WO2017007122A1 - Procédé et système de fourniture de service de réseau privé - Google Patents

Procédé et système de fourniture de service de réseau privé Download PDF

Info

Publication number
WO2017007122A1
WO2017007122A1 PCT/KR2016/005172 KR2016005172W WO2017007122A1 WO 2017007122 A1 WO2017007122 A1 WO 2017007122A1 KR 2016005172 W KR2016005172 W KR 2016005172W WO 2017007122 A1 WO2017007122 A1 WO 2017007122A1
Authority
WO
WIPO (PCT)
Prior art keywords
mobile communication
communication terminal
authentication
private network
private
Prior art date
Application number
PCT/KR2016/005172
Other languages
English (en)
Korean (ko)
Inventor
김세훈
김달우
류구현
박병창
우상우
이일영
진성일
Original Assignee
주식회사 케이티
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 주식회사 케이티 filed Critical 주식회사 케이티
Publication of WO2017007122A1 publication Critical patent/WO2017007122A1/fr

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/40Network security protocols
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • H04W12/065Continuous authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W48/00Access restriction; Network selection; Access point selection
    • H04W48/02Access restriction performed under specific conditions
    • H04W48/04Access restriction performed under specific conditions based on user or terminal location or mobility data, e.g. moving direction, speed
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W48/00Access restriction; Network selection; Access point selection
    • H04W48/20Selecting an access point
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W60/00Affiliation to network, e.g. registration; Terminating affiliation with the network, e.g. de-registration
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W8/00Network data management
    • H04W8/02Processing of mobility data, e.g. registration information at HLR [Home Location Register] or VLR [Visitor Location Register]; Transfer of mobility data, e.g. between HLR, VLR or external networks

Definitions

  • the present application relates to a method and a system for providing a private network, and more particularly, to a method and a system for providing a private network that can block access to a private network in an unauthorized terminal and an unauthorized region.
  • the LTE communication system includes an Evolved Packet Core (EPC) network including a mobility management entity (MME), a serving gateway (SGW), and a packet data network gateway (PGW), and provides services to users using the EPC.
  • EPC Evolved Packet Core
  • MME mobility management entity
  • SGW serving gateway
  • PGW packet data network gateway
  • the present application is to provide a method and system for providing a private network service that can block access to private networks in unauthorized terminals and unauthorized regions.
  • a method for providing a private network service comprising: a receiving step of receiving, by a private gateway, a connection request of a mobile communication terminal; An authentication step of authenticating, by the private gateway, whether the mobile communication terminal satisfies a preset private network access permission condition; And connecting, by the private gateway, a communication session with the private network to the mobile communication terminal in which the authentication is successful.
  • the private gateway may receive the access request from the mobile communication terminal.
  • the authentication step may include: a location authentication step of performing, by the private gateway, the location authentication by comparing the location information of the mobile communication terminal received from the mobile communication terminal with a preset private network service area list; And a subscription authentication step in which the private gateway inquires whether the mobile communication terminal is a terminal subscribed to the private network service using a preset authentication device, and performs the subscription authentication.
  • the authentication step may further include an access time authentication step of performing a connection time authentication for the mobile communication terminal by comparing the time at which the private gateway receives the connection request with a connection allowable time preset in the mobile communication terminal. It may include.
  • the location authentication may be performed by using a private network service area list in which private network service areas allowed for each mobile communication terminal are set differently.
  • the private gateway may receive a Target Area Identifier (TAI) or an E-UTRAN Cell Global Identifier (ECGI) as the location information of the mobile communication terminal.
  • TAI Target Area Identifier
  • ECGI E-UTRAN Cell Global Identifier
  • the private gateway may transmit a RADIUS (Remote Authentication Dial-In User Service) message including user information of the mobile communication terminal to the authentication device.
  • RADIUS Remote Authentication Dial-In User Service
  • the private gateway may receive an authentication success message from the authentication device.
  • the phone number information is extracted from the source IP of the packet transmitted for authentication and connected to the mobile communication terminal. You can send a text message to the sender to send a no-access message.
  • the private gateway may transmit a mobile station international ISDN number (IMSIS) or an international mobile station identity (IMSI) of the mobile communication terminal to the user information.
  • IMSIS mobile station international ISDN number
  • IMSI international mobile station identity
  • the private gateway when the mobile communication terminal is separated from the private network service area, the departure block step of blocking the communication session between the mobile communication terminal and the private network. It may further include.
  • the private gateway compares the changed location information with a preset private network service area list to determine whether the mobile communication terminal is out of the private network service area. have.
  • the private gateway when it is determined that the mobile communication terminal has left the private network service area, the private gateway changes the destination IP of the user traffic transmitted by the mobile communication terminal to the IP of the authentication apparatus. The private network connection of the mobile communication terminal can be blocked.
  • the mobile communication terminal extracts telephone number information from a source IP of a packet transmitted for authentication. You can send a text message to the server to send a message that is not accessible.
  • the private gateway may query the authentication apparatus whether the mobile communication terminal is a terminal located in the private network service area and whether the mobile communication terminal is a terminal subscribed to the private network service.
  • the private gateway may further query the authentication apparatus whether the mobile communication terminal has made a connection request at a preset access allowance time.
  • the private gateway may transmit, to the authentication device, a RADIUS (Remote Authentication Dial-In User Service) message including user information and location information of the mobile communication terminal.
  • RADIUS Remote Authentication Dial-In User Service
  • the private gateway may receive an authentication success message from the authentication device.
  • the private gateway includes the mobile station International ISDN Number (MSISDN) or International Mobile Station Identity (IMSI) of the mobile communication terminal in the user information, the location information TAI ( Target Area Identifier) or ECGI (E-UTRAN Cell Global Identifier) may be transmitted.
  • MSISDN mobile station International ISDN Number
  • IMSI International Mobile Station Identity
  • TAI Target Area Identifier
  • ECGI E-UTRAN Cell Global Identifier
  • a detachment blocking step of blocking a communication session between the mobile communication terminal and the private network by the private gateway may further include.
  • the private gateway when receiving a TAU (Tracking Area Update) message corresponding to the movement of the location of the mobile communication terminal, the private gateway transmits the location information of the mobile communication terminal to the authentication device, and the mobile communication terminal. It may query whether the private network service area of the departure.
  • TAU Track Area Update
  • the private gateway may block the transmission of traffic between the mobile communication terminal and the private network.
  • the detachment blocking step if the authentication apparatus determines that the changed location information is not included in the preset private network area list, the phone number information is extracted from the source IP of the packet transmitted for authentication, and the mobile communication terminal is extracted. You can send a text message transmission server to send a disconnect message.
  • the method of providing a private network service may be a method of providing a private network service in an LTE network according to TR23.829 of 3GPP Release 10, wherein the local gateway receives a private network connection request of a mobile communication terminal.
  • the local gateway may receive the access request from the mobile communication terminal.
  • the authentication step may include: a location authentication step of performing a location authentication by a local gateway by comparing the location information of the mobile communication terminal received from the mobile communication terminal with a preset private network service area list; And a registration authentication step of performing, by the local gateway, whether the mobile communication terminal is a terminal subscribed to the private network service to a preset authentication device, and performing the subscription authentication.
  • the authentication step may further include an access time authentication step of performing a connection time authentication for the mobile communication terminal by comparing a time at which the local gateway receives the connection request with a connection allowable time preset in the mobile communication terminal. It may include.
  • the location authentication may be performed by using a private network service area list in which private network service areas allowed for each mobile communication terminal are set differently.
  • the local gateway may receive a Target Area Identifier (TAI) or an E-UTRAN Cell Global Identifier (ECGI) as the location information of the mobile communication terminal.
  • TAI Target Area Identifier
  • ECGI E-UTRAN Cell Global Identifier
  • the local gateway may transmit a RADIUS (Remote Authentication Dial-In User Service) message including user information of the mobile communication terminal to the authentication device.
  • RADIUS Remote Authentication Dial-In User Service
  • the local gateway may receive an authentication success message from the authentication device.
  • the local gateway may transmit a mobile station international ISDN number (IMSIS) or an international mobile station identity (IMSI) of the mobile communication terminal to the user information.
  • IMSIS mobile station international ISDN number
  • IMSI international mobile station identity
  • the local gateway when the mobile communication terminal is separated from the private network service area, the exit block step of blocking the communication session between the mobile communication terminal and the private network. It may further include.
  • the detachment blocking step when the location information of the mobile communication terminal is changed, it is possible to determine whether the mobile communication terminal is out of the private network service area by comparing the location information whose local gateway is changed with a preset private network service area list. have.
  • the local gateway changes the destination IP of the user traffic transmitted by the mobile communication terminal to the IP of the authentication apparatus.
  • the private network connection of the mobile communication terminal can be blocked.
  • the private network service system checks whether a connection request is made to a private network using an access point name (APN) transmitted by a mobile communication terminal, and if the connection request is made to the private network, it corresponds to the APN.
  • a mobility management entity (MME) for transmitting a bearer setup message for transmitting user traffic to a private gateway; Upon receiving the bearer setup message, perform location authentication on whether the mobile communication terminal is located in a preset private network service area, and perform subscription authentication on whether the mobile communication terminal joins the private network service with a preset authentication device.
  • a private gateway for requesting to establish a communication session between the mobile communication terminal and a private network in response to the bearer setup message if the subscription authentication and location authentication for the mobile communication terminal are successful; And upon request of the private gateway, determine whether the mobile communication terminal is included in a terminal list subscribed to a preset private network service, generate a subscription authentication result, and transmit the generated subscription authentication result to the private gateway. It may include a device.
  • the private network service system checks whether the access request is for a private network using an access point name (APN) transmitted by a mobile communication terminal, and if the access request is for the private network, the private network service system corresponds to the APN.
  • APN access point name
  • a mobility management entity for transmitting a bearer setup message for transmitting user traffic to a private gateway;
  • MME mobility management entity
  • a private gateway forming a communication session between the mobile communication terminal and the private network; And whether the user information of the mobile communication terminal is included in a preset subscriber list and whether the location information of the mobile communication terminal is included in a preset private network service area list to correspond to the location authentication and subscriber authentication request.
  • the server may include an authentication server for generating a response message and transmitting the response message to the private gateway.
  • the private network service system may be a private network service system according to TR23.829 of 3GPP Release 10, and is a request for access to a private network using an APN (Access Point Name) transmitted by a mobile communication terminal.
  • a mobility management device MME: Mobility Management Entity
  • MME Mobility Management Entity
  • a mobility management device for transmitting a bearer setup message for transmitting user traffic to a local gateway corresponding to the APN if the connection request is made to the private network;
  • MME Mobility Management Entity
  • Upon receiving the bearer setup message Upon receiving the bearer setup message, perform location authentication on whether the mobile communication terminal is located in a preset private network service area, and perform subscription authentication on whether the mobile communication terminal joins the private network service with a preset authentication device.
  • a local gateway for requesting and establishing a communication session between the mobile communication terminal and a private network in response to the bearer setup message if the registration authentication and location authentication for the mobile communication terminal are successful; And determining whether the mobile communication terminal is included in a terminal list subscribed to a preset private network service according to a request of the local gateway, generating a subscription authentication result, and transmitting the generated subscription authentication result to the local gateway. It may include a device.
  • the method and system for providing a private network service it is possible to block private network access in an unauthorized terminal and an unauthorized region.
  • the method and system for providing a private network service is also applicable to an intranet access method in an LTE network promoted by 3GPP Release 10.
  • the private network connection in an unauthorized mobile communication terminal or an unauthorized region is performed in conjunction with an authentication device or the like. You can block.
  • FIG. 1 is a block diagram illustrating a private network service system according to an embodiment of the present invention.
  • FIGS. 2 and 6 are timing diagrams illustrating a private network connection blocking method for an unregistered mobile communication terminal in a private network service system according to an embodiment of the present invention.
  • 3A, 3B, 7A, and 7B are timing diagrams illustrating a method for disconnecting a private network for a mobile communication terminal leaving a private network service area in a private network service system according to an embodiment of the present invention.
  • FIG. 4 is a table showing session information according to an embodiment of the present invention.
  • FIG. 5 is a timing diagram illustrating a method of changing a connection to a public network by a mobile communication terminal connected to a private network in a private network service system according to an embodiment of the present invention.
  • FIG. 8 is a block diagram illustrating a private network service system according to another embodiment of the present invention.
  • FIG. 9 is a timing diagram illustrating a private network access blocking method for an unregistered mobile communication terminal in a private network service system according to another embodiment of the present invention.
  • FIGS. 10A and 10B are timing diagrams illustrating a private network access blocking method for a mobile communication terminal leaving a private network service area in a private network service system according to another embodiment of the present invention.
  • FIG. 1 is a block diagram illustrating a private network service system according to an embodiment of the present invention.
  • a private network service system includes a mobile communication terminal 1, a mobility management entity (hereinafter referred to as an MME) 20, and a serving gateway ( Serving Gateway (hereinafter referred to as 'SGW') 30, Public Gateway (hereinafter referred to as 'public PGW') 40, Private Gateway (hereinafter referred to as 'private PGW') (50) And an authentication device 60.
  • MME mobility management entity
  • 'SGW' Serving Gateway
  • 'public PGW' Public Gateway
  • 'private PGW' Private Gateway
  • the mobile communication terminal 1 may be a communication device that provides or receives a voice call or data communication, and according to an embodiment, a user equipment (UE), a mobile station (MS), a user terminal (UT), and a subscriber station (SS) may be used. Or other terms).
  • the mobile communication terminal 1 includes a conventional mobile phone such as a cellular phone, a PCS phone, a GSM phone, a CDMA-2000 phone, a WCDMA phone, a smart phone, a tablet PC, a mobile phone using a 4G network, and the like, which are actively used recently. Can be.
  • the mobile communication terminal 1 may transmit and receive data using the mobile communication access network 200.
  • the mobile communication access network 200 may include an Evolved Universal Terrestrial Radio Access Network (E-UTRAN), a Universal Terrestrial Radio Access Network (UTRAN), a GSM EDGE Radio Access Network (GERAN), a WiFi network, and the like.
  • E-UTRAN Evolved Universal Terrestrial Radio Access Network
  • UTRAN Universal Terrestrial Radio Access Network
  • GERAN GSM EDGE Radio Access Network
  • WiFi network a wireless local area network
  • the APN list in which the access point name (APN) and the public APN are recorded may be stored in the mobile communication terminal 1, and the user of the mobile communication terminal 1 accesses any one APN.
  • the communication service can be provided from a public network such as the Internet N1 or a private network such as an intranet N2.
  • the MME 20 is a control plane entity in the E-UTRAN 210, and may provide mobility management and session management functions for the mobile communication terminal 1 through non-access stratum (NAS) signaling. have.
  • the mobile communication terminal 1 may transmit an Attach Request message to the MME 20 in order to access a public network or a private network, and the public communication terminal 1 is intended to connect to the access request message.
  • APN corresponding to the network or private network may be included.
  • the mobile communication terminal 1 transmits a connection request message including a private network APN (for example, private.lte.com) to request the MME 20 to access a private network, or a public network APN (for example, the connection request message including public.lte.com) may be transmitted to request the MME 20 to access the public network.
  • the MME 20 may select the respective SGW 30, PGW (40, 50) for access to the public or private network requested by the mobile communication terminal 1, and move to the corresponding public or private network.
  • a bearer establishment message (Create Session request) for transmitting user traffic of the communication terminal 1 may be transmitted.
  • the SGW 30 may manage mobility of the mobile communication terminal 1 between the eNB included in the E-UTRAN 210 and another base station, between the 3GPP network and the EUTRAN, and payload traffic according to the established session. It can perform session control function to process. That is, the SGW 30 may operate as an anchoring point during handover between base stations and handover between 3GPP systems.
  • the common PGW 40 may connect the mobile communication terminal 1 with a public network such as the Internet N1, provide IP routing and forwarding functions, and provide packet filtering.
  • the common PGW 40 may assign an IP address of the mobile communication terminal 1, and when handover between the SGW 30 or between the LTE communication system and a non-3GPP network (for example, WiMax, etc.) It can operate as a mobility anchoring point.
  • the private PGW 50 may be a gateway for connecting the mobile communication terminal 1 to a private network such as an intranet N2.
  • a private network such as an intranet N2.
  • the mobile communication terminal 1 A communication session can be established with 1) to allow access to the intranet (N2).
  • the private PGW 50 may authenticate whether or not the mobile communication terminal 1 satisfies a preset private network connection permission condition before establishing a communication session between the mobile communication terminal 1 and the intranet N2. Only when the authentication succeeds, a communication session can be established.
  • the authentication performed by the private PGW 50 may include subscription authentication, location authentication, access time authentication, and the like.
  • the private PGW 50 may store a preset private network service area list, and the private PGW 50 may include location information of the mobile communication terminal 1 provided by the mobile communication terminal 1. You can compare private network service area lists.
  • the private PGW 50 may perform location authentication on the mobile communication terminal 1 by checking whether the location information of the mobile communication terminal 1 is included in the private network service area.
  • the private PGW 50 may receive a Target Area Identifier (TAI) or an E-UTRAN Cell Global Identifier (ECGI) as the location information of the mobile communication terminal 1, and the stored private network service area list may also be TAI or It may be stored based on ECGI.
  • TAI Target Area Identifier
  • ECGI E-UTRAN Cell Global Identifier
