WO2017132906A1 - 获取、发送用户设备标识的方法及设备 - Google Patents
获取、发送用户设备标识的方法及设备 Download PDFInfo
- Publication number
- WO2017132906A1 WO2017132906A1 PCT/CN2016/073371 CN2016073371W WO2017132906A1 WO 2017132906 A1 WO2017132906 A1 WO 2017132906A1 CN 2016073371 W CN2016073371 W CN 2016073371W WO 2017132906 A1 WO2017132906 A1 WO 2017132906A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- user equipment
- request
- network side
- side device
- equipment identity
- Prior art date
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/06—Authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/50—Address allocation
- H04L61/5007—Internet protocol [IP] addresses
- H04L61/503—Internet protocol [IP] addresses using an authentication, authorisation and accounting [AAA] protocol, e.g. remote authentication dial-in user service [RADIUS] or Diameter
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/12—Detection or prevention of fraud
- H04W12/126—Anti-theft arrangements, e.g. protection against subscriber identity module [SIM] cloning
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W8/00—Network data management
- H04W8/22—Processing or transfer of terminal data, e.g. status or physical capabilities
- H04W8/24—Transfer of terminal data
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W92/00—Interfaces specially adapted for wireless communication networks
- H04W92/02—Inter-networking arrangements
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/60—Context-dependent security
- H04W12/69—Identity-dependent
- H04W12/71—Hardware identity
Definitions
- the present invention relates to the field of wireless communication technologies, and in particular, to a method and a device for acquiring a user equipment identifier, a method and a device for transmitting a user equipment identifier, and a method and a device for triggering user equipment identifier detection.
- LTE Long Term Evolution
- EPS Evolved Packet System
- PS Packet Switching
- EPC Evolved Packet Core Network
- LTE Long Term Evolution
- Non 3GPP access technologies such as WIMAX (Worldwide Interoperability for Microwave Access), WLAN ( Wireless Local Area Networks (WLAN), where, for a trusted WLAN, the access gateway on the network side is a trusted WLAN access network (TWAN).
- TWAN trusted WLAN access network
- the network side access gateway is an ePDG (Evolved Packet Data Gateway).
- the MME Mobile Management Entity
- EIR Equipment Identity Register
- the EIR detection of the user equipment identifier may prevent theft.
- the UE accesses the network. For example, after the user loses the UE, the user equipment identifier of the UE is added to the blacklist.
- the MME rejects the UE from accessing the network.
- the UE may access the EPC through the gateway device on the Non 3GPP side.
- the gateway device may obtain the user equipment identifier through the message established by the connection. Therefore, the detection of the user equipment identity is implemented, but after the UE accesses the EPC from the gateway device of the Non 3GPP side, the UE cannot obtain the user equipment identifier, and therefore, after the UE accesses the EPC from the gateway device of the Non 3GPP side, Perform EIR detection on the user equipment identifier.
- the invention provides a method and a device for acquiring a user equipment identifier, a method and a device for transmitting a user equipment identifier, and a method and a device for triggering the user equipment identifier detection, which are used to solve the problem that the UE accesses the core network from the Non 3GPP side. After that, the problem of the user device ID could not be obtained.
- a method for obtaining a user equipment identifier comprising:
- the network side device After the user equipment UE accesses the core network from the Non 3GPP side, the network side device sends a user equipment identity request to the UE, and receives the user equipment identifier sent by the UE.
- the network side device determines that the identity information of the UE or the service requested by the UE meets a pre-configuration. Local strategy.
- the network side device receives the user equipment identity request sent by the 3GPP AAA server before sending the user equipment identity request to the UE.
- the network side device receives the user equipment identity request sent by the 3GPP AAA server, where the network side device receives the 3GPP AAA server and sends a re-authentication request message Re-Auth. -Request, the Re-Auth-Request includes an indication of the user equipment identity request; or,
- the network side device receives the user equipment identity request message sent by the 3GPP AAA server.
- the network side device sends a user equipment identity request to the UE, including: the network side device to the The UE sends a network key exchange information request message IKEv2 Information Request, where the IKEv2 Information Request includes an indication of the user equipment identity request;
- the network side device receives a network key exchange information request message reply message IKEv2 Information Response sent by the UE, where the IKEv2 Information Response includes a user equipment identifier;
- the network side device sends a user equipment identity request to the UE, where the network side device sends data to the UE.
- a network modification request message PDN Modify Request where the PDN Modify Request includes an indication of the user equipment identity request;
- the network side device And receiving, by the network side device, the user equipment identifier sent by the UE, where the network side device receives a data network modification request reply message PDN Modify Accept sent by the UE, where the PDN Modify Accept includes a user equipment identifier.
- the network side device sends the user equipment identifier to the 3GPP AAA server.
- the network side device sends the user equipment identifier to the 3GPP AAA server, where the network side device sends an authentication and authorization request message Diameter AA Request to the 3GPP AAA sever.
- the user equipment identifier is included in the Diameter AA Request; or the network side device sends a re-authentication authorization reply message Re-Auth-Answer to the 3GPP AAA server, where the Re-Auth-Answer includes the user equipment identifier; or
- the network side device sends a user equipment identity reply message to the 3GPP AAA server, where the user equipment identity reply message includes a user equipment identifier.
- the method further includes: the network side device receiving a message that the user equipment identity detection result fails; the network side The device determines that the user equipment identifier is invalid according to the failure of the user equipment identifier detection result, and notifies the UE that the user equipment identifier detection result fails.
- the network side device notifies the UE user equipment label If the detection result is unsuccessful, the network side device sends a PDN connection release request PDN disconnection request to the UE, where the PDN disconnection Request includes an indication that the user equipment identity detection result fails; or the network side device The UE sends an information request message to the INFORMATION Request, and the INFORMATION Request includes an indication that the user equipment identity detection result fails.
- the network side device receives a message that the user equipment identity detection result fails, including:
- the network side device receives the authentication and authorization reply message Diameter AA Answer, where the Diameter AA Answer includes an indication that the user equipment identity detection result fails; or the network side device receives the termination session request message Abort Session Request, The Abort Session Request includes an indication that the user equipment identity detection result fails.
- the network side device is a 3GPP AAA server, and the network side device sends a user equipment identity request to the UE, where the network side device sends an extension to the UE.
- the authentication authentication request message EAP REQ AKA 'Reauthentication, the EAP REQ AKA 'Reauthentication includes an indication of the user equipment identification request;
- the network side device Receiving, by the network side device, the user equipment identifier sent by the UE, the network side device receiving an extended authentication authentication request reply message EAP RSP AKA'Reauthentication sent by the UE, in the EAP RSP AKA'Reauthentication Includes user device ID.
- the method further includes: the network side device receiving the user equipment identity detection request sent by the gateway device, determining that the User equipment identification is detected.
- the network side device receives the user equipment identity detection request sent by the gateway device, where the network side device receives the authentication authentication request message Diameter EAP Request sent by the gateway device.
- the Diameter EAP Request includes an indication of the user equipment identity detection request; or the network side device receives the user equipment identity detection request message sent by the gateway device.
- the network side device receives the user equipment identifier. After that, the network side device sends the user equipment identifier to the device identifier recorder EIR; the network side device receives the detection result of the user equipment identifier sent by the EIR, and determines according to the detection result of the user equipment identifier.
- the user equipment identifier of the UE is invalid, and the UE or the gateway device is notified that the user equipment identity detection result is failed.
- the network side device notifying the UE that the user equipment identity detection result fails includes: the network side device sending an extended authentication authentication failure message EAP failure to the UE,
- the EAP failure includes an indication that the user equipment identity detection result fails.
- the network side device notifies the gateway device that the user equipment identity detection result fails, and the network side device sends the authentication and authorization reply message Diameter AA to the gateway device. Answer, the authentication and authorization reply message Diameter AA Answer includes an indication that the user equipment identity detection result fails; or the network side device sends a termination session request message Abort Session Request to the gateway device, the termination session request The message Abort Session Request includes an indication that the user equipment identity detection result fails.
- the network side device before the network side device sends the user equipment identity request to the UE, the network side device further receives the user equipment identity detection request sent by the IMS through the home subscriber server HSS. ;
- the network side device After receiving the detection result of the user equipment identifier sent by the EIR, the network side device further includes: the network side device sending the user equipment detection result to the IMS by using the HSS.
- a method for transmitting a user equipment identifier comprising:
- the user equipment UE After the user equipment UE accesses the core network from the Non 3GPP side, it receives the user equipment identity request sent by the network side device, and sends the user equipment identifier to the network side device.
- the UE receives the user equipment identity request sent by the network side device, and the method includes: the UE receiving the network side device sending The network key exchange information request message IKEv2 Information Request, the IKEv2 Information Request includes an indication of the user equipment identity request, and the UE sends the user equipment identifier to the network side device, including: the UE to the The network side device sends a network key exchange information request message reply message IKEv2 Information Response, the IKEv2 The User Response is included in the Information Response.
- the UE receives the user equipment identity request sent by the network side device, including: receiving, by the UE, the network side The data network modification request message (PDN) is sent by the device, and the PDN modification request includes the indication of the user equipment identity request, and the UE sends the user equipment identifier to the network side device, including: The network side device sends a PDN Modify Accept message according to the network modification request message, where the PDN Modify Accept includes the user equipment identifier.
- PDN data network modification request message
- the UE receives the user equipment identity request sent by the network side device, including: the UE receiving the network The extended authentication authentication request message EAP REQ AKA'Reauthentication sent by the side device, where the EAP REQ AKA'Reauthentication includes an indication of the user equipment identity request; the UE sends the user equipment identity to the network side device, including: The authentication authentication request message extended by the UE to the network side device is returned to the EAP RSP AKA'Reauthentication, where the EAP RSP AKA'Reauthentication includes the user equipment identifier.
- the method further includes: the UE sending an IMS service request to the IMS; After the UE sends the identifier of the user equipment to the network side device, the method further includes: receiving, by the UE, a message that the user equipment identity detection result fails; the UE determining, according to the message that the user equipment identity detection result fails, determining If the user equipment identifier is invalid, the IMS service request is no longer initiated.
- the UE receives the message that the user equipment identity detection result fails, and the method includes: the UE receives a PDN connection release request PDN disconnection request, where the PDN disconnection request includes user equipment identity detection.
- the result is an indication of failure; or the UE receives an EAP failure, and the EAP failure includes an indication that the user equipment identity detection result fails.
- a method for triggering detection of a user equipment identity including:
- the protocol IP multimedia subsystem IMS of the interconnection between the networks receives the IMS service request from the user equipment, determines that the user equipment identifier of the UE needs to be detected, and sends a user equipment identity detection request to the network side device.
- the method further includes: the IMS receiving the user equipment identity detection result; and the IMS detecting the result according to the user equipment identity Determining whether to accept the IMS service request of the UE, and if the user equipment identity detection result is determined to be invalid according to the user equipment identity detection result, rejecting the IMS service request of the UE; And determining that the user equipment identity detection result is legal, and accepting the IMS service request of the UE.
- the fourth aspect provides a device for acquiring a user equipment identifier, which is characterized by:
- the transmitter is configured to send a user equipment identity request to the UE after the user equipment UE accesses the core network from the Non 3GPP side, and the receiver is configured to receive the user equipment identifier sent by the UE.
- the device further includes: a processor;
- the processor is configured to determine that the identifier information of the UE or the service requested by the UE meets a pre-configured local policy before the transmitter sends the user equipment identity request to the UE.
- the receiver is further configured to: receive 3GPP before the transmitter sends the user equipment identity request to the UE The user equipment identity request sent by the AAA server.
- the receiver is configured to: receive, by the 3GPP AAA server, a re-authentication request message Re-Auth-Request, where the Re-Auth-Request includes the user An indication of the device identification request; or receiving a user equipment identity request message sent by the 3GPP AAA server.
- the transmitter is configured to: send a network key exchange information request message IKEv2 Information Request to the UE, the IKEv2 Information The request includes an indication of the user equipment identity request, and the receiver is configured to: receive a network key exchange information request message reply message IKEv2 Information Response sent by the UE, where the IKEv2 Information Response includes Household equipment identification;
- the transmitter is configured to: send a data network modification request message PDN Modify Request to the UE, in the PDN Modify Request
- the receiver is configured to: receive a data network modification request reply message PDN Modify Accept sent by the UE, where the PDN Modify Accept includes a user equipment identifier.
- the transmitter is further configured to: after the receiver receives the user equipment identifier, send the user equipment identifier to the 3GPP AAA server.
- the transmitter is configured to: send an authentication and authorization request message Diameter AA Request to the 3GPP AAA sever, where the Diameter AA Request includes a user equipment identifier; or
- the network side device sends a re-authentication authorization reply message Re-Auth-Answer to the 3GPP AAA server, where the Re-Auth-Answer includes the user equipment identifier; or sends a user equipment identity reply message to the 3GPP AAA server,
- the user equipment identity reply message includes a user equipment identifier.
- the receiver is further configured to: after the transmitter sends the user equipment identifier to the 3GPP AAA server, receive a message that the user equipment identity detection result fails;
- the device is further configured to: determine that the user equipment identifier is invalid according to the message that the user equipment identifier detection result fails, and notify the UE that the user equipment identifier detection result fails.
- the transmitter is configured to: send a PDN connection release request PDN disconnection request to the UE, where the PDN disconnection Request includes an indication that the user equipment identity detection result fails; or Sending an information request message to the UE, and the INFORMATION Request includes an indication that the user equipment identity detection result fails.
- the receiver is configured to: receive an authentication and authorization reply message Diameter AA Answer, where the Diameter AA Answer includes an indication that the user equipment identity detection result fails; or, receive The Abort Session Request message is terminated, and the Abort Session Request includes an indication that the user equipment identity detection result fails.
- the network side device is a 3GPP AAA server
- the transmitter is configured to: send an extended authentication authentication request message EAP REQ AKA'Reauthentication to the UE,
- the EAP REQ AKA'Reauthentication includes an indication of the user equipment identity request
- the receiver is configured to: receive an extended authentication authentication request reply message EAP RSP AKA 'Reauthentication sent by the UE, the EAP RSP AKA'
- the user device identifier is included in the Reauthentication.
- the receiver is configured to receive a user equipment identity detection request sent by the gateway device before the transmitter sends the user equipment identity request to the UE;
- the processor is further configured to determine, according to the user equipment identity detection request sent by the gateway device, that the user equipment identity needs to be detected.
- the receiver is configured to: receive an authentication authentication request message Diameter EAP Request sent by the gateway device, where the authentication Diameter EAP Request includes an indication of the user equipment identity detection request; Or receiving a user equipment identity detection request message sent by the gateway device.
- the transmitter is further configured to: after the receiver receives the user equipment identifier, send the user equipment identifier to the EIR; the processor is further used to: Receiving a detection result of the user equipment identifier sent by the device identifier recorder EIR, if it is determined that the user equipment identifier of the UE is invalid according to the detection result of the user equipment identifier; the transmitter is further configured to: notify the The UE or the gateway device fails to send the user equipment identity detection result.
- the transmitter is configured to: send an extended authentication authentication failure message EAP failure to the UE, where the EAP failure includes an indication that the user equipment identity detection result fails.
- the transmitter is configured to: send an authentication and authorization reply message Diameter AA Answer to the gateway device, where the authentication and authorization reply message Diameter AA Answer includes a user The device identifies that the detection result is unsuccessful; or sends a termination session request message Abort Session Request to the gateway device, where the termination session request message includes an indication that the user equipment identity detection result fails.
- the receiver is further configured to: before the transmitter sends a request for acquiring the user equipment identifier to the UE, receive the user equipment identity detection request sent by the IMS through the HSS.
- the transmitter is further configured to: after the receiver receives the detection result of the user equipment identifier sent by the EIR, send the user equipment detection result to the IMS through the HSS.
- a fifth aspect provides a device for sending a user equipment identifier, including:
- the receiver is configured to: after accessing the core network from the Non 3GPP side, receive a user equipment identity request sent by the network side device; and the transmitter is configured to send the user equipment identifier to the network side device.
- the receiver is configured to: receive a network key exchange information request message IKEv2 Information Request sent by the network side device, where The IKEv2 Information Request includes an indication of the user equipment identity request, and the transmitter is configured to: send, to the network side device, a network key exchange information request message reply message IKEv2 Information Response, where the IKEv2 Information Response includes User device ID.
- the receiver is configured to: receive a data network modification request message (PDN Modify Request) sent by the network side device, where the PDN is The Modify Request includes an indication of the user equipment identity request, and the transmitter is configured to: send a PDN Modify Accept message to the network side device according to the network modification request message, where the PDN Modify Accept includes the user equipment identifier.
- PDN Modify Request data network modification request message
- the transmitter is configured to: send a PDN Modify Accept message to the network side device according to the network modification request message, where the PDN Modify Accept includes the user equipment identifier.
- the receiver is configured to: receive an extended authentication authentication request message EAP REQ AKA' sent by the network side device.
- the EAP REQ AKA 'Reauthentication includes an indication of the user equipment identity request;
- the transmitter is configured to: reply an EAP RSP AKA 'Reauthentication to the authentication authentication request message extended by the network side device,
- the EAP RSP AKA'Reauthentication includes the user equipment identifier.
- the transmitter is further configured to: after the UE accesses the core network, receive, at the receiver, a request for acquiring a user equipment identifier sent by the network side device prior to, Sending an IMS service request to the IMS; the receiver is further configured to: after the transmitter sends the identifier of the user equipment to the network side device, receiving a message that the user equipment identity detection result fails; the device further includes: The processor is configured to determine, according to the message that the user equipment identifier detection result is invalid, that the user equipment identifier is invalid, and then no longer initiate the IMS service request.
- the receiver is configured to: receive a PDN disconnection request, the PDN disconnection request includes an indication that the user equipment identifier detection result fails; or, receive the EAP failure The EAP failure includes an indication that the user equipment identity detection result fails.
- the sixth aspect provides a device for triggering detection of user equipment identity, including: a receiver, configured to receive a request for sending an IMS service by the user equipment, and a processor, configured to determine that the user equipment identifier of the UE needs to be detected; And a transmitter, configured to send a user equipment identity detection request to the network side device.
- the receiver is further configured to: after the transmitter sends a user equipment detection request to the network side device, receive a user equipment identity detection result; the processor And determining, according to the detection result of the user equipment identity, whether to accept the IMS service request of the UE, and if the user equipment identity detection result is determined to be invalid according to the user equipment identity detection result, rejecting the IMS service request of the UE If the user equipment identity detection result is determined to be valid according to the user equipment identity detection result, accepting the IMS service request of the UE.
- the network device can obtain the user equipment identifier of the UE by sending the user equipment identity request to the UE after the UE accesses the core network from the Non 3GPP side, thus solving the problem that the UE is from the Non 3GPP side gateway. After the device accesses the core network, the user device ID cannot be obtained.
- FIG. 1 is a schematic diagram of a network architecture applied to an embodiment of the present invention
- FIG. 2 is a schematic flowchart of performing EIR detection on a user equipment identifier according to an embodiment of the present invention
- FIG. 3 is a schematic flowchart of performing EIR detection on a user equipment identifier according to an embodiment of the present invention
- FIG. 4 is a schematic flowchart of performing EIR detection on a user equipment identifier according to an embodiment of the present invention
- FIG. 5 is a schematic flowchart of performing EIR detection on a user equipment identifier according to an embodiment of the present invention
- FIG. 6 is a schematic flowchart of performing EIR detection on a user equipment identifier according to an embodiment of the present invention
- FIG. 7 is a schematic diagram of an apparatus for obtaining a user equipment identifier according to an embodiment of the present invention.
- FIG. 8 is a schematic structural diagram of hardware of a device for acquiring a user equipment identifier according to an embodiment of the present invention.
- FIG. 9 is a schematic diagram of an apparatus for sending a user equipment identifier according to an embodiment of the present invention.
- FIG. 10 is a schematic structural diagram of hardware of a device for transmitting a user equipment identifier according to an embodiment of the present invention
- FIG. 11 is a schematic diagram of an apparatus for triggering user equipment identity detection according to an embodiment of the present invention.
- FIG. 12 is a schematic structural diagram of hardware of a device for triggering user equipment identity detection according to an embodiment of the present invention.
- FIG. 1 is a schematic diagram of a network architecture, including a UE 100 and a core network, where the core network includes a gateway device 101, an AAA Server (Authentication Authorization Accounting Server) 102, and an EIR (Equipment Identity Register, Device identification recorder 103, HSS (Home SubScriber Server/System) 104, IMS (IP Multimedia Subsystem, IP Multimedia Subsystem), and the like.
- AAA Server Authentication Authorization Accounting Server
- EIR Equipment Identity Register
- Device identification recorder 103 Device identification recorder
- HSS Home SubScriber Server/System
- IMS IP Multimedia Subsystem, IP Multimedia Subsystem
- the user equipment identifiers in the embodiments of the present invention include, but are not limited to, IMEI (International Mobile Equipment Identity) and IMEISV (International Mobile Equipment Identity Software Version Number).
- the network side device in the embodiment of the present invention may be a gateway device or an AAA server.
- the AAA server is a 3GPP AAA server.
- the gateway device includes but is not limited to On TWAN, ePDG.
- the gateway device When the network device is a gateway device, and the gateway device triggers the detection of the user device identity, the gateway device is used as an ePDG as an example. As shown in FIG. 2, the embodiment of the present invention obtains the user device identifier and the acquired user device identifier. Methods of detection, including:
- Step 200 After the UE accesses the core network from the Non 3GPP side, the ePDG determines that the identity information of the UE or the service requested by the UE meets a pre-configured local policy.
- the identifier information of the UE may be an IMSI (International Mobile Subscriber Identity) of the UE.
- IMSI International Mobile Subscriber Identity
- the IMSI set by the IMSI of the UE in the gateway device is in a certain range, and the gateway device needs the range.
- the user equipment identifier of the UE corresponding to the inner IMSI performs EIR detection, or the service initiated by the UE is EIR-detected with the user equipment identifier of the UE corresponding to the service that is required to be in the gateway device.
- Step 201 The ePDG sends an IKEv2 Information Request (Network Key Exchange Information Request message) to the UE, where the Information Request includes an indication of the user equipment identity request.
- IKEv2 Information Request Network Key Exchange Information Request message
- the IKEv2 Information Request is an existing message.
