CN106535176B - Network access method and device - Google Patents
Network access method and device Download PDFInfo
- Publication number
- CN106535176B CN106535176B CN201510583009.4A CN201510583009A CN106535176B CN 106535176 B CN106535176 B CN 106535176B CN 201510583009 A CN201510583009 A CN 201510583009A CN 106535176 B CN106535176 B CN 106535176B
- Authority
- CN
- China
- Prior art keywords
- policy
- network access
- user equipment
- formal
- temporary
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 44
- 230000006399 behavior Effects 0.000 claims description 44
- 238000012795 verification Methods 0.000 claims description 5
- 238000010586 diagram Methods 0.000 description 13
- 238000004590 computer program Methods 0.000 description 5
- 238000004891 communication Methods 0.000 description 4
- 230000003287 optical effect Effects 0.000 description 4
- 230000001413 cellular effect Effects 0.000 description 3
- 230000006870 function Effects 0.000 description 3
- 238000012545 processing Methods 0.000 description 3
- 230000004044 response Effects 0.000 description 3
- 238000005516 engineering process Methods 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 230000008859 change Effects 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 230000008569 process Effects 0.000 description 1
- 239000000523 sample Substances 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/02—Protecting privacy or anonymity, e.g. protecting personally identifiable information [PII]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/08—Access security
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/06—Authentication
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
The invention provides a network access method and a device, comprising the following steps: the control equipment receives a temporary network access strategy sent by the user equipment; and the control equipment controls the network behavior of the user equipment according to the temporary network access strategy. The control device controls the network behavior of the user equipment according to the temporary network access strategy sent by the user equipment, so that the user equipment can be quickly accessed to the network according to the temporary network access strategy, and the speed of accessing the user equipment to the network is improved.
Description
Technical Field
The present invention relates to the field of communications technologies, and in particular, to a network access method and apparatus.
Background
Generally, after accessing the network, the user equipment may use the resources in the network at will. With the development of network technology, after the user equipment accesses the network, the network behavior of the user equipment may need to be limited, so as to avoid that the user equipment occupies too much network resources, or to avoid that the user equipment accesses contents that need to be kept secret. To achieve the above object, before the user accesses the network, a network access policy may be configured for the user equipment, and the network behavior of the user equipment may be controlled through the network access policy. The network access policy is generally determined by a policy controller, and when the user equipment accesses the network through the control equipment, the control equipment requests the policy controller for the network access policy.
If the network is large, the policy controller needs to configure network access policies for a large number of user devices. When a large number of user equipments access the network simultaneously, the policy controller may not allocate a network access policy to each user equipment in time, so that the user equipments cannot access the network for a long time, thereby reducing the utilization rate of network resources.
Disclosure of Invention
The application provides a network access method and a network access device, which are used for solving the problem that when a large number of user equipment are simultaneously accessed to a network, the access of the user equipment to the network is lagged.
In a first aspect, a network access method is provided, including:
the control equipment receives a temporary network access strategy sent by the user equipment;
and the control equipment controls the network behavior of the user equipment according to the temporary network access strategy.
With reference to the first aspect, in a first possible implementation manner of the first aspect, before the receiving, by the control device, the temporary network access policy sent by the user equipment, the method further includes:
the control equipment requests a formal network access strategy of the user equipment from a strategy controller;
and after not receiving the formal network access policy within a preset time period, the control device sends a notification message to the user device, wherein the notification message is used for notifying the user device to send the temporary network access policy.
With reference to the first aspect or the first possible implementation manner of the first aspect, in a second possible implementation manner of the first aspect, the method further includes:
after receiving the temporary network access strategy sent by the user equipment, the control equipment receives a formal network access strategy of the user equipment sent by a strategy controller;
after receiving the formal network access policy, the control device replaces the temporary network access policy with the formal network access policy to control the network behavior of the user device according to the formal network access policy;
and the control equipment sends the formal network access policy to the user equipment.
With reference to the first aspect or the first possible implementation manner of the first aspect, in a third possible implementation manner of the first aspect, after the receiving, by the control device, the temporary network access policy sent by the user equipment, the method further includes:
the control equipment sends a first policy identifier to a policy controller, wherein the first policy identifier is an identifier of the temporary network access policy;
the control device receives a policy update sent by the policy controller, where the policy update includes a second policy identifier and policy update data, the second policy identifier is an identifier of a formal network access policy of the user device, and the second policy identifier is different from the first policy identifier;
the control equipment updates the temporary network access strategy into a formal network access strategy identified by the second strategy identification according to strategy updating data so as to control the network behavior of the user equipment according to the formal network access strategy;
and the control equipment sends the formal network access policy to the user equipment.
With reference to the third possible implementation manner of the first aspect, in a fourth possible implementation manner of the first aspect, the policy update data is the formal network access policy; or,
the policy update data is a difference between the formal network access policy and the temporary network access policy.
In a second aspect, a network access method is provided, and the method includes:
the method comprises the steps that user equipment sends a temporary network access strategy to control equipment, wherein the temporary network access strategy is used for controlling network behaviors of the user equipment after the user equipment is accessed to a network;
the user equipment accesses a network.
With reference to the second aspect, in a first possible implementation manner of the second aspect, the method further includes:
and the user equipment receives the formal network access strategy sent by the control equipment and replaces the temporary network access strategy with the formal network access strategy.
In a third aspect, a network access method is provided, where the method includes:
the method comprises the steps that a policy controller receives a first policy identifier sent by a control device, wherein the first policy identifier is an identifier of a temporary network access policy;
the policy controller determines that the first policy identifier is different from a second policy identifier, where the second policy identifier is an identifier of a formal network access policy of the user equipment;
the policy controller sends a policy update to the control device, the policy update including the second policy identification and policy update data.
