WO2015039290A1 - Method, device and system for terminal to access network - Google Patents

Method, device and system for terminal to access network Download PDF

Info

Publication number
WO2015039290A1
WO2015039290A1 PCT/CN2013/083681 CN2013083681W WO2015039290A1 WO 2015039290 A1 WO2015039290 A1 WO 2015039290A1 CN 2013083681 W CN2013083681 W CN 2013083681W WO 2015039290 A1 WO2015039290 A1 WO 2015039290A1
Authority
WO
WIPO (PCT)
Prior art keywords
terminal
address
server
relay
message
Prior art date
Application number
PCT/CN2013/083681
Other languages
French (fr)
Chinese (zh)
Inventor
马景旺
欧阳国威
金辉
衣强
朱奋勤
Original Assignee
华为终端有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 华为终端有限公司 filed Critical 华为终端有限公司
Priority to PCT/CN2013/083681 priority Critical patent/WO2015039290A1/en
Publication of WO2015039290A1 publication Critical patent/WO2015039290A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0227Filtering policies
    • H04L63/0236Filtering by address, protocol, port number or service, e.g. IP-address or URL

Definitions

  • the present invention relates to the field of communications, and in particular, to a method, device, and system for a terminal to access a network.
  • the public security field generally uses a special trunking communication system to realize communication between related personnel.
  • This specialized trunking communication system requires the public safety agency to purchase and construct a trunking communication system by itself, and the input cost is relatively large.
  • the current cluster communication system does not support high-speed broadband communication, so that the relevant staff cannot implement a communication method such as video that requires a relatively high access rate.
  • a mobile communication network operated by an operator such as a fourth-generation communication network
  • a mobile communication network operated by an operator may be enhanced to enhance the mobile communication network, thereby enabling the mobile communication network to support cluster communication, thereby enabling the cluster to Communication uses high-speed access provided by mobile communication networks to achieve broadband trunking communication to meet the needs of the public security field.
  • the terminal used for trunking communication can access the radio access network through the relay, thereby accessing the mobility management entity and the gateway device, and further accessing the cluster communication server through the gateway device, and the cluster communication server is responsible for the cluster communication. Call management and management of cluster group members, etc.
  • the terminal when the terminal can access the cluster server through the relay, it can also access any server on the network, which may cause communication data leakage between the terminal and the cluster communication server, and public security. reduce.
  • Embodiments of the present invention provide a method, device, and system for a terminal to access a network, which can prevent communication data from being leaked and improve public security performance.
  • a first aspect provides a method for a terminal to access a network, including: a packet data gateway receiving a message, where the message includes an IP address of the terminal, and a service IP address of the server; the IP address of the terminal is added with the IP address of the server, and the data gateway of the packet is in accordance with the IP address of the terminal and the IP address of the server during data transmission Data filtering is performed to facilitate data communication between the terminal and the server.
  • the packet data gateway deletes an IP address of the terminal and an IP address of the server, where the packet data gateway is in a data transmission process, according to the terminal
  • the IP address is filtered with the IP address of the server so that the terminal does not communicate with the server.
  • the message is sent by the proximity server to the packet data gateway by using a mobility management entity and a service gateway; or, the message is a short-range server passing And transmitting, by the mobility management entity and the service gateway, to the packet data gateway; or, the message is sent by the proximity server to the packet data gateway by using a policy and charging rule function entity; wherein, in the message The IP address of the terminal and the IP address of the server are obtained by the proximity server when the server authenticates the terminal by using the proximity server and the relay, or the terminal passes The proximity server is obtained when the relay is registered to the server.
  • the packet data gateway adds or deletes an IP address of the terminal according to the identifier information carried in the message, and the The IP address of the server.
  • the identification information is used to indicate the packet data
  • the gateway adds the IP address of the terminal to the IP address of the server; when the server allows the terminal to exit the group communication by using the relay, the identifier information is used to indicate that the packet data gateway is deleted.
  • the message further includes:
  • the terminal identifier is used by the network to identify the identity of the terminal
  • the identifier of the relay is used by the network to identify the identity of the relay
  • the relay indication is used to indicate the relay.
  • the quality of service parameter required by the terminal is used by the terminal to request a communication resource from the network.
  • the method further includes: when the packet data gateway receives the message, the packet data gateway is configured according to the IP address of the terminal in the message The address and the IP address of the server generate a data aggregation description parameter, and the aggregation description parameter is used by the packet data gateway to update the data filtering template of the relay, and then sent to the relay for data forwarding.
  • a second aspect provides a method for a terminal to access a network, including: acquiring, by a proximity server, an IP address of a terminal and an IP address of a server; the proximity server sending a message to a packet data gateway, where the message includes the terminal An IP address and an IP address of the server; the packet data gateway adds an IP address of the terminal to an IP address of the server, and in a data transmission process, the packet data gateway is based on an IP address of the terminal Data filtering of the server's IP address; The terminal performs data communication with the server after the packet data gateway performs data filtering.
  • the packet data gateway receives the message, deleting an IP address of the terminal and an IP address of the server; in a data transmission process, the grouping The data gateway performs data filtering according to the IP address of the terminal and the IP address of the server; the terminal does not perform data communication with the server when the packet data gateway performs data filtering.
  • the acquiring, by the short-range server, the IP address of the terminal and the IP address of the server includes: the server passing the short-range server The terminal authenticates the terminal; the proximity server acquires an IP address of the terminal and an IP address of the server from an authentication process; or the proximity server acquires an IP address of the terminal and an IP of the server The address includes: the terminal registers with the relay to the service crying port by using the proximity server, and the proximity server acquires an IP address of the terminal and an IP address of the server from a registration process. .
  • the sending, by the proximity server, the message to the packet data gateway includes: sending, by the proximity server, the message to mobility management An entity; the mobility management entity sends the message to the packet data gateway via a serving gateway.
  • the sending, by the proximity server, the message to the packet data gateway includes: sending, by the proximity server, the message to the relay; The relay sends the message to a mobility management entity; the mobility management entity sends the message to the packet data gateway via a serving gateway.
  • the sending, by the proximity server, the message to the packet data gateway includes: sending, by the proximity server, the message to a policy and a meter Fee rule function entity;
  • the policy and charging rules function entity sends the message to the packet data gateway.
  • the message further carries identifier information, where the identifier information is used to indicate the packet data.
  • the gateway adds or deletes the IP address of the terminal and the IP address of the server.
  • a seventh possible implementation manner when the server allows the terminal to join a group communication by using the relay, the identifier information is used to indicate The packet data gateway adds an IP address of the terminal to an IP address of the server; and when the server allows the terminal to exit the group communication by using the relay, the identifier information is used to indicate the grouping The data gateway deletes the IP address of the terminal and the IP address of the server.
  • the message further includes:
  • the terminal identifier is used by the network to identify the identity of the terminal
  • the identifier of the relay is used by the network to identify the identity of the relay
  • the relay indication is used to indicate the relay.
  • the quality of service parameter required by the terminal is used by the terminal to request a communication resource from the network.
  • the method further includes: after the short-range server sends the message to the packet data gateway, the packet data gateway is configured according to the message Generating a data aggregation description parameter with the IP address of the terminal and the IP address of the server; the packet data gateway updates the relayed data filtering template according to the aggregation description parameter, and then sends the data filtering template to the relay The relay performs data forwarding according to the data filtering template.
  • the method further includes: before the relay sends the message to the mobility management entity, where And updating the data filtering template according to the IP address of the terminal in the message and the IP address of the server; and the relay performs data forwarding according to the data filtering template.
  • the third aspect provides a packet data gateway, including: a receiving unit, configured to receive a message, where the message includes an IP address of the terminal, and an IP address of the server; and a processing unit, configured to add an IP address of the terminal and the The IP address of the server, in the data transmission process, performing data filtering according to the IP address of the terminal and the IP address of the server, so that the terminal and the server perform data communication.
  • the processing unit is further configured to:
  • the message is sent by the proximity server to the packet data gateway by using a mobility management entity and a service gateway; or, the message is a short-range server passing And transmitting, by the mobility management entity and the service gateway, to the packet data gateway; or, the message is sent by the proximity server to the packet data gateway by using a policy and charging rule function entity; wherein, in the message
  • the IP address of the terminal and the IP address of the server are obtained by the proximity server when the server authenticates the terminal by using the proximity server and the relay, or the terminal passes The proximity server is obtained when the relay is registered to the server.
  • the processing unit is configured to add or delete the terminal according to the identifier information carried in the message received by the receiving unit.
  • the IP address is associated with the IP address of the server.
  • the message further includes:
  • the terminal identifier is used by the network to identify the identity of the terminal
  • the identifier of the relay is used by the network to identify the identity of the relay
  • the relay indication is used to indicate the relay.
  • the quality of service parameter required by the terminal is used by the terminal to request a communication resource from the network.
  • the processing unit is further configured to: when the receiving unit receives the message, according to an IP address of the terminal in the message, and the server The IP address generates a data aggregation description parameter, and the aggregation description parameter is used by the packet data gateway to update the data filtering template of the relay, and then sent to the relay for data forwarding.
  • the fourth aspect provides a communication system, including: a proximity server, configured to acquire an IP address of the terminal and an IP address of the server; and the proximity server is further configured to send a message to the packet data gateway, where the message includes The IP address of the terminal and the IP address of the server; the packet data gateway is configured to add an IP address of the terminal and an IP address of the server, and according to the IP address of the terminal during data transmission The IP address of the server performs data filtering; the terminal is configured to perform data communication with the server after the packet data gateway performs data filtering.
  • the packet data a gateway, configured to receive the message, delete an IP address of the terminal and an IP address of the server; during data transmission, perform data filtering according to an IP address of the terminal and an IP address of the server;
  • the terminal is configured to not perform data communication with the server when the packet data gateway performs data filtering.
  • the server is configured to authenticate the terminal by using the proximity server and the relay; the proximity server, And the terminal is configured to acquire the IP address of the terminal and the IP address of the server from the process of the authentication; or the terminal is configured to register with the server by using the proximity server and the relay;
  • the proximity server is further configured to obtain an IP address of the terminal and an IP address of the server from a registration process.
  • the short-range server uses Sending the message to the mobility management entity;
  • the mobility management entity is configured to send the message to the packet data gateway through a serving gateway.
  • the proximity server uses Sending the message to the relay; the relay is configured to send the message to the mobility management entity; the mobility management entity is configured to send the message to the packet via the serving gateway Data gateway.
  • the short-range server sends the message to the packet data gateway
  • the proximity server is configured to send the message to a policy and charging rule function entity, where the policy and charging rule function entity is configured to send the message to the packet data gateway.
  • the message further carries identifier information, where the identifier information is used to indicate the packet data
  • the gateway adds or deletes the IP address of the terminal and the IP address of the server.
  • the identifier information is used to indicate The packet data gateway adds an IP address of the terminal to an IP address of the server; and when the server allows the terminal to exit the group communication by using the relay, the identifier information is used to indicate the grouping
  • the data gateway deletes the IP address of the terminal and the IP address of the server.
  • the message further includes:
  • the terminal identifier is used by the network to identify the identity of the terminal
  • the identifier of the relay is used by the network to identify the identity of the relay
  • the relay indication is used to indicate the relay.
  • the quality of service parameter required by the terminal is used by the terminal to request a communication resource from the network.
  • the packet data gateway is further configured to: after the short-range server sends the message to the packet data gateway, according to the terminal in the message IP address with the IP address of the server Generating data aggregation description parameters;
  • the packet data gateway is further configured to: update the data filtering template of the relay according to the aggregation description parameter, and further send the data filtering template to the relay; and the relay is further configured to filter according to the data.
  • the template performs data forwarding.
  • the relay is further configured to: before the relay sends the message to the mobility management entity, according to The IP address of the terminal and the IP address of the server in the message are updated with a data filtering template; and the relay is further configured to perform data forwarding according to the data filtering template.
  • a packet data gateway is provided, including:
  • a receiver configured to receive a message, where the message includes an IP address of the terminal, an IP address of the server, and a processor, configured to add an IP address of the terminal and an IP address of the server, in the process of data transmission, according to the Data filtering is performed on the IP address of the terminal and the IP address of the server, so that the terminal performs data communication with the server.
  • the processor deletes an IP address of the terminal and an IP address of the server, and in the data transmission process, according to the IP address of the terminal, The IP address of the server performs data filtering so that the terminal does not perform data communication with the server.
  • the message is sent by the proximity server to the packet data gateway by using a mobility management entity and a service gateway; or, the message is a short-range server passing And transmitting, by the mobility management entity and the service gateway, to the packet data gateway; or, the message is sent by the proximity server to the packet data gateway by using a policy and charging rule function entity;
  • the IP address of the terminal in the message and the IP address of the server are obtained by the proximity server when the server authenticates the terminal by using the proximity server and the relay. Or the terminal is obtained when the terminal registers with the relay to the server by the proximity server.
  • the processor adds or deletes an IP address of the terminal and the server according to the identifier information carried in the message.
  • the IP address of the in conjunction with the first possible implementation manner of the fifth aspect or the third possible implementation manner, in a fourth possible implementation manner, when the server allows the terminal to join the group communication by using the relay, The identifier information is used to indicate that the packet data gateway adds an IP address of the terminal to an IP address of the server; when the server allows the terminal to exit the group communication by using the relay, The identification information is used to instruct the packet data gateway to delete an IP address of the terminal and an IP address of the server.
  • the message further includes: a terminal identifier of the terminal, an identifier of the relay, and a relay of the relay At least one of the indication, the quality of service parameter required by the terminal, and the data aggregation description parameter; wherein the terminal identifier is used by the network to identify the identity of the terminal; the identifier of the relay is used in the network Identifying the identity of the relay; the relay indication is used to indicate that the terminal is a relay; the quality of service parameter required by the terminal is used by the terminal to request a communication resource from the network.
  • the processor is further configured to: when the receiver receives the message, according to an IP address of the terminal in the message, The IP address of the server generates a data aggregation description parameter, The aggregation description parameter is used by the packet data gateway to update the data filtering template of the relay, and then sent to the relay for data forwarding.
  • Embodiments of the present invention provide a method, a device, and a communication system for a terminal to access a network, and receive a message by using a packet data gateway, where the message includes an IP address of the terminal and an IP address of the server, and the packet data gateway adds the IP address of the terminal to the server. IP address, packet data gateway in the data transmission process, according to the IP address of the terminal and the server's IP address for data concerns, so that the terminal and the server for data communication, can prevent communication data leakage, improve public security performance.
  • FIG. 1 is a schematic structural diagram of a communication system according to an embodiment of the present invention
  • FIG. 2 is a schematic flowchart of a method for a terminal to access a network according to an embodiment of the present invention
  • FIG. 3 is a schematic flowchart of a method for a terminal to access a network according to an embodiment of the present invention
  • FIG. 4 is a schematic flowchart of a method for a terminal to access a network according to an embodiment of the present invention
  • FIG. 5 is a schematic flowchart of a method for a terminal to access a network according to an embodiment of the present invention
  • FIG. 6 is a schematic diagram of a process interaction between physical devices according to an embodiment of the present invention
  • FIG. 7 is a schematic flowchart of a method for a terminal to access a network according to an embodiment of the present invention
  • FIG. 8 is a schematic diagram of process interaction between physical devices according to an embodiment of the present invention
  • FIG. 9 is a schematic flowchart of a method for a terminal to access a network according to an embodiment of the present disclosure
  • FIG. 10 is a schematic diagram of a process interaction between physical devices according to an embodiment of the present invention.
  • FIG. 1 is a schematic flowchart of a method for a terminal to access a network according to an embodiment of the present invention;
  • FIG. 12 is a schematic structural diagram of a packet data gateway according to an embodiment of the present invention
  • FIG. 13 is a schematic structural diagram of a proximity server according to an embodiment of the present invention
  • FIG. 15 is a schematic structural diagram of a packet data gateway according to an embodiment of the present invention
  • FIG. 16 is a schematic structural diagram of a proximity server according to an embodiment of the present invention
  • FIG. 17 is a schematic diagram of a relay structure according to an embodiment of the present invention.
  • a communication system includes a User Equipment (UE), a Relay, and an Evolved-Universal Terrestrial Radio Access Network (E-UTRAN).
  • UE User Equipment
  • E-UTRAN Evolved-Universal Terrestrial Radio Access Network
  • MME Mobile Management Entity
  • S-GW Serving GateWay
  • P-GW Packet Data Network Gateway
  • Proximity Server ProSe Server or PDCF (Proximity Discovery and Communication Control Functionality )
  • the cluster communication server ( Server ) may also include a Policy and Charging Rules Function ( PCRF ).
  • PCRF Policy and Charging Rules Function
  • the terminal can be a user equipment such as a mobile phone, and the relay can pass long-term evolution.
  • the air interface Uu port of the (Long Term Evolution, LTE) is connected to the E-UTRAN, and is connected to the terminal through the direct connection communication technology on the PC5 interface.
  • the radio access network may establish a Radio Resource Control (RRC) connection with the relay so that the relay can communicate with the RRC.
  • RRC Radio Resource Control
  • the relay may send an attach request to the MME to request a public data network (PDN) connection to the core network (Evolved Packet Core, EPC), and during the establishment of the PDN connection, the relay may request
  • PDN public data network
  • EPC evolved Packet Core
  • the MME allocates an IPv6 address prefix that is less than 64 bits in length.
  • the EPC can establish a PDN connection for the relay through the MME, the S-GW, and the P-GW, and allocate an IPv6 address prefix with less than 64 bits for the relay.
  • the terminal can use the existing discovery process to discover the relay, and then access the cluster communication server through the relay.
  • the terminal uses the existing direct communication establishment process to establish a direct connection with the relay. Communication.
  • the terminal can complete the authentication or registration process with the proximity server and the cluster communication server through the relay, and then can perform data interaction with the cluster communication server.
  • the proximity server can obtain the Internet Protocol (IP) address of the terminal and the IP address of the cluster communication server, and then sequentially through the relay, the proximity server, the MME, and the S-GW.
  • IP Internet Protocol
  • the IP address of the terminal and the server is transmitted to the P-GW, and the P-GW can add or delete the IP address of the terminal and the IP address of the cluster communication server, and then uplink and downlink of the terminal according to the IP address of the terminal and the IP address of the cluster communication server.
  • the data packet is filtered to achieve the purpose of allowing only the terminal to communicate with the cluster communication server that has been authenticated or registered.
  • the data filtering process may be: For the uplink data packet, the P-GW only forwards the data packet whose source address is the IP address of the terminal, and the destination address is the authenticated or registered server IP address to the cluster server; Packet, the P-GW only forwards the IP address of the server whose source address is authenticated or registered, and the packet whose destination address is the terminal IP address to the terminal.
  • the terminal can access multiple cluster communication servers, which may cause data leakage, prevent communication data from being leaked, and improve public security performance.
  • An embodiment of the present invention provides a method for a terminal to access a network, as shown in FIG. 2, including:
  • the packet data gateway receives the message, where the message includes an IP address of the terminal and an IP address of the server.
  • the P-GW packet data gateway is an anchor point of a user plane data link between the 3GPP (3rd Generation Partnership Project) and the non-3 GPP network, and is responsible for managing between 3GPP and non-3GPP. Data routing and other functions.
  • the message may be sent by the short-range server to the P-GW through the MME and the S-GW; or, the message is sent by the short-range server to the P-GW through the relay, the MME, and the S-GW; or The message is that the proximity server sends the P-GW through the PCRF.
  • the IP address of the terminal in the message and the IP address of the server are obtained by the proximity server when the server passes the proximity server and the relay authentication terminal, or the terminal registers with the server through the proximity server and the relay.
  • the server here is the cluster communication server in the above embodiment.
  • the packet data gateway adds the IP address of the terminal and the IP address of the server. During the data transmission process, the packet data gateway performs data filtering according to the IP address of the terminal and the IP address of the server, so that the terminal and the server perform data communication. Exemplarily, when the P-GW deletes the IP address of the terminal and the IP address of the server, the P-GW performs data filtering according to the IP address of the terminal and the IP address of the server during the data transmission process, and the P-GW no longer The server forwards the source address to the terminal IP address, and the destination address is the data packet of the server IP address, so that the terminal does not perform with the server. data communication.
  • the P-GW may add or delete the IP address of the terminal and the IP address of the server according to the identifier information carried in the message. Specifically, when the server allows the terminal to join the group communication by using the relay, the identifier information is used to indicate that the P-GW adds the IP address of the terminal and the IP address of the server, and when the server allows the terminal to exit the group communication by using the relay, the identification information It is used to instruct the P-GW to delete the IP address of the terminal and the IP address of the server.
  • An embodiment of the present invention provides a method for a terminal to access a network, where a message is received by a packet data gateway, where the message includes an IP address of the terminal and an IP address of the server, and the packet data gateway adds the IP address of the terminal and the IP address of the server, and the packet data.
  • the gateway performs data filtering according to the IP address of the terminal and the IP address of the server, so that the terminal and the server perform data communication, which can prevent communication data from being leaked and improve public security performance.
  • An embodiment of the present invention provides a method for a terminal to access a network, as shown in FIG. 3, including:
  • the short-range server obtains the IP address of the terminal and the IP address of the server.
  • the server here can be a cluster communication server.
  • the proximity server can obtain the IP address of the terminal and the cluster communication server from the terminal, through the authentication process of the relay and the proximity server and the cluster communication server, or the process of registering the terminal to the server through the proximity server and the relay. IP address.
  • the short-range server sends a message to the packet data gateway, where the message includes the IP address of the terminal and the IP address of the server, so that when the packet data gateway adds the IP address of the terminal and the IP address of the server, the data is transmitted according to the IP address of the terminal.
  • Data filtering is performed with the IP address of the server to facilitate data communication between the terminal and the server.
  • the proximity server when the proximity server sends a message to the packet data gateway, When the packet data gateway deletes the IP address of the terminal and the IP address of the server, data filtering is performed according to the IP address of the terminal and the IP address of the server during data transmission, so that the terminal does not perform data communication with the server.
  • the message is sent to the packet data gateway by the mobility management entity and the service gateway; or the message is sent by the proximity server to the packet data gateway by using the relay, the mobility management entity, and the service gateway; Or, the message is sent by the proximity server to the packet data gateway through the policy and charging rule function entity.
  • the IP address of the terminal in the message and the IP address of the server are obtained when the server passes through the proximity server and the relay authentication terminal, or is obtained when the terminal registers with the server through the proximity server and the relay.
  • the message further carries identification information, where the identifier information is used to indicate that the packet data gateway adds or deletes the IP address of the terminal and the IP address of the server.
  • the identification information is used to indicate that the packet data gateway adds the IP address of the terminal and the IP address of the server; when the server allows the terminal to exit the group communication by using the relay, the identification information is used to indicate The packet data gateway deletes the IP address of the terminal and the IP address of the server.
  • the message may further include: at least one of a terminal identifier of the terminal, an identifier of the relay, a relay indication of the relay, a quality of service parameter required by the terminal, and a data aggregation description parameter.
  • the data filtering here may be: For the uplink data packet, the P-GW only forwards the data packet whose source address is the IP address of the terminal, and the destination address is the authenticated or registered server IP address to the cluster server; for the downlink data packet, The P-GW only forwards the data packet whose source address is the authenticated or registered server and the destination address is the terminal IP address to the terminal.
  • Embodiments of the present invention provide a method for a terminal to access a network, a proximity server Obtaining the IP address of the terminal and the IP address of the server, and the short-range server sends a message to the packet data gateway through the relay, the mobility management entity, and the service gateway, where the message includes the IP address of the terminal and the IP address of the server, so that the packet data gateway adds the terminal.
  • the IP address and the IP address of the server are used, data is filtered according to the IP address of the terminal and the IP address of the server during data transmission, so that the terminal and the server perform data communication, which can prevent communication data from being leaked and improve public security performance.
  • An embodiment of the present invention provides a method for a terminal to access a network, as shown in FIG. 4, including:
  • the relay obtains the IP address of the terminal and the IP address of the server.
  • the server here can be a cluster communication server.
  • the IP address of the terminal in the message and the IP address of the server are obtained when the server passes through the proximity server and the relay authentication terminal, or is obtained when the terminal registers with the server through the proximity server and the relay. .
  • the relay sends a message to the packet data gateway, where the message includes the IP address of the terminal and the IP address of the server, so that the packet data gateway adds the IP address of the terminal and the IP address of the server, and according to the IP address of the terminal during the data transmission process.
  • the server's IP address is used for data filtering to facilitate data communication between the terminal and the server.
  • the packet data gateway deletes the IP address of the terminal and the IP address of the server, and performs data filtering according to the IP address of the terminal and the IP address of the server during the data transmission, so that The terminal does not communicate data with the server.
  • the message may be sent by the proximity server to the packet data gateway through the relay, the mobility management entity, and the serving gateway.
  • the message may also carry identification information, which is used to indicate that the packet data gateway adds or deletes the IP address of the terminal and the IP address of the server.
  • the identification information is used to indicate that the packet data gateway adds the IP address of the terminal and the IP address of the server, when the server allows the terminal to pass the relay.
  • the identification information is used to instruct the packet data gateway to delete the IP address of the terminal and the IP address of the server.
  • the foregoing message may further include at least one of a terminal identifier of the terminal, an identifier of the relay, a relay indication of the relay, a quality of service parameter required by the terminal, and a data aggregation description parameter.
  • the terminal identifier, the identity of the network identifier terminal, the identifier of the relay, the identity used for the network identifier relay, the relay indication, used to indicate the relay as the relay; the quality of service parameter required by the terminal, used by the terminal The network requests communication resources.
  • An embodiment of the present invention provides a method for a terminal to access a network, where an IP address of a terminal and an IP address of a server are obtained by using a relay, and the relay sends a message to the packet data gateway by using the mobility management entity and the service gateway, where the message includes the IP address of the terminal.
  • the address and the IP address of the server so that the packet data gateway adds the IP address of the terminal and the IP address of the server, and performs data filtering according to the IP address of the terminal and the IP address of the server during data transmission, so that the terminal and the server perform data. Communication can prevent communication data from being leaked and improve public safety performance.
  • An embodiment of the present invention provides a method for a terminal to access a network, as shown in FIG. 5, including:
  • the relay establishes an RRC connection with the radio access network, so that the relay communicates with the radio access network.
  • the relay may serve as a terminal, send a request message to the radio access network E-UTRAN, request to establish an RRC connection with the E-UTRAN, and after the RRC connection is successfully established, the relay can communicate with the E-UTRAN. .
  • the relay initiates an attach request to the mobility management entity, establishes a PDN connection, and requests the mobility management entity to allocate an IPv6 address prefix that is less than 64 bits in length.
  • the relay may be used as a terminal to initiate an attach request to the mobility management entity MME, requesting to establish a public data network PDN connection with the MME.
  • the relay requesting MME allocates at least one long Less than 64bit IPv6 address prefix.
  • the packet data gateway establishes a PDN connection for the relay, and allocates an IPv6 address prefix with a length less than 64 bits.
  • the PDN connection may be established for the relay by using the MME, the serving gateway S-GW, and the packet data gateway P-GW according to the process of the prior art, and the P-GW may be allocated to the relay at least one IPv6 address less than 64 bits. Prefix.
  • the terminal discovers the relay through the discovery process, and accesses the cluster communication server.
  • the broadcast message may be sent to multiple terminals by using a relay according to the discovery process in the prior art, so that the terminal can discover the relay according to the broadcast message, and learn that the relay can connect to multiple cluster communication servers. So that the terminal can obtain a cluster communication server that can perform data communication through relay.
  • the cluster communication server is responsible for call management of the cluster communication and management of the cluster group members, and the cluster communication server can broadcast the cluster communication information by means of Multimedia Broadcast Multicast Service (MBMS) broadcast or unicast (for example) Voice, video, etc.) to the terminal.
  • MBMS Multimedia Broadcast Multicast Service
  • the terminal establishes a process through direct communication, and establishes direct communication with the relay.
  • the process can be established according to the existing direct communication, so that the terminal establishes a connection with the relay.
  • the terminal may select an IPv6 address as the IP address of the terminal from at least one of the IPv6 address prefixes obtained by the relay in the PDN connection, and use the terminal as the IP address of the terminal to perform data communication with the relay and the packet data gateway.
  • the terminal completes the authentication process with the proximity server and the cluster communication server by using the relay, and the proximity server obtains the IP address of the terminal and the IP address of the cluster communication server from the authentication process.
  • the terminal authenticates with the cluster communication server through the relay.
  • the terminal may sequentially pass through a relay, a radio access network, an MME, and an S-GW.
  • the P-GW sends a message to the proximity server, where the message includes the terminal identifier of the terminal, the IP address of the terminal, and the Quality of Service (QOS) parameter required by the terminal, and the proximity server can send the terminal identifier to the cluster communication.
  • QOS Quality of Service
  • the cluster communication server matches the terminal identifier stored in the device according to the terminal identifier, and if the terminal identifier sent by the proximity server exists in the cluster communication server, the terminal passes the authentication with the cluster communication server, that is, the terminal Data interaction may be performed with the cluster communication server; if the terminal identifier sent by the proximity server does not exist in the cluster communication server, the terminal does not pass the authentication with the cluster communication server, that is, the terminal does not perform data with the cluster communication server. Interaction. Then, the cluster communication server sends a response message to the proximity server, where the response message carries the IP address of the cluster communication server and an indication of whether the authentication is passed or not. In the above process, the relay also sends its own relay identifier and relay indication to the proximity server. Or, it is obtained when the terminal registers with the server through the proximity server and the relay. The registration process is similar to the process of authentication, and details are not described herein again. After step 406, the method flow can be:
  • the proximity server sends an access information configuration message to the mobility management entity, where the access information configuration message includes an IP address of the terminal and an IP address of the cluster communication server.
  • the proximity server sends an access information configuration message to the mobility management entity, where the access information configuration message includes the IP address of the terminal and the cluster communication.
  • the IP address of the server may further include at least one of a terminal identifier, a relay identifier, a relay indication, a QoS parameter required by the terminal, and identification information.
  • the request communication resource; the identification information may also be referred to as an add operation indication, and the add operation indication is a proximity server according to the terminal and the set The authentication result of the group communication server is identified.
  • the mobility management entity sends a bearer resource request message to the serving gateway, where the bearer resource request message includes an IP address of the terminal and an IP address of the cluster communication server.
  • the mobility management entity MME sends a bearer resource request message to the serving gateway S-GW, where the request message includes the IP address and the cluster of the terminal in the access information configuration message.
  • the IP address of the communication server also includes the terminal identifier, the relay identifier, the relay indication, the QoS parameters required by the terminal, and the identification information.
  • the MME forwards the access information configuration message to the S-GW.
  • the serving gateway sends a bearer resource request message to the packet data gateway, and then proceeds to step 410 or step 412.
  • the serving gateway S-GW forwards the bearer resource request message received from the MME to the packet data gateway P-GW.
  • the packet data gateway adds an IP address of the terminal in the bearer resource request message and an IP address of the cluster communication server.
  • the packet data gateway P-GW may add or delete the IP address of the terminal and the IP address of the trunking communication server according to the identifier information in the bearer resource request message.
  • the identifier information may be used to indicate that the P-GW adds or deletes a mapping relationship between the terminal IP address and the IP address of the cluster communication server for the terminal.
  • the identifier information is used to indicate that the P-GW adds the mapping relationship between the IP address of the terminal and the IP address of the server.
  • the identifier information is used to instruct the P-GW to add the IP address of the terminal and the IP address of the server. Mapping relations.
  • the packet data gateway allows the terminal to join the group communication through the relay to perform data communication with the cluster communication server.
  • the P-GW performs data in a subsequent data transmission process. Filtering, according to the mapping relationship between the IP address of the terminal and the IP address of the cluster communication server, the P-GW allows the terminal to access the group communication through the relay to perform data communication with the cluster communication server.
  • the packet data gateway deletes an IP address of the terminal in the bearer resource request message and an IP address of the cluster communication server.
  • the packet data P-GW may be used to instruct the P-GW to add or delete the terminal IP address and the IP address of the cluster communication server for the terminal.
  • the mapping relationship of addresses is used to instruct the P-GW to delete the mapping relationship between the IP address of the terminal and the IP address of the server, when the cluster communication server allows the terminal to exit the group communication by using the relay.
  • the identifier information is used to instruct the P-GW to delete the IP address of the terminal and the IP address of the server. Mapping relationship.
  • the packet data gateway allows the terminal to exit the group communication by using the relay, and does not perform data communication with the cluster communication server.
  • the P-GW when the identifier information is used to indicate that the P-GW deletes the mapping relationship between the IP address of the terminal and the IP address of the server, the P-GW performs data filtering in the subsequent transmission process, according to the terminal IP address and the cluster communication server.
  • the IP address, the P-GW allows the terminal to exit the group communication through the relay, and does not perform data communication with the cluster communication server, so that the P-GW only allows the terminal to perform data communication with the cluster communication server through authentication. It can prevent communication data from being leaked and improve public safety performance.
  • the P-GW may generate data according to the IP address of the terminal and the IP address of the cluster communication server.
  • Traffic Aggregate Description (TAD) which is used by the P-GW to update the relay's Traffic Filter Template (TFT), and then send Send to relay for data forwarding.
  • TFT Traffic Filter Template
  • the process interaction diagram between the physical devices in the network architecture may be as shown in FIG. 6.
  • the above step 407a may be replaced by 407b, and the method flow of the above embodiment may be replaced with FIG. 7 in conjunction with FIG.
  • the relay obtains the IP address of the terminal and the IP address of the cluster communication server from the proximity server, and sends an access information configuration message to the mobility management entity, where the access information configuration message includes the IP address of the terminal and the cluster communication server. IP address.
  • the proximity server obtains the IP address of the terminal and the IP address of the trunking communication server from the authentication process, and the proximity server can send a message to the relay, where the message includes the IP address of the terminal.
  • the IP address of the cluster communication server, and the identification information obtained by the short-distance server according to the authentication result, and then the relay obtains the terminal identifier obtained from the terminal and the IP address of the terminal from the authentication process of the terminal and the cluster communication server,
  • the MME, the IP address of the trunking server, the QoS parameters required by the terminal, and the identifier information are included in the access information configuration message, and the access information configuration message is sent to the mobility management entity MME, so that the MME passes the S-GW.
  • the relay may update the TAD parameter according to the IP address of the terminal and the IP address of the cluster communication server, thereby carrying the updated TAD parameter to the
  • the access information configuration message of the mobility management entity is further sent to the P-GW.
  • the network The process interaction diagram between each physical device in the network architecture can be as shown in FIG. 8.
  • the above steps 407a to 409a may be replaced by 407c to 408c, and the method flow of the above embodiment may be replaced with FIG.
  • the proximity server sends an access information configuration message to the policy and charging rule function entity, where the access information configuration message includes an IP address of the terminal and an IP address of the trunking communication server.
  • the proximity server obtains the IP address of the terminal and the IP address of the cluster communication server from the authentication process, and then sends an access information configuration message to the policy and charging rule function entity PCRF.
  • the access information configuration message includes an IP address of the terminal and an IP address of the cluster communication server, and may further include a proximity server, and a terminal identifier obtained by the cluster communication server through the proximity server and the relay authentication terminal. Following identification, relay indication, QoS parameters required by the terminal, and identification information.
  • the identifier information may be used to indicate that the P-GW adds or deletes the mapping relationship between the IP address of the terminal and the IP address of the cluster communication server.
  • the policy and charging rule function entity sends a bearer resource request message to the packet data gateway, where the bearer resource request message includes an IP address of the terminal and an IP address of the trunking communication server.
  • the PCRF may carry the IP address of the terminal in the received access information configuration message during the process of sending a session establishment or session modification with the packet data gateway P-GW.
  • the IP address of the communication server, the terminal identifier, the relay identifier, the relay indication, the QoS parameters required by the terminal, and the identification information so that the P-GW performs the IP address of the terminal, the IP address of the cluster communication server, and the identification information.
  • An embodiment of the present invention provides a method for a terminal to access a network, where a plurality of IPv6 addresses are obtained through a relay access network, and a terminal establishes direct communication with a relay, and the terminal obtains an IP address from the relay as an IP address of the terminal, and further the terminal Through the relay, the authentication process with the proximity server and the cluster communication server is completed, and the proximity server obtains the IP address of the terminal and the IP address of the cluster communication server from the process of authentication, and then passes through the mobility management entity and the service gateway.
  • the message including the IP address of the terminal and the IP address of the cluster communication server is sent to the packet data gateway, or the IP address of the terminal and the IP address of the cluster communication server are obtained from the short-distance server through the relay, and then the terminal is transmitted to the packet data gateway.
  • the IP address and the IP address of the cluster communication server, or the proximity server sends a message including the IP address of the terminal and the IP address of the cluster communication server to the packet data gateway through the policy and charging rule function entity, and the packet data gateway will Data filtering, only allowing terminals and already Through the group communication server as authentication data communication, so that communication data can be prevented from leakage, improve the public security.
  • the proximity server obtains the IP address of the terminal and the IP address of the server.
  • the server obtains the IP address of the terminal and the IP address of the server from the process of authentication by using the proximity server and the relay authentication terminal.
  • the terminal registers with the server through the proximity server and the relay, and the proximity server can obtain the IP address of the terminal and the IP address of the server from the registration process.
  • the proximity server sends a message to the packet data gateway, where the message includes an IP address of the terminal and an IP address of the server.
  • the message can be sent to the mobility management via the proximity server.
  • the mobility management entity sends a message to the packet data gateway through the service gateway.
  • the proximity server sends the message to the relay, and the relay sends the message to the mobility management entity, and the mobility management entity sends the message to the packet data gateway through the service gateway.
  • the proximity server sends the message to the policy and charging rule function entity, and the policy and charging rule function entity sends the message to the packet data gateway.
  • the message may further include: at least one of a terminal identifier of the terminal, an identifier of the relay, a relay indication of the relay, a quality of service parameter required by the terminal, and a data aggregation description parameter.
  • the terminal is used for the identity of the network identification terminal;
  • the identifier of the relay is used for the identity of the network identity relay;
  • the relay indication is used to indicate the relay as the relay;
  • the quality of service parameter required by the terminal is used for the terminal to the network Request communication resources.
  • the packet data gateway adds the IP address of the terminal and the IP address of the server. During the data transmission process, the packet data gateway performs data filtering according to the IP address of the terminal and the IP address of the server.
  • the message further carries identification information, and the identifier information is used to indicate that the packet data gateway adds or deletes the IP address of the terminal and the IP address of the server.
  • the identifier information is used to indicate that the packet data gateway adds the IP address of the terminal and the IP address of the server;
  • the identification information is used to instruct the packet data gateway to delete the IP address of the terminal and the IP address of the server.
  • the terminal performs data communication with the server after performing data filtering by the packet data gateway.
  • the packet data gateway receives the message, and the identification information indicates that the packet data gateway deletes the terminal.
  • An embodiment of the present invention provides a method for a terminal to access a network, where a short-distance server acquires an IP address of a terminal and an IP address of a server, and sends a message to the packet data gateway, where the message includes an IP address of the terminal and an IP address of the server, and the packet data.
  • the gateway adds the IP address of the terminal and the IP address of the server.
  • the packet data gateway performs data filtering according to the IP address of the terminal and the IP address of the server, and the terminal performs data communication with the server after data filtering by the packet data gateway. It can prevent communication data from being leaked and improve public safety performance.
  • the embodiment of the present invention provides a packet data gateway 01. As shown in FIG. 12, the method includes: a receiving unit 01 1 configured to receive a message, where the message includes an IP address of the terminal and an IP address of the server.
  • the processing unit 012 is configured to add an IP address of the terminal and an IP address of the server.
  • data filtering is performed according to the IP address of the terminal and the IP address of the server, so that the terminal and the server perform data communication.
  • the processing unit 012 is further configured to: delete the IP address of the terminal and the IP address of the server, and perform data filtering according to the IP address of the terminal and the IP address of the server during the data transmission, so that the terminal does not perform data with the server. Communication.
  • the message is sent by the proximity server to the packet data gateway by using the mobility management entity and the service gateway; or, the message is sent by the proximity server to the packet data gateway by using the relay, the mobility management entity, and the service gateway; or , the message is sent by the proximity server through the policy and charging rule function entity To the packet data gateway; wherein, the IP address of the terminal in the message and the IP address of the server are obtained by the proximity server when the server passes the proximity server and the relay authentication terminal, or the terminal passes the proximity server and the relay Obtained when registering to the server.
  • the processing unit 012 adds or deletes the IP address of the terminal and the IP address of the server according to the identifier information carried in the message received by the receiving unit.
  • the identifier information is used to indicate that the packet data gateway adds the IP address of the terminal and the IP address of the server;
  • the identification information is used to instruct the packet data gateway to delete the IP address of the terminal and the IP address of the server.
  • the message further includes:
  • the processing unit 012 is further configured to: when the receiving unit receives the message, generate a data aggregation description parameter according to the IP address of the terminal in the message and the IP address of the server, and the aggregation description parameter is used to update the relay of the packet data gateway.
  • the data filtering template is sent to the relay for data forwarding.
  • An embodiment of the present invention provides a packet data gateway, which receives a message through a packet data gateway, where the message includes an IP address of the terminal and an IP address of the server, and the packet data gateway adds the IP address of the terminal and the IP address of the server, and the data of the packet data gateway is in the data.
  • the embodiment of the present invention provides a proximity server 02, as shown in FIG. 13, comprising: an obtaining unit 021, configured to obtain an IP address of the terminal and an IP address of the server.
  • the sending unit 022 is configured to send a message to the packet data gateway, where the message includes the IP address of the terminal and the IP address of the server, so that the packet data gateway adds the IP address of the terminal and the IP address of the server, and according to the IP address of the terminal during data transmission
  • Data filtering is performed with the IP address of the server to facilitate data communication between the terminal and the server.
  • the sending unit 022 sends the message to the packet data gateway, so that the packet data gateway deletes the IP address of the terminal and the IP address of the server, and performs data filtering according to the IP address of the terminal and the IP address of the server during the data transmission process, so that The terminal does not communicate data with the server.
  • the message is sent by the mobility management entity and the service gateway to the packet data gateway by the sending unit 022; or, the message is sent by the sending unit 022 to the packet data gateway by using the relay, the mobility management entity, and the serving gateway; Or, the message is sent by the sending unit 022 to the packet data gateway by the policy and charging rule function entity; wherein, the IP address of the terminal in the message and the IP address of the server are close-range servers in the server through the proximity server and the relay Obtained when the terminal is obtained, or obtained when the terminal registers with the server through the proximity server and the relay.
  • the message further carries the identifier information, where the identifier information is used to indicate that the packet data gateway adds or deletes the IP address of the terminal and the IP address of the server.
  • the identifier information is used to indicate that the packet data gateway adds the IP address of the terminal to the IP address of the server; when the server allows the terminal to exit the group communication by using the relay, The information is used to instruct the packet data gateway to delete the IP address of the terminal and the IP address of the server.
  • the message further includes: at least one of a terminal identifier of the terminal, an identifier of the relay, a relay indication of the relay, a quality of service parameter required by the terminal, and a data aggregation description parameter; where the terminal identifier is used for the network Identifying the identity of the terminal; the identity of the relay, the identity used for the network identity relay; the relay indication, used to indicate the quality of service parameter required by the terminal, and the terminal for requesting the communication resource from the network.
  • the packet data gateway when the sending unit 022 sends a message to the packet data gateway, the packet data gateway generates a data aggregation description parameter according to the IP address of the terminal in the message and the IP address of the server, and the aggregation description parameter is used to update the relay data by the packet data gateway. Filter the template and send it to the relay for data forwarding.
  • the embodiment of the invention provides a short-range server, which obtains the IP address of the terminal and the IP address of the server through the proximity server, and sends a message to the packet data gateway through the relay, the mobility management entity and the service gateway, where the message includes the terminal.
  • the IP address and the IP address of the server so that the packet data gateway adds the IP address of the terminal and the IP address of the server, and performs data filtering according to the IP address of the terminal and the IP address of the server during data transmission, so that the terminal and the server perform data communication. It can prevent communication data from being leaked and improve public safety performance.
  • the embodiment of the present invention provides a relay 03. As shown in FIG. 14, the method includes: an obtaining unit 03 1 configured to obtain an IP address of the terminal and an IP address of the server.
  • the sending unit 032 is configured to send a message to the packet data gateway, where the message includes the IP address of the terminal and the IP address of the server, so that the packet data gateway adds the IP address of the terminal and the IP address of the server, and according to the IP address of the terminal during data transmission Data filtering is performed with the IP address of the server to facilitate data communication between the terminal and the server.
  • the sending unit 032 sends the message to the packet data gateway, so that the packet data gateway deletes the IP address of the terminal and the IP address of the server, and performs data filtering according to the IP address of the terminal and the IP address of the server during the data transmission process, so that Yu The terminal does not communicate data with the server.
  • the message is sent by the short-range server to the packet data gateway by using the sending unit 032, the mobility management entity, and the serving gateway; wherein, the IP address of the terminal in the message and the IP address of the server are close-range servers passing through the server. Obtained when the server and the relay authentication terminal are obtained, or when the terminal registers with the server through the proximity server and the relay.
  • the message further carries the identifier information, where the identifier information is used to indicate that the packet data gateway adds or deletes the IP address of the terminal and the IP address of the server.
  • the server allows the terminal to join the group communication by using the relay, the identifier information is used to indicate that the packet data gateway adds the IP address of the terminal and the IP address of the server;
  • the identification information is used to instruct the packet data gateway to delete the IP address of the terminal and the IP address of the server.
  • the message further includes:
  • the processing unit 033 is further configured to: when the sending unit 032 sends a message to the packet data gateway, update the data filtering template according to the IP address of the terminal in the message and the IP address of the server, for The data filtering template performs data forwarding.
  • the embodiment of the invention provides a relay, which obtains the IP address of the terminal and the IP address of the server through the relay, and the relay sends a message to the packet data gateway through the mobility management entity and the service gateway, where the message includes the IP address of the terminal and the server. IP address, so When the packet data gateway adds the IP address of the terminal and the IP address of the server, data filtering is performed according to the IP address of the terminal and the IP address of the server during data transmission, so that the terminal and the server perform data communication, thereby preventing communication data from being leaked. Improve public safety performance.
  • the embodiment of the present invention provides a packet data gateway 04, as shown in FIG.
  • the memory 045 is used to store instructions
  • the receiver 044 Executing the instruction is used to receive a message, where the message includes an IP address of the terminal and an IP address of the server; the processor 042 executes the instruction to add the IP address of the terminal and the IP address of the server, and according to the IP address of the terminal during data transmission
  • Data filtering is performed with the IP address of the server to facilitate data communication between the terminal and the server.
  • the processor 042 executes the instruction for deleting the IP address of the terminal and the IP address of the server, and performing data filtering according to the IP address of the terminal and the IP address of the server during the data transmission process. So that the terminal does not communicate data with the server.
  • the message is sent by the proximity server to the packet data gateway by using the mobility management entity and the service gateway; or, the message is sent by the proximity server through the relay, the mobility management entity, and the service gateway.
  • the message is sent by the near-range server to the packet data gateway through the policy and charging rule function entity; wherein, the IP address of the terminal in the message and the IP address of the server are close-range servers passing through the server Obtained when the server and the relay authentication terminal are obtained, or when the terminal registers with the server through the proximity server and the relay.
  • the processor 042 executes the instruction to add or delete the IP address of the terminal and the IP address of the server according to the identifier information carried in the message.
  • the identifier information is used to indicate that the packet data gateway adds the IP address of the terminal and the IP address of the server; when the server allows the terminal to pass the relay When the group communication is exited, the identification information is used to instruct the packet data gateway to delete the IP address of the terminal and the IP address of the server.
  • the message further includes:
  • the processor 042 executing the instruction may also be used to:
  • the receiver When receiving the message, the receiver generates a data aggregation description parameter according to the IP address of the terminal in the message and the IP address of the server, and the aggregation description parameter is used for the data filtering template of the packet data gateway update relay, and then sent to the relay for use in the relay. Data forwarding.
  • the embodiment of the invention provides a packet data gateway, which receives a message through a packet data gateway, where the message includes an IP address of the terminal and an IP address of the server.
  • the embodiment of the present invention provides a proximity server 05, as shown in FIG.
  • the memory 055 is used to store instructions
  • the receiver 054 Executing the instruction is used to obtain the IP address of the terminal and the IP address of the server; the transmitter 053 executes the instruction for sending a message to the packet data gateway, where the message includes the IP address of the terminal and the IP address of the server.
  • the address is such that the packet data gateway adds the IP address of the terminal to the IP address of the server, and performs data filtering according to the IP address of the terminal and the IP address of the server during data transmission, so that the terminal and the server perform data communication.
  • the transmitter 053 executes the instruction for sending the message to the packet data gateway, so that the packet data gateway deletes the IP address of the terminal and the IP address of the server, according to the terminal in the data transmission process.
  • the IP address is filtered with the IP address of the server so that the terminal does not communicate with the server.
  • the message is sent by the mobility management entity and the service gateway to the packet data gateway by the transmitter 053; or, the message is the transmitter 053 through the relay, the mobility management entity, and the service gateway.
  • the message is sent by the transmitter 053 to the packet data gateway through the policy and charging rule function entity; wherein, the IP address of the terminal in the message and the IP address of the server are short-range servers passing through the server Obtained when the proximity server and the relay authentication terminal are obtained, or when the terminal registers with the server through the proximity server and the relay.
  • the message further carries the identifier information, where the identifier information is used to instruct the packet data gateway to add or delete the IP address of the terminal and the IP address of the server.
  • the identifier information is used to indicate that the packet data gateway adds the IP address of the terminal and the IP address of the server; when the server allows the terminal to pass the relay When the group communication is exited, the identification information is used to instruct the packet data gateway to delete the IP address of the terminal and the IP address of the server.
  • the message further includes:
  • the terminal identifier, the identity of the network identifier terminal, the identifier of the relay, the identity used for the network identifier relay, the relay indication, used to indicate the relay as the relay; the quality of service parameter required by the terminal, used by the terminal The network requests communication resources.
  • the packet data gateway when the transmitter 053 sends a message to the packet data gateway, the packet data gateway generates a data aggregation description parameter according to the IP address of the terminal in the message and the IP address of the server, and the aggregation description parameter is used.
  • the packet data gateway updates the data filtering template of the relay and sends it to the relay for data forwarding.
  • the embodiment of the invention provides a short-range server, which obtains the IP address of the terminal and the IP address of the server, and sends a message to the packet data gateway through the relay, the mobility management entity and the service gateway, where the message includes the IP of the terminal.
  • the IP address of the address and the server when the packet data gateway adds the IP address of the terminal and the IP address of the server, performs data filtering according to the IP address of the terminal and the IP address of the server during data transmission, so that the terminal and the server perform data communication. It can prevent communication data from being leaked and improve public safety performance.
  • the embodiment of the present invention provides a relay 06, as shown in FIG.
  • the memory 065 is used to store instructions, and the receiver 064 performs
  • the instruction is used to obtain the IP address of the terminal and the IP address of the server; the transmitter 063 executes the instruction for sending a message to the packet data gateway, where the message includes the IP address of the terminal and the IP address of the server, so that the packet data gateway adds the IP of the terminal.
  • the IP address of the address and the server is filtered according to the IP address of the terminal and the IP address of the server during data transmission, so that the terminal and the server perform data communication.
  • the transmitter 063 executes the instruction for sending the message to the packet data gateway, so that the packet data gateway deletes the IP address of the terminal and the IP address of the server, according to the terminal in the data transmission process.
  • the IP address and the IP address of the server are used for data filtering so that the terminal does not communicate with the server.
  • the message is that the proximity server executes the instruction by the transmitter 063 for sending to the branch through the mobility management entity and the service gateway.
  • the data gateway of the group wherein, the IP address of the terminal in the message and the IP address of the server are obtained by the proximity server when the server passes the proximity server and the relay authentication terminal, or the terminal is registered by the proximity server and the relay.
  • the message further carries the identifier information, where the identifier information is used to instruct the packet data gateway to add or delete the IP address of the terminal and the IP address of the server.
  • the identifier information is used to indicate that the packet data gateway adds the IP address of the terminal and the IP address of the server; when the server allows the terminal to pass the relay
  • the identification information is used to instruct the packet data gateway to delete the IP address of the terminal and the IP address of the server.
  • the message further includes:
  • the relay updates the data filtering template according to the IP address of the terminal in the message and the IP address of the server, to use The relay forwards data according to the data filtering template.
  • the embodiment of the invention provides a relay, which obtains the IP address of the terminal and the IP address of the server through the relay, and the relay sends a message to the packet data gateway through the mobility management entity and the service gateway, where the message includes the IP address of the terminal and the server.
  • the IP address is such that the packet data gateway adds the IP address of the terminal to the IP address of the server, and performs data filtering according to the IP address of the terminal and the IP address of the server during data transmission.
  • Facilitate data communication between the terminal and the server which can prevent communication data from being leaked and improve public safety performance.
  • the disclosed apparatus, methods, and systems may be implemented in other ways.
  • the device embodiments described above are only schematic.
  • the division of the unit is only a logical function division.
  • there may be another division manner for example, multiple units or components may be combined or Can be integrated into another system, or some features can be ignored, or not executed.
  • the coupling or direct coupling or communication connection shown or discussed may be an indirect coupling or communication connection through some interface, device or unit, and may be in electrical, mechanical or other form.
  • each functional unit may be integrated in one processing unit, or each unit may be physically included separately, or two or more units may be integrated in one unit.
  • the above units may be implemented in the form of hardware or in the form of hardware plus software functional units. All or part of the steps of implementing the foregoing method embodiments may be performed by hardware related to the program instructions.
  • the foregoing program may be stored in a computer readable storage medium, and when executed, the program includes the steps of the foregoing method embodiments;
  • the foregoing storage medium includes: a USB flash drive, a removable hard disk, a read only memory (ROM), a random access memory (RAM), a magnetic disk or an optical disk, and the like, which can store program codes. medium.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

Provided are a method, device and system for a terminal to access a network, which relate to the field of communications, and can prevent communication data leakage and improve public security performance. The method comprises: receiving a message via a packet data gateway, wherein the message comprises an IP address of a terminal and an IP address of a server; and when adding the IP address of the terminal and the IP address of the server, the packet data gateway performing data filtration according to the IP address of the terminal and the IP address of the server in a data transmission process so as to enable the terminal to perform data communication with the server. The embodiments of the present invention are used for a terminal to access a network.

Description

一种终端接入网络的方法、 设备和系统 技术领域 本发明涉及通信领域, 尤其涉及一种终端接入网络的方法、 设备和系统。  The present invention relates to the field of communications, and in particular, to a method, device, and system for a terminal to access a network.
背景技术 Background technique
目前, 公共安全领域一般釆用专门的集群通信系统, 来实现 相关人员之间的通信,这种专门的集群通信系统需要公共安全机构 自 己购买和建设集群通信系统, 投入成本比较大。 而且, 现在的集 群通信系统不支持高速率的宽带通信,使得相关工作人员不能实现 视频等对接入速率要求比较高的通信方式。 现有技术中, 为了满足公共安全领域对高速率通信的需求, 可以对现在运营商运营的移动通信网络,例如第四代通信网络进行 增强进行增强, 使得移动通信网络支持集群通信, 从而使集群通信 使用移动通信网络提供的高速率接入实现宽带集群通信,满足公共 安全领域的需求。 其中, 用于集群通信的终端可以通过中继接入无 线接入网, 从而接入到移动性管理实体和网关设备, 并进一步通过 网关设备接入到集群通信服务器,集群通信服务器负责集群通信的 呼叫管理和集群群组成员的管理等。 在上述过程中, 终端可以通过中继接入到集群服务器时, 同 时也可以接入到网络上的任意的一个服务器,这样可能会造成终端 与集群通信服务器之间的通信数据泄密, 公共安全性降低。  At present, the public security field generally uses a special trunking communication system to realize communication between related personnel. This specialized trunking communication system requires the public safety agency to purchase and construct a trunking communication system by itself, and the input cost is relatively large. Moreover, the current cluster communication system does not support high-speed broadband communication, so that the relevant staff cannot implement a communication method such as video that requires a relatively high access rate. In the prior art, in order to meet the demand for high-rate communication in the public security field, a mobile communication network operated by an operator, such as a fourth-generation communication network, may be enhanced to enhance the mobile communication network, thereby enabling the mobile communication network to support cluster communication, thereby enabling the cluster to Communication uses high-speed access provided by mobile communication networks to achieve broadband trunking communication to meet the needs of the public security field. The terminal used for trunking communication can access the radio access network through the relay, thereby accessing the mobility management entity and the gateway device, and further accessing the cluster communication server through the gateway device, and the cluster communication server is responsible for the cluster communication. Call management and management of cluster group members, etc. In the above process, when the terminal can access the cluster server through the relay, it can also access any server on the network, which may cause communication data leakage between the terminal and the cluster communication server, and public security. reduce.
发明内容 Summary of the invention
本发明的实施例提供一种终端接入网络的方法、 设备和系统, 能够防止通信数据泄密, 提升公共安全性能。 第一方面, 提供一种终端接入网络的方法, 包括: 分组数据网关接收消息, 所述消息包括终端的 IP地址、 服务 器的 IP地址; 所述分组数据网关添加所述终端的 IP地址与所述服务器的 IP 地址, 所述分组数据网关在数据传输过程中, 根据所述终端的 IP 地址与所述服务器的 IP 地址进行数据过滤, 以便于所述终端与所 述服务器进行数据通信。 结合第一方面, 在第一种可能实现的方式中, 所述分组数据 网关删除所述终端的 IP地址和所述服务器的 IP地址, 所述分组数 据网关在数据传输过程中, 根据所述终端的 IP 地址与所述服务器 的 IP 地址进行数据过滤, 以便于所述终端不与所述服务器进行数 据通信。 结合第一方面, 在第二种可能实现的方式中, 所述消息是近 距离服务器通过移动性管理实体和服务网关发送至所述分组数据 网关的; 或, 所述消息是近距离服务器通过中继、 移动性管理实体和 服务网关发送至所述分组数据网关的; 或, 所述消息是近距离服务器通过策略与计费规则功能实体 发送至所述分组数据网关的; 其中,所述消息中所述终端的 IP地址与所述服务器的 IP地址, 是所述近距离服务器在所述服务器通过所述近距离服务器与所述 中继鉴权所述终端时获得的,或者是所述终端通过所述近距离服务 器与所述中继注册到所述服务器时获得的。 结合第一方面的第二种可能实现的方式, 在第三种可能实现 的方式中,所述分组数据网关是根据所述消息中携带的标识信息添 加或删除所述终端的 IP地址与所述服务器的 IP地址的。 结合第一方面的第一种可能实现的方式或第三种可能实现的 方式, 在第四种可能实现的方式中, 当所述服务器允许所述终端通 过所述中继加入群组通信时,所述标识信息用于指示所述分组数据 网关添加所述终端的 IP地址与所述服务器的 IP地址; 当所述服务器允许所述终端通过所述中继退出所述群组通信 时, 所述标识信息用于指示所述分组数据网关删除所述终端的 IP 地址与所述服务器的 IP地址。 结合第一方面的第三种可能实现的方式, 在第五种可能实现 的方式中, 所述消息还包括: Embodiments of the present invention provide a method, device, and system for a terminal to access a network, which can prevent communication data from being leaked and improve public security performance. A first aspect provides a method for a terminal to access a network, including: a packet data gateway receiving a message, where the message includes an IP address of the terminal, and a service IP address of the server; the IP address of the terminal is added with the IP address of the server, and the data gateway of the packet is in accordance with the IP address of the terminal and the IP address of the server during data transmission Data filtering is performed to facilitate data communication between the terminal and the server. With reference to the first aspect, in a first possible implementation manner, the packet data gateway deletes an IP address of the terminal and an IP address of the server, where the packet data gateway is in a data transmission process, according to the terminal The IP address is filtered with the IP address of the server so that the terminal does not communicate with the server. With reference to the first aspect, in a second possible implementation manner, the message is sent by the proximity server to the packet data gateway by using a mobility management entity and a service gateway; or, the message is a short-range server passing And transmitting, by the mobility management entity and the service gateway, to the packet data gateway; or, the message is sent by the proximity server to the packet data gateway by using a policy and charging rule function entity; wherein, in the message The IP address of the terminal and the IP address of the server are obtained by the proximity server when the server authenticates the terminal by using the proximity server and the relay, or the terminal passes The proximity server is obtained when the relay is registered to the server. With the second possible implementation of the first aspect, in a third possible implementation manner, the packet data gateway adds or deletes an IP address of the terminal according to the identifier information carried in the message, and the The IP address of the server. In combination with the first possible implementation manner of the first aspect or the third possible implementation manner, in a fourth possible implementation manner, when the server allows the terminal to join the group communication by using the relay, The identification information is used to indicate the packet data The gateway adds the IP address of the terminal to the IP address of the server; when the server allows the terminal to exit the group communication by using the relay, the identifier information is used to indicate that the packet data gateway is deleted. The IP address of the terminal and the IP address of the server. With reference to the third possible implementation manner of the first aspect, in a fifth possible implementation manner, the message further includes:
所述终端的终端标识、 所述中继的标识、 所述中继的中继指 示、所述终端所需的服务质量参数以及数据聚合描述参数中的至少 一个;  At least one of a terminal identifier of the terminal, an identifier of the relay, a relay indication of the relay, a quality of service parameter required by the terminal, and a data aggregation description parameter;
其中, 所述终端标识, 用于网络标识所述终端的身份; 所述 中继的标识, 用于所述网络标识所述中继的身份; 所述中继指示, 用于指示作为中继; 所述终端所需的服务质量参数, 用于所述终端 向所述网络请求通信资源。 结合第一方面, 在第六种可能实现的方式中, 所述方法还包 括: 当所述分组数据网关在接收到所述消息时, 所述分组数据网 关根据所述消息中所述终端的 IP地址与所述服务器的 IP地址生成 数据聚合描述参数,所述聚合描述参数用于所述分组数据网关更新 所述中继的数据过滤模版, 进而发送到所述中继用于数据转发。 第二方面, 提供一种终端接入网络的方法, 包括: 近距离服务器获取终端的 IP地址和服务器的 IP地址; 所述近距离服务器向分组数据网关发送消息, 所述消息包括 所述终端的 IP地址和所述服务器的 IP地址; 所述分组数据网关添加所述终端的 IP地址与所述服务器的 IP 地址, 在数据传输过程中, 所述分组数据网关根据所述终端的 IP 地址与所述服务器的 IP地址进行数据过滤; 所述终端在所述分组数据网关进行数据过滤后与所述服务器 进行数据通信。 结合第二方面, 在第一种可能实现的方式中, 所述分组数据 网关接收到所述消息, 删除所述终端的 IP地址与所述服务器的 IP 地址; 在数据传输过程中, 所述分组数据网关根据所述终端的 IP地 址与所述服务器的 IP地址进行数据过滤; 所述终端在所述分组数据网关进行数据过滤时不与所述服务 器进行数据通信。 结合第二方面的第一种可能实现的方式, 在第二种可能实现 的方式中, 所述近距离服务器获取终端的 IP地址和服务器的 IP地 址包括: 所述服务器通过所述近距离服务器与中继鉴权所述终端; 所述近距离服务器从鉴权的过程中获取所述终端的 IP地址与 所述服务器的 IP地址; 或者, 所述近距离服务器获取终端的 IP地址和服务器的 IP地 址包括: 所述终端通过所述近距离服务器与所述中继注册到所述服务 哭口 . , 所述近距离服务器从注册的过程中获取所述终端的 IP地址与 所述服务器的 IP地址。 结合第二方面的第一种可能实现的方式, 在第三种可能实现 的方式中, 所述近距离服务器向分组数据网关发送消息包括: 所述近距离服务器将所述消息发送至移动性管理实体; 所述移动性管理实体经过服务网关, 将所述消息发送至所述 分组数据网关。 结合第二方面的第一种可能实现的方式, 在第四种可能实现 的方式中, 所述近距离服务器向分组数据网关发送消息包括: 所述近距离服务器将所述消息发送至中继; 所述中继将所述消息发送至移动性管理实体; 所述移动性管理实体经过服务网关, 将所述消息发送至所述 分组数据网关。 The terminal identifier is used by the network to identify the identity of the terminal, the identifier of the relay is used by the network to identify the identity of the relay, and the relay indication is used to indicate the relay. The quality of service parameter required by the terminal is used by the terminal to request a communication resource from the network. With reference to the first aspect, in a sixth possible implementation manner, the method further includes: when the packet data gateway receives the message, the packet data gateway is configured according to the IP address of the terminal in the message The address and the IP address of the server generate a data aggregation description parameter, and the aggregation description parameter is used by the packet data gateway to update the data filtering template of the relay, and then sent to the relay for data forwarding. A second aspect provides a method for a terminal to access a network, including: acquiring, by a proximity server, an IP address of a terminal and an IP address of a server; the proximity server sending a message to a packet data gateway, where the message includes the terminal An IP address and an IP address of the server; the packet data gateway adds an IP address of the terminal to an IP address of the server, and in a data transmission process, the packet data gateway is based on an IP address of the terminal Data filtering of the server's IP address; The terminal performs data communication with the server after the packet data gateway performs data filtering. With reference to the second aspect, in a first possible implementation manner, the packet data gateway receives the message, deleting an IP address of the terminal and an IP address of the server; in a data transmission process, the grouping The data gateway performs data filtering according to the IP address of the terminal and the IP address of the server; the terminal does not perform data communication with the server when the packet data gateway performs data filtering. With reference to the first possible implementation manner of the second aspect, in a second possible implementation manner, the acquiring, by the short-range server, the IP address of the terminal and the IP address of the server includes: the server passing the short-range server The terminal authenticates the terminal; the proximity server acquires an IP address of the terminal and an IP address of the server from an authentication process; or the proximity server acquires an IP address of the terminal and an IP of the server The address includes: the terminal registers with the relay to the service crying port by using the proximity server, and the proximity server acquires an IP address of the terminal and an IP address of the server from a registration process. . In conjunction with the first possible implementation of the second aspect, in a third possible implementation manner, the sending, by the proximity server, the message to the packet data gateway includes: sending, by the proximity server, the message to mobility management An entity; the mobility management entity sends the message to the packet data gateway via a serving gateway. With reference to the first possible implementation manner of the second aspect, in a fourth possible implementation manner, the sending, by the proximity server, the message to the packet data gateway includes: sending, by the proximity server, the message to the relay; The relay sends the message to a mobility management entity; the mobility management entity sends the message to the packet data gateway via a serving gateway.
结合第二方面的第一种可能实现的方式, 在第五种可能实现 的方式中, 所述近距离服务器向分组数据网关发送消息包括: 所述近距离服务器将所述消息发送至策略与计费规则功能实 体;  With reference to the first possible implementation manner of the second aspect, in a fifth possible implementation manner, the sending, by the proximity server, the message to the packet data gateway includes: sending, by the proximity server, the message to a policy and a meter Fee rule function entity;
所述策略与计费规则功能实体将所述消息发送至所述分组数 据网关。  The policy and charging rules function entity sends the message to the packet data gateway.
结合第二方面的第三种可能实现的方式至第五种可能实现的 方式, 在第六种可能实现的方式中, 所述消息还携带标识信息, 所 述标识信息用于指示所述分组数据网关添加或删除所述终端的 IP 地址与所述服务器的 IP地址。  With reference to the third possible implementation manner of the second aspect to the fifth possible implementation manner, in a sixth possible implementation manner, the message further carries identifier information, where the identifier information is used to indicate the packet data. The gateway adds or deletes the IP address of the terminal and the IP address of the server.
结合第二方面的第六种可能实现的方式, 在第七种可能实现 的方式中, 当所述服务器允许所述终端通过所述中继加入群组通信 时, 所述标识信息用于指示所述分组数据网关添加所述终端的 IP 地址与所述服务器的 IP地址; 当所述服务器允许所述终端通过所述中继退出所述群组通信 时, 所述标识信息用于指示所述分组数据网关删除所述终端的 IP 地址与所述服务器的 IP地址。  With reference to the sixth possible implementation manner of the second aspect, in a seventh possible implementation manner, when the server allows the terminal to join a group communication by using the relay, the identifier information is used to indicate The packet data gateway adds an IP address of the terminal to an IP address of the server; and when the server allows the terminal to exit the group communication by using the relay, the identifier information is used to indicate the grouping The data gateway deletes the IP address of the terminal and the IP address of the server.
结合第二方面的第六种可能实现的方式, 在第八种可能实现 的方式中, 所述消息还包括:  In conjunction with the sixth possible implementation of the second aspect, in an eighth possible implementation manner, the message further includes:
所述终端的终端标识、 所述中继的标识、 所述中继的中继指 其中, 所述终端标识, 用于网络标识所述终端的身份; 所述 中继的标识, 用于所述网络标识所述中继的身份; 所述中继指示, 用于指示作为中继; 所述终端所需的服务质量参数, 用于所述终端 向所述网络请求通信资源。 结合第二方面, 在第九种可能实现的方式中, 所述方法还包 括: 在所述近距离服务器向所述分组数据网关发送所述消息后, 所述分组数据网关根据所述消息中所述终端的 IP地址与所述服务 器的 IP地址生成数据聚合描述参数; 所述分组数据网关根据所述聚合描述参数更新中继的数据过 滤模版, 进而将所述数据过滤模版发送到所述中继; 所述中继根据所述数据过滤模版进行数据转发。 a terminal identifier of the terminal, an identifier of the relay, and a relay finger of the relay The terminal identifier is used by the network to identify the identity of the terminal, the identifier of the relay is used by the network to identify the identity of the relay, and the relay indication is used to indicate the relay. The quality of service parameter required by the terminal is used by the terminal to request a communication resource from the network. With reference to the second aspect, in a ninth possible implementation manner, the method further includes: after the short-range server sends the message to the packet data gateway, the packet data gateway is configured according to the message Generating a data aggregation description parameter with the IP address of the terminal and the IP address of the server; the packet data gateway updates the relayed data filtering template according to the aggregation description parameter, and then sends the data filtering template to the relay The relay performs data forwarding according to the data filtering template.
结合第二方面的第四种可能实现的方式, 在第十种可能实现 的方式中, 所述方法还包括: 在所述中继向所述移动性管理实体发送所述消息之前, 所述 中继根据所述消息中所述终端的 IP地址与所述服务器的 IP地址, 更新数据过滤模版; 所述中继根据所述数据过滤模版进行数据转发。 第三方面, 提供一种分组数据网关, 包括: 接收单元, 用于接收消息, 所述消息包括终端的 IP地址、 服 务器的 IP地址; 处理单元,用于添加所述终端的 IP地址与所述服务器的 IP地 址, 在数据传输过程中, 根据所述终端的 IP地址与所述服务器的 IP 地址进行数据过滤, 以便于所述终端与所述服务器进行数据通 信。 With reference to the fourth possible implementation manner of the second aspect, in a tenth possible implementation manner, the method further includes: before the relay sends the message to the mobility management entity, where And updating the data filtering template according to the IP address of the terminal in the message and the IP address of the server; and the relay performs data forwarding according to the data filtering template. The third aspect provides a packet data gateway, including: a receiving unit, configured to receive a message, where the message includes an IP address of the terminal, and an IP address of the server; and a processing unit, configured to add an IP address of the terminal and the The IP address of the server, in the data transmission process, performing data filtering according to the IP address of the terminal and the IP address of the server, so that the terminal and the server perform data communication. Letter.
结合第三方面, 在第一种可能实现的方式中, 所述处理单元 还用于:  In combination with the third aspect, in a first possible implementation manner, the processing unit is further configured to:
删除所述终端的 IP地址和所述服务器的 IP地址,在数据传输 过程中, 根据所述终端的 IP地址与所述服务器的 IP地址进行数据 过滤, 以便于所述终端不与所述服务器进行数据通信。  Deleting the IP address of the terminal and the IP address of the server, and performing data filtering according to the IP address of the terminal and the IP address of the server during data transmission, so that the terminal does not perform with the server. data communication.
结合第三方面, 在第二种可能实现的方式中, 所述消息是近 距离服务器通过移动性管理实体和服务网关发送至所述分组数据 网关的; 或, 所述消息是近距离服务器通过中继、 移动性管理实体和 服务网关发送至所述分组数据网关的; 或, 所述消息是近距离服务器通过策略与计费规则功能实体 发送至所述分组数据网关的; 其中,所述消息中所述终端的 IP地址与所述服务器的 IP地址, 是所述近距离服务器在所述服务器通过所述近距离服务器与所述 中继鉴权所述终端时获得的,或者是所述终端通过所述近距离服务 器与所述中继注册到所述服务器时获得的。 结合第三方面的第二种可能实现的方式, 在第三种可能实现 的方式中,所述处理单元是根据所述接收单元接收的所述消息中携 带的标识信息添加或删除所述终端的 IP地址与所述服务器的 IP地 址的。  With reference to the third aspect, in a second possible implementation manner, the message is sent by the proximity server to the packet data gateway by using a mobility management entity and a service gateway; or, the message is a short-range server passing And transmitting, by the mobility management entity and the service gateway, to the packet data gateway; or, the message is sent by the proximity server to the packet data gateway by using a policy and charging rule function entity; wherein, in the message The IP address of the terminal and the IP address of the server are obtained by the proximity server when the server authenticates the terminal by using the proximity server and the relay, or the terminal passes The proximity server is obtained when the relay is registered to the server. With reference to the second possible implementation manner of the third aspect, in a third possible implementation manner, the processing unit is configured to add or delete the terminal according to the identifier information carried in the message received by the receiving unit. The IP address is associated with the IP address of the server.
结合第三方面的第一种可能实现的方式或第三种可能实现的 方式, 在第四种可能实现的方式中, 当所述服务器允许所述终端通 过所述中继加入群组通信时,所述标识信息用于指示所述分组数据 网关添加所述终端的 IP地址与所述服务器的 IP地址; 当所述服务器允许所述终端通过所述中继退出所述群组通信 时, 所述标识信息用于指示所述分组数据网关删除所述终端的 IP 地址与所述服务器的 IP地址。 结合第三方面的第三种可能实现的方式, 在第五种可能实现 的方式中, 所述消息还包括: In conjunction with the first possible implementation manner of the third aspect or the third possible implementation manner, in a fourth possible implementation manner, when the server allows the terminal to join the group communication by using the relay, The identifier information is used to indicate that the packet data gateway adds an IP address of the terminal to an IP address of the server; when the server allows the terminal to exit the group communication by using the relay, The identification information is used to instruct the packet data gateway to delete the IP of the terminal The address and the IP address of the server. With reference to the third possible implementation manner of the third aspect, in a fifth possible implementation manner, the message further includes:
所述终端的终端标识、 所述中继的标识、 所述中继的中继指 示、所述终端所需的服务质量参数以及数据聚合描述参数中的至少 一个;  At least one of a terminal identifier of the terminal, an identifier of the relay, a relay indication of the relay, a quality of service parameter required by the terminal, and a data aggregation description parameter;
其中, 所述终端标识, 用于网络标识所述终端的身份; 所述 中继的标识, 用于所述网络标识所述中继的身份; 所述中继指示, 用于指示作为中继; 所述终端所需的服务质量参数, 用于所述终端 向所述网络请求通信资源。 结合第三方面, 在第六种可能实现的方式中, 所述处理单元 还用于: 当所述接收单元接收到所述消息时, 根据所述消息中所述终 端的 IP地址与所述服务器的 IP地址生成数据聚合描述参数, 所述 聚合描述参数用于所述分组数据网关更新所述中继的数据过滤模 版, 进而发送到所述中继用于数据转发。 第四方面, 提供一种通信系统, 包括: 近距离服务器, 用于获取终端的 IP地址和服务器的 IP地址; 所述近距离服务器, 还用于向分组数据网关发送消息, 所述 消息包括所述终端的 IP地址和所述服务器的 IP地址; 所述分组数据网关, 用于添加所述终端的 IP地址与所述服务 器的 IP地址, 在数据传输过程中, 根据所述终端的 IP地址与所述 服务器的 IP地址进行数据过滤; 所述终端, 用于在所述分组数据网关进行数据过滤后与所述 服务器进行数据通信。 结合第四方面, 在第一种可能实现的方式中, 所述分组数据 网关, 用于接收到所述消息, 删除所述终端的 IP地址与所述服务 器的 IP地址; 在数据传输过程中, 根据所述终端的 IP地址与所述服务器的 IP地址进行数据过滤; The terminal identifier is used by the network to identify the identity of the terminal, the identifier of the relay is used by the network to identify the identity of the relay, and the relay indication is used to indicate the relay. The quality of service parameter required by the terminal is used by the terminal to request a communication resource from the network. With reference to the third aspect, in a sixth possible implementation manner, the processing unit is further configured to: when the receiving unit receives the message, according to an IP address of the terminal in the message, and the server The IP address generates a data aggregation description parameter, and the aggregation description parameter is used by the packet data gateway to update the data filtering template of the relay, and then sent to the relay for data forwarding. The fourth aspect provides a communication system, including: a proximity server, configured to acquire an IP address of the terminal and an IP address of the server; and the proximity server is further configured to send a message to the packet data gateway, where the message includes The IP address of the terminal and the IP address of the server; the packet data gateway is configured to add an IP address of the terminal and an IP address of the server, and according to the IP address of the terminal during data transmission The IP address of the server performs data filtering; the terminal is configured to perform data communication with the server after the packet data gateway performs data filtering. With reference to the fourth aspect, in a first possible implementation manner, the packet data a gateway, configured to receive the message, delete an IP address of the terminal and an IP address of the server; during data transmission, perform data filtering according to an IP address of the terminal and an IP address of the server;
所述终端, 用于在所述分组数据网关进行数据过滤时不与所 述服务器进行数据通信。 结合第四方面的第一种可能实现的方式, 在第二种可能实现 的方式中, 所述服务器, 用于通过所述近距离服务器与中继鉴权所 述终端; 所述近距离服务器, 还用于从鉴权的过程中获取所述终端 的 IP地址与所述服务器的 IP地址; 或者, 所述终端, 用于通过所述近距离服务器与所述中继注 册到所述服务器; 所述近距离服务器, 还用于从注册的过程中获取 所述终端的 IP地址与所述服务器的 IP地址。 结合第四方面的第一种可能实现的方式, 在第三种可能实现 的方式中,在所述近距离服务器向所述分组数据网关发送所述消息 的过程中, 所述近距离服务器, 用于将所述消息发送至移动性管理 实体;  The terminal is configured to not perform data communication with the server when the packet data gateway performs data filtering. With reference to the first possible implementation manner of the fourth aspect, in a second possible implementation manner, the server is configured to authenticate the terminal by using the proximity server and the relay; the proximity server, And the terminal is configured to acquire the IP address of the terminal and the IP address of the server from the process of the authentication; or the terminal is configured to register with the server by using the proximity server and the relay; The proximity server is further configured to obtain an IP address of the terminal and an IP address of the server from a registration process. With reference to the first possible implementation manner of the fourth aspect, in a third possible implementation manner, in the process that the short-range server sends the message to the packet data gateway, the short-range server uses Sending the message to the mobility management entity;
所述移动性管理实体, 用于经过服务网关, 将所述消息发送 至所述分组数据网关。 结合第四方面的第一种可能实现的方式, 在第四种可能实现 的方式中,在所述近距离服务器向所述分组数据网关发送所述消息 的过程中, 所述近距离服务器, 用于将所述消息发送至中继; 所述中继, 用于将所述消息发送至移动性管理实体; 所述移动性管理实体, 用于经过服务网关, 将所述消息发送 至所述分组数据网关。 结合第四方面的第一种可能实现的方式, 在第五种可能实现 的方式中,在所述近距离服务器向所述分组数据网关发送所述消息 的过程中, 所述近距离服务器, 用于将所述消息发送至策略与计费 规则功能实体; 所述策略与计费规则功能实体, 用于将所述消息发送至所述 分组数据网关。 结合第四方面的第三种可能实现的方式至第五种可能实现的 方式, 在第六种可能实现的方式中, 所述消息还携带标识信息, 所 述标识信息用于指示所述分组数据网关添加或删除所述终端的 IP 地址与所述服务器的 IP地址。 结合第四方面的第六种可能实现的方式, 在第七种可能实现 的方式中, 当所述服务器允许所述终端通过所述中继加入群组通信 时, 所述标识信息用于指示所述分组数据网关添加所述终端的 IP 地址与所述服务器的 IP地址; 当所述服务器允许所述终端通过所述中继退出所述群组通信 时, 所述标识信息用于指示所述分组数据网关删除所述终端的 IP 地址与所述服务器的 IP地址。 结合第四方面的第六种可能实现的方式, 在第八种可能实现 的方式中, 所述消息还包括: The mobility management entity is configured to send the message to the packet data gateway through a serving gateway. With reference to the first possible implementation manner of the fourth aspect, in a fourth possible implementation manner, in the process that the short-range server sends the message to the packet data gateway, the proximity server uses Sending the message to the relay; the relay is configured to send the message to the mobility management entity; the mobility management entity is configured to send the message to the packet via the serving gateway Data gateway. In conjunction with the first possible implementation of the fourth aspect, in a fifth possible implementation, the short-range server sends the message to the packet data gateway The proximity server is configured to send the message to a policy and charging rule function entity, where the policy and charging rule function entity is configured to send the message to the packet data gateway. With reference to the third possible implementation manner of the fourth aspect to the fifth possible implementation manner, in a sixth possible implementation manner, the message further carries identifier information, where the identifier information is used to indicate the packet data The gateway adds or deletes the IP address of the terminal and the IP address of the server. With reference to the sixth possible implementation manner of the fourth aspect, in a seventh possible implementation manner, when the server allows the terminal to join a group communication by using the relay, the identifier information is used to indicate The packet data gateway adds an IP address of the terminal to an IP address of the server; and when the server allows the terminal to exit the group communication by using the relay, the identifier information is used to indicate the grouping The data gateway deletes the IP address of the terminal and the IP address of the server. With reference to the sixth possible implementation manner of the fourth aspect, in an eighth possible implementation manner, the message further includes:
所述终端的终端标识、 所述中继的标识、 所述中继的中继指 示、所述终端所需的服务质量参数以及数据聚合描述参数中的至少 一个;  At least one of a terminal identifier of the terminal, an identifier of the relay, a relay indication of the relay, a quality of service parameter required by the terminal, and a data aggregation description parameter;
其中, 所述终端标识, 用于网络标识所述终端的身份; 所述 中继的标识, 用于所述网络标识所述中继的身份; 所述中继指示, 用于指示作为中继; 所述终端所需的服务质量参数, 用于所述终端 向所述网络请求通信资源。 结合第四方面, 在第九种可能实现的方式中, 所述分组数据 网关,还用于在所述近距离服务器向所述分组数据网关发送所述消 息后, 根据所述消息中所述终端的 IP地址与所述服务器的 IP地址 生成数据聚合描述参数; The terminal identifier is used by the network to identify the identity of the terminal, the identifier of the relay is used by the network to identify the identity of the relay, and the relay indication is used to indicate the relay. The quality of service parameter required by the terminal is used by the terminal to request a communication resource from the network. With reference to the fourth aspect, in a ninth possible implementation manner, the packet data gateway is further configured to: after the short-range server sends the message to the packet data gateway, according to the terminal in the message IP address with the IP address of the server Generating data aggregation description parameters;
所述分组数据网关, 还用于根据所述聚合描述参数更新中继 的数据过滤模版, 进而将所述数据过滤模版发送到所述中继; 所述中继, 还用于根据所述数据过滤模版进行数据转发。 结合第四方面的第四种可能实现的方式, 在第十种可能实现 的方式中, 所述中继, 还用于在所述中继向所述移动性管理实体发 送所述消息之前, 根据所述消息中所述终端的 IP地址与所述服务 器的 IP地址, 更新数据过滤模版; 所述中继, 还用于根据所述数据过滤模版进行数据转发。 第五方面, 提供一种分组数据网关, 包括:  And the packet data gateway is further configured to: update the data filtering template of the relay according to the aggregation description parameter, and further send the data filtering template to the relay; and the relay is further configured to filter according to the data. The template performs data forwarding. With reference to the fourth possible implementation manner of the fourth aspect, in a tenth possible implementation manner, the relay is further configured to: before the relay sends the message to the mobility management entity, according to The IP address of the terminal and the IP address of the server in the message are updated with a data filtering template; and the relay is further configured to perform data forwarding according to the data filtering template. In a fifth aspect, a packet data gateway is provided, including:
接收器, 用于接收消息, 所述消息包括终端的 IP地址、 服务 器的 IP地址; 处理器,用于添加所述终端的 IP地址与所述服务器的 IP地址, 在数据传输过程中, 根据所述终端的 IP地址与所述服务器的 IP地 址进行数据过滤, 以便于所述终端与所述服务器进行数据通信。 结合第五方面, 在第一种可能实现的方式中, 所述处理器删 除所述终端的 IP地址和所述服务器的 IP地址,在数据传输过程中 , 根据所述终端的 IP地址与所述服务器的 IP地址进行数据过滤, 以 便于所述终端不与所述服务器进行数据通信。 结合第五方面, 在第二种可能实现的方式中, 所述消息是近 距离服务器通过移动性管理实体和服务网关发送至所述分组数据 网关的; 或, 所述消息是近距离服务器通过中继、 移动性管理实体和 服务网关发送至所述分组数据网关的; 或, 所述消息是近距离服务器通过策略与计费规则功能实体 发送至所述分组数据网关的; 其中,所述消息中所述终端的 IP地址与所述服务器的 IP地址, 是所述近距离服务器在所述服务器通过所述近距离服务器与所述 中继鉴权所述终端时获得的,或者是所述终端通过所述近距离服务 器与所述中继注册到所述服务器时获得的。 结合第五方面的第二种可能实现的方式, 在第三种可能实现 的方式中,所述处理器是根据所述消息中携带的标识信息添加或删 除所述终端的 IP地址与所述服务器的 IP地址的。 结合第五方面的第一种可能实现的方式或第三种可能实现的 方式, 在第四种可能实现的方式中, 当所述服务器允许所述终端通 过所述中继加入群组通信时,所述标识信息用于指示所述分组数据 网关添加所述终端的 IP地址与所述服务器的 IP地址; 当所述服务器允许所述终端通过所述中继退出所述群组通信 时, 所述标识信息用于指示所述分组数据网关删除所述终端的 IP 地址与所述服务器的 IP地址。 结合第五方面的第二种可能实现的方式, 在第五种可能实现 的方式中, 所述消息还包括: 所述终端的终端标识、 所述中继的标识、 所述中继的中继指 示、所述终端所需的服务质量参数以及数据聚合描述参数中的至少 一个; 其中, 所述终端标识, 用于网络标识所述终端的身份; 所述 中继的标识, 用于所述网络标识所述中继的身份; 所述中继指示, 用于指示作为中继; 所述终端所需的服务质量参数, 用于所述终端 向所述网络请求通信资源。 结合第五方面, 在第六种可能实现的方式中, 所述处理器还 用于: 当所述接收器在接收到所述消息时, 根据所述消息中所述终 端的 IP地址与所述服务器的 IP地址生成数据聚合描述参数, 所述 聚合描述参数用于所述分组数据网关更新所述中继的数据过滤模 版, 进而发送到所述中继用于数据转发。 本发明实施例提供一种终端接入网络的方法、 设备和通信系 统, 通过分组数据网关接收消息, 该消息包括终端的 IP 地址与服 务器的 IP 地址, 分组数据网关添加终端的 IP 地址与服务器的 IP 地址, 分组数据网关在数据传输过程中, 根据终端的 IP 地址与服 务器的 IP地址进行数据顾虑, 以便于终端与服务器进行数据通信, 能够防止通信数据泄密, 提升公共安全性能。 a receiver, configured to receive a message, where the message includes an IP address of the terminal, an IP address of the server, and a processor, configured to add an IP address of the terminal and an IP address of the server, in the process of data transmission, according to the Data filtering is performed on the IP address of the terminal and the IP address of the server, so that the terminal performs data communication with the server. With reference to the fifth aspect, in a first possible implementation manner, the processor deletes an IP address of the terminal and an IP address of the server, and in the data transmission process, according to the IP address of the terminal, The IP address of the server performs data filtering so that the terminal does not perform data communication with the server. With reference to the fifth aspect, in a second possible implementation manner, the message is sent by the proximity server to the packet data gateway by using a mobility management entity and a service gateway; or, the message is a short-range server passing And transmitting, by the mobility management entity and the service gateway, to the packet data gateway; or, the message is sent by the proximity server to the packet data gateway by using a policy and charging rule function entity; The IP address of the terminal in the message and the IP address of the server are obtained by the proximity server when the server authenticates the terminal by using the proximity server and the relay. Or the terminal is obtained when the terminal registers with the relay to the server by the proximity server. With reference to the second possible implementation manner of the fifth aspect, in a third possible implementation, the processor adds or deletes an IP address of the terminal and the server according to the identifier information carried in the message. The IP address of the. In conjunction with the first possible implementation manner of the fifth aspect or the third possible implementation manner, in a fourth possible implementation manner, when the server allows the terminal to join the group communication by using the relay, The identifier information is used to indicate that the packet data gateway adds an IP address of the terminal to an IP address of the server; when the server allows the terminal to exit the group communication by using the relay, The identification information is used to instruct the packet data gateway to delete an IP address of the terminal and an IP address of the server. With reference to the second possible implementation manner of the fifth aspect, in a fifth possible implementation manner, the message further includes: a terminal identifier of the terminal, an identifier of the relay, and a relay of the relay At least one of the indication, the quality of service parameter required by the terminal, and the data aggregation description parameter; wherein the terminal identifier is used by the network to identify the identity of the terminal; the identifier of the relay is used in the network Identifying the identity of the relay; the relay indication is used to indicate that the terminal is a relay; the quality of service parameter required by the terminal is used by the terminal to request a communication resource from the network. With reference to the fifth aspect, in a sixth possible implementation manner, the processor is further configured to: when the receiver receives the message, according to an IP address of the terminal in the message, The IP address of the server generates a data aggregation description parameter, The aggregation description parameter is used by the packet data gateway to update the data filtering template of the relay, and then sent to the relay for data forwarding. Embodiments of the present invention provide a method, a device, and a communication system for a terminal to access a network, and receive a message by using a packet data gateway, where the message includes an IP address of the terminal and an IP address of the server, and the packet data gateway adds the IP address of the terminal to the server. IP address, packet data gateway in the data transmission process, according to the IP address of the terminal and the server's IP address for data concerns, so that the terminal and the server for data communication, can prevent communication data leakage, improve public security performance.
附图说明 DRAWINGS
为了更清楚地说明本发明实施例或现有技术中的技术方案, 下 面将对实施例或现有技术描述中所需要使用的附图作简单地介绍, 显而易见地, 下面描述中的附图仅仅是本发明的一些实施例, 对于 本领域普通技术人员来讲, 在不付出创造性劳动的前提下, 还可以 根据这些附图获得其他的附图。 图 1为本发明实施例提供的一种通信系统结构示意图; 图 2 为本发明实施例提供的一种终端接入网络的方法流程示 意图;  In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the embodiments or the description of the prior art will be briefly described below. Obviously, the drawings in the following description are only It is a certain embodiment of the present invention, and other drawings can be obtained from those skilled in the art without any creative work. 1 is a schematic structural diagram of a communication system according to an embodiment of the present invention; FIG. 2 is a schematic flowchart of a method for a terminal to access a network according to an embodiment of the present invention;
图 3 为本发明实施例提供的一种终端接入网络的方法流程示 意图;  FIG. 3 is a schematic flowchart of a method for a terminal to access a network according to an embodiment of the present invention;
图 4 为本发明实施例提供的一种终端接入网络的方法流程示 意图;  FIG. 4 is a schematic flowchart of a method for a terminal to access a network according to an embodiment of the present invention;
图 5 为本发明实施例提供的一种终端接入网络的方法流程示 意图;  FIG. 5 is a schematic flowchart of a method for a terminal to access a network according to an embodiment of the present invention;
图 6为本发明实施例提供的一种实体设备之间流程交互图; 图 7 为本发明实施例提供的一种终端接入网络的方法流程示 意图;  FIG. 6 is a schematic diagram of a process interaction between physical devices according to an embodiment of the present invention; FIG. 7 is a schematic flowchart of a method for a terminal to access a network according to an embodiment of the present invention;
图 8为本发明实施例提供的一种实体设备之间流程交互图; 图 9 为本发明实施例提供的一种终端接入网络的方法流程示 意图; FIG. 8 is a schematic diagram of process interaction between physical devices according to an embodiment of the present invention; FIG. 9 is a schematic flowchart of a method for a terminal to access a network according to an embodiment of the present disclosure;
图 10为本发明实施例提供的一种实体设备之间流程交互图; 图 1 1为本发明实施例提供的一种终端接入网络的方法流程示 意图;  FIG. 10 is a schematic diagram of a process interaction between physical devices according to an embodiment of the present invention; FIG. 1 is a schematic flowchart of a method for a terminal to access a network according to an embodiment of the present invention;
图 12为本发明实施例提供的一种分组数据网关结构示意图; 图 13为本发明实施例提供的一种近距离服务器结构示意图; 图 14为本发明实施例提供的一种中继结构示意图; 图 15为本发明实施例提供的一种分组数据网关结构示意图; 图 16为本发明实施例提供的一种近距离服务器结构示意图; 图 17为本发明实施例提供的一种中继结构示意图。  FIG. 12 is a schematic structural diagram of a packet data gateway according to an embodiment of the present invention; FIG. 13 is a schematic structural diagram of a proximity server according to an embodiment of the present invention; FIG. FIG. 15 is a schematic structural diagram of a packet data gateway according to an embodiment of the present invention; FIG. 16 is a schematic structural diagram of a proximity server according to an embodiment of the present invention; FIG. 17 is a schematic diagram of a relay structure according to an embodiment of the present invention.
具体实施方式 detailed description
下面将结合本发明实施例中的附图, 对本发明实施例中的技术 方案进行清楚、 完整地描述, 显然, 所描述的实施例仅仅是本发明 一部分实施例, 而不是全部的实施例。 基于本发明中的实施例, 本 领域普通技术人员在没有作出创造性劳动前提下所获得的所有其他 实施例, 都属于本发明保护的范围。  The technical solutions in the embodiments of the present invention are clearly and completely described in the following with reference to the accompanying drawings in the embodiments of the present invention. It is obvious that the described embodiments are only a part of the embodiments of the present invention, but not all embodiments. All other embodiments obtained by a person of ordinary skill in the art based on the embodiments of the present invention without creative efforts are within the scope of the present invention.
如图 1 所示, 为本发明实施例提供的一种通信系统, 包括终 端 ( User Equipment , UE )、 中继 ( Relay )、 无线接入网 ( Evolved -Universal Terrestrial Radio Access Network , E-UTRAN ) , 移动性 管理实体( Mobile Managenment Entity , MME ) , 服务网关( Serving GateWay , S-GW )、 分组数据网关 ( Packet Data network Gateway , P-GW ) , 近距离服务器 ( ProSe Server 或者 PDCF ( Proximity Discovery and Communication control Functionality ) ) 以及集群通 信服务器 ( Server ) , 还可以包括策略与计费规则功能实体 ( Policy And Charging Rules Function , PCRF )。 其中, 终端可以为手机等用户设备, 中继可以通过长期演进 ( Long Term Evolution , LTE )的空中接口 Uu口与 E-UTRAN连接, 在 PC5 接口上通过直连通信技术与终端连接。 无线接入网可以与 中继建立无线资源控制(Radio Resource Control , RRC)连接, 使得 中继可以与 RRC进行通信。 在本发明实施例中, 中继可以向 MME 发送附着请求向核心网 ( Evolved Packet Core , EPC ) 请求公共数 据网络 ( Public Data Network , PDN ) 连接, 且在建立 PDN连接过 程中, 中继可以请求 MME分配一个长度少于 64bit的 IPv6地址前 缀。 而后,按照现有的通信流程 , EPC通过 MME、 S-GW 以及 P-GW 可以为中继建立 PDN连接, 并且分配给中继少于 64bit的 IPv6地 址前缀。 在中继接入网络后, 终端可以使用现有的发现流程, 发现中 继, 进而通过中继接入到集群通信服务器, 终端再使用现有的直连 通信建立流程, 与中继建立直连通信。 在终端与中继建立直连通信 后, 终端便可以通过中继, 完成与近距离服务器和集群通信服务器 的鉴权或注册过程, 进而可以与集群通信服务器进行数据交互。 As shown in FIG. 1 , a communication system provided by an embodiment of the present invention includes a User Equipment (UE), a Relay, and an Evolved-Universal Terrestrial Radio Access Network (E-UTRAN). , Mobile Management Entity (MME), Serving GateWay (S-GW), Packet Data Network Gateway (P-GW), Proximity Server (ProSe Server or PDCF (Proximity Discovery and Communication Control Functionality ) ) and the cluster communication server ( Server ) may also include a Policy and Charging Rules Function ( PCRF ). The terminal can be a user equipment such as a mobile phone, and the relay can pass long-term evolution. The air interface Uu port of the (Long Term Evolution, LTE) is connected to the E-UTRAN, and is connected to the terminal through the direct connection communication technology on the PC5 interface. The radio access network may establish a Radio Resource Control (RRC) connection with the relay so that the relay can communicate with the RRC. In the embodiment of the present invention, the relay may send an attach request to the MME to request a public data network (PDN) connection to the core network (Evolved Packet Core, EPC), and during the establishment of the PDN connection, the relay may request The MME allocates an IPv6 address prefix that is less than 64 bits in length. Then, according to the existing communication procedure, the EPC can establish a PDN connection for the relay through the MME, the S-GW, and the P-GW, and allocate an IPv6 address prefix with less than 64 bits for the relay. After the relay accesses the network, the terminal can use the existing discovery process to discover the relay, and then access the cluster communication server through the relay. The terminal then uses the existing direct communication establishment process to establish a direct connection with the relay. Communication. After the terminal establishes direct communication with the relay, the terminal can complete the authentication or registration process with the proximity server and the cluster communication server through the relay, and then can perform data interaction with the cluster communication server.
在鉴权或注册的过程中, 近距离服务器可以得到终端的互联 网协议 ( Internet Protocol , IP ) 地址 , 和集群通信服务器的 IP地 址, 进而顺序通过中继、 近距离服务器、 MME 以及 S-GW将终端 和服务器的 IP地址传送给 P-GW , P-GW便可以添加或者删除终端 的 IP地址和集群通信服务器的 IP地址, 进而根据终端的 IP地址 和集群通信服务器的 IP 地址对终端的上下行数据包进行数据过 滤,达到只允许终端与已经经过鉴权或注册的集群通信服务器进行 通信的目的。 其中, 数据过滤的过程可以为: 对于上行数据包, P-GW只转 发源地址是终端的 IP地址、 目 的地址是已鉴权或注册的服务器 IP 地址的数据包到集群服务器中; 对于下行数据包, P-GW只转发源 地址是已鉴权或注册的服务器的 IP地址、 目 的地址是终端 IP地址 的数据包到终端上。 这样, 针对现有技术中终端可以接入到多个集群通信服务器 可能会导致数据泄露的问题, 防止通信数据泄密, 提升公共安全性 能。 本发明实施例提供一种终端接入网络的方法, 如图 2 所示, 包括: In the process of authentication or registration, the proximity server can obtain the Internet Protocol (IP) address of the terminal and the IP address of the cluster communication server, and then sequentially through the relay, the proximity server, the MME, and the S-GW. The IP address of the terminal and the server is transmitted to the P-GW, and the P-GW can add or delete the IP address of the terminal and the IP address of the cluster communication server, and then uplink and downlink of the terminal according to the IP address of the terminal and the IP address of the cluster communication server. The data packet is filtered to achieve the purpose of allowing only the terminal to communicate with the cluster communication server that has been authenticated or registered. The data filtering process may be: For the uplink data packet, the P-GW only forwards the data packet whose source address is the IP address of the terminal, and the destination address is the authenticated or registered server IP address to the cluster server; Packet, the P-GW only forwards the IP address of the server whose source address is authenticated or registered, and the packet whose destination address is the terminal IP address to the terminal. In this way, in the prior art, the terminal can access multiple cluster communication servers, which may cause data leakage, prevent communication data from being leaked, and improve public security performance. An embodiment of the present invention provides a method for a terminal to access a network, as shown in FIG. 2, including:
101、 分组数据网关接收消息, 消息包括终端的 IP地址、 服务 器的 IP地址。 其中, P-GW分组数据网关是 3GPP( 3rd Generation Partnership Proj ect , 第三代合作伙伴计划 ) 与 non-3 GPP 网络间的用户面数据 链路的锚点, 负责管理 3 GPP和 non-3GPP间的数据路由等功能。 示例性的, 该消息可以是近距离服务器通过 MME和 S-GW发 送至 P-GW的; 或, 该消息是近距离服务器通过中继、 MME和 S-GW发送至 P-GW的; 或, 该消息是近距离服务器通过 PCRF发送 P-GW的。 其中, 消息中终端的 IP地址与服务器的 IP地址, 是近距离服 务器在服务器通过近距离服务器与中继鉴权终端,或者终端通过近 距离服务器与中继注册到服务器时获得的。 需要说明的是, 这里的服务器即为上述实施例中的集群通信 服务器。 101. The packet data gateway receives the message, where the message includes an IP address of the terminal and an IP address of the server. The P-GW packet data gateway is an anchor point of a user plane data link between the 3GPP (3rd Generation Partnership Project) and the non-3 GPP network, and is responsible for managing between 3GPP and non-3GPP. Data routing and other functions. Exemplarily, the message may be sent by the short-range server to the P-GW through the MME and the S-GW; or, the message is sent by the short-range server to the P-GW through the relay, the MME, and the S-GW; or The message is that the proximity server sends the P-GW through the PCRF. The IP address of the terminal in the message and the IP address of the server are obtained by the proximity server when the server passes the proximity server and the relay authentication terminal, or the terminal registers with the server through the proximity server and the relay. It should be noted that the server here is the cluster communication server in the above embodiment.
102、 分组数据网关添加终端的 IP地址与服务器的 IP地址, 分组数据网关在数据传输过程中, 根据终端的 IP地址与服务器的 IP地址进行数据过滤, 以便于终端与服务器进行数据通信。 示例性的,当 P-GW删除终端的 IP地址和服务器的 IP地址时 , P-GW在数据传输过程中, 根据终端的 IP地址与服务器的 IP地址 进行数据过滤,, P-GW不再向服务器转发源地址为终端 IP地址, 目 的地址为服务器 IP 地址的数据包, 以便于终端不与服务器进行 数据通信。 102. The packet data gateway adds the IP address of the terminal and the IP address of the server. During the data transmission process, the packet data gateway performs data filtering according to the IP address of the terminal and the IP address of the server, so that the terminal and the server perform data communication. Exemplarily, when the P-GW deletes the IP address of the terminal and the IP address of the server, the P-GW performs data filtering according to the IP address of the terminal and the IP address of the server during the data transmission process, and the P-GW no longer The server forwards the source address to the terminal IP address, and the destination address is the data packet of the server IP address, so that the terminal does not perform with the server. data communication.
其中, P-GW可以根据消息中携带的标识信息添加或删除终端 的 IP地址与服务器的 IP地址的。 具体的, 当服务器允许终端通过中继加入群组通信时, 标识 信息用于指示 P-GW添加终端的 IP地址与服务器的 IP地址, 当服 务器允许终端通过中继退出群组通信时, 标识信息用于指示 P-GW 删除终端的 IP地址与服务器的 IP地址。 本发明实施例提供一种终端接入网络的方法, 通过分组数据 网关接收消息, 该消息包括终端的 IP地址与服务器的 IP地址, 分 组数据网关添加终端的 IP地址与服务器的 IP地址, 分组数据网关 在数据传输过程中, 根据终端的 IP地址与服务器的 IP地址进行数 据过滤, 以便于终端与服务器进行数据通信, 能够防止通信数据泄 密, 提升公共安全性能。 本发明实施例提供一种终端接入网络的方法, 如图 3 所示, 包括:  The P-GW may add or delete the IP address of the terminal and the IP address of the server according to the identifier information carried in the message. Specifically, when the server allows the terminal to join the group communication by using the relay, the identifier information is used to indicate that the P-GW adds the IP address of the terminal and the IP address of the server, and when the server allows the terminal to exit the group communication by using the relay, the identification information It is used to instruct the P-GW to delete the IP address of the terminal and the IP address of the server. An embodiment of the present invention provides a method for a terminal to access a network, where a message is received by a packet data gateway, where the message includes an IP address of the terminal and an IP address of the server, and the packet data gateway adds the IP address of the terminal and the IP address of the server, and the packet data. During the data transmission process, the gateway performs data filtering according to the IP address of the terminal and the IP address of the server, so that the terminal and the server perform data communication, which can prevent communication data from being leaked and improve public security performance. An embodiment of the present invention provides a method for a terminal to access a network, as shown in FIG. 3, including:
201、 近距离服务器获得终端的 IP地址与服务器的 IP地址。 其中, 这里的服务器可以为集群通信服务器。 近距离服务器可以从终端, 通过中继与近距离服务器和集群 通信服务器的鉴权过程,或者是终端通过近距离服务器与中继注册 到服务器的过程中, 获得终端的 IP地址与集群通信服务器的 IP地 址。  201. The short-range server obtains the IP address of the terminal and the IP address of the server. Wherein, the server here can be a cluster communication server. The proximity server can obtain the IP address of the terminal and the cluster communication server from the terminal, through the authentication process of the relay and the proximity server and the cluster communication server, or the process of registering the terminal to the server through the proximity server and the relay. IP address.
202、 近距离服务器向分组数据网关发送消息, 消息包括终端 的 IP 地址与服务器的 IP 地址, 使得分组数据网关添加终端的 IP 地址与服务器的 IP地址时, 在数据传输过程中根据终端的 IP地址 与服务器的 IP地址进行数据过滤, 以便于终端与服务器进行数据 通信。  202. The short-range server sends a message to the packet data gateway, where the message includes the IP address of the terminal and the IP address of the server, so that when the packet data gateway adds the IP address of the terminal and the IP address of the server, the data is transmitted according to the IP address of the terminal. Data filtering is performed with the IP address of the server to facilitate data communication between the terminal and the server.
示例性的, 当近距离服务器将消息发送至分组数据网关, 使 得分组数据网关删除终端的 IP地址与服务器的 IP地址时, 在数据 传输过程中根据终端的 IP地址与服务器的 IP地址进行数据过滤, 以便于终端不与服务器进行数据通信。 其中, 该消息是近距离服务器, 通过移动性管理实体和服务 网关发送至分组数据网关的; 或, 该消息是近距离服务器通过中继、 移动性管理实体和服 务网关发送至分组数据网关的; 或, 消息是近距离服务器通过策略与计费规则功能实体发送 至分组数据网关的。 其中, 消息中终端的 IP地址与服务器的 IP地址, 是近距离服 务器在服务器通过近距离服务器与中继鉴权终端时获得的,或者是 终端通过近距离服务器与中继注册到服务器时获得的。 此外, 该消息还携带标识信息, 标识信息用于指示分组数据 网关添加或删除终端的 IP地址与服务器的 IP地址。 当服务器允许 终端通过中继加入群组通信时,标识信息用于指示分组数据网关添 加终端的 IP地址与服务器的 IP地址; 当服务器允许终端通过中继 退出群组通信时, 标识信息用于指示分组数据网关删除终端的 IP 地址与服务器的 IP地址。 该消息还可以包括: 终端的终端标识、 中继的标识、 中继的 中继指示、终端所需的服务质量参数以及数据聚合描述参数中的至 少一个。 Exemplarily, when the proximity server sends a message to the packet data gateway, When the packet data gateway deletes the IP address of the terminal and the IP address of the server, data filtering is performed according to the IP address of the terminal and the IP address of the server during data transmission, so that the terminal does not perform data communication with the server. The message is sent to the packet data gateway by the mobility management entity and the service gateway; or the message is sent by the proximity server to the packet data gateway by using the relay, the mobility management entity, and the service gateway; Or, the message is sent by the proximity server to the packet data gateway through the policy and charging rule function entity. The IP address of the terminal in the message and the IP address of the server are obtained when the server passes through the proximity server and the relay authentication terminal, or is obtained when the terminal registers with the server through the proximity server and the relay. . In addition, the message further carries identification information, where the identifier information is used to indicate that the packet data gateway adds or deletes the IP address of the terminal and the IP address of the server. When the server allows the terminal to join the group communication through the relay, the identification information is used to indicate that the packet data gateway adds the IP address of the terminal and the IP address of the server; when the server allows the terminal to exit the group communication by using the relay, the identification information is used to indicate The packet data gateway deletes the IP address of the terminal and the IP address of the server. The message may further include: at least one of a terminal identifier of the terminal, an identifier of the relay, a relay indication of the relay, a quality of service parameter required by the terminal, and a data aggregation description parameter.
这里的数据过滤可以为: 对于上行数据包, P-GW只转发源地 址是终端的 IP地址、 目的地址是已鉴权或注册的服务器 IP地址的 数据包到集群服务器中; 对于下行数据包, P-GW只转发源地址是 已鉴权或注册的服务器的 IP地址、 目的地址是终端 IP地址的数据 包到终端上。 本发明实施例提供一种终端接入网络的方法, 近距离服务器 获得终端的 IP地址与服务器的 IP地址, 近距离服务器通过中继、 移动性管理实体以及服务网关向分组数据网关发送消息,消息包括 终端的 IP地址与服务器的 IP地址, 使得分组数据网关添加终端的 IP地址与服务器的 IP地址时,在数据传输过程中根据终端的 IP地 址与服务器的 IP 地址进行数据过滤, 以便于终端与服务器进行数 据通信, 能够防止通信数据泄密, 提升公共安全性能。 本发明实施例提供一种终端接入网络的方法, 如图 4 所示, 包括: The data filtering here may be: For the uplink data packet, the P-GW only forwards the data packet whose source address is the IP address of the terminal, and the destination address is the authenticated or registered server IP address to the cluster server; for the downlink data packet, The P-GW only forwards the data packet whose source address is the authenticated or registered server and the destination address is the terminal IP address to the terminal. Embodiments of the present invention provide a method for a terminal to access a network, a proximity server Obtaining the IP address of the terminal and the IP address of the server, and the short-range server sends a message to the packet data gateway through the relay, the mobility management entity, and the service gateway, where the message includes the IP address of the terminal and the IP address of the server, so that the packet data gateway adds the terminal. When the IP address and the IP address of the server are used, data is filtered according to the IP address of the terminal and the IP address of the server during data transmission, so that the terminal and the server perform data communication, which can prevent communication data from being leaked and improve public security performance. An embodiment of the present invention provides a method for a terminal to access a network, as shown in FIG. 4, including:
301、 中继获得终端的 IP地址与服务器的 IP地址。 示例性的, 这里的服务器可以为集群通信服务器。 其中, 消息中终端的 IP地址与服务器的 IP地址, 是近距离服 务器在服务器通过近距离服务器与中继鉴权终端时获得的,或者是 终端通过近距离服务器与中继注册到服务器时获得的。  301. The relay obtains the IP address of the terminal and the IP address of the server. Exemplarily, the server here can be a cluster communication server. The IP address of the terminal in the message and the IP address of the server are obtained when the server passes through the proximity server and the relay authentication terminal, or is obtained when the terminal registers with the server through the proximity server and the relay. .
302、 中继向分组数据网关发送消息, 消息包括终端的 IP地址 与服务器的 IP地址, 使得分组数据网关添加终端的 IP地址与服务 器的 IP地址, 并在数据传输过程中根据终端的 IP地址与服务器的 IP地址进行数据过滤, 以便于终端与服务器进行数据通信。 示例性的, 当中继将消息发送至分组数据网关, 使得分组数 据网关删除终端的 IP地址与服务器的 IP地址, 并在数据传输过程 中根据终端的 IP地址和服务器的 IP地址进行数据过滤, 以便于终 端不与服务器进行数据通信。 其中, 该消息可以是近距离服务器通过中继、 移动性管理实 体和服务网关发送至分组数据网关的。 该消息还可以携带标识信息, 该标识信息用于指示分组数据 网关添加或删除终端的 IP地址与服务器的 IP地址。 当服务器允许 终端通过中继加入群组通信时,标识信息用于指示分组数据网关添 加终端的 IP地址与服务器的 IP地址, 当服务器允许终端通过中继 退出群组通信时, 标识信息用于指示分组数据网关删除终端的 IP 地址与服务器的 IP地址。 上述消息还可以包括终端的终端标识、 中继的标识、 中继的 中继指示、终端所需的服务质量参数以及数据聚合描述参数中的至 少一个。 其中, 终端标识, 用于网络标识终端的身份; 中继的标识, 用于网络标识中继的身份; 中继指示, 用于指示作为中继; 终端所 需的服务质量参数, 用于终端向网络请求通信资源。 本发明实施例提供一种终端接入网络的方法, 通过中继获得 终端的 IP地址与服务器的 IP地址, 中继通过移动性管理实体和服 务网关向分组数据网关发送消息, 消息包括终端的 IP地址与服务 器的 IP地址,使得分组数据网关添加终端的 IP地址与服务器的 IP 地址时, 并在数据传输过程中根据终端的 IP地址与服务器的 IP地 址进行数据过滤, 以便于终端与服务器进行数据通信, 能够防止通 信数据泄密, 提升公共安全性能。 本发明实施例提供一种终端接入网络的方法, 如图 5 所示, 包括: 302. The relay sends a message to the packet data gateway, where the message includes the IP address of the terminal and the IP address of the server, so that the packet data gateway adds the IP address of the terminal and the IP address of the server, and according to the IP address of the terminal during the data transmission process. The server's IP address is used for data filtering to facilitate data communication between the terminal and the server. Exemplarily, when the relay sends the message to the packet data gateway, the packet data gateway deletes the IP address of the terminal and the IP address of the server, and performs data filtering according to the IP address of the terminal and the IP address of the server during the data transmission, so that The terminal does not communicate data with the server. The message may be sent by the proximity server to the packet data gateway through the relay, the mobility management entity, and the serving gateway. The message may also carry identification information, which is used to indicate that the packet data gateway adds or deletes the IP address of the terminal and the IP address of the server. When the server allows the terminal to join the group communication through the relay, the identification information is used to indicate that the packet data gateway adds the IP address of the terminal and the IP address of the server, when the server allows the terminal to pass the relay. When exiting the group communication, the identification information is used to instruct the packet data gateway to delete the IP address of the terminal and the IP address of the server. The foregoing message may further include at least one of a terminal identifier of the terminal, an identifier of the relay, a relay indication of the relay, a quality of service parameter required by the terminal, and a data aggregation description parameter. The terminal identifier, the identity of the network identifier terminal, the identifier of the relay, the identity used for the network identifier relay, the relay indication, used to indicate the relay as the relay; the quality of service parameter required by the terminal, used by the terminal The network requests communication resources. An embodiment of the present invention provides a method for a terminal to access a network, where an IP address of a terminal and an IP address of a server are obtained by using a relay, and the relay sends a message to the packet data gateway by using the mobility management entity and the service gateway, where the message includes the IP address of the terminal. The address and the IP address of the server, so that the packet data gateway adds the IP address of the terminal and the IP address of the server, and performs data filtering according to the IP address of the terminal and the IP address of the server during data transmission, so that the terminal and the server perform data. Communication can prevent communication data from being leaked and improve public safety performance. An embodiment of the present invention provides a method for a terminal to access a network, as shown in FIG. 5, including:
401、 中继与无线接入网建立 RRC连接, 使得中继与无线接入 网进行通信。 示例性的, 中继可以作为一个终端, 向无线接入网 E-UTRAN 发送请求消息, 请求与 E-UTRAN建立 RRC连接, 在该 RRC连接 建立成功后, 中继便可以与 E-UTRAN进行通信。 401. The relay establishes an RRC connection with the radio access network, so that the relay communicates with the radio access network. Exemplarily, the relay may serve as a terminal, send a request message to the radio access network E-UTRAN, request to establish an RRC connection with the E-UTRAN, and after the RRC connection is successfully established, the relay can communicate with the E-UTRAN. .
402、 中继向移动性管理实体发起附着请求, 建立 PDN连接 , 并向移动性管理实体请求分配一个长度少于 64bit 的 IPv6 地址前 缀。 示例性的, 中继可以作为一个终端, 向移动性管理实体 MME 发起附着请求, 请求与 MME 建立公共数据网 PDN连接。 在请求 与 MME建立 PDN连接的过程中, 中继请求 MME分配至少一个长 度少于 64bit的 IPv6地址前缀。 402. The relay initiates an attach request to the mobility management entity, establishes a PDN connection, and requests the mobility management entity to allocate an IPv6 address prefix that is less than 64 bits in length. Exemplarily, the relay may be used as a terminal to initiate an attach request to the mobility management entity MME, requesting to establish a public data network PDN connection with the MME. In the process of requesting to establish a PDN connection with the MME, the relay requesting MME allocates at least one long Less than 64bit IPv6 address prefix.
403、 通过移动性管理实体和服务网关, 分组数据网关为中继 建立 PDN连接 , 并且分配给中继一个长度少于 64bit的 IPv6地址 前缀。 403. Through the mobility management entity and the service gateway, the packet data gateway establishes a PDN connection for the relay, and allocates an IPv6 address prefix with a length less than 64 bits.
示例性的, 可以按照现有技术的流程, 通过 MME、 服务网关 S-GW以及分组数据网关 P-GW为中继建立 PDN连接, P-GW可以 分配给中继至少一个少于 64bit的 IPv6地址前缀。  Exemplarily, the PDN connection may be established for the relay by using the MME, the serving gateway S-GW, and the packet data gateway P-GW according to the process of the prior art, and the P-GW may be allocated to the relay at least one IPv6 address less than 64 bits. Prefix.
404、 终端通过发现流程发现中继, 接入到集群通信服务器。 示例性的, 可以按照现有技术中的发现流程, 通过中继向多 个终端发送广播消息, 使得终端可以根据该广播消息发现该中继, 并得知该中继可以连接多个集群通信服务器,使得终端可以通过中 继得到可以进行数据通信的集群通信服务器。 其中, 集群通信服务器负责集群通信的呼叫管理和集群群组 成员 的管理等, 集群通信服务器可以通过多媒体广播多播业务 ( Multimedia Broadcast Multicast Service , MBMS ) 广播或者单播 的方式将集群通信信息 (例如语音、 视频等) 发送至终端。 404. The terminal discovers the relay through the discovery process, and accesses the cluster communication server. Exemplarily, the broadcast message may be sent to multiple terminals by using a relay according to the discovery process in the prior art, so that the terminal can discover the relay according to the broadcast message, and learn that the relay can connect to multiple cluster communication servers. So that the terminal can obtain a cluster communication server that can perform data communication through relay. The cluster communication server is responsible for call management of the cluster communication and management of the cluster group members, and the cluster communication server can broadcast the cluster communication information by means of Multimedia Broadcast Multicast Service (MBMS) broadcast or unicast (for example) Voice, video, etc.) to the terminal.
405、 终端通过直连通信建立流程, 与中继建立直连通信。 示例性的, 可以按照现有的直连通信建立流程, 使得终端与 中继建立连接。 同时, 终端可以从中继在 PDN连接中获得的至少 一个, 即一簇少于 64bit的 IPv6地址前缀中选取一个 IPv6地址作 为终端的 IP地址, 用以与中继和分组数据网关进行数据通信。 405. The terminal establishes a process through direct communication, and establishes direct communication with the relay. Exemplarily, the process can be established according to the existing direct communication, so that the terminal establishes a connection with the relay. At the same time, the terminal may select an IPv6 address as the IP address of the terminal from at least one of the IPv6 address prefixes obtained by the relay in the PDN connection, and use the terminal as the IP address of the terminal to perform data communication with the relay and the packet data gateway.
406、 终端通过中继, 完成与近距离服务器和集群通信服务器 的鉴权过程, 近距离服务器从鉴权过程中获取终端的 IP 地址和集 群通信服务器的 IP地址。 406. The terminal completes the authentication process with the proximity server and the cluster communication server by using the relay, and the proximity server obtains the IP address of the terminal and the IP address of the cluster communication server from the authentication process.
示例性的, 在终端与中继建立连接, 并获取了 自身的 IP地址 后, 终端通过中继, 与集群通信服务器进行鉴权。 具体的, 终端可以依次通过中继、 无线接入网、 MME、 S-GW 和 P-GW向近距离服务器发送消息, 该消息包括终端的终端标识、 终端的 IP地址与终端所需的服务质量 ( Quality of Service , QOS ) 参数, 近距离服务器可以将终端标识发送至集群通信服务器, 集群 通信服务器根据该终端标识与 自身设备中存放的终端标识进行匹 配, 若该集群通信服务器中存在近距离服务器发送的终端标识, 则 该终端通过与该集群通信服务器的鉴权,即终端可以与该集群通信 服务器进行数据交互;若该集群通信服务器中不存在近距离服务器 发送的终端标识, 则该终端没有通过与该集群通信服务器的鉴权, 即终端不与该集群通信服务器进行数据交互。 而后, 集群通信服务器向近距离服务器发送响应消息, 该响 应消息中携带集群通信服务器的 IP 地址和鉴权通过与否的指示。 其中, 在上述过程中, 中继也会将自身的中继标识和中继指示发送 给近距离服务器。 或者, 是终端通过近距离服务器与中继注册到服务器时获得 的, 该注册的过程与鉴权的过程类似, 这里不再赘述。 在步骤 406之后, 该方法流程可以为: Exemplarily, after the terminal establishes a connection with the relay and obtains its own IP address, the terminal authenticates with the cluster communication server through the relay. Specifically, the terminal may sequentially pass through a relay, a radio access network, an MME, and an S-GW. And the P-GW sends a message to the proximity server, where the message includes the terminal identifier of the terminal, the IP address of the terminal, and the Quality of Service (QOS) parameter required by the terminal, and the proximity server can send the terminal identifier to the cluster communication. The server, the cluster communication server matches the terminal identifier stored in the device according to the terminal identifier, and if the terminal identifier sent by the proximity server exists in the cluster communication server, the terminal passes the authentication with the cluster communication server, that is, the terminal Data interaction may be performed with the cluster communication server; if the terminal identifier sent by the proximity server does not exist in the cluster communication server, the terminal does not pass the authentication with the cluster communication server, that is, the terminal does not perform data with the cluster communication server. Interaction. Then, the cluster communication server sends a response message to the proximity server, where the response message carries the IP address of the cluster communication server and an indication of whether the authentication is passed or not. In the above process, the relay also sends its own relay identifier and relay indication to the proximity server. Or, it is obtained when the terminal registers with the server through the proximity server and the relay. The registration process is similar to the process of authentication, and details are not described herein again. After step 406, the method flow can be:
407a , 近距离服务器向移动性管理实体发送接入信息配置消 息, 该接入信息配置消息包括终端的 IP 地址和集群通信服务器的 IP地址。 示例性的, 近距离服务器在获得了终端的 IP地址和集群通信 服务器的 IP地址后,便向移动性管理实体发送接入信息配置消息, 该接入信息配置消息包括终端的 IP地址和集群通信服务器的 IP地 址, 还可以包括终端标识、 中继标识、 中继指示、 终端所需的 QoS 参数和标识信息中的至少一个。 其中, 终端标识, 用于网络标识终端的身份; 中继标识, 用 于网路标识中继的身份; 中继指示, 用于指示作为中继; 终端所需 的 QoS 参数, 用于终端向网路请求通信资源; 标识信息, 也可以 称为添加操作指示,该添加操作指示是近距离服务器根据终端与集 群通信服务器的鉴权结果来标识的。 407a. The proximity server sends an access information configuration message to the mobility management entity, where the access information configuration message includes an IP address of the terminal and an IP address of the cluster communication server. Exemplarily, after obtaining the IP address of the terminal and the IP address of the cluster communication server, the proximity server sends an access information configuration message to the mobility management entity, where the access information configuration message includes the IP address of the terminal and the cluster communication. The IP address of the server may further include at least one of a terminal identifier, a relay identifier, a relay indication, a QoS parameter required by the terminal, and identification information. The terminal identifier, the identity of the network identifier terminal, the relay identifier, the identity used for the network identity relay, the relay indication, used to indicate the relay, and the QoS parameters required by the terminal, used for the terminal to the network The request communication resource; the identification information may also be referred to as an add operation indication, and the add operation indication is a proximity server according to the terminal and the set The authentication result of the group communication server is identified.
408a, 移动性管理实体向服务网关发送承载资源请求消息, 承 载资源请求消息包括终端的 IP地址和集群通信服务器的 IP地址。 示例性的, 移动性管理实体 MME从近距离服务器接收到接入 信息配置消息后, 向服务网关 S-GW发送承载资源请求消息, 该请 求消息包括接入信息配置消息中终端的 IP 地址和集群通信服务器 的 IP 地址, 还包括终端标识、 中继标识、 中继指示、 终端所需的 QoS参数和标识信息。 由此, MME是将接入信息配置消息转发至 S-GW的。 408a. The mobility management entity sends a bearer resource request message to the serving gateway, where the bearer resource request message includes an IP address of the terminal and an IP address of the cluster communication server. Exemplarily, after receiving the access information configuration message from the proximity server, the mobility management entity MME sends a bearer resource request message to the serving gateway S-GW, where the request message includes the IP address and the cluster of the terminal in the access information configuration message. The IP address of the communication server also includes the terminal identifier, the relay identifier, the relay indication, the QoS parameters required by the terminal, and the identification information. Thus, the MME forwards the access information configuration message to the S-GW.
409a, 服务网关将承载资源请求消息发送给分组数据网关, 而 后进入步骤 410或步骤 412。 示例性的, 服务网关 S-GW再将从 MME接收到的承载资源请 求消息转发至分组数据网关 P-GW。 409a. The serving gateway sends a bearer resource request message to the packet data gateway, and then proceeds to step 410 or step 412. Exemplarily, the serving gateway S-GW forwards the bearer resource request message received from the MME to the packet data gateway P-GW.
410、分组数据网关添加承载资源请求消息中终端的 IP地址与 集群通信服务器的 IP地址。 示例性的,分组数据网关 P-GW在接收到 S-GW转发的承载资 源请求消息后,可以根据该承载资源请求消息中的标识信息添加或 删除终端的 IP地址和集群通信服务器的 IP地址。 其中,该标识信息可以用于指示 P-GW为该终端添加或删除终 端 IP地址与集群通信服务器的 IP地址的映射关系。 410. The packet data gateway adds an IP address of the terminal in the bearer resource request message and an IP address of the cluster communication server. Illustratively, after receiving the bearer resource request message forwarded by the S-GW, the packet data gateway P-GW may add or delete the IP address of the terminal and the IP address of the trunking communication server according to the identifier information in the bearer resource request message. The identifier information may be used to indicate that the P-GW adds or deletes a mapping relationship between the terminal IP address and the IP address of the cluster communication server for the terminal.
具体的, 当集群通信服务器允许终端通过中继加入群组通信 时, 该标识信息用于指示 P-GW添加终端的 IP地址与服务器的 IP 地址的映射关系。 举例来说, 当终端通过中继, 与集群通信服务器 的鉴权结果为该终端通过与集群通信服务器的鉴权时,则标识信息 用于指示 P-GW添加终端的 IP地址与服务器的 IP地址的映射关系。  Specifically, when the cluster communication server allows the terminal to join the group communication by using the relay, the identifier information is used to indicate that the P-GW adds the mapping relationship between the IP address of the terminal and the IP address of the server. For example, when the terminal passes the relay and the authentication result of the cluster communication server is that the terminal passes the authentication with the cluster communication server, the identifier information is used to instruct the P-GW to add the IP address of the terminal and the IP address of the server. Mapping relations.
41 1、 分组数据网关允许该终端通过中继加入群组通信, 与该 集群通信服务器进行数据通信。 示例性的, 根据步骤 410 的实施方式, 当该标识信息用于指 示 P-GW添加终端的 IP地址与服务器的 IP地址的映射关系时, 在 后续的数据传输过程中, P-GW 将进行数据过滤, 根据终端的 IP 地址与集群通信服务器的 IP 地址的映射关系, P-GW 允许终端通 过中继接入群组通信, 与该集群通信服务器进行数据通信。 41 1. The packet data gateway allows the terminal to join the group communication through the relay to perform data communication with the cluster communication server. Exemplarily, according to the implementation of step 410, when the identifier information is used to indicate that the P-GW adds the mapping relationship between the IP address of the terminal and the IP address of the server, the P-GW performs data in a subsequent data transmission process. Filtering, according to the mapping relationship between the IP address of the terminal and the IP address of the cluster communication server, the P-GW allows the terminal to access the group communication through the relay to perform data communication with the cluster communication server.
412、分组数据网关删除承载资源请求消息中终端的 IP地址与 集群通信服务器的 IP地址。 示例性的,分组数据网关 P-GW在接收到 S-GW转发的承载资 源请求消息后,其中的标识信息可以用于指示 P-GW为该终端添加 或删除终端 IP地址与集群通信服务器的 IP地址的映射关系。 其中, 当集群通信服务器允许终端通过中继退出群组通信时, 该标识信息用于指示 P-GW删除终端的 IP地址与服务器的 IP地址 的映射关系。 举例来说, 当终端通过中继, 与集群通信服务器的鉴 权结果为该终端没有通过与集群通信服务器的鉴权时,则标识信息 用于指示 P-GW删除终端的 IP地址与服务器的 IP地址的映射关系。  412. The packet data gateway deletes an IP address of the terminal in the bearer resource request message and an IP address of the cluster communication server. Illustratively, after receiving the bearer resource request message forwarded by the S-GW, the packet data P-GW may be used to instruct the P-GW to add or delete the terminal IP address and the IP address of the cluster communication server for the terminal. The mapping relationship of addresses. The identifier information is used to instruct the P-GW to delete the mapping relationship between the IP address of the terminal and the IP address of the server, when the cluster communication server allows the terminal to exit the group communication by using the relay. For example, when the terminal passes the relay and the authentication result of the cluster communication server is that the terminal does not pass the authentication with the cluster communication server, the identifier information is used to instruct the P-GW to delete the IP address of the terminal and the IP address of the server. Mapping relationship.
413、 分组数据网关允许该终端通过中继退出群组通信, 不与 该集群通信服务器进行数据通信。 413. The packet data gateway allows the terminal to exit the group communication by using the relay, and does not perform data communication with the cluster communication server.
示例性的, 当标识信息用于指示 P-GW删除终端的 IP地址与 服务器的 IP 地址的映射关系时, P-GW 在后续的传输过程中进行 数据过滤时,根据终端 IP地址与集群通信服务器的 IP地址, P-GW 允许该终端通过中继退出群组通信,不与该集群通信服务器进行数 据通信, 这样一来, P-GW只允许终端与通过鉴权的集群通信服务 器进行数据通信, 可以防止通信数据泄密, 提高公共安全性能。  Exemplarily, when the identifier information is used to indicate that the P-GW deletes the mapping relationship between the IP address of the terminal and the IP address of the server, the P-GW performs data filtering in the subsequent transmission process, according to the terminal IP address and the cluster communication server. The IP address, the P-GW allows the terminal to exit the group communication through the relay, and does not perform data communication with the cluster communication server, so that the P-GW only allows the terminal to perform data communication with the cluster communication server through authentication. It can prevent communication data from being leaked and improve public safety performance.
此外, 在上述实施例中, 当分组数据网关 P-GW 添加终端 IP 地址与集群通信服务器的 IP 地址的映射关系时, P-GW 可以根据 终端的 IP地址与集群通信服务器的 IP地址, 生成数据聚合描述参 数 ( Traffic Aggregate Description , TAD ) , 该 TAD参数用于 P-GW 更新中继的数据过滤模板 ( Traffic Filter Template , TFT ) , 进而发 送至中继用于数据转发。 当网络中配置了策略与计费规则功能实体In addition, in the foregoing embodiment, when the packet data gateway P-GW adds a mapping relationship between the terminal IP address and the IP address of the cluster communication server, the P-GW may generate data according to the IP address of the terminal and the IP address of the cluster communication server. Traffic Aggregate Description (TAD), which is used by the P-GW to update the relay's Traffic Filter Template (TFT), and then send Send to relay for data forwarding. When the policy and charging rule function entity is configured in the network
PCC , 则引发现有的 PCC流程。 PCC, which triggers the existing PCC process.
根据上述实施例的说明, 该网络架构中各个实体设备之间的 流程交互图可以如图 6所示。 在上述方法实施例中, 在步骤 406之后, 可以用 407b替换上 述步骤 407a , 结合图 5 可以将上述实施例的方法流程替换为图 7 所示。  According to the description of the foregoing embodiment, the process interaction diagram between the physical devices in the network architecture may be as shown in FIG. 6. In the above method embodiment, after step 406, the above step 407a may be replaced by 407b, and the method flow of the above embodiment may be replaced with FIG. 7 in conjunction with FIG.
407b , 中继从近距离服务器获得终端的的 IP地址和集群通信 服务器的 IP 地址, 向移动性管理实体发送接入信息配置消息, 该 接入信息配置消息包括终端的 IP 地址和集群通信服务器的 IP 地 址。  407b, the relay obtains the IP address of the terminal and the IP address of the cluster communication server from the proximity server, and sends an access information configuration message to the mobility management entity, where the access information configuration message includes the IP address of the terminal and the cluster communication server. IP address.
示例性的, 在上述步骤 406 中, 近距离服务器从鉴权过程中 获取了终端的 IP地址和集群通信服务器的 IP地址, 进而近距离服 务器可以向中继发送消息, 该消息包括终端的 IP地址和集群通信 服务器的 IP 地址, 以及近距离服务器根据鉴权结果得到的标识信 息, 而后, 中继便将从终端与集群通信服务器的鉴权过程中从终端 获得的终端标识, 终端的 IP 地址, 中继标识, 集群通信服务器的 IP地址, 终端所需的 QoS 参数以及标识信息包括在接入信息配置 消息中, 将接入信息配置消息发送至移动性管理实体 MME , 以便 于 MME通过 S-GW将该接入信息配置消息中的内容发送至 P-GW , 使得 P-GW根据终端的 IP地址, 集群通信服务器的 IP地址以及标 识信息进行数据过滤,将终端与通过鉴权的集群通信服务器进行数 据通信, 以防止通信数据泄露, 提升公共安全性能。  Exemplarily, in the above step 406, the proximity server obtains the IP address of the terminal and the IP address of the trunking communication server from the authentication process, and the proximity server can send a message to the relay, where the message includes the IP address of the terminal. And the IP address of the cluster communication server, and the identification information obtained by the short-distance server according to the authentication result, and then the relay obtains the terminal identifier obtained from the terminal and the IP address of the terminal from the authentication process of the terminal and the cluster communication server, The MME, the IP address of the trunking server, the QoS parameters required by the terminal, and the identifier information are included in the access information configuration message, and the access information configuration message is sent to the mobility management entity MME, so that the MME passes the S-GW. Sending the content in the access information configuration message to the P-GW, so that the P-GW performs data filtering according to the IP address of the terminal, the IP address of the cluster communication server, and the identification information, and performs the terminal and the cluster communication server that passes the authentication. Data communication to prevent communication data leakage and improve public safety .
此外, 中继在获得终端的 IP地址与集群通信服务器的 IP地址 后,可以根据终端的 IP地址与集群通信服务器的 IP地址,更新 TAD 参数, 由此, 将更新后的 TAD 参数携带在发送给移动性管理实体 的接入信息配置消息中, 进而发送至 P-GW。 根据上述实施例的说明, 用 407b替换上述步骤 407a后, 该网 络架构中各个实体设备之间的流程交互图可以如图 8所示。 或者, 在上述方法实施例中 , 在步骤 406 之后, 可以用 407c〜408c替换上述步骤 407a〜409a , 结合图 5 可以将上述实施例 的方法流程替换为图 9所示。 In addition, after obtaining the IP address of the terminal and the IP address of the cluster communication server, the relay may update the TAD parameter according to the IP address of the terminal and the IP address of the cluster communication server, thereby carrying the updated TAD parameter to the The access information configuration message of the mobility management entity is further sent to the P-GW. According to the description of the above embodiment, after replacing the above step 407a with 407b, the network The process interaction diagram between each physical device in the network architecture can be as shown in FIG. 8. Alternatively, in the above method embodiment, after step 406, the above steps 407a to 409a may be replaced by 407c to 408c, and the method flow of the above embodiment may be replaced with FIG.
407c、近距离服务器向策略与计费规则功能实体发送接入信息 配置消息, 该接入信息配置消息包括终端的 IP 地址与集群通信服 务器的 IP地址。 示例性的, 在上述步骤 406 中, 近距离服务器从鉴权过程中 获取了终端的 IP地址和集群通信服务器的 IP地址, 便可以向策略 与计费规则功能实体 PCRF发送接入信息配置消息, 该接入信息配 置消息包括了终端的 IP地址与集群通信服务器的 IP地址, 还可以 包括近距离服务器,从集群通信服务器通过近距离服务器与中继鉴 权终端的过程中获得的终端标识, 中继标识, 中继指示, 终端所需 的 QoS参数,以及标识信息。其中,该标识信息可以用于指示 P-GW 添加或删除终端的 IP 地址与集群通信服务器的 IP 地址的映射关 系。 407c. The proximity server sends an access information configuration message to the policy and charging rule function entity, where the access information configuration message includes an IP address of the terminal and an IP address of the trunking communication server. Exemplarily, in the foregoing step 406, the proximity server obtains the IP address of the terminal and the IP address of the cluster communication server from the authentication process, and then sends an access information configuration message to the policy and charging rule function entity PCRF. The access information configuration message includes an IP address of the terminal and an IP address of the cluster communication server, and may further include a proximity server, and a terminal identifier obtained by the cluster communication server through the proximity server and the relay authentication terminal. Following identification, relay indication, QoS parameters required by the terminal, and identification information. The identifier information may be used to indicate that the P-GW adds or deletes the mapping relationship between the IP address of the terminal and the IP address of the cluster communication server.
408c ,策略与计费规则功能实体向分组数据网关下发承载资源 请求消息, 该承载资源请求消息包括终端的 IP 地址与集群通信服 务器的 IP地址。 示例性的, PCRF在接收到接入信息配置消息后, 在与分组数 据网关 P-GW发送会话建立或会话修改的过程中,可以携带接收到 的接入信息配置消息中的终端的 IP地址与,通信服务器的 IP地址, 终端标识, 中继标识, 中继指示, 终端所需的 QoS 参数, 以及标 识信息, 以便于 P-GW根据终端的 IP地址, 集群通信服务器的 IP 地址以及标识信息进行数据过滤,将终端与通过鉴权的集群通信服 务器进行数据通信, 以防止通信数据泄露, 提升公共安全性能。  408c. The policy and charging rule function entity sends a bearer resource request message to the packet data gateway, where the bearer resource request message includes an IP address of the terminal and an IP address of the trunking communication server. Illustratively, after receiving the access information configuration message, the PCRF may carry the IP address of the terminal in the received access information configuration message during the process of sending a session establishment or session modification with the packet data gateway P-GW. The IP address of the communication server, the terminal identifier, the relay identifier, the relay indication, the QoS parameters required by the terminal, and the identification information, so that the P-GW performs the IP address of the terminal, the IP address of the cluster communication server, and the identification information. Data filtering, data communication between the terminal and the cluster communication server through authentication to prevent communication data leakage and improve public safety performance.
根据上述实施例 的说明 , 用 407c〜408c 替换上述步骤 407a〜409a后, 该网络架构中各个实体设备之间的流程交互图可以 如图 10所示。 本发明实施例提供一种终端接入网络的方法, 通过中继接入 网络, 获得多个 IPv6 地址, 终端与中继建立直连通信, 终端从中 继获得 IP地址作为终端的 IP地址, 进而终端通过中继, 完成与近 距离服务器和集群通信服务器的鉴权过程,近距离服务器从鉴权的 过程中获得终端的 IP地址与集群通信服务器的 IP地址, 而后通过 移动性管理实体和服务网关将包含终端的 IP地址与集群通信服务 器的 IP 地址的消息发送给分组数据网关, 或者, 通过中继从近距 离服务器获得终端的 IP地址与集群通信服务器的 IP地址, 进而向 分组数据网关发送包含终端的 IP地址与集群通信服务器的 IP地址 的消息, 或者, 近距离服务器通过策略与计费规则功能实体向分组 数据网关发送包含终端的 IP地址与集群通信服务器的 IP地址的消 息, 分组数据网关将进行数据过滤, 只允许终端与已经通过鉴权的 集群通信服务器进行数据通信, 这样能够防止通信数据泄密, 提升 公共安全性能。 通过上述实施例的说明, 在中继接入到核心网, 并与终端建 立连接后, 如图 1 1所示, 包括: According to the description of the foregoing embodiment, after the steps 407a to 409a are replaced by 407c to 408c, the process interaction diagram between the physical devices in the network architecture may be As shown in Figure 10. An embodiment of the present invention provides a method for a terminal to access a network, where a plurality of IPv6 addresses are obtained through a relay access network, and a terminal establishes direct communication with a relay, and the terminal obtains an IP address from the relay as an IP address of the terminal, and further the terminal Through the relay, the authentication process with the proximity server and the cluster communication server is completed, and the proximity server obtains the IP address of the terminal and the IP address of the cluster communication server from the process of authentication, and then passes through the mobility management entity and the service gateway. The message including the IP address of the terminal and the IP address of the cluster communication server is sent to the packet data gateway, or the IP address of the terminal and the IP address of the cluster communication server are obtained from the short-distance server through the relay, and then the terminal is transmitted to the packet data gateway. The IP address and the IP address of the cluster communication server, or the proximity server sends a message including the IP address of the terminal and the IP address of the cluster communication server to the packet data gateway through the policy and charging rule function entity, and the packet data gateway will Data filtering, only allowing terminals and already Through the group communication server as authentication data communication, so that communication data can be prevented from leakage, improve the public security. Through the description of the foregoing embodiment, after the relay accesses the core network and establishes a connection with the terminal, as shown in FIG. 11, the method includes:
501、 近距离服务器获取终端的 IP地址和服务器的 IP地址。 可选的, 服务器通过近距离服务器与中继鉴权终端, 近距离 服务器可以从鉴权的过程中获取终端的 IP 地址与服务器的 IP 地 址。 可选的, 终端通过近距离服务器与中继注册到服务器, 近距 离服务器可以从注册的过程中获取终端的 IP地址与服务器的 IP地 址。 501. The proximity server obtains the IP address of the terminal and the IP address of the server. Optionally, the server obtains the IP address of the terminal and the IP address of the server from the process of authentication by using the proximity server and the relay authentication terminal. Optionally, the terminal registers with the server through the proximity server and the relay, and the proximity server can obtain the IP address of the terminal and the IP address of the server from the registration process.
502、 近距离服务器向分组数据网关发送消息, 消息包括终端 的 IP地址和服务器的 IP地址。 可选的, 可以通过近距离服务器将消息发送至移动性管理实 体, 移动性管理实体经过服务网关, 将消息发送至分组数据网关。 可选的, 近距离服务器将消息发送至中继, 中继将消息发送 至移动性管理实体, 移动性管理实体经过服务网关, 将消息发送至 分组数据网关。 可选的, 近距离服务器将消息发送至策略与计费规则功能实 体, 策略与计费规则功能实体将消息发送至分组数据网关。 其中, 该消息还可以包括: 终端的终端标识、 中继的标识、 中继的中继指示、终端所需的服务质量参数以及数据聚合描述参数 中的至少一个。 其中, 终端, 用于网络标识终端的身份; 中继的标识, 用于 网络标识中继的身份; 中继指示, 用于指示作为中继; 终端所需的 服务质量参数, 用于终端向网络请求通信资源。 502. The proximity server sends a message to the packet data gateway, where the message includes an IP address of the terminal and an IP address of the server. Optionally, the message can be sent to the mobility management via the proximity server. The mobility management entity sends a message to the packet data gateway through the service gateway. Optionally, the proximity server sends the message to the relay, and the relay sends the message to the mobility management entity, and the mobility management entity sends the message to the packet data gateway through the service gateway. Optionally, the proximity server sends the message to the policy and charging rule function entity, and the policy and charging rule function entity sends the message to the packet data gateway. The message may further include: at least one of a terminal identifier of the terminal, an identifier of the relay, a relay indication of the relay, a quality of service parameter required by the terminal, and a data aggregation description parameter. The terminal is used for the identity of the network identification terminal; the identifier of the relay is used for the identity of the network identity relay; the relay indication is used to indicate the relay as the relay; the quality of service parameter required by the terminal is used for the terminal to the network Request communication resources.
503、 分组数据网关添加终端的 IP地址与服务器的 IP地址, 在数据传输过程中, 分组数据网关根据终端的 IP地址与服务器的 IP地址进行数据过滤。 其中, 在上述说明中, 该消息还携带标识信息, 标识信息用 于指示分组数据网关添加或删除终端的 IP 地址与服务器的 IP 地 址。  503. The packet data gateway adds the IP address of the terminal and the IP address of the server. During the data transmission process, the packet data gateway performs data filtering according to the IP address of the terminal and the IP address of the server. In the above description, the message further carries identification information, and the identifier information is used to indicate that the packet data gateway adds or deletes the IP address of the terminal and the IP address of the server.
具体的, 当服务器允许终端通过中继加入群组通信时, 标识 信息用于指示分组数据网关添加终端的 IP 地址与服务器的 IP 地 址;  Specifically, when the server allows the terminal to join the group communication by using the relay, the identifier information is used to indicate that the packet data gateway adds the IP address of the terminal and the IP address of the server;
当服务器允许终端通过中继退出群组通信时, 标识信息用于 指示分组数据网关删除终端的 IP地址与服务器的 IP地址。  When the server allows the terminal to exit the group communication by relay, the identification information is used to instruct the packet data gateway to delete the IP address of the terminal and the IP address of the server.
504、 终端在分组数据网关进行数据过滤后与服务器进行数据 通信。 504. The terminal performs data communication with the server after performing data filtering by the packet data gateway.
通过上述说明, 就可以只允许终端与已经经过鉴权的服务器 进行通信, 或, 只允许终端与已经经过注册的服务器进行通信, 当 分组数据网关接收到消息,标识信息指示分组数据网关删除终端的Through the above description, it is possible to allow only the terminal to communicate with the server that has been authenticated, or only allow the terminal to communicate with the server that has already been registered. The packet data gateway receives the message, and the identification information indicates that the packet data gateway deletes the terminal.
IP地址与服务器的 IP地址时, 在数据传输过程中, 分组数据网关 根据终端的 IP地址与服务器的 IP地址进行数据过滤, 终端在分组 数据网关进行数据过滤时不与服务器进行数据通信, 这样一来, 可 以防止数据泄露, 提升公共安全性能。 本发明实施例提供一种终端接入网络的方法, 通过近距离服 务器获取终端的 IP地址和服务器的 IP地址, 向分组数据网关发送 消息, 消息包括终端的 IP地址和服务器的 IP地址, 分组数据网关 添加终端的 IP地址与服务器的 IP地址, 在数据传输过程中, 分组 数据网关根据终端的 IP地址与服务器的 IP地址进行数据过滤, 终 端在分组数据网关进行数据过滤后与服务器进行数据通信,能够防 止通信数据泄密, 提升公共安全性能。 本发明实施例提供一种分组数据网关 01 ,如图 12所示, 包括: 接收单元 01 1 , 用于接收消息, 消息包括终端的 IP 地址、 月良 务器的 IP地址。 处理单元 012 , 用于添加终端的 IP地址与服务器的 IP地址, 在数据传输过程中, 根据终端的 IP地址与服务器的 IP地址进行数 据过滤, 以便于终端与服务器进行数据通信。 When the IP address and the IP address of the server are used, during the data transmission process, the packet data gateway performs data filtering according to the IP address of the terminal and the IP address of the server, and the terminal does not perform data communication with the server when the packet data gateway performs data filtering, such that To prevent data leakage and improve public safety performance. An embodiment of the present invention provides a method for a terminal to access a network, where a short-distance server acquires an IP address of a terminal and an IP address of a server, and sends a message to the packet data gateway, where the message includes an IP address of the terminal and an IP address of the server, and the packet data. The gateway adds the IP address of the terminal and the IP address of the server. During the data transmission process, the packet data gateway performs data filtering according to the IP address of the terminal and the IP address of the server, and the terminal performs data communication with the server after data filtering by the packet data gateway. It can prevent communication data from being leaked and improve public safety performance. The embodiment of the present invention provides a packet data gateway 01. As shown in FIG. 12, the method includes: a receiving unit 01 1 configured to receive a message, where the message includes an IP address of the terminal and an IP address of the server. The processing unit 012 is configured to add an IP address of the terminal and an IP address of the server. During data transmission, data filtering is performed according to the IP address of the terminal and the IP address of the server, so that the terminal and the server perform data communication.
可选的, 处理单元 012还用于: 删除终端的 IP地址和服务器的 IP地址, 在数据传输过程中, 根据终端的 IP地址与服务器的 IP地址进行数据过滤, 以便于终端 不与服务器进行数据通信。 可选的, 消息是近距离服务器通过移动性管理实体和服务网 关发送至分组数据网关的; 或, 消息是近距离服务器通过中继、 移动性管理实体和服务 网关发送至分组数据网关的; 或, 消息是近距离服务器通过策略与计费规则功能实体发送 至分组数据网关的; 其中, 消息中终端的 IP地址与服务器的 IP地址, 是近距离服 务器在服务器通过近距离服务器与中继鉴权终端时获得的,或者是 终端通过近距离服务器与中继注册到服务器时获得的。 Optionally, the processing unit 012 is further configured to: delete the IP address of the terminal and the IP address of the server, and perform data filtering according to the IP address of the terminal and the IP address of the server during the data transmission, so that the terminal does not perform data with the server. Communication. Optionally, the message is sent by the proximity server to the packet data gateway by using the mobility management entity and the service gateway; or, the message is sent by the proximity server to the packet data gateway by using the relay, the mobility management entity, and the service gateway; or , the message is sent by the proximity server through the policy and charging rule function entity To the packet data gateway; wherein, the IP address of the terminal in the message and the IP address of the server are obtained by the proximity server when the server passes the proximity server and the relay authentication terminal, or the terminal passes the proximity server and the relay Obtained when registering to the server.
可选的, 处理单元 012 是根据接收单元接收的消息中携带的 标识信息添加或删除终端的 IP地址与服务器的 IP地址的。 可选的, 当服务器允许终端通过中继加入群组通信时, 标识 信息用于指示分组数据网关添加终端的 IP 地址与服务器的 IP 地 址;  Optionally, the processing unit 012 adds or deletes the IP address of the terminal and the IP address of the server according to the identifier information carried in the message received by the receiving unit. Optionally, when the server allows the terminal to join the group communication by using the relay, the identifier information is used to indicate that the packet data gateway adds the IP address of the terminal and the IP address of the server;
当服务器允许终端通过中继退出群组通信时, 标识信息用于 指示分组数据网关删除终端的 IP地址与服务器的 IP地址。 可选的, 消息还包括:  When the server allows the terminal to exit the group communication by relay, the identification information is used to instruct the packet data gateway to delete the IP address of the terminal and the IP address of the server. Optionally, the message further includes:
终端的终端标识、 中继的标识、 中继的中继指示、 终端所需 的服务质量参数以及数据聚合描述参数中的至少一个; 其中, 终端标识, 用于网络标识终端的身份; 中继的标识, 用于网络标识中继的身份; 中继指示, 用于指示作为中继; 终端所 需的服务质量参数, 用于终端向网络请求通信资源。  At least one of a terminal identifier of the terminal, an identifier of the relay, a relay indication of the relay, a quality of service parameter required by the terminal, and a data aggregation description parameter; wherein, the terminal identifier is used for identifying the identity of the terminal; The identifier is used for the identifier of the network identifier relay; the relay indication is used to indicate the quality of service parameter required by the terminal, and is used by the terminal to request the communication resource from the network.
可选的, 处理单元 012还可以用于: 当接收单元接收到消息时, 根据消息中终端的 IP地址与服务 器的 IP 地址生成数据聚合描述参数, 聚合描述参数用于分组数据 网关更新中继的数据过滤模版, 进而发送到中继用于数据转发。 本发明实施例提供一种分组数据网关, 通过分组数据网关接 收消息, 该消息包括终端的 IP地址与服务器的 IP地址, 分组数据 网关添加终端的 IP地址与服务器的 IP地址, 分组数据网关在数据 传输过程中,根据终端的 IP地址与服务器的 IP地址进行数据顾虑, 以便于终端与服务器进行数据通信, 能够防止通信数据泄密, 提升 公共安全性能。 本发明实施例提供一种近距离服务器 02 ,如图 13所示, 包括: 获取单元 021 , 用于获得终端的 IP地址与服务器的 IP地址。 发送单元 022 , 用于向分组数据网关发送消息, 消息包括终端 的 IP 地址与服务器的 IP 地址, 使得分组数据网关添加终端的 IP 地址与服务器的 IP地址, 在数据传输过程中根据终端的 IP地址与 服务器的 IP 地址进行数据过滤, 以便于终端与服务器进行数据通 信。 可选的, 发送单元 022 将消息发送至分组数据网关, 使得分 组数据网关删除终端的 IP地址与服务器的 IP地址, 在数据传输过 程中根据终端的 IP地址与服务器的 IP地址进行数据过滤, 以便于 终端不与服务器进行数据通信。 可选的, 消息是发送单元 022 , 通过移动性管理实体和服务网 关发送至分组数据网关的; 或, 消息是发送单元 022 通过中继、 移动性管理实体和服务 网关发送至分组数据网关的; 或, 消息是发送单元 022 通过策略与计费规则功能实体发送 至分组数据网关的; 其中, 消息中终端的 IP地址与服务器的 IP地址, 是近距离服 务器在服务器通过近距离服务器与中继鉴权终端时获得的,或者是 终端通过近距离服务器与中继注册到服务器时获得的。 可选的, 消息还携带标识信息, 标识信息用于指示分组数据 网关添加或删除终端的 IP地址与服务器的 IP地址。 可选的, 当服务器允许终端通过中继加入群组通信时, 标识 信息用于指示分组数据网关添加终端的 IP 地址与服务器的 IP 地 址; 当服务器允许终端通过中继退出群组通信时, 标识信息用于 指示分组数据网关删除终端的 IP地址与服务器的 IP地址。 可选的, 消息还包括: 终端的终端标识、 中继的标识、 中继的中继指示、 终端所需 的服务质量参数以及数据聚合描述参数中的至少一个; 其中, 终端标识, 用于网络标识终端的身份; 中继的标识, 用于网络标识中继的身份; 中继指示, 用于指示作为中继; 终端所 需的服务质量参数, 用于终端向网络请求通信资源。 可选的, 发送单元 022 向分组数据网关发送消息时, 使分组 数据网关根据消息中终端的 I P地址与服务器的 I P地址生成数据聚 合描述参数,聚合描述参数用于分组数据网关更新中继的数据过滤 模版, 进而发送到中继用于数据转发。 本发明实施例提供一种近距离服务器, 通过近距离服务器获 得终端的 IP地址与服务器的 IP地址, 并通过中继、 移动性管理实 体以及服务网关, 向分组数据网关发送消息, 消息包括终端的 IP 地址与服务器的 IP地址, 使得分组数据网关添加终端的 IP地址与 服务器的 IP地址, 在数据传输过程中根据终端的 IP地址与服务器 的 IP 地址进行数据过滤, 以便于终端与服务器进行数据通信, 能 够防止通信数据泄密, 提升公共安全性能。 本发明实施例提供一种中继 03 , 如图 14所示, 包括: 获取单元 03 1 , 用于获得终端的 IP地址与服务器的 IP地址。 发送单元 032 , 用于向分组数据网关发送消息, 消息包括终端 的 IP 地址与服务器的 IP 地址, 使得分组数据网关添加终端的 IP 地址与服务器的 IP地址, 在数据传输过程中根据终端的 IP地址与 服务器的 IP 地址进行数据过滤, 以便于终端与服务器进行数据通 信。 可选的, 发送单元 032 将消息发送至分组数据网关, 使得分 组数据网关删除终端的 IP地址与服务器的 IP地址, 在数据传输过 程中根据终端的 IP地址和服务器的 IP地址进行数据过滤, 以便于 终端不与服务器进行数据通信。 可选的, 消息是近距离服务器通过发送单元 032、 移动性管理 实体和服务网关发送至分组数据网关的; 其中, 消息中终端的 IP地址与服务器的 IP地址, 是近距离服 务器在服务器通过近距离服务器与中继鉴权终端时获得的,或者是 终端通过近距离服务器与中继注册到服务器时获得的。 可选的, 消息还携带标识信息, 标识信息用于指示分组数据 网关添加或删除终端的 IP地址与服务器的 IP地址。 可选的, 当服务器允许终端通过中继加入群组通信时, 标识 信息用于指示分组数据网关添加终端的 IP 地址与服务器的 IP 地 址; Optionally, the processing unit 012 is further configured to: when the receiving unit receives the message, generate a data aggregation description parameter according to the IP address of the terminal in the message and the IP address of the server, and the aggregation description parameter is used to update the relay of the packet data gateway. The data filtering template is sent to the relay for data forwarding. An embodiment of the present invention provides a packet data gateway, which receives a message through a packet data gateway, where the message includes an IP address of the terminal and an IP address of the server, and the packet data gateway adds the IP address of the terminal and the IP address of the server, and the data of the packet data gateway is in the data. During the transmission process, data concerns are made based on the IP address of the terminal and the IP address of the server, so that the terminal and the server perform data communication, which can prevent communication data from being leaked and improve public security performance. The embodiment of the present invention provides a proximity server 02, as shown in FIG. 13, comprising: an obtaining unit 021, configured to obtain an IP address of the terminal and an IP address of the server. The sending unit 022 is configured to send a message to the packet data gateway, where the message includes the IP address of the terminal and the IP address of the server, so that the packet data gateway adds the IP address of the terminal and the IP address of the server, and according to the IP address of the terminal during data transmission Data filtering is performed with the IP address of the server to facilitate data communication between the terminal and the server. Optionally, the sending unit 022 sends the message to the packet data gateway, so that the packet data gateway deletes the IP address of the terminal and the IP address of the server, and performs data filtering according to the IP address of the terminal and the IP address of the server during the data transmission process, so that The terminal does not communicate data with the server. Optionally, the message is sent by the mobility management entity and the service gateway to the packet data gateway by the sending unit 022; or, the message is sent by the sending unit 022 to the packet data gateway by using the relay, the mobility management entity, and the serving gateway; Or, the message is sent by the sending unit 022 to the packet data gateway by the policy and charging rule function entity; wherein, the IP address of the terminal in the message and the IP address of the server are close-range servers in the server through the proximity server and the relay Obtained when the terminal is obtained, or obtained when the terminal registers with the server through the proximity server and the relay. Optionally, the message further carries the identifier information, where the identifier information is used to indicate that the packet data gateway adds or deletes the IP address of the terminal and the IP address of the server. Optionally, when the server allows the terminal to join the group communication by using the relay, the identifier information is used to indicate that the packet data gateway adds the IP address of the terminal to the IP address of the server; when the server allows the terminal to exit the group communication by using the relay, The information is used to instruct the packet data gateway to delete the IP address of the terminal and the IP address of the server. Optionally, the message further includes: at least one of a terminal identifier of the terminal, an identifier of the relay, a relay indication of the relay, a quality of service parameter required by the terminal, and a data aggregation description parameter; where the terminal identifier is used for the network Identifying the identity of the terminal; the identity of the relay, the identity used for the network identity relay; the relay indication, used to indicate the quality of service parameter required by the terminal, and the terminal for requesting the communication resource from the network. Optionally, when the sending unit 022 sends a message to the packet data gateway, the packet data gateway generates a data aggregation description parameter according to the IP address of the terminal in the message and the IP address of the server, and the aggregation description parameter is used to update the relay data by the packet data gateway. Filter the template and send it to the relay for data forwarding. The embodiment of the invention provides a short-range server, which obtains the IP address of the terminal and the IP address of the server through the proximity server, and sends a message to the packet data gateway through the relay, the mobility management entity and the service gateway, where the message includes the terminal. The IP address and the IP address of the server, so that the packet data gateway adds the IP address of the terminal and the IP address of the server, and performs data filtering according to the IP address of the terminal and the IP address of the server during data transmission, so that the terminal and the server perform data communication. It can prevent communication data from being leaked and improve public safety performance. The embodiment of the present invention provides a relay 03. As shown in FIG. 14, the method includes: an obtaining unit 03 1 configured to obtain an IP address of the terminal and an IP address of the server. The sending unit 032 is configured to send a message to the packet data gateway, where the message includes the IP address of the terminal and the IP address of the server, so that the packet data gateway adds the IP address of the terminal and the IP address of the server, and according to the IP address of the terminal during data transmission Data filtering is performed with the IP address of the server to facilitate data communication between the terminal and the server. Optionally, the sending unit 032 sends the message to the packet data gateway, so that the packet data gateway deletes the IP address of the terminal and the IP address of the server, and performs data filtering according to the IP address of the terminal and the IP address of the server during the data transmission process, so that Yu The terminal does not communicate data with the server. Optionally, the message is sent by the short-range server to the packet data gateway by using the sending unit 032, the mobility management entity, and the serving gateway; wherein, the IP address of the terminal in the message and the IP address of the server are close-range servers passing through the server. Obtained when the server and the relay authentication terminal are obtained, or when the terminal registers with the server through the proximity server and the relay. Optionally, the message further carries the identifier information, where the identifier information is used to indicate that the packet data gateway adds or deletes the IP address of the terminal and the IP address of the server. Optionally, when the server allows the terminal to join the group communication by using the relay, the identifier information is used to indicate that the packet data gateway adds the IP address of the terminal and the IP address of the server;
当服务器允许终端通过中继退出群组通信时, 标识信息用于 指示分组数据网关删除终端的 IP地址与服务器的 IP地址。 可选的, 消息还包括:  When the server allows the terminal to exit the group communication by relay, the identification information is used to instruct the packet data gateway to delete the IP address of the terminal and the IP address of the server. Optionally, the message further includes:
终端的终端标识、 中继的标识、 中继的中继指示、 终端所需 的服务质量参数以及数据聚合描述参数中的至少一个; 其中, 终端标识, 用于网络标识终端的身份; 中继的标识, 用于网络标识中继的身份; 中继指示, 用于指示作为中继; 终端所 需的服务质量参数, 用于终端向网络请求通信资源。 可选的, 还可以包括: 处理单元 033 , 用于在发送单元 032向分组数据网关发送消息 时, 根据消息中终端的 IP地址与服务器的 IP地址, 更新数据过滤 模版, 以用于中继根据数据过滤模版进行数据转发。 本发明实施例提供一种中继, 通过中继获得终端的 IP地址与 服务器的 IP 地址, 中继通过移动性管理实体、 服务网关向分组数 据网关发送消息, 消息包括终端的 IP地址与服务器的 IP地址, 使 得分组数据网关添加终端的 IP地址与服务器的 IP地址时, 在数据 传输过程中根据终端的 IP地址与服务器的 IP地址进行数据过滤, 以便于终端与服务器进行数据通信, 能够防止通信数据泄密, 提升 公共安全性能。 本发明实施例提供一种分组数据网关 04 , 如图 15所示, 包括 总线 041、 处理器 042、 发射器 043、 接收器 044 以及存储器 045 , 其中, 该存储器 045用于存储指令, 接收器 044执行该指令用于接 收消息, 消息包括终端的 IP地址、 服务器的 IP地址; 处理器 042 执行该指令用于添加终端的 IP地址与服务器的 IP地址, 在数据传 输过程中, 根据终端的 IP地址与服务器的 IP地址进行数据过滤, 以便于终端与服务器进行数据通信。 在本发明实施例中, 可选的, 处理器 042 执行该指令用于删 除终端的 IP地址和服务器的 IP地址, 在数据传输过程中, 根据终 端的 IP地址与服务器的 IP地址进行数据过滤, 以便于终端不与服 务器进行数据通信。 在本发明实施例中, 可选的, 消息是近距离服务器通过移动 性管理实体和服务网关发送至分组数据网关的; 或, 消息是近距离服务器通过中继、 移动性管理实体和服务 网关发送至分组数据网关的; 或, 消息是近距离服务器通过策略与计费规则功能实体发送 至分组数据网关的; 其中, 消息中终端的 IP地址与服务器的 IP地址, 是近距离服 务器在服务器通过近距离服务器与中继鉴权终端时获得的,或者是 终端通过近距离服务器与中继注册到服务器时获得的。 在本发明实施例中, 可选的, 处理器 042 执行该指令用于根 据消息中携带的标识信息添加或删除终端的 IP地址与服务器的 IP 地址的。 在本发明实施例中, 可选的, 当服务器允许终端通过中继加 入群组通信时, 标识信息用于指示分组数据网关添加终端的 IP 地 址与服务器的 IP地址; 当服务器允许终端通过中继退出群组通信时, 标识信息用于 指示分组数据网关删除终端的 IP地址与服务器的 IP地址。 在本发明实施例中, 可选的, 消息还包括: At least one of a terminal identifier of the terminal, an identifier of the relay, a relay indication of the relay, a quality of service parameter required by the terminal, and a data aggregation description parameter; wherein, the terminal identifier is used for identifying the identity of the terminal; The identifier is used for the identifier of the network identifier relay; the relay indication is used to indicate the quality of service parameter required by the terminal, and is used by the terminal to request the communication resource from the network. Optionally, the processing unit 033 is further configured to: when the sending unit 032 sends a message to the packet data gateway, update the data filtering template according to the IP address of the terminal in the message and the IP address of the server, for The data filtering template performs data forwarding. The embodiment of the invention provides a relay, which obtains the IP address of the terminal and the IP address of the server through the relay, and the relay sends a message to the packet data gateway through the mobility management entity and the service gateway, where the message includes the IP address of the terminal and the server. IP address, so When the packet data gateway adds the IP address of the terminal and the IP address of the server, data filtering is performed according to the IP address of the terminal and the IP address of the server during data transmission, so that the terminal and the server perform data communication, thereby preventing communication data from being leaked. Improve public safety performance. The embodiment of the present invention provides a packet data gateway 04, as shown in FIG. 15, including a bus 041, a processor 042, a transmitter 043, a receiver 044, and a memory 045, wherein the memory 045 is used to store instructions, and the receiver 044 Executing the instruction is used to receive a message, where the message includes an IP address of the terminal and an IP address of the server; the processor 042 executes the instruction to add the IP address of the terminal and the IP address of the server, and according to the IP address of the terminal during data transmission Data filtering is performed with the IP address of the server to facilitate data communication between the terminal and the server. In the embodiment of the present invention, optionally, the processor 042 executes the instruction for deleting the IP address of the terminal and the IP address of the server, and performing data filtering according to the IP address of the terminal and the IP address of the server during the data transmission process. So that the terminal does not communicate data with the server. In the embodiment of the present invention, optionally, the message is sent by the proximity server to the packet data gateway by using the mobility management entity and the service gateway; or, the message is sent by the proximity server through the relay, the mobility management entity, and the service gateway. To the packet data gateway; or, the message is sent by the near-range server to the packet data gateway through the policy and charging rule function entity; wherein, the IP address of the terminal in the message and the IP address of the server are close-range servers passing through the server Obtained when the server and the relay authentication terminal are obtained, or when the terminal registers with the server through the proximity server and the relay. In the embodiment of the present invention, optionally, the processor 042 executes the instruction to add or delete the IP address of the terminal and the IP address of the server according to the identifier information carried in the message. In the embodiment of the present invention, optionally, when the server allows the terminal to join the group communication by using the relay, the identifier information is used to indicate that the packet data gateway adds the IP address of the terminal and the IP address of the server; when the server allows the terminal to pass the relay When the group communication is exited, the identification information is used to instruct the packet data gateway to delete the IP address of the terminal and the IP address of the server. In the embodiment of the present invention, optionally, the message further includes:
终端的终端标识、 中继的标识、 中继的中继指示、 终端所需 的服务质量参数以及数据聚合描述参数中的至少一个; 其中, 终端标识, 用于网络标识终端的身份; 中继的标识, 用于网络标识中继的身份; 中继指示, 用于指示作为中继; 终端所 需的服务质量参数, 用于终端向网络请求通信资源。 在本发明实施例中, 可选的, 处理器 042 执行该指令还可以 用于:  At least one of a terminal identifier of the terminal, an identifier of the relay, a relay indication of the relay, a quality of service parameter required by the terminal, and a data aggregation description parameter; wherein, the terminal identifier is used for identifying the identity of the terminal; The identifier is used for the identifier of the network identifier relay; the relay indication is used to indicate the quality of service parameter required by the terminal, and is used by the terminal to request the communication resource from the network. In the embodiment of the present invention, optionally, the processor 042 executing the instruction may also be used to:
当接收器在接收到消息时, 根据消息中终端的 IP地址与服务 器的 IP 地址生成数据聚合描述参数, 聚合描述参数用于分组数据 网关更新中继的数据过滤模版, 进而发送到中继用于数据转发。 本发明实施例提供一种分组数据网关, 通过分组数据网关接 收消息, 该消息包括终端的 IP地址与服务器的 IP地址, 当分组数 据网关添加终端的 IP地址与服务器的 IP地址时, 分组数据网关在 数据传输过程中, 根据终端的 IP地址与服务器的 IP地址进行数据 顾虑,以便于终端与服务器进行数据通信,能够防止通信数据泄密, 提升公共安全性能。 本发明实施例提供一种近距离服务器 05 , 如图 16所示, 包括 总线 051、 处理器 052、 发射器 053、 接收器 054 以及存储器 055 , 其中, 该存储器 055用于存储指令, 接收器 054执行该指令用于获 得终端的 IP地址与服务器的 IP地址; 发射器 053执行该指令用于 向分组数据网关发送消息, 消息包括终端的 IP地址与服务器的 IP 地址, 使得分组数据网关添加终端的 IP地址与服务器的 IP地址, 在数据传输过程中根据终端的 IP地址与服务器的 IP地址进行数据 过滤, 以便于终端与服务器进行数据通信。 在本发明实施例中, 可选的, 发射器 053 执行该指令用于将 消息发送至分组数据网关, 使得分组数据网关删除终端的 IP 地址 与服务器的 IP地址, 在数据传输过程中根据终端的 IP地址与服务 器的 IP地址进行数据过滤, 以便于终端不与服务器进行数据通信。 在本发明实施例中, 可选的, 消息是发射器 053 , 通过移动性 管理实体和服务网关发送至分组数据网关的; 或, 消息是发射器 053 通过中继、 移动性管理实体和服务网 关发送至分组数据网关的; 或, 消息是发射器 053 通过策略与计费规则功能实体发送至 分组数据网关的; 其中, 消息中终端的 IP地址与服务器的 IP地址, 是近距离服 务器在服务器通过近距离服务器与中继鉴权终端时获得的,或者是 终端通过近距离服务器与中继注册到服务器时获得的。 在本发明实施例中, 可选的, 消息还携带标识信息, 标识信 息用于指示分组数据网关添加或删除终端的 IP地址与服务器的 IP 地址。 在本发明实施例中, 可选的, 当服务器允许终端通过中继加 入群组通信时, 标识信息用于指示分组数据网关添加终端的 IP 地 址与服务器的 IP地址; 当服务器允许终端通过中继退出群组通信时, 标识信息用于 指示分组数据网关删除终端的 IP地址与服务器的 IP地址。 在本发明实施例中, 可选的, 消息还包括: When receiving the message, the receiver generates a data aggregation description parameter according to the IP address of the terminal in the message and the IP address of the server, and the aggregation description parameter is used for the data filtering template of the packet data gateway update relay, and then sent to the relay for use in the relay. Data forwarding. The embodiment of the invention provides a packet data gateway, which receives a message through a packet data gateway, where the message includes an IP address of the terminal and an IP address of the server. When the packet data gateway adds the IP address of the terminal and the IP address of the server, the packet data gateway In the data transmission process, data concerns are made according to the IP address of the terminal and the IP address of the server, so that the terminal and the server perform data communication, which can prevent communication data from being leaked and improve public security performance. The embodiment of the present invention provides a proximity server 05, as shown in FIG. 16, including a bus 051, a processor 052, a transmitter 053, a receiver 054, and a memory 055, wherein the memory 055 is used to store instructions, and the receiver 054 Executing the instruction is used to obtain the IP address of the terminal and the IP address of the server; the transmitter 053 executes the instruction for sending a message to the packet data gateway, where the message includes the IP address of the terminal and the IP address of the server. The address is such that the packet data gateway adds the IP address of the terminal to the IP address of the server, and performs data filtering according to the IP address of the terminal and the IP address of the server during data transmission, so that the terminal and the server perform data communication. In the embodiment of the present invention, optionally, the transmitter 053 executes the instruction for sending the message to the packet data gateway, so that the packet data gateway deletes the IP address of the terminal and the IP address of the server, according to the terminal in the data transmission process. The IP address is filtered with the IP address of the server so that the terminal does not communicate with the server. In the embodiment of the present invention, optionally, the message is sent by the mobility management entity and the service gateway to the packet data gateway by the transmitter 053; or, the message is the transmitter 053 through the relay, the mobility management entity, and the service gateway. Sending to the packet data gateway; or, the message is sent by the transmitter 053 to the packet data gateway through the policy and charging rule function entity; wherein, the IP address of the terminal in the message and the IP address of the server are short-range servers passing through the server Obtained when the proximity server and the relay authentication terminal are obtained, or when the terminal registers with the server through the proximity server and the relay. In the embodiment of the present invention, optionally, the message further carries the identifier information, where the identifier information is used to instruct the packet data gateway to add or delete the IP address of the terminal and the IP address of the server. In the embodiment of the present invention, optionally, when the server allows the terminal to join the group communication by using the relay, the identifier information is used to indicate that the packet data gateway adds the IP address of the terminal and the IP address of the server; when the server allows the terminal to pass the relay When the group communication is exited, the identification information is used to instruct the packet data gateway to delete the IP address of the terminal and the IP address of the server. In the embodiment of the present invention, optionally, the message further includes:
终端的终端标识、 中继的标识、 中继的中继指示、 终端所需 的服务质量参数以及数据聚合描述参数中的至少一个; 其中, 终端标识, 用于网络标识终端的身份; 中继的标识, 用于网络标识中继的身份; 中继指示, 用于指示作为中继; 终端所 需的服务质量参数, 用于终端向网络请求通信资源。 在本发明实施例中, 可选的, 在发射器 053 向分组数据网关 发送消息时, 使分组数据网关根据消息中终端的 IP 地址与服务器 的 IP 地址生成数据聚合描述参数, 聚合描述参数用于分组数据网 关更新中继的数据过滤模版, 进而发送到中继用于数据转发。 本发明实施例提供一种近距离服务器, 近距离服务器获得终 端的 IP地址与服务器的 IP地址, 并通过中继、 移动性管理实体以 及服务网关, 向分组数据网关发送消息, 消息包括终端的 IP 地址 与服务器的 IP地址, 使得分组数据网关添加终端的 IP地址与服务 器的 IP地址时, 在数据传输过程中根据终端的 IP地址与服务器的 IP 地址进行数据过滤, 以便于终端与服务器进行数据通信, 能够 防止通信数据泄密, 提升公共安全性能。 本发明实施例提供一种中继 06 , 如图 17所示, 包括总线 061、 处理器 062、 发射器 063、 接收器 064 以及存储器 065 , 其中, 该 存储器 065用于存储指令,接收器 064执行该指令用于获得终端的 IP地址与服务器的 IP地址; 发射器 063执行该指令用于向分组数 据网关发送消息, 消息包括终端的 IP地址与服务器的 IP地址, 使 得分组数据网关添加终端的 IP地址与服务器的 IP地址, 在数据传 输过程中根据终端的 IP地址与服务器的 IP地址进行数据过滤, 以 便于终端与服务器进行数据通信。 在本发明实施例中, 可选的, 发射器 063 执行该指令用于将 消息发送至分组数据网关, 使得分组数据网关删除终端的 IP 地址 与服务器的 IP地址, 在数据传输过程中根据终端的 IP地址和服务 器的 IP地址进行数据过滤, 以便于终端不与服务器进行数据通信。 在本发明实施例中, 可选的, 消息是近距离服务器通过发射 器 063 执行该指令用于通过移动性管理实体和服务网关发送至分 组数据网关的; 其中, 消息中终端的 IP地址与服务器的 IP地址, 是近距离服 务器在服务器通过近距离服务器与中继鉴权终端时获得的,或者是 终端通过近距离服务器与中继注册到服务器时获得的。 在本发明实施例中, 可选的, 消息还携带标识信息, 标识信 息用于指示分组数据网关添加或删除终端的 IP地址与服务器的 IP 地址。 在本发明实施例中, 可选的, 当服务器允许终端通过中继加 入群组通信时, 标识信息用于指示分组数据网关添加终端的 IP 地 址与服务器的 IP地址; 当服务器允许终端通过中继退出群组通信时, 标识信息用于 指示分组数据网关删除终端的 IP地址与服务器的 IP地址。 在本发明实施例中, 可选的, 消息还包括: At least one of a terminal identifier of the terminal, an identifier of the relay, a relay indication of the relay, a quality of service parameter required by the terminal, and a data aggregation description parameter; The terminal identifier, the identity of the network identifier terminal, the identifier of the relay, the identity used for the network identifier relay, the relay indication, used to indicate the relay as the relay; the quality of service parameter required by the terminal, used by the terminal The network requests communication resources. In the embodiment of the present invention, optionally, when the transmitter 053 sends a message to the packet data gateway, the packet data gateway generates a data aggregation description parameter according to the IP address of the terminal in the message and the IP address of the server, and the aggregation description parameter is used. The packet data gateway updates the data filtering template of the relay and sends it to the relay for data forwarding. The embodiment of the invention provides a short-range server, which obtains the IP address of the terminal and the IP address of the server, and sends a message to the packet data gateway through the relay, the mobility management entity and the service gateway, where the message includes the IP of the terminal. The IP address of the address and the server, when the packet data gateway adds the IP address of the terminal and the IP address of the server, performs data filtering according to the IP address of the terminal and the IP address of the server during data transmission, so that the terminal and the server perform data communication. It can prevent communication data from being leaked and improve public safety performance. The embodiment of the present invention provides a relay 06, as shown in FIG. 17, including a bus 061, a processor 062, a transmitter 063, a receiver 064, and a memory 065, wherein the memory 065 is used to store instructions, and the receiver 064 performs The instruction is used to obtain the IP address of the terminal and the IP address of the server; the transmitter 063 executes the instruction for sending a message to the packet data gateway, where the message includes the IP address of the terminal and the IP address of the server, so that the packet data gateway adds the IP of the terminal. The IP address of the address and the server is filtered according to the IP address of the terminal and the IP address of the server during data transmission, so that the terminal and the server perform data communication. In the embodiment of the present invention, optionally, the transmitter 063 executes the instruction for sending the message to the packet data gateway, so that the packet data gateway deletes the IP address of the terminal and the IP address of the server, according to the terminal in the data transmission process. The IP address and the IP address of the server are used for data filtering so that the terminal does not communicate with the server. In the embodiment of the present invention, optionally, the message is that the proximity server executes the instruction by the transmitter 063 for sending to the branch through the mobility management entity and the service gateway. The data gateway of the group; wherein, the IP address of the terminal in the message and the IP address of the server are obtained by the proximity server when the server passes the proximity server and the relay authentication terminal, or the terminal is registered by the proximity server and the relay. Obtained when you get to the server. In the embodiment of the present invention, optionally, the message further carries the identifier information, where the identifier information is used to instruct the packet data gateway to add or delete the IP address of the terminal and the IP address of the server. In the embodiment of the present invention, optionally, when the server allows the terminal to join the group communication by using the relay, the identifier information is used to indicate that the packet data gateway adds the IP address of the terminal and the IP address of the server; when the server allows the terminal to pass the relay When the group communication is exited, the identification information is used to instruct the packet data gateway to delete the IP address of the terminal and the IP address of the server. In the embodiment of the present invention, optionally, the message further includes:
终端的终端标识、 中继的标识、 中继的中继指示、 终端所需 的服务质量参数以及数据聚合描述参数中的至少一个; 其中, 终端标识, 用于网络标识终端的身份; 中继的标识, 用于网络标识中继的身份; 中继指示, 用于指示作为中继; 终端所 需的服务质量参数, 用于终端向网络请求通信资源。 在本发明实施例中, 可选的, 在发射器 063 执行该指令用于 向分组数据网关发送消息时, 中继根据消息中终端的 IP 地址与服 务器的 IP地址, 更新数据过滤模版, 以用于中继根据数据过滤模 版进行数据转发。 本发明实施例提供一种中继, 通过中继获得终端的 IP地址与 服务器的 IP 地址, 中继通过移动性管理实体和服务网关向分组数 据网关发送消息, 消息包括终端的 IP地址与服务器的 IP地址, 使 得分组数据网关添加终端的 IP地址与服务器的 IP地址, 在数据传 输过程中根据终端的 IP地址与服务器的 IP地址进行数据过滤, 以 便于终端与服务器进行数据通信, 能够防止通信数据泄密, 提升公 共安全性能。 At least one of a terminal identifier of the terminal, an identifier of the relay, a relay indication of the relay, a quality of service parameter required by the terminal, and a data aggregation description parameter; wherein, the terminal identifier is used for identifying the identity of the terminal; The identifier is used for the identifier of the network identifier relay; the relay indication is used to indicate the quality of service parameter required by the terminal, and is used by the terminal to request the communication resource from the network. In the embodiment of the present invention, optionally, when the transmitter 063 executes the instruction for sending a message to the packet data gateway, the relay updates the data filtering template according to the IP address of the terminal in the message and the IP address of the server, to use The relay forwards data according to the data filtering template. The embodiment of the invention provides a relay, which obtains the IP address of the terminal and the IP address of the server through the relay, and the relay sends a message to the packet data gateway through the mobility management entity and the service gateway, where the message includes the IP address of the terminal and the server. The IP address is such that the packet data gateway adds the IP address of the terminal to the IP address of the server, and performs data filtering according to the IP address of the terminal and the IP address of the server during data transmission. Facilitate data communication between the terminal and the server, which can prevent communication data from being leaked and improve public safety performance.
在本申请所提供的几个实施例中, 应该理解到, 所揭露的设 备、 方法和系统, 可以通过其它的方式实现。 例如, 以上所描述的 设备实施例仅仅是示意性的, 例如, 所述单元的划分, 仅仅为一种 逻辑功能划分, 实际实现时可以有另外的划分方式, 例如多个单元 或组件可以结合或者可以集成到另一个系统, 或一些特征可以忽 略, 或不执行。 另一点, 所显示或讨论的相互之间的耦合或直接耦 合或通信连接可以是通过一些接口,装置或单元的间接耦合或通信 连接, 可以是电性, 机械或其它的形式。 另外, 在本发明各个实施例中的设备和系统中, 各功能单元 可以集成在一个处理单元中, 也可以是各个单元单独物理包括, 也 可以两个或两个以上单元集成在一个单元中。且上述的各单元既可 以釆用硬件的形式实现,也可以釆用硬件加软件功能单元的形式实 现。 实现上述方法实施例的全部或部分步骤可以通过程序指令相 关的硬件来完成,前述的程序可以存储于一计算机可读取存储介质 中, 该程序在执行时, 执行包括上述方法实施例的步骤; 而前述的 存储介质包括: U盘、 移动硬盘、 只读存储器( Read Only Memory , 简称 ROM )、 随机存取存储器 ( Random Access Memory , 简称 RAM ) , 磁碟或者光盘等各种可以存储程序代码的介质。 以上所述, 仅为本发明的具体实施方式, 但本发明的保护范 围并不局限于此,任何熟悉本技术领域的技术人员在本发明揭露的 技术范围内, 可轻易想到变化或替换, 都应涵盖在本发明的保护范 围之内。 因此, 本发明的保护范围应所述以权利要求的保护范围为  In the several embodiments provided herein, it should be understood that the disclosed apparatus, methods, and systems may be implemented in other ways. For example, the device embodiments described above are only schematic. For example, the division of the unit is only a logical function division. In actual implementation, there may be another division manner, for example, multiple units or components may be combined or Can be integrated into another system, or some features can be ignored, or not executed. Alternatively, the coupling or direct coupling or communication connection shown or discussed may be an indirect coupling or communication connection through some interface, device or unit, and may be in electrical, mechanical or other form. Further, in the devices and systems in the various embodiments of the present invention, each functional unit may be integrated in one processing unit, or each unit may be physically included separately, or two or more units may be integrated in one unit. The above units may be implemented in the form of hardware or in the form of hardware plus software functional units. All or part of the steps of implementing the foregoing method embodiments may be performed by hardware related to the program instructions. The foregoing program may be stored in a computer readable storage medium, and when executed, the program includes the steps of the foregoing method embodiments; The foregoing storage medium includes: a USB flash drive, a removable hard disk, a read only memory (ROM), a random access memory (RAM), a magnetic disk or an optical disk, and the like, which can store program codes. medium. The above is only a specific embodiment of the present invention, but the scope of the present invention is not limited thereto, and any person skilled in the art can easily think of changes or substitutions within the technical scope of the present invention. It should be covered by the scope of the present invention. Therefore, the scope of protection of the present invention should be stated in the scope of the claims

Claims

权 利 要 求 书 claims
1、 一种终端接入网络的方法, 其特征在于, 包括: 1. A method for a terminal to access a network, characterized by including:
分组数据网关接收消息, 所述消息包括终端的 IP地址、 服务器 的 IP地址; The packet data gateway receives the message, the message includes the IP address of the terminal and the IP address of the server;
所述分组数据网关添加所述终端的 IP地址与所述服务器的 IP地 址, 所述分组数据网关在数据传输过程中, 根据所述终端的 IP地址 与所述服务器的 IP地址进行数据过滤, 以便于所述终端与所述服务 器进行数据通信。 The packet data gateway adds the IP address of the terminal and the IP address of the server. During the data transmission process, the packet data gateway performs data filtering based on the IP address of the terminal and the IP address of the server, so that Perform data communication between the terminal and the server.
2、 根据权利要求 1所述的方法, 其特征在于, 所述分组数据网 关删除所述终端的 IP地址和所述服务器的 IP地址, 所述分组数据网 关在数据传输过程中, 根据所述终端的 IP地址与所述服务器的 IP地 址进行数据过滤, 以便于所述终端不与所述服务器进行数据通信。 2. The method according to claim 1, characterized in that, the packet data gateway deletes the IP address of the terminal and the IP address of the server, and the packet data gateway deletes the IP address of the terminal according to the data transmission process of the packet data gateway. The IP address of the terminal is filtered with the IP address of the server so that the terminal does not communicate with the server.
3、 根据权利要求 1所述的方法, 其特征在于, 所述消息是近距 离服务器通过移动性管理实体和服务网关发送至所述分组数据网关 的; 3. The method according to claim 1, characterized in that the message is sent by the short-range server to the packet data gateway through the mobility management entity and the serving gateway;
或, 所述消息是近距离服务器通过中继、 移动性管理实体和服 务网关发送至所述分组数据网关的; Or, the message is sent by the short-range server to the packet data gateway through the relay, mobility management entity and serving gateway;
或, 所述消息是近距离服务器通过策略与计费规则功能实体发 送至所述分组数据网关的; Or, the message is sent by the proximity server to the packet data gateway through the policy and charging rule functional entity;
其中, 所述消息中所述终端的 IP地址与所述服务器的 IP地址, 是所述近距离服务器在所述服务器通过所述近距离服务器与所述中 继鉴权所述终端时获得的,或者是所述终端通过所述近距离服务器与 所述中继注册到所述服务器时获得的。 Wherein, the IP address of the terminal and the IP address of the server in the message are obtained by the short-range server when the server authenticates the terminal through the short-range server and the relay, Or it is obtained when the terminal registers with the server through the short-range server and the relay.
4、 根据权利要求 3所述的方法, 其特征在于, 所述分组数据网 关是根据所述消息中携带的标识信息添加或删除所述终端的 IP地址 与所述服务器的 IP地址的。 4. The method according to claim 3, characterized in that the packet data gateway adds or deletes the IP address of the terminal and the IP address of the server according to the identification information carried in the message.
5、 根据权利要求 2或 4所述的方法, 其特征在于, 5. The method according to claim 2 or 4, characterized in that,
当所述服务器允许所述终端通过所述中继加入群组通信时, 所 述标识信息用于指示所述分组数据网关添加所述终端的 IP地址与所 述服务器的 IP地址; When the server allows the terminal to join the group communication through the relay, the identification information is used to instruct the packet data gateway to add the IP address of the terminal and the The IP address of the above server;
当所述服务器允许所述终端通过所述中继退出所述群组通信 时, 所述标识信息用于指示所述分组数据网关删除所述终端的 IP地 址与所述服务器的 IP地址。 When the server allows the terminal to exit the group communication through the relay, the identification information is used to instruct the packet data gateway to delete the IP address of the terminal and the IP address of the server.
6、 根据权利要求 4所述的方法, 其特征在于, 所述消息还包括: 所述终端的终端标识、 所述中继的标识、 所述中继的中继指示、 所述终端所需的服务质量参数以及数据聚合描述参数中的至少一个; 其中, 所述终端标识, 用于网络标识所述终端的身份; 所述中 继的标识, 用于所述网络标识所述中继的身份; 所述中继指示, 用于 指示作为中继; 所述终端所需的服务质量参数, 用于所述终端向所述 网络请求通信资源。 6. The method according to claim 4, wherein the message further includes: a terminal identification of the terminal, an identification of the relay, a relay indication of the relay, and information required by the terminal. At least one of a quality of service parameter and a data aggregation description parameter; wherein, the terminal identifier is used by the network to identify the identity of the terminal; the relay identifier is used by the network to identify the identity of the relay; The relay indication is used to indicate serving as a relay; the service quality parameters required by the terminal are used for the terminal to request communication resources from the network.
7、 根据权利要求 1所述的方法, 其特征在于, 所述方法还包括: 当所述分组数据网关在接收到所述消息时, 所述分组数据网关 根据所述消息中所述终端的 IP地址与所述服务器的 IP地址生成数据 聚合描述参数,所述聚合描述参数用于所述分组数据网关更新所述中 继的数据过滤模版, 进而发送到所述中继用于数据转发。 7. The method according to claim 1, characterized in that, the method further includes: when the packet data gateway receives the message, the packet data gateway determines the IP address of the terminal according to the message. The address and the IP address of the server generate data aggregation description parameters. The aggregation description parameters are used by the packet data gateway to update the data filtering template of the relay, and then are sent to the relay for data forwarding.
8、 一种终端接入网络的方法, 其特征在于, 包括: 8. A method for a terminal to access a network, characterized by including:
近距离服务器获取终端的 IP地址和服务器的 IP地址; The proximity server obtains the IP address of the terminal and the IP address of the server;
所述近距离服务器向分组数据网关发送消息, 所述消息包括所 述终端的 IP地址和所述服务器的 IP地址; The short-range server sends a message to the packet data gateway, where the message includes the IP address of the terminal and the IP address of the server;
所述分组数据网关添加所述终端的 IP地址与所述服务器的 IP地 址, 在数据传输过程中, 所述分组数据网关根据所述终端的 IP地址 与所述服务器的 IP地址进行数据过滤; The packet data gateway adds the IP address of the terminal and the IP address of the server. During the data transmission process, the packet data gateway performs data filtering according to the IP address of the terminal and the IP address of the server;
所述终端在所述分组数据网关进行数据过滤后与所述服务器进 行数据通信。 The terminal performs data communication with the server after the packet data gateway performs data filtering.
9、 根据权利要求 8所述的方法, 其特征在于, 所述分组数据网 关接收到所述消息,删除所述终端的 I P地址与所述服务器的 I P地址; 在数据传输过程中, 所述分组数据网关根据所述终端的 IP地址 与所述服务器的 IP地址进行数据过滤; 所述终端在所述分组数据网关进行数据过滤时不与所述服务器 进行数据通信。 9. The method according to claim 8, characterized in that, upon receiving the message, the packet data gateway deletes the IP address of the terminal and the IP address of the server; during the data transmission process, the packet data gateway deletes the IP address of the terminal and the IP address of the server; The data gateway performs data filtering based on the IP address of the terminal and the IP address of the server; The terminal does not perform data communication with the server when the packet data gateway performs data filtering.
10、 根据权利要求 9 所述的方法, 其特征在于, 所述近距离服 务器获取终端的 IP地址和服务器的 IP地址包括: 10. The method according to claim 9, wherein the short-range server obtains the IP address of the terminal and the IP address of the server including:
所述服务器通过所述近距离服务器与中继鉴权所述终端; 所述近距离服务器从鉴权的过程中获取所述终端的 IP地址与所 述服务器的 IP地址; The server authenticates the terminal through the short-range server and relay; the short-range server obtains the IP address of the terminal and the IP address of the server from the authentication process;
或者,所述近距离服务器获取终端的 IP地址和服务器的 IP地址 包括: Alternatively, the short-range server obtains the IP address of the terminal and the IP address of the server, including:
所述终端通过所述近距离服务器与所述中继注册到所述服务 哭口 . , The terminal registers with the service through the proximity server and the relay. ,
所述近距离服务器从注册的过程中获取所述终端的 IP地址与所 述服务器的 IP地址。 The proximity server obtains the IP address of the terminal and the IP address of the server from the registration process.
11、 根据权利要求 9 所述的方法, 其特征在于, 所述近距离服 务器向分组数据网关发送消息包括: 11. The method according to claim 9, characterized in that sending a message from the short-range server to the packet data gateway includes:
所述近距离服务器将所述消息发送至移动性管理实体; 所述移动性管理实体经过服务网关, 将所述消息发送至所述分 组数据网关。 The short-range server sends the message to the mobility management entity; the mobility management entity sends the message to the packet data gateway through the serving gateway.
12、 根据权利要求 9 所述的方法, 其特征在于, 所述近距离服 务器向分组数据网关发送消息包括: 12. The method according to claim 9, characterized in that sending a message from the short-range server to the packet data gateway includes:
所述近距离服务器将所述消息发送至中继; The proximity server sends the message to the relay;
所述中继将所述消息发送至移动性管理实体; The relay sends the message to the mobility management entity;
所述移动性管理实体经过服务网关, 将所述消息发送至所述分 组数据网关。 The mobility management entity sends the message to the packet data gateway via the serving gateway.
13、 根据权利要求 9 所述的方法, 其特征在于, 所述近距离服 务器向分组数据网关发送消息包括: 13. The method according to claim 9, characterized in that sending a message from the short-range server to the packet data gateway includes:
所述近距离服务器将所述消息发送至策略与计费规则功能实 体; The short-range server sends the message to the policy and charging rules functional entity;
所述策略与计费规则功能实体将所述消息发送至所述分组数据 网关。 The policy and charging rule functional entity sends the message to the packet data gateway.
14、 根据权利要求 11至 13任意一项所述的方法, 其特征在于, 所述消息还携带标识信息,所述标识信息用于指示所述分组数据网关 添加或删除所述终端的 IP地址与所述服务器的 IP地址。 14. The method according to any one of claims 11 to 13, characterized in that the message also carries identification information, and the identification information is used to instruct the packet data gateway to add or delete the IP address and IP address of the terminal. The IP address of the server.
15、 根据权利要求 14所述的方法, 其特征在于, 15. The method according to claim 14, characterized in that,
当所述服务器允许所述终端通过所述中继加入群组通信时, 所 述标识信息用于指示所述分组数据网关添加所述终端的 IP地址与所 述服务器的 IP地址; When the server allows the terminal to join the group communication through the relay, the identification information is used to instruct the packet data gateway to add the IP address of the terminal and the IP address of the server;
当所述服务器允许所述终端通过所述中继退出所述群组通信 时, 所述标识信息用于指示所述分组数据网关删除所述终端的 IP地 址与所述服务器的 IP地址。 When the server allows the terminal to exit the group communication through the relay, the identification information is used to instruct the packet data gateway to delete the IP address of the terminal and the IP address of the server.
16、 根据权利要求 14所述的方法, 其特征在于, 所述消息还包 括: 16. The method according to claim 14, characterized in that the message further includes:
所述终端的终端标识、 所述中继的标识、 所述中继的中继指示、 所述终端所需的服务质量参数以及数据聚合描述参数中的至少一个; 其中, 所述终端标识, 用于网络标识所述终端的身份; 所述中 继的标识, 用于所述网络标识所述中继的身份; 所述中继指示, 用于 指示作为中继; 所述终端所需的服务质量参数, 用于所述终端向所述 网络请求通信资源。 At least one of the terminal identification of the terminal, the identification of the relay, the relay indication of the relay, the service quality parameters required by the terminal and the data aggregation description parameters; wherein, the terminal identification is The identity of the terminal used to identify the network; The identity of the relay, used by the network to identify the identity of the relay; The relay indication, used to indicate serving as a relay; The quality of service required by the terminal Parameters used by the terminal to request communication resources from the network.
17、 根据权利要求 8 所述的方法, 其特征在于, 所述方法还包 括: 17. The method according to claim 8, characterized in that the method further includes:
在所述近距离服务器向所述分组数据网关发送所述消息后, 所 述分组数据网关根据所述消息中所述终端的 IP地址与所述服务器的 IP地址生成数据聚合描述参数; After the short-range server sends the message to the packet data gateway, the packet data gateway generates data aggregation description parameters based on the IP address of the terminal and the IP address of the server in the message;
所述分组数据网关根据所述聚合描述参数更新中继的数据过滤 模版, 进而将所述数据过滤模版发送到所述中继; The packet data gateway updates the data filtering template of the relay according to the aggregation description parameter, and then sends the data filtering template to the relay;
所述中继根据所述数据过滤模版进行数据转发。 The relay forwards data according to the data filtering template.
18、 根据权利要求 12所述的方法, 其特征在于, 所述方法还包 括: 在所述中继向所述移动性管理实体发送所述消息之前, 所述中 继根据所述消息中所述终端的 IP地址与所述服务器的 IP地址, 更新 数据过滤模版; 18. The method according to claim 12, characterized in that, the method further includes: Before the relay sends the message to the mobility management entity, the relay updates the data filtering template according to the IP address of the terminal and the IP address of the server in the message;
所述中继根据所述数据过滤模版进行数据转发。 The relay forwards data according to the data filtering template.
19、 一种分组数据网关, 其特征在于, 包括: 19. A packet data gateway, characterized by including:
接收单元, 用于接收消息, 所述消息包括终端的 IP地址、 服务 器的 IP地址; A receiving unit, configured to receive messages, where the messages include the IP address of the terminal and the IP address of the server;
处理单元,用于添加所述终端的 IP地址与所述服务器的 IP地址, 在数据传输过程中, 根据所述终端的 IP地址与所述服务器的 IP地址 进行数据过滤, 以便于所述终端与所述服务器进行数据通信。 A processing unit configured to add the IP address of the terminal and the IP address of the server, and perform data filtering according to the IP address of the terminal and the IP address of the server during the data transmission process, so as to facilitate the connection between the terminal and the server. The server performs data communication.
20、 根据权利要求 19所述的分组数据网关, 其特征在于, 所述 处理单元还用于: 20. The packet data gateway according to claim 19, characterized in that the processing unit is also used to:
删除所述终端的 IP地址和所述服务器的 IP地址,在数据传输过 程中,根据所述终端的 IP地址与所述服务器的 IP地址进行数据过滤, 以便于所述终端不与所述服务器进行数据通信。 Delete the IP address of the terminal and the IP address of the server. During the data transmission process, perform data filtering based on the IP address of the terminal and the IP address of the server, so that the terminal does not communicate with the server. data communication.
21、 根据权利要求 19所述的分组数据网关, 其特征在于, 所述 消息是近距离服务器通过移动性管理实体和服务网关发送至所述分 组数据网关的; 21. The packet data gateway according to claim 19, characterized in that the message is sent to the packet data gateway by the short-range server through the mobility management entity and the serving gateway;
或, 所述消息是近距离服务器通过中继、 移动性管理实体和服 务网关发送至所述分组数据网关的; Or, the message is sent by the short-range server to the packet data gateway through the relay, mobility management entity and serving gateway;
或, 所述消息是近距离服务器通过策略与计费规则功能实体发 送至所述分组数据网关的; Or, the message is sent by the proximity server to the packet data gateway through the policy and charging rule functional entity;
其中, 所述消息中所述终端的 IP地址与所述服务器的 IP地址, 是所述近距离服务器在所述服务器通过所述近距离服务器与所述中 继鉴权所述终端时获得的,或者是所述终端通过所述近距离服务器与 所述中继注册到所述服务器时获得的。 Wherein, the IP address of the terminal and the IP address of the server in the message are obtained by the short-range server when the server authenticates the terminal through the short-range server and the relay, Or it is obtained when the terminal registers with the server through the short-range server and the relay.
22、 根据权利要求 21所述的分组数据网关, 其特征在于, 所述 处理单元是根据所述接收单元接收的所述消息中携带的标识信息添 加或删除所述终端的 IP地址与所述服务器的 IP地址的。 22. The packet data gateway according to claim 21, wherein the processing unit adds or deletes the IP address of the terminal and the server according to the identification information carried in the message received by the receiving unit. of the IP address.
23、 根据权利要求 20或 22所述的分组数据网关, 其特征在于, 当所述服务器允许所述终端通过所述中继加入群组通信时,所述标识 信息用于指示所述分组数据网关添加所述终端的 IP地址与所述服务 器的 IP地址; 23. The packet data gateway according to claim 20 or 22, wherein when the server allows the terminal to join group communication through the relay, the identification information is used to indicate to the packet data gateway Add the IP address of the terminal and the IP address of the server;
当所述服务器允许所述终端通过所述中继退出所述群组通信 时, 所述标识信息用于指示所述分组数据网关删除所述终端的 IP地 址与所述服务器的 IP地址。 When the server allows the terminal to exit the group communication through the relay, the identification information is used to instruct the packet data gateway to delete the IP address of the terminal and the IP address of the server.
24、 根据权利要求 22所述的分组数据网关, 其特征在于, 所述 消息还包括: 24. The packet data gateway according to claim 22, characterized in that the message further includes:
所述终端的终端标识、 所述中继的标识、 所述中继的中继指示、 所述终端所需的服务质量参数以及数据聚合描述参数中的至少一个; 其中, 所述终端标识, 用于网络标识所述终端的身份; 所述中 继的标识, 用于所述网络标识所述中继的身份; 所述中继指示, 用于 指示作为中继; 所述终端所需的服务质量参数, 用于所述终端向所述 网络请求通信资源。 At least one of the terminal identification of the terminal, the identification of the relay, the relay indication of the relay, the service quality parameters required by the terminal and the data aggregation description parameters; wherein, the terminal identification is The identity of the terminal used to identify the network; The identity of the relay, used by the network to identify the identity of the relay; The relay indication, used to indicate serving as a relay; The quality of service required by the terminal Parameters used by the terminal to request communication resources from the network.
25、 根据权利要求 19所述的分组数据网关, 其特征在于, 所述 处理单元还用于: 25. The packet data gateway according to claim 19, characterized in that the processing unit is also used to:
当所述接收单元接收到所述消息时, 根据所述消息中所述终端 的 IP地址与所述服务器的 IP地址生成数据聚合描述参数, 所述聚合 描述参数用于所述分组数据网关更新所述中继的数据过滤模版,进而 发送到所述中继用于数据转发。 When the receiving unit receives the message, it generates data aggregation description parameters according to the IP address of the terminal and the IP address of the server in the message, and the aggregation description parameters are used by the packet data gateway to update all The data filtering template of the relay is then sent to the relay for data forwarding.
26、 一种通信系统, 其特征在于, 包括: 26. A communication system, characterized by including:
近距离服务器, 用于获取终端的 IP地址和服务器的 IP地址; 所述近距离服务器, 还用于向分组数据网关发送消息, 所述消 息包括所述终端的 IP地址和所述服务器的 IP地址; The short-distance server is used to obtain the IP address of the terminal and the IP address of the server; the short-distance server is also used to send a message to the packet data gateway, where the message includes the IP address of the terminal and the IP address of the server. ;
所述分组数据网关, 用于添加所述终端的 IP地址与所述服务器 的 IP地址, 在数据传输过程中, 根据所述终端的 IP地址与所述服务 器的 IP地址进行数据过滤; The packet data gateway is used to add the IP address of the terminal and the IP address of the server, and during the data transmission process, perform data filtering based on the IP address of the terminal and the IP address of the server;
所述终端, 用于在所述分组数据网关进行数据过滤后与所述服 务器进行数据通信。 The terminal is used to communicate with the service after the packet data gateway performs data filtering. server for data communication.
27、 根据权利要求 26所述的通信系统, 其特征在于, 所述分组 数据网关, 用于接收到所述消息, 删除所述终端的 IP地址与所述服 务器的 IP地址; 27. The communication system according to claim 26, wherein the packet data gateway is configured to receive the message and delete the IP address of the terminal and the IP address of the server;
在数据传输过程中, 根据所述终端的 IP地址与所述服务器的 IP 地址进行数据过滤; During the data transmission process, data filtering is performed based on the IP address of the terminal and the IP address of the server;
所述终端, 用于在所述分组数据网关进行数据过滤时不与所述 服务器进行数据通信。 The terminal is configured to not perform data communication with the server when the packet data gateway performs data filtering.
28、 根据权利要求 27所述的通信系统, 其特征在于, 所述服务 器, 用于通过所述近距离服务器与中继鉴权所述终端; 所述近距离服 务器, 还用于从鉴权的过程中获取所述终端的 IP地址与所述服务器 的 IP地址; 28. The communication system according to claim 27, characterized in that: the server is configured to authenticate the terminal through the short-range server and the relay; the short-range server is also configured to authenticate from the During the process, the IP address of the terminal and the IP address of the server are obtained;
或者, 所述终端, 用于通过所述近距离服务器与所述中继注册 到所述服务器; 所述近距离服务器, 还用于从注册的过程中获取所述 终端的 IP地址与所述服务器的 IP地址。 Or, the terminal is configured to register with the server through the short-distance server and the relay; the short-distance server is also configured to obtain the IP address of the terminal and the server from the registration process. IP address.
29、 根据权利要求 27所述的通信系统, 在所述近距离服务器向 所述分组数据网关发送所述消息的过程中, 所述近距离服务器, 用于 将所述消息发送至移动性管理实体; 29. The communication system according to claim 27, in the process of the short-range server sending the message to the packet data gateway, the short-range server is used to send the message to the mobility management entity ;
所述移动性管理实体, 用于经过服务网关, 将所述消息发送至 所述分组数据网关。 The mobility management entity is configured to send the message to the packet data gateway via the serving gateway.
30、 根据权利要求 29所述的通信系统, 在所述近距离服务器向 所述分组数据网关发送所述消息的过程中, 所述近距离服务器, 用于 将所述消息发送至中继; 30. The communication system according to claim 29, in the process of the short-range server sending the message to the packet data gateway, the short-range server is used to send the message to the relay;
所述中继, 用于将所述消息发送至移动性管理实体; The relay is used to send the message to the mobility management entity;
所述移动性管理实体, 用于经过服务网关, 将所述消息发送至 所述分组数据网关。 The mobility management entity is configured to send the message to the packet data gateway via the serving gateway.
3 1、 根据权利要求 29所述的通信系统, 其特征在于, 在所述近 距离服务器向所述分组数据网关发送所述消息的过程中,所述近距离 服务器, 用于将所述消息发送至策略与计费规则功能实体; 所述策略与计费规则功能实体, 用于将所述消息发送至所述分 组数据网关。 3 1. The communication system according to claim 29, characterized in that, in the process of the short-range server sending the message to the packet data gateway, the short-range server is used to send the message. To the policy and billing rules functional entity; The policy and charging rule functional entity is used to send the message to the packet data gateway.
32、 根据权利要求 29 至 3 1 任意一项所述的通信系统, 其特征 在于, 所述消息还携带标识信息, 所述标识信息用于指示所述分组数 据网关添加或删除所述终端的 IP地址与所述服务器的 IP地址。 32. The communication system according to any one of claims 29 to 31, characterized in that the message also carries identification information, and the identification information is used to instruct the packet data gateway to add or delete the IP of the terminal. address with the IP address of the server.
33、 根据权利要求 32所述的通信系统, 其特征在于, 当所述服 务器允许所述终端通过所述中继加入群组通信时,所述标识信息用于 指示所述分组数据网关添加所述终端的 IP地址与所述服务器的 IP地 址; 33. The communication system according to claim 32, wherein when the server allows the terminal to join the group communication through the relay, the identification information is used to instruct the packet data gateway to add the The IP address of the terminal and the IP address of the server;
当所述服务器允许所述终端通过所述中继退出所述群组通信 时, 所述标识信息用于指示所述分组数据网关删除所述终端的 IP地 址与所述服务器的 IP地址。 When the server allows the terminal to exit the group communication through the relay, the identification information is used to instruct the packet data gateway to delete the IP address of the terminal and the IP address of the server.
34、 根据权利要求 32所述的的通信系统, 其特征在于, 所述消 息还包括: 34. The communication system according to claim 32, characterized in that the message further includes:
所述终端的终端标识、 所述中继的标识、 所述中继的中继指示、 所述终端所需的服务质量参数以及数据聚合描述参数中的至少一个; 其中, 所述终端标识, 用于网络标识所述终端的身份; 所述中 继的标识, 用于所述网络标识所述中继的身份; 所述中继指示, 用于 指示作为中继; 所述终端所需的服务质量参数, 用于所述终端向所述 网络请求通信资源。 At least one of the terminal identification of the terminal, the identification of the relay, the relay indication of the relay, the service quality parameters required by the terminal and the data aggregation description parameters; wherein, the terminal identification is The identity of the terminal used to identify the network; The identity of the relay, used by the network to identify the identity of the relay; The relay indication, used to indicate serving as a relay; The quality of service required by the terminal Parameters used by the terminal to request communication resources from the network.
35、 根据权利要求 26所述的通信系统, 其特征在于, 所述分组 数据网关,还用于在所述近距离服务器向所述分组数据网关发送所述 消息后, 根据所述消息中所述终端的 IP地址与所述服务器的 IP地址 生成数据聚合描述参数; 35. The communication system according to claim 26, characterized in that: the packet data gateway is further configured to: after the short-range server sends the message to the packet data gateway, according to the message The IP address of the terminal and the IP address of the server generate data aggregation description parameters;
所述分组数据网关, 还用于根据所述聚合描述参数更新中继的 数据过滤模版, 进而将所述数据过滤模版发送到所述中继; The packet data gateway is also configured to update the data filtering template of the relay according to the aggregation description parameter, and then send the data filtering template to the relay;
所述中继, 还用于根据所述数据过滤模版进行数据转发。 The relay is also used to forward data according to the data filtering template.
36、 根据权利要求 30所述的通信系统, 其特征在于, 所述中继, 还用于在所述中继向所述移动性管理实体发送所述消息之前,根据所 述消息中所述终端的 IP地址与所述服务器的 IP地址, 更新数据过滤 模版; 36. The communication system according to claim 30, characterized in that: the relay is further configured to: before the relay sends the message to the mobility management entity, according to the The IP address of the terminal and the IP address of the server in the message are used to update the data filtering template;
所述中继, 还用于根据所述数据过滤模版进行数据转发。 The relay is also used to forward data according to the data filtering template.
PCT/CN2013/083681 2013-09-17 2013-09-17 Method, device and system for terminal to access network WO2015039290A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
PCT/CN2013/083681 WO2015039290A1 (en) 2013-09-17 2013-09-17 Method, device and system for terminal to access network

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/CN2013/083681 WO2015039290A1 (en) 2013-09-17 2013-09-17 Method, device and system for terminal to access network

Publications (1)

Publication Number Publication Date
WO2015039290A1 true WO2015039290A1 (en) 2015-03-26

Family

ID=52688085

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2013/083681 WO2015039290A1 (en) 2013-09-17 2013-09-17 Method, device and system for terminal to access network

Country Status (1)

Country Link
WO (1) WO2015039290A1 (en)

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1870631A (en) * 2005-11-11 2006-11-29 华为技术有限公司 Gate control method of media gateway
CN1997010A (en) * 2006-06-28 2007-07-11 华为技术有限公司 An implementation method for packet filtering
US20100113001A1 (en) * 2008-11-06 2010-05-06 Motorola, Inc. Systems and Method for Triggering Proximity Detection
CN103200534A (en) * 2012-01-10 2013-07-10 华为技术有限公司 Method, device and system of trunking communication

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1870631A (en) * 2005-11-11 2006-11-29 华为技术有限公司 Gate control method of media gateway
CN1997010A (en) * 2006-06-28 2007-07-11 华为技术有限公司 An implementation method for packet filtering
US20100113001A1 (en) * 2008-11-06 2010-05-06 Motorola, Inc. Systems and Method for Triggering Proximity Detection
CN103200534A (en) * 2012-01-10 2013-07-10 华为技术有限公司 Method, device and system of trunking communication

Similar Documents

Publication Publication Date Title
KR102445355B1 (en) Session management method and device for user groups
KR101814969B1 (en) Systems and methods for accessing a network
US20220150166A1 (en) Methods and apparatuses for supporting a local area network (lan)
WO2018232570A1 (en) Registration and session establishment methods, terminal, and amf entity
US9167430B2 (en) Access method and system, and mobile intelligent access point
US20220264258A1 (en) Communications Method and Apparatus, and Device
CN108632953A (en) A kind of method and device for realizing multiple access management
WO2014056445A1 (en) Method, system, and controller for routing forwarding
US9113436B2 (en) Method and system for information transmission
WO2018006306A1 (en) Network connection configuration method and apparatus
WO2012130085A1 (en) Method and device for establishing connection with network management system, and communication system
WO2015192323A1 (en) Method for mme reselection and mme
CN106470465B (en) WIFI voice service initiating method, LTE communication equipment, terminal and communication system
WO2013017098A1 (en) Method, device, and system for ue access to evolved packet core network
JP2021503199A (en) Communication terminals, how to request a connection, network components and how to service the communication terminal
WO2011147074A1 (en) Method, system and corresponding apparatus for implementing policy and charging control
WO2011134327A1 (en) Method and system for determining policy and charging rules function
WO2017174014A1 (en) Method and apparatus for providing terminal with emergency number
EP2741530A1 (en) Access method, system and mobile intelligent access point
JP2017503407A (en) Packet processing method and apparatus
CN109787799B (en) Quality of service (QoS) control method and equipment
WO2011134102A1 (en) Method, apparatus and system for correlating session
CN104113930B (en) A kind of method and system for realizing user's termination connection
WO2018170740A1 (en) Paging method and apparatus
WO2016180179A1 (en) Method for acquiring location of terminal in wi-fi network, terminal, lte communication device, and system

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 13893988

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 13893988

Country of ref document: EP

Kind code of ref document: A1