- the user equipment identity request is used by the ePDG to acquire the user equipment identity from the UE.
- the ePDG may also send a user equipment identity request to the UE by using a new customized message, such as a user equipment identity request message.
- the ePDG may also send a user equipment identity request to the UE by using other existing messages that can carry the indication of the user equipment identity request.
- Step 202 After receiving the IKEv2 Information Request, the UE generates an IKEv2 Information Response (Network Key Exchange Information Request message reply message) according to the user equipment identifier of the UE, where the IKEv2 Information Response includes the user equipment identifier, and sends the network key to the ePDG.
- the exchange information request message replies to the message.
- the IKEv2 Information Response is an existing message.
- the ePDG can also send a customized message to the UE, and send a user equipment identity request to the UE through the customized message.
- the UE sends a customized message reply message to the ePDG after receiving the user equipment identity request.
- Send a message to the UE through a reply message of a customized message Send the user device ID.
- Step 203 The ePDG receives the IKEv2 Information Response, and obtains the user equipment identifier of the UE in the IKEv2 Information Response, and generates a Diameter AA Request (Diameter Authentication and Authorization Request) according to the obtained user equipment identifier.
- the AA Request includes the user equipment identifier and sends the Diameter AA Request to the 3GPP AAA server.
- Diameter AA Request is an existing message.
- the ePDG can also send the user equipment identifier through the Re-Auth-Answer (re-authentication authorization reply message), the Re-Auth-Answer is an existing message, and can also pass a customized message (such as a user).
- the device identification reply message sends the user equipment identifier.
- Step 204 After receiving the Diameter AA Request, the 3GPP AAA server obtains the user equipment identifier of the UE in the Diameter AA Request, and sends the user equipment identifier of the UE to the EIR.
- Step 205 After receiving the user equipment identifier, the EIR detects the user equipment identifier, obtains the user equipment identity detection result, and sends the user equipment identity detection result to the 3GPP AAA server.
- Step 206 The 3GPP AAA server receives the user equipment identity detection result. If the user equipment identity is determined to be invalid according to the user equipment identity detection result, the Diameter AA Answer (Diameter Authentication and Authorization Answer message), Diameter is sent to the ePDG. The AA Answer includes an indication that the user equipment identity detection result failed.
- the Diameter AA Answer is an existing message.
- the 3GPP AAA server may also send a result of the failure of the user equipment identity detection result to the ePDG through the Abort Session Request message; the Abort Session Request is The existing message, or the result of the failure of the user equipment identity detection result sent by the customized message.
- Step 207 The ePDG receives the Diameter AA Answer, and determines that the user equipment identifier is invalid according to the indication that the user equipment identity detection result fails in the Diameter AA Answer, and sends an INFORMATION Request message to the UE, where the INFORMATION Request includes the user equipment identity detection. The result of the failure indication.
- Step 208 The UE receives the INFORMATION Request, and releases the link with the ePDG according to the indication that the user equipment identity detection result fails in the INFORMATION Request, and does not initiate a link with the ePDG.
- the network side device that obtains the user equipment identifier is a gateway device.
- the gateway device triggers the detection of the user equipment identifier
- the gateway device is used as the TWAN as an example.
- the user equipment identifier is obtained and acquired in the embodiment of the present invention.
- Method for detecting user equipment identity including:
- Step 300 After the UE accesses the core network from the Non 3GPP side, the TWAN determines that the identity information of the UE or the service requested by the UE meets a pre-configured local policy.
- the identifier information of the UE may be the IMSI of the UE.
- the IMSI set by the IMSI of the UE in the gateway device is in a certain range, and the gateway device needs to perform EIR on the user equipment identifier of the UE corresponding to the IMSI in the range.
- the detection, or the service initiated by the UE performs EIR detection with the user equipment identifier of the UE that is configured in the gateway device and needs to correspond to the service that initiated the request.
- Step 301 The TWAN sends a PDN Modify Request (Data Network Modification Request message) to the UE, where the PDN Modify Request includes an indication of the user equipment identity request.
- PDN Modify Request Data Network Modification Request message
- the PDN Modify Request is an existing message, and the TWAN can also send a user equipment identity request to the UE by using a new customized message.
- the TWAN may also send a user equipment identity request to the UE through other existing messages capable of carrying the indication of the user equipment identity request.
- the user equipment identity request is used by the ePDG to acquire the user equipment identity from the UE.
- Step 302 After receiving the PDN Modify Request, the UE generates a PDN Modify Accept message according to the user equipment identifier of the UE, where the PDN Modify Request includes the user equipment identifier, and sends a PDN Modify Request to the TWAN.
- the PDN Modify Accept is an existing message
- the TWAN can also send a customized message to the UE directly, and send a user equipment identity request to the UE through the customized message, and the UE sends a response message of the customized message to the TWAN after receiving the user equipment identity request. Sending a message to the UE via a customized message Send the user device ID.
- Step 303 The TWAN receives the PDN Modify Request, obtains the user equipment identifier of the UE in the PDN Modify Request, and generates a Diameter AA Request (Authentication and Authorization Request message) according to the obtained user equipment identifier, where the Diameter AA Request includes the user equipment. The indication of the identity and send the Diameter AA Request to the 3GPP AAA server.
- Diameter AA Request is an existing message.
- the TWAN can also send the user equipment identifier through the Re-Auth-Answer, the Re-Auth-Answer is an existing message, and the user equipment can also be sent through a customized message (such as a user equipment identifier reply message).
- a customized message such as a user equipment identifier reply message.
- Step 304 After receiving the Diameter AA Request, the 3GPP AAA server obtains the user equipment identifier of the UE in the Diameter AA Request, and sends the user equipment identifier of the UE to the EIR.
- Step 305 After receiving the user equipment identifier, the EIR detects the user equipment identifier, obtains the user equipment identity detection result, and sends the user equipment identity detection result to the 3GPP AAA server.
- Step 306 The 3GPP AAA server receives the user equipment identity detection result, and if the user equipment identity is determined to be invalid according to the user equipment identity detection result, the Diameter AA Answer is sent to the TWAN, and the Diameter AA Answer includes an indication that the user equipment identity detection result fails.
- the Diameter AA Answer is an existing message.
- the 3GPP AAA server can also send the result of the failure of the user equipment identity detection result to the TWAN through the Abort Session Request message; the Abort Session Request is now There is a message, or the result of the failure of the user device identity detection result sent by the new customized message.
- the 3GPP AAA server may notify the TWAN user device that the detection result fails by using other existing indications that can carry the user equipment identity detection result failure.
- Step 307 The TWAN receives the Diameter AA Answer, and determines that the user equipment identifier is invalid according to the indication that the user equipment identity detection result fails in the Diameter AA Answer, and sends a PDN disconnection request to the UE, where the PDN disconnection Request includes the user. An indication that the device identification test result failed.
- Step 308 The UE receives the PDN disconnection Request, and releases the PDN link with the TWAN according to the indication of the failure of the user equipment identity detection result included in the PDN disconnection Request, and does not initiate the PDN link, and sends a PDN disconnection Accept to the TWAN. Agree to the message).
- the user equipment identity request is sent to the gateway device, and after the gateway device receives the user equipment identity request, if the gateway device is the ePDG, step 201 to step 208 are performed, if the gateway If the device is a TWAN, step 301 to step 308 are performed.
- the user equipment identifier is detected by the 3GPP AAA server, and an optional implementation manner is: when the 3GPP AAA server determines the identifier information of the UE or the service requested by the UE meets the preset condition, it is determined that the user equipment identifier needs to be performed. EIR detection.
- the identifier information of the UE may be an IMSI (International Mobile Subscriber Identity) of the UE.
- IMSI International Mobile Subscriber Identity
- the IMSI set by the IMSI of the UE in the 3GPP AAA server is in a certain range, and the gateway device needs to
- the user equipment identifier of the UE corresponding to the IMSI in the range is EIR-detected, or the requested service initiated by the 3GPP AAA server is EIR-detected with the user equipment identifier of the UE corresponding to the service that is required to be sent by the gateway device.
- the 3GPP AAA server sends a user equipment identity request to the gateway device. Specifically, the 3GPP AAA server sends a Re-Auth-Request (Re-Authentication Authorization Request message) to the gateway device, where the Re-Auth-Request includes the user equipment. The indication of the request is identified, or the 3GPP AAA server sends a customized user equipment identity request message to the gateway device.
- Re-Auth-Request Re-Authentication Authorization Request message
- the 3GPP AAA server may also send a user equipment identity request to the gateway device by using another existing message that can carry the indication of the user equipment identity request.
- the gateway device after receiving the user equipment identity request sent by the 3GPP AAA server, the gateway device sends a user equipment identity request to the UE.
- the triggering of the EIR of the user equipment identifier may be triggered by the IMS.
- the network side device that obtains the user equipment identifier is the gateway device, and the gateway device is the ePDG.
- a method for acquiring a user equipment identifier and detecting a user equipment identifier by using an IMS trigger includes:
- Step 400 After the UE accesses the core network from the Non 3GPP side, the UE sends an IMS service request to the IMS.
- Step 401 After receiving the IMS service request sent by the UE, the IMS determines that the user equipment identifier of the UE needs to be detected, and the user equipment identifier detection request is required to send the 3GPP AAA server by using the HSS.
- Step 402 After receiving the request for performing EIR detection on the user equipment identifier, the 3GPP AAA server sends a user equipment identity request to the ePDG.
- the Re-Auth-Request (Re-authentication Request message) may be used to carry the indication of the user equipment identification request, or the user equipment identification request message may be sent to the ePDG directly, or may be carried by other existing user equipment identification requests.
- the indicated message sends a user equipment identity detection request to the ePDG.
- Step 403 After receiving the user equipment identity request, the ePDG sends an IKEv2 Information Request (Network Key Exchange Information Request message) to the UE, where the IKEv2 Information Request includes an indication of the user equipment identity request.
- IKEv2 Information Request Network Key Exchange Information Request message
- Step 404 After receiving the IKEv2 Information Request, the UE generates an IKEv2 Information Response according to the user equipment identifier of the UE, where the IKEv2 Information Response includes the user equipment identifier, and sends an IKEv2 Information Response to the ePDG.
- the ePDG can also send a customized message to the UE directly, and send a user equipment identity request to the UE through the customized message. After receiving the user equipment identity request, the UE sends a customized message reply message to the ePDG. Sending a user equipment identifier to the UE by using a reply message of the customized message.
- Step 405 The ePDG receives the IKEv2 Information Response, obtains the user equipment identifier of the UE in the IKEv2 Information Response, and generates a Re-Auth-Answer (Re-Authentication Authorization Reply message), where the Re-Auth-Answer includes the user equipment identifier, and The Re-Auth-Answer is sent to the 3GPP AAA server.
- the Re-Auth-Answer is an existing message. It should be noted that the ePDG can also send an existing device Diameter AA Request through authentication and authorization, and send the user equipment identifier, or other An existing message that is sufficient for carrying the identity of the user equipment carries the user equipment identifier.
- the user device ID can be sent via a customized message.
- Step 406 After receiving the Re-Auth-Answer, the 3GPP AAA server obtains the user equipment identifier of the UE in the Re-Auth-Answer, and sends the user equipment identifier of the UE to the EIR.
- Step 407 After receiving the user equipment identifier, the EIR detects the user equipment identifier, obtains the user equipment identity detection result, and sends the user equipment identity detection result to the 3GPP AAA server.
- Step 408 The 3GPP AAA server receives the user equipment identity detection result, sends the user equipment identity detection result to the IMS, and determines that the user equipment identity is invalid according to the user equipment identity detection result, and sends an Abort Session Request to the ePDG.
- the Abort Session Request includes an indication that the user equipment identity detection result fails.
- the ePDG can also send an indication that the user equipment identity detection result fails by using the Diameter AA Answer.
- the ePDG receives the Abort Session Request, and determines that the user equipment identifier is invalid according to the indication that the user equipment identity detection result is unsuccessful in the Abort Session Request, and sends an INFORMATION Request to the UE, where the INFORMATION Request includes an indication that the user equipment identity detection result fails. And sending an Abort Session Answer to the 3GPP AAA server.
- Step 410 The UE receives the INFORMATION Request, and releases the link with the ePDG according to the indication that the user equipment identity detection result fails in the INFORMATION Request, and does not initiate a link with the ePDG.
- step 411 the IMS receives the user equipment identity detection result by using the HSS.
- Step 412 The IMS determines, according to the detection result of the user equipment identity, whether to accept the IMS service request of the UE, and if it is determined that the user equipment identity detection result is invalid according to the user equipment identity detection result, rejecting the IMS service request of the UE If the user equipment identity detection result is determined to be valid according to the user equipment identity detection result, accepting the IMS service request of the UE.
- step 409 and step 410 There is no inevitable sequence between step 409 and step 410, and step 411 and step 412. In order to satisfy step 409 before step 410, the order of step 411 before step 412 is sufficient.
- the 3GPP AAA server may also send a Diameter AA Answer to the ePDG by using the Diameter AA Answer to indicate that the user equipment identity detection result fails, and if the step 408 is to the ePDG. If the Diameter AA Answer is sent, the Abort Session Answer is sent to the ePDG without performing step 409.
- the process is similar to the above process, and details are not described herein.
- the message carrying the information indicating the identity of the user equipment or carrying the information indicating the request for obtaining the user equipment identity is different from that of the ePDG, and the steps in FIG. 2 and FIG. 3 are different.
- the gateway device is used as the TWAN, and the re-authentication process can be initiated through the TWAN to perform EIR detection, specifically when the user equipment is triggered by the TWAN.
- the method for acquiring the user equipment identifier and detecting the user equipment identifier includes:
- Step 500 After the UE accesses the core network from the Non 3GPP side, the TWAN determines that the identity information of the UE or the service requested by the UE meets a preset local policy.
- the identifier information of the UE may be an IMSI (International Mobile Subscriber Identity) of the UE.
- IMSI International Mobile Subscriber Identity
- the IMSI set by the IMSI of the UE in the gateway device is in a certain range, and the gateway device needs the range.
- the user equipment identifier of the UE corresponding to the inner IMSI performs EIR detection, or the service initiated by the UE is EIR-detected with the user equipment identifier of the UE corresponding to the service that is required to be in the gateway device.
- Step 501 The TWAN initiates a re-authentication process, and sends an EAP REQ Identity (Extensible Authentication Protocol Request Identity) to the UE, requesting to obtain a user identifier.
- EAP REQ Identity Extensible Authentication Protocol Request Identity
- Step 502 After receiving the EAP REQ Identity, the UE sends an EAP RSP Identity (Extensible Authentication Protocol Response Identity) to the TWAN, where the EAP RSP Identity includes the user identifier.
- EAP RSP Identity Extensible Authentication Protocol Response Identity
- Step 503 The TWAN receives the EAP RSP Identity, determines the 3GPP AAA server to which the UE belongs according to the user identifier included in the EAP RSP Identity, and sends the Diameter to the 3GPP AAA server.
- the EAP Request (Diameter Extensible Authentication Protocol Request), the Diameter EAP Request includes an indication of the user equipment identity detection request.
- the TWAN may also send a user equipment identity detection request to the 3GPP AAA Server by using a customized user equipment identity detection request message.
- Step 504 The 3GPP AAA Server receives the Diameter EAP Request, determines, according to the indication of the user equipment identity detection request included in the Diameter EAP Request, that the user equipment identifier needs to be detected, and sends an EAP REQ AKA'Reauthentication (extended authentication authentication request) to the UE. Message), the EAP REQ AKA 'Reauthentication includes an indication of the user equipment identity request.
- the 3GPP AAA server sends an EAP REQ AKA'Reauthentication to the UE through the TWAN.
- Step 505 After receiving the EAP REQ AKA'Reauthentication, the UE generates an extended authentication authentication request message reply (EAP RSP AKA'Reauthentication) according to the user equipment identifier of the UE, where the EAP RSP AKA'Reauthentication includes an indication of the user equipment identifier. And send EAP RSP AKA'Reauthentication to the 3GPP AAA server.
- EAP RSP AKA'Reauthentication an extended authentication authentication request message reply
- the UE sends an EAP RSP AKA'Reauthentication to the 3GPP AAA server through the TWAN.
- Step 506 The 3GPP AAA server receives the EAP RSP AKA'Reauthentication, obtains the user equipment identifier of the UE in the EAP RSP AKA'Reauthentication, and sends the user equipment identifier of the UE to the EIR.
- Step 507 After receiving the user equipment identifier, the EIR detects the user equipment identifier, obtains the user equipment identity detection result, and sends the user equipment identity detection result to the 3GPP AAA server.
- Step 508 The 3GPP AAA server receives the user equipment identity detection result. If the user equipment identity is determined to be invalid according to the user equipment identity detection result, the EAP failure is transmitted to the UE through the TWAN (Extensible Authentication Protocol failure), EAP failure The indication that the user equipment identity detection result fails.
- TWAN Extensible Authentication Protocol failure
- Step 509 the UE receives the EAP failure, and includes the user equipment identity detection according to the EAP failure.
- the result of the failure indication determines that the user equipment identity is invalid and no longer initiates the same requested service.
- the gateway device is a TWAN
- the 3GPP AAA server sends a user equipment identity request to the TWAN.
- the TWAN After receiving the request for the user equipment identity, the TWAN initiates a re-authentication process, performs EIR detection on the user equipment identifier, and performs steps 501 to 509.
- the gateway device When the network side device that obtains the user equipment identifier is a 3GPP AAA server, the gateway device is used as an example.
- the user equipment identity detection is initiated by the 3GPP AAA server. Specifically, the 3GPP AAA server determines that the identity information of the UE or the service requested by the UE meets a pre-configured local policy, and sends a user equipment identity request to the TWAN.
- the identifier information of the UE may be an IMSI (International Mobile Subscriber Identity) of the UE.
- IMSI International Mobile Subscriber Identity
- the IMSI set by the IMSI of the UE in the 3GPP AAA server is in a certain range, and the 3GPP AAA server needs to be in the range.
- the user equipment identifier of the UE corresponding to the IMSI is EIR-detected, or the service initiated by the UE is EIR-detected with the user equipment identifier of the UE that is required to be in the 3GPP AAA server.
- the 3GPP AAA server sends a user equipment identity request to the TWAN. After receiving the user equipment identity request, the TWAN initiates a re-authentication process, and detects the user equipment identity. Steps 501 to 509 are performed, and details are not described herein.
- the method of detecting the EIR of the user equipment is triggered, and the method is also triggered by the IMS.
- the method for acquiring the user equipment identifier and detecting the user equipment identifier by using the IMS trigger includes:
- Step 600 After the UE accesses the core network from the Non 3GPP side, the UE sends an IMS service request to the IMS.
- Step 601 After receiving the IMS service request sent by the UE, the IMS determines that the user equipment identifier of the UE needs to be detected, and sends a 3GPP AAA server user equipment identity detection request by using the HSS.
- Step 602 After receiving the user equipment identity detection request, the 3GPP AAA server sends a user equipment identity request to the TWAN.
- the 3GPP AAA Server may carry the indication of the user equipment identity request by using the Re-Auth-Request (re-authentication request message), or directly send a customized user equipment identity request to the TWAN.
- Step 603 After receiving the user equipment identity request, the TWAN initiates a re-authentication process, and sends an EAP REQ Identity to the UE.
- Step 604 After receiving the EAP REQ Identity, the UE feeds back the EAP RSP Identity to the TWAN.
- Step 605 The TWAN receives the EAP RSP Identity and sends a Diameter EAP Request to the 3GPP AAA server.
- Step 606 After receiving the Diameter EAP Request, the 3GPP AAA server sends an EAP REQ AKA'Reauthentication to the UE, where the EAP REQ AKA'Reauthentication includes an indication of the user equipment identity request.
- the 3GPP AAA server sends an EAP REQ AKA'Reauthentication to the UE through the TWAN.
- Step 607 After receiving the EAP REQ AKA'Reauthentication, the UE generates an EAP RSP AKA'Reauthentication according to the user equipment identifier of the UE, where the EAP RSP AKA'Reauthentication includes an indication of the user equipment identifier, and sends an EAP RSP AKA' to the 3GPP AAA server. Reauthentication.
- the UE sends an EAP RSP AKA'Reauthentication to the 3GPP AAA server through the TWAN.
- Step 608 The 3GPP AAA server receives the EAP RSP AKA'Reauthentication, obtains the user equipment identifier of the UE in the EAP RSP AKA'Reauthentication, and sends the user equipment identifier of the UE to the EIR.
- Step 609 After receiving the user equipment identifier, the EIR detects the user equipment identifier, obtains the user equipment identity detection result, and sends the user equipment identity detection result to the 3GPP AAA server.
- Step 610 After receiving the user equipment identity detection result, the 3GPP AAA server sends the user equipment identity detection result to the IMS, and if the user equipment identity detection result is determined, the user equipment identity is determined.
- the EAP failure is sent to the UE through the TWAN, and the EAP failure includes an indication that the user equipment identity detection result fails.
- step 611 the UE receives the EAP failure, and determines that the user equipment identifier is invalid according to the indication that the user equipment identity detection result fails in the EAP failure, and the IMS service request is no longer initiated.
- Step 612 The IMS receives the user equipment identity detection result by using the HSS.
- Step 613 The IMS determines, according to the detection result of the user equipment identity, whether to accept the IMS service request of the UE, and if it is determined that the user equipment identity detection result is invalid according to the user equipment identity detection result, rejecting the IMS service request of the UE If the user equipment identity detection result is determined to be valid according to the user equipment identity detection result, accepting the IMS service request of the UE.
- step 611 and step 612 and step 613 There is no necessary sequence between step 611 and step 612 and step 613, as long as the order of step 612 before step 613 is satisfied.
- the information is forwarded to the 3GPP AAA server to which the UE belongs through the local 3GPP AAA proxy.
- the embodiment of the present invention further provides a device for acquiring a user equipment identifier.
- the method for obtaining the user equipment identifier is a method for obtaining the user equipment identifier according to the embodiment of the present invention.
- the device identified by the user equipment refer to the implementation of the method, and the repeated description is not repeated.
- the device for obtaining a user equipment identifier includes: a transmitter 700, a receiver 701, and a processor 702;
- the transmitter 700 is configured to send a user equipment identity request to the UE after the user equipment UE accesses the core network from the Non 3GPP side, and the receiver 701 is configured to receive the user equipment identifier sent by the UE.
- the processor 702 is configured to determine that the identity information of the UE or the service requested by the UE meets a pre-configured local policy before the transmitter 700 sends the user equipment identity request to the UE.
- the receiver 701 is further configured to: before the transmitter 700 sends the user equipment identity request to the UE, receive the user equipment identity request sent by the 3GPP AAA server.
- the receiver 701 receives the 3GPP.
- the AAA server sends a re-authentication request message Re-Auth-Request, where the Re-Auth-Request includes an indication of the user equipment identity request; or
- the receiver 701 is configured to receive a user equipment identity request message sent by the 3GPP AAA server.
- An optional method for sending a user equipment identity request and a corresponding receiving user equipment identity is: when the network side device is a gateway device, the transmitter 700 is configured to send a network key exchange information request message to the UE.
- IKEv2 Information Request includes an indication of the user equipment identity request
- the receiver 701 is configured to receive the network key exchange information request message reply message IKEv2 Information Response sent by the UE, where the IKEv2 Information Response includes the user equipment identifier;
- a further embodiment of the method for transmitting the user equipment identity and the corresponding user equipment identity is: if the network device is a gateway device, the transmitter 700 is configured to send a data network modification request message (PDN Modify Request, PDN) to the UE.
- the Modify Request includes an indication of the user equipment identity request, and the receiver 701 is configured to receive a data network modification request reply message (PDN Modify Accept) sent by the UE, where the PDN Modify Accept includes the user equipment identifier.
- the transmitter 700 is further configured to send the user equipment identifier to the 3GPP AAA server after the receiver 701 receives the user equipment identifier.
- the specific implementation manner in which the transmitter 700 sends the user equipment identifier to the 3GPP AAA server may be: the transmitter 700 sends an authentication and authorization request message Diameter AA Request to the 3GPP AAA sever, where the user equipment identifier is included in the Diameter AA Request; or ,
- the transmitter 700 sends a re-authentication authorization reply message Re-Auth-Answer to the 3GPP AAA server, where the Re-Auth-Answer includes the user equipment identifier; or
- the transmitter 700 sends a user equipment identity reply message to the 3GPP AAA server, where the user equipment identity reply message includes the user equipment identifier.
- the receiver 701 is further configured to: after the transmitter 700 sends the user equipment identifier to the 3GPP AAA server, receive a message that the user equipment identifier detection result fails;
- the processor 702 is further configured to: according to the message that the user equipment identifier detection result fails, determine that the user equipment identifier is invalid, and notify the UE that the user equipment identity detection result fails.
- the specific implementation manner of the processor 702 determining that the user equipment identifier is invalid, and notifying the UE that the user equipment identifier detection result fails may be: the transmitter 700 sends a PDN connection release request to the UE, and the PDN disconnection request includes the user equipment identifier. An indication that the test result failed; or,
- the transmitter 700 sends an information request message to the UE, and the INFORMATION Request includes an indication that the user equipment identity detection result fails.
- the receiver 701 may send the user equipment identifier to the 3GPP AAA server after receiving the identifier of the user equipment identifier.
- the receiver 701 may receive the authentication and authorization reply message Diameter AA Answer.
- the Diameter AA Answer includes an indication that the user equipment identity detection result fails; or,
- the receiver 701 receives the Abort Session Request message, and the Abort Session Request includes an indication that the user equipment identity detection result fails.
- the transmitter 700 sends an extended authentication authentication request message EAP REQ AKA' to the UE.
- EAP REQ AKA'Reauthentication includes an indication of a user equipment identification request;
- the receiver 701 receives the extended authentication authentication request reply message EAP RSP AKA'Reauthentication sent by the UE, and the EAP RSP AKA'Reauthentication includes the user equipment identifier.
- the receiver 701 is configured to receive a user equipment identity detection request sent by the gateway device before the transmitter sends the user equipment identity request to the UE.
- the processor 702 is further configured to determine, according to the user equipment identity detection request sent by the gateway device, that the user equipment identity needs to be detected.
- the specific implementation manner of the receiver 701 receiving the user equipment identity detection request sent by the gateway device may be: the receiver 701 receives the authentication device request message Diameter EAP Request sent by the gateway device, where the Diameter EAP Request includes the user equipment identity detection. The indication of the request; or, the receiver 701 receives the user equipment identity detection request message sent by the gateway device.
- the transmitter 700 is further configured to: after the receiver receives the user equipment identifier, set the user The backup identifier is sent to the EIR;
- the processor 702 is further configured to receive a detection result of the user equipment identifier sent by the device identifier logger EIR, and determine, according to the detection result of the user equipment identifier, that the user equipment identifier of the UE is invalid;
- the transmitter 700 is further configured to notify the UE or the gateway device that the user equipment identity detection result fails.
- the specific implementation manner of the transmitter 700 notifying the UE that the device identifier detection result fails may be that the transmitter 700 sends an extended authentication authentication failure message EAP failure to the UE, where the EAP failure includes an indication that the user equipment identifier detection result fails.
- the specific implementation manner of the transmitter 700 notifying the gateway device that the user equipment identifier detection result fails may be: the transmitter 700 sends an authentication and authorization reply message Diameter AA Answer to the gateway device, and the authentication and authorization reply message Diameter AA Answer includes the user. An indication that the device identification test result failed; or,
- the transmitter 700 sends a termination session request message Abort Session Request to the gateway device, and the termination session request message includes an indication that the user equipment identity detection result fails.
- the receiver 701 is further configured to: before the transmitter 700 sends the user equipment identity request to the UE, receive, by using the HSS, the user equipment identity detection request sent by the IMS;
- the transmitter 700 is further configured to: after the receiver 701 receives the detection result of the user equipment identifier sent by the EIR, send the user equipment detection result to the IMS through the HSS.
- the hardware structure of the device for obtaining the identifier of the user equipment in the embodiment of the present invention is as shown in FIG. 8 , and includes a processor 800 , a receiver 810 , a transmitter 820 , and a memory 830 .
- the memory 830 can be used to acquire the user equipment identifier and store the program/code pre-installed at the factory, or store the code used when the processor 800 is executed.
- a bus system 840 which in addition to the data bus includes a power bus, a control bus, and a status signal bus.
- the processor 800 can be a general-purpose central processing unit (CPU), a microprocessor, and an application specific integrated circuit (Application Specific Integrated Circuit, An ASIC), or one or more integrated circuits, for performing related operations to implement the technical solutions provided by the embodiments of the present invention.
- CPU central processing unit
- microprocessor a microprocessor
- ASIC Application Specific Integrated Circuit
- the receiver 810 and the transmitter 820 may be integrated in the same module, or may be physically present separately, or two or more modules may be integrated into one unit.
- the above integrated modules can be implemented in the form of hardware or in the form of software functional modules.
- the device for obtaining the user equipment identification shown in FIG. 8 only shows the processor 800, the receiver 810, the transmitter 820, the memory 830, and the bus system 840, in a specific implementation process, those skilled in the art It should be understood that the device also contains other components necessary to achieve proper operation. At the same time, those skilled in the art will appreciate that the device may also include hardware devices that implement other additional functions, depending on the particular needs. Moreover, those skilled in the art will appreciate that the device may also include only the devices or modules necessary to implement the embodiments of the present invention, and do not necessarily include all of the devices shown in FIG.
- the storage medium may be a magnetic disk, an optical disk, a read-only memory (ROM), or a random access memory (RAM).
- the embodiment of the present invention further provides a device for transmitting a user equipment identifier.
- the method for transmitting the user equipment identifier is a method for sending the user equipment identifier according to the embodiment of the present invention.
- the device identified by the user equipment refer to the implementation of the method, and the repeated description is not repeated.
- the device for transmitting a user equipment identifier includes: a receiver 900, a transmitter 901, and a processor 902;
- the receiver 900 is configured to receive a user equipment identity request sent by the network side device after accessing the core network from the Non 3GPP side;
- the transmitter 901 is configured to send the user equipment identifier to the network side device.
- the receiver 900 receives the network key exchange information request message IKEv2 Information Request sent by the network side device, and the IKEv2 Information Request includes an indication of the user equipment identity request.
- the transmitter 901 sends a network key exchange information request message reply message IKEv2 Information Response to the network side device, and the IKEv2 Information Response includes the user equipment identifier.
- the receiver 900 receives the data network modification request message sent by the network side device.
- Request, the PDN Modify Request includes an indication of the user equipment identity request;
- the transmitter 901 sends a PDN Modify Accept message to the network side device according to the network modification request message, where the PDN Modify Accept includes the user equipment identifier.
- the receiver 900 receives the extended authentication authentication request sent by the network side device.
- the message EAP REQ AKA 'Reauthentication, EAP REQ AKA 'Reauthentication includes an indication of the user equipment identification request;
- the transmitter 901 returns an EAP RSP AKA'Reauthentication message to the network side device extended authentication authentication request message, and the EAP RSP AKA'Reauthentication includes the user equipment identifier.
- the transmitter 901 is further configured to: after the UE accesses the core network, send an IMS service request to the IMS before the receiver receives the user equipment identity request sent by the network side device;
- the receiver 900 is further configured to: after the transmitter sends the user equipment identifier to the network side device, receive a message that the user equipment identity detection result fails;
- the processor 902 is configured to determine, according to the failure of the user equipment identifier detection result, that the user equipment identifier is invalid, and then no longer initiate an IMS service request.
- the receiver 900 receives the message that the user equipment identity detection result is unsuccessful.
- the specific implementation of the message that the user equipment identity detection result fails is received in the PDN disconnection request.
- the receiver 900 receives an EAP failure, and the EAP failure includes an indication that the user equipment identity detection result fails.
- the receiver 900 is configured to receive, after accessing the core network from the Non 3GPP side, a request for acquiring a user equipment identifier sent by the network side device;
- the transmitter 901 is configured to send the user equipment identifier to the network side device.
- an optional method for sending the user equipment identity request and the corresponding receiving user device identifier is: the receiver 900 receives the network key exchange information request message sent by the network side device, IKEv2 Information Request
- the IKEv2 Information Request includes an indication of the user equipment identity request.
- the transmitter 901 sends a network key exchange information request message reply message IKEv2 Information Response to the network side device, and the IKEv2 Information Response includes the user equipment identifier.
- the receiver 900 receiving the data network modification request message (PDN Modify Request) sent by the network side device
- PDN Modify Request includes an indication of the user equipment identity request.
- the transmitter 901 sends a PDN Modify Accept message to the network side device according to the network modification request message, where the PDN Modify Accept includes the user equipment identifier.
- an optional method for sending the user equipment identity request and the corresponding receiving user equipment identity is: the receiver 900 receives the extended authentication authentication request message EAP REQ AKA sent by the network side device.
- EAP REQ AKA'Reauthentication includes an indication of a user equipment identification request;
- the transmitter 901 returns an EAP RSP AKA'Reauthentication message to the network side device extended authentication authentication request message, and the EAP RSP AKA'Reauthentication includes the user equipment identifier.
- the transmitter 901 sends an IMS service request to the IMS before the receiver receives the user equipment identity request sent by the network side device.
- the receiver 900 is further configured to: after the transmitter 901 sends the user equipment identifier to the network side device, Receiving a message that the user equipment identity detection result fails;
- the processor 902 is configured to determine, according to the failure of the user equipment identifier detection result, that the user equipment identifier is invalid, and then no longer initiate an IMS service request.
- the receiver 900 receives the message that the user equipment identity detection result fails.
- the receiver 900 may receive the PDN connection release request (PDN disconnection request), where the PDN disconnection request includes an indication that the user equipment identity detection result fails.
- the receiver 900 receives an EAP failure, and the EAP failure includes an indication that the user equipment identity detection result fails.
- the hardware structure diagram of the device for transmitting the user equipment identifier in the embodiment of the present invention is as shown in FIG. 10, and includes a processor 1000, a receiver 1010, a transmitter 1020, and a memory 1030.
- the memory 1030 may be used to send a device identifier of the user equipment to store a program/code pre-installed at the factory, or may store a code or the like for execution of the processor 1000.
- a bus system 1040 which in addition to the data bus includes a power bus, a control bus, and a status signal bus.
- the processor 1000 can be a general-purpose central processing unit (CPU), a microprocessor, an application specific integrated circuit (ASIC), or one or more integrated circuits for performing related operations.
- CPU central processing unit
- ASIC application specific integrated circuit
- the receiver 1010 and the transmitter 1020 may be integrated in the same module, or may be physically present separately, or two or more modules may be integrated into one unit.
- the above integrated modules can be implemented in the form of hardware or in the form of software functional modules.
- the device for transmitting user equipment identification shown in FIG. 10 only shows the processor 1000, the receiver 1010, the transmitter 1020, the memory 1030, and the bus system 1040, in a specific implementation process, those skilled in the art It should be understood that the device also contains other components necessary to achieve proper operation. At the same time, according to specific needs, those skilled in the art should understand that the design It can also include hardware devices that implement additional functions. Moreover, those skilled in the art will appreciate that the device may also include only the devices or modules necessary to implement the embodiments of the present invention, and do not necessarily include all of the devices shown in FIG.
- the storage medium may be a magnetic disk, an optical disk, a read-only memory (ROM), or a random access memory (RAM).
- the embodiment of the present invention further provides a device for triggering detection of user equipment identification.
- the method for triggering detection of user equipment identification is a method for triggering detection of user equipment identification according to an embodiment of the present invention.
- the implementation of the device that triggers the detection of the user equipment identity the implementation of the method may be referred to, and the details are not repeated here.
- the device for triggering detection of user equipment identifiers in the embodiment of the present invention includes:
- the receiver 1100 is configured to receive, by the user equipment, the UE, an IMS service request.
- the processor 1102 is configured to determine that the user equipment identifier of the UE needs to be detected
- the transmitter 1101 is configured to send a user equipment identity detection request to the network side device.
- the receiver 1100 is further configured to:
- the transmitter 1101 sends the user equipment detection request to the network side device, receiving the user equipment identity detection result;
- the processor 1102 is further configured to: determine, according to the detection result of the user equipment identity, whether to accept the IMS service request of the UE, and if it is determined that the user equipment identity detection result is invalid according to the user equipment identity detection result, reject the IMS service request of the UE; The user equipment identifies the detection result, and determines that the user equipment identity detection result is legal, and then accepts the IMS service request of the UE.
- the hardware structure diagram of the device for triggering the detection of the user equipment identifier in the embodiment of the present invention is as shown in FIG. 12, and includes a processor 1200, a receiver 1210, a transmitter 1220, and a memory 1230.
- the memory 1230 can be used to trigger the user equipment identification detection device to store the program/code pre-installed at the factory, and can also store the code and the like for the execution of the processor 1200.
- a bus system 1240 which in addition to the data bus includes a power bus, a control bus, and a status signal bus.
- the processor 1200 can be a general-purpose central processing unit (CPU), a microprocessor, an application specific integrated circuit (ASIC), or one or more integrated circuits for performing related operations.
- CPU central processing unit
- ASIC application specific integrated circuit
- the receiver 1210 and the transmitter 1220 may be integrated in the same module, or may be physically present separately, or two or more modules may be integrated into one unit.
- the above integrated modules can be implemented in the form of hardware or in the form of software functional modules.
- the device for triggering user equipment identification detection shown in FIG. 12 only shows the processor 1200, the receiver 1210, the transmitter 1220, the memory 1230, and the bus system 1240, in a specific implementation process, the art knows Personnel should understand that the device also contains other components necessary to function properly. At the same time, those skilled in the art will appreciate that the device may also include hardware devices that implement other additional functions, depending on the particular needs. Moreover, those skilled in the art will appreciate that the device may also only include the devices or modules necessary to implement the embodiments of the present invention, and do not necessarily include all of the devices shown in FIG.
- the storage medium may be a magnetic disk, an optical disk, a read-only memory (ROM), or a random access memory (RAM).
- the network side device sends a request for acquiring the user equipment identifier to the UE, and the network side device receives the user equipment identifier sent by the UE.
- the network device can obtain the user equipment identifier of the UE by sending a request for acquiring the user equipment identifier to the UE after the UE accesses the core network from the Non 3GPP side. Therefore, the problem that the user equipment identifier cannot be obtained after the UE accesses the core network from the gateway device on the Non 3GPP side is solved.
- embodiments of the present invention can be provided as a method, system, or computer program product. Accordingly, the present invention may take the form of an entirely hardware embodiment, an entirely software embodiment, or a combination of software and hardware. Moreover, the invention can take the form of a computer program product embodied on one or more computer-usable storage media (including but not limited to disk storage, CD-ROM, optical storage, etc.) including computer usable program code.
- computer-usable storage media including but not limited to disk storage, CD-ROM, optical storage, etc.
- the computer program instructions can also be stored in a computer readable memory that can direct a computer or other programmable data processing device to operate in a particular manner, such that the instructions stored in the computer readable memory produce an article of manufacture comprising the instruction device.
- the apparatus implements the functions specified in one or more blocks of a flow or a flow and/or block diagram of the flowchart.
- These computer program instructions can also be loaded onto a computer or other programmable data processing device such that a series of operational steps are performed on a computer or other programmable device to produce computer-implemented processing for execution on a computer or other programmable device.
- the instructions provide steps for implementing the functions specified in one or more of the flow or in a block or blocks of a flow diagram.
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Databases & Information Systems (AREA)
- Business, Economics & Management (AREA)
- Accounting & Taxation (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
Description
Claims (52)
- 一种获取用户设备标识的方法,其特征在于,该方法包括:网络侧设备在用户设备UE从Non 3GPP侧接入核心网后,向所述UE发送用户设备标识请求;所述网络侧设备接收所述UE发送的用户设备标识。
- 如权利要求1所述的方法,其特征在于,所述网络侧设备向所述UE发送用户设备标识请求之前,还包括:所述网络侧设备确定所述UE的标识信息或所述UE请求的服务满足预先配置的本地策略。
- 如权利要求1所述的方法,其特征在于,若所述网络侧设备为网关设备,所述网络侧设备向所述UE发送用户设备标识请求之前,还包括:所述网络侧设备接收3GPP AAA server发送的所述用户设备标识请求。
- 如权利要求3所述的方法,其特征在于,所述网络侧设备接收3GPP AAA server发送的所述用户设备标识请求,包括:所述网络侧设备接收所述3GPP AAA server发送重鉴权请求消息Re-Auth-Request,所述Re-Auth-Request中包括所述用户设备标识请求的指示;或者,所述网络侧设备接收3GPP AAA server发送的用户设备标识请求消息。
- 如权利要求1至4任一所述的方法,其特征在于,若所述网络侧设备为网关设备,所述网络侧设备向所述UE发送用户设备标识请求,包括:所述网络侧设备向所述UE发送网络秘钥交换信息请求消息IKEv2 Information Request,所述IKEv2 Information Request中包括所述用户设备标识请求的指示;所述网络侧设备接收所述UE发送的用户设备标识,包括:所述网络侧设备接收所述UE发送的网络秘钥交换信息请求消息回复消息IKEv2 Information Response,所述IKEv2 Information Response中包括用户 设备标识;
- 如权利要求1至4任一所述的方法,其特征在于,若所述网络侧设备为网关设备,所述网络侧设备向所述UE发送用户设备标识请求,包括:所述网络侧设备向所述UE发送数据网络修改请求消息PDN Modify Request,所述PDN Modify Request中包括所述用户设备标识请求的指示;所述网络侧设备接收所述UE发送的用户设备标识,包括:所述网络侧设备接收所述UE发送的数据网络修改请求回复消息PDN Modify Accept,所述PDN Modify Accept中包括用户设备标识。
- 如权利要求1至6任一所述的方法,其特征在于,所述网络侧设备接收所述用户设备标识后,还包括:所述网络侧设备将用户设备标识发送给3GPP AAA server。
- 如权利要求7所述的方法,其特征在于,所述网络侧设备将所述用户设备标识发送给3GPP AAA server,包括:所述网络侧设备向3GPP AAA sever发送鉴权与授权请求消息Diameter AA Request,所述Diameter AA Request中包括所述用户设备标识;或者,所述网络侧设备向所述3GPP AAA server发送重鉴权授权回复消息Re-Auth-Answer,所述Re-Auth-Answer中包括所述用户设备标识;或者,所述网络侧设备向所述3GPP AAA server发送用户设备标识回复消息,所述用户设备标识回复消息中包括所述用户设备标识。
- 如权利要求7或8所述的方法,其特征在于,所述网络侧设备将用户设备标识发送给3GPP AAA server之后,还包括:所述网络侧设备接收用户设备标识检测结果失败的消息;所述网络侧设备根据所述用户设备标识检测结果失败的消息,确定所述用户设备标识不合法,通知所述UE用户设备标识检测结果失败。
- 如权利要求9所述的方法,其特征在于,所述网络侧设备通知所述UE用户设备标识检测结果失败,包括:所述网络侧设备向所述UE发送PDN连接释放请求PDN disconnection Request,所述PDN disconnection Request中包括用户设备标识检测结果失败的指示;或者,所述网络侧设备向所述UE发送信息请求消息INFORMATION Request,所述INFORMATION Request中包括用户设备标识检测结果失败的指示。
- 如权利要求9或10所述的方法,其特征在于,所述网络侧设备接收用户设备标识检测结果失败的消息,包括:所述网络侧设备接收鉴权与授权回复消息Diameter AA Answer,所述Diameter AA Answer中包括用户设备标识检测结果失败的指示;或者,所述网络侧设备接收终止会话请求消息Abort Session Request,所述Abort Session Request中包括用户设备标识检测结果失败的指示。
- 如权利要求1或2所述的方法,其特征在于,所述网络侧设备为3GPP AAA server,所述网络侧设备向所述UE发送用户设备标识请求,包括:所述网络侧设备向所述UE发送扩展的鉴权认证请求消息EAP REQ AKA’Reauthentication,所述EAP REQ AKA’Reauthentication中包括所述用户设备标识请求的指示;所述网络侧设备接收所述UE发送的用户设备标识,包括:所述网络侧设备接收所述UE发送的扩展的鉴权认证请求回复消息EAP RSP AKA’Reauthentication,所述EAP RSP AKA’Reauthentication中包括所述用户设备标识。
- 如权利要求12所述的方法,其特征在于,所述网络侧设备向所述UE发送用户设备标识请求之前,还包括:所述网络侧设备接收网关设备发送的用户设备标识检测请求,确定需要对用户设备标识进行检测。
- 如权利要求13所述的方法,其特征在于,所述网络侧设备接收网关设备发送的所述用户设备标识检测请求,包括:所述网络侧设备接收网关设备发送的鉴权认证请求消息Diameter EAP Request,所述Diameter EAP Request中包括用户设备标识检测请求的指示;或者,所述网络侧设备接收网关设备发送的用户设备标识检测请求消息。
- 如权利要求12至14任一所述的方法,其特征在于,所述网络侧设备接收所述用户设备标识之后,还包括:所述网络侧设备将用户设备标识发送给设备标识记录器EIR;所述网络侧设备接收EIR发送的用户设备标识的检测结果,若根据所述用户设备标识的检测结果,确定所述UE的用户设备标识不合法,通知所述UE或网关设备发送用户设备标识检测结果失败。
- 如权利要求15所述的方法,其特征在于,所述网络侧设备通知所述UE用户设备标识检测结果失败,包括:所述网络侧设备向所述UE发送扩展的鉴权认证失败消息EAP failure,所述EAP failure中包括用户设备标识检测结果失败的指示。
- 如权利要求15的所述方法,其特征在于,所述网络侧设备通知所述网关设备用户设备标识检测结果失败,包括:所述网络侧设备向所述网关设备发送鉴权与授权回复消息Diameter AA Answer,所述鉴权与授权回复消息Diameter AA Answer中包括用户设备标识检测结果失败的指示;或者,所述网络侧设备向所述网关设备发送终止会话请求消息Abort Session Request,所述终止会话请求消息Abort Session Request中包括用户设备标识检测结果失败的指示。
- 如权利要求12至17任一所述的方法,其特征在于,所述网络侧设备向所述UE发送获取用户设备标识的请求之前,还包括:所述网络侧设备通过归属用户服务器HSS接收IMS发送的用户设备标识检测请求;所述网络侧设备接收EIR发送的用户设备标识的检测结果之后,还包括:所述网络侧设备将所述用户设备检测结果通过所述HSS发送给所述IMS。
- 一种发送用户设备标识的方法,其特征在于,该方法包括:用户设备UE从Non 3GPP侧接入核心网后,接收网络侧设备发送的用户设备标识请求;所述UE向所述网络侧设备发送用户设备标识。
- 如权利要求19所述的方法,其特征在于,若所述网络侧设备为网关设备,所述UE接收所述网络侧设备发送的用户设备标识请求,包括:所述UE接收所述网络侧设备发送的网络秘钥交换信息请求消息IKEv2 Information Request,所述IKEv2 Information Request中包括所述用户设备标识请求的指示;所述UE向所述网络侧设备发送用户设备标识,包括:所述UE向所述网络侧设备发送网络秘钥交换信息请求消息回复消息IKEv2 Information Response,所述IKEv2 Information Response中包括用户设备标识。
- 如权利要求19所述的方法,其特征在于,若所述网络侧设备为网关设备,所述UE接收所述网络侧设备发送的所述用户设备标识请求,包括:所述UE接收所述网络侧设备发送的数据网络修改请求消息PDN Modify Request,所述PDN Modify Request中包括所述所述用户设备标识请求的指示;所述UE向所述网络侧设备发送用户设备标识,包括:所述UE向所述网络侧设备发送据网络修改请求消息回复PDN Modify Accept,所述PDN Modify Accept中包括用户设备标识。
- 如权利要求19所述的方法,其特征在于,若所述网络侧设备为3GPP AAA server,所述UE接收所述网络侧设备发送的所述用户设备标识请求,包括:所述UE接收所述网络侧设备发送的扩展的鉴权认证请求消息EAP REQ AKA’Reauthentication,所述EAP REQ AKA’Reauthentication中包括用户设备标识请求的指示;所述UE向所述网络侧设备发送用户设备标识,包括:所述UE向所述网络侧设备扩展的鉴权认证请求消息回复EAP RSP AKA’Reauthentication,所述EAP RSP AKA’Reauthentication中包括用户设备标识。
- 如权利要求19至22任一所述的方法,其特征在于,所述UE接入核心网后,接收所述网络侧设备发送的所述用户设备标识请求之前,还包括:所述UE向IMS发送IMS业务请求;所述UE向所述网络侧设备发送用所述户设备标识之后,还包括:所述UE接收用户设备标识检测结果失败的消息;所述UE根据所述用户设备标识检测结果失败的消息,确定所述用户设备标识不合法,则不再发起所述IMS业务请求。
- 如权利要求23所述的方法,其特征在于,所述UE接收用户设备标识检测结果失败的消息,包括:所述UE接收PDN连接释放请求PDN disconnection Request,所述PDN disconnection Request中包括用户设备标识检测结果失败的指示;或者,所述UE接收EAP failure,所述EAP failure中包括用户设备标识检测结果失败的指示。
- 一种触发用户设备标识检测的方法,其特征在于,包括:网络之间互连的协议IP多媒体子系统IMS接收用户设备UE发送IMS业务请求,确定需要对所述UE的用户设备标识进行检测;所述IMS向网络侧设备发送用户设备标识检测请求。
- 如权利要求25所述的方法,其特征在于,所述IMS向所述网络侧设备发送用户设备检测请求之后,还包括:所述IMS接收用户设备标识检测结果;所述IMS根据用户设备标识检测结果,判断是否接受UE的IMS业务请求,若根据所述用户设备标识检测结果,确定所述用户设备标识检测结果不合法,则拒绝所述UE的IMS业务请求;若根据所述用户设备标识检测结果, 确定所述用户设备标识检测结果合法,则接受所述UE的IMS业务请求。
- 一种获取用户设备标识的设备,其特征在于,包括:发射机,用于在用户设备UE从Non 3GPP侧接入核心网后,向所述UE发送用户设备标识请求;接收机,用于接收所述UE发送的用户设备标识。
- 如权利要求27所述的设备,其特征在于,所述设备还包括:处理器;所述处理器,用于在所述发射机向所述UE发送所述用户设备标识请求之前,确定所述UE的标识信息或所述UE请求的服务满足预先配置的本地策略。
- 如权利要求27所述的设备,其特征在于,若所述网络侧设备为网关设备,所述接收机还用于:在所述发射机向所述UE发送所述用户设备标识请求之前,接收3GPP AAA server发送的所述用户设备标识请求。
- 如权利要求29所述的设备,其特征在于,所述接收机,用于:接收所述3GPP AAA server发送重鉴权请求消息Re-Auth-Request,所述Re-Auth-Request中包括所述用户设备标识请求的指示;或者,接收3GPP AAA server发送的用户设备标识请求消息。
- 如权利要求27至30任一所述的设备,其特征在于,若所述网络侧设备为网关设备,所述发射机,用于:向所述UE发送网络秘钥交换信息请求消息IKEv2 Information Request,所述IKEv2 Information Request中包括所述用户设备标识请求的指示;所述接收机,用于:接收所述UE发送的网络秘钥交换信息请求消息回复消息IKEv2 Information Response,所述IKEv2 Information Response中包括用户设备标识。
- 如权利要求27至30任一所述的设备,其特征在于,若所述网络侧设备为网关设备,所述发射机,用于:向所述UE发送数据网络修改请求消息PDN Modify Request,所述PDN Modify Request中包括所述用户设备标识请求的指示;所述接收机,用于:接收所述UE发送的数据网络修改请求回复消息PDN Modify Accept,所述PDN Modify Accept中包括用户设备标识。
- 如权利要求27至32任一所述的设备,其特征在于,所述发射机,还用于:在所述接收机接收所述用户设备标识后,将用户设备标识发送给3GPP AAA server。
- 如权利要求33所述的设备,其特征在于,所述发射机,用于:向3GPP AAA sever发送鉴权与授权请求消息Diameter AA Request,所述Diameter AA Request中包括用户设备标识;或者,所述网络侧设备向所述3GPP AAA server发送重鉴权授权回复消息Re-Auth-Answer,所述Re-Auth-Answer中包括用户设备标识;或者,向所述3GPP AAA server发送用户设备标识回复消息,所述用户设备标识回复消息中包括用户设备标识。
- 如权利要求33或34所述的设备,其特征在于,所述接收机,还用于:在所述发射机将用户设备标识发送给3GPP AAA server之后,接收用户设备标识检测结果失败的消息;所述处理器,还用于:根据所述用户设备标识检测结果失败的消息,确定所述用户设备标识不合法,通知所述UE用户设备标识检测结果失败。
- 如权利要求35所述的设备,其特征在于,所述发射机,用于:向所述UE发送PDN连接释放请求PDN disconnection Request,所述PDN disconnection Request中包括用户设备标识检测结果失败的指示;或者,向所述UE发送信息请求消息INFORMATION Request,所述INFORMATION Request中包括用户设备标识检测结果失败的指示。
- 如权利要求35或36所述的设备,其特征在于,所述接收机,用于:接收鉴权与授权回复消息Diameter AA Answer,所述Diameter AA Answer中包括用户设备标识检测结果失败的指示;或者,接收终止会话请求消息Abort Session Request,所述Abort Session Request中包括用户设备标识检测结果失败的指示。
- 如权利要求27或28所述的设备,其特征在于,所述网络侧设备为3GPP AAA server,所述发射机,用于:向所述UE发送扩展的鉴权认证请求消息EAP REQ AKA’Reauthentication,所述EAP REQ AKA’Reauthentication中包括所述用户设备标识请求的指示;所述接收机,用于:接收所述UE发送的扩展的鉴权认证请求回复消息EAP RSP AKA’Reauthentication,所述EAP RSP AKA’Reauthentication中包括用户设备标识。
- 如权利要求38所述的设备,其特征在于,所述接收机,用于在所述发射机向所述UE发送所述用户设备标识请求之前,接收网关设备发送的用户设备标识检测请求;所述处理器,还用于根据所述网关设备发送的所述用户设备标识检测请求,确定需要对所述用户设备标识进行检测。
- 如权利要求39所述的设备,其特征在于,所述接收机,用于:接收网关设备发送的鉴权认证请求消息Diameter EAP Request,所述鉴Diameter EAP Request中包括用户设备标识检测请求的指示;或者,接收网关设备发送的用户设备标识检测请求消息。
- 如权利要求38至40任一所述的设备,其特征在于,所述发射机,还用于:在所述接收机接收所述用户设备标识之后,将用户设备标识发送给EIR;所述处理器,还用于:接收设备标识记录器EIR发送的用户设备标识的检测结果,若根据所述 用户设备标识的检测结果,确定所述UE的用户设备标识不合法;所述发射机,还用于:通知所述UE或网关设备发送用户设备标识检测结果失败。
- 如权利要求41所述的设备,其特征在于,所述发射机,用于:向所述UE发送扩展的鉴权认证失败消息EAP failure,所述EAP failure中包括用户设备标识检测结果失败的指示。
- 如权利要求41的所述的设备,其特征在于,所述发射机,用于:向所述网关设备发送鉴权与授权回复消息Diameter AA Answer,所述鉴权与授权回复消息Diameter AA Answer中包括用户设备标识检测结果失败的指示;或者,向所述网关设备发送终止会话请求消息Abort Session Request,所述终止会话请求消息Abort Session Request中包括用户设备标识检测结果失败的指示。
- 如权利要求38至43任一所述的设备,其特征在于,所述接收机,还用于:在所述发射机向所述UE发送获取用户设备标识的请求之前,通过HSS接收IMS发送的用户设备标识检测请求;所述发射机,还用于:在所述接收机接收EIR发送的用户设备标识的检测结果之后,将所述用户设备检测结果通过所述HSS发送给所述IMS。
- 一种发送用户设备标识的设备,其特征在于,包括:接收机,用于在从Non 3GPP侧接入核心网后,接收网络侧设备发送的用户设备标识请求;发射机,用于向所述网络侧设备发送用户设备标识。
- 如权利要求45所述的设备,其特征在于,若所述网络侧设备为网关设备,所述接收机,用于:接收所述网络侧设备发送的网络秘钥交换信息请求消息IKEv2 Information Request,所述IKEv2 Information Request中包括所述用户设备标识请求的指示;所述发射机,用于:向所述网络侧设备发送网络秘钥交换信息请求消息回复消息IKEv2 Information Response,所述IKEv2 Information Response中包括用户设备标识。
- 如权利要求45所述的设备,其特征在于,若所述网络侧设备为网关设备,所述接收机,用于:接收所述网络侧设备发送的数据网络修改请求消息PDN Modify Request,所述PDN Modify Request中包括所述用户设备标识请求的指示;所述发射机,用于:向所述网络侧设备发送据网络修改请求消息回复PDN Modify Accept,所述PDN Modify Accept中包括用户设备标识。
- 如权利要求46所述的设备,其特征在于,若所述网络侧设备为3GPP AAA server,所述接收机,用于:接收所述网络侧设备发送的扩展的鉴权认证请求消息EAP REQ AKA’Reauthentication,所述EAP REQ AKA’Reauthentication中包括所述用户设备标识请求的指示;所述发射机,用于:向所述网络侧设备扩展的鉴权认证请求消息回复EAP RSP AKA’Reauthentication,所述EAP RSP AKA’Reauthentication中包括用户设备标识。
- 如权利要求45至48任一所述的设备,其特征在于,所述发射机,还用于:在所述UE接入核心网后,在所述接收机接收所述网络侧设备发送的获取用户设备标识的请求之前,向IMS发送IMS业务请求;所述接收机,还用于在所述发射机向所述网络侧设备发送用所述户设备标识之后,接收用户设备标识检测结果失败的消息;该设备还包括:处理器;所述处理器,用于根据所述用户设备标识检测结果失败的消息,确定所述用户设备标识不合法,则不再发起所述IMS业务请求。
- 如权利要求49所述的设备,其特征在于,所述接收机,用于:接收PDN连接释放请求PDN disconnection Request,所述PDN disconnection Request中包括用户设备标识检测结果失败的指示;或者,接收EAP failure,所述EAP failure中包括用户设备标识检测结果失败的指示。
- 一种触发用户设备标识检测的设备,其特征在于,包括:接收机,用于接收用户设备UE发送IMS业务请求;处理器,用于确定需要对所述UE的用户设备标识进行检测;发射机,用于向网络侧设备发送用户设备标识检测请求。
- 如权利要求51所述的设备,其特征在于,所述接收机,还用于:在所述发射机向所述网络侧设备发送用户设备检测请求之后,接收用户设备标识检测结果;所述处理器,还用于根据用户设备标识检测结果,判断是否接受UE的IMS业务请求,若根据所述用户设备标识检测结果,确定所述用户设备标识检测结果不合法,则拒绝所述UE的IMS业务请求;若根据所述用户设备标识检测结果,确定所述用户设备标识检测结果合法,则接受所述UE的IMS业务请求。
Priority Applications (5)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
JP2018540863A JP2019505132A (ja) | 2016-02-03 | 2016-02-03 | ユーザー機器識別子を取得する方法および装置とユーザー機器識別子を送信する方法および装置 |
EP16888731.3A EP3413605A4 (en) | 2016-02-03 | 2016-02-03 | METHOD AND DEVICE FOR ACQUIRING AND SENDING USER EQUIPMENT IDENTIFIER |
CN201680080987.XA CN108702619A (zh) | 2016-02-03 | 2016-02-03 | 获取、发送用户设备标识的方法及设备 |
PCT/CN2016/073371 WO2017132906A1 (zh) | 2016-02-03 | 2016-02-03 | 获取、发送用户设备标识的方法及设备 |
US16/053,829 US20180343559A1 (en) | 2016-02-03 | 2018-08-03 | Method and device for obtaining user equipment identifier, and method and device for sending user equipment identifier |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
PCT/CN2016/073371 WO2017132906A1 (zh) | 2016-02-03 | 2016-02-03 | 获取、发送用户设备标识的方法及设备 |
Related Child Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US16/053,829 Continuation US20180343559A1 (en) | 2016-02-03 | 2018-08-03 | Method and device for obtaining user equipment identifier, and method and device for sending user equipment identifier |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2017132906A1 true WO2017132906A1 (zh) | 2017-08-10 |
Family
ID=59499217
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/CN2016/073371 WO2017132906A1 (zh) | 2016-02-03 | 2016-02-03 | 获取、发送用户设备标识的方法及设备 |
Country Status (5)
Country | Link |
---|---|
US (1) | US20180343559A1 (zh) |
EP (1) | EP3413605A4 (zh) |
JP (1) | JP2019505132A (zh) |
CN (1) | CN108702619A (zh) |
WO (1) | WO2017132906A1 (zh) |
Families Citing this family (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2020088453A (ja) * | 2018-11-16 | 2020-06-04 | シャープ株式会社 | 端末装置、コアネットワーク内の装置、データネットワーク内の装置、及び通信制御方法 |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2008095918A1 (en) * | 2007-02-06 | 2008-08-14 | Nokia Corporation | Support of uicc-less calls |
CN101873589A (zh) * | 2009-04-21 | 2010-10-27 | 华为技术有限公司 | 多网接入控制方法、通讯系统以及相关设备 |
CN101998331A (zh) * | 2009-08-21 | 2011-03-30 | 大唐移动通信设备有限公司 | 用户设备注册状态的识别方法和设备 |
Family Cites Families (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20090207759A1 (en) * | 2008-02-15 | 2009-08-20 | Andreasen Flemming S | System and method for providing a converged wireline and wireless network environment |
CN101577908B (zh) * | 2008-05-09 | 2013-01-16 | 中兴通讯股份有限公司 | 用户设备验证方法、设备标识寄存器以及接入控制系统 |
WO2010013914A2 (en) * | 2008-07-28 | 2010-02-04 | Samsung Electronics Co., Ltd. | Method for permitting a ue to conditionally access an evolved packet core network |
US8537797B2 (en) * | 2010-08-13 | 2013-09-17 | T-Mobile Usa, Inc. | Enhanced registration messages in internet protocol multimedia subsystems |
US9713040B2 (en) * | 2011-04-28 | 2017-07-18 | Panasonic Intellectual Property Corporation Of America | Communication system, mobile terminal, router, and mobility management entity |
US20130267203A1 (en) * | 2012-04-05 | 2013-10-10 | Zu Qiang | Sending plmn id at a shared wifi access |
US20150327073A1 (en) * | 2013-01-29 | 2015-11-12 | Telefonaktiebolaget L M Ericson (Publ) | Controlling Access of a User Equipment to Services |
-
2016
- 2016-02-03 JP JP2018540863A patent/JP2019505132A/ja active Pending
- 2016-02-03 CN CN201680080987.XA patent/CN108702619A/zh active Pending
- 2016-02-03 EP EP16888731.3A patent/EP3413605A4/en not_active Withdrawn
- 2016-02-03 WO PCT/CN2016/073371 patent/WO2017132906A1/zh active Application Filing
-
2018
- 2018-08-03 US US16/053,829 patent/US20180343559A1/en not_active Abandoned
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2008095918A1 (en) * | 2007-02-06 | 2008-08-14 | Nokia Corporation | Support of uicc-less calls |
CN101873589A (zh) * | 2009-04-21 | 2010-10-27 | 华为技术有限公司 | 多网接入控制方法、通讯系统以及相关设备 |
CN101998331A (zh) * | 2009-08-21 | 2011-03-30 | 大唐移动通信设备有限公司 | 用户设备注册状态的识别方法和设备 |
Non-Patent Citations (2)
Title |
---|
ALCATEL -LUCENT ET AL.: "C1-152990: Support of IMEI Signalling via IKEv2 for Un-trusted Access", 3GPP TSG-CT WG1 MEETING #93, 21 August 2015 (2015-08-21), XP050998291 * |
See also references of EP3413605A4 * |
Also Published As
Publication number | Publication date |
---|---|
CN108702619A (zh) | 2018-10-23 |
EP3413605A4 (en) | 2019-02-20 |
JP2019505132A (ja) | 2019-02-21 |
EP3413605A1 (en) | 2018-12-12 |
US20180343559A1 (en) | 2018-11-29 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US11212676B2 (en) | User identity privacy protection in public wireless local access network, WLAN, access | |
US11825303B2 (en) | Method for performing verification by using shared key, method for performing verification by using public key and private key, and apparatus | |
EP2258126B9 (en) | Security for a non-3gpp access to an evolved packet system | |
JP6628295B2 (ja) | 認証されていないユーザのための3gpp進化型パケットコアへのwlanアクセスを介した緊急サービスのサポート | |
US20170289883A1 (en) | Emergency services handover between untrusted wlan access and cellular access | |
EP2406976B1 (en) | Communication of session-specific information to user equipment from an access network | |
JP2016503622A (ja) | 無線装置での安全なオンラインサインアップ及びプロビジョニング | |
US9807088B2 (en) | Method and network node for obtaining a permanent identity of an authenticating wireless device | |
CN110249648B (zh) | 由未经认证的用户设备执行的用于会话建立的系统和方法 | |
JP6522799B2 (ja) | モバイル通信ネットワークのハンドオーバ機能を発見するための方法、モバイル通信ネットワークのハンドオーバ機能を発見するためのシステム、ユーザ装置、プログラム及びコンピュータプログラム製品 | |
US12113783B2 (en) | Wireless-network attack detection | |
WO2016184140A1 (zh) | 一种设备标识的检查方法及系统、设备、存储介质 | |
US9532218B2 (en) | Implementing a security association during the attachment of a terminal to an access network | |
JP6861285B2 (ja) | 緊急アクセス中のパラメータ交換のための方法およびデバイス | |
WO2017132906A1 (zh) | 获取、发送用户设备标识的方法及设备 | |
US20220030428A1 (en) | Communication Method and Communications Device | |
JP2024517897A (ja) | Nswoサービスの認証のための方法、デバイス、および記憶媒体 | |
CN115942305A (zh) | 一种会话建立方法和相关装置 |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 16888731 Country of ref document: EP Kind code of ref document: A1 |
|
ENP | Entry into the national phase |
Ref document number: 2018540863 Country of ref document: JP Kind code of ref document: A |
|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
WWE | Wipo information: entry into national phase |
Ref document number: 2016888731 Country of ref document: EP |
|
ENP | Entry into the national phase |
Ref document number: 2016888731 Country of ref document: EP Effective date: 20180903 |