With reference to the third aspect, in a first possible implementation manner of the third aspect, the policy update data is the formal network access policy; or,
the policy update data is a difference between the formal network access policy and the temporary network access policy.
In a fourth aspect, a network access apparatus, the apparatus comprising:
a receiving unit, configured to receive a temporary network access policy sent by a user equipment;
and the control unit is used for controlling the network behavior of the user equipment according to the temporary network access strategy.
With reference to the first possible implementation manner of the fourth aspect, in a second possible implementation manner of the fourth aspect, the apparatus further includes a sending unit:
the sending unit is used for requesting a formal network access policy of the user equipment from a policy controller;
and after the formal network access strategy is not received within a preset time period, sending a notification message to the user equipment, wherein the notification message is used for notifying the user equipment to send the temporary network access strategy.
With reference to the fourth aspect or the first possible implementation manner of the fourth aspect, in a second possible implementation manner of the fourth aspect, the receiving unit is further configured to receive a formal network access policy of the user equipment, which is sent by a policy controller, after receiving the temporary network access policy sent by the user equipment;
the control unit is further configured to, after receiving the formal network access policy, replace the temporary network access policy with the formal network access policy to control a network behavior of the user equipment according to the formal network access policy;
the sending unit is further configured to send the formal network access policy to the user equipment.
With reference to the fourth aspect or the first possible implementation manner of the fourth aspect, in a third possible implementation manner of the fourth aspect, the sending unit is further configured to send a first policy identifier to a policy controller, where the first policy identifier is an identifier of the temporary network access policy;
the receiving unit is further configured to receive a policy update sent by the policy controller, where the policy update includes a second policy identifier and policy update data, the second policy identifier is an identifier of a formal network access policy of the user equipment, and the second policy identifier is different from the first policy identifier;
the control unit is further configured to update the temporary network access policy to a formal network access policy identified by the second policy identifier according to policy update data, so as to control a network behavior of the user equipment according to the formal network access policy;
the sending unit is further configured to send the formal network access policy to the user equipment.
With reference to the third possible implementation manner of the fourth aspect, in a fourth possible implementation manner of the fourth aspect, the policy update data is the formal network access policy; or,
the policy update data is a difference between the formal network access policy and the temporary network access policy.
In a fifth aspect, a network access apparatus is provided, the apparatus comprising:
a sending unit, configured to send a temporary network access policy to a control device, where the temporary network access policy is used to control a network behavior of the device after accessing a network;
and the access unit is used for accessing the network.
With reference to the fifth aspect, in a first possible implementation manner of the fifth aspect, the apparatus further includes a receiving unit:
the receiving unit is configured to receive a formal network access policy sent by the control device, and replace the temporary network access policy with the formal network access policy.
In a sixth aspect, a network access apparatus is provided, the apparatus comprising:
a receiving unit, configured to receive a first policy identifier sent by a control device, where the first policy identifier is an identifier of a temporary network access policy;
a sending unit, configured to determine that the first policy identifier is different from a second policy identifier, where the second policy identifier is an identifier of a formal network access policy of the user equipment; sending a policy update to the control device, the policy update including the second policy identification and policy update data.
With reference to the sixth aspect, in a first possible implementation manner of the sixth aspect, the policy update data is the formal network access policy; or,
the policy update data is a difference between the formal network access policy and the temporary network access policy.
In a seventh aspect, a control apparatus includes: processor, memory, transceiver:
the processor is used for receiving the temporary network access policy sent by the user equipment through the transceiver;
the processor is configured to control a network behavior of the user equipment according to the temporary network access policy.
With reference to the first possible implementation manner of the seventh aspect, in a second possible implementation manner of the seventh aspect, the transceiver is specifically configured to:
requesting a formal network access policy of the user equipment from a policy controller;
and after the formal network access strategy is not received within a preset time period, sending a notification message to the user equipment, wherein the notification message is used for notifying the user equipment to send the temporary network access strategy.
With reference to the seventh aspect or to the first possible implementation manner of the seventh aspect, in a second possible implementation manner of the seventh aspect, the transceiver is further configured to receive, after receiving the temporary network access policy sent by the user equipment, a formal network access policy of the user equipment sent by a policy controller;
the processor is further configured to, after receiving the formal network access policy, replace the temporary network access policy with the formal network access policy to control a network behavior of the user equipment according to the formal network access policy;
the transceiver is further configured to send the formal network access policy to the user equipment.
With reference to the seventh aspect or to the first possible implementation manner of the seventh aspect, in a third possible implementation manner of the seventh aspect, the transceiver is further configured to send a first policy identifier to a policy controller, where the first policy identifier is an identifier of the temporary network access policy; receiving a policy update sent by the policy controller, where the policy update includes a second policy identifier and policy update data, the second policy identifier is an identifier of a formal network access policy of the user equipment, and the second policy identifier is different from the first policy identifier;
the processor is further configured to update the temporary network access policy to a formal network access policy identified by the second policy identifier according to policy update data, so as to control a network behavior of the user equipment according to the formal network access policy;
the transceiver is further configured to send the formal network access policy to the user equipment.
With reference to the third possible implementation manner of the seventh aspect, in a fourth possible implementation manner of the seventh aspect, the policy update data is the formal network access policy; or,
the policy update data is a difference between the formal network access policy and the temporary network access policy.
In an eighth aspect, a user equipment is provided, comprising: processor, memory, transceiver:
the transceiver is configured to send a temporary network access policy to a control device, where the temporary network access policy is used to control a network behavior of the user device after accessing a network;
the processor is used for accessing a network.
With reference to the eighth aspect, in a first possible implementation manner of the eighth aspect, the transceiver is further configured to:
and receiving a formal network access policy sent by the control equipment, and replacing the temporary network access policy with the formal network access policy.
In a ninth aspect, there is provided a policy controller comprising: processor, memory, transceiver:
the transceiver is configured to receive a first policy identifier sent by a control device, where the first policy identifier is an identifier of a temporary network access policy;
the processor is configured to determine that the first policy identifier is different from a second policy identifier, where the second policy identifier is an identifier of a formal network access policy of the user equipment; sending, by the transceiver, a policy update to the control device, the policy update including the second policy identification and policy update data.
With reference to the ninth aspect, in a first possible implementation manner of the ninth aspect, the policy update data is the formal network access policy; or,
the policy update data is a difference between the formal network access policy and the temporary network access policy.
According to the method and the device provided by the application, after the control equipment receives the temporary network access strategy sent by the user equipment, the network behavior of the user equipment is controlled according to the temporary network access strategy. The control device controls the network behavior of the user equipment according to the temporary network access strategy sent by the user equipment, so that the user equipment can be quickly accessed to the network according to the temporary network access strategy, and the speed of accessing the user equipment to the network is improved.
Drawings
Fig. 1 is a flowchart of a network access method according to an embodiment of the present invention;
fig. 2 is a schematic flowchart of a ue accessing a network according to an embodiment of the present invention;
fig. 3 is a schematic flowchart of a ue accessing a network according to an embodiment of the present invention;
fig. 4 is a schematic structural diagram of a network access device according to an embodiment of the present invention;
fig. 5 is a schematic structural diagram of a network access device according to an embodiment of the present invention;
fig. 6 is a schematic structural diagram of a network access device according to an embodiment of the present invention;
fig. 7 is a schematic structural diagram of a control device according to an embodiment of the present invention;
fig. 8 is a schematic structural diagram of a user equipment according to an embodiment of the present invention;
fig. 9 is a schematic structural diagram of a policy controller according to an embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, the present invention will be described in further detail with reference to the accompanying drawings.
In this embodiment of the present invention, the network access policy is used to control a network behavior of the user equipment, and the network access policy may include one or more of the following:
the size of the bandwidth available to the user equipment;
the length of time that the user equipment can continuously access the network;
a time period during which the user equipment can access the network;
network protocols available to the user equipment;
a subnet that the user device can access;
the priority of the data message sent by the user equipment;
application services that the user equipment can use.
Based on the above description, as shown in fig. 1, a flowchart of a network access method provided in an embodiment of the present invention is shown. In the flow of fig. 1, the control device may be a switch, a router, or the like, and the user device may be any terminal, for example, a mobile phone, a computer, a tablet computer, a Personal Digital Assistant (PDA), a Mobile Internet Device (MID), a wearable device, an Internet Protocol (IP) phone, a network printer, an electronic book reader, or the like.
Referring to fig. 1, the method includes:
step 101: the control equipment receives a temporary network access strategy sent by the user equipment;
step 102: and the control equipment controls the network behavior of the user equipment according to the temporary network access strategy.
In step 101, before the control device receives the temporary network access policy sent by the user device, it may also need to determine whether the identity authentication of the user device passes, and after determining that the identity authentication of the user device passes, the control device requests the policy controller for a formal network access policy corresponding to the user device.
The identity authentication performed on the ue may be based on Extensible Authentication Protocol (EAP), or may be based on other authentication protocols.
Of course, the control device may not need to authenticate the user device.
Since a large number of user devices may need to access the network in the same time period, the policy controller may not be able to determine the network access policy for each user device in time, so that the control device does not receive the network access policy returned by the policy controller within a preset time period after sending the message requesting the network access policy to the policy controller. At this time, the user equipment cannot access resources in the network.
In order to avoid that the user equipment cannot access the network for a long time, the user equipment stores the network access strategy of the user equipment. Since the network access policy in the policy controller may change, and the network access policy stored by the user equipment may be different from the network access policy in the policy controller, the network access policy stored by the user equipment is only temporary, and the control equipment is replaced as long as it receives the network access policy provided by the policy controller. Therefore, the network access policy of the user equipment is referred to as a temporary network access policy, and the network access policy of the policy controller is referred to as a formal network access policy.
And if the control equipment determines that the formal network access strategy of the user equipment is not received within a preset time period after the request of the formal network access strategy of the user equipment to a strategy controller, sending a notification message to the user equipment, wherein the notification message is used for notifying the user equipment to send the temporary network access strategy. If the control device determines that the formal network access policy of the user device is requested from the policy controller, the formal network access policy allocated to the user device by the policy controller is received, the notification message sent by the control device may also carry the formal network access policy, and at this time, the user device sends a notification response message which does not carry the temporary network access policy to the control device after receiving the notification message carrying the formal network access policy.
Correspondingly, if the formal network access policy sent by the policy controller is received within a preset time period after the control device sends the message requesting the formal network access policy to the policy controller, the control device configures according to the received formal network access policy, configures the network authority corresponding to the user device, and controls the network behavior of the user device according to the formal network access policy.
In order to avoid tampering of the formal network access policy sent by the control device by the user device, the formal network access policy sent by the control device may be encrypted by a key. The key may be a hashed check code generated by a hash operation of the device identification of the policy controller and the user identification of the user device. The control device may also sign the network access policy, i.e. calculate a signature value of a combination of the network access policy and the user identification of the user device using the private key of the control device. The user equipment cannot tamper the formal network access policy sent by the control equipment because the user equipment does not know the private key of the control equipment, and cannot obtain the signature value of the combination of the network access policy and the user identifier of the user equipment if the network access policy of other user equipment is intercepted.
After receiving the formal network access strategy sent by the control equipment, the user equipment stores the formal network access strategy if the temporary network access strategy does not exist in the user equipment, and sends the formal network access strategy to the control equipment as the temporary network access strategy when waiting for the next time the access network receives the notification message sent by the control equipment. If the temporary network access policy exists in the user equipment, the user equipment replaces the stored temporary network access policy with a formal network access policy, and stores the formal network access policy in a memory of the user equipment or stores the formal network access policy in a memory with an encryption function.
If the user equipment is accessed to the network for the first time, the temporary network access policy may not be stored in the user equipment, and at this time, after receiving a notification message for notifying the user equipment of sending the temporary network access policy, the user equipment cannot send the temporary network access policy to the control equipment, and only can send a notification response message which does not carry the temporary network access policy to the control equipment. After receiving the notification response message which is sent by the user equipment and does not carry the temporary network access policy, the control equipment determines that the temporary network access policy sent by the user equipment is not received, and waits for receiving the formal network access policy sent by the policy controller. After receiving the formal network access policy, the control device may also send the formal network access policy to the user device, so that the user device stores the formal network access policy. Likewise, the formal network access policy sent by the control device may also be an encrypted formal network access policy.
Similarly, after receiving the formal network access policy sent by the control device, the user device replaces the network access policy already stored in the user device, and stores the formal network access policy in a local memory, or stores the formal network access policy in a memory with an encryption function.
If the temporary network access policy exists in the user equipment, the user equipment sends the temporary network access policy to the control equipment. The temporary network access policy sent by the user equipment is received by the user equipment before the user equipment accesses the network.
After receiving the temporary network access policy sent by the user equipment, the control equipment may also need to verify the validity of the temporary network access policy, and only after the verification is passed, the control equipment can control the network behavior of the user equipment by using the temporary network access policy sent by the user equipment. Specifically, the control device decrypts the temporary network access policy, and if the decryption is successful, it is determined that the temporary network access policy is verified. The control device may also verify a signature of the temporary network access policy, and if the signature passes the verification, determine that the temporary network access policy passes the verification.
In step 102, after receiving the temporary network access policy sent by the user equipment, the control device may configure according to the temporary network access policy, and control the network behavior of the user equipment according to the temporary network access policy when the user equipment accesses the network. And if the formal network access policy of the user equipment sent by the policy controller is received by the control equipment after the network access policy is received, replacing the temporary network access policy by the formal network access policy. In addition, the control device sends the formal network access policy to the user device to instruct the user device to update its stored network access policy.
For example, when determining that the time length of the user equipment continuously accessing the network is longer than the time length of the user equipment continuously accessing the network set in the temporary network access policy, the control device disconnects the user equipment from the network.
For example, when determining that the bandwidth occupied by the user equipment is greater than the bandwidth set in the temporary network access policy, the control device performs current limitation on data transmitted and received by the user equipment.
After the control device does not receive the formal network access policy sent by the policy controller within the preset time period, it may periodically send a probe message to the policy controller until it is determined that the communication between the control device and the policy controller is recovered.
After the control device determines that the communication between the control device and the policy controller is recovered, the control device applies for a formal network access policy to the policy controller again, and sends a first policy identifier of a temporary network access policy sent by the user device to the policy controller, so that the policy controller determines policy updating according to the first policy identifier.
The control device receives a policy update sent by a policy controller, where the policy update includes a second policy identifier and policy update data, and the second policy identifier is an identifier of a formal network access policy of the user device. And after the control equipment determines that the second strategy identification is different from the first strategy identification, updating the temporary network access strategy into a formal network access strategy identified by the second strategy identification according to strategy updating data so as to control the network behavior of the user equipment according to the formal network access strategy. At the same time, the control device may also send the formal network access policy to the user device.
The policy updating data is the formal network access policy; or, the policy update data is a difference between the formal network access policy and the temporary network access policy.
And after the control equipment updates the temporary network access strategy according to the strategy updating data, reconfiguring the network authority corresponding to the user equipment, and controlling the network behavior of the user equipment according to the updated formal network access strategy.
The above process is described below by way of specific examples.
Fig. 2 is a schematic flow chart of a ue accessing a network according to an embodiment of the present invention.
Step 201, the control device requests a formal network access policy corresponding to the user device from the policy controller.
The control device may request the policy controller for a formal network access policy after determining that the authentication of the user device is passed.
Step 202, the policy controller sends the formal network access policy corresponding to the user equipment to the control equipment within a preset time period.
Step 203, the control device sends the formal network access policy to the user device.
And step 204, the control device controls the network behavior of the user device according to the formal network access policy.
Fig. 3 is a schematic flow chart of a ue accessing a network according to an embodiment of the present invention.
Step 301, the control device requests a formal network access policy corresponding to the user device from the policy controller.
The control device requests the policy controller for a formal network access policy after determining that the identity authentication of the user device is passed.
Step 302, the control device waits for a preset time period.
Step 303, the control device sends a notification message to the user device.
The notification message is sent after the control device does not receive the formal network access policy sent by the policy controller within a preset time period after the control device requests the formal network access policy corresponding to the user device from the policy controller.
Step 304, the user equipment sends the temporary network access policy to the control device.
In step 305, the control device controls the network behavior of the user device according to the temporary network access policy.
Step 306, the control device determines to resume communication with the policy controller, and reappears a formal network access policy to the policy controller.
Step 307, the control device sends the first policy identifier to the policy controller.
Step 309, the policy controller sends the formal network access policy to the user equipment.
And step 310, the user equipment replaces the temporary network access policy according to the formal network access policy.
And 311, the control device controls the network behavior of the user device according to the formal network access policy.
For the above method flow, an embodiment of the present invention further provides a network access apparatus, and specific contents of the apparatus may be implemented with reference to the above method, which is not described herein again.
As shown in fig. 4, an embodiment of the present invention provides a schematic structural diagram of a network access device.
The device includes:
a receiving unit 401, configured to receive a temporary network access policy sent by a user equipment;
a control unit 402, configured to control a network behavior of the user equipment according to the temporary network access policy.
Preferably, the apparatus further comprises a sending unit 403:
the sending unit is used for requesting a formal network access policy of the user equipment from a policy controller;
and after the formal network access strategy is not received within a preset time period, sending a notification message to the user equipment, wherein the notification message is used for notifying the user equipment to send the temporary network access strategy.
Preferably, the receiving unit 401 is further configured to receive a formal network access policy of the user equipment, which is sent by a policy controller, after receiving the temporary network access policy sent by the user equipment;
the control unit 402 is further configured to, after receiving the formal network access policy, replace the temporary network access policy with the formal network access policy to control a network behavior of the user equipment according to the formal network access policy;
the sending unit 403 is further configured to send the formal network access policy to the user equipment.
Preferably, the sending unit 403 is further configured to send a first policy identifier to a policy controller, where the first policy identifier is an identifier of the temporary network access policy;
the receiving unit 401 is further configured to receive a policy update sent by the policy controller, where the policy update includes a second policy identifier and policy update data, where the second policy identifier is an identifier of a formal network access policy of the ue, and the second policy identifier is different from the first policy identifier;
the control unit 402 is further configured to update the temporary network access policy to a formal network access policy identified by the second policy identifier according to policy update data, so as to control a network behavior of the user equipment according to the formal network access policy;
the sending unit 403 is further configured to send the formal network access policy to the user equipment.
Preferably, the policy update data is the formal network access policy; or,
the policy update data is a difference between the formal network access policy and the temporary network access policy.
As shown in fig. 5, an embodiment of the present invention provides a network access apparatus, including:
the device includes:
a sending unit 501, configured to send a temporary network access policy to a control device, where the temporary network access policy is used to control a network behavior after the apparatus accesses a network;
an access unit 502 for accessing a network.
Preferably, the apparatus further comprises a receiving unit 503:
the receiving unit 503 is configured to receive a formal network access policy sent by the control device, and replace the temporary network access policy with the formal network access policy.
As shown in fig. 6, an embodiment of the present invention provides a network access apparatus, including:
the device includes:
a receiving unit 601, configured to receive a first policy identifier sent by a control device, where the first policy identifier is an identifier of a temporary network access policy;
a sending unit 602, configured to determine that the first policy identifier is different from a second policy identifier, where the second policy identifier is an identifier of a formal network access policy of the user equipment; sending a policy update to the control device, the policy update including the second policy identification and policy update data.
Preferably, the policy update data is the formal network access policy; or,
the policy update data is a difference between the formal network access policy and the temporary network access policy.
As shown in fig. 7, an embodiment of the present invention provides a control apparatus, including: a processor 701, a memory 702, a transceiver 703.
The transceiver 703 may be a wired transceiver, a wireless transceiver, or a combination thereof. The wired transceiver may be, for example, an ethernet interface. The ethernet interface may be an optical interface, an electrical interface, or a combination thereof. The wireless transceiver may be, for example, a wireless local area network transceiver, a cellular network transceiver, or a combination thereof. The processor 701 may be a Central Processing Unit (CPU), a Network Processor (NP), or a combination of a CPU and an NP. The processor 701 may further include a hardware chip. The hardware chip may be an application-specific integrated circuit (ASIC), a Programmable Logic Device (PLD), or a combination thereof. The aforementioned PLD may be a Complex Programmable Logic Device (CPLD), a field-programmable gate array (FPGA), a General Array Logic (GAL), or any combination thereof. The memory 702 may include a volatile memory (RAM), such as a random-access memory (RAM); the memory 702 may also include a non-volatile memory (ROM), such as a read-only memory (ROM), a flash memory (HDD), a hard disk (HDD), or a solid-state drive (SSD); the memory 702 may also comprise a combination of the above types of memory.
The memory 702 may be used to store temporary network access policies and/or formal network access policies.
The processor 701 is configured to receive, through the transceiver 703, a temporary network access policy sent by a user equipment;
the processor 701 is configured to control a network behavior of the ue according to the temporary network access policy.
Preferably, the transceiver 703 is specifically configured to:
requesting a formal network access policy of the user equipment from a policy controller;
and after the formal network access strategy is not received within a preset time period, sending a notification message to the user equipment, wherein the notification message is used for notifying the user equipment to send the temporary network access strategy.
Preferably, the transceiver 703 is further configured to receive a formal network access policy of the user equipment, which is sent by a policy controller, after receiving the temporary network access policy sent by the user equipment;
the processor 701 is further configured to, after receiving the formal network access policy, replace the temporary network access policy with the formal network access policy to control a network behavior of the user equipment according to the formal network access policy;
the transceiver 703 is further configured to send the formal network access policy to the user equipment.
Preferably, the transceiver 703 is further configured to send a first policy identifier to a policy controller, where the first policy identifier is an identifier of the temporary network access policy; receiving a policy update sent by the policy controller, where the policy update includes a second policy identifier and policy update data, the second policy identifier is an identifier of a formal network access policy of the user equipment, and the second policy identifier is different from the first policy identifier;
the processor 701 is further configured to update the temporary network access policy to a formal network access policy identified by the second policy identifier according to policy update data, so as to control a network behavior of the user equipment according to the formal network access policy;
the transceiver 703 is further configured to send the formal network access policy to the user equipment.
Preferably, the policy update data is the formal network access policy; or,
the policy update data is a difference between the formal network access policy and the temporary network access policy.
As shown in fig. 8, an embodiment of the present invention provides a user equipment, including: a processor 801, a memory 802, a transceiver 803.
The transceiver 803 may be a wired transceiver, a wireless transceiver, or a combination thereof. The wired transceiver may be, for example, an ethernet interface. The ethernet interface may be an optical interface, an electrical interface, or a combination thereof. The wireless transceiver may be, for example, a wireless local area network transceiver, a cellular network transceiver, or a combination thereof. The processor 801 may be a CPU, an NP, or a combination of a CPU and an NP. The processor 801 may further include a hardware chip. The hardware chip may be an application specific integrated circuit ASIC, a PLD, or a combination thereof. The PLD may be a CPLD, an FPGA, a GAL, or any combination thereof. Memory 802 may include volatile memory, such as RAM; the memory 802 may also include a non-volatile memory, such as a ROM, flash memory, HDD, or SSD; the memory 802 may also comprise a combination of the above-described types of memory.
The memory 802 may be used to store temporary network access policies and/or formal network access policies sent by the control device.
The transceiver 803 is configured to send a temporary network access policy to a control device, where the temporary network access policy is used to control a network behavior after the user device accesses a network;
the processor 801 is configured to access a network.
Preferably, the transceiver 803 is further configured to:
and receiving a formal network access policy sent by the control equipment, and replacing the temporary network access policy with the formal network access policy.
As shown in fig. 9, an embodiment of the present invention provides a policy controller, including: a processor 901, a memory 902, a transceiver 903.
The transceiver 903 may be a wired transceiver, a wireless transceiver, or a combination thereof. The wired transceiver may be, for example, an ethernet interface. The ethernet interface may be an optical interface, an electrical interface, or a combination thereof. The wireless transceiver may be, for example, a wireless local area network transceiver, a cellular network transceiver, or a combination thereof. The processor 901 may be a CPU, an NP, or a combination of a CPU and an NP. The processor 901 may further include a hardware chip. The hardware chip may be an application specific integrated circuit ASIC, a PLD, or a combination thereof. The PLD may be a CPLD, an FPGA, a GAL, or any combination thereof. The memory 902 may include volatile memory, such as RAM; the memory 902 may also include a non-volatile memory, such as a ROM, flash memory, HDD, or SSD; the memory 902 may also comprise a combination of the above-described types of memory.
The memory 902 may be used to store formal network access policies.
The transceiver 903 is configured to receive a first policy identifier sent by a control device, where the first policy identifier is an identifier of a temporary network access policy;
the processor 901 is configured to determine that the first policy identifier is different from a second policy identifier, where the second policy identifier is an identifier of a formal network access policy of the user equipment; sending a policy update to the control device via the transceiver 903, the policy update comprising the second policy identification and policy update data.
Preferably, the policy update data is the formal network access policy; or,
the policy update data is a difference between the formal network access policy and the temporary network access policy.
In summary, according to the method and apparatus provided by the embodiments of the present invention, after receiving a temporary network access policy sent by a user equipment, a control device controls a network behavior of the user equipment according to the temporary network access policy. The control device controls the network behavior of the user equipment according to the temporary network access strategy sent by the user equipment, so that the user equipment can be quickly accessed to the network according to the temporary network access strategy, and the speed of accessing the user equipment to the network is improved.
As will be appreciated by one skilled in the art, embodiments of the present invention may be provided as a method, system, or computer program product. Accordingly, the present invention may take the form of an entirely software embodiment, or an embodiment combining software and hardware aspects. Furthermore, the present invention may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, optical storage, and the like) having computer-usable program code embodied therein.
The present invention is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the invention. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
It will be apparent to those skilled in the art that various modifications and variations can be made in the present invention without departing from the scope of the invention. Thus, it is intended that the present invention cover the modifications and variations of this invention provided they come within the scope of the appended claims.
Claims (18)
1. A method for network access, the method comprising:
the control equipment receives a temporary network access strategy sent by the user equipment; the temporary network access policy includes one or more of: the size of the bandwidth available to the user equipment; the length of time that the user equipment can continuously access the network; a time period during which the user equipment can access the network; network protocols available to the user equipment; a subnet that the user device can access; the priority of the data message sent by the user equipment; application services available to the user equipment;
and the control equipment verifies the validity of the temporary network access strategy, and controls the network behavior of the user equipment according to the temporary network access strategy after the verification is passed.
2. The method of claim 1, wherein before the control device receives the temporary network access policy sent by the user device, the method further comprises:
the control equipment requests a formal network access strategy of the user equipment from a strategy controller;
and after not receiving the formal network access policy within a preset time period, the control device sends a notification message to the user device, wherein the notification message is used for notifying the user device to send the temporary network access policy.
3. The method of claim 1 or 2, wherein the method further comprises:
after receiving the temporary network access strategy sent by the user equipment, the control equipment receives a formal network access strategy of the user equipment sent by a strategy controller;
after receiving the formal network access policy, the control device replaces the temporary network access policy with the formal network access policy to control the network behavior of the user device according to the formal network access policy;
and the control equipment sends the formal network access policy to the user equipment.
4. The method of claim 1 or 2, wherein after the control device receives the temporary network access policy sent by the user device, the method further comprises:
the control equipment sends a first policy identifier to a policy controller, wherein the first policy identifier is an identifier of the temporary network access policy;
the control device receives a policy update sent by the policy controller, where the policy update includes a second policy identifier and policy update data, the second policy identifier is an identifier of a formal network access policy of the user device, and the second policy identifier is different from the first policy identifier;
the control equipment updates the temporary network access strategy into a formal network access strategy identified by the second strategy identification according to strategy updating data so as to control the network behavior of the user equipment according to the formal network access strategy;
and the control equipment sends the formal network access policy to the user equipment.
5. The method of claim 4, wherein the policy update data is the formal network access policy; or,
the policy update data is a difference between the formal network access policy and the temporary network access policy.
6. A method for network access, the method comprising:
the method comprises the steps that user equipment sends a temporary network access strategy to control equipment, wherein the temporary network access strategy is used for controlling network behaviors of the user equipment after the user equipment is accessed to a network; the temporary network access policy includes one or more of: the size of the bandwidth available to the user equipment; the length of time that the user equipment can continuously access the network; a time period during which the user equipment can access the network; network protocols available to the user equipment; a subnet that the user device can access; the priority of the data message sent by the user equipment; application services available to the user equipment;
the user equipment accesses a network.
7. The method of claim 6, wherein the method further comprises:
and the user equipment receives the formal network access strategy sent by the control equipment and replaces the temporary network access strategy with the formal network access strategy.
8. A method for network access, the method comprising:
the method comprises the steps that a policy controller receives a first policy identifier sent by a control device, wherein the first policy identifier is an identifier of a temporary network access policy; the temporary network access policy includes one or more of: the size of the bandwidth available to the user equipment; the length of time that the user equipment can continuously access the network; a time period during which the user equipment can access the network; network protocols available to the user equipment; a subnet that the user device can access; the priority of the data message sent by the user equipment; application services available to the user equipment;
the policy controller determines that the first policy identifier is different from a second policy identifier, where the second policy identifier is an identifier of a formal network access policy of the user equipment;
the policy controller sends a policy update to the control device, the policy update including the second policy identification and policy update data.
9. The method of claim 8, wherein the policy update data is the formal network access policy; or,
the policy update data is a difference between the formal network access policy and the temporary network access policy.
10. A network access apparatus, comprising:
a receiving unit, configured to receive a temporary network access policy sent by a user equipment; the temporary network access policy includes one or more of: the size of the bandwidth available to the user equipment; the length of time that the user equipment can continuously access the network; a time period during which the user equipment can access the network; network protocols available to the user equipment; a subnet that the user device can access; the priority of the data message sent by the user equipment; application services available to the user equipment;
and the control unit is used for verifying the validity of the temporary network access strategy and controlling the network behavior of the user equipment according to the temporary network access strategy after the verification is passed.
11. The apparatus of claim 10, further comprising a transmitting unit to:
the sending unit is used for requesting a formal network access policy of the user equipment from a policy controller;
and after the formal network access strategy is not received within a preset time period, sending a notification message to the user equipment, wherein the notification message is used for notifying the user equipment to send the temporary network access strategy.
12. The apparatus of claim 11, wherein the receiving unit is further configured to receive a formal network access policy of the ue sent by a policy controller after receiving the temporary network access policy sent by the ue;
the control unit is further configured to, after receiving the formal network access policy, replace the temporary network access policy with the formal network access policy to control a network behavior of the user equipment according to the formal network access policy;
the sending unit is further configured to send the formal network access policy to the user equipment.
13. The apparatus of claim 11, wherein the sending unit is further configured to send a first policy identification to a policy controller, the first policy identification being an identification of the temporary network access policy;
the receiving unit is further configured to receive a policy update sent by the policy controller, where the policy update includes a second policy identifier and policy update data, the second policy identifier is an identifier of a formal network access policy of the user equipment, and the second policy identifier is different from the first policy identifier;
the control unit is further configured to update the temporary network access policy to a formal network access policy identified by the second policy identifier according to policy update data, so as to control a network behavior of the user equipment according to the formal network access policy;
the sending unit is further configured to send the formal network access policy to the user equipment.
14. The apparatus of claim 13, wherein the policy update data is the formal network access policy; or,
the policy update data is a difference between the formal network access policy and the temporary network access policy.
15. A network access apparatus, comprising:
a sending unit, configured to send a temporary network access policy to a control device, where the temporary network access policy is used to control a network behavior of the device after accessing a network; the temporary network access policy includes one or more of: the size of the bandwidth available to the user equipment; the length of time that the user equipment can continuously access the network; a time period during which the user equipment can access the network; network protocols available to the user equipment; a subnet that the user device can access; the priority of the data message sent by the user equipment; application services available to the user equipment;
and the access unit is used for accessing the network.
16. The apparatus of claim 15, wherein the apparatus further comprises a receiving unit:
the receiving unit is configured to receive a formal network access policy sent by the control device, and replace the temporary network access policy with the formal network access policy.
17. A network access apparatus, comprising:
a receiving unit, configured to receive a first policy identifier sent by a control device, where the first policy identifier is an identifier of a temporary network access policy; the temporary network access policy includes one or more of: the size of the bandwidth available to the user equipment; the length of time that the user equipment can continuously access the network; a time period during which the user equipment can access the network; network protocols available to the user equipment; a subnet that the user device can access; the priority of the data message sent by the user equipment; application services available to the user equipment;
a sending unit, configured to determine that the first policy identifier is different from a second policy identifier, where the second policy identifier is an identifier of a formal network access policy of the user equipment; sending a policy update to the control device, the policy update including the second policy identification and policy update data.
18. The apparatus of claim 17, wherein the policy update data is the formal network access policy; or,
the policy update data is a difference between the formal network access policy and the temporary network access policy.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510583009.4A CN106535176B (en) | 2015-09-14 | 2015-09-14 | Network access method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510583009.4A CN106535176B (en) | 2015-09-14 | 2015-09-14 | Network access method and device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN106535176A CN106535176A (en) | 2017-03-22 |
| CN106535176B true CN106535176B (en) | 2020-09-04 |
Family
ID=58348426
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201510583009.4A Active CN106535176B (en) | 2015-09-14 | 2015-09-14 | Network access method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN106535176B (en) |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101272627A (en) * | 2008-04-30 | 2008-09-24 | 杭州华三通信技术有限公司 | Network access control method and apparatus for implementing roaming |
| CN101616137A (en) * | 2008-06-26 | 2009-12-30 | 中兴通讯股份有限公司 | The system that Host Security cut-in method, partition method and safety insert and isolates |
| CN101640943A (en) * | 2008-07-31 | 2010-02-03 | 国际商业机器公司 | Method for switching network layers in wireless local area network and corresponding wireless access point equipment |
| CN103533104A (en) * | 2013-10-31 | 2014-01-22 | 成都西加云杉科技有限公司 | Method for issuing IP address as well as method, device and system for acquiring temporary information |
| CN104767715A (en) * | 2014-01-03 | 2015-07-08 | 华为技术有限公司 | Network access control method and equipment |
Family Cites Families (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101616128A (en) * | 2008-06-28 | 2009-12-30 | 华为技术有限公司 | A kind of access control method and system and relevant device |
| CN104185213B (en) * | 2013-05-20 | 2018-10-30 | 华为终端(东莞)有限公司 | Data stream transmitting control method and device |
| CN103747481B (en) * | 2014-01-16 | 2017-08-11 | 中国联合网络通信集团有限公司 | A kind of network congestion prompting and connection control method and device |
| US9654482B2 (en) * | 2014-01-22 | 2017-05-16 | Cisco Technology, Inc. | Overcoming circular dependencies when bootstrapping an RPKI site |
| CN103888928B (en) * | 2014-03-04 | 2017-04-26 | 华为技术有限公司 | Business strategy control method and system |
-
2015
- 2015-09-14 CN CN201510583009.4A patent/CN106535176B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101272627A (en) * | 2008-04-30 | 2008-09-24 | 杭州华三通信技术有限公司 | Network access control method and apparatus for implementing roaming |
| CN101616137A (en) * | 2008-06-26 | 2009-12-30 | 中兴通讯股份有限公司 | The system that Host Security cut-in method, partition method and safety insert and isolates |
| CN101640943A (en) * | 2008-07-31 | 2010-02-03 | 国际商业机器公司 | Method for switching network layers in wireless local area network and corresponding wireless access point equipment |
| CN103533104A (en) * | 2013-10-31 | 2014-01-22 | 成都西加云杉科技有限公司 | Method for issuing IP address as well as method, device and system for acquiring temporary information |
| CN104767715A (en) * | 2014-01-03 | 2015-07-08 | 华为技术有限公司 | Network access control method and equipment |
Also Published As
| Publication number | Publication date |
|---|---|
| CN106535176A (en) | 2017-03-22 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| EP3629610B1 (en) | Method and apparatus for managing embedded universal integrated circuit card configuration file | |
| EP3800909B1 (en) | Remote management method, and device | |
| US11375363B2 (en) | Secure updating of telecommunication terminal configuration | |
| CN108429740B (en) | Method and device for obtaining equipment identifier | |
| KR101838872B1 (en) | Apparatus and method for sponsored connection to wireless networks using application-specific network access credentials | |
| US9843575B2 (en) | Wireless network authentication method and wireless network authentication apparatus | |
| KR101840180B1 (en) | Apparatus and method for sponsored connection to wireless networks using application-specific network access credentials | |
| US11974132B2 (en) | Routing method, apparatus, and system | |
| US20160241537A1 (en) | Method for transferring profile and electronic device supporting the same | |
| US11184336B2 (en) | Public key pinning for private networks | |
| TW201706900A (en) | Method and device for authentication using dynamic passwords | |
| KR102281782B1 (en) | Method and apparatus for managing an application of a terminal remotely in a wireless communication system | |
| EP3550786B1 (en) | Certificate acquisition method, authentication method and network device | |
| CN106656923A (en) | Device association method, key update method and apparatuses | |
| CN107689864B (en) | Authentication method, server, terminal and gateway | |
| CN111034118B (en) | Secure delegation credentials in third party networks | |
| CN105791235A (en) | Configuration information downloading method and device | |
| CN107852603A (en) | The method and apparatus of terminal authentication | |
| CN112383897B (en) | Information transmission method, device, medium and electronic equipment based on intelligent network | |
| CN112913263A (en) | Method and apparatus for handling remote profile management exceptions | |
| EP3497877B1 (en) | A method for provisioning a first communication device by using a second communication device | |
| EP3547231B1 (en) | Electronic device management | |
| WO2014169802A1 (en) | Terminal, network side device, terminal application control method, and system | |
| CN109391601B (en) | Method, device and equipment for granting terminal network permission | |
| CN110771087B (en) | Private key update |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |