WO2019062384A1 - Procédé et dispositif pour un utilisateur de réseau public ayant accès à un réseau privé - Google Patents

Procédé et dispositif pour un utilisateur de réseau public ayant accès à un réseau privé Download PDF

Info

Publication number
WO2019062384A1
WO2019062384A1 PCT/CN2018/101519 CN2018101519W WO2019062384A1 WO 2019062384 A1 WO2019062384 A1 WO 2019062384A1 CN 2018101519 W CN2018101519 W CN 2018101519W WO 2019062384 A1 WO2019062384 A1 WO 2019062384A1
Authority
WO
WIPO (PCT)
Prior art keywords
network
authentication
public network
element device
user terminal
Prior art date
Application number
PCT/CN2018/101519
Other languages
English (en)
Chinese (zh)
Inventor
倪靖清
尚小天
Original Assignee
大唐移动通信设备有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 大唐移动通信设备有限公司 filed Critical 大唐移动通信设备有限公司
Publication of WO2019062384A1 publication Critical patent/WO2019062384A1/fr

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/09Mapping addresses
    • H04L61/10Mapping addresses of different types
    • H04L61/106Mapping addresses of different types across networks, e.g. mapping telephone numbers to data network addresses
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L65/00Network arrangements, protocols or services for supporting real-time applications in data packet communication
    • H04L65/1066Session management
    • H04L65/1073Registration or de-registration
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L65/00Network arrangements, protocols or services for supporting real-time applications in data packet communication
    • H04L65/1066Session management
    • H04L65/1101Session protocols
    • H04L65/1104Session initiation protocol [SIP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/08Access security

Definitions

  • the present invention relates to the field of mobile communications technologies, and in particular, to a method and a device for implementing a public network access private network.
  • 4G 4th Generation Mobile Communication Technology
  • some enterprises use the advanced communication mechanism under the 4G network to deploy a dedicated 4G wireless network, that is, 4G private network to realize the internal enterprise.
  • 4G private network is relative to the public network
  • the public network refers to the public wireless communication network operated by the telecom operators
  • the private network is the wireless network built by some enterprises, which is generally not covered by the public network. Areas, such as wireless communication systems established by industrial and mining enterprises in mines or tunnels.
  • a private network user in a 4G private network environment needs to use a subscriber-specific subscriber identity card (SIM card) to implement other specializations in the 4G private network coverage area and the 4G private network environment.
  • SIM card subscriber-specific subscriber identity card
  • the network user communicates.
  • the 4G private network base station and the public network base station use the same wireless communication mechanism, the 4G private network base station can receive the same in the 4G private network coverage area.
  • the access request of the public network user is reported to the network side of the private network.
  • the network side device of the private network cannot know the identity information and the authentication key of the public network user, the private network side cannot determine whether the public network user has the information.
  • the legal identity prohibits public network users from accessing the 4G private network. Therefore, when the public network user switches to the private network coverage within the coverage of the public network, the SIM card needs to be replaced with a specific SIM card for the private network, and sometimes the terminal device customized for the private network needs to be replaced.
  • the embodiment of the present invention provides a method and a device for implementing a public network access private network, which are used to solve the problem that a public network user in the prior art cannot access a 4G private network.
  • a method for implementing a public network user accessing a private network includes:
  • the first network element device in the core network of the private network receives the access request sent by the public network user terminal in the private network coverage area, and the access request includes the identity identifier of the public network user terminal. information;
  • the first network element device performs access authentication on the public network user terminal based on the pre-stored public network user information, and sends the second network element device in the public network core network after determining that the access authentication is passed.
  • An authentication request carrying the identity information, where the authentication request is used to instruct the second network element device to use the user authentication information corresponding to the identity identification information that is pre-stored to the public network user.
  • the terminal performs authentication;
  • the first network element device receives the authentication success response sent by the second network element device after the authentication succeeds, and sends the authentication success response to the public network user terminal by using the private network base station.
  • the first network element device performs access authentication on the public network user terminal according to the pre-stored public network user information, including:
  • the first network element device determines that the public network user information corresponding to the identity identification information is pre-stored, the first network element device determines that the public network user terminal passes the access authentication.
  • the first network element device sends an authentication request that carries the identity identification information to the second network element device in the core network of the public network, including:
  • the first network element device replaces the address information of the private network base station carried in the access request sent by the private network base station with the preset address information, and replaces the access request after the address information Claiming authentication request;
  • the first network element device sends the authentication request to a second network element device in the public network core network by using a standard protocol interface pre-agreed with the second network element device.
  • the method further includes:
  • the first network element device establishes a mapping relationship between the identity identification information and address information of the private network base station;
  • the first network element device sends the authentication success response to the public network user terminal by using the private network base station, including:
  • the first network element device acquires the identity identification information carried in the authentication success response
  • the first network element device sends the authentication success response to the public network user terminal by using the private network base station according to the obtained address information of the private network base station.
  • a method for implementing a public network user accessing a private network includes:
  • the second network element device in the core network of the public network receives the authentication request sent by the first network element device in the core network of the private network; wherein the authentication request includes the public network user terminal that is in the coverage of the private network.
  • Identity identification information and the authentication request is that the first network element device performs access authentication on the public network user terminal based on the pre-stored public network user information, and determines that the access authentication is passed;
  • the second network element device authenticates the public network user terminal based on the user authentication information corresponding to the identity identification information, and after the authentication succeeds, the first network element device Send authentication successfully responded.
  • an implementation device for accessing a private network by a public network user includes:
  • a receiving unit configured to receive an access request sent by a public network user terminal in a private network coverage area, where the access request includes identity information of the public network user terminal;
  • the first processing unit is configured to perform access authentication on the public network user terminal based on the pre-stored public network user information, and send the second network element device in the public network core network after determining that the access authentication is passed An authentication request carrying the identity information, where the authentication request is used to instruct the second network element device to use the user authentication information corresponding to the identity identification information that is pre-stored to the public network user.
  • the terminal performs authentication;
  • the second processing unit is configured to receive an authentication success response sent by the second network element device after the authentication succeeds, and send the authentication success response to the public network user terminal by using the private network base station.
  • the first processing unit when performing the access authentication on the public network user terminal based on the pre-stored public network user information, is configured to:
  • the public network user terminal is determined to pass the access authentication.
  • the first processing unit is configured to:
  • the device further includes an establishing unit, where the establishing unit is configured to: before replacing the address information of the private network base station with the preset address information, perform the following operations:
  • the second processing unit is configured to:
  • an implementation device for accessing a private network by a public network user includes:
  • a receiving unit configured to receive an authentication request sent by a first network element device in a private network core network, where the authentication request includes identity identification information of a public network user terminal that is in a private network coverage area, and The authentication request is performed by the first network element device performing access authentication on the public network user terminal based on the pre-stored public network user information, and determining that the access authentication is passed;
  • An authentication unit configured to authenticate the public network user terminal based on the user authentication information corresponding to the identity identification information, and send the information to the first network element device after the authentication succeeds The authentication was successfully responded.
  • a fifth aspect an electronic device, comprising: one or more processors; and one or more computer readable media, wherein the readable medium stores a program for implementing a public network user access private network, where The steps of the method of any of the second aspects are carried out when the program is executed by the one or more processors.
  • a computer readable medium having stored thereon a program for implementing a public network user access private network, wherein when the program is executed by one or more processors, causing the processor to execute The method of any of the second aspects.
  • a seventh aspect an electronic device, comprising: one or more processors; and one or more computer readable media, wherein the readable medium stores a program for implementing a public network user access private network, wherein The steps of the method as described in the third aspect are implemented when the program is executed by the one or more processors.
  • a computer readable medium storing, on the readable medium, a program for implementing a public network user access private network, wherein when the program is executed by one or more processors, causing the processor to execute A method as described in the third aspect.
  • the public network user information is pre-stored in the first network element device in the private network core network, and is received by the public network user terminal that is in the coverage of the private network through the private network base station.
  • the public network user terminal can perform access authentication according to the public network user information stored in advance.
  • the identity information of the public network user terminal may be reported to the second network element device in the core network of the public network, and the second network element device is based on the pre-stored and The user authentication information corresponding to the identity information is used to authenticate the public network user terminal.
  • the access authentication of the public network user terminal is completed in the first network element device of the private network core network
  • the public network is completed in the second network element device of the public network core network.
  • the authentication of the user terminal and the result of the authentication are notified to the first network element device, so that the private network can complete the access and authentication of the public network user terminal, thereby enabling the public network user not to replace the SIM card.
  • the private network can complete the access and authentication of the public network user terminal, thereby enabling the public network user not to replace the SIM card.
  • FIG. 1 is a schematic diagram of interaction between a private network side network element device and a public network side network element device according to an embodiment of the present disclosure
  • FIG. 2 is a schematic diagram of different functions implemented by a base station proxy module in a private network and a public network according to an embodiment of the present application;
  • FIG. 3 is a flowchart of a method for implementing a public network user access private network according to an embodiment of the present disclosure
  • FIG. 4 is a schematic diagram of a scenario in which a public network user terminal completes network access and authentication according to an embodiment of the present disclosure
  • FIG. 5 is a schematic diagram 1 of an implementation device for accessing a private network by a public network user according to an embodiment of the present disclosure
  • FIG. 6 is a schematic diagram 2 of an implementation device for accessing a private network by a public network user according to an embodiment of the present disclosure
  • FIG. 7 is a schematic diagram 3 of an implementation device for accessing a private network by a public network user according to an embodiment of the present disclosure.
  • the present application proposes a method and a device for implementing the public network user access private network, which can be installed with the SIM opened on the public network.
  • the public network user terminal of the card can be used not only in the public network, but also in the private network without replacing the SIM card. If the public network user terminal is to be used inside the private network, the public network user terminal first needs to complete the access and authentication process in the private network. Therefore, in the embodiment of the present application, the first network element device in the Evolved Packet Core (EPC) network of the private network LTE system is improved, so that the first network element device can complete the request for access.
  • EPC Evolved Packet Core
  • the network user terminal performs authentication, and the second network element device in the EPC network of the public network LTE system is improved, so that the private network EPC network and the public network EPC network can be connected, and then the second network in the public network EPC network.
  • the meta-device completes the authentication of the public network user terminal that is requested to access, so that the public network user terminal is successfully registered and used in the private network.
  • FIG. 1 a schematic diagram of interaction between a private network side network element device and a public network side network element device provided by an embodiment of the present application.
  • the private network EPC network side includes a first network element device
  • the public network EPC network side includes a second network element device
  • the private network IP Multimedia Subsystem (IMS) network side includes a third network element device, and a public network IMS network.
  • the side includes a fourth network element device.
  • IMS IP Multimedia Subsystem
  • the following describes the interaction process between the first network element device on the EPC network side of the private network and the second network element device on the EPC network side of the public network.
  • the first network element device may be configured to: receive an access request sent by a public network user terminal in a private network coverage area by using a private network base station, where the access request includes identity information of the public network user terminal; Network user information, performing access authentication on the public network user terminal; and after determining that the access authentication is passed, sending an authentication request carrying the identity identification information to the second network element device; receiving the second network element device After the sent authentication succeeds, the authentication success response is sent to the public network user terminal through the private network base station.
  • the second network element device may be configured to: after receiving the authentication request, perform authentication on the public network user terminal based on the pre-stored user authentication information corresponding to the identity identification information; and after the authentication succeeds, The first network element device sends an authentication success response.
  • the first network element device may include a first mobility management entity (MME), a first home subscriber server (HSS), a base station proxy module, and the like;
  • MME mobility management entity
  • HSS home subscriber server
  • the second network element device may include a second MME, a second HSS, and the like.
  • the first MME can interact with the first HSS to implement access authentication for the public network user terminal requesting access to the private network.
  • the first MME in the first network element device may be used to report the identity identification information of the public network user terminal that requests the access to the private network to the first HSS, where the designated allowed access is pre-stored in the first HSS.
  • the public network user information of the network is used for access authentication of the public network user terminal requesting access to the private network.
  • the identity information of the public network user terminal may be an International Mobile Subscriber Identity (IMSI) information stored in a SIM card used by the public network user terminal.
  • IMSI International Mobile Subscriber Identity
  • the base station proxy module is mainly used to implement communication with the second network element device on the public network EPC network side through a standard protocol interface that is open to the public network EPC network side. It can be deployed in the first MME or as a separate network element device in the EPC network, without affecting the implementation of its functions.
  • FIG. 2 different functions implemented by the base station proxy module in the private network and the public network are shown.
  • the base station proxy module may establish a mapping relationship between the identity information of the public network user terminal and the address information of the private network base station, so as to pass the response information fed back by the second network element device to the public network user terminal.
  • the private network base station having the mapping relationship is sent to the public network user terminal.
  • the mapping relationship established may specifically be a mapping relationship between the IMSI information of the public network user terminal and the Internet Protocol Address (IP address) information of the private network base station.
  • IP address Internet Protocol Address
  • the base station proxy module can be regarded as a public network base station that establishes a communication connection with the second network element device after the open standard protocol interface, and is used to report related information of the public network user terminal to the second network.
  • Meta device The standard protocol interface opened between the first network element device and the second network element device may be an S1 interface, and the communication connection established between the second network element device and the base station proxy module may be a flow control transmission protocol. , SCTP) link, of course, in the specific implementation, other standard protocol interfaces may be opened according to actual needs, or communication connections under different transmission protocols may be established, which is not limited in this application.
  • the base station proxy module may obtain the authentication result information obtained by the interaction between the first MEE and the first HSS, and after determining that the public network user terminal access authentication is passed, the special information carried in the access request sent by the private network base station is carried.
  • the address information of the network base station is replaced with its own address information, and the access request after the replacement address is used as an authentication request, and is sent to the second network element device through the open S1 interface and based on the established communication connection, so as to implement the second network.
  • the meta device completes the authentication of the public network user terminal.
  • the base station proxy module may map the relationship between the identity information of the public network user terminal and the address information of the private network base station according to the established public network user terminal.
  • the destination address information carried in the authentication success response is replaced by the address information of the base station proxy module with the address information of the private network base station corresponding to the identity identification information, and the authentication success response of the replaced address is sent to the private network base station. And then forwarded by the private network base station to the public network user terminal.
  • the interaction process between the third network element device on the private network IMS network side and the fourth network element device on the public network IMS network side is introduced.
  • the third network element device on the IMS network side of the private network and the fourth network element device on the IMS network side of the public network can pass the standard protocol interface.
  • the SIP interface is docked.
  • the public network user terminal may further send an IMS network registration request to the third network element device through the private network base station and the first network element device.
  • the third network element device can also send the IMS to the fourth network element device by using a Session Initiation Protocol (SIP) interface.
  • SIP Session Initiation Protocol
  • the network registration request is configured to enable the fourth network element device to successfully register the public network user terminal to the IMS network on the public network side.
  • the embodiment of the present application further provides a public network user access private network implementation method, and the specific method flowchart can refer to As shown in Figure 3, the following steps are included:
  • Step 301 The first network element device in the private network core network receives an access request sent by the public network user terminal in the private network coverage area through the private network base station, where the access request includes the public network user terminal. Identity information.
  • the first MME in the first network element device And receiving, by the first MME in the first network element device, an access request that is sent by the public network user terminal in the private network coverage area and carrying the identity identification information of the public network user terminal, and accessing The request is reported to the first HSS in the first network element device, and the first HSS performs access authentication on the public network user terminal.
  • the specified public network user information allowed to access the private network may be pre-stored in the first HSS.
  • Step 302 The first network element device performs access authentication on the public network user terminal based on the pre-stored public network user information, and after determining that the access authentication is passed, the second network in the public network core network is determined.
  • the meta device sends an authentication request carrying the identity information.
  • the access authentication of the public network user terminal may be performed by the first HSS based on the pre-stored public network user information. If it is determined that the public network user information corresponding to the identity identification information is pre-stored in the local area, the public network user terminal is determined to pass the access authentication, and if it is determined that the public network corresponding to the identity identification information is not pre-stored locally, The user information determines that the public network user terminal does not pass the access authentication. After the first HSS performs the access authentication, the first MME may send the authentication result information to the base station proxy module, where the authentication result information is used to indicate whether the public network user terminal having the identity identification information passes the access authentication.
  • the base station proxy module may determine, according to the authentication result information, whether the public network user terminal passes the access authentication. And after determining that the access authentication is passed, sending an authentication request carrying the identity identification information to the second network element device in the core network of the public network.
  • the first network element device and the second network element device are in the embodiment of the present application, and the information of the public network user terminal cannot be authenticated.
  • the interface between the private network EPC network and the public network EPC network can be interconnected through the open standard protocol interface S1 interface. Then, the second network element device in the public network EPC network completes the authentication of the public network user terminal.
  • the base station proxy module sends the authentication request that carries the identity identification information to the second network element device in the public network core network, which may include: the base station proxy module sends the access request sent by the private network base station.
  • the address information of the private network base station that is carried is replaced with the preset address information, and the access request after the replacement of the address information is used as the authentication request, and the standard protocol interface pre-agreed with the second network element device is used. Sending the authentication request to the second network element device in the public network core network.
  • the base station proxy module may further establish a mapping relationship between the identity identification information and the address information of the private network base station, so as to be subsequently received, before replacing the address information of the private network base station with the preset address information. After the information about the identity information carried by the second network element device is carried, the private network base station having the mapping relationship with the identity information is sent to the public network user terminal having the identity identification information. .
  • Step 303 The second network element device authenticates the public network user terminal according to the user authentication information corresponding to the identity identification information, and after the authentication succeeds, the first The NE device sends an authentication success response.
  • the second MME in the second network element device may receive an authentication request that is sent by the base station proxy module and that carries the identity identification information, and forward the received authentication request to the second HSS.
  • the second HSS in the public network EPC network pre-stores the user authentication information of the public network user, so the second HSS may perform the public network user terminal on the public network user terminal based on the user authentication information corresponding to the identity identification information that is stored in advance.
  • the authentication succeeds, and after the authentication is passed, the second MME sends an authentication success response to the base station proxy module of the first network element device. At this point, the authentication of the public network user terminal can be completed.
  • the second network element device on the EPC network side of the public network may carry the network authentication information when the authentication success response is sent, so that the public network user terminal can use the network authentication information to the network after receiving the authentication success response.
  • the side is authenticated.
  • the authentication process of the specific network side and the user side can refer to the prior art, and is not specifically described in this application.
  • Step 304 The first network element device receives an authentication success response sent by the second network element device after the authentication succeeds, and sends the authentication success to the public network user terminal by using the private network base station. response.
  • the first network element device sends the authentication success response to the public network user terminal by using the private network base station, which may include: the base station proxy module acquiring the identity identifier carried in the authentication success response. Obtaining, according to the mapping relationship between the identifier information and the address information of the private network base station, the address information of the private network base station corresponding to the identity identification information; The address information of the network base station is sent by the private network base station to the public network user terminal for the authentication success response.
  • the access authentication of the public network user terminal is completed in the first network element device of the private network core network
  • the public network is completed in the second network element device of the public network core network.
  • the authentication of the user terminal and the result of the authentication are notified to the first network element device, so that the private network can complete the access and authentication of the public network user terminal, thereby enabling the public network user not to replace the SIM card.
  • the private network can complete the access and authentication of the public network user terminal, thereby enabling the public network user not to replace the SIM card.
  • 1 to 9 shown in the figure indicate the network access and authentication process of the public network user terminal, specifically:
  • the public network user terminal sends an access request carrying the IMSI to the 4G private network base station.
  • the 24G private network base station forwards the access request to the first MME in the private network EPC.
  • the first MME in the private network EPC sends the IMSI of the public network user terminal to the first HSS, and the first HSS performs access authentication;
  • the first HSS determines whether the IMSI of the public network user terminal is stored in advance, and if yes, notifying the first MME to allow the public network user terminal to access the private network; otherwise, notifying the first MME that the public network user terminal is not allowed to access the network. Private Network;
  • the first MME notifies the base station proxy module of the access authentication result, and the base station proxy module sends the IMSI to the second MME in the operator EPC through the open S1 interface after determining that the public network user terminal is allowed to access the private network. Authentication request.
  • the base station proxy module when the base station proxy module sends the authentication request, the source IP address, that is, the IP address information of the 4G private network base station is changed to the IP address of the base station proxy module, so that the private network does not directly access the operator.
  • the network achieves the purpose of reducing the difficulty of security maintenance of private network equipment.
  • it can identify which 4G private network base station to send to the public network user terminal, and after receiving the access request forwarded by the 4G private network base station, Establish a mapping relationship between the IMSI of the public network user terminal and the IP address of the 4G private network base station.
  • the second MME sends the IMSI of the public network user terminal to the second HSS in the carrier network.
  • the second HSS authenticates the public network user terminal according to the user authentication information corresponding to the IMSI of the public network user terminal, and if the authentication succeeds, the network authentication information is carried back to the second MME. And the authentication success response of the IMSI of the public network user terminal.
  • the second MME sends the authentication success response to the base station proxy module.
  • the base station proxy module obtains the IMSI carried in the authentication success response, and obtains the IP address of the 4G private network base station corresponding to the IMSI based on the mapping relationship between the established IMSI and the IP address of the 4G private network base station, according to the obtained IP address,
  • the authentication success response is sent to the public network user terminal through the 4G private network base station.
  • the public network user terminal can complete the authentication on the network side based on the network authentication information carried in the authentication success response.
  • the network access and authentication process of the public network user terminal after being switched from the carrier network to the private network can be completed.
  • the public network user terminal is switched back to the carrier network by the private network, the public network user terminal can be directly used in the operator network because the authentication of the public network user terminal has been completed in the carrier network.
  • the second MME in the carrier network can also register relevant information about the public network user terminal for implementing 2G and 3G communication into the operator Mobile Switching Center (MSC).
  • MSC Mobile Switching Center
  • the operator MSC may send a registration success response to the second MME after the registration is successful.
  • the second MME returns a registration success response to the public network user terminal through the private network base station proxy module and the 4G private network base station.
  • the registration process of the IMS service may also be initiated to the IMS network of the private network, including:
  • the public network user terminal sends an IMS network registration request to the private network IMS network side through the 4G private network base station and the private network EPC.
  • the private network EPC and the 4G private network base station can send a registration success response to the public network user terminal.
  • the private network IMS network side can forward the IMS network registration request to the IMS network in the operator through an open SIP interface.
  • the IMS network side of the operator feeds back the registration success response to the private network IMS network side.
  • the public network user terminal can perform arbitrary handover in the private network and the operator network without affecting normal communication. Moreover, the public network user terminal can communicate with the public network user terminal in the operator network even if it is within the coverage of the private network.
  • an implementation device for accessing a private network of a public network user for example, a first network element device of a private network core network
  • the receiving unit 50 is configured to receive, by the public network user terminal, the access request sent by the private network base station, where the access request includes the identity identification information of the public network user terminal;
  • the first processing unit 51 is configured to perform access authentication on the public network user terminal based on the pre-stored public network user information, and after determining that the access authentication is passed, to the second network element device in the public network core network. Sending an authentication request carrying the identity information, where the authentication request is used to instruct the second network element device to perform user authentication information corresponding to the identity identification information, which is pre-stored, on the public network.
  • User terminal performs authentication;
  • the second processing unit 52 is configured to receive an authentication success response sent by the second network element device after the authentication succeeds, and send the authentication success response to the public network user terminal by using the private network base station.
  • the first processing unit 51 when performing the access authentication on the public network user terminal based on the pre-stored public network user information, is configured to:
  • the public network user terminal is determined to pass the access authentication.
  • the first processing unit 51 is configured to:
  • the device further includes an establishing unit 53, where the establishing unit 53 is configured to perform the following operations before replacing the address information of the private network base station with the preset address information:
  • the second processing unit 52 is configured to:
  • a device for implementing a public network access private network (for example, a second network element device of a public network core network) is provided, and at least includes a receiving unit. 60 and an authentication unit 61, wherein
  • the receiving unit 60 is configured to receive an authentication request sent by the first network element device in the private network core network, where the authentication request includes the identity identification information of the public network user terminal that is in the coverage of the private network, and The authentication request is that the first network element device performs access authentication on the public network user terminal based on the pre-stored public network user information, and determines that the access authentication is passed;
  • the authentication unit 61 is configured to perform authentication on the public network user terminal based on the user authentication information corresponding to the identity identification information, and after the authentication succeeds, to the first network element device. Send authentication successfully responded.
  • an embodiment of the present application further provides an implementation device for a public network user access private network, that is, an electronic device, including: one or more processors 500; and one or more computer readable media For example, the memory 520.
  • the processor 500 is configured to read a program in the memory 520 and perform the following process:
  • the authentication request is used to instruct the second network element device to perform authentication on the public network user terminal based on pre-stored user authentication information corresponding to the identity identification information;
  • the transceiver 510 is configured to receive and transmit data under the control of the processor 500.
  • performing access authentication on the public network user terminal based on the pre-stored public network user information including:
  • the public network user terminal is determined to pass the access authentication.
  • the sending, by the second network element device in the public network, the authentication request that carries the identity information includes:
  • the address information of the private network base station carried in the access request sent by the private network base station is replaced with preset address information, and the access request after replacing the address information is used as the authentication request;
  • the method before the replacement of the address information of the private network base station with the preset address information, the method further includes:
  • the processor 500 is configured to read a program in the memory 520 and perform the following process:
  • the authentication request includes identity identification information of the public network user terminal that is in the coverage of the private network, and the authentication request is The first network element device performs access authentication on the public network user terminal based on the pre-stored public network user information, and determines that the access authentication is sent after the access authentication is passed;
  • the bus architecture may include any number of interconnected buses and bridges, specifically linked by one or more processors represented by processor 500 and various circuits of memory represented by memory 520.
  • the bus architecture can also link various other circuits, such as peripherals, voltage regulators, and power management circuits, as is well known in the art and, therefore, will not be further described herein.
  • the bus interface provides an interface.
  • Transceiver 510 can be a plurality of components, including a transmitter and a transceiver, providing means for communicating with various other devices on a transmission medium.
  • the processor 500 is responsible for managing the bus architecture and general processing, and the memory 520 can store data used by the processor 500 when performing operations.
  • the processor 500 can be a central buried device (CPU), an application specific integrated circuit (ASIC), a field-programmable gate array (FPGA), or a complex programmable logic device (Complex Programmable Logic Device). , CPLD).
  • CPU central buried device
  • ASIC application specific integrated circuit
  • FPGA field-programmable gate array
  • CPLD complex programmable logic device
  • embodiments of the present application can be provided as a method, system, or computer program product.
  • the present application can take the form of an entirely hardware embodiment, an entirely software embodiment, or an embodiment in combination of software and hardware.
  • the application can take the form of a computer program product embodied on one or more computer-usable storage media (including but not limited to disk storage, CD-ROM, optical storage, etc.) including computer usable program code.
  • the computer program instructions can also be stored in a computer readable memory that can direct a computer or other programmable data processing device to operate in a particular manner, such that the instructions stored in the computer readable memory produce an article of manufacture comprising the instruction device.
  • the apparatus implements the functions specified in one or more blocks of a flow or a flow and/or block diagram of the flowchart.
  • These computer program instructions can also be loaded onto a computer or other programmable data processing device such that a series of operational steps are performed on a computer or other programmable device to produce computer-implemented processing for execution on a computer or other programmable device.
  • the instructions provide steps for implementing the functions specified in one or more of the flow or in a block or blocks of a flow diagram.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Business, Economics & Management (AREA)
  • General Business, Economics & Management (AREA)
  • Multimedia (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

La présente invention se rapporte au domaine technique des communications mobiles, en particulier à un procédé et à un dispositif pour un utilisateur de réseau public ayant accès à un réseau privé, le procédé fourni par la présente invention pouvant être appliqué à un premier dispositif d'élément de réseau dans le réseau central d'un réseau privé, et consistant de façon précise : à recevoir une demande d'accès en provenance d'un terminal d'utilisateur de réseau public dans la zone de couverture d'un réseau privé au moyen d'une station de base de réseau privé, la demande d'accès comportant des informations d'identité du terminal d'utilisateur de réseau public ; après la détermination que le terminal d'utilisateur de réseau public réussit une authentification d'accès sur la base d'informations d'utilisateur de réseau public préstockées, à envoyer une demande d'authentification comportant les informations d'identité à un second dispositif d'élément de réseau dans le réseau central d'un réseau public, la demande d'authentification étant utilisée pour indiquer au second dispositif d'élément de réseau d'authentifier le terminal d'utilisateur de réseau public ; et, après la réception d'une réponse de réussite d'authentification en provenance du second dispositif d'élément de réseau après que l'authentification a réussi, à envoyer la réponse de réussite d'authentification au terminal d'utilisateur de réseau public au moyen de la station de base de réseau privé. Ainsi, un utilisateur de réseau public peut avoir accès à un réseau privé et effectuer une communication normale sans remplacer une carte de module d'identité d'abonné (SIM).
PCT/CN2018/101519 2017-09-26 2018-08-21 Procédé et dispositif pour un utilisateur de réseau public ayant accès à un réseau privé WO2019062384A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201710884782.3A CN109561430A (zh) 2017-09-26 2017-09-26 一种公网用户接入专网的实现方法及设备
CN201710884782.3 2017-09-26

Publications (1)

Publication Number Publication Date
WO2019062384A1 true WO2019062384A1 (fr) 2019-04-04

Family

ID=65863113

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2018/101519 WO2019062384A1 (fr) 2017-09-26 2018-08-21 Procédé et dispositif pour un utilisateur de réseau public ayant accès à un réseau privé

Country Status (2)

Country Link
CN (1) CN109561430A (fr)
WO (1) WO2019062384A1 (fr)

Cited By (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111565432A (zh) * 2020-04-15 2020-08-21 中国联合网络通信集团有限公司 一种通信方法和接入网设备
CN111835875A (zh) * 2019-04-22 2020-10-27 普天信息技术有限公司 一种专网终端与行业终端的通信方法和装置
CN112187898A (zh) * 2020-09-18 2021-01-05 佳都新太科技股份有限公司 一种基于公安网的数据接入系统、方法及装置
WO2021056131A1 (fr) * 2019-09-23 2021-04-01 Oppo广东移动通信有限公司 Procédé de communication radio, dispositif terminal et dispositif de réseau
CN113596837A (zh) * 2021-07-09 2021-11-02 长安大学 一种核心网选择确定方法和系统
CN113765874A (zh) * 2020-11-09 2021-12-07 北京沃东天骏信息技术有限公司 一种基于5g移动通信技术的专网及双模式组网方法
CN113891370A (zh) * 2021-11-08 2022-01-04 中国电信股份有限公司 时隙干扰处理方法、装置、介质及电子设备
CN114339837A (zh) * 2021-12-31 2022-04-12 中国联合网络通信集团有限公司 专网接入控制方法、装置、电子设备及存储介质

Families Citing this family (20)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112333707B (zh) * 2019-07-16 2022-08-12 中国移动通信集团浙江有限公司 公专网协同优化方法、装置、设备及计算机存储介质
CN110557753B (zh) * 2019-08-13 2023-05-09 成都电科慧安科技有限公司 一种用于公安网通的基于中继接入的dns重定向方法
US20210112411A1 (en) * 2019-10-10 2021-04-15 Cisco Technology, Inc. Multi-factor authentication in private mobile networks
CN111163499B (zh) * 2019-11-29 2022-01-04 联通物联网有限责任公司 接入方法、装置、电子设备和存储介质
CN113438647A (zh) * 2020-03-05 2021-09-24 大唐移动通信设备有限公司 一种公网用户接入专网的方法、呼叫业务处理方法及设备
CN111414645B (zh) * 2020-03-19 2022-07-05 中国电子科技集团公司第三十研究所 一种实现隐私保护功能的安全hss/udm设计方法及系统
CN111464963B (zh) * 2020-04-01 2021-11-09 中国联合网络通信集团有限公司 无卡终端的注册方法及身份注册服务器
CN111465001B (zh) * 2020-04-01 2023-05-02 中国联合网络通信集团有限公司 一种注册方法及装置
CN111565435B (zh) * 2020-04-15 2022-07-08 中国联合网络通信集团有限公司 一种通信方法和接入网设备
CN114189853B (zh) * 2020-08-24 2023-12-12 海能达通信股份有限公司 一种终端的通信控制方法、装置及epc
CN114339716A (zh) * 2020-09-29 2022-04-12 中国电信股份有限公司 签约数据传输方法、系统和服务器
CN112423301B (zh) * 2020-11-02 2023-12-22 中国联合网络通信集团有限公司 专网注册管理方法和amf网元
CN114584936A (zh) * 2020-11-30 2022-06-03 中国电信股份有限公司 用于实现专网终端与公网终端之间的短消息互通的方法、系统、以及存储介质
CN114760674A (zh) * 2021-01-14 2022-07-15 南通大学 一种基于船载“动中通”天线的船载专网cpe设计及通信方法
CN113573378A (zh) * 2021-07-19 2021-10-29 腾讯科技(深圳)有限公司 一种电竞数据处理方法、装置、设备及存储介质
CN113993130A (zh) * 2021-10-29 2022-01-28 中国电信股份有限公司 终端接入控制方法、终端以及存储介质
CN114531279B (zh) * 2022-01-25 2023-12-22 中国联合网络通信集团有限公司 专网接入方法、服务器及存储介质
CN114900794B (zh) * 2022-06-14 2024-04-09 中国联合网络通信集团有限公司 通信方法、设备、系统及存储介质
CN115150830B (zh) * 2022-09-02 2022-11-29 北京首信科技股份有限公司 5g专网接入认证失败时保障终端公网访问的方法和系统
CN116095663A (zh) * 2022-12-28 2023-05-09 中国电信股份有限公司卫星通信分公司 漫游业务的注册方法、装置及系统

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102833846A (zh) * 2012-08-21 2012-12-19 大唐移动通信设备有限公司 实现ue注册、以及业务呼叫的方法及装置
JP5126258B2 (ja) * 2010-03-15 2013-01-23 日本電気株式会社 アクセス制御システム、アクセス制御装置及びそれらに用いるアクセス制御方法並びにそのプログラム
CN102905254A (zh) * 2012-10-15 2013-01-30 西安大唐电信有限公司 一种移动公网用户在专网使用的方法
CN107040495A (zh) * 2016-02-03 2017-08-11 重庆小目科技有限责任公司 一种应用于工业通信和业务的多级联合身份认证方法

Family Cites Families (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101043264B (zh) * 2007-04-17 2010-05-26 华为技术有限公司 建立移动网络隧道的方法、移动网络及中继节点
WO2011039784A2 (fr) * 2009-09-30 2011-04-07 Vinjamuri Venkata Ravindra Système et procédé d'authentification bimodale dans des réseaux hybrides
GB2475236A (en) * 2009-11-09 2011-05-18 Skype Ltd Authentication arrangement for a packet-based communication system covering public and private networks
CN102368768B (zh) * 2011-10-12 2014-04-02 北京星网锐捷网络技术有限公司 认证方法、设备、系统及认证服务器
CN105530185B (zh) * 2014-09-29 2018-12-25 优视科技有限公司 覆盖路由网络、基于覆盖路由网络的路由方法及路由器
CN105636006B (zh) * 2015-12-24 2019-04-30 阳光凯讯(北京)科技有限公司 终端漫游至4g专网下与2g/3g核心网电路域互通方法及系统

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP5126258B2 (ja) * 2010-03-15 2013-01-23 日本電気株式会社 アクセス制御システム、アクセス制御装置及びそれらに用いるアクセス制御方法並びにそのプログラム
CN102833846A (zh) * 2012-08-21 2012-12-19 大唐移动通信设备有限公司 实现ue注册、以及业务呼叫的方法及装置
CN102905254A (zh) * 2012-10-15 2013-01-30 西安大唐电信有限公司 一种移动公网用户在专网使用的方法
CN107040495A (zh) * 2016-02-03 2017-08-11 重庆小目科技有限责任公司 一种应用于工业通信和业务的多级联合身份认证方法

Cited By (14)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111835875A (zh) * 2019-04-22 2020-10-27 普天信息技术有限公司 一种专网终端与行业终端的通信方法和装置
WO2021056131A1 (fr) * 2019-09-23 2021-04-01 Oppo广东移动通信有限公司 Procédé de communication radio, dispositif terminal et dispositif de réseau
CN111565432B (zh) * 2020-04-15 2021-12-07 中国联合网络通信集团有限公司 一种通信方法和接入网设备
CN111565432A (zh) * 2020-04-15 2020-08-21 中国联合网络通信集团有限公司 一种通信方法和接入网设备
CN112187898B (zh) * 2020-09-18 2023-05-16 佳都科技集团股份有限公司 一种基于公安网的数据接入系统、方法及装置
CN112187898A (zh) * 2020-09-18 2021-01-05 佳都新太科技股份有限公司 一种基于公安网的数据接入系统、方法及装置
CN113765874A (zh) * 2020-11-09 2021-12-07 北京沃东天骏信息技术有限公司 一种基于5g移动通信技术的专网及双模式组网方法
CN113765874B (zh) * 2020-11-09 2023-12-05 北京沃东天骏信息技术有限公司 一种基于5g移动通信技术的专网及双模式组网方法
CN113596837A (zh) * 2021-07-09 2021-11-02 长安大学 一种核心网选择确定方法和系统
CN113596837B (zh) * 2021-07-09 2023-05-26 长安大学 一种核心网选择确定方法和系统
CN113891370A (zh) * 2021-11-08 2022-01-04 中国电信股份有限公司 时隙干扰处理方法、装置、介质及电子设备
CN113891370B (zh) * 2021-11-08 2024-05-21 中国电信股份有限公司 时隙干扰处理方法、装置、介质及电子设备
CN114339837A (zh) * 2021-12-31 2022-04-12 中国联合网络通信集团有限公司 专网接入控制方法、装置、电子设备及存储介质
CN114339837B (zh) * 2021-12-31 2023-12-22 中国联合网络通信集团有限公司 专网接入控制方法、装置、电子设备及存储介质

Also Published As

Publication number Publication date
CN109561430A (zh) 2019-04-02

Similar Documents

Publication Publication Date Title
WO2019062384A1 (fr) Procédé et dispositif pour un utilisateur de réseau public ayant accès à un réseau privé
CN110800331B (zh) 网络验证方法、相关设备及系统
US10141966B2 (en) Update of a trusted name list
JP6612358B2 (ja) ネットワークアクセスデバイスをワイヤレスネットワークアクセスポイントにアクセスさせるための方法、ネットワークアクセスデバイス、アプリケーションサーバ、および不揮発性コンピュータ可読記憶媒体
US9113332B2 (en) Method and device for managing authentication of a user
CN110476447A (zh) 在支持网络切片的移动系统中的增强的注册过程
EP3029908B1 (fr) Procédé et dispositif de détermination de droit de maintenance
US11989543B2 (en) Method for interoperating between bundle download process and eSIM profile download process by SSP terminal
US9198222B2 (en) Telecommunication network
KR20120026178A (ko) 이동 통신 시스템에서 비계층 프로토콜을 이용한 통신 지원 방법 및 장치
CN102984646B (zh) 一种手机客户端位置业务的提供方法以及系统
CN108616805B (zh) 一种紧急号码的配置、获取方法及装置
WO2018045983A1 (fr) Procédé et dispositif de traitement d'informations, et système de réseau
CN101945388A (zh) 无线漫游认证方法、无线漫游方法及其装置
US9220117B2 (en) IMS cross carrier supportability
US10069738B2 (en) One cellular radio to support multiple phone lines and data at a location
WO2016179966A1 (fr) Procédé d'exécution d'accès réseau, terminal, et support de stockage informatique
CN111132305A (zh) 5g用户终端接入5g网络的方法、用户终端设备及介质
CN108112015B (zh) 一种语音业务的切换方法、装置及移动终端
CN106792627A (zh) 一种多设备连通通讯的实现方法及实现系统
WO2013189398A2 (fr) Procédé pour pousser des données d'application, dispositif et système
CN111093196B (zh) 5g用户终端接入5g网络的方法、用户终端设备及介质
JP2023519997A (ja) 端末パラメータ更新を保護するための方法および通信装置
KR102127028B1 (ko) 인터넷 프로토콜 멀티미디어 서브시스템 단말의 네트워크 액세스 방법 및 장치
CN114697945B (zh) 发现响应消息的生成方法及装置、发现消息的处理方法

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 18862969

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 18862969

Country of ref document: EP

Kind code of ref document: A1