  • the private PGW 50 compares the received TAI or ECGI of the mobile communication terminal 1 with the private network service area list, and if the TAI or ECGI of the mobile communication terminal 1 is included in the private network service area list, It can be determined that the mobile communication terminal 1 is located in the private network service area.
  • the location information of the mobile communication terminal 1 may be included in a bearer setting message received from the MME 20. According to the embodiment, it is possible to set the private network service area differently for each mobile communication terminal. For example, when different mobile communication terminals exist in the same location, there may be an embodiment in which location authentication is successful for only some mobile communication terminals.
  • the private PGW 50 may also perform subscriber authentication for the mobile communication terminal 1 to access the private network. That is, since the private network service can be provided only to the mobile communication terminal 1 registered in advance to use the private network service, whether the mobile communication terminal 1 requesting access corresponds to the mobile communication terminal 1 subscribed to the private network service. It is necessary to check whether or not.
  • the private PGW 50 may query the authentication apparatus 60 to determine whether the mobile communication terminal 1 corresponds to a terminal subscribed to a private network service, for the subscriber authentication of the mobile communication terminal 1. At this time, the private PGW 50 may provide the user information received from the mobile communication terminal 1 to the authentication device 60, and then the mobile communication terminal 1 according to the authentication result transmitted by the authentication device 60.
  • the private PGW 50 is a user information of the mobile communication terminal 1, the MSISDN (Mobile Station International ISDN Number) or IMSI (International Mobile Station Identity) of the mobile communication terminal 1, the authentication device ( 60). Subsequently, if it is determined that the user information of the mobile communication terminal 1 exists in the stored subscriber list, the authentication device 60 may transmit an authentication success message to the private PGW 50, and receive the authentication success message. The PGW 50 may determine that the subscriber authentication for the mobile communication terminal 1 is successful.
  • the private PGW 50 inquires both the subscription authentication and the location authentication to the authentication device 60, and the mobile communication terminal 1 according to the authentication result transmitted by the authentication device 60. It is also possible to determine the success of the subscription authentication and location authentication for.
  • the mobile PGW 60 compares the time when the connection request is received from the mobile communication terminal 1 with the connection allowance time preset in each mobile communication terminal 1, and performs the mobile communication. It is also possible to perform access time authentication for the terminal 1. That is, even if both the subscription authentication and the location authentication for the mobile communication terminal 1 succeed, the mobile communication terminal 1 may not allow the connection when the mobile communication terminal 1 attempts to access the private network at a time other than the preset access allowance time. have.
  • the private time PGW 60 performs the connection time authentication, but according to the embodiment, the connection time authentication is queried to the authentication device 60, and authentication is successfully performed according to the authentication result transmitted by the authentication device 60. It is also possible to determine.
  • the private PGW 50 may establish a communication session with the mobile communication terminal 1 only if all of the subscriber authentication, location authentication, and access time authentication are successful, and the mobile communication terminal 1 is located in the private network service area. If the mobile communication terminal 1 is not located, or the mobile communication terminal 1 is not subscribed to the private network service or the connection communication time allowed for the mobile communication terminal 1 is not allowed, the formation of the communication session can be refused. When the communication session is established, the private PGW 50 may assign an IP address commonly used in the private network to the mobile communication terminal 1.
  • the private PGW 50 may periodically check the position of the mobile communication terminal 1. Therefore, when it is determined that the mobile communication terminal 1 has left the private network service area, the private PGW 50 may release the session with the mobile communication terminal 1.
  • a bearer change message (Modify Bearer Request) may be received in the private PGW 50, the bearer change message
  • the changed location information of the mobile communication terminal 1 may be stored in the terminal. Therefore, the private PGW 50 may compare the stored private network service area list with the changed location information.
  • the private PGW 50 changes the destination IP of the user traffic transmitted by the mobile communication terminal 1 to the IP of the authentication device 60 so as to transmit the user traffic to the authentication device 60. By doing so, it is possible to block the connection to the private network.
  • the private PGW 50 may include an access permission table, and according to the access permission table, each subscription authentication, location authentication, access time authentication, or the like may be performed.
  • each subscription authentication, location authentication, access time authentication, or the like may be performed.
  • Table 1 shows that both mobile communication terminal A and mobile communication terminal B are private network subscribers, but mobile communication terminal B is not allowed to access a private network at the "la" position.
  • the connection allowable time is 13:00 to 18:00
  • access to the private network may not be permitted even when the location is in the "e" position from 09:00 to 13:00. . That is, it is possible to set a connection permission condition for a private network according to various conditions set in the connection permission condition table.
  • the authentication device 60 may perform subscription authentication, access time authentication, or location authentication for the mobile communication terminal 1 at the request of the private PGW 50.
  • the authentication device 60 includes a subscriber list corresponding to user information of the mobile communication terminal 1 subscribing to the private network service, a private network service area list corresponding to the location information accessible to the private network, and a connection allowable time for the individual mobile communication terminal.
  • the list may be stored, and by using the subscriber list, the access allowance time list, and the private network service area list, subscriber authentication, access allowance time authentication, or location authentication may be performed for the mobile communication terminal 1.
  • the authentication device 60 may transmit a notification message indicating the access to the private network to the mobile communication terminal 1, and the mobile communication terminal 1 moves to a position.
  • the mobile communication terminal 1 may transmit a notification message indicating that the private network service area.
  • the notification message may be a Short Message Servcie (SMS) message, a Multimedia Messagae Service (MMS) message, or an instant message.
  • SMS Short Message Servcie
  • MMS Multimedia Messagae Service
  • the authentication device 60 may directly transmit the notification message or transmit the notification message by requesting the transmission of the notification message to a separate text message transmission server.
  • FIG. 2 is a timing diagram illustrating a private network access blocking method for an unregistered mobile communication terminal in a private network service system according to an embodiment of the present invention.
  • a private network service area list corresponding to location information accessible to a private network may be stored in the private PGW 50 (S201), and the authentication device 60 may include a mobile communication terminal subscribed to a private network service ( The subscriber list corresponding to the user information of 1) may be stored (S202).
  • the mobile communication terminal 1 may transmit a connection request message for setting up a private APN to the MME 20 through the eNB 211 included in the E-URAN 210 for accessing the private network N2 ( S203, S204).
  • the MME 20 may allow access to the private PGW 50 only when a private APN requested by the mobile communication terminal 1 is predefined, but according to an embodiment, the MME 20 may allow access to the private PGW 50. It may be to apply a "Wild Card APN" that allows all the APN delivered by the mobile communication terminal (1).
  • a message (Creat Session Request) may be transmitted (S205 and S206).
  • the private PGW 50 may check whether the location information of the mobile communication terminal 1 included in the received bearer establishment message is included in the previously stored private network service area list. In this case, when the location information is included in the private network service area list, the private PGW 50 may determine that the location authentication is successful and proceed to subscriber authentication. On the other hand, when the location information of the mobile communication terminal 1 is not included in the private network service area list, the private PGW 50 may refuse to establish a session.
  • the subscriber authentication is performed after determining that the location authentication is successful, but is not necessarily limited to this order, it is also possible to proceed with the location authentication after the subscriber authentication according to the embodiment. .
  • the private PGW 50 may request subscriber authentication to the authentication device 60, in which case the private PGW 50 sends the user information (eg, MSISDN, IMSI, etc.) to the authentication device 60. ) Can be transmitted (S207).
  • the private PGW 50 may request the authentication of the subscriber by using the RADIUS (Remote Authentication Dial-In User Service) message.
  • RADIUS Remote Authentication Dial-In User Service
  • the authentication apparatus 60 may determine whether the mobile communication terminal 1 corresponds to a terminal subscribed to a private network service by comparing the received user information with a pre-stored subscriber list. If it is determined that the user information is not included in the subscriber list (S208), the authentication apparatus 60 may transmit an authentication failure message (Access-Reject) to the private PGW 50 (S209). That is, if any of the received MSISDS and IMSI do not match, it is determined that subscriber authentication has failed, and the authentication failure message can be transmitted.
  • an authentication failure message Access-Reject
  • the private PGW 50 may block a connection to the private network of the unregistered mobile communication terminal 1 by sending a bearer setup stop message (Create Seesion Response-User Authentication failed) to stop the setup of the bearer. (S210, S211, S212).
  • a bearer setup stop message Create Seesion Response-User Authentication failed
  • the authentication device 60 may transmit a notification message to the unregistered mobile communication terminal 1 indicating that the connection to the private network is not permitted because the private network service is not subscribed.
  • the authentication device 60 may transmit the notification message by requesting the transmission of the notification message to the separate text message transmission server 61 (S213 and S214). That is, if it is determined that the user information is not included in the subscriber list, the authentication device 60 extracts telephone number information from the source IP of the packet transmitted for authentication, and sends a message indicating that the mobile communication terminal 1 cannot access.
  • the text message transmission server 61 may be transmitted.
  • 3A and 3B are timing diagrams illustrating a private network access blocking method for a mobile communication terminal leaving a private network service area in a private network service system according to an embodiment of the present invention.
  • a private network service area list may be stored in the private PGW 50 (S301), and a subscriber list may be stored in the authentication device 60 (S302).
  • the mobile communication terminal 1 may transmit an attach request message for setting a private APN to the MME 20 (S303 and S304).
  • the MME 20 may transmit a bearer setup message for creating user traffic to the SGW 30 and the private PGW 50 corresponding to the private APN (S305 and S306).
  • the private PGW 50 checks whether the location information of the mobile communication terminal 1 included in the received bearer setting message is included in the previously stored private network service area list, and if so, determines that the location authentication is successful. Proceed with subscriber authentication.
  • the private PGW 50 may request (access-request) subscriber authentication to the authentication device 60. At this time, the private PGW 50 may transmit user information (for example, to the authentication device 60). For example, MSISDN, IMSI, etc.) may be transmitted (S307).
  • the authentication apparatus 60 may determine whether the mobile communication terminal 1 corresponds to a terminal subscribed to a private network service by comparing the received user information with a pre-stored subscriber list. If it is determined that the user information is included in the subscriber list, the authentication device 60 may transmit an access success message (Access-Accept) to the private PGW 50 (S308).
  • Access-Accept access success message
  • the private PGW 50 may allocate an IP address of the mobile communication terminal 1 connected to the private network (S309), and the accounting apparatus including the assigned IP address to the authentication device 60.
  • the authentication device 60 -Send a Reqeust (start) message (S310)
  • the authentication device 60 generates and stores session information based on the received Accounting-Reqeust (start) message (S315), and stores the result in a private PGW (50).
  • the mobile communication terminal 1 may be connected to a private network (S312, S313, S314).
  • the stored session information may be as shown in FIG.
  • the authentication device 60 may transmit a text message indicating the successful connection to the private network to the mobile communication terminal 1 through the text message transmission server 61 (S316, S317, S318). Thereafter, the mobile communication terminal 1 may be provided with a communication service by accessing a private network and transmitting user traffic normally.
  • the mobile communication terminal 1 when the mobile communication terminal 1 performs the position movement (S320), the location information of the mobile communication terminal 1 can be changed, TAU (Tracking Area) for the changed position Update) request may be sent to the MME 20 (S321). Accordingly, the private PGW 50 may receive a modify bearer request through the MME 20 and the SGW 30 (S322 and S323) and by using the changed location information included in the bearer change message. In operation S327, the mobile communication terminal 1 may determine whether it leaves the preset private network service area.
  • the private PGW 50 determines that the private PGW is out of the private network service area and determines the destination IP of the user traffic of the authentication apparatus 60. Can be changed to the IP (S328).
  • the authentication apparatus 60 since user traffic of the mobile communication terminal 1 is not input to the private network, access to the private network of the mobile communication terminal 1 is blocked, and the authentication apparatus 60 stores the source IP extracted from the user traffic and the stored session. IP of the mobile communication terminal 1 included in the information can be compared. Subsequently, when both IPs match, the authentication device 60 may send the text message transmission server 61 a text message indicating that it has left the private network service area to the mobile communication terminal 1 (S329, S330). , S331).
  • Fig. 5 is a timing diagram showing how the mobile communication terminal 1 connecting to the private network changes the connection from the private network to the public network.
  • the mobile communication terminal 1 may first transmit a Detach request including a common APN to the MME 20 (S501 and S502), and the MME 20 may request a connection termination request.
  • the Delete Session Request message may be transmitted to the private PGW 50 through the SGW 30 (S503 and S504).
  • the private PGW 50 may transmit an Accounting-Request (stop) message to the authentication device 60 in response to the Delete Session Request (S506), and the authentication device 60 may delete a communication session for the stored private network.
  • the session may be terminated (S507).
  • the authentication device 60 may transmit a response message to the private PGW 50 to notify that the session termination is completed (S508).
  • FIG. 6 is a timing diagram illustrating a private network connection blocking method for an unregistered mobile communication terminal according to another embodiment of the present invention.
  • the authentication apparatus 60 may store a private network service area list and a subscriber list (S601).
  • the mobile communication terminal 1 may transmit a connection request message for setting up a private APN to the MME 20 through the eNB 211 for private network access (S603 and S604).
  • the MME 20 may transmit a bearer establishment message (Creat Session Request) for transmitting user traffic to the SGW 30 and the private PGW 50 in response to the access request message (S605 and S606).
  • the private PGW 50 may transmit user information and location information included in the received bearer setting message to the authentication device 60 to request subscriber authentication and location authentication for the mobile communication terminal 1 (S607).
  • the private PGW 50 may request the authentication and location authentication from the authentication device 60 using a RADIUS (Remote Authentication Dial-In User Service) message.
  • the authentication device 60 may compare the received user information and the location information with the subscriber list and the private network service area list, respectively. That is, it is determined whether the location information and the user information of the mobile communication terminal 1 are included in each private network service area list and the subscriber list, and when all are included, it can be determined that the location authentication and the subscriber authentication are successful. have. On the other hand, if any of the location information or user information of the mobile communication terminal 1 is not included in the private network service area list or the subscriber list, either the location authentication or the subscriber authentication has failed, and thus refuses to establish a session. can do. For example, if it is determined that the user information is not included in the subscriber list (S608), the authentication device 60 may transmit an authentication failure message (Access-Reject) to the private PGW 50 (S609).
  • Access-Reject authentication failure message
  • the private PGW 50 may block a connection to the private network of the unregistered mobile communication terminal 1 by sending a bearer setup stop message (Create Seesion Response-User Authentication failed) to stop the setup of the bearer. (S610, S611, S612).
  • a bearer setup stop message Create Seesion Response-User Authentication failed
  • the authentication device 60 may transmit a notification message to the unregistered mobile communication terminal 1, indicating that access to the private network is not allowed because the private network service is not subscribed to the unregistered mobile communication terminal 1.
  • the authentication device 60 may transmit the notification message by requesting the transmission of the notification message to the separate text message transmission server 61 (S613 and S614). That is, if it is determined that the user information is not included in the subscriber list, the authentication device 60 extracts telephone number information from the source IP of the packet transmitted for authentication, and sends a message indicating that the mobile communication terminal 1 cannot access.
  • the text message transmission server 61 may be transmitted.
  • FIGS. 7A and 7B are timing diagrams illustrating a method for disconnecting a private network for a mobile communication terminal leaving a private network service area according to another embodiment of the present invention.
  • a private network service area list and a subscriber list may be stored in the authentication device 60 (S701). Thereafter, the mobile communication terminal 1 may transmit an Attach Request message for setting the private APN to the MME 20 (S703 and S704). The MME 20 may send a bearer setup message for creating user traffic to the SGW 30 and the private PGW 50 corresponding to the private APN (S705 and S706).
  • the private PGW 50 may query the authentication apparatus 60 for location authentication and subscriber authentication for the mobile communication terminal 1 requesting access to the private network (S707). In this case, the private PGW 50 may transmit user information (eg, MSISDN, IMSI, etc.) and location information (eg, TAI, ECGI, etc.) to the authentication device 60.
  • user information eg, MSISDN, IMSI, etc.
  • location information eg, TAI, ECGI, etc.
  • the authentication device 60 compares the received user information and location information with a pre-stored subscriber list and a private network service area list to determine whether the mobile communication terminal 1 corresponds to a terminal subscribed to a private network service and a preset private network service area. It can be determined whether or not located within. Here, if it is determined that the user information is included in the subscriber list and the location information is included in the private network service area list, the authentication device 60 may transmit the authentication success message to the private PGW 50 (S708).
  • the private PGW 50 may allocate an IP address of the mobile communication terminal 1 connected to the private network (S709) and transmit an Accounting-Reqeust (start) message to the authentication device 60.
  • the authentication apparatus 60 may store the formed session information based on the received Accounting-Reqeust (start) message (S715), and transmit the result to the private PGW 50 (S711). Thereafter, the mobile communication terminal 1 may be connected to a private network (S712, S713, S714).
  • the authentication device 60 may transmit a text message indicating the successful connection to the private network to the mobile communication terminal 1 through the text message transmission server 61 (S716, S717, S718). Thereafter, the mobile communication terminal 1 may be provided with a communication service by accessing a private network and transmitting user traffic normally.
  • the private PGW 50 may receive a modify bearer request through the MME 20 and the SGW 30 (S722 and S723) and by using the changed location information included in the bearer change message.
  • the authentication device 60 may query whether the mobile communication terminal 1 leaves the preset private network service area.
  • the private PGW 50 may transmit an Accounting-Request (interim) message including 3GPP-User-Location-Info to the authentication device 60.
  • the authentication device 60 may compare the 3GPP-User-Location-Info included in the Accounting-Request (interim) message with a preset private network service area list. Here, if the changed location information of the mobile communication terminal 1 is not included in the private network service area list, the authentication device 60 may determine that the mobile communication terminal 1 is out of the private network service area. In this case, the authentication device 60 may transmit a disconnect-request message (Disconnect-Request) for disconnecting the private network connection to the mobile communication terminal 1 to the private PGW 50 (S732).
  • Disconnect-Request disconnect-request for disconnecting the private network connection to the mobile communication terminal 1 to the private PGW 50
  • the private PGW 50 may return an ACK message in response to the access blocking message (S733), and in order to stop transmission of user traffic, a bearer deletion message to the SGW 30 and the MME 20 (Delete Bearer Request). It may transmit (S734, S735). After receiving the bearer deletion message, the MME 20 may transmit a detach request to the mobile communication terminal 1 to block access to the private network of the mobile communication terminal 1 (S736). Thereafter, when a Delete Bearer Response message is received (S739), the private PGW 60 may transmit an Accounting-Request to the authentication device 60 (S740), and the authentication device 60 may be connected to the mobile communication terminal 1 and the private network. It is possible to terminate the session between (S741).
  • the authentication device 60 when the mobile communication terminal 1 is out of the private network service area, a notification message for notifying that the connection to the private network due to the location of the mobile communication terminal 1, the mobile communication terminal (1) ) Can be sent. That is, the authentication device 60 may request the text message transmission server 61 to transmit the notification message (S729, S730, and S731).
  • FIG. 8 is a block diagram showing a private network service system according to another embodiment of the present invention.
  • the mobile communication terminal 1 can directly connect to the private network through the HeNB 212 and the local gateway 70 without having to go through a separate wireless core network.
  • the mobile communication terminal 1 may set an APN to access the private network, and the mobile communication terminal 1 may transmit an Attach Request including the set APN to the MME 20.
  • the MME 20 may set the bearer by selecting the SGW 30, the local gateway 70, and the like for accessing the private network corresponding to the received APN, and may transmit user traffic.
  • the local gateway 70 may perform authentication, such as subscription authentication, location authentication, access time authentication, etc. for the mobile communication terminal 1, similar to the private PGW 50 of FIG. Only when all succeed, the mobile communication terminal 1 can be connected to the private network. Since specific authentication methods and the like have been described above, a detailed description thereof will be omitted.
  • the mobile communication terminal 1 sends an attach request message for establishing a private APN to the MME 20 through the HeNB 212 for the private network connection. It can transmit (S901, S902).
  • the MME 20 may transmit a bearer setup message (Creat Session Request) for transmitting user traffic to the SGW 30 and the local gateway 70 corresponding to the private APN (S903 and S904).
  • the local gateway 70 may store a private network service area list corresponding to location information accessible to the private network, and the user of the mobile communication terminals 1 subscribed to the private network service in the authentication device 60.
  • the subscriber list corresponding to the information may be stored.
  • the local gateway 70 checks whether the location information of the mobile communication terminal 1 included in the received bearer setting message is included in the previously stored private network service area list. Judgment can proceed to subscriber authentication. On the other hand, if the location information of the mobile communication terminal 1 is not included in the private network service area list, the session establishment can be rejected.
  • the local gateway 70 may request subscriber authentication to the authentication device 60, in which case the local gateway 70 transmits user information (eg, MSISDN, IMSI, etc.) to the authentication device 60. ) Can be transmitted (S905).
  • user information eg, MSISDN, IMSI, etc.
  • the authentication apparatus 60 may compare the received user information with a pre-stored subscriber list, and determine whether the mobile communication terminal 1 corresponds to a terminal subscribed to a private network service (S906). If it is determined that the user information is not included in the subscriber list, the authentication device 60 may transmit an authentication failure message (Access-Reject) to the local gateway 70 (S907). That is, if any of the received MSISDS and IMSI do not match, it is determined that subscriber authentication has failed, and the authentication failure message can be transmitted.
  • an authentication failure message Access-Reject
  • the local gateway 70 Upon receiving the authentication failure message, the local gateway 70 transmits a Create Seesion Response-User Authentication failed message to stop setting up the bearer, thereby blocking access to the private network of the unregistered mobile communication terminal 1. It may be (S908, S909, S910).
  • a local network service area list may be stored in the local gateway 70 (S1001), and a subscriber list may be stored in the authentication device 60.
  • the mobile communication terminal 1 may transmit an attach request message for setting a private APN to the MME 20 (S1002 and S1003).
  • the MME 20 may transmit a bearer setup message for creating user traffic to the SGW 30 and the local gateway 70 corresponding to the private APN (S1004 and S1005).
  • the local gateway 70 checks whether the location information of the mobile communication terminal 1 included in the received bearer setting message is included in the previously stored private network service area list, and if it is included, determines that the location authentication is successful. Proceed with subscriber authentication.
  • the local gateway 70 may request subscriber authentication to the authentication device 60, in which case the local gateway 70 transmits user information (eg, MSISDN, IMSI, etc.) to the authentication device 60. ) Can be transmitted (S1006).
  • user information eg, MSISDN, IMSI, etc.
  • the authentication apparatus 60 may determine whether the mobile communication terminal 1 corresponds to a terminal subscribed to a private network service by comparing the received user information with a pre-stored subscriber list. Here, if it is determined that the user information is included in the subscriber list, the authentication device 60 may transmit an authentication success message to the local gateway 70 (S1007).
  • the local gateway 70 may allocate an IP address of the mobile communication terminal 1 accessing the private network, and transmit an Accounting-Reqeust (start) message to the authentication device 60 ( S1008), the authentication apparatus 60 may store the formed session information based on the received Accounting-Reqeust (start) message (S1013), and transmit the result to the local gateway 70 (S1009). Thereafter, the mobile communication terminal 1 may be connected to a private network (S1010, S1011, S1012).
  • the authentication device 60 may transmit a text message informing the mobile communication terminal 1 of the successful connection to the private network (S1014). Thereafter, the mobile communication terminal 1 may be provided with a communication service by accessing a private network and transmitting user traffic normally.
  • the mobile communication terminal 1 performs the position movement (S1015), the location information of the mobile communication terminal 1 can be changed, the TAU (Tracking Area Update) request for the changed position is MME (20) It may be transmitted to (S1016). Accordingly, the local gateway 70 may receive a modify bearer request through the MME 20 and the SGW 30 (S1017 and S1018) and by using the changed location information included in the bearer change message. In operation S1019, it may be determined whether the mobile communication terminal 1 leaves the preset private network service area.
  • the TAU Track Area Update
  • the local gateway 70 determines that the private gateway is out of the private network service area, and determines the destination IP of the user traffic of the authentication device 60. Can be changed to IP (S1022). In this case, since user traffic of the mobile communication terminal 1 is not input to the private network, access to the private network of the mobile communication terminal 1 may be blocked (S1023). Thereafter, the mobile communication terminal 1 may transmit a text message indicating that it has left the private network service area (S1024).

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Databases & Information Systems (AREA)
  • Mobile Radio Communication Systems (AREA)
  • Telephonic Communication Services (AREA)

Abstract

L'invention concerne un système et un procédé de fourniture de service de réseau privé. Selon un mode de réalisation de l'invention, un procédé de fourniture d'un service de réseau privé peut comprendre: une étape de réception, par une passerelle privée, d'une demande d'accès émanant d'un terminal de communications mobiles; une étape d'authentification, par la passerelle privée, pour établir si le terminal de communications mobiles satisfait une condition prédéterminée pour accorder l'accès à un réseau privé; et une étape de connexion pour établir, par la passerelle privée, une session de communication entre le terminal de communications mobiles authentifié avec succès et le réseau privé.
PCT/KR2016/005172 2015-07-03 2016-05-16 Procédé et système de fourniture de service de réseau privé WO2017007122A1 (fr)

Applications Claiming Priority (6)

Application Number Priority Date Filing Date Title
KR10-2015-0095294 2015-07-03
KR20150095294 2015-07-03
KR20150095998 2015-07-06
KR10-2015-0095998 2015-07-06
KR1020150132088A KR101629006B1 (ko) 2015-07-03 2015-09-18 사설망 서비스 제공방법 및 시스템
KR10-2015-0132088 2015-09-18

Publications (1)

Publication Number Publication Date
WO2017007122A1 true WO2017007122A1 (fr) 2017-01-12

Family

ID=56191365

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/KR2016/005172 WO2017007122A1 (fr) 2015-07-03 2016-05-16 Procédé et système de fourniture de service de réseau privé

Country Status (2)

Country Link
KR (2) KR101629006B1 (fr)
WO (1) WO2017007122A1 (fr)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2021155859A1 (fr) * 2020-02-07 2021-08-12 维沃移动通信有限公司 Procédé et dispositif de contrôle d'accès
WO2023129800A1 (fr) * 2021-12-29 2023-07-06 Motorola Solutions, Inc. Contrôle de mobilité et d'accès à travers des limites de locataires dans un système de communication privé à locataires multiples

Families Citing this family (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR101830225B1 (ko) * 2016-08-12 2018-02-20 주식회사 엘지유플러스 무선 통신 시스템에서 폐쇄형 전용망 서비스 제공 방법
KR102553168B1 (ko) * 2017-02-08 2023-07-06 주식회사 케이티 네트워크 자동 전환 시스템 및 방법
KR102000717B1 (ko) * 2017-06-27 2019-07-16 주식회사 케이티 비신뢰망을 통해 사설망으로 접속하는 사용자 단말의 접속을 제어하는 시스템 및 방법
WO2020036401A1 (fr) * 2018-08-13 2020-02-20 삼성전자 주식회사 Appareil et procédé d'enregistrement sur un réseau dans un système de communication sans fil
KR102528728B1 (ko) * 2018-08-13 2023-05-08 삼성전자주식회사 무선 통신 시스템에서 네트워크에 등록하기 위한 장치 및 방법
KR102343132B1 (ko) * 2019-10-24 2021-12-24 주식회사 엘지유플러스 지역 기반 데이터 통신 서비스 제공 장치 및 방법

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20050063188A (ko) * 2003-12-22 2005-06-28 삼성전자주식회사 코드분할다중접속 이동 통신 시스템에서 케이브알고리즘을 이용한 1xEV-DO 서비스 가입자 단말기인증 시스템 및 방법
KR20130006378A (ko) * 2011-07-08 2013-01-16 삼성전자주식회사 사용자 단말의 이동성을 지원하는 방법 및 장치
KR20130036875A (ko) * 2011-10-05 2013-04-15 에스케이텔레콤 주식회사 이동통신 시스템에서 로밍 게이트웨이 서비스 방법 및 망 연동 장치
KR20140055562A (ko) * 2012-10-31 2014-05-09 (주)나무소프트 사설망 접근 관리 장치 및 방법
KR20150021261A (ko) * 2013-08-20 2015-03-02 에스케이텔레콤 주식회사 라디오 유닛 단위 기반의 단말 위치정보 획득 방법 및 그 장치

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR101216542B1 (ko) 2011-08-31 2013-01-02 에스케이텔레콤 주식회사 Epc망의 pdn-gw 및 그 과금 데이터 생성 방법

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20050063188A (ko) * 2003-12-22 2005-06-28 삼성전자주식회사 코드분할다중접속 이동 통신 시스템에서 케이브알고리즘을 이용한 1xEV-DO 서비스 가입자 단말기인증 시스템 및 방법
KR20130006378A (ko) * 2011-07-08 2013-01-16 삼성전자주식회사 사용자 단말의 이동성을 지원하는 방법 및 장치
KR20130036875A (ko) * 2011-10-05 2013-04-15 에스케이텔레콤 주식회사 이동통신 시스템에서 로밍 게이트웨이 서비스 방법 및 망 연동 장치
KR20140055562A (ko) * 2012-10-31 2014-05-09 (주)나무소프트 사설망 접근 관리 장치 및 방법
KR20150021261A (ko) * 2013-08-20 2015-03-02 에스케이텔레콤 주식회사 라디오 유닛 단위 기반의 단말 위치정보 획득 방법 및 그 장치

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2021155859A1 (fr) * 2020-02-07 2021-08-12 维沃移动通信有限公司 Procédé et dispositif de contrôle d'accès
WO2023129800A1 (fr) * 2021-12-29 2023-07-06 Motorola Solutions, Inc. Contrôle de mobilité et d'accès à travers des limites de locataires dans un système de communication privé à locataires multiples
US11863986B2 (en) 2021-12-29 2024-01-02 Motorola Solutions, Inc. Mobility and access control across tenant boundaries in a multitenant private communication system

Also Published As

Publication number Publication date
KR101629006B1 (ko) 2016-06-13
KR101796297B1 (ko) 2017-11-10
KR20170004835A (ko) 2017-01-11

Similar Documents

Publication Publication Date Title
WO2017007122A1 (fr) Procédé et système de fourniture de service de réseau privé
US10455489B2 (en) Method for supporting PDN GW selection
WO2020251309A1 (fr) Procédé et appareil permettant de fournir un service dans un système de communication sans fil
WO2012177023A1 (fr) Délestage du trafic par l'intermédiaire d'un réseau local
WO2016208960A1 (fr) Procédé et appareil permettant d'abonner un dispositif électronique dans un système de communication mobile
WO2011021875A2 (fr) Serveur pour plan de commande au niveau d'un réseau de communication mobile et procédé de commande de service d'accès ip local
WO2018021861A1 (fr) Procédé et appareil pour effectuer une procédure de spécification de cellule pour un nr basé sur une tranche de réseau dans un système de communication sans fil
WO2018038503A1 (fr) Procédé et appareil d'exploitation d'un système de communication sans fil doté d'une gestion de mobilité et d'une gestion de session séparées
WO2016175479A1 (fr) Procédé et système de fourniture de service de réseau privé
WO2017086647A1 (fr) Procédé et appareil de sélection d'un réseau central dans un système de communications mobiles
WO2011043571A2 (fr) Procédé de contrôle d'accès local pour terminaux qui supportent des communications m2m dans un système de communication sans fil
WO2010128773A2 (fr) Serveur pour plan de commande destiné à un réseau de communication mobile et procédé de commande d'établissement de connexion apparenté
WO2011056046A2 (fr) Procédé et système de support de continuité d'appel radio vidéo unique pendant un transfert
US10104603B2 (en) Apparatus, system and method for dedicated core network
WO2016085292A1 (fr) Procédé et appareil de prestation d'un service de parrainage entre des équipements utilisateur
WO2011052995A2 (fr) Procédé et système pour gérer la sécurité dans un système de communication mobile
WO2014069925A1 (fr) Procédé et appareil pour gérer une connexion d'un réseau à commutation de paquets sur la base d'une zone locale dans un système de communication sans fil
WO2013109082A1 (fr) Procédé et dispositif pour la définition d'une priorité dans la transmission de données
WO2019245344A1 (fr) Procédé et système de commande de trafic à base de hplmn lors de l'enregistrement d'un ue sur différents plmn
WO2010128786A2 (fr) Procédé de fourniture d'informations de type de connexion et procédé de commande de ressource radio de nœud b évolué domestique
WO2010035971A2 (fr) Procede pour supporter la gestion de contexte par noeud b d'accueil
WO2019194536A1 (fr) Procédé et appareil pour fournir un service de réseau de données de zone locale sur la base d'un modèle de non abonnement dans un système de communication sans fil
WO2022025666A1 (fr) Procédé et dispositif d'utilisation simultanée de tranches de réseau
WO2021201648A1 (fr) Procédé et appareil de gestion de procédure liée à un cag dans un réseau de communication sans fil
WO2021010661A1 (fr) Dispositif de gestion d'informatique en périphérie et son procédé de fonctionnement

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 16821528

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE