CN102457847A - Method and system for sensing user access by fixed network - Google Patents
Method and system for sensing user access by fixed network Download PDFInfo
- Publication number
- CN102457847A CN102457847A CN2010105147165A CN201010514716A CN102457847A CN 102457847 A CN102457847 A CN 102457847A CN 2010105147165 A CN2010105147165 A CN 2010105147165A CN 201010514716 A CN201010514716 A CN 201010514716A CN 102457847 A CN102457847 A CN 102457847A
- Authority
- CN
- China
- Prior art keywords
- information
- user access
- bras
- bng
- access information
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 86
- 230000008569 process Effects 0.000 claims abstract description 40
- 238000013475 authorization Methods 0.000 claims abstract description 14
- 238000012546 transfer Methods 0.000 claims description 62
- 238000013507 mapping Methods 0.000 claims description 14
- 230000009977 dual effect Effects 0.000 claims description 13
- 230000000977 initiatory effect Effects 0.000 claims description 6
- GVVPGTZRZFNKDS-JXMROGBWSA-N geranyl diphosphate Chemical compound CC(C)=CCC\C(C)=C\CO[P@](O)(=O)OP(O)(O)=O GVVPGTZRZFNKDS-JXMROGBWSA-N 0.000 description 21
- 238000010586 diagram Methods 0.000 description 8
- 230000005540 biological transmission Effects 0.000 description 5
- 230000004044 response Effects 0.000 description 3
- 230000003993 interaction Effects 0.000 description 2
- 230000007246 mechanism Effects 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000002776 aggregation Effects 0.000 description 1
- 238000004220 aggregation Methods 0.000 description 1
- 238000004891 communication Methods 0.000 description 1
- 238000012790 confirmation Methods 0.000 description 1
- 238000011217 control strategy Methods 0.000 description 1
- 238000005538 encapsulation Methods 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 230000002349 favourable effect Effects 0.000 description 1
- 230000002452 interceptive effect Effects 0.000 description 1
- 238000012545 processing Methods 0.000 description 1
- 230000011664 signaling Effects 0.000 description 1
- 230000005641 tunneling Effects 0.000 description 1
Images
Landscapes
- Mobile Radio Communication Systems (AREA)
Abstract
The invention discloses a method and a system for sensing user access by a fixed network, which can be based on the authentication process stage of a mobile network on user equipment, and a third generation partner plan authentication authorization charging acquires user access information and further transmits the user access information to a broadband forum authentication authorization charging; the broadband forum authentication authorization charging provides the user access information to a broadband policy control function; the broadband policy control function discovers a policy and charging rule function serving the user according to the received user access information, and initiates session establishment to the policy and charging rule function. The method and the system of the invention ensure that the fixed network equipment can identify the user access according to the user access information, thereby being capable of supporting the implementation and the admission control of the business developed by the user.
Description
Technical Field
The invention relates to the field of communication, in particular to a method and a system for sensing user access by a fixed network.
Background
An Evolved Packet System (EPS) developed by the third Generation Partnership Project (3 GPP) consists of Evolved Universal mobile telecommunications System Terrestrial Radio Access Network (E-UTRAN), Mobility Management unit (MME), Mobility Management Entity (MME), serving gateway (S-GW), Packet Data Network gateway (P-GW or PDN GW, Packet Data Network gateway), Home Subscriber Server (HSS), Authentication Authorization Accounting (AAA) of 3GPP, Authentication and Authorization Accounting (Authorization and Accounting) Server of 3GPP, Policy and Charging Rules Function (PCRF) Entity and other support nodes. The evolved packet system portion of fig. 1 illustrates the system architecture thereof, wherein the MME is responsible for the related operations of the control plane such as mobility management, processing of non-access stratum signaling, and management of user mobility management context; the S-GW is an access gateway device connected with the E-UTRAN, forwards data between the E-UTRAN and the P-GW, and is responsible for caching paging waiting data; the P-GW is a border gateway of an EPS and Packet Data Network (PDN) Network and is responsible for PDN access, Data forwarding between the EPS and the PDN and other functions; the S-GW and the P-GW both belong to a core network gateway; the PCRF is a policy and charging rule function entity, and is connected to an operator network Protocol (IP, Internet Protocol) Service network through an Rx interface to obtain Service information, and is connected to a gateway device in a bearer network through a Gx/Gxa/Gxc interface to be responsible for transmitting Quality of Service (QoS) authorization to the bearer network, ensuring QoS for Service data transmission, and performing charging control.
As shown in fig. 1, the EPS supports 3GPP access (e.g., E-UTRAN), and in addition the EPS also supports access for non-3 GPP networks. The non-3 GPP network can access the EPS network through an S2a/b/c interface, and the P-GW is used as an anchor point between the EPS and the non-3 GPP system. Non-3 GPP networks accessing EPS are divided into trusted non-3 GPP accesses and untrusted non-3 GPP accesses. The trusted non-3 GPP access can access the P-GW through an S2a interface; the untrusted non-3 GPP access needs to access a P-GW through an Evolved packet data Gateway (ePDG), wherein an interface between the ePDG and the P-GW is S2 b; in addition, User Equipment (UE) under non-3 GPP access (trusted and untrusted) can also access P-GW through S2c interface. If the access is the trusted S2c access, the UE accesses the P-GW through the trusted non-3 GPP access gateway; if the access is the non-trusted S2c access, the UE accesses the P-GW through the non-trusted non-3 GPP access gateway and through the ePDG. The S2a/b interface may be implemented using GPRS Tunneling Protocol (GTP) or Proxy Mobile IP Protocol (PMIP). The S2c interface may be implemented using Dual Stack Mobile IP Protocol (DSMIP).
As shown in fig. 1, if it is necessary to perform fine Control on network resources used by a service developed by a UE accessing an EPS system and implement flow-based Charging, a Policy and Charging Control (PCC) function needs to be configured in the EPS system. The PCC is composed of main functional entities such as a Policy and Charging rules Function PCRF, a Policy and Charging Enforcement Function (PCEF), and a Bearer Binding and Event Report Function (BBERF). The PCEF can be realized on the P-GW, and the interaction of the control strategy information is carried out between the PCRF and the PCEF through a Gx interface. The BBERF may be implemented on the S-GW or trusted non-3 GPP access gateway. When PMIP protocol is adopted by an S5 interface (between P-GW and S-GW), an S2a interface (between P-GW and a trusted non-3 GPP access gateway) or DSMIP is adopted by a trusted S2c interface, the interaction of control policy information is carried out between PCRF and BBERF through Gx/Gxa/Gxc interface.
An operator focuses on a Fixed Mobile Convergence (FMC) scenario, which is based on the above-mentioned interworking architecture between non-3 GPP and EPS shown in fig. 1, where the non-3 GPP network is a network defined By Broadband Forum (BBF), and specific network element information of the non-3 GPP network refers to fig. 2.
As shown in fig. 2, for example, the UE accesses a Wireless Local Area Network (WLAN) and accesses an EPS network through a BBF fixed network. The UE accesses a home Gateway (RG) through a Wireless Access Point (WiFi AP), accesses a BBF Network through the RG, and finally accesses AN EPS core Network, where the BBF Network is composed of Access points (AN, Access notes), a Broadband Access Server (BRAS, Broadband Remote Access Server)/a Broadband Network Gateway (BNG, Broadband Network Gateway), and other main devices. The AN may be a Digital Subscriber Line Access Multiplexer (DSLAM) or the like.
The BBF fixed network accessed to the EPS core network is divided into trusted access and untrusted access according to the credibility of the mobile operator to the fixed network operator:
if the mobile operator considers the BBF fixed network as untrusted access, as shown in Case 1 and Case2 in fig. 2, the UE needs to establish an IP Sec (IP security) tunnel with the ePDG. Data between the UE and the PDN network are transmitted in an encrypted mode, so that the fixed network equipment cannot sense the data content transmitted by the fixed network equipment, and the safety of data transmission is guaranteed.
If the mobile operator considers the BBF fixed network as trusted access, as shown in Case 3 in fig. 2. At this time, when the UE accesses the EPS core network through the BBF network, the UE does not need to pass through the ePDG. And establishing a DSMIP tunnel between the UE and the P-GW for data transmission.
In addition, when the UE is accessed to a BBF fixed network through a user premises network, two modes of bridging and routing also exist; wherein,
route mode: and the UE accesses the RG through the WiFi AP and accesses the BRAS/BNG after the AN aggregation. The RG allocates an IP address to the UE, for example: and the UE accesses the RG, the user name and the password are adopted for authentication on the RG, and the RG allocates an IP address for the UE after the authentication is successful. BRAS/BNG assigns IP addresses to RGs, for example: when the RG is electrified, the RG initiates access authentication to the BRAS/BNG, and after the authentication is successful, the BRAS/BNG allocates an IP address for the RG.
Bridge mode: and the UE accesses through the WiFi AP and accesses to the BRAS/BNG after being converged through the AN. The IP address of the UE is allocated by BBF fixed network equipment (such as BRAS/BNG). In Bridge mode, there is also possibility that there is RG in network, but at this time, the RG is only a two-layer (data link layer) device, which does not participate in user authentication and IP address allocation process, and only provides two-layer connection between UE and BRAS/BNG.
For the Route mode, the IP address allocated by the RG to the UE is a private network address (internal address), that is, the IP address is only used for the user to identify the UE in the local network, and the BBF fixed network and the EPS core network cannot identify the UE according to the IP address. When the UE sends an uplink data packet, when the data packet identified with the internal IP address of the UE passes through the RG, the RG needs to encapsulate an external encapsulation layer public network IP address of the data packet, for example, into a Customer Premise Equipment (CPE) address/RG IP address; the public network address can be recognized by the BBF device and the EPS device. For the downlink data message, the EPS network equipment encapsulates the CPE/RG IP address on the outer layer of the data message, sends the data message to the CPE/RG, encapsulates the outer layer of the data message into the private network IP address of the UE by the CPE/RG, and then sends the private network IP address to the UE. Therefore, in the Route mode, the interactive data packets between the UE and the EPS device need to be processed by the CPE/RG, and the devices (BBF device and EPS device) behind the CPE/RG cannot directly sense the UE accessing the network. For the Bridge mode, the user is authenticated on the BRAS/BNG and is allocated with an IP address by the BRAS/BNG, and the IP address is a public network IP address and can be identified by the BBF fixed network and the EPS core network equipment.
After the UE is successfully attached to the EPS core network through the BBF fixed network, the UE can perform a service. In order to ensure the transmission quality of data and improve the user experience, the QoS on the entire data routing path needs to be ensured, and the QoS policy control is performed on the mobile network resources and the fixed network resources used by the user through the policy control function, so as to realize the above functions. Meanwhile, in order to ensure the consistency of the QoS policy control in the fixed network and the mobile network for the same user, S9 needs to be established between the PCRF and the BPCF*Session required for PCRF and BPCF to interactively control UE using network resourcesInformation such as user information, QoS policies, etc. The Policy Control Function may be a PCRF in an EPS network and a Broadband Policy Control Function (BPCF) in a BBF network.
In order to implement the above process of implementing QoS control on the UE service, the BBF fixed network and the EPS network device need to sense the access of the UE. For the EPS network device, because the UE needs to perform access authentication based on 3GPP when accessing the EPS network, and the authentication process includes the access information of the user, the EPS network device can sense the access of the UE. However, for the BBF fixed network device, since it does not support the 3 GPP-based access authentication mechanism, when the UE accesses the EPS network through the BBF fixed network, all the 3 GPP-based authentication messages are transparently transmitted in the BBF network, so that the BBF fixed network device cannot acquire the access information of the user, and cannot sense the access of the UE. Therefore, admission control cannot be performed on the service developed by the UE on the fixed network side. This is obviously not favorable for smooth operation of the user service, and at the same time, reduces the user satisfaction.
Disclosure of Invention
In view of this, the main objective of the present invention is to provide a method and a system for a fixed network to sense user access, so that a fixed network device can identify user access according to user access information, and support admission control on a service developed by a user.
In order to achieve the purpose, the technical scheme of the invention is realized as follows:
a method of fixed network aware user access, the method comprising:
based on the authentication process stage of the mobile network to the user equipment UE, the third generation partner plan authentication authorization accounting 3GPP AAA obtains the user access information and further transmits to the broadband forum authentication authorization accounting BBF AAA;
the BBF AAA provides the user access information to a Broadband Policy Control Function (BPCF);
the BPCF finds a policy and charging rule function PCRF serving the user according to the received user access information, and initiates session establishment to the PCRF.
The process of acquiring the user access information by the 3GPP AAA comprises the following steps:
if the UE accesses an EPS network through an untrusted BBF network, after the user access authentication is successful, an ePDG provides the user access information to the 3GPP AAA;
and if the UE accesses the EPS network through the trusted BBF network, after the user access authentication is successful, the packet data network gateway P-GW provides the user access information for the 3 GPPAAA.
The user access information comprises user identification and tunnel information; the user identification is: international mobile subscriber identity IMSI or network access identity NAI;
when the UE accesses the EPS network through the non-trusted BBF network, if the UE accesses the EPS network in a route mode, the tunnel information comprises the IP address of CPE/home gateway RG of the user station equipment and the IP address of ePDG; if the UE accesses by adopting a bridge mode, the tunnel information comprises an IP address of the UE and an IP address of the ePDG;
when the UE accesses the EPS network through the trusted BBF network, the tunnel information comprises a care-of address CoA and a P-GW address;
the method for providing the user access information to the 3GPP AAA by the ePDG comprises the following steps:
the ePDG directly provides the user access information to the 3GPP AAA; or,
the ePDG provides the user access information to the 3GPP AAA through the P-GW.
The process of the 3GPP AAA transferring the user access information to the BBF AAA comprises the following steps:
the 3GPP AAA finds a BBF AAA according to a CPE/RG IP address, a UE IP address or CoA contained in the tunnel information in the user access information and a configuration relation; and the 3GPP AAA and the BBF AAA establish a session and transfer the user access information to the BBF AAA.
The way that the BBF AAA provides the BPCF with the user access information comprises the following steps:
the BBF AAA provides the user access information to the BPCF through a broadband access server BRAS/broadband network gateway BNG; or,
the BBF AAA provides the user access information directly to the BPCF.
The BBF AAA providing the user access information to the BPCF through the BRAS/BNG comprises the following steps:
the BBF AAA finds the BRAS/BNG process, and establishes the conversation with BRAS/BNG process, and finally transfers the user access information to BRAS/BNG;
the method also comprises the procedures that the BRAS/BNG discovers the BPCF and establishes a session with the BPCF, and the user access information can be guaranteed to be transferred to the BPCF.
The specific process that the BBF AAA provides the user access information to the BPCF through the BRAS/BNG comprises the following steps:
if UE accesses in a route mode or the user identifier is a mobile identity identifier, BBF AAA finds BRAS/BNG according to an IP address and a configuration relation contained in tunnel information in the user access information acquired from 3GPP AAA, establishes a session with the BRAS/BNG, and sends the user access information to the BRAS/BNG; the BRAS/BNG discovers the BPCF according to the user IP address/CoA/CPE/RG IP address and the configuration relation contained in the tunnel information, establishes a session with the BPCF and sends the user access information to the BPCF;
if the UE is accessed in a bridge mode, the UE carries the mobile and fixed network unified identity or fixed network identity when requesting the BRAS/BNG to allocate an IP address for the UE; the BRAS/BNG and the BBF AAA establish a session, and send an authentication and authorization request aiming at the user to the BBF AAA, wherein the request carries the identity and the BRAS/BNG IP address; BBFAAA stores the mapping relation between the identity and the BRAS/BNG IP address; after the authentication is successful, the BRAS/BNG allocates an IP address for the user; the BBF AAA acquires the user access information from the 3GPP AAA, and matches according to the mobile fixed network uniform identity mark or the dual identity mark of the mobile network and the fixed network contained in the user access information, the identity mark in the BBF AAA and the mapping relation of the BRAS/BNG IP address; when the user is identified to be authenticated by the fixed network, the session established during the fixed network authentication is used for issuing the user access information to the BRAS/BNG; the BRAS/BNG discovers BPCF according to the user access information and the configuration relation, and establishes a session with the BPCF; and the BRAS/BNG sends the user access information to the BPCF.
The process that the BPCF discovers the PCRF and initiates session establishment to the PCRF comprises the following steps:
the BPCF discovers the PCRF serving the user according to the user identification contained in the user access information, and further initiates S9 to the PCRF*And establishing the session.
A system for fixed network aware user access, the system comprising: the system comprises an information initial acquisition unit, an information transfer unit and an information application unit; wherein,
the information initial acquisition unit is used for acquiring user access information and further transmitting the user access information to the information transfer unit based on the authentication process stage of the mobile network to the UE;
the information transfer unit is used for providing the user access information to the information application unit;
the information application unit is used for discovering the PCRF serving for the user according to the received user access information and initiating session establishment to the PCRF.
The information initial obtaining unit is used for obtaining the user access information:
if the UE accesses the EPS network through the non-trusted BBF network, triggering the ePDG to provide the user access information to the information initial acquisition unit after the user access authentication is successful;
and if the UE accesses the EPS network through the trusted BBF network, triggering the P-GW to provide the user access information for the information initial acquisition unit after the user access authentication is successful.
The user access information comprises user identification and tunnel information; the user identification is: IMSI or NAI;
when the UE accesses the EPS network through the non-trusted BBF network, if the UE accesses in a route mode, the tunnel information comprises a CPE/RG IP address and an ePDG IP address; if the UE accesses by adopting a bridge mode, the tunnel information comprises an IP address of the UE and an IP address of the ePDG;
and when the UE accesses the EPS network through the trusted BBF network, the tunnel information comprises the CoA and the P-GW address.
When the information initial acquisition unit transmits the user access information to the information transfer unit, the information initial acquisition unit is used for:
a transfer unit for discovering information according to CPE/RG IP address, UE IP address or CoA contained in the tunnel information in the user access information and the configuration relation; the information initial acquisition unit and the information transfer unit establish a session, and the user access information is transmitted to the information transfer unit.
When the information transfer unit provides the user access information to the information application unit, the information transfer unit is configured to:
providing the user access information to the information application unit through BRAS/BNG; or,
and directly providing the user access information to the information application unit.
When the information transfer unit provides the user access information to the information application unit through the BRAS/BNG, the information transfer unit is configured to:
the process of discovering BRAS/BNG and the process of establishing session with BRAS/BNG, and finally transferring the user access information to BRAS/BNG;
the method also comprises the process that the BRAS/BNG discovers the information application unit and establishes a session with the information application unit, thereby ensuring that the user access information can be transferred to the information application unit.
When the information transfer unit provides the user access information to the information application unit through the BRAS/BNG, the information transfer unit is specifically configured to:
if the UE accesses in a route mode or the user identifier is a mobile identity identifier, the information transfer unit finds the BRAS/BNG according to the IP address and the configuration relation contained in the tunnel information in the acquired user access information, establishes a session with the BRAS/BNG and sends the user access information to the BRAS/BNG; the BRAS/BNG discovers the information application unit according to the user IP address/CoA/CPE/RG IP address and the configuration relation contained in the tunnel information, establishes a session with the information application unit and sends the user access information to the information application unit;
if the UE is accessed in a bridge mode, the UE carries the mobile and fixed network unified identity or fixed network identity when requesting the BRAS/BNG to allocate an IP address for the UE; the BRAS/BNG and the information transfer unit establish a session, and send an authentication request aiming at the user to the information transfer unit, wherein the request carries the identity and the BRAS/BNG IP address; the information transfer unit stores the mapping relation between the identity and the BRAS/BNG IP address; after the authentication is successful, the BRAS/BNG allocates an IP address for the user; the information transfer unit acquires the user access information and matches the user access information according to a mobile fixed network uniform identity identifier or a mobile network and fixed network dual identity identifier contained in the user access information, an identity identifier in the information transfer unit and a mapping relation of a BRAS/BNG IP address; when the user is identified to be authenticated by the fixed network, the session established during the fixed network authentication is used for issuing the user access information to the BRAS/BNG; the BRAS/BNG discovers the information application unit according to the user access information and the configuration relation, and establishes a session with the information application unit; and the BRAS/BNG sends the user access information to the information application unit.
The information application unit finds the PCRF and is used for, when initiating session establishment to the PCRF:
the information application unit finds the PCRF serving for the user according to the user identification contained in the user access information, and then initiates S9 to the PCRF*And establishing the session.
The method and the system of the invention ensure that the fixed network equipment can identify the user access according to the user access information, thereby being capable of supporting the implementation and the admission control of the business developed by the user.
Drawings
FIG. 1 is a schematic diagram of a system architecture of an EPS;
FIG. 2 is a schematic diagram of an FMC system;
FIG. 3 is a flow diagram of a BPCF implementation admission control of one embodiment in an untrusted access scenario;
fig. 4 is a flow diagram of BPCF performing admission control according to another embodiment in an untrusted access scenario;
FIG. 5 is a flow diagram of an embodiment of a BPCF admission control in a trusted access scenario;
fig. 6 is a flow chart of BPCF admission control for another embodiment in a trusted access scenario;
fig. 7 is a simplified flow chart of the fixed network aware user access according to the embodiment of the present invention;
fig. 8 is a system diagram of fixed network aware user access according to an embodiment of the present invention.
Detailed Description
In general, based on the authentication process phase of the mobile network to the UE, the 3GPP AAA may obtain the user access information and further transmit it to the BBF AAA; then, the BBF AAA may provide the user access information to the BPCF, and the BPCF may discover a PCRF serving a user according to the received user access information and initiate S9 to the PCRF*And establishing the session.
Specifically, the process of acquiring the user access information by the 3gpp aaa may be:
and if the UE accesses the EPS network through the non-trusted BBF network, the ePDG provides the user access information to the 3GPP AAA after the user access authentication is successful. Of course, if the UE accesses the EPS network through the untrusted BBF network and adopts the S2b interface, the ePDG may also provide the user access information to the 3GPP AAA through the P-GW.
And if the UE accesses the EPS network through the trusted BBF network, the P-GW provides the user access information for the 3GPP AAA after the user access authentication is successful.
The user access information may include user identification, tunnel information, and the like. The user identification may be: international Mobile Subscriber Identity (IMSI), Network Access Identity (NAI), and the like.
In addition, when the UE accesses the EPS network through the non-trusted BBF network, if the UE accesses in a route mode, the tunnel information comprises a CPE/RG IP address and an ePDG IP address; and if the UE accesses by adopting a bridge mode, the tunnel information comprises the IP address of the UE and the IP address of the ePDG.
And if the UE accesses the EPS network by trusting the BBF network, the tunnel information comprises a care-of-address (CoA) and a P-GW address.
The process of the 3GPP AAA further transferring the user access information to a BBF AAA may include:
and the 3GPP AAA discovers the BBF AAA according to the CPE/RG IP address (aiming at route access mode), the UE IP address (aiming at bridge access mode) or the CoA and the configuration relation contained in the tunnel information in the user access information. And the 3GPP AAA and the BBF AAA establish a session and transfer the user access information to the BBF AAA.
The manner in which the BBF AAA provides the user access information to the BPCF may include:
the BBF AAA provides the user access information to the BPCF through the BRAS/BNG; or,
the BBF AAA provides the user access information directly to the BPCF.
When the BBF AAA provides the user access information to the BPCF through the BRAS/BNG, the BBF AAA finds the BRAS/BNG and establishes a session with the BRAS/BNG, and finally transfers the user access information to the BRAS/BNG. Of course, the BRAS/BNG also discovers the BPCF and establishes a session with the BPCF to ensure that the user access information can be transferred to the BPCF.
It should be noted that if the subscriber identity is a mobile identity (e.g. IMSI), the BBFAAA discovers the BRAS/BNG according to the IP address (RG/CPE IP address if route access; UE IP address or CoA if bridge access) and the configuration relationship included in the tunnel information in the subscriber access information obtained from the 3GPP AAA, establishes a session with the BRAS/BNG, and sends the subscriber access information (tunnel information and subscriber identity) to the BRAS/BNG. The BRAS/BNG discovers the BPCF according to the user IP address/CoA/CPE/RG IP address and configuration relation contained in the tunnel information, establishes a session with the BPCF, and sends the user access information (containing tunnel information and user identification) to the BPCF.
The above method can also be used for users with fixed mobile unified identities or users with dual identities for fixed and mobile networks. And if the user identifier has a dual identity identifier of a mobile network and a fixed network or a unified identity identifier of the mobile network and the fixed network, then:
if the UE accesses in the route manner, the route implementation manner when the user identifier is a mobile identity identifier may be referred to.
And if the UE is accessed in a bridge mode, the UE carries the mobile and fixed network unified identity or fixed network identity when requesting the BRAS/BNG to allocate an IP address for the UE. And the BRAS/BNG and the BBF AAA establish a session, and send an authentication and authorization request aiming at the user to the BBF AAA, wherein the request carries the identity and the BRAS/BNG IP address. And the BBF AAA stores the mapping relation between the identity and the BRAS/BNG IP address. And when the authentication is successful, the BRAS/BNG allocates an IP address for the user. The BBF AAA acquires the user access information from the 3GPP AAA, and matches according to the mobile fixed network uniform identity mark or the dual identity mark of the mobile network and the fixed network contained in the user access information, the identity mark in the BBF AAA and the mapping relation of the BRAS/BNG IP address; and when identifying that the user has performed fixed network authentication, the session established during the fixed network authentication is used for issuing the user access information to the BRAS/BNG. And the BRAS/BNG discovers the BPCF according to the user access information and the configuration relation and establishes a session with the BPCF. And the BRAS/BNG sends the user access information to the BPCF.
The BPCF discovers the PCRF serving the user and initiates S9 to the PCRF*The session establishment process comprises the following steps:
the BPCF identifies (e.g., based on user identification) included in the user access informationIMSI, or NAI) discover PCRF serving a user, to which the BPCF initiates S9*And establishing the session.
Specific embodiments are described below with reference to the accompanying drawings.
Example one
The UE accesses through a fixed network WLAN, a mobile operator regards the fixed network access as an untrusted access, and an ePDG is deployed in the mobile network to ensure the data transmission safety. When the UE establishes the IP-Sec tunnel to the ePDG, the ePDG authenticates to the 3GPP AAA, and after the authentication is passed, the 3GPP AAA establishes a session to the BBF AAA so as to inform the BBF AAA of user access. The message for notification carries user access information, and the message may also indicate that the UE has been authenticated in the mobile network. The BBF AAA sends the user access information to the BPCF through the BRAS/BNG. BPCF discovers PCRF according to user identification, and establishes with PCRF S9*And (5) conversation. The specific implementation flow is shown in fig. 3:
the UE accesses the EPC network through the untrusted BBF network. A 3 GPP-based extensible authentication protocol-authentication and key negotiation mechanism (EAP-AKA) access authentication procedure is performed between the UE, the ePDG and the 3GPP AAA. During the authentication process, the UE needs to transfer the user identifier (e.g. IMSI or NAI) to the 3gpp aaa. Since the BBF network does not support EAP-AKA authentication, the authentication message of executing EAP-AKA between the UE and the EPC network is transmitted in the BBF network.
The RG or BRAS/BNG assigns the UE an IP address. If the UE accesses the network by adopting a Route mode, the RG allocates a private network IP address to the UE; if the UE accesses the network by adopting bridge mode, the BRAS/BNG allocates a public IP address to the UE.
The UE initiates an internet key exchange protocol v2(IKEv2) authentication procedure, and performs an authentication procedure between the ePDG and the 3gpp aaa. After the authentication is passed, an IP-Sec tunnel is established between the UE and the ePDG, and the ePDG sends the user access information to the 3GPP AAA. The user access information comprises user identification (such as IMSI/NAI) and IP-Sec tunnel information. If the UE accesses in a Route mode, the IPSec tunnel information comprises an RG/CPE IP address and an ePDG IP address; and if the UE adopts the Bridge mode for access, the IPSec tunnel information comprises the IP address of the UE and the IP address of the ePDG.
304.3GPP AAA maintains user access information received from ePDGs. The 3GPP AAA finds the BBF AAA according to the user access information (for example, the 3GPP AAA inquires the fixed network information according to the CPE/RG IP address or the UE IP address in the IPSec tunnel information and the BBF fixed network configuration relation of the IP address section, and further obtains the IP address of the BBF AAA which is served by the user access EPS network). And establishing a session between the 3GPP AAA and the BBF AAA, and sending the user access information to the BBF AAA to inform the BBF AAA of the UE access and indicate that the UE passes the authentication of the EPS network.
The BBF AAA finds the BRAS/BNG serving the UE access network according to the IP address information (such as the UE IP address or the RG/CPE IP address) contained in the IPSec tunnel information and the configuration relation (the configuration relation indicates the BRAS/BNG serving the IP address field), establishes a session between the BBF AAA and the BRAS/BNG, and sends the user access information to the BRAS/BNG.
And 306, the BRAS/BNG finds the BPCF serving the UE access network according to the IP address information (such as the IP address of the UE or the IP address of the RG/CPE) contained in the IPSec tunnel information and the configuration relation (the configuration relation indicates the BPCF serving the IP address field), establishes a session between the BRAS/BNG and the BPCF, and sends the user access information to the BPCF.
The BPCF discovers the PCRF accessing the service for the subscriber based on the subscriber identity (e.g. IMSI or NAI) included in the subscriber access information, and establishes S9 with the PCRF*And (5) conversation. S9*Session establishment may be implemented by a gateway controlled session establishment procedure.
308. After BBF AAA completes IPSec tunnel establishment authentication successfully, response message is returned to ePDG, ePDG initiates Proxy Binding modification (PBU) request to P-GW to carry out PMIP registration.
And 309, after receiving the PMIP registration request from the ePDG, the PGW establishes an IP-CAN session with the PCRF.
The PGW initiates a PGW address update to the 3GPP AAA 310.
And 311, the PGW returns a PMIP registration success message to the ePDG.
312. And after PMIP registration is successful, the UE authenticates the ePDG and completes the establishment of the IPSec tunnel.
The ePDG sends the last IKEv2 message to the UE 313. And establishing the IP connection between the UE and the PGW. Data interacted between the UE and the PDN network is transmitted between the UE and the ePDG through an IPSec tunnel, and is transmitted between the ePDG and the PGW through a PMIP tunnel.
314. When an IP-CAN session is established between the PGW and the PCRF, the PCRF issues a QoS control policy related to user access to the PGW, and the PCRF also needs to issue the QoS control policy to the BPCF through a gateway control and QoS provision program. The BPCF may implement admission control on BBF fixed network resources used by the UE when performing a service according to QoS information provided by the PCRF.
Example two
The UE access scenario of the second embodiment is the same as that of the first embodiment, and the main difference is that after the access authentication is completed, the ePDG provides the user access information to the 3GPP AAA through the P-GW. The specific implementation flow is shown in fig. 4:
the UE accesses the network, performs the access authentication process, and allocates the IP address to the UE, which may refer to steps 301 to 302 in the first embodiment.
The UE initiates an IKEv2 authentication procedure, and performs an authentication procedure between the ePDG and the 3GPP AAA. And after the authentication is passed, establishing an IP-Sec tunnel between the UE and the ePDG.
And 403, the ePDG sends a proxy binding update message to the P-GW to request PMIP registration. The message also contains user access information, and the user access information comprises user identification (such as IMSI/NAI), IP-Sec tunnel information and the like. If the UE accesses in a Route mode, the IPSec tunnel information comprises an RG/CPE IP address and an ePDG IP address; and if the UE adopts the Bridge mode for access, the IPSec tunnel information comprises the IP address of the UE and the IP address of the ePDG.
The PGW establishes an IP-CAN session with the PCRF after receiving the PMIP registration request from the ePDG.
And 405, the PGW returns a PMIP registration success message to the ePDG.
And 406, the PGW sends the user access information to the 3GPP AAA.
And the BBF AAA finds the BRAS/BNG serving the UE access network according to the IP address information (such as the IP address of the UE or the IP address of the RG/CPE) contained in the IPSec tunnel information and the configuration relation (the configuration relation indicates the BRAS/BNG serving the IP address field), establishes a session between the BBF AAA and the BRAS/BNG, and sends the user access information to the BRAS/BNG.
The process of BBF AAA providing the user access information to BPCF may refer to embodiment steps 305 to 306.
The BPCF discovers the PCRF for accessing the service to the user according to the user identification (such as IMSI or NAI) contained in the user access information, and establishes S9 with the PCRF*And (5) conversation. S9*Session establishment may be implemented by a gateway controlled session establishment procedure.
The IPSec tunnel establishment procedure can refer to steps 312 to 313 of embodiment one.
EXAMPLE III
The UE accesses through the fixed network WLAN, and the mobile operator regards the fixed network access as trusted access. UE and P-GW establish DSMIP tunnel, P-GW transfers user access information to 3GPP AAA, 3GPP AAA establishes session to BBF AAA, and BBF AAA informs user access. The message for notification carries user access information, and the message may also indicate that the UE has been authenticated in the mobile network. BBFAAA transfers the user access information by using the session established by the user in the fixed network authentication stage and BRAS/BNGTo BRAS/BNG. The BRAS/BNG further discovers the BPCF according to the IP address and the configuration relationship, and transfers the user access information to the BPCF. BPCF discovers PCRF according to user identification, and establishes with PCRF S9*And (5) conversation. The specific implementation flow is shown in fig. 5:
and 501, accessing the UE to the EPC network through the trusted BBF network. And 3 GPP-based EAP-AKA access authentication procedures are executed among the UE, the P-GW and the 3GPP AAA. In the authentication process, the UE needs to transfer the dual identity of the fixed network and the mobile network to the 3GPP AAA. Since the BBF network does not support EAP-AKA authentication, the authentication message of executing EAP-AKA between the UE and the EPC network is transmitted in the BBF network.
The UE requests allocation of an IP address to the BRAS/BNG. And the message for requesting carries the identity of the fixed network.
After receiving the user request, BRAS/BNG establishes session with BBF AAA and requests BBFAAA to perform access authentication for the user. The message for requesting comprises the fixed network identity and the IP address of the BRAS/BNG. After the BBF AAA successfully authenticates the user access, the mapping relation between the fixed network identity and the BRAS/BNG IP address is stored, and an IP address is allocated to the UE.
And 504, the BRAS/BNG returns a response of successful access authentication to the UE, and the response contains the IP address allocated to the UE.
505.UE starts IKEv2 authentication process, and authentication procedure is executed between P-GW and 3GPP AAA. And after the authentication is passed. An initial bootstrap (bootstrapping) procedure is executed between the UE and the P-GW, and the P-GW sends user access information to the 3GPP AAA. The user access information comprises a user identifier (the user identifier is a fixed network mobile network dual identity identifier), and also comprises tunnel information of CoA (namely an IP address allocated by BRAS/BNG for UE) and a P-GW IP address.
The 3GPP AAA maintains user access information received from the P-GW 506. The 3GPP AAA finds the BBF AAA according to the user access information (for example, the 3GPP AAA inquires the fixed network information according to the IP address in the tunnel information and the BBF fixed network configuration relationship allocated to the IP address field, and further obtains the IP address of the BBF AAA serving for the user to access the EPS network). And establishing a session between the 3GPP AAA and the BBF AAA, and sending the user access information to the BBF AAA to inform the BBF AAA of the UE access and indicate that the UE passes the authentication of the EPS network.
And 507, the BBF AAA searches a mapping relation according to the dual identity identifiers of the fixed network and the mobile network contained in the user access information received from the 3GPP AAA, and senses that the user has performed fixed network authentication.
And 508, the BBF AAA sends the user access information to the BRAS/BNG by utilizing the session established by the user in the fixed network authentication phase.
And the BRAS/BNG finds the BPCF serving the UE access network according to the CoA and the configuration relation (the BPCF serving the IP address field) contained in the tunnel information, establishes a session between the BRAS/BNG and the BPCF and sends the user access information to the BPCF.
The BPCF discovers the PCRF for the user access service according to the user identifier (i.e. the dual identity identifier of the fixed network and the mobile network) included in the user access information, and establishes S9 with the PCRF*And (5) conversation. S9*Session establishment may be implemented by a gateway controlled session establishment procedure.
And 511, the UE initiates a binding update message to the P-GW, wherein the message carries CoA and HoA and requests to carry out DSMIP registration.
And after receiving the DSMIP registration request from the UE, the PGW establishes an IP-CAN session with the PCRF.
The PGW initiates a PGW address update to the 3GPP AAA.
And 514, the PGW returns a binding confirmation message of successful DSMIP registration to the UE. And establishing a DSMIP tunnel between the UE and the P-GW.
515. When an IP-CAN session is established between the PGW and the PCRF, the PCRF issues a QoS control policy related to user access to the PGW, and the PCRF also needs to issue the QoS control policy to the BPCF through a gateway control and QoS provision program. The BPCF may implement admission control on BBF fixed network resources used by the UE when performing a service according to QoS information provided by the PCRF.
Example four
The UE access scenario of the fourth embodiment is the same as that of the third embodiment. The main difference is that the BBF AAA directly establishes a session with the BPCF, and sends user access information to the BPCF. The specific implementation flow is shown in fig. 6:
601. the method comprises the steps of executing an access authentication process between a user and a mobile network, distributing an IP address