WO2012122947A1 - Method, system and apparatus for accessing wlan network - Google Patents

Method, system and apparatus for accessing wlan network Download PDF

Info

Publication number
WO2012122947A1
WO2012122947A1 PCT/CN2012/072446 CN2012072446W WO2012122947A1 WO 2012122947 A1 WO2012122947 A1 WO 2012122947A1 CN 2012072446 W CN2012072446 W CN 2012072446W WO 2012122947 A1 WO2012122947 A1 WO 2012122947A1
Authority
WO
WIPO (PCT)
Prior art keywords
wlan
authentication
terminal
mobile communication
wlan terminal
Prior art date
Application number
PCT/CN2012/072446
Other languages
French (fr)
Chinese (zh)
Inventor
杨晓范
王文明
刘辉
刘南
盛凌志
邢刚
Original Assignee
中国移动通信集团北京有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 中国移动通信集团北京有限公司 filed Critical 中国移动通信集团北京有限公司
Publication of WO2012122947A1 publication Critical patent/WO2012122947A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • H04W12/062Pre-authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • H04W12/068Authentication using credential vaults, e.g. password manager applications or one time password [OTP] applications
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W84/00Network topologies
    • H04W84/02Hierarchically pre-organised networks, e.g. paging networks, cellular networks, WLAN [Wireless Local Area Network] or WLL [Wireless Local Loop]
    • H04W84/10Small scale networks; Flat hierarchical networks
    • H04W84/12WLAN [Wireless Local Area Networks]

Definitions

  • the present invention relates to the field of mobile communications technologies, and in particular, to a method, system, and device for accessing a WLAN network.
  • WLAN terminals mobile communication terminals with wireless local area network (WLAN) modules (hereinafter referred to as WLAN terminals) are gradually popularized, and WLAN networks are used to offload mobile communication network data services. Under the pressure of the WLAN terminal, accessing the WLAN network to access the mobile Internet anytime and anywhere has become a trend of wireless broadband access networks.
  • WLAN wireless local area network
  • FIG. 1 it is a topology diagram of a network structure of an existing WLAN network, where a WLAN terminal is connected to an WLAN access point (AP, Access Point), and the WLAN AP accesses the WLAN through a switch and a router in the metropolitan area network.
  • the controller AC, Access Controller
  • the WLAN terminal is connected to the WLAN network through the WLAN AC.
  • Step 101 The WLAN terminal accesses the WLAN AP.
  • Step 102 Access the WLAN service user access authentication point and service control point (AC/SC) through the WLAN AP.
  • Step 103 Access the WLAN network through the WLAN AC/SC.
  • the above scheme for accessing the WLAN network is based on a fixed access network (metropolitan area network) of the entire Internet Protocol (IP), and the connection between the WLAN AP and the metropolitan area network is a wired connection. Therefore, the deployment of the WLAN AP is restricted, resulting in WLAN networks cannot achieve large-area continuous coverage, especially in mobile vehicles such as buses, trains, and subways. Because WLAN APs cannot be deployed, coverage of WLAN networks cannot be achieved, making it difficult for mobile terminals to access WLAN networks.
  • IP Internet Protocol
  • a relay access scheme of the WLAN network including: setting the AP on the user side and the network side, and the AP on the user side.
  • the base station AP on the network side communicates in a wireless manner. After the WLAN terminal is connected to the user-side AP, the base station AP on the network side accesses the metropolitan area network, and then connects to the WLAN AC through the metropolitan area network, and passes through the WLAN AC.
  • the WLAN terminal accesses the WLAN network.
  • the common network structure topology is shown in Figure 3 below.
  • the trunk access scheme of the WLAN network is still based on the metropolitan area network.
  • the deployment of the WLAN AP is somewhat improved, the deployment scope of the user-side AP is expanded to some extent, but it is still subject to the network side.
  • the impact of the base station AP coverage, the network shield capacity and continuous coverage of the WLAN network are still subject to certain restrictions.
  • the existing all-IP-based fixed metropolitan area network access WLAN network and the WLAN network relay access scheme do not fully consider and utilize existing mobile communication network resources, so that the WLAN network The continuous coverage capability is poor, resulting in a low network shield of the WLAN network.
  • the embodiments of the present invention provide a method, system, and device for accessing a WLAN network, which are used to solve the problem that the network shield of the WLAN network is low due to poor continuous coverage capability of the WLAN network in the prior art.
  • a method for accessing a wireless local area network WLAN network comprising:
  • the WLAN AC receives the access request sent by the mobile communication network element, and the access request is that the WLAN terminal of the wireless local area network is forwarded to the mobile communication network element by using the wireless routing device;
  • the WLAN AC sends the access request to the authentication device, and the authentication device is required to authenticate the WLAN terminal according to the received access request, and when the authentication is passed, instruct the WLAN terminal to access the WLAN network. .
  • a system for accessing a WLAN network comprising a wireless local area network WLAN terminal, a wireless routing device, a mobile communication network element, a wireless local area network access controller WLAN AC, and an authentication device, wherein:
  • a WLAN terminal configured to send an access request to the wireless routing device
  • a wireless routing device configured to forward the access request to a mobile communication network element
  • a mobile communication network element configured to forward the access request to the WLAN AC
  • the WLAN AC is configured to send the access request to the authentication device, and when the authentication device authenticates the WLAN terminal, instruct the WLAN terminal to access the WLAN network;
  • An authentication device configured to authenticate the WLAN terminal according to the access request.
  • a wireless local area network access controller WLAN AC includes a first receiving module and a first sending module, where:
  • the first receiving module is configured to receive an access request sent by the mobile communication network element, where the access request is forwarded by the wireless local area network WLAN terminal to the mobile communication network element by using the wireless routing device;
  • a mobile communication network element comprising: an access unit and at least one data service gateway: an access unit, configured to receive an access request, where the access request is forwarded by a wireless local area network WLAN terminal by using a wireless routing device ;
  • the data service gateway is configured to forward the access request to the WLAN access controller WLAN AC, and the WLAN AC is required to indicate that the WLAN terminal accesses the WLAN network when the WLAN terminal authenticates.
  • the access request initiated by the WLAN terminal to access the WLAN network is no longer connected to the WLAN AC through the wired connection of the metropolitan area network, but through the wireless routing device and the mobile communication network element.
  • the wireless communication mode is connected to the WLAN AC, so that the WLAN AC authenticates the received access request through the authentication device, thereby achieving the purpose of the WLAN terminal accessing the WLAN network. Since the access request initiated by the WLAN terminal is transmitted to the WLAN AC through the wireless communication method of the wireless routing device and the mobile communication network element, the wireless transmission function of the wireless routing device and the mobile communication network element can effectively improve the flexibility of the network element deployment. In turn, large-area continuous coverage of the WLAN network can be realized, and the network shield of the WLAN network can be increased.
  • FIG. 1 is a topological diagram of a network structure of a WLAN network in the prior art
  • FIG. 2 is a schematic flowchart of a method for accessing a WLAN network in the prior art
  • FIG. 3 is a topological diagram of a network structure of a WLAN network in the prior art
  • FIG. 4 is a schematic flowchart of a method for accessing a WLAN network according to Embodiment 1 of the present invention.
  • FIG. 5 is a schematic flowchart of a method for accessing a WLAN network according to Embodiment 2 of the present invention.
  • FIG. 6 is a schematic structural diagram of a system for accessing a WLAN network according to Embodiment 3 of the present invention.
  • FIG. 7 is a schematic structural diagram of a wireless local area network access controller according to Embodiment 4 of the present invention.
  • FIG. 8 is a schematic structural diagram of a mobile communication network element according to Embodiment 5 of the present invention.
  • the present invention provides a new network system architecture, in which WLAN terminals, wireless routing devices, mobile communication network elements, The WLAN AC and the authentication device are sequentially connected by wire or wirelessly, and the WLAN terminal can access the wireless routing device, and the wireless routing device communicates with the existing mobile communication network, and the authentication device set by the mobile communication network side The accessed WLAN terminal performs authentication authentication. When the authentication and authentication is passed, the WLAN terminal accesses the WLAN network through the WLAN AC, thereby solving the problem that the WLAN AP does not support mobility, resulting in mobile traffic such as buses, trains, and subways.
  • the mobile terminal uses the WLAN network to access the mobile Internet, which is more difficult. It is no longer limited by the coverage of the base station AP on the network side. The network shield capacity and continuous coverage capability are guaranteed, and at the same time, it is fully beneficial. Existing mobile communication network resources are used.
  • a first embodiment of the present invention provides a method for accessing a WLAN network.
  • the flowchart of the method is as shown in FIG. 4, and specifically includes the following steps:
  • Step 201 The WLAN terminal sends an access request.
  • the WLAN terminal When the WLAN terminal wants to access the WLAN network, it sends an access request to the wireless routing device, where the request may carry the terminal identifier.
  • the WLAN terminal refers to a mobile communication terminal with a WLAN module, and includes a portable computer terminal device supporting a WIFI module such as a notebook computer, a wireless fidelity (WIFI) mobile phone terminal, and a tablet computer.
  • a WIFI module such as a notebook computer, a wireless fidelity (WIFI) mobile phone terminal, and a tablet computer.
  • Step 202 The wireless routing device sends the access request to the mobile communication network element.
  • the wireless routing device may be deployed in a data service hotspot area for completing the function of supporting a terminal device that supports the WIFI standard such as 802.11a/b/g/n to access a public mobile communication network, which may include a user terminal access module and data. Returning the module, and using the data backhaul module to transmit the access request sent by the WLAN terminal to the mobile communication network.
  • a terminal device that supports the WIFI standard such as 802.11a/b/g/n
  • a public mobile communication network which may include a user terminal access module and data.
  • the data backhaul module can support multiple modes, for example, the data backhaul module can be time-divided TD-SCDMA (Time Division-Synchronous Code Division Multiple Access) mode, or TD-LTE (TD-SCDMA Long Term Evolution) mode, or wideband code division WCDMA (Wandaband Code Division Multiple Access) mode, or Code Division Multiple Access (CDMA) mode, or long-term evolution technology including FDD (Frequency Division Duplexing) (LTE, Long Term) Evolution 3G ⁇ 4G network mode, etc., no longer here - enumeration.
  • TD-SCDMA Time Division-Synchronous Code Division Multiple Access
  • TD-LTE TD-SCDMA Long Term Evolution
  • WCDMA Wideband Code Division Multiple Access
  • CDMA Code Division Multiple Access
  • long-term evolution technology including FDD (Frequency Division Duplexing) (LTE, Long Term) Evolution 3G ⁇ 4G network mode, etc., no longer here - enumer
  • the user terminal access module and the data backhaul module may each be multiple to implement data access and data backhaul respectively.
  • the wireless routing device is responsible for completing the encryption and decryption of data packets with the WLAN terminal, and also supports the data compression function, and the data compression and decompression processing is completed by cooperation with the network side device to improve the mobile communication. Utilization of network resources.
  • the wireless routing device can control the WLAN terminal to access the WLAN network through the network logo.
  • the WLAN terminal can perform handover (Handover) between different wireless routing devices, so that different wireless routing devices can access the WLAN network. Ensure that data communication is not interrupted.
  • the wireless routing device can be customized by the operator to write a dedicated access point name (APN, Access Point) Name)
  • APN Access Point
  • the APN is China Mobile Network (CMNET, China Mobile Net)
  • CMNET China Mobile Network
  • the accessed mobile communication network is a CMNET network.
  • Step 203 The mobile communication network element sends the access request to the WLAN AC.
  • the mobile communication network element may be a network element of a TD-SCDMA network packet (PS) domain, or may be a network element of a TD-LTE network.
  • PS network packet
  • the mobile communication network element can include an access unit and at least one data service gateway.
  • the access unit may receive the APN by using the access unit, and determine, according to the received APN, to send to the WLAN AC.
  • the incoming data service gateway sends an access request to the WLAN AC by the determined data service gateway, where the data service gateway can be a GGSN (Gateway GPRS Support Node) device in the 3G network, or an LTE network LTE P-GW device.
  • GGSN Gateway GPRS Support Node
  • the WLAN AC is used to complete management and configuration of the wireless routing device to implement functions such as load balancing and dynamic channel allocation, and the WLAN AC serves as a security control node for the WLAN terminal access to the WLAN terminal. Completing the corresponding authentication and accounting auxiliary functions, supporting the establishment of a tunnel with the mobile communication network element, and authenticating the packets sent from the tunnel.
  • Step 204 The WLAN AC sends the access request to the authentication device.
  • the WLAN AC sends the access request to the authentication device, and the authentication device is required to authenticate the WLAN terminal according to the received access request, and when the authentication is passed, instruct the WLAN terminal to access the WLAN network. .
  • the WLAN terminal may be authenticated by using an authentication method based on the WEB page.
  • the authentication device may include an entry (PORTAL) server and an authentication server, and the wireless routing device may The access point that is accessed by the WLAN terminal is connected to the authentication server in the background, and the authentication of the WLAN user is completed.
  • the authentication server in the background may be a remote authentication dial in user service (RADIUS) server.
  • the WLAN AC provides the mandatory PORTAL function, and pushes the authentication page to the WLAN terminal, and connects it as a security control point to the authentication server in the background to complete the access authentication to the WLAN terminal.
  • the WLAN terminal service data passes through the WLAN AC. Access to the appropriate dedicated service network.
  • step 204 specifically includes the following steps:
  • Step 2051 The WLAN AC sends the access request to the ingress server.
  • the WLAN AC sends the access request to the ingress server, instructing the ingress server to
  • the WLAN terminal pushes the authentication page.
  • the ingress server is configured to cooperate with the WLAN AC to complete the authentication of the WLAN terminal in the WEB page-based authentication mode, that is, the ingress server passes the WLAN AC after receiving the access request of the WLAN terminal forwarded by the WLAN AC.
  • the authentication page is displayed to the WLAN terminal, and the WLAN terminal is required to input the authentication information, where the authentication information may be a terminal identifier and a password corresponding to the terminal identifier, such as a mobile phone number and a password.
  • the portal server pushes the authentication page to the WLAN terminal, which specifically includes:
  • the WLAN AC sends an authentication page pushed by the ingress server to the WLAN terminal to the mobile communication network element, indicating that the mobile communication network element forwards the authentication page to the WLAN terminal through the wireless routing device.
  • Step 2042 The WLAN AC receives the authentication page that is returned by the WLAN terminal and carries the authentication information.
  • the WLAN terminal When receiving the authentication page pushed by the portal server, the WLAN terminal inputs the corresponding authentication information according to the indication of the authentication page, and sends the authentication page carrying the authentication information to the WLAN AC.
  • the WLAN AC receives the authentication page that carries the authentication information that is returned by the WLAN terminal, and specifically includes: the WLAN AC receives the authentication page that is sent by the mobile communication network element and carries the authentication information, where the authentication page that carries the authentication information is the WLAN.
  • the terminal forwards to the mobile communication network element through the wireless routing device.
  • Step 2043 The WLAN AC sends the authentication information to the authentication server.
  • the WLAN AC sends the authentication information to the authentication server, and the authentication server is required to authenticate the WLAN terminal according to the authentication information, and the authentication server matches the received authentication information with the authentication information that has been saved by itself, and may determine When the received authentication information is the authentication information that has been saved by itself, the authentication is confirmed to pass, and the WLAN AC is instructed to access the WLAN terminal to the WLAN network.
  • the method may further include the charging step of each WLAN terminal, and of course, the terminal identifier of the WLAN terminal that needs to pass the WLAN AC record authentication before performing the charging step,
  • the WLAN AC collects billing information such as the duration of the user data communication and the traffic, and sends the billing information to the authentication server and the ingress server to generate bills.
  • the billing step includes :
  • Step 205 The WLAN AC receives charging information of multiple WLAN terminals accessing the WLAN network.
  • the WLAN AC receives charging information of a plurality of WLAN terminals accessing the WLAN network through the wireless routing device.
  • Step 206 The WLAN AC determines, according to the recorded terminal identifier of the WLAN terminal, charging information of each WLAN terminal accessing the WLAN network.
  • the charging information received by the WLAN AC may be from multiple wireless routing devices, and each wireless routing device may also access multiple WLAN terminals. Therefore, in this step, the WLAN AC may be based on the saved terminal of the WLAN terminal.
  • the identifier classifies the received charging information, and determines charging information of each WLAN terminal separately.
  • Step 207 The WLAN AC sends the charging information of each WLAN terminal to the authentication server, and instructs the authentication server to perform charging for each WLAN terminal.
  • the WLAN AC sends the determined charging information of each WLAN terminal to the authentication server, and the authentication server performs charging according to the received charging information and generates a bill (accounting data record, ie, CDR). And the bill generated by the billing is sent to the BOSS billing subsystem through the billing data interface, thereby implementing for each WLAN Terminal billing.
  • the mobile communication network element may be a network element of a TD-SCDMA network packet (PS) domain, where the access device may be a serving GPRS support node (SGSN, SERVICING GPRS SUPPORT NODE), and the data service gateway may be a gateway GPRS support node.
  • SGSN serving GPRS support node
  • GGSN Gateway GPRS Support Node
  • the SGSN completes the access of the authentication data and the charging data of the WLAN terminal
  • the GGSN configures the dedicated APN for the wireless routing device access, and accesses the data sent by the WLAN terminal through the tunnel. Go to WLAN AC.
  • the mobile communication network element is used as the network element of the TD-SCDMA network packet (PS) domain
  • the WLAN terminal is authenticated by using the WEB page-based authentication method as an example, and the solution of the first embodiment of the present invention is performed by using a specific example. Detailed description.
  • FIG. 5 is a flowchart of steps of a method for accessing a WLAN network according to Embodiment 2 of the present invention, which specifically includes the following steps:
  • Step 301 The WLAN terminal sends an access request.
  • the WLAN terminal can use the public network Class C address to send an access request.
  • Step 302 The wireless routing device sends the access request to the mobile communication network element.
  • the wireless routing device includes a data backhaul module of the TD-SCDMA mode, and the data backhaul module can use the private IP address to send the access request to ensure a proprietary relationship between the wireless routing device and the WLAN AC.
  • the tunnel, and the access request data sent by the WLAN terminal is sent to the GGSN through the SGSN.
  • the SGSN may select a GGSN that matches the APN according to the APN sent by the wireless routing device, and send the received access request to the selected GGSN.
  • Step 303 The mobile communication network element sends the access request to the WLAN AC.
  • the GGSN can send the received access request to the WLAN AC through the Gi interface configured between the GGSN and the WLAN AC.
  • Step 304 The WLAN AC points the received access request to the ingress server.
  • Step 305 The portal server pushes a PORTAL web authentication page to the WLAN terminal.
  • the WLAN AC sends the PORTAL web authentication page that the ingress server pushes to the WLAN terminal to the GGSN, and the GGSN sends the received authentication page to the wireless routing device through the SGSN, instructing the wireless routing device to forward the authentication page to the WLAN terminal.
  • Step 306 The WLAN terminal pushes the authentication page carrying the authentication information to the authentication server.
  • the WLAN terminal user can enter the terminal identifier (eg, mobile phone number) and password in the PORTAL WEB authentication page, and then the authentication page carrying the authentication information is routed to the authentication server by the wireless routing device, the SGSN, the GGSN, and the WLAN AC.
  • the terminal identifier eg, mobile phone number
  • password e.g., password
  • the authentication page carrying the authentication information is routed to the authentication server by the wireless routing device, the SGSN, the GGSN, and the WLAN AC.
  • Step 307 After the authentication is passed, the WLAN AC controls and allows the WLAN terminal to access the Internet (Internet) route.
  • the authentication server authenticates the WLAN terminal, and notifies the WLAN terminal to the WLAN terminal through the WLAN AC, and when the authentication passes, instructs the WLAN AC to access the WLAN terminal to the WLAN network.
  • Step 308 The WLAN AC receives charging information of multiple WLAN terminals accessing the WLAN network.
  • Step 309 The WLAN AC determines, according to the recorded terminal identifier of the WLAN terminal, charging information of each WLAN terminal accessing the WLAN network.
  • Step 310 The WLAN AC sends the charging information of each WLAN terminal to the authentication server, and instructs the authentication server to perform charging for each WLAN terminal.
  • Steps 308 to 310 are respectively corresponding to steps 205 to 207 in the first embodiment, and are not described herein again.
  • the solution for accessing the WLAN network provided by the first embodiment and the second embodiment of the present invention can support the access of various WLAN terminals by including the wireless routing device, and utilize the existing mobile communication system resources, and wirelessly.
  • the routing device and the mobile communication system resources can be wirelessly connected, thereby realizing that the mobile terminal can wirelessly access the mobile Internet for data service communication using the WLAN technology in a mobile place, such as a bus, a train, a subway, etc., and is based on mobile
  • the base station equipment in the communication system resources has a wide network coverage, and the network shield capacity and continuous coverage capability are well guaranteed, and the existing wireless system resources are fully utilized.
  • the solution for accessing the WLAN network proposed by the present invention does not require major changes to the wireless routing device, and the WLAN AC for access control of the WLAN terminal is placed at the back end of the mobile communication network, and the WLAN terminal is received.
  • the data service gateway for example, GGSN
  • the access authentication and charging processing of the WLAN terminal is controlled, so that one WLAN AC at the back end of the network can implement multiple wireless routing devices dispersed in different locations.
  • Unified control and management facilitates large-scale deployment of wireless routing devices, and can also save the input cost of network devices (usually the cost of an AC is hundreds of times the cost of an AP).
  • a WEB page-based authentication mode can be implemented, and the WLAN terminal can provide a terminal identifier (eg, a mobile phone number) and password information in the web authentication page, and implements a single WLAN. Terminal authentication and billing processing.
  • a terminal identifier eg, a mobile phone number
  • the method for accessing a WLAN network according to the first embodiment of the present invention provides an access method according to Embodiment 3 of the present invention.
  • FIG. 6 is a schematic structural diagram of a system for accessing a WLAN network according to Embodiment 3 of the present invention, where the system includes a wireless local area network WLAN terminal 11, a wireless routing device 12, a mobile communication network element 13, and a wireless local area network access.
  • the controller 14 and the authentication device 15 wherein:
  • the WLAN terminal 11 is configured to send an access request to the wireless routing device; the wireless routing device 12 is configured to forward the access request to the mobile communication network element; and the mobile communication network element 13 is configured to forward the access request to the WLAN AC
  • the WLAN access controller 14 is configured to send the access request to the authentication device, and when the authentication device authenticates the WLAN terminal, instruct the WLAN terminal to access the WLAN network; the authentication device 15 is configured to use the The access request authenticates the WLAN terminal.
  • the mobile communication network element 13 includes an access unit 131 and at least one data service gateway 132: The wireless routing device 12 is further configured to send an access point name APN to the access unit.
  • the access unit 131 is configured to determine a data service gateway according to the received APN.
  • a data service gateway 132 determined by the access unit, is configured to send the access request to the WLAN AC.
  • the authentication device 15 includes an ingress server 151 and an authentication server 152;
  • the WLAN access controller 14 is specifically configured to send the access request to the ingress server, and receive an authentication page that carries the authentication information returned by the WLAN terminal, and send the authentication information to the authentication server.
  • the portal server 151 is configured to push an authentication page to the WLAN terminal after receiving the access request.
  • the authentication server 152 is configured to authenticate the WLAN terminal according to the received authentication information.
  • the WLAN access controller 14 is specifically configured to send an authentication page that the portal server pushes to the WLAN terminal to the mobile communication network element, and receive an authentication page that carries the authentication information returned by the mobile communication network element.
  • the mobile communication network element 13 is further configured to send the received authentication page to the wireless routing device, and send the authentication page carrying the authentication information returned by the wireless routing device to the WLAN AC.
  • the wireless routing device 12 is further configured to forward the received authentication page to the WLAN terminal, and receive the authentication page that carries the authentication information returned by the WLAN terminal, and send the authentication page to the mobile communication network element.
  • the WLAN access controller 14 is further configured to record the terminal identifier of the WLAN terminal through which the authentication is passed, and after the WLAN terminal accesses the WLAN network, receive charging information of multiple WLAN terminals that access the WLAN network through the wireless routing device, The charging information of each WLAN terminal accessing the WLAN network is determined according to the recorded terminal identifier of the WLAN terminal, and the charging information of each WLAN terminal is sent to the authentication server.
  • the authentication server 152 is also used to charge each WLAN terminal separately.
  • the system may further include a WLAN network management module 16:
  • the WLAN network management module is used to connect to the WLAN AC to complete configuration update, network management, fault diagnosis, and status monitoring of the remote wireless routing device.
  • Embodiment 4 of the present invention A method for accessing a WLAN network according to Embodiment 1 of the present invention is provided in Embodiment 4 of the present invention.
  • FIG. 7 is a schematic structural diagram of a wireless local area network access controller according to Embodiment 4 of the present invention, where the WLAN AC includes a first receiving module 21 and a first sending module 22, where:
  • the first receiving module 21 is configured to receive an access request sent by the mobile communication network element, where the access request is that the WLAN terminal of the wireless local area network is forwarded to the mobile communication network element by using the wireless routing device; the first sending module 22 is configured to: The access request is sent to the authentication device, and the authentication device is required to authenticate the WLAN terminal according to the received access request, and when the authentication is passed, instruct the WLAN terminal to access the WLAN network.
  • the first sending module 22 includes a page sending submodule 221 and an information sending submodule 222, where: the page sending submodule 221 is configured to send the access request to an ingress server in the authentication device, indicating the portal The server sends an authentication page to the WLAN terminal.
  • the information sending sub-module 222 is configured to send the received authentication information to the authentication server in the authentication device, and request the authentication server to authenticate the WLAN terminal according to the authentication information.
  • the first receiving module 21 is further configured to receive an authentication page that carries the authentication information returned by the WLAN terminal, and send the authentication information to the information sending submodule.
  • the WLAN AC further includes a second receiving module 23 and a second sending module 24:
  • the second receiving module 23 is configured to receive an authentication page that the portal server pushes to the WLAN terminal, where the second sending module 24 is configured to send an authentication page that is sent by the portal server that is received by the second receiving module to the WLAN terminal. Sending to the mobile communication network element, instructing the mobile communication network element to forward the authentication page to the WLAN terminal through the wireless routing device.
  • the first receiving module 21 is specifically configured to receive an authentication page that carries the authentication information sent by the mobile communication network element, where the authentication page that carries the authentication information is forwarded by the WLAN terminal to the mobile communication network element by using the wireless routing device.
  • the WLAN AC further includes a recording module 25, wherein:
  • the recording module 25 is configured to record, when the authentication server authenticates the WLAN terminal, the terminal identifier of the WLAN terminal through which the authentication is passed.
  • the first receiving module 21 is further configured to: after the WLAN terminal accesses the WLAN network, receive charging information of multiple WLAN terminals that access the WLAN network through the wireless routing device;
  • the first sending module 22 is further configured to determine, according to the recorded terminal identifier of the WLAN terminal, charging information of each WLAN terminal that accesses the WLAN network, and send charging information of each WLAN terminal to the authentication server, indicating the authentication server. Billing is performed for each WLAN terminal separately.
  • the first receiving module of the WLAN AC receives the information from the mobile communication network element, and sends the information to the authentication device through the first sending module, thereby implementing the mobile communication network element to the Communication of the right device;
  • the second receiving module of the WLAN AC receives the information from the authentication device, and transmits the information to the mobile communication network element through the second sending module, thereby implementing communication from the authentication device to the mobile communication network element.
  • FIG. 8 is a schematic structural diagram of a mobile communication network element according to Embodiment 5 of the present invention, wherein:
  • the access unit 31 is configured to receive an access request, where the access request is forwarded by the wireless local area network WLAN terminal by using a wireless routing device; and the data service gateway 32 is configured to forward the access request to the wireless local area network access controller WLAN AC
  • the WLAN AC is required to instruct the WLAN terminal to access the WLAN network when the WLAN terminal authenticates.
  • the access unit 31 is further configured to receive an access point name APN sent by the wireless routing device, and according to the received
  • the APN determines the data service gateway that sends the access request to the WLAN AC.
  • the data service gateway 32 is further configured to receive an authentication page that is pushed by the WLAN AC, where the authentication page is pushed by the ingress server to the WLAN AC, and the authentication page that carries the authentication information returned by the access unit is received, and the authentication page is carried. The authentication page for the information is pushed to the WLAN AC.
  • the access unit 31 is further configured to: push the authentication page sent by the data service gateway to the WLAN terminal, receive the authentication page that carries the authentication information returned by the WLAN terminal, and send the authentication page that carries the authentication information to the data service. Gateway.
  • the access unit 31 is further configured to receive charging information of a plurality of WLAN terminals accessing the WLAN network.
  • the data service gateway 32 is further configured to send the charging information received by the access unit to the WLAN AC.
  • embodiments of the present invention can be provided as a method, system, or computer program product. Accordingly, the present invention may take the form of an entirely hardware embodiment, an entirely software embodiment, or a combination of software and hardware. Moreover, the present invention can be embodied in the form of a computer program product embodied on one or more computer-usable storage interfaces (including but not limited to disk storage, CD-ROM, optical storage, etc.) containing computer usable program code.
  • computer-usable storage interfaces including but not limited to disk storage, CD-ROM, optical storage, etc.
  • the computer program instructions can also be stored in a computer readable memory that can direct a computer or other programmable data processing device to operate in a particular manner, such that the instructions stored in the computer readable memory produce an article of manufacture comprising the instruction device.
  • the apparatus implements the functions specified in one or more blocks of a flow or a flow and/or block diagram of the flowchart.
  • These computer program instructions can also be loaded onto a computer or other programmable data processing device such that a series of operational steps are performed on a computer or other programmable device to produce computer-implemented processing for execution on a computer or other programmable device.
  • the instructions provide steps for implementing the functions specified in one or more of the flow or in a block or blocks of a flow diagram.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

The present invention provides a method, a system and apparatus for accessing WLAN network, particularly comprising: an access request to access WLAN network initiated by a WLAN terminal is sent to WLAN AC in a wireless communication manner via a wireless routing device and a mobile communication network element, so that the WLAN AC can authenticate the received access request via an authentication device to achieve the purpose of connecting the WLAN terminal to the WLAN network. Since the access request initiated by a WLAN terminal is transmitted to the WLAN AC via the wireless routing device and the mobile communication network element in a wireless communication manner, flexibility of network element deployment can be effectively improved by using the wireless transmission function of the wireless routing device and the mobile communication network element, and thereby a large and continuous coverage of the WLAN network can be achieved to improve network quality of the WLAN network.

Description

一种接入 WLAN网络的方法、 系统及设备 本申请要求在 2011年 3月 16日提交中国专利局、申请号为 201110063162.6、发明名称为"一 种接入 WLAN网络的方法、 系统及设备"的中国专利申请的优先权, 其全部内容通过引用结合 在本申请中。 技术领域  Method, system and device for accessing WLAN network The application claims to be submitted to the Chinese Patent Office on March 16, 2011, the application number is 201110063162.6, and the invention name is "a method, system and device for accessing a WLAN network" Priority of Chinese Patent Application, the entire contents of which is incorporated herein by reference. Technical field
本发明涉及移动通信技术领域, 尤其涉及一种接入 WLAN网络的方法、 系统及设备。  The present invention relates to the field of mobile communications technologies, and in particular, to a method, system, and device for accessing a WLAN network.
背景技术 随着移动数据业务需求的增加, 特别是带有无线局域网 (WLAN, Wireless Local Area Network )模块的移动通信终端 (以下筒称 WLAN终端)逐渐普及, 利用 WLAN网络分 流移动通信网络数据业务的承载压力, WLAN终端通过接入 WLAN网络实现随时随地接 入移动互联网, 已经成为无线宽带接入网络发展的趋势。 BACKGROUND OF THE INVENTION With the increasing demand for mobile data services, in particular, mobile communication terminals with wireless local area network (WLAN) modules (hereinafter referred to as WLAN terminals) are gradually popularized, and WLAN networks are used to offload mobile communication network data services. Under the pressure of the WLAN terminal, accessing the WLAN network to access the mobile Internet anytime and anywhere has become a trend of wireless broadband access networks.
现有技术提供了以下通过城域网接入 WLAN网络的方法:  The prior art provides the following methods for accessing a WLAN network through a metropolitan area network:
如图 1所示, 为现有 WLAN网络的网络结构拓朴图, 其中 WLAN终端与 WLAN接 入点 (AP, Access Point )连接, WLAN AP通过城域网中的交换机和路由器等与 WLAN 接入控制器( AC, Access Controller )连接, 并通过 WLAN AC将 WLAN终端接入 WLAN 网络。  As shown in FIG. 1 , it is a topology diagram of a network structure of an existing WLAN network, where a WLAN terminal is connected to an WLAN access point (AP, Access Point), and the WLAN AP accesses the WLAN through a switch and a router in the metropolitan area network. The controller (AC, Access Controller) is connected, and the WLAN terminal is connected to the WLAN network through the WLAN AC.
在如图 1所示的网络结构下, 接入 WLAN网络的过程如图 2所示:  In the network structure shown in Figure 1, the process of accessing the WLAN network is shown in Figure 2:
步骤 101、 WLAN终端接入 WLAN AP。  Step 101: The WLAN terminal accesses the WLAN AP.
步骤 102、 通过 WLAN AP接入 WLAN业务用户接入认证点和业务控制点( AC/SC )。 步骤 103、 通过 WLAN AC/SC接入 WLAN网络。  Step 102: Access the WLAN service user access authentication point and service control point (AC/SC) through the WLAN AP. Step 103: Access the WLAN network through the WLAN AC/SC.
上述接入 WLAN网络的方案基于全互联网协议( IP , Internet Protocol )的固定接入网 络(城域网), WLAN AP与城域网的连接为有线连接, 因此, WLAN AP的部署受到限 制, 导致 WLAN网络无法实现大面积的连续覆盖, 特别是在公交车、 火车、 地铁等移动 交通工具上, 由于无法部署 WLAN AP, 无法实现 WLAN网络的覆盖, 造成移动终端接 入 WLAN网络难以实现。  The above scheme for accessing the WLAN network is based on a fixed access network (metropolitan area network) of the entire Internet Protocol (IP), and the connection between the WLAN AP and the metropolitan area network is a wired connection. Therefore, the deployment of the WLAN AP is restricted, resulting in WLAN networks cannot achieve large-area continuous coverage, especially in mobile vehicles such as buses, trains, and subways. Because WLAN APs cannot be deployed, coverage of WLAN networks cannot be achieved, making it difficult for mobile terminals to access WLAN networks.
为了解决上述方案中 WLAN AP的部署受限, 不能支持 WLAN AP的移动性的问题, 提出了 WLAN 网络的中继接入方案, 包括: 分别在用户侧和网络侧设置 AP , 用户侧的 AP和网络侧的基站 AP通过无线方式进行通信连接, WLAN终端与用户侧 AP连接后, 通 过网络侧的基站 AP接入城域网, 再通过城域网与 WLAN AC连接, 并通过 WLAN AC将 WLAN终端接入 WLAN网络, 常见的网络结构拓朴图如下图 3所示。 In order to solve the problem that the deployment of the WLAN AP is limited in the above solution, and the mobility of the WLAN AP cannot be supported, a relay access scheme of the WLAN network is proposed, including: setting the AP on the user side and the network side, and the AP on the user side. The base station AP on the network side communicates in a wireless manner. After the WLAN terminal is connected to the user-side AP, the base station AP on the network side accesses the metropolitan area network, and then connects to the WLAN AC through the metropolitan area network, and passes through the WLAN AC. The WLAN terminal accesses the WLAN network. The common network structure topology is shown in Figure 3 below.
但是, WLAN 网络的中继接入方案仍然是基于城域网, 虽然在一定程度上改善了 WLAN AP部署的局限性, 用户侧 AP的部署范围有了一定程度的扩大, 但仍然会受到网 络侧的基站 AP覆盖范围的影响, WLAN网络的网络盾量及连续覆盖能力仍受到一定的限 制。  However, the trunk access scheme of the WLAN network is still based on the metropolitan area network. Although the deployment of the WLAN AP is somewhat improved, the deployment scope of the user-side AP is expanded to some extent, but it is still subject to the network side. The impact of the base station AP coverage, the network shield capacity and continuous coverage of the WLAN network are still subject to certain restrictions.
综上所述, 现有的基于全 IP方式的固定城域网接入 WLAN网络的方式以及 WLAN网络 的中继接入方案, 均没有充分考虑和利用现有的移动通信网络资源, 使得 WLAN网络的连 续覆盖能力较差, 造成 WLAN网络的网络盾量较低的问题。 发明内容 本发明实施例提供一种接入 WLAN 网络的方法、 系统及设备, 用以解决现有技术中 由于 WLAN网络的连续覆盖能力较差, 导致 WLAN网络的网络盾量较低的问题。  In summary, the existing all-IP-based fixed metropolitan area network access WLAN network and the WLAN network relay access scheme do not fully consider and utilize existing mobile communication network resources, so that the WLAN network The continuous coverage capability is poor, resulting in a low network shield of the WLAN network. SUMMARY OF THE INVENTION The embodiments of the present invention provide a method, system, and device for accessing a WLAN network, which are used to solve the problem that the network shield of the WLAN network is low due to poor continuous coverage capability of the WLAN network in the prior art.
一种接入无线局域网 WLAN网络的方法, 该方法包括:  A method for accessing a wireless local area network WLAN network, the method comprising:
无线局域网接入控制器 WLAN AC接收移动通信网元发送的接入请求, 所述接入请求 是无线局域网 WLAN终端通过无线路由设备转发至移动通信网元的;  The WLAN AC receives the access request sent by the mobile communication network element, and the access request is that the WLAN terminal of the wireless local area network is forwarded to the mobile communication network element by using the wireless routing device;
WLAN AC将所述接入请求发送至鉴权设备, 要求所述鉴权设备根据接收到的接入请 求对所述 WLAN终端进行鉴权, 并在鉴权通过时, 指示 WLAN终端接入 WLAN网络。  The WLAN AC sends the access request to the authentication device, and the authentication device is required to authenticate the WLAN terminal according to the received access request, and when the authentication is passed, instruct the WLAN terminal to access the WLAN network. .
一种接入 WLAN网络的系统, 该系统包括无线局域网 WLAN终端、 无线路由设备、 移动通信网元、 无线局域网接入控制器 WLAN AC及鉴权设备, 其中:  A system for accessing a WLAN network, the system comprising a wireless local area network WLAN terminal, a wireless routing device, a mobile communication network element, a wireless local area network access controller WLAN AC, and an authentication device, wherein:
WLAN终端, 用于向无线路由设备发送接入请求;  a WLAN terminal, configured to send an access request to the wireless routing device;
无线路由设备, 用于将所述接入请求转发至移动通信网元;  a wireless routing device, configured to forward the access request to a mobile communication network element;
移动通信网元, 用于将所述接入请求转发至 WLAN AC;  a mobile communication network element, configured to forward the access request to the WLAN AC;
WLAN AC , 用于将所述接入请求发送至鉴权设备, 在鉴权设备对 WLAN终端鉴权通 过时, 指示 WLAN终端接入 WLAN网络;  The WLAN AC is configured to send the access request to the authentication device, and when the authentication device authenticates the WLAN terminal, instruct the WLAN terminal to access the WLAN network;
鉴权设备, 用于根据所述接入请求对所述 WLAN终端进行鉴权。  An authentication device, configured to authenticate the WLAN terminal according to the access request.
一种无线局域网接入控制器 WLAN AC , 所述 WLAN AC包括第一接收模块和第一发 送模块, 其中:  A wireless local area network access controller WLAN AC, the WLAN AC includes a first receiving module and a first sending module, where:
第一接收模块, 用于接收移动通信网元发送的接入请求, 所述接入请求是无线局域网 WLAN终端通过无线路由设备转发至移动通信网元的;  The first receiving module is configured to receive an access request sent by the mobile communication network element, where the access request is forwarded by the wireless local area network WLAN terminal to the mobile communication network element by using the wireless routing device;
第一发送模块, 用于将所述接入请求发送至鉴权设备, 要求所述鉴权设备根据接收到 的接入请求对所述 WLAN终端进行鉴权, 并在鉴权通过时 , 指示 WLAN终端接入 WLAN 网络。 一种移动通信网元, 该移动通信网元包括接入单元和至少一个数据业务网关: 接入单元, 用于接收接入请求, 所述接入请求是无线局域网 WLAN终端通过无线路 由设备转发的; a first sending module, configured to send the access request to the authentication device, requesting the authentication device to perform authentication on the WLAN terminal according to the received access request, and indicating the WLAN when the authentication is passed The terminal accesses the WLAN network. A mobile communication network element, comprising: an access unit and at least one data service gateway: an access unit, configured to receive an access request, where the access request is forwarded by a wireless local area network WLAN terminal by using a wireless routing device ;
数据业务网关, 用于将所述接入请求转发至无线局域网接入控制器 WLAN AC, 要求 WLAN AC在 WLAN终端鉴权通过时, 指示 WLAN终端接入 WLAN网络。  The data service gateway is configured to forward the access request to the WLAN access controller WLAN AC, and the WLAN AC is required to indicate that the WLAN terminal accesses the WLAN network when the WLAN terminal authenticates.
在本发明实施例提供的技术方案中, WLAN终端发起的接入 WLAN网络的接入请求 不再通过城域网的有线连接形式接入 WLAN AC , 而是通过无线路由设备和移动通信网元 的无线通信方式接入 WLAN AC, 使 WLAN AC将接收到的接入请求通过鉴权设备进行鉴 权, 进而达到 WLAN终端接入 WLAN网络的目的。 由于 WLAN终端发起的接入请求通 过无线路由设备和移动通信网元的无线通信方式传输至 WLAN AC的, 利用无线路由设备 和移动通信网元的无线传输功能可以有效提高网元部署的灵活性, 进而可以实现 WLAN 网络的大面积连续覆盖, 提高 WLAN网络的网络盾量。 附图说明 图 1为现有技术中 WLAN网络的网络结构拓朴图;  In the technical solution provided by the embodiment of the present invention, the access request initiated by the WLAN terminal to access the WLAN network is no longer connected to the WLAN AC through the wired connection of the metropolitan area network, but through the wireless routing device and the mobile communication network element. The wireless communication mode is connected to the WLAN AC, so that the WLAN AC authenticates the received access request through the authentication device, thereby achieving the purpose of the WLAN terminal accessing the WLAN network. Since the access request initiated by the WLAN terminal is transmitted to the WLAN AC through the wireless communication method of the wireless routing device and the mobile communication network element, the wireless transmission function of the wireless routing device and the mobile communication network element can effectively improve the flexibility of the network element deployment. In turn, large-area continuous coverage of the WLAN network can be realized, and the network shield of the WLAN network can be increased. BRIEF DESCRIPTION OF DRAWINGS FIG. 1 is a topological diagram of a network structure of a WLAN network in the prior art;
图 2为现有技术中接入 WLAN网络的方法流程示意图;  2 is a schematic flowchart of a method for accessing a WLAN network in the prior art;
图 3为现有技术中 WLAN网络的网络结构拓朴图;  3 is a topological diagram of a network structure of a WLAN network in the prior art;
图 4为本发明实施例一提供的一种接入 WLAN网络的方法流程示意图;  4 is a schematic flowchart of a method for accessing a WLAN network according to Embodiment 1 of the present invention;
图 5为本发明实施例二提供的一种接入 WLAN网络的方法流程示意图;  FIG. 5 is a schematic flowchart of a method for accessing a WLAN network according to Embodiment 2 of the present invention;
图 6为本发明实施例三提供的一种接入 WLAN网络的系统结构示意图;  FIG. 6 is a schematic structural diagram of a system for accessing a WLAN network according to Embodiment 3 of the present invention;
图 7为本发明实施例四提供的一种无线局域网接入控制器的结构示意图;  7 is a schematic structural diagram of a wireless local area network access controller according to Embodiment 4 of the present invention;
图 8为本发明实施例五提供的一种移动通信网元的结构示意图。 具体实施方式 针对现有的基于城域网接入 WLAN 网络存在的种种问题, 本发明实施例提出一种新 的网络系统架构, 在该架构下, WLAN终端、 无线路由设备、 移动通信网元、 WLAN AC 和鉴权设备依次通过有线或无线的方式连接, WLAN终端可以接入无线路由设备, 由无线 路由设备与现有的移动通信网络进行通信 , 并由移动通信网络侧设置的鉴权设备对接入的 WLAN终端进行鉴权认证,在鉴权认证通过时,通过 WLAN AC将 WLAN终端接入 WLAN 网络, 从而解决了由于 WLAN AP不支持移动性, 导致在公交车、 火车、 地铁等移动交通 工具上, 移动终端使用 WLAN 网络接入移动互联网较为困难的问题, 并不再受限于网络 侧的基站 AP的覆盖范围的限制, 网络盾量和连续覆盖能力得到了保证, 同时, 也充分利 用了现有的移动通信网络资源。 FIG. 8 is a schematic structural diagram of a mobile communication network element according to Embodiment 5 of the present invention. EMBODIMENT OF THE INVENTION The present invention provides a new network system architecture, in which WLAN terminals, wireless routing devices, mobile communication network elements, The WLAN AC and the authentication device are sequentially connected by wire or wirelessly, and the WLAN terminal can access the wireless routing device, and the wireless routing device communicates with the existing mobile communication network, and the authentication device set by the mobile communication network side The accessed WLAN terminal performs authentication authentication. When the authentication and authentication is passed, the WLAN terminal accesses the WLAN network through the WLAN AC, thereby solving the problem that the WLAN AP does not support mobility, resulting in mobile traffic such as buses, trains, and subways. On the tool, the mobile terminal uses the WLAN network to access the mobile Internet, which is more difficult. It is no longer limited by the coverage of the base station AP on the network side. The network shield capacity and continuous coverage capability are guaranteed, and at the same time, it is fully beneficial. Existing mobile communication network resources are used.
下面通过各实施例和附图对本发明技术方案进行详细说明。  The technical solutions of the present invention will be described in detail below through various embodiments and the accompanying drawings.
实施例一、  Embodiment 1
本发明实施例一提供一种接入 WLAN网络的方法, 该方法的步骤流程图如图 4所示, 具体包括以下步骤:  A first embodiment of the present invention provides a method for accessing a WLAN network. The flowchart of the method is as shown in FIG. 4, and specifically includes the following steps:
步骤 201、 WLAN终端发送接入请求。  Step 201: The WLAN terminal sends an access request.
WLAN终端在希望接入 WLAN网络时, 向无线路由设备发送接入请求, 该请求中可 以携带有终端标识。  When the WLAN terminal wants to access the WLAN network, it sends an access request to the wireless routing device, where the request may carry the terminal identifier.
所述 WLAN终端是指带有 WLAN模块的移动通信终端, 包括笔记本电脑、 无线保真 ( WIFI, Wireless Fidelity )手机终端以及平板电脑等支持 WIFI模块的便携式用户终端设 备。  The WLAN terminal refers to a mobile communication terminal with a WLAN module, and includes a portable computer terminal device supporting a WIFI module such as a notebook computer, a wireless fidelity (WIFI) mobile phone terminal, and a tablet computer.
步骤 202、 无线路由设备将所述接入请求发送至移动通信网元。  Step 202: The wireless routing device sends the access request to the mobile communication network element.
无线路由设备可以部署在数据业务热点区域,用于完成支持 802.11a/b/g/n等支持 WIFI 标准的终端设备接入公共的移动通信网络的功能, 其可以包括用户终端接入模块和数据回 传模块, 并使用数据回传模块将 WLAN终端发送的接入请求回传至移动通信网络, 具体 的, 所述数据回传模块可以支持多种模式, 例如, 该数据 回传模块可以为时分同步码分 多址 ( TD-SCDMA, Time Division-Synchronous Code Division Multiple Access )模式, 或时 分同步码分多址的长期演进( TD-LTE , TD-SCDMA Long Term Evolution )模式, 或宽带码 分多址(WCDMA, Wideband Code Division Multiple Access )模式, 或码分多址(CDMA, Code Division Multiple Access ) 2000模式, 或包括频分双工 (FDD, Frequency Division Duplexing ) 的长期演进技术( LTE, Long Term Evolution )在内的 3G\4G网络模式等, 此 处不再——列举。  The wireless routing device may be deployed in a data service hotspot area for completing the function of supporting a terminal device that supports the WIFI standard such as 802.11a/b/g/n to access a public mobile communication network, which may include a user terminal access module and data. Returning the module, and using the data backhaul module to transmit the access request sent by the WLAN terminal to the mobile communication network. Specifically, the data backhaul module can support multiple modes, for example, the data backhaul module can be time-divided TD-SCDMA (Time Division-Synchronous Code Division Multiple Access) mode, or TD-LTE (TD-SCDMA Long Term Evolution) mode, or wideband code division WCDMA (Wandaband Code Division Multiple Access) mode, or Code Division Multiple Access (CDMA) mode, or long-term evolution technology including FDD (Frequency Division Duplexing) (LTE, Long Term) Evolution 3G\4G network mode, etc., no longer here - enumeration.
所述用户终端接入模块和所述数据回传模块均可以为多个, 来分别实现数据接入和数 据回传。  The user terminal access module and the data backhaul module may each be multiple to implement data access and data backhaul respectively.
在数据通信方面, 无线路由设备负责完成与 WLAN终端之间数据包的加密和解密, 还可以支持数据压缩功能, 通过与网络侧设备的配合来完成数据的压缩、 解压缩处理, 以 提高移动通信网络资源的利用率。  In terms of data communication, the wireless routing device is responsible for completing the encryption and decryption of data packets with the WLAN terminal, and also supports the data compression function, and the data compression and decompression processing is completed by cooperation with the network side device to improve the mobile communication. Utilization of network resources.
在安全控制方面, 无线路由设备可以通过网络标志来控制 WLAN终端接入 WLAN网 络。  In terms of security control, the wireless routing device can control the WLAN terminal to access the WLAN network through the network logo.
需要说明的是, 当 WLAN终端在各个无线路由设备无缝覆盖区域移动时, WLAN终 端可以在不同的无线路由设备之间进行切换( Handover ),从而可以通过不同的无线路由设 备接入 WLAN网络, 保证数据通信不中断。  It should be noted that when the WLAN terminal moves in the seamless coverage area of each wireless routing device, the WLAN terminal can perform handover (Handover) between different wireless routing devices, so that different wireless routing devices can access the WLAN network. Ensure that data communication is not interrupted.
所述无线路由设备可以由运营商定制, 写入专用的接入点名称 (APN, Access Point Name ) 以便于接入该 APN对应的移动通信网络, 如 APN为中国移动网 ( CMNET , China Mobile Net ), 则接入的移动通信网络为 CMNET网络。 The wireless routing device can be customized by the operator to write a dedicated access point name (APN, Access Point) Name) In order to access the mobile communication network corresponding to the APN, for example, the APN is China Mobile Network (CMNET, China Mobile Net), and the accessed mobile communication network is a CMNET network.
步骤 203、 移动通信网元将所述接入请求发送至 WLAN AC。  Step 203: The mobile communication network element sends the access request to the WLAN AC.
所述移动通信网元可以是 TD-SCDMA网络分组(PS )域的网元, 也可以是 TD-LTE 网络的网元。  The mobile communication network element may be a network element of a TD-SCDMA network packet (PS) domain, or may be a network element of a TD-LTE network.
所述移动通信网元可以包括接入单元和至少一个数据业务网关。 在无线路由设备向移 动通信网元发送的专用的接入点名称(APN, Access Point Name ) 时, 可以利用接入单元 接收所述 APN, 并根据接收到的所述 APN确定向 WLAN AC发送接入请求的数据业务网 关, 由确定出的数据业务网关向 WLAN AC发送接入请求, 所述数据业务网关可以为 3G 网络中的网关 GPRS支持节点( GGSN, Gateway GPRS Support Node)设备, 或者 LTE网络 中的 LTE P-GW设备。  The mobile communication network element can include an access unit and at least one data service gateway. When the wireless access device sends the access point name (APN) to the mobile communication network element, the access unit may receive the APN by using the access unit, and determine, according to the received APN, to send to the WLAN AC. The incoming data service gateway sends an access request to the WLAN AC by the determined data service gateway, where the data service gateway can be a GGSN (Gateway GPRS Support Node) device in the 3G network, or an LTE network LTE P-GW device.
WLAN AC作为控制无线路由设备的控制器,用于完成对无线路由设备的管理和配置, 以实现负载均衡, 动态信道分配等功能, 同时 WLAN AC作为 WLAN终端接入的安全控 制节点, 对 WLAN终端完成相应的认证和计费辅助功能, 支持与移动通信网元之间建立 隧道, 并对隧道上发来的报文进行认证。  As a controller for controlling the wireless routing device, the WLAN AC is used to complete management and configuration of the wireless routing device to implement functions such as load balancing and dynamic channel allocation, and the WLAN AC serves as a security control node for the WLAN terminal access to the WLAN terminal. Completing the corresponding authentication and accounting auxiliary functions, supporting the establishment of a tunnel with the mobile communication network element, and authenticating the packets sent from the tunnel.
步骤 204、 WLAN AC向鉴权设备发送所述接入请求。  Step 204: The WLAN AC sends the access request to the authentication device.
WLAN AC将所述接入请求发送至鉴权设备, 要求所述鉴权设备根据接收到的接入请 求对所述 WLAN终端进行鉴权, 并在鉴权通过时, 指示 WLAN终端接入 WLAN网络。  The WLAN AC sends the access request to the authentication device, and the authentication device is required to authenticate the WLAN terminal according to the received access request, and when the authentication is passed, instruct the WLAN terminal to access the WLAN network. .
本实施例中, 可以通过基于 WEB页面的认证方式对 WLAN终端进行鉴权, 在釆用该 种鉴权方式时, 所述鉴权设备可以包括入口 (PORTAL )服务器和认证服务器, 无线路由 设备可以作为 WLAN终端接入的接入点和后台的认证服务器相连, 完成对 WLAN用户的 认证,其中,后台的认证服务器可以为远程用户拨号认证( RADIUS , Remote Authentication Dial In User Service )服务器。 WLAN AC提供强制 PORTAL功能, 向 WLAN终端推送认 证页面, 并作为安全控制点和后台的认证服务器相连, 以完成对 WLAN终端的接入认证, 当 WLAN终端认证通过后 , WLAN终端业务数据通过 WLAN AC接入到相应的专用服务 网络。  In this embodiment, the WLAN terminal may be authenticated by using an authentication method based on the WEB page. When the authentication mode is used, the authentication device may include an entry (PORTAL) server and an authentication server, and the wireless routing device may The access point that is accessed by the WLAN terminal is connected to the authentication server in the background, and the authentication of the WLAN user is completed. The authentication server in the background may be a remote authentication dial in user service (RADIUS) server. The WLAN AC provides the mandatory PORTAL function, and pushes the authentication page to the WLAN terminal, and connects it as a security control point to the authentication server in the background to complete the access authentication to the WLAN terminal. After the WLAN terminal passes the authentication, the WLAN terminal service data passes through the WLAN AC. Access to the appropriate dedicated service network.
在通过基于 WEB页面的认证方式对 WLAN终端进行鉴权时,步骤 204具体包括以下 步骤:  When the WLAN terminal is authenticated by using the WEB page-based authentication method, step 204 specifically includes the following steps:
步骤 2041、 WLAN AC将所述接入请求发送至入口服务器。  Step 2051: The WLAN AC sends the access request to the ingress server.
本步骤中, WLAN AC 将所述接入请求发送至入口服务器, 指示入口服务器向所述 In this step, the WLAN AC sends the access request to the ingress server, instructing the ingress server to
WLAN终端推送认证页面。 The WLAN terminal pushes the authentication page.
入口服务器用于配合 WLAN AC完成基于 WEB页面的认证方式下的 WLAN终端的认 证,即入口服务器在接收到 WLAN AC转发来的 WLAN终端的接入请求后,通过 WLAN AC 向 WLAN终端展示认证页面, 要求 WLAN终端输入认证信息, 所述认证信息可以为终端 标识和该终端标识对应的密码, 如手机号码和密码。 The ingress server is configured to cooperate with the WLAN AC to complete the authentication of the WLAN terminal in the WEB page-based authentication mode, that is, the ingress server passes the WLAN AC after receiving the access request of the WLAN terminal forwarded by the WLAN AC. The authentication page is displayed to the WLAN terminal, and the WLAN terminal is required to input the authentication information, where the authentication information may be a terminal identifier and a password corresponding to the terminal identifier, such as a mobile phone number and a password.
其中, 入口服务器向所述 WLAN终端推送认证页面, 具体包括:  The portal server pushes the authentication page to the WLAN terminal, which specifically includes:
WLAN AC将入口服务器向所述 WLAN终端推送的认证页面发送至移动通信网元,指 示移动通信网元通过无线路由设备将该认证页面转发至 WLAN终端。  The WLAN AC sends an authentication page pushed by the ingress server to the WLAN terminal to the mobile communication network element, indicating that the mobile communication network element forwards the authentication page to the WLAN terminal through the wireless routing device.
步骤 2042、 WLAN AC接收所述 WLAN终端返回的携带了认证信息的认证页面。 WLAN终端在接收到入口服务器推送的认证页面时, 根据认证页面的指示, 输入相应 的认证信息, 并将携带有认证信息的认证页面发送至 WLAN AC。  Step 2042: The WLAN AC receives the authentication page that is returned by the WLAN terminal and carries the authentication information. When receiving the authentication page pushed by the portal server, the WLAN terminal inputs the corresponding authentication information according to the indication of the authentication page, and sends the authentication page carrying the authentication information to the WLAN AC.
其中, WLAN AC接收所述 WLAN终端返回的携带了认证信息的认证页面,具体包括: WLAN AC接收移动通信网元发送的携带了认证信息的认证页面, 所述携带了认证信 息的认证页面是 WLAN终端通过无线路由设备转发至移动通信网元的。  The WLAN AC receives the authentication page that carries the authentication information that is returned by the WLAN terminal, and specifically includes: the WLAN AC receives the authentication page that is sent by the mobile communication network element and carries the authentication information, where the authentication page that carries the authentication information is the WLAN. The terminal forwards to the mobile communication network element through the wireless routing device.
步骤 2043、 WLAN AC将所述认证信息发送至认证服务器。  Step 2043: The WLAN AC sends the authentication information to the authentication server.
WLAN AC将所述认证信息发送至认证服务器, 要求认证服务器根据所述认证信息对 所述 WLAN终端进行鉴权, 认证服务器将接收到的认证信息与自身已保存的认证信息进 行匹配, 可以在确定接收到的认证信息为自身已保存的认证信息时, 确认鉴权通过, 并指 示 WLAN AC将所述 WLAN终端接入 WLAN网络。  The WLAN AC sends the authentication information to the authentication server, and the authentication server is required to authenticate the WLAN terminal according to the authentication information, and the authentication server matches the received authentication information with the authentication information that has been saved by itself, and may determine When the received authentication information is the authentication information that has been saved by itself, the authentication is confirmed to pass, and the WLAN AC is instructed to access the WLAN terminal to the WLAN network.
在完成 WLAN终端接入 WLAN网络后, 所述方法还可以进一步包括对各 WLAN终 端的计费步骤, 当然在执行计费步骤之前, 需要 WLAN AC记录鉴权通过的 WLAN终端 的终端标识, 在计费中, WLAN AC作为集中式的计费数据釆集前端, 釆集用户数据通信 的时长、 流量等计费信息, 并将其发送到认证服务器和入口服务器中产生话单, 计费步骤 具体包括:  After the WLAN terminal accesses the WLAN network, the method may further include the charging step of each WLAN terminal, and of course, the terminal identifier of the WLAN terminal that needs to pass the WLAN AC record authentication before performing the charging step, In the fee, the WLAN AC collects billing information such as the duration of the user data communication and the traffic, and sends the billing information to the authentication server and the ingress server to generate bills. The billing step includes :
步骤 205、 WLAN AC接收接入 WLAN网络的多个 WLAN终端的计费信息。  Step 205: The WLAN AC receives charging information of multiple WLAN terminals accessing the WLAN network.
WLAN AC接收通过无线路由设备接入 WLAN网络的多个 WLAN终端的计费信息。 步骤 206、 WLAN AC根据记录的 WLAN终端的终端标识, 确定接入 WLAN网络的 每个 WLAN终端的计费信息。  The WLAN AC receives charging information of a plurality of WLAN terminals accessing the WLAN network through the wireless routing device. Step 206: The WLAN AC determines, according to the recorded terminal identifier of the WLAN terminal, charging information of each WLAN terminal accessing the WLAN network.
WLAN AC接收到的计费信息可能来自多个无线路由设备, 且每个无线路由设备接入 的也可能为多个 WLAN终端, 因此, 在本步骤中, WLAN AC可以根据保存的 WLAN终 端的终端标识, 对接收到的计费信息进行分类, 分别确定每个 WLAN终端的计费信息。  The charging information received by the WLAN AC may be from multiple wireless routing devices, and each wireless routing device may also access multiple WLAN terminals. Therefore, in this step, the WLAN AC may be based on the saved terminal of the WLAN terminal. The identifier, classifies the received charging information, and determines charging information of each WLAN terminal separately.
步骤 207、 WLAN AC将每个 WLAN终端的计费信息发送给认证服务器, 指示认证服 务器分别对每个 WLAN终端进行计费。  Step 207: The WLAN AC sends the charging information of each WLAN terminal to the authentication server, and instructs the authentication server to perform charging for each WLAN terminal.
在本步骤中, WLAN AC将确定出的每个 WLAN终端的计费信息发送给认证服务器, 认证服务器根据接收到的计费信息进行计费并产生话单 (计费数据记录, 即 CDR ), 并将 计费产生的话单通过计费数据接口发送给 BOSS 计费子系统, 从而实现针对每个 WLAN 终端的计费。 In this step, the WLAN AC sends the determined charging information of each WLAN terminal to the authentication server, and the authentication server performs charging according to the received charging information and generates a bill (accounting data record, ie, CDR). And the bill generated by the billing is sent to the BOSS billing subsystem through the billing data interface, thereby implementing for each WLAN Terminal billing.
具体的, 移动通信网元可以为 TD-SCDMA网络分组(PS )域的网元, 其中接入设备 可以为服务 GPRS支持节点 ( SGSN, SERVICING GPRS SUPPORT NODE ), 数据业务网 关可以为网关 GPRS支持节点( GGSN, Gateway GPRS Support Node ),由 SGSN完成 WLAN 终端的鉴权数据和计费数据的接入, GGSN为无线路由设备接入配置专用的 APN, 并通过 隧道将 WLAN终端发来的数据接入到 WLAN AC。 下面以移动通信网元为 TD-SCDMA网 络分组( PS )域的网元, 并通过基于 WEB页面的认证方式对 WLAN终端进行鉴权为例, 通过一个具体的实例对本发明实施例一的方案进行详细说明。  Specifically, the mobile communication network element may be a network element of a TD-SCDMA network packet (PS) domain, where the access device may be a serving GPRS support node (SGSN, SERVICING GPRS SUPPORT NODE), and the data service gateway may be a gateway GPRS support node. (GGSN, Gateway GPRS Support Node), the SGSN completes the access of the authentication data and the charging data of the WLAN terminal, and the GGSN configures the dedicated APN for the wireless routing device access, and accesses the data sent by the WLAN terminal through the tunnel. Go to WLAN AC. In the following, the mobile communication network element is used as the network element of the TD-SCDMA network packet (PS) domain, and the WLAN terminal is authenticated by using the WEB page-based authentication method as an example, and the solution of the first embodiment of the present invention is performed by using a specific example. Detailed description.
实施例二、  Embodiment 2
图 5为本发明实施例二提供的一种接入 WLAN网络的方法的步骤流程图, 具体包括 以下步骤:  FIG. 5 is a flowchart of steps of a method for accessing a WLAN network according to Embodiment 2 of the present invention, which specifically includes the following steps:
步骤 301、 WLAN终端发送接入请求。  Step 301: The WLAN terminal sends an access request.
WLAN终端可以使用公网 C类地址来发送接入请求。  The WLAN terminal can use the public network Class C address to send an access request.
步骤 302、 无线路由设备将所述接入请求发送至移动通信网元。  Step 302: The wireless routing device sends the access request to the mobile communication network element.
此时, 无线路由设备中包括 TD-SCDMA模式的数据回传模块, 且该数据回传模块可 以使用私有 IP地址来发送所述接入请求,以保证无线路由设备与 WLAN AC之间建立专有 隧道, 并将 WLAN终端发来的接入请求数据通过 SGSN发送到 GGSN。  At this time, the wireless routing device includes a data backhaul module of the TD-SCDMA mode, and the data backhaul module can use the private IP address to send the access request to ensure a proprietary relationship between the wireless routing device and the WLAN AC. The tunnel, and the access request data sent by the WLAN terminal is sent to the GGSN through the SGSN.
在本步骤中, SGSN可以根据无线路由设备发送的 APN,选择与该 APN匹配的 GGSN, 并将接收到的接入请求发送至选择出的 GGSN。  In this step, the SGSN may select a GGSN that matches the APN according to the APN sent by the wireless routing device, and send the received access request to the selected GGSN.
步骤 303、 移动通信网元将所述接入请求发送至 WLAN AC。  Step 303: The mobile communication network element sends the access request to the WLAN AC.
GGSN可以将接收到的接入请求通过 GGSN与 WLAN AC之间配置的 Gi接口发送给 WLAN AC  The GGSN can send the received access request to the WLAN AC through the Gi interface configured between the GGSN and the WLAN AC.
步骤 304、 WLAN AC将接收到的接入请求指向入口服务器。  Step 304: The WLAN AC points the received access request to the ingress server.
步骤 305、 入口服务器向 WLAN终端推送 PORTAL web认证页面。  Step 305: The portal server pushes a PORTAL web authentication page to the WLAN terminal.
具体的, WLAN AC将入口服务器向所述 WLAN终端推送的 PORTAL web认证页面发 送至 GGSN, GGSN将接收到的认证页面通过 SGSN发送至无线路由设备, 指示无线路由 设备将该认证页面转发至 WLAN终端。  Specifically, the WLAN AC sends the PORTAL web authentication page that the ingress server pushes to the WLAN terminal to the GGSN, and the GGSN sends the received authentication page to the wireless routing device through the SGSN, instructing the wireless routing device to forward the authentication page to the WLAN terminal. .
步骤 306、 WLAN终端将携带认证信息的认证页面推送至认证服务器。  Step 306: The WLAN terminal pushes the authentication page carrying the authentication information to the authentication server.
WLAN终端用户可以在 PORTAL WEB认证页面中输入终端标识(如, 手机号)和密 码, 再由无线路由设备、 SGSN, GGSN和 WLAN AC将携带有认证信息的认证页面路由 到认证服务器。  The WLAN terminal user can enter the terminal identifier (eg, mobile phone number) and password in the PORTAL WEB authentication page, and then the authentication page carrying the authentication information is routed to the authentication server by the wireless routing device, the SGSN, the GGSN, and the WLAN AC.
步骤 307、 在认证通过后, 由 WLAN AC 控制并允许该 WLAN 终端访问因特网 ( Internet ) 的路由。 认证服务器对 WLAN终端进行认证,将认证结果通过 WLAN AC通知给 WLAN终端, 并在认证通过时 , 指示 WLAN AC将该 WLAN终端接入 WLAN网络。 Step 307: After the authentication is passed, the WLAN AC controls and allows the WLAN terminal to access the Internet (Internet) route. The authentication server authenticates the WLAN terminal, and notifies the WLAN terminal to the WLAN terminal through the WLAN AC, and when the authentication passes, instructs the WLAN AC to access the WLAN terminal to the WLAN network.
步骤 308、 WLAN AC接收接入 WLAN网络的多个 WLAN终端的计费信息。  Step 308: The WLAN AC receives charging information of multiple WLAN terminals accessing the WLAN network.
步骤 309、 WLAN AC根据记录的 WLAN终端的终端标识, 确定接入 WLAN网络的 每个 WLAN终端的计费信息。  Step 309: The WLAN AC determines, according to the recorded terminal identifier of the WLAN terminal, charging information of each WLAN terminal accessing the WLAN network.
步骤 310、 WLAN AC将每个 WLAN终端的计费信息发送给认证服务器, 指示认证服 务器分别对每个 WLAN终端进行计费。  Step 310: The WLAN AC sends the charging information of each WLAN terminal to the authentication server, and instructs the authentication server to perform charging for each WLAN terminal.
步骤 308〜步骤 310与实施例一中的步骤 205〜步骤 207分别——对应, 在此不再赘述。 本发明实施例一及实施例二提供的接入 WLAN 网络的方案中, 通过包含无线路由设 备, 可以支持各种 WLAN终端的接入, 同时较好地利用了现有的移动通信系统资源, 无 线路由设备和移动通信系统资源可以通过无线方式进行通信连接, 从而实现可以在移动场 所、 例如公交车、 火车、 地铁上等实现移动终端使用 WLAN技术无线接入移动互联网进 行数据业务通信, 同时基于移动通信系统资源中的基站设备, 网络覆盖范围广泛, 网络盾 量和连续覆盖能力得到了很好的保证, 并充分利用了现有的无线系统资源。  Steps 308 to 310 are respectively corresponding to steps 205 to 207 in the first embodiment, and are not described herein again. The solution for accessing the WLAN network provided by the first embodiment and the second embodiment of the present invention can support the access of various WLAN terminals by including the wireless routing device, and utilize the existing mobile communication system resources, and wirelessly. The routing device and the mobile communication system resources can be wirelessly connected, thereby realizing that the mobile terminal can wirelessly access the mobile Internet for data service communication using the WLAN technology in a mobile place, such as a bus, a train, a subway, etc., and is based on mobile The base station equipment in the communication system resources has a wide network coverage, and the network shield capacity and continuous coverage capability are well guaranteed, and the existing wireless system resources are fully utilized.
本发明提出的接入 WLAN 网络的方案中, 不需要对无线路由设备进行很大改动, 并 将用于对 WLAN终端进行接入控制的 WLAN AC置于移动通信网的后端,通过接收 WLAN 终端通过数据业务网关(如, GGSN )转发来的数据, 实现控制 WLAN终端的接入鉴权和 计费等处理, 使得网络后端的一个 WLAN AC就可以实现对分散在不同地点的多个无线路 由设备进行统一控制和管理, 有利于无线路由设备的大规模部署, 并且也可以节约网络设 备的投入成本(通常一个 AC的成本为一个 AP成本的上百倍)。  The solution for accessing the WLAN network proposed by the present invention does not require major changes to the wireless routing device, and the WLAN AC for access control of the WLAN terminal is placed at the back end of the mobile communication network, and the WLAN terminal is received. Through the data forwarded by the data service gateway (for example, GGSN), the access authentication and charging processing of the WLAN terminal is controlled, so that one WLAN AC at the back end of the network can implement multiple wireless routing devices dispersed in different locations. Unified control and management facilitates large-scale deployment of wireless routing devices, and can also save the input cost of network devices (usually the cost of an AC is hundreds of times the cost of an AP).
此外, 在对 WLAN终端的接入认证过程中, 可以实现基于 WEB 页面的认证方式, WLAN终端在 web认证页面中可以提供终端标识(如, 手机号码)和密码信息等, 并实现 了对单个 WLAN终端的认证和计费处理。  In addition, in the process of access authentication to the WLAN terminal, a WEB page-based authentication mode can be implemented, and the WLAN terminal can provide a terminal identifier (eg, a mobile phone number) and password information in the web authentication page, and implements a single WLAN. Terminal authentication and billing processing.
实施例三、  Embodiment 3
基于本发明实施例一提供的接入 WLAN 网络的方法, 本发明实施例三提供一种接入 The method for accessing a WLAN network according to the first embodiment of the present invention provides an access method according to Embodiment 3 of the present invention.
WLAN网络的系统, 图 6为本发明实施例三提供的一种接入 WLAN网络的系统结构示意 图, 该系统包括无线局域网 WLAN终端 11、 无线路由设备 12、 移动通信网元 13、 无线局 域网接入控制器 14及鉴权设备 15 , 其中: WLAN network system, FIG. 6 is a schematic structural diagram of a system for accessing a WLAN network according to Embodiment 3 of the present invention, where the system includes a wireless local area network WLAN terminal 11, a wireless routing device 12, a mobile communication network element 13, and a wireless local area network access. The controller 14 and the authentication device 15 , wherein:
WLAN终端 11用于向无线路由设备发送接入请求; 无线路由设备 12用于将所述接入 请求转发至移动通信网元; 移动通信网元 13用于将所述接入请求转发至 WLAN AC; 无线 局域网接入控制器 14用于将所述接入请求发送至鉴权设备, 在鉴权设备对 WLAN终端鉴 权通过时, 指示 WLAN终端接入 WLAN网络; 鉴权设备 15用于根据所述接入请求对所 述 WLAN终端进行鉴权。 所述移动通信网元 13包括接入单元 131和至少一个数据业务网关 132: 无线路由设备 12还用于向接入单元发送接入点名称 APN。 The WLAN terminal 11 is configured to send an access request to the wireless routing device; the wireless routing device 12 is configured to forward the access request to the mobile communication network element; and the mobile communication network element 13 is configured to forward the access request to the WLAN AC The WLAN access controller 14 is configured to send the access request to the authentication device, and when the authentication device authenticates the WLAN terminal, instruct the WLAN terminal to access the WLAN network; the authentication device 15 is configured to use the The access request authenticates the WLAN terminal. The mobile communication network element 13 includes an access unit 131 and at least one data service gateway 132: The wireless routing device 12 is further configured to send an access point name APN to the access unit.
所述接入单元 131用于根据接收到的所述 APN确定数据业务网关。  The access unit 131 is configured to determine a data service gateway according to the received APN.
由接入单元确定的数据业务网关 132用于将所述接入请求发送至 WLAN AC。  A data service gateway 132, determined by the access unit, is configured to send the access request to the WLAN AC.
所述鉴权设备 15包括入口服务器 151和认证服务器 152;  The authentication device 15 includes an ingress server 151 and an authentication server 152;
无线局域网接入控制器 14具体用于将所述接入请求发送至入口服务器, 以及接收所 述 WLAN终端返回的携带了认证信息的认证页面, 并将认证信息发送给认证服务器。  The WLAN access controller 14 is specifically configured to send the access request to the ingress server, and receive an authentication page that carries the authentication information returned by the WLAN terminal, and send the authentication information to the authentication server.
入口服务器 151用于在接收到所述接入请求后, 向所述 WLAN终端推送认证页面。 认证服务器 152用于根据接收到的所述认证信息对所述 WLAN终端进行鉴权。  The portal server 151 is configured to push an authentication page to the WLAN terminal after receiving the access request. The authentication server 152 is configured to authenticate the WLAN terminal according to the received authentication information.
无线局域网接入控制器 14具体用于将入口服务器向所述 WLAN终端推送的认证页面 发送至移动通信网元, 以及接收移动通信网元返回的携带了认证信息的认证页面。  The WLAN access controller 14 is specifically configured to send an authentication page that the portal server pushes to the WLAN terminal to the mobile communication network element, and receive an authentication page that carries the authentication information returned by the mobile communication network element.
移动通信网元 13 还用于将接收到的认证页面发送给无线路由设备, 以及将无线路由 设备返回的携带了认证信息的认证页面发送给 WLAN AC。  The mobile communication network element 13 is further configured to send the received authentication page to the wireless routing device, and send the authentication page carrying the authentication information returned by the wireless routing device to the WLAN AC.
无线路由设备 12还用于将接收到的认证页面转发至 WLAN终端, 以及接收 WLAN 终端返回的携带了认证信息的认证页面, 并发送给移动通信网元。  The wireless routing device 12 is further configured to forward the received authentication page to the WLAN terminal, and receive the authentication page that carries the authentication information returned by the WLAN terminal, and send the authentication page to the mobile communication network element.
无线局域网接入控制器 14 还用于记录鉴权通过的 WLAN 终端的终端标识, 并在 WLAN终端接入 WLAN网络之后,接收通过无线路由设备接入 WLAN网络的多个 WLAN 终端的计费信息,根据记录的 WLAN终端的终端标识,确定接入 WLAN网络的每个 WLAN 终端的计费信息, 并将每个 WLAN终端的计费信息发送给认证服务器。  The WLAN access controller 14 is further configured to record the terminal identifier of the WLAN terminal through which the authentication is passed, and after the WLAN terminal accesses the WLAN network, receive charging information of multiple WLAN terminals that access the WLAN network through the wireless routing device, The charging information of each WLAN terminal accessing the WLAN network is determined according to the recorded terminal identifier of the WLAN terminal, and the charging information of each WLAN terminal is sent to the authentication server.
认证服务器 152还用于分别对每个 WLAN终端进行计费。  The authentication server 152 is also used to charge each WLAN terminal separately.
所述系统还可以进一步包括 WLAN网管模块 16:  The system may further include a WLAN network management module 16:
WLAN网管模块, 用于与 WLAN AC连接, 完成对远端无线路由设备的配置更新、 网 络管理、 故障诊断、 状态监视等功能。  The WLAN network management module is used to connect to the WLAN AC to complete configuration update, network management, fault diagnosis, and status monitoring of the remote wireless routing device.
实施例四、  Embodiment 4
基于本发明实施例一提供的接入 WLAN 网络的方法, 本发明实施例四提供的一种 A method for accessing a WLAN network according to Embodiment 1 of the present invention is provided in Embodiment 4 of the present invention.
WLAN AC, 图 7为本发明实施例四提供的一种无线局域网接入控制器的结构示意图, 所 述 WLAN AC包括第一接收模块 21和第一发送模块 22, 其中: WLAN AC, FIG. 7 is a schematic structural diagram of a wireless local area network access controller according to Embodiment 4 of the present invention, where the WLAN AC includes a first receiving module 21 and a first sending module 22, where:
第一接收模块 21 用于接收移动通信网元发送的接入请求, 所述接入请求是无线局域 网 WLAN终端通过无线路由设备转发至移动通信网元的; 第一发送模块 22用于将所述接 入请求发送至鉴权设备, 要求所述鉴权设备根据接收到的接入请求对所述 WLAN终端进 行鉴权, 并在鉴权通过时, 指示 WLAN终端接入 WLAN网络。  The first receiving module 21 is configured to receive an access request sent by the mobile communication network element, where the access request is that the WLAN terminal of the wireless local area network is forwarded to the mobile communication network element by using the wireless routing device; the first sending module 22 is configured to: The access request is sent to the authentication device, and the authentication device is required to authenticate the WLAN terminal according to the received access request, and when the authentication is passed, instruct the WLAN terminal to access the WLAN network.
所述第一发送模块 22包括页面发送子模块 221和信息发送子模块 222, 其中: 页面发送子模块 221用于将所述接入请求发送至鉴权设备中的入口服务器, 指示入口 服务器向所述 WLAN终端推送认证页面; 信息发送子模块 222用于将接收到的认证信息 发送至鉴权设备中的认证服务器, 要求认证服务器根据所述认证信息对所述 WLAN终端 进行鉴权; The first sending module 22 includes a page sending submodule 221 and an information sending submodule 222, where: the page sending submodule 221 is configured to send the access request to an ingress server in the authentication device, indicating the portal The server sends an authentication page to the WLAN terminal. The information sending sub-module 222 is configured to send the received authentication information to the authentication server in the authentication device, and request the authentication server to authenticate the WLAN terminal according to the authentication information.
第一接收模块 21还用于接收所述 WLAN终端返回的携带了认证信息的认证页面, 并 将所述认证信息发送给信息发送子模块。  The first receiving module 21 is further configured to receive an authentication page that carries the authentication information returned by the WLAN terminal, and send the authentication information to the information sending submodule.
所述 WLAN AC还包括第二接收模块 23和第二发送模块 24:  The WLAN AC further includes a second receiving module 23 and a second sending module 24:
所述第二接收模块 23用于接收入口服务器向所述 WLAN终端推送的认证页面; 所述第二发送模块 24用于将第二接收模块接收到的入口服务器向所述 WLAN终端推 送的认证页面发送至移动通信网元, 指示移动通信网元通过无线路由设备将该认证页面转 发至 WLAN终端。  The second receiving module 23 is configured to receive an authentication page that the portal server pushes to the WLAN terminal, where the second sending module 24 is configured to send an authentication page that is sent by the portal server that is received by the second receiving module to the WLAN terminal. Sending to the mobile communication network element, instructing the mobile communication network element to forward the authentication page to the WLAN terminal through the wireless routing device.
第一接收模块 21 具体用于接收移动通信网元发送的携带了认证信息的认证页面, 所 述携带了认证信息的认证页面是 WLAN终端通过无线路由设备转发至移动通信网元的。  The first receiving module 21 is specifically configured to receive an authentication page that carries the authentication information sent by the mobile communication network element, where the authentication page that carries the authentication information is forwarded by the WLAN terminal to the mobile communication network element by using the wireless routing device.
所述 WLAN AC还包括记录模块 25 , 其中:  The WLAN AC further includes a recording module 25, wherein:
记录模块 25用于在认证服务器对 WLAN终端鉴权通过时, 记录鉴权通过的 WLAN 终端的终端标识。  The recording module 25 is configured to record, when the authentication server authenticates the WLAN terminal, the terminal identifier of the WLAN terminal through which the authentication is passed.
第一接收模块 21还用于在 WLAN终端接入 WLAN网络之后, 接收通过无线路由设 备接入 WLAN网络的多个 WLAN终端的计费信息;  The first receiving module 21 is further configured to: after the WLAN terminal accesses the WLAN network, receive charging information of multiple WLAN terminals that access the WLAN network through the wireless routing device;
第一发送模块 22还用于根据记录的 WLAN终端的终端标识, 确定接入 WLAN网络 的每个 WLAN终端的计费信息, 并将每个 WLAN终端的计费信息发送给认证服务器, 指 示认证服务器分别对每个 WLAN终端进行计费。  The first sending module 22 is further configured to determine, according to the recorded terminal identifier of the WLAN terminal, charging information of each WLAN terminal that accesses the WLAN network, and send charging information of each WLAN terminal to the authentication server, indicating the authentication server. Billing is performed for each WLAN terminal separately.
在本实施例中, 如图 2所示, WLAN AC的第一接收模块接收来自移动通信网元的信 息, 并通过第一发送模块向鉴权设备发送信息, 从而实现从移动通信网元至鉴权设备的通 信; WLAN AC的第二接收模块接收来自鉴权设备的信息, 并通过第二发送模块向移动通 信网元发送信息, 从而实现从鉴权设备至移动通信网元的通信。  In this embodiment, as shown in FIG. 2, the first receiving module of the WLAN AC receives the information from the mobile communication network element, and sends the information to the authentication device through the first sending module, thereby implementing the mobile communication network element to the Communication of the right device; The second receiving module of the WLAN AC receives the information from the authentication device, and transmits the information to the mobile communication network element through the second sending module, thereby implementing communication from the authentication device to the mobile communication network element.
实施例五、  Embodiment 5
基于本发明实施例一提供的接入 WLAN 网络的方法, 本发明实施例五提供的一种移 动通信网元, 图 8为本发明实施例五提供的一种移动通信网元的结构示意图, 该移动通信 网元包括接入单元 31和至少一个数据业务网关 32 , 其中:  A method for accessing a WLAN network according to the first embodiment of the present invention, a mobile communication network element according to Embodiment 5 of the present invention, FIG. 8 is a schematic structural diagram of a mobile communication network element according to Embodiment 5 of the present invention, where The mobile communication network element includes an access unit 31 and at least one data service gateway 32, wherein:
接入单元 31用于接收接入请求, 所述接入请求是无线局域网 WLAN终端通过无线路 由设备转发的;数据业务网关 32用于将所述接入请求转发至无线局域网接入控制器 WLAN AC , 要求 WLAN AC在 WLAN终端鉴权通过时, 指示 WLAN终端接入 WLAN网络。  The access unit 31 is configured to receive an access request, where the access request is forwarded by the wireless local area network WLAN terminal by using a wireless routing device; and the data service gateway 32 is configured to forward the access request to the wireless local area network access controller WLAN AC The WLAN AC is required to instruct the WLAN terminal to access the WLAN network when the WLAN terminal authenticates.
接入单元 31还用于接收无线路由设备发送的接入点名称 APN, 并根据接收到的所述 The access unit 31 is further configured to receive an access point name APN sent by the wireless routing device, and according to the received
APN确定向 WLAN AC发送接入请求的数据业务网关。 数据业务网关 32还用于接收 WLAN AC推送的认证页面, 所述认证页面是入口服务 器向所述 WLAN AC推送的, 以及接收接入单元返回的携带了认证信息的认证页面, 并将 携带了认证信息的认证页面推送至 WLAN AC。 The APN determines the data service gateway that sends the access request to the WLAN AC. The data service gateway 32 is further configured to receive an authentication page that is pushed by the WLAN AC, where the authentication page is pushed by the ingress server to the WLAN AC, and the authentication page that carries the authentication information returned by the access unit is received, and the authentication page is carried. The authentication page for the information is pushed to the WLAN AC.
接入单元 31还用于将数据业务网关发送的认证页面推送至所述 WLAN终端, 接收所 述 WLAN终端返回的携带了认证信息的认证页面, 并将携带了认证信息的认证页面发送 至数据业务网关。  The access unit 31 is further configured to: push the authentication page sent by the data service gateway to the WLAN terminal, receive the authentication page that carries the authentication information returned by the WLAN terminal, and send the authentication page that carries the authentication information to the data service. Gateway.
接入单元 31还用于接收接入 WLAN网络的多个 WLAN终端的计费信息。  The access unit 31 is further configured to receive charging information of a plurality of WLAN terminals accessing the WLAN network.
数据业务网关 32还用于将所述接入单元接收到的计费信息发送至 WLAN AC。  The data service gateway 32 is further configured to send the charging information received by the access unit to the WLAN AC.
本领域内的技术人员应明白, 本发明的实施例可提供为方法、 系统、 或计算机程序产 品。 因此, 本发明可釆用完全硬件实施例、 完全软件实施例、 或结合软件和硬件方面的实 施例的形式。 而且, 本发明可釆用在一个或多个其中包含有计算机可用程序代码的计算机 可用存储介盾 (包括但不限于磁盘存储器、 CD-ROM、 光学存储器等)上实施的计算机程 序产品的形式。  Those skilled in the art will appreciate that embodiments of the present invention can be provided as a method, system, or computer program product. Accordingly, the present invention may take the form of an entirely hardware embodiment, an entirely software embodiment, or a combination of software and hardware. Moreover, the present invention can be embodied in the form of a computer program product embodied on one or more computer-usable storage interfaces (including but not limited to disk storage, CD-ROM, optical storage, etc.) containing computer usable program code.
本发明是参照根据本发明实施例的方法、 设备(系统)、 和计算机程序产品的流程图 和 /或方框图来描述的。 应理解可由计算机程序指令实现流程图和 /或方框图中的每一流 程和 /或方框、 以及流程图和 /或方框图中的流程和 /或方框的结合。 可提供这些计算机 程序指令到通用计算机、 专用计算机、 嵌入式处理机或其他可编程数据处理设备的处理器 以产生一个机器, 使得通过计算机或其他可编程数据处理设备的处理器执行的指令产生用 于实现在流程图一个流程或多个流程和 /或方框图一个方框或多个方框中指定的功能的 装置。  The present invention has been described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (system), and computer program products according to embodiments of the invention. It will be understood that each process and/or block of the flowchart illustrations and/or FIG. These computer program instructions can be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing device to produce a machine for the execution of instructions for execution by a processor of a computer or other programmable data processing device. Means for implementing the functions specified in one or more of the flow or in a block or blocks of the flow chart.
这些计算机程序指令也可存储在能引导计算机或其他可编程数据处理设备以特定方 式工作的计算机可读存储器中, 使得存储在该计算机可读存储器中的指令产生包括指令装 置的制造品, 该指令装置实现在流程图一个流程或多个流程和 /或方框图一个方框或多个 方框中指定的功能。  The computer program instructions can also be stored in a computer readable memory that can direct a computer or other programmable data processing device to operate in a particular manner, such that the instructions stored in the computer readable memory produce an article of manufacture comprising the instruction device. The apparatus implements the functions specified in one or more blocks of a flow or a flow and/or block diagram of the flowchart.
这些计算机程序指令也可装载到计算机或其他可编程数据处理设备上, 使得在计算机 或其他可编程设备上执行一系列操作步骤以产生计算机实现的处理, 从而在计算机或其他 可编程设备上执行的指令提供用于实现在流程图一个流程或多个流程和 /或方框图一个 方框或多个方框中指定的功能的步骤。  These computer program instructions can also be loaded onto a computer or other programmable data processing device such that a series of operational steps are performed on a computer or other programmable device to produce computer-implemented processing for execution on a computer or other programmable device. The instructions provide steps for implementing the functions specified in one or more of the flow or in a block or blocks of a flow diagram.
尽管已描述了本发明的优选实施例, 但本领域内的技术人员一旦得知了基本创造性概 念, 则可对这些实施例作出另外的变更和修改。 所以, 所附权利要求意欲解释为包括优选 实施例以及落入本发明范围的所有变更和修改。  Although the preferred embodiment of the invention has been described, it will be apparent to those of ordinary skill in the art that <RTIgt; Therefore, the appended claims are intended to be construed as including the preferred embodiments and the modifications
显然, 本领域的技术人员可以对本发明实施例进行各种改动和变型而不脱离本发明实 施例的精神和范围。 这样, 倘若本发明实施例的这些修改和变型属于本发明权利要求及其 等同技术的范围之内, 则本发明也意图包含这些改动和变型在内。 It is apparent that those skilled in the art can make various modifications and variations to the embodiments of the present invention without departing from the spirit and scope of the embodiments of the present invention. Thus, if such modifications and variations of the embodiments of the invention are within the scope of the invention The present invention is also intended to cover such modifications and variations within the scope of the equivalents.

Claims

权 利 要 求 Rights request
1、 一种接入无线局域网 WLAN网络的方法, 其特征在于, 该方法包括: A method for accessing a wireless local area network WLAN network, the method comprising:
无线局域网接入控制器 WLAN AC接收移动通信网元发送的接入请求, 所述接入请求 是无线局域网 WLAN终端通过无线路由设备转发至移动通信网元的;  The WLAN AC receives the access request sent by the mobile communication network element, and the access request is that the WLAN terminal of the wireless local area network is forwarded to the mobile communication network element by using the wireless routing device;
WLAN AC将所述接入请求发送至鉴权设备, 要求所述鉴权设备根据接收到的接入请 求对所述 WLAN终端进行鉴权, 并在鉴权通过时, 指示 WLAN终端接入 WLAN网络。  The WLAN AC sends the access request to the authentication device, and the authentication device is required to authenticate the WLAN terminal according to the received access request, and when the authentication is passed, instruct the WLAN terminal to access the WLAN network. .
2、 如权利要求 1 所述的方法, 其特征在于, 所述移动通信网元包括接入单元和至少 一个数据业务网关, WLAN AC接收到的接入请求是所述至少一个数据业务网关中的一个 数据业务网关发送的;  2. The method according to claim 1, wherein the mobile communication network element comprises an access unit and at least one data service gateway, and the access request received by the WLAN AC is in the at least one data service gateway. Sent by a data service gateway;
其中, 向 WLAN AC发送接入请求的数据业务网关通过以下方式确定:  The data service gateway that sends an access request to the WLAN AC is determined by:
接入单元接收无线路由设备发送的接入点名称 APN;  The access unit receives the access point name APN sent by the wireless routing device;
接入单元根据接收到的所述 APN确定向 WLAN AC发送接入请求的数据业务网关。 The access unit determines, according to the received APN, a data service gateway that sends an access request to the WLAN AC.
3、 如权利要求 1 所述的方法, 其特征在于, 所述鉴权设备包括入口服务器和认证服 务器; 3. The method according to claim 1, wherein the authentication device comprises an ingress server and an authentication server;
WLAN AC要求所述鉴权设备根据接收到的接入请求对所述 WLAN终端进行鉴权,具 体包括:  The WLAN AC requires the authentication device to authenticate the WLAN terminal according to the received access request, including:
WLAN AC将所述接入请求发送至入口服务器,指示入口服务器向所述 WLAN终端推 送认证页面;  The WLAN AC sends the access request to the ingress server, instructing the ingress server to push the authentication page to the WLAN terminal;
WLAN AC接收所述 WLAN终端返回的携带了认证信息的认证页面, 并将所述认证 信息发送至认证服务器, 要求认证服务器根据所述认证信息对所述 WLAN终端进行鉴权。  The WLAN AC receives the authentication page that carries the authentication information returned by the WLAN terminal, and sends the authentication information to the authentication server, and requests the authentication server to authenticate the WLAN terminal according to the authentication information.
4、 如权利要求 3所述的方法, 其特征在于,  4. The method of claim 3, wherein
WLAN AC指示入口服务器向所述 WLAN终端推送认证页面, 具体包括:  The WLAN AC instructs the ingress server to push the authentication page to the WLAN terminal, which specifically includes:
WLAN AC将入口服务器向所述 WLAN终端推送的认证页面发送至移动通信网元,指 示移动通信网元通过无线路由设备将该认证页面转发至 WLAN终端;  The WLAN AC sends an authentication page that the portal server pushes to the WLAN terminal to the mobile communication network element, and indicates that the mobile communication network element forwards the authentication page to the WLAN terminal by using the wireless routing device;
WLAN AC接收所述 WLAN终端返回的携带了认证信息的认证页面, 具体包括: The WLAN AC receives the authentication page that is returned by the WLAN terminal and carries the authentication information, and specifically includes:
WLAN AC接收移动通信网元发送的携带了认证信息的认证页面, 所述携带了认证信 息的认证页面是 WLAN终端通过无线路由设备转发至移动通信网元的。 The WLAN AC receives the authentication page that carries the authentication information sent by the mobile communication network element, and the authentication page that carries the authentication information is forwarded by the WLAN terminal to the mobile communication network element by using the wireless routing device.
5、 如权利要求 3所述的方法, 其特征在于, 所述认证信息中包含 WLAN终端的终端 标识;  The method according to claim 3, wherein the authentication information includes a terminal identifier of the WLAN terminal;
在鉴权设备对所述 WLAN终端鉴权通过之后, 所述方法还包括:  After the authentication device authenticates the WLAN terminal, the method further includes:
WLAN AC记录鉴权通过的 WLAN终端的终端标识;  The terminal identifier of the WLAN terminal through which the WLAN AC record is authenticated;
WLAN终端接入 WLAN网络之后, 所述方法还包括: WLAN AC接收通过无线路由设备接入 WLAN网络的多个 WLAN终端的计费信息; WLAN AC根据记录的 WLAN终端的终端标识, 确定接入 WLAN网络的每个 WLAN 终端的计费信息, 并将每个 WLAN终端的计费信息发送给认证服务器, 指示认证服务器 分别对每个 WLAN终端进行计费。 After the WLAN terminal accesses the WLAN network, the method further includes: The WLAN AC receives charging information of multiple WLAN terminals accessing the WLAN network through the wireless routing device; the WLAN AC determines charging information of each WLAN terminal accessing the WLAN network according to the recorded terminal identifier of the WLAN terminal, and each The charging information of the WLAN terminals is sent to the authentication server, and the authentication server is instructed to charge each WLAN terminal separately.
6、 一种接入无线局域网 WLAN 网络的系统, 其特征在于, 该系统包括无线局域网 6. A system for accessing a wireless local area network WLAN network, characterized in that the system comprises a wireless local area network
WLAN终端、 无线路由设备、 移动通信网元、 无线局域网接入控制器 WLAN AC及鉴权设 备, 其中: WLAN terminal, wireless routing device, mobile communication network element, wireless local area network access controller WLAN AC and authentication device, wherein:
WLAN终端, 用于向无线路由设备发送接入请求;  a WLAN terminal, configured to send an access request to the wireless routing device;
无线路由设备, 用于将所述接入请求转发至移动通信网元;  a wireless routing device, configured to forward the access request to a mobile communication network element;
移动通信网元, 用于将所述接入请求转发至 WLAN AC;  a mobile communication network element, configured to forward the access request to the WLAN AC;
WLAN AC, 用于将所述接入请求发送至鉴权设备, 在鉴权设备对 WLAN终端鉴权通 过时, 指示 WLAN终端接入 WLAN网络;  The WLAN AC is configured to send the access request to the authentication device, and when the authentication device authenticates the WLAN terminal, instruct the WLAN terminal to access the WLAN network;
鉴权设备, 用于根据所述接入请求对所述 WLAN终端进行鉴权。  An authentication device, configured to authenticate the WLAN terminal according to the access request.
7、 如权利要求 6 所述的系统, 其特征在于, 所述移动通信网元包括接入单元和至少 一个数据业务网关:  7. The system of claim 6, wherein the mobile communication network element comprises an access unit and at least one data service gateway:
无线路由设备, 还用于向所述接入单元发送接入点名称 APN;  a wireless routing device, further configured to send an access point name APN to the access unit;
所述接入单元, 用于根据接收到的所述 APN确定数据业务网关;  The access unit is configured to determine a data service gateway according to the received APN;
由接入单元确定的数据业务网关, 用于将所述接入请求发送至 WLAN AC。  A data service gateway determined by the access unit, configured to send the access request to the WLAN AC.
8、 如权利要求 6 所述的系统, 其特征在于, 所述鉴权设备包括入口服务器和认证服 务器;  8. The system according to claim 6, wherein the authentication device comprises an ingress server and an authentication server;
WLAN AC, 具体用于将所述接入请求发送至入口服务器, 以及接收所述 WLAN终端 返回的携带了认证信息的认证页面, 并将认证信息发送给认证服务器;  The WLAN AC is specifically configured to send the access request to the ingress server, and receive an authentication page that carries the authentication information returned by the WLAN terminal, and send the authentication information to the authentication server.
入口服务器, 用于在接收到所述接入请求后, 向所述 WLAN终端推送认证页面; 认证服务器, 用于根据接收到的所述认证信息对所述 WLAN终端进行鉴权。  An ingress server, configured to: after receiving the access request, push an authentication page to the WLAN terminal; and an authentication server, configured to authenticate the WLAN terminal according to the received authentication information.
9、 如权利要求 8所述的系统, 其特征在于,  9. The system of claim 8 wherein:
WLAN AC, 具体用于将入口服务器向所述 WLAN终端推送的认证页面发送至移动通 信网元, 以及接收移动通信网元返回的携带了认证信息的认证页面;  The WLAN AC is specifically configured to send an authentication page that the ingress server pushes to the WLAN terminal to the mobile communication network element, and receive an authentication page that carries the authentication information returned by the mobile communication network element;
移动通信网元, 还用于将接收到的认证页面发送给无线路由设备, 以及将无线路由设 备返回的携带了认证信息的认证页面发送给 WLAN AC;  The mobile communication network element is further configured to send the received authentication page to the wireless routing device, and send the authentication page carrying the authentication information returned by the wireless routing device to the WLAN AC;
无线路由设备, 还用于将接收到的认证页面转发至 WLAN终端, 以及接收 WLAN终 端返回的携带了认证信息的认证页面, 并发送给移动通信网元。  The wireless routing device is further configured to forward the received authentication page to the WLAN terminal, and receive an authentication page that carries the authentication information returned by the WLAN terminal, and send the authentication page to the mobile communication network element.
10、 如权利要求 8所述的系统, 其特征在于,  10. The system of claim 8 wherein:
WLAN AC, 还用于记录鉴权通过的 WLAN终端的终端标识, 并在 WLAN终端接入 WLAN网络之后,接收通过无线路由设备接入 WLAN网络的多个 WLAN终端的计费信息, 根据记录的 WLAN终端的终端标识, 确定接入 WLAN网络的每个 WLAN终端的计费信 息, 并将每个 WLAN终端的计费信息发送给认证服务器; The WLAN AC is also used to record the terminal identifier of the WLAN terminal through which authentication is passed, and access the WLAN terminal. After the WLAN network, receiving charging information of multiple WLAN terminals accessing the WLAN network through the wireless routing device, determining charging information of each WLAN terminal accessing the WLAN network according to the recorded terminal identifier of the WLAN terminal, and The charging information of the WLAN terminals is sent to the authentication server;
认证服务器, 还用于分别对每个 WLAN终端进行计费。  The authentication server is also used to charge each WLAN terminal separately.
11、 一种无线局域网接入控制器 WLAN AC , 其特征在于, 所述 WLAN AC包括第一 接收模块和第一发送模块, 其中:  A WLAN AC, wherein the WLAN AC includes a first receiving module and a first sending module, where:
第一接收模块, 用于接收移动通信网元发送的接入请求, 所述接入请求是无线局域网 WLAN终端通过无线路由设备转发至移动通信网元的;  The first receiving module is configured to receive an access request sent by the mobile communication network element, where the access request is forwarded by the wireless local area network WLAN terminal to the mobile communication network element by using the wireless routing device;
第一发送模块, 用于将所述接入请求发送至鉴权设备, 要求所述鉴权设备根据接收到 的接入请求对所述 WLAN终端进行鉴权, 并在鉴权通过时, 指示 WLAN终端接入 WLAN 网络。  a first sending module, configured to send the access request to the authentication device, requesting the authentication device to perform authentication on the WLAN terminal according to the received access request, and indicating the WLAN when the authentication is passed The terminal accesses the WLAN network.
12、 如权利要求 11所述的 WLAN AC , 其特征在于, 所述第一发送模块, 包括页面发 送子模块和信息发送子模块, 其中:  The WLAN AC according to claim 11, wherein the first sending module comprises a page sending submodule and an information sending submodule, wherein:
页面发送子模块, 用于将所述接入请求发送至鉴权设备中的入口服务器, 指示入口服 务器向所述 WLAN终端推送认证页面;  a page sending submodule, configured to send the access request to an ingress server in the authentication device, to instruct the ingress server to push the authentication page to the WLAN terminal;
信息发送子模块, 用于将接收到的认证信息发送至鉴权设备中的认证服务器, 要求认 证服务器根据所述认证信息对所述 WLAN终端进行鉴权;  An information sending submodule, configured to send the received authentication information to an authentication server in the authentication device, and request the authentication server to authenticate the WLAN terminal according to the authentication information;
第一接收模块, 还用于接收所述 WLAN终端返回的携带了认证信息的认证页面, 并 将所述认证信息发送给信息发送子模块。  The first receiving module is further configured to receive an authentication page that carries the authentication information returned by the WLAN terminal, and send the authentication information to the information sending submodule.
13、 如权利要求 12所述的 WLAN AC , 其特征在于, 所述 WLAN AC还包括第二接收 模块和第二发送模块:  The WLAN AC according to claim 12, wherein the WLAN AC further includes a second receiving module and a second sending module:
所述第二接收模块, 用于接收入口服务器向所述 WLAN终端推送的认证页面; 所述第二发送模块, 用于将第二接收模块接收到的入口服务器向所述 WLAN终端推 送的认证页面发送至移动通信网元, 指示移动通信网元通过无线路由设备将该认证页面转 发至 WLAN终端;  The second receiving module is configured to receive an authentication page that is sent by the portal server to the WLAN terminal, where the second sending module is configured to send an authentication page that is sent by the portal server that is received by the second receiving module to the WLAN terminal. Sending to the mobile communication network element, instructing the mobile communication network element to forward the authentication page to the WLAN terminal by using the wireless routing device;
第一接收模块, 具体用于接收移动通信网元发送的携带了认证信息的认证页面, 所述 携带了认证信息的认证页面是 WLAN终端通过无线路由设备转发至移动通信网元的。  The first receiving module is configured to receive an authentication page that is sent by the mobile communication network element and that carries the authentication information. The authentication page that carries the authentication information is forwarded by the WLAN terminal to the mobile communication network element by using the wireless routing device.
14、如权利要求 12所述的 WLAN AC ,其特征在于,所述 WLAN AC还包括记录模块, 其巾:  The WLAN AC according to claim 12, wherein the WLAN AC further comprises a recording module, and the towel:
记录模块, 用于在认证服务器对 WLAN终端鉴权通过时, 记录鉴权通过的 WLAN终 端的终端标识;  a recording module, configured to record, when the authentication server authenticates the WLAN terminal, the terminal identifier of the WLAN terminal through which the authentication is passed;
第一接收模块, 还用于在 WLAN终端接入 WLAN网络之后, 接收通过无线路由设备 接入 WLAN网络的多个 WLAN终端的计费信息; 第一发送模块, 还用于根据记录的 WLAN终端的终端标识, 确定接入 WLAN网络的 每个 WLAN终端的计费信息, 并将每个 WLAN终端的计费信息发送给认证服务器, 指示 认证服务器分别对每个 WLAN终端进行计费。 The first receiving module is further configured to: after the WLAN terminal accesses the WLAN network, receive charging information of multiple WLAN terminals that access the WLAN network through the wireless routing device; The first sending module is further configured to determine, according to the recorded terminal identifier of the WLAN terminal, charging information of each WLAN terminal that accesses the WLAN network, and send charging information of each WLAN terminal to the authentication server to indicate the authentication server. Billing is performed for each WLAN terminal separately.
15、 一种移动通信网元, 其特征在于, 该移动通信网元包括接入单元和至少一个数据 业务网关:  A mobile communication network element, wherein the mobile communication network element comprises an access unit and at least one data service gateway:
接入单元, 用于接收接入请求, 所述接入请求是无线局域网 WLAN终端通过无线路 由设备转发的;  An access unit, configured to receive an access request, where the access request is forwarded by a wireless local area network WLAN terminal by using a wireless routing device;
数据业务网关, 用于将所述接入请求转发至无线局域网接入控制器 WLAN AC, 要求 WLAN AC在 WLAN终端鉴权通过时, 指示 WLAN终端接入 WLAN网络。  The data service gateway is configured to forward the access request to the WLAN access controller WLAN AC, and the WLAN AC is required to indicate that the WLAN terminal accesses the WLAN network when the WLAN terminal authenticates.
16、 如权利要求 15所述的移动通信网元, 其特征在于,  16. The mobile communication network element of claim 15 wherein:
接入单元, 还用于接收无线路由设备发送的接入点名称 APN, 并根据接收到的所述 APN确定向 WLAN AC发送接入请求的数据业务网关。  The access unit is further configured to receive an access point name APN sent by the wireless routing device, and determine, according to the received APN, a data service gateway that sends an access request to the WLAN AC.
17、 如权利要求 15所述的移动通信网元, 其特征在于,  17. The mobile communication network element of claim 15 wherein:
数据业务网关, 还用于接收 WLAN AC推送的认证页面, 所述认证页面是入口服务器 向所述 WLAN AC推送的, 以及接收接入单元返回的携带了认证信息的认证页面, 并将携 带了认证信息的认证页面推送至 WLAN AC;  The data service gateway is further configured to receive an authentication page that is pushed by the WLAN AC, where the authentication page is pushed by the ingress server to the WLAN AC, and the authentication page that carries the authentication information returned by the access unit is received, and the authentication page is carried. The authentication page of the information is pushed to the WLAN AC;
接入单元, 还用于将数据业务网关发送的认证页面推送至所述 WLAN终端, 接收所 述 WLAN终端返回的携带了认证信息的认证页面, 并将携带了认证信息的认证页面发送 至数据业务网关。  The access unit is further configured to: send an authentication page sent by the data service gateway to the WLAN terminal, receive an authentication page that carries the authentication information returned by the WLAN terminal, and send an authentication page that carries the authentication information to the data service. Gateway.
18、 如权利要求 15所述的移动通信网元, 其特征在于,  18. The mobile communication network element of claim 15 wherein:
接入单元, 还用于接收接入 WLAN网络的多个 WLAN终端的计费信息;  The access unit is further configured to receive charging information of multiple WLAN terminals accessing the WLAN network;
数据业务网关, 还用于将所述接入单元接收到的计费信息发送至 WLAN AC。  The data service gateway is further configured to send the charging information received by the access unit to the WLAN AC.
PCT/CN2012/072446 2011-03-16 2012-03-16 Method, system and apparatus for accessing wlan network WO2012122947A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201110063162.6 2011-03-16
CN201110063162.6A CN102685743B (en) 2011-03-16 2011-03-16 A kind of method, system and equipment accessing wlan network

Publications (1)

Publication Number Publication Date
WO2012122947A1 true WO2012122947A1 (en) 2012-09-20

Family

ID=46816978

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2012/072446 WO2012122947A1 (en) 2011-03-16 2012-03-16 Method, system and apparatus for accessing wlan network

Country Status (2)

Country Link
CN (1) CN102685743B (en)
WO (1) WO2012122947A1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112235832A (en) * 2019-07-15 2021-01-15 新伟泛网络有限公司 Multi-network heterogeneous data transmission method, base station, system and medium based on white band

Families Citing this family (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102932913B (en) * 2012-10-24 2018-10-26 南京中兴新软件有限责任公司 Obtain method, server, gateway and the system of MAB terminal access positions
US20140169248A1 (en) * 2012-12-12 2014-06-19 Qualcomm Incorporated System and method for improved communication on a wireless network
CN103916866A (en) * 2012-12-29 2014-07-09 中国移动通信集团河北有限公司 Method and apparatus for WLAN site selection
US9609569B2 (en) * 2013-09-19 2017-03-28 Cisco Technology, Inc. High-speed mobile broadband access by slewing between vehicular narrowbeam transceiver and fixed transceivers along prescribed path
CN105025510B (en) * 2014-04-23 2019-02-26 中国移动通信集团广东有限公司 A kind of network O&M method, apparatus and control equipment
CN103987042A (en) * 2014-05-08 2014-08-13 中国联合网络通信集团有限公司 Access authentication method of terminals and access gateway
CN107249207A (en) * 2017-05-05 2017-10-13 上海斐讯数据通信技术有限公司 Management method, management system and the radio reception device of any wireless network services
CN109275104A (en) * 2018-09-28 2019-01-25 上海宝通汎球电子有限公司 A kind of positioning system and method based on wireless communication technology
CN109587656A (en) * 2018-12-31 2019-04-05 广东超讯通信技术股份有限公司 A kind of communication means, wireless fidelity device and terminal device

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1682487A (en) * 2003-05-15 2005-10-12 松下电器产业株式会社 Radio lan access authentication system
CN1753364A (en) * 2005-10-26 2006-03-29 杭州华为三康技术有限公司 Method of controlling network access and its system
CN1874287A (en) * 2005-05-30 2006-12-06 中兴通讯股份有限公司 Interworking system and method between mobile communication network and wireless metropolitan area network
CN101399722A (en) * 2007-09-25 2009-04-01 海尔集团公司 Access method and system for wireless network device
CN101707773A (en) * 2009-11-23 2010-05-12 中国电信股份有限公司 Method and system for fusing WLAN access gateway, mobile network and wireless broadband network

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
AU2003272166A1 (en) * 2003-10-16 2005-05-05 Telefonaktiebolaget Lm Ericsson (Publ) Access to cdma/umts services over a wlan access point, using a gateway node between the wlan access point and the service providing network
CN101150594B (en) * 2007-10-18 2013-06-19 中国联合网络通信集团有限公司 Integrated access method and system for mobile cellular network and WLAN
CN101516141B (en) * 2008-12-05 2011-01-19 中国移动通信集团广东有限公司 Method and system for communication between mobile terminal and Internet

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1682487A (en) * 2003-05-15 2005-10-12 松下电器产业株式会社 Radio lan access authentication system
CN1874287A (en) * 2005-05-30 2006-12-06 中兴通讯股份有限公司 Interworking system and method between mobile communication network and wireless metropolitan area network
CN1753364A (en) * 2005-10-26 2006-03-29 杭州华为三康技术有限公司 Method of controlling network access and its system
CN101399722A (en) * 2007-09-25 2009-04-01 海尔集团公司 Access method and system for wireless network device
CN101707773A (en) * 2009-11-23 2010-05-12 中国电信股份有限公司 Method and system for fusing WLAN access gateway, mobile network and wireless broadband network

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112235832A (en) * 2019-07-15 2021-01-15 新伟泛网络有限公司 Multi-network heterogeneous data transmission method, base station, system and medium based on white band

Also Published As

Publication number Publication date
CN102685743B (en) 2015-10-07
CN102685743A (en) 2012-09-19

Similar Documents

Publication Publication Date Title
WO2012122947A1 (en) Method, system and apparatus for accessing wlan network
CN102404720B (en) Sending method and sending device of secret key in wireless local area network
WO2015196396A1 (en) Method for establishing network connection, gateway and terminal
CN103002511A (en) Data distribution triggering method, network side equipment, user equipment and network system
WO2013056675A1 (en) Access method for wifi access point, wifi access point and wifi system
WO2013017098A1 (en) Method, device, and system for ue access to evolved packet core network
CN101938745B (en) Roaming handover method and device thereof
WO2011134434A1 (en) Data transmission device, method and communication system
JP2015515773A (en) Method and trusted gateway for WIFI terminal to access packet data PS service domain
WO2016000398A1 (en) Communication method and device, mobile terminal and cloud server
JP4613926B2 (en) Handover method and communication system between mobile communication network and public network
CN102026163B (en) Method and device for selecting access to Internet through wireless fidelity access network
CN102316453B (en) Wireless access method and device thereof
CN103384365A (en) Method and system for network access, method for processing business and equipment
CN104066083A (en) Method and device used for accessing wireless local area network
WO2012068946A1 (en) Method and system for querying gateway
CN103906055A (en) Service data distribution method and service data distribution system
CN103428800A (en) Route selection method and functional network element
WO2012151905A1 (en) Method and device for network handover
WO2013174098A1 (en) Method, device and system for accessing network based on capwap protocol
CN104335668A (en) Service control apparatus, relay apparatus, femtocell base station, communication system, control method, and program
CN103188667B (en) Wireless local area network access method, gateway and network integration system
CN103843445B (en) The method and apparatus for accessing network
WO2014063626A1 (en) Group transient key updating method and related apparatus and system
CN105101337A (en) Information transmitting method and information transmitting system

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 12758165

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

32PN Ep: public notification in the ep bulletin as address of the adressee cannot be established

Free format text: NOTING OF LOSS OF RIGHTS PURSUANT TO RULE 112(1) EPC (EPO FORM 1205N DATED 14/01/2014)

122 Ep: pct application non-entry in european phase

Ref document number: 12758165

Country of ref document: EP

Kind code of ref document: A1