所 述 AAA服务器发送的接入请求中还携带原 RID, 所述 AAA服务器在收到接 入请求后, 将所述用户标识所绑定的原 RID替换成新 RID。  Further, if a user identifier can be bound to multiple RIDs, the access request sent by the new access gateway to the AAA server further carries the original RID, and after receiving the access request, the AAA server will The original RID bound to the user identifier is replaced with a new RID.
所述接入网关, ISR在转发用户的数据报文时, 如果没有通讯对端的身 份标识 AID与位置标识 RID的绑定关系,则向 AAA服务器查询, 向 AAA服 务器发送 RID查询请求, 携带用户身份标识 AID。  The access gateway, when forwarding the data packet of the user, if the ISR does not have the binding relationship between the identity identifier AID of the communication peer and the location identifier RID, the ISR queries the AAA server, and sends a RID query request to the AAA server to carry the user identity. Identifies the AID.
所述 AAA服务器在收到所述接入网关的 RID查询请求后, 查询所述身 份标识绑定的 RID , 返回所述接入网关 RID查询响应, 携带所述 RID。  After receiving the RID query request of the access gateway, the AAA server queries the RID bound to the identity identifier, returns the RID query response of the access gateway, and carries the RID.
进一步的, 如果所述身份标识 AID绑定了多个 RID, AAA服务器返回 多个 RID。  Further, if the identity AID is bound to multiple RIDs, the AAA server returns multiple RIDs.
为了便于阐述本发明, 以下将结合附图及具体实施例对本发明技术方案 的实施作进一步详细描述。 需要说明的是, 在不冲突的情况下, 本申请中的 实施例及实施例中的特征可以相互任意组合。 In order to facilitate the description of the present invention, the implementation of the technical solution of the present invention will be further described in detail below with reference to the accompanying drawings and specific embodiments. It should be noted that, in the case of no conflict, the features in the embodiments and the embodiments in the present application may be arbitrarily combined with each other.
实施例一  Embodiment 1
本实施例基于图 3描述的身份位置分离的核心网架构, 描述用户终端发 送 PDP上下文激活请求时, GGSN从 AAA服务器获取用户身份标识 AID和 注册用户位置标识 RID的过程。  This embodiment is based on the core network architecture of the identity location separation described in FIG. 3, and describes a process in which the GGSN obtains the user identity identifier AID and the registered user location identifier RID from the AAA server when the user terminal sends a PDP context activation request.
如图 4所示, 本实施例用户注册的流程主要包括如下步骤:  As shown in FIG. 4, the process of user registration in this embodiment mainly includes the following steps:
步骤 401 : 终端发送 PDP上下文激活请求给 SGSN, 与现有 WCDMA流 程一致。  Step 401: The terminal sends a PDP context activation request to the SGSN, which is consistent with the existing WCDMA process.
步骤 402: SGSN向终端关联的 GGSN发送创建 PDP上下文请求消息, 与现有 WCDMA流程一致。  Step 402: The SGSN sends a Create PDP Context Request message to the GGSN associated with the terminal, which is consistent with the existing WCDMA process.
步骤 403: GGSN向 AAA服务器发送接入请求, 使用 GGSN与 AAA服 务器之间现有的 Access-Request (接入请求) 消息, 与现有 WCDMA流程一 致。 其中, Called-Station-Id 字段填入 APN值, 3GPP Vendor- Specific 的 3GPP-IMSI字段填入用户终端的 IMSI值, NAS-IP-Address字段填入 GGSN 的为用户终端转发数据报的地址(位置标识 RID ) 。 Step 403: The GGSN sends an access request to the AAA server, and uses an existing Access-Request message between the GGSN and the AAA server, and the existing WCDMA process. To. The Called-Station-Id field is filled in with the APN value, the 3GPP-IMSI field of the 3GPP Vendor-Specific field is filled in the IMSI value of the user terminal, and the NAS-IP-Address field is filled in the address of the GGSN for forwarding the datagram to the user terminal (location) Identifies RID).
步骤 404: AAA服务器根据 IMSI和 APN查询对应的 Framed-IP-Address (给用户分配的 IP地址) ( AID ) , 如有有效的映射的 AID, AAA服务器记 录 IMSI、 APN, Framed-IP-Address(AID)和步骤 403中的 NAS-IP-Address字 段携带的 RID的映射关系。 AAA服务器向 GGSN发送现有的 Access-Accept (接入接受 )消息, 与现有 WCDMA流程一致, 其中, Framed-IP-Address字 段填入 AID值。  Step 404: The AAA server queries the corresponding Framed-IP-Address (AID) according to the IMSI and the APN. If there is a valid mapped AID, the AAA server records the IMSI, the APN, and the Framed-IP-Address ( The mapping relationship between the AID) and the RID carried in the NAS-IP-Address field in step 403. The AAA server sends an existing Access-Accept message to the GGSN, which is consistent with the existing WCDMA process, in which the Framed-IP-Address field is filled with the AID value.
如果 AAA服务器根据 IMSI和 APN未查到有效的映射的 AID(即无用户 标识与 AID绑定的情况 ) , AAA服务器向 GGSN发送现有的 Access-Accept 消息, 与现有 WCDMA流程一致, 其中, Framed-IP-Address ( AID )字段填 入特定的约定好的 AID值, 如 "0x00000000" 等。  If the AAA server does not find a valid mapped AID according to the IMSI and the APN (ie, no user identity is bound to the AID), the AAA server sends an existing Access-Accept message to the GGSN, which is consistent with the existing WCDMA process, where The Framed-IP-Address (AID) field is filled with a specific agreed AID value, such as "0x00000000".
如果 AAA服务器负责对用户认证,且认证不通过, AAA服务器向 GGSN 发送现有的 Access-Reject (接入拒绝 ) 消息, 与现有 WCDMA流程一致。  If the AAA server is responsible for authenticating the user and the authentication fails, the AAA server sends an existing Access-Reject message to the GGSN, which is consistent with the existing WCDMA process.
步骤 405: 如果 GGSN收到 Access-Accept消息, 且 Framed-IP-Address ( AID )字段为有效值, GGSN緩存用户 AID与 RID的映射, 同时, 向 AAA 服务器发送现有的 Accounting-Request Start (计费开始请求) 消息, 与现有 WCDMA流程一致。  Step 405: If the GGSN receives the Access-Accept message, and the Framed-IP-Address (AID) field is a valid value, the GGSN caches the mapping between the user AID and the RID, and sends the existing Accounting-Request Start to the AAA server. The fee starts to request) the message, consistent with the existing WCDMA process.
步骤 406: AAA服务器向 GGSN发送现有的 Accounting-Response Start Step 406: The AAA server sends an existing Accounting-Response Start to the GGSN.
(计费请求响应 )应答消息, 与现有 WCDMA流程一致。 The (Billing Request Response) response message is consistent with the existing WCDMA process.
步骤 407: GGSN向 SGSN发送创建 PDP上下文请求应答,将在步骤 404 中获取的用户的有效 AID作为给终端分配的 IP地址, 发送给 SGSN, 与现有 WCDMA流程一致。  Step 407: The GGSN sends a Create PDP Context Request Reply to the SGSN, and sends the valid AID of the user obtained in Step 404 as the IP address assigned to the terminal to the SGSN, which is consistent with the existing WCDMA process.
如果在步骤 404中, GGSN收到的是无效的 AID值, GGSN可使用现有 动态分配 IP地址的流程, 分配一个动态 IP地址, 向 SGSN发送创建 PDP上 下文请求应答, 与现有 WCDMA流程一致, 后续处理该终端的报文时, 作为 非身份、 位置分离网络终端处理; 也可以向 SGSN发送创建 PDP上下文请求 失败应答, 拒绝终端激活 PDP上下文。 If the GGSN receives an invalid AID value in step 404, the GGSN may use the existing dynamic IP address allocation process to allocate a dynamic IP address and send a PDP context request response to the SGSN, which is consistent with the existing WCDMA process. When the packet of the terminal is subsequently processed, it is processed as a non-identity and location separated network terminal; the PDP context request may also be sent to the SGSN. Failure response, rejecting the terminal to activate the PDP context.
如果在步骤 404中, GGSN收到的是 Access-Reject消息, GGSN拒绝终 端激活 PDP上下文, 与现有 WCDMA流程一致。  If, in step 404, the GGSN receives an Access-Reject message, the GGSN rejects the terminal to activate the PDP context, consistent with the existing WCDMA procedure.
步骤 408: SGSN向终端发送 PDP上下文激活应答, 与现有 WCDMA流 程一致。  Step 408: The SGSN sends a PDP context activation response to the terminal, which is consistent with the existing WCDMA process.
如果不要求 AAA 服务器计费, 并且 AAA 服务器能处理 Accounting-Request Start和 Accounting-Request Sto 不匹西己, p GGSN不向 AAA月良务器发送 Accounting-Request Start, 而只发送 Accounting-Request Stop 来删除 AID-RID映射, 步骤 405和步骤 406可以省略。  If the AAA server is not required to be charged, and the AAA server can handle the Accounting-Request Start and the Accounting-Request Sto, the p GGSN does not send the Accounting-Request Start to the AAA server, but only the Accounting-Request Stop. The AID-RID mapping is deleted, and steps 405 and 406 can be omitted.
实施例二 Embodiment 2
本实施例基于图 3描述的身份位置分离的核心网架构, 描述用户终端发 送 PDP上下文去激活请求时, AAA服务器删除用户 AID与 RID映射的过程。  This embodiment is based on the core network architecture of the identity location separation described in FIG. 3, and describes the process of deleting the user AID and RID mapping when the user terminal sends a PDP context deactivation request.
如图 5所示, 该流程主要包括如下步骤:  As shown in Figure 5, the process mainly includes the following steps:
步骤 501 : 终端向 SGSN发送 PDP上下文去激活请求, 同现有 WCDMA 流程一致。  Step 501: The terminal sends a PDP context deactivation request to the SGSN, which is consistent with the existing WCDMA process.
步骤 502: SGSN向 GGSN发送删除 PDP上下文请求, 同现有 WCDMA 流程一致。  Step 502: The SGSN sends a delete PDP context request to the GGSN, which is consistent with the existing WCDMA process.
步骤 503 : GGSN 向 AAA服务器发送停止计费请求, 使用现有的 Accounting-Request Stop (停止计费请求)消息, 其中, Called- Station-Id字段 填 APN 值, 3GPP Vendor-Specific 的 3GPP-IMSI 字段填 IMSI 值, NAS-IP-Address字段填 RID。 流程同现有 WCDMA流程一致。  Step 503: The GGSN sends a stop charging request to the AAA server, and uses an existing Accounting-Request Stop message, where the Called-Station-Id field is filled with the APN value, and the 3GPP-IMSI field of the 3GPP Vendor-Specific Fill in the IMSI value and fill in the RID in the NAS-IP-Address field. The process is consistent with existing WCDMA processes.
步骤 504: AAA服务器收到停止计费请求后, 清除 IMSI和 APN所对应 的 RID。  Step 504: After receiving the stop charging request, the AAA server clears the RID corresponding to the IMSI and the APN.
步骤 505 : AAA 服务器向 GGSN 发送停止计费应答, 使用现有的 Step 505: The AAA server sends a stop charging response to the GGSN, using the existing one.
Accounting-Response Stop (停止计费响应) 消息, 流程同现有 WCDMA流程 一致。 步骤 506: GGSN 向 SGSN发送删除 PDP 上下文应答, 流程同现有 WCDMA流程一致。 The Accounting-Response Stop message, the process is consistent with the existing WCDMA process. Step 506: The GGSN sends a delete PDP context response to the SGSN, and the process is consistent with the existing WCDMA process.
步骤 507 : SGSN 向终端发送 PDP 上下文去激活应答, 流程同现有 WCDMA流程一致。  Step 507: The SGSN sends a PDP context deactivation response to the terminal, and the process is consistent with the existing WCDMA process.
本实施例步骤 503中, GGSN在 Accounting-Request Sto 消息中也可携带 In step 503 of this embodiment, the GGSN is also carried in the Accounting-Request Sto message.
Framed-IP-Address字段, 填入 AID值; 在步骤 504中, AAA服务器清除 AID 值映射的 RID。 The Framed-IP-Address field is filled in with the AID value; in step 504, the AAA server clears the RID of the AID value map.
本实施例步骤 503中, GGSN在 Accounting-Request Sto 消息中可不携带 NAS-IP-Address ( RID )字段; 在步骤 504中, AAA服务器清除 IMSI和 APN 映射的所有 RID。  In step 503 of this embodiment, the GGSN may not carry the NAS-IP-Address (RID) field in the Accounting-Request Sto message; in step 504, the AAA server clears all RIDs mapped by the IMSI and the APN.
实施例三 Embodiment 3
本实施例描述了 GGSN或 ISR发送 AID-RID映射查询, AAA服务器返 回 AID-RID映射的过程。 如图 6所示, 该流程主要包括如下步骤:  This embodiment describes the process in which the GGSN or ISR sends an AID-RID mapping query and the AAA server returns the AID-RID mapping. As shown in Figure 6, the process mainly includes the following steps:
步骤 601: GGSN或 ISR向 AAA服务器发送 AID-RID映射查询请求,携 带 Framed-IP-Address字段, 值为需要查询的 AID值。  Step 601: The GGSN or the ISR sends an AID-RID mapping query request to the AAA server, and carries the Framed-IP-Address field, where the value is the AID value to be queried.
步骤 602: AAA服务器根据步骤 601中的 AID查询映射的 RID。  Step 602: The AAA server queries the mapped RID according to the AID in step 601.
步骤 603: AAA服务器向 GGSN发送 AID-RID 映射查询应答, 携带 NAS-IP-Address字段, 值为在步骤 602中查询得到的 RID。  Step 603: The AAA server sends an AID-RID mapping query response to the GGSN, and carries a NAS-IP-Address field, and the value is the RID obtained by querying in step 602.
在步骤 602中, 如果 AAA服务器查到一个 AID对应多个 RID, 则在步 骤 603中使用扩充的字段返回多个 RID, 或通过多条 AID-RID映射查询应答 返回。 In step 602, if the AAA server finds that an AID corresponds to multiple RIDs, then in step 603, the extended field is used to return multiple RIDs, or the multiple AID-RID mapping query responses are returned.
实施例四 Embodiment 4
本实施例描述了终端切换 GGSN,切换后的新 GGSN或切换前的原 GGSN 向 AAA服务器更新 AID-RID映射的过程。 如图 7所示, 该流程主要包括如 下步骤: This embodiment describes a process in which a terminal switches a GGSN, a new GGSN after handover, or an original GGSN before handover to update an AID-RID mapping to an AAA server. As shown in Figure 7, the process mainly includes Next steps:
步骤 701:终端切换到的新 GGSN向 AAA服务器发送 Access-Request消 息, 与 GGSN与 AAA服务器之间现有的 Access-Request消息一致。 其中, Called-Station-Id字段填入 APN值, 3GPP Vendor- Specific的 3GPP-IMSI字段 填入用户终端的 IMSI值, NAS-IP-Address字段填入 GGSN的为用户终端转 发数据报的地址(位置标识 RID ) 。  Step 701: The new GGSN that the terminal switches to sends an Access-Request message to the AAA server, which is consistent with the existing Access-Request message between the GGSN and the AAA server. The Called-Station-Id field is filled in the APN value, the 3GPP-IMSI field of the 3GPP Vendor-Specific is filled in the IMSI value of the user terminal, and the NAS-IP-Address field is filled in the address of the GGSN for forwarding the datagram to the user terminal (location) Identifies RID).
步骤 702: 同实施例一步骤 404。  Step 702: Step 404 is the same as Embodiment 1.
步骤 703: 同实施例一步骤 405。  Step 703: Step 405 is the same as Embodiment 1.
步骤 704: 同实施例一步骤 406。  Step 704: The same as step 406 of the first embodiment.
步骤 701中, Access-Request消息携带 Framed-IP-Address字段, 填写终 端的 AID值, AAA服务器根据 AID来更新 RID, 而不是通过 IMSI和 APN。 In step 701, the Access-Request message carries the Framed-IP-Address field, fills in the AID value of the terminal, and the AAA server updates the RID according to the AID instead of passing through the IMSI and the APN.
如果 IMSI和 APN可以对应多个 RID,步骤 701中, Access-Request消息 携带 Framed-IP-Address字段, 填写终端的原 RID值, AAA服务器替换 IMSI 和 APN对应的映射中原 RID值为新 RID值。  If the IMSI and the APN can correspond to multiple RIDs, in the step 701, the Access-Request message carries the Framed-IP-Address field, and the original RID value of the terminal is filled in. The AAA server replaces the original RID value in the mapping corresponding to the IMSI and the APN as the new RID value.
如果不要求 AAA 服务器计费, 并且 AAA 服务器能处理 Accounting-Request Start和 Accounting-Request Sto 不匹西己, p GGSN不向 AAA月良务器发送 Accounting-Request Start, 而只发送 Accounting-Request Stop 来删除 AID-RID映射, 步骤 703和步骤 704可以省略。  If the AAA server is not required to be charged, and the AAA server can handle the Accounting-Request Start and the Accounting-Request Sto, the p GGSN does not send the Accounting-Request Start to the AAA server, but only the Accounting-Request Stop. The AID-RID mapping is deleted, and steps 703 and 704 can be omitted.
更新 AID-RID映射关系也可由终端切换前的原 GGSN来完成。  Updating the AID-RID mapping relationship can also be done by the original GGSN before the terminal switches.
此外,本发明实施例中还提供了一种身份位置分离网络中的映射服务器, 所述映射服务器主要包括: In addition, the embodiment of the present invention further provides a mapping server in an identity location separation network, where the mapping server mainly includes:
映射关系存储模块, 用于保存并维护终端的用户标识、 身份标识(AID ) 与位置标识(RID ) 的映射关系;  a mapping relationship storage module, configured to save and maintain a mapping relationship between a user identifier, an identity (AID), and a location identifier (RID) of the terminal;
查询请求处理模块,用于接收到所述身份位置分离网络中的 GGSN或 ISR 根据终端的用户标识或 AID发起的映射查询请求后, 根据该映射查询请求中 的用户标识或 AID返回对应的 RID。 a query request processing module, configured to receive a mapping query request initiated by the GGSN or the ISR in the identity location separation network according to the user identifier or the AID of the terminal, according to the mapping query request The user ID or AID returns the corresponding RID.
进一步地, 所述映射关系存储模块用于, 按照以下方式保存并维护所述 映射关系:  Further, the mapping relationship storage module is configured to save and maintain the mapping relationship in the following manner:
预先保存终端的用户标识与 AID的对应关系;  Pre-storing the correspondence between the user identifier of the terminal and the AID;
接收到所述终端接入的接入服务路由器发送的为所述终端分配的 RID 后, 保存或更新所述终端的用户标识、 AID与 RID的映射关系。  After receiving the RID allocated by the access service router accessed by the terminal for the terminal, the mapping between the user identifier, the AID, and the RID of the terminal is saved or updated.
进一步地, 所述映射服务器应用于 WCDMA或 TD-SCDMA 网络中的 AAA服务器,  Further, the mapping server is applied to an AAA server in a WCDMA or TD-SCDMA network,
所述映射关系存储模块用于, 收到 WCDMA或 TD-SCDMA 网络中的 GGSN发送的接入请求时, 根据所述接入请求中包含的终端的用户标识及认 证信息对所述终端进行认证, 同时根据所述用户标识查询对应的 AID, 如果 所述终端通过认证、 且查询到有效的 AID, 则通过所述 GGSN向所述终端发 送接入响应, 并在所述接入响应中携带所述 AID作为分配给所述终端的 IP 地址; 如果所述终端未通过验证, 则向所述 GGSN返回接入拒绝消息。  The mapping relationship storage module is configured to: when receiving an access request sent by the GGSN in the WCDMA or the TD-SCDMA network, perform authentication on the terminal according to the user identifier and the authentication information of the terminal included in the access request, At the same time, the corresponding AID is queried according to the user identifier. If the terminal passes the authentication and the valid AID is queried, the GGSN sends an access response to the terminal, and carries the The AID is used as an IP address assigned to the terminal; if the terminal fails the verification, an access reject message is returned to the GGSN.
进一步地, 所述映射关系存储模块还用于, 接收到所述接入请求后, 如 果所述终端通过验证、 但根据所述用户标识未能查询有效的 AID, 则通过所 述接入网关向所述终端发送接入响应, 所述接入响应中包含特定的 AID值, 通知所述 GGSN为所述终端分配一个动态 IP地址,或者拒绝所述终端的用户 激活请求。  Further, the mapping relationship storage module is further configured to: after receiving the access request, if the terminal passes the verification, but fails to query the valid AID according to the user identifier, the access gateway is used to The terminal sends an access response, where the access response includes a specific AID value, and the GGSN is notified to allocate a dynamic IP address to the terminal, or reject the user activation request of the terminal.
进一步地, 所述映射关系存储模块还用于, 收到所述 GGSN发送的去激 活消息后, 根据所述去激活消息中携带的所述终端的用户标识, 删除保存的 所述终端的映射关系中的 RID, 并向所述 GGSN发送去激活响应。  Further, the mapping relationship storage module is further configured to: after receiving the deactivation message sent by the GGSN, delete the saved mapping relationship of the terminal according to the user identifier of the terminal carried in the deactivation message The RID in the middle, and sends a deactivation response to the GGSN.
进一步地, 所述映射关系存储模块还用于, 根据所述 GGSN发送的所述 去激活消息中携带的待删除的指定 RID, 删除保存的所述终端的映射关系中 的所述待删除的指定 RID; 和 /或  Further, the mapping relationship storage module is further configured to: delete the specified to be deleted in the saved mapping relationship of the terminal according to the specified RID to be deleted that is carried in the deactivation message sent by the GGSN RID; and / or
收到终端切换到的新接入网关发送的接入请求后, 根据所述接入请求中 包含的所述终端的用户标识及为所述终端分配的新的 RID, 对保存的所述终 端的映射关系中的 RID进行更新。 需要说明的是, 由于 TD-SCDMA核心网与 WCDMA核心网使用相同架 构, 故本发明技术方案同样可以用于 TD-SCDMA及类似架构核心网络。 After receiving the access request sent by the new access gateway to which the terminal is handed over, according to the user identifier of the terminal included in the access request and the new RID allocated to the terminal, the saved terminal is The RID in the mapping relationship is updated. It should be noted that, since the TD-SCDMA core network and the WCDMA core network use the same architecture, the technical solution of the present invention can also be applied to the TD-SCDMA and similar architecture core networks.
以上仅为本发明的优选实施案例而已, 并不用于限制本发明, 本发明还 可有其他多种实施例, 在不背离本发明精神及其实质的情况下, 熟悉本领域 的技术人员可根据本发明做出各种相应的改变和变形, 但这些相应的改变和 变形都应属于本发明所附的权利要求的保护范围。  The above is only a preferred embodiment of the present invention, and is not intended to limit the present invention. The present invention may be embodied in various other embodiments without departing from the spirit and scope of the invention. Various changes and modifications may be made to the invention, and such changes and modifications are intended to be included within the scope of the appended claims.
显然, 本领域的技术人员应该明白, 上述的本发明的各模块或各步骤可 以用通用的计算装置来实现, 它们可以集中在单个的计算装置上, 或者分布 在多个计算装置所组成的网络上, 可选地, 它们可以用计算装置可执行的程 序代码来实现, 从而, 可以将它们存储在存储装置中由计算装置来执行, 并 且在某些情况下, 可以以不同于此处的顺序执行所示出或描述的步骤, 或者 将它们分别制作成各个集成电路模块, 或者将它们中的多个模块或步骤制作 成单个集成电路模块来实现。 这样, 本发明不限制于任何特定的硬件和软件 结合。  Obviously, those skilled in the art should understand that the above modules or steps of the present invention can be implemented by a general-purpose computing device, which can be concentrated on a single computing device or distributed over a network composed of multiple computing devices. Alternatively, they may be implemented by program code executable by the computing device, such that they may be stored in the storage device by the computing device and, in some cases, may be different from the order herein. The steps shown or described are performed, or they are separately fabricated into individual integrated circuit modules, or a plurality of modules or steps are fabricated as a single integrated circuit module. Thus, the invention is not limited to any particular combination of hardware and software.
工业实用性 本发明实施例利用 AAA服务器实现基于 WCDMA的身份位置分离网络 中映射服务器的主要功能, 能够充分利用现有 AAA服务器及 GGSN与 AAA 服务器之间的消息和流程, 因而具有较好的经济性和可行性。 INDUSTRIAL APPLICABILITY The embodiment of the present invention utilizes an AAA server to implement the main functions of a mapping server in a WCDMA-based identity location separation network, and can fully utilize existing AAA servers and messages and processes between the GGSN and the AAA server, thereby having a better economy. Sex and feasibility.

Claims

权 利 要 求 书 Claim
1、 一种身份位置分离网络映射服务器的实现方法, 所述方法包括: 验证、 授权和记账(AAA )服务器保存并维护终端的用户标识、 身份标 识(AID )与位置标识(RID ) 的映射关系;  A method for implementing an identity location separation network mapping server, the method comprising: a verification, authorization, and accounting (AAA) server storing and maintaining a mapping of a user identity, an identity (AID), and a location identifier (RID) of a terminal Relationship
接收到接入服务路由器或互联服务节点 ( ISR )根据终端的用户标识或 Receiving an access service router or an Interworking Service Node (ISR) based on the user ID of the terminal or
AID发起的映射查询请求后,所述 AAA服务器根据该映射查询请求中的用户 标识或 AID返回对应的 RID。 After the AID initiates the mapping query request, the AAA server returns the corresponding RID according to the user identifier or the AID in the mapping query request.
2、 如权利要求 1所述的方法, 其中, 所述 AAA服务器保存并维护所述 映射关系包括:  2. The method of claim 1, wherein the saving and maintaining the mapping relationship by the AAA server comprises:
所述 AAA服务器上预先保存有终端的用户标识与 AID的对应关系; 所述终端接入的接入服务路由器为所述终端分配 RID后, 将为所述终端 分配的所述 RID发送给所述 AAA服务器;  The AAA server pre-stores the correspondence between the user identifier of the terminal and the AID; after the access service router accessed by the terminal allocates the RID to the terminal, the RID allocated for the terminal is sent to the AAA server;
所述 AAA服务器收到所述 RID后, 保存或更新所述终端的用户标识、 AID与 RID的映射关系。  After receiving the RID, the AAA server saves or updates the mapping relationship between the user identifier, the AID, and the RID of the terminal.
3、 如权利要求 1或 2所述的方法, 其中,  3. The method according to claim 1 or 2, wherein
所述用户标识包括国际移动用户识别码(IMSI ) , 或者包括 IMSI和接 入点名称(APN ) 。  The subscriber identity includes an International Mobile Subscriber Identity (IMSI) or includes an IMSI and an Access Point Name (APN).
4、 如权利要求 2 所述的方法, 其中, 所述方法应用于宽带码分多址 ( WCDMA )或时分同步码分多址(TD-SCDMA ) 网络, 所述接入路由服务 器为接入网关 (GGSN ) ;  4. The method according to claim 2, wherein the method is applied to a Wideband Code Division Multiple Access (WCDMA) or Time Division Synchronous Code Division Multiple Access (TD-SCDMA) network, and the access routing server is an access gateway. (GGSN) ;
所述 GGSN在收到终端的激活请求后、 向所述 AAA服务器发送接入请 求时,将为所述终端分配的所述 RID携带在所述接入请求中发送给所述 AAA 服务器;  After receiving the activation request from the terminal, the GGSN sends the RID that is allocated to the terminal to the AAA server in the access request, and sends the access request to the AAA server;
或者,在收到所述 AAA服务器的接入响应后,将为所述终端分配的所述 RID发送给所述 AAA服务器。  Or, after receiving the access response of the AAA server, sending the RID allocated to the terminal to the AAA server.
5、 如权利要求 4所述的方法, 其中,  5. The method of claim 4, wherein
所述 GGSN向所述 AAA服务器发送的所述接入请求中还携带所述终端 的用户标识及认证信息; The access request sent by the GGSN to the AAA server further carries the terminal User identification and authentication information;
所述 AAA服务器接收到所述接入请求后,根据所述认证信息对所述终端 进行认证, 同时根据所述用户标识查询对应的 AID, 如果所述终端通过认证、 且查询到有效的 AID, 则通过所述接入网关向所述终端发送接入响应, 并在 所述接入响应中携带所述 AID作为分配给所述终端的 IP地址;如果所述终端 未通过验证, 则向所述 GGSN返回接入拒绝消息。  After receiving the access request, the AAA server authenticates the terminal according to the authentication information, and queries the corresponding AID according to the user identifier. If the terminal passes the authentication and queries for a valid AID, And sending, by the access gateway, an access response to the terminal, and carrying the AID as an IP address allocated to the terminal in the access response; and if the terminal fails to pass the verification, The GGSN returns an access reject message.
6、 如权利要求 5所述的方法, 其中,  6. The method of claim 5, wherein
所述 GGSN根据收到的所述接入响应中包含的 AID ,将所述 AID作为分 配给所述终端的 IP地址返回给所述终端,同时在本地保存所述终端的 AID与 RID的绑定关系。  The GGSN returns the AID as an IP address assigned to the terminal to the terminal according to the AID received in the access response, and locally stores the binding of the AID and the RID of the terminal locally. relationship.
7、 如权利要求 2、 4或 5所述的方法, 其中,  7. The method of claim 2, 4 or 5, wherein
所述保存或更新是指: 所述 AAA服务器根据收到的所述 RID, 将所述 RID添加到所述映射关系中 , 或者对所述映射关系中的 RID进行更新。  The saving or updating means: the AAA server adds the RID to the mapping relationship according to the received RID, or updates the RID in the mapping relationship.
8、 如权利要求 5所述的方法, 其中,  8. The method of claim 5, wherein
所述 AAA服务器接收到所述接入请求后,如果所述终端通过验证、但根 据所述用户标识未能查询有效的 AID, 则通过所述接入网关向所述终端发送 接入响应, 所述接入响应中包含特定的 AID值;  After the AAA server receives the access request, if the terminal passes the verification but fails to query the valid AID according to the user identifier, the access gateway sends an access response to the terminal by using the access gateway. The access response includes a specific AID value;
所述 GGSN根据所述接入响应中包含的特定的 AID值,为所述终端分配 一个动态 IP地址, 或者拒绝所述终端的用户激活请求。  The GGSN allocates a dynamic IP address to the terminal according to a specific AID value included in the access response, or rejects a user activation request of the terminal.
9、 如权利要求 7所述的方法, 其中,  9. The method of claim 7, wherein
所述映射关系的更新, 还包括:  The updating of the mapping relationship further includes:
所述接入网关在收到所述终端的去激活消息后,向所述 AAA服务器发送 去激活消息, 携带所述终端的用户标识;  After receiving the deactivation message of the terminal, the access gateway sends a deactivation message to the AAA server, and carries the user identifier of the terminal;
所述 AAA服务器收到所述去激活消息后,根据所述终端的用户标识,删 除保存的所述终端的映射关系中的 RID,并向所述接入网关发送去激活响应。  After receiving the deactivation message, the AAA server deletes the saved RID in the mapping relationship of the terminal according to the user identifier of the terminal, and sends a deactivation response to the access gateway.
10、 如权利要求 9所述的方法, 其中,  10. The method of claim 9, wherein
当所述终端的用户标识对应多个 RID时, 所述接入网关在向 AAA服务 器发送的所述去激活消息中, 携带待删除的指定 RID。 When the user identifier of the terminal corresponds to multiple RIDs, the access gateway is serving the AAA The deactivated message sent by the device carries the designated RID to be deleted.
11、 如权利要求 7所述的方法, 其中,  11. The method of claim 7, wherein
所述映射关系的更新, 还包括:  The updating of the mapping relationship further includes:
所述接入网关在收到所述终端的上下文更改请求或切换请求后, 向所述 AAA服务器发送接入请求, 所述接入请求中携带所述终端的用户标识及为所 述终端分配的新的 RID;  After receiving the context change request or the handover request of the terminal, the access gateway sends an access request to the AAA server, where the access request carries the user identifier of the terminal and is allocated for the terminal. New RID;
所述 AAA服务器收到所述接入请求后, 根据所述新的 RID对保存的所 述终端的映射关系中的 RID进行更新。  After receiving the access request, the AAA server updates the RID in the saved mapping relationship of the terminal according to the new RID.
12、 一种身份位置分离网络映射服务器的实现方法, 所述方法包括: AAA服务器保存终端的第一标识, 并维护终端的第一标识与第二标识的 映射关系;  The method for implementing the identity location separation network mapping server, the method includes: the AAA server saves the first identifier of the terminal, and maintains a mapping relationship between the first identifier and the second identifier of the terminal;
所述 AAA服务器接收到 GGSN或 ISR根据终端的第一标识发起的映射 查询请求后, 根据该映射查询请求中的第一标识返回对应的第二标识。  After receiving the mapping query request initiated by the GGSN or the ISR according to the first identifier of the terminal, the AAA server returns a corresponding second identifier according to the first identifier in the mapping query request.
13、 如权利要求 12 所述的方法, 其中, 所述方法应用于 WCDMA或 TD-SCDMA网络, 所述第二标识包括 RID;  The method of claim 12, wherein the method is applied to a WCDMA or TD-SCDMA network, and the second identifier comprises an RID;
所述终端接入的 GGSN为所述终端分配的 RID后,将为所述终端分配的 所述 RID发送给所述 AAA服务器;  After the GGSN accessed by the terminal is the RID allocated by the terminal, the RID allocated to the terminal is sent to the AAA server;
所述 AAA服务器收到所述 RID后, 保存或更新所述终端的第一标识与 RID的映射关系。  After receiving the RID, the AAA server saves or updates the mapping relationship between the first identifier of the terminal and the RID.
14、 如权利要求 12或 13所述的方法, 其中,  14. The method of claim 12 or 13, wherein
所述第一标识包括用户标识、 和 /或 AID;  The first identifier includes a user identifier, and/or an AID;
其中, 所述用户标识包括 IMSI, 或者包括 IMSI和 APN。  The user identifier includes an IMSI, or includes an IMSI and an APN.
15、 一种身份位置分离网络的映射服务器, 所述映射服务器包括: 映射关系存储模块, 其设置为: 保存并维护终端的用户标识、 身份标识 ( AID )与位置标识(RID ) 的映射关系;  A mapping server for an identity location separation network, the mapping server includes: a mapping relationship storage module, configured to: save and maintain a mapping relationship between a user identifier, an identity (AID), and a location identifier (RID) of the terminal;
查询请求处理模块,其设置为:接收到所述身份位置分离网络中的 GGSN 或 ISR根据终端的用户标识或 AID发起的映射查询请求后, 根据该映射查询 请求中的用户标识或 AID返回对应的 RID。 The query request processing module is configured to: after receiving the mapping query request initiated by the GGSN or the ISR in the identity location separation network according to the user identifier or the AID of the terminal, according to the mapping query The user ID or AID in the request returns the corresponding RID.
16、 如权利要求 15所述的映射服务器, 其中,  16. The mapping server according to claim 15, wherein
所述映射关系存储模块还设置为: 按照以下方式保存并维护所述映射关 系:  The mapping relationship storage module is further configured to: save and maintain the mapping relationship as follows:
预先保存终端的用户标识与 AID的对应关系;  Pre-storing the correspondence between the user identifier of the terminal and the AID;
接收到所述终端接入的接入服务路由器发送的为所述终端分配的 RID 后, 保存或更新所述终端的用户标识、 AID与 RID的映射关系。  After receiving the RID allocated by the access service router accessed by the terminal for the terminal, the mapping between the user identifier, the AID, and the RID of the terminal is saved or updated.
17、 如权利要求 15或 16所述的映射服务器, 其中, 所述映射服务器应 用于 WCDMA或 TD-SCDMA网络中的 AAA服务器,  The mapping server according to claim 15 or 16, wherein the mapping server is applied to an AAA server in a WCDMA or TD-SCDMA network,
所述映射关系存储模块设置为: 收到 WCDMA或 TD-SCDMA网络中的 The mapping relationship storage module is configured to: receive in a WCDMA or TD-SCDMA network
GGSN发送的接入请求时, 根据所述接入请求中包含的终端的用户标识及认 证信息对所述终端进行认证, 同时根据所述用户标识查询对应的 AID, 如果 所述终端通过认证、 且查询到有效的 AID, 则通过所述 GGSN向所述终端发 送接入响应, 并在所述接入响应中携带所述 AID作为分配给所述终端的 IP 地址; 如果所述终端未通过验证, 则向所述 GGSN返回接入拒绝消息。 When the access request is sent by the GGSN, the terminal is authenticated according to the user identifier and the authentication information of the terminal included in the access request, and the corresponding AID is queried according to the user identifier, if the terminal passes the authentication, and If the valid AID is queried, the GGSN sends an access response to the terminal, and the AID is carried in the access response as an IP address assigned to the terminal; if the terminal fails to pass the verification, Then, an access reject message is returned to the GGSN.
18、 如权利要求 17所述的映射服务器, 其中,  18. The mapping server according to claim 17, wherein
所述映射关系存储模块还设置为: 接收到所述接入请求后, 如果所述终 端通过验证、 但根据所述用户标识未能查询有效的 AID, 则通过所述接入网 关向所述终端发送接入响应, 所述接入响应中包含特定的 AID值, 通知所述 GGSN为所述终端分配一个动态 IP地址,或者拒绝所述终端的用户激活请求。  The mapping relationship storage module is further configured to: after receiving the access request, if the terminal passes the verification, but fails to query the valid AID according to the user identifier, the access gateway is used to the terminal And sending an access response, where the access response includes a specific AID value, and the GGSN is notified to allocate a dynamic IP address to the terminal, or reject a user activation request of the terminal.
19、 如权利要求 17所述的映射服务器, 其中,  19. The mapping server according to claim 17, wherein
所述映射关系存储模块还设置为:收到所述 GGSN发送的去激活消息后 , 根据所述去激活消息中携带的所述终端的用户标识, 删除保存的所述终端的 映射关系中的 RID, 并向所述 GGSN发送去激活响应。  The mapping relationship storage module is further configured to: after receiving the deactivation message sent by the GGSN, delete the saved RID in the mapping relationship of the terminal according to the user identifier of the terminal carried in the deactivation message And sending a deactivation response to the GGSN.
20、 如权利要求 18所述的映射服务器, 其中,  20. The mapping server according to claim 18, wherein
所述映射关系存储模块还设置为: 根据所述 GGSN发送的所述去激活消 息中携带的待删除的指定 RID, 删除保存的所述终端的映射关系中的所述待 删除的指定 RID; 和 /或 收到终端切换到的新接入网关发送的接入请求后, 根据所述接入请求中 包含的所述终端的用户标识及为所述终端分配的新的 RID, 对保存的所述终 端的映射关系中的 RID进行更新。 The mapping relationship storage module is further configured to: delete the specified RID to be deleted in the saved mapping relationship of the terminal according to the specified RID to be deleted that is carried in the deactivation message sent by the GGSN; and / or After receiving the access request sent by the new access gateway to which the terminal is handed over, according to the user identifier of the terminal included in the access request and the new RID allocated to the terminal, the saved terminal is The RID in the mapping relationship is updated.
PCT/CN2011/080645 2011-03-09 2011-10-11 A mapping server in subscriber identifier & locator separation network and a implementing method thereof WO2012119450A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201110056241.4 2011-03-09
CN201110056241.4A CN102685712B (en) 2011-03-09 2011-03-09 Mapping server in a kind of identity position separation network and its implementation

Publications (1)

Publication Number Publication Date
WO2012119450A1 true WO2012119450A1 (en) 2012-09-13

Family

ID=46797456

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2011/080645 WO2012119450A1 (en) 2011-03-09 2011-10-11 A mapping server in subscriber identifier & locator separation network and a implementing method thereof

Country Status (2)

Country Link
CN (1) CN102685712B (en)
WO (1) WO2012119450A1 (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103781047A (en) * 2012-10-23 2014-05-07 中兴通讯股份有限公司 Data routing method in roaming, intercommunication service router and access service router
US8910300B2 (en) 2010-12-30 2014-12-09 Fon Wireless Limited Secure tunneling platform system and method
US9088955B2 (en) 2006-04-12 2015-07-21 Fon Wireless Limited System and method for linking existing Wi-Fi access points into a single unified network
US9826102B2 (en) 2006-04-12 2017-11-21 Fon Wireless Limited Linking existing Wi-Fi access points into unified network for VoIP

Families Citing this family (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103905386B (en) * 2012-12-26 2017-10-24 中国电信股份有限公司 Method, edge device and the network of the non-registered access of sip terminal
CN104468850A (en) * 2013-09-12 2015-03-25 中兴通讯股份有限公司 Method and device for processing identification information
CN106126174B (en) 2016-06-16 2019-02-22 Oppo广东移动通信有限公司 A kind of control method and electronic equipment of scene audio
EP3622777B1 (en) * 2017-05-12 2021-07-07 Telefonaktiebolaget LM Ericsson (Publ) Local identifier locator network protocol (ilnp) breakout
CN110445873B (en) * 2019-08-14 2022-08-23 睿云联(厦门)网络通讯技术有限公司 Cloud platform service access method and redirection server
CN111817854B (en) * 2020-06-04 2022-03-18 中国电子科技集团公司第三十研究所 Security authentication method and system based on centerless identification mapping synchronous management

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101483675A (en) * 2008-01-11 2009-07-15 华为技术有限公司 Network appliance searching method and network appliance
CN101656656A (en) * 2008-08-22 2010-02-24 中国移动通信集团公司 Method and device for sending and receiving isomerized mobile communication network-based message
CN101656765A (en) * 2009-09-14 2010-02-24 中兴通讯股份有限公司 Address mapping system and data transmission method of identifier/locator separation network
CN101667916A (en) * 2009-09-28 2010-03-10 北京交通大学 Method of identifying user identity by digital certificate based on separating mapping network
CN101730101A (en) * 2009-04-15 2010-06-09 中兴通讯股份有限公司 Realizing method, system and device for separating identify label from position
CN101945034A (en) * 2009-07-08 2011-01-12 中兴通讯股份有限公司 Data switching system and method based on locator identify separation protocol (LISP)

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101483675A (en) * 2008-01-11 2009-07-15 华为技术有限公司 Network appliance searching method and network appliance
CN101656656A (en) * 2008-08-22 2010-02-24 中国移动通信集团公司 Method and device for sending and receiving isomerized mobile communication network-based message
CN101730101A (en) * 2009-04-15 2010-06-09 中兴通讯股份有限公司 Realizing method, system and device for separating identify label from position
CN101945034A (en) * 2009-07-08 2011-01-12 中兴通讯股份有限公司 Data switching system and method based on locator identify separation protocol (LISP)
CN101656765A (en) * 2009-09-14 2010-02-24 中兴通讯股份有限公司 Address mapping system and data transmission method of identifier/locator separation network
CN101667916A (en) * 2009-09-28 2010-03-10 北京交通大学 Method of identifying user identity by digital certificate based on separating mapping network

Cited By (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9088955B2 (en) 2006-04-12 2015-07-21 Fon Wireless Limited System and method for linking existing Wi-Fi access points into a single unified network
US9125170B2 (en) 2006-04-12 2015-09-01 Fon Wireless Limited Linking existing Wi-Fi access points into unified network
US9826102B2 (en) 2006-04-12 2017-11-21 Fon Wireless Limited Linking existing Wi-Fi access points into unified network for VoIP
US10291787B2 (en) 2006-04-12 2019-05-14 Fon Wireless Limited Unified network of Wi-Fi access points
US10728396B2 (en) 2006-04-12 2020-07-28 Fon Wireless Limited Unified network of Wi-Fi access points
US8910300B2 (en) 2010-12-30 2014-12-09 Fon Wireless Limited Secure tunneling platform system and method
US9015855B2 (en) 2010-12-30 2015-04-21 Fon Wireless Limited Secure tunneling platform system and method
CN103781047A (en) * 2012-10-23 2014-05-07 中兴通讯股份有限公司 Data routing method in roaming, intercommunication service router and access service router

Also Published As

Publication number Publication date
CN102685712B (en) 2016-08-03
CN102685712A (en) 2012-09-19

Similar Documents

Publication Publication Date Title
WO2012119450A1 (en) A mapping server in subscriber identifier & locator separation network and a implementing method thereof
US10462699B2 (en) System and method for internet protocol version-based multiple access point name support in a network environment
US7809003B2 (en) Method for the routing and control of packet data traffic in a communication system
US20060251257A1 (en) Utilizing generic authentication architecture for mobile internet protocol key distribution
US8625617B2 (en) Method, apparatus, and system for updating packet data network gateway information
US20030067923A1 (en) Method for providing packet data service in a wireless communication system
US20080294891A1 (en) Method for Authenticating a Mobile Node in a Communication Network
US20050190734A1 (en) NAI based AAA extensions for mobile IPv6
JP2009510858A (en) Policy control in an extended system architecture
CN102695236B (en) A kind of data routing method and system
KR20060103688A (en) Method of mobile node's connection to virtual private network using mobile ip
US20150296445A1 (en) Method, device and system for managing packet data network type
WO2008022597A1 (en) Method and device for terminal handover, method and device for getting address of origin access entity
WO2009046666A1 (en) Addressing method of policy decision function entity, network element and network system
WO2011085618A1 (en) Method for terminal switching and corresponding communication network
US8923811B2 (en) Methods and apparatuses for dynamic management of security associations in a wireless network
US8893231B2 (en) Multi-access authentication in communication system
WO2011011945A1 (en) Message-sending method and serving gprs support node
WO2014101755A1 (en) Service data shunting method and system
WO2011057556A1 (en) Method and mobile network system for reducing internet protocol address demand
US20120207060A1 (en) Method and System for Implementing ID/Locator Mapping
WO2011011940A1 (en) Method and system for establishing mobile network connection
US8045569B1 (en) Mechanism to verify packet data network support for internet protocol mobility
WO2011120365A1 (en) Method and system for establishing connection between multi-homed terminals
WO2009155863A1 (en) Method and system for supporting mobility security in the next generation network

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 11860208

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 11860208

Country of ref document: EP

Kind code of ref document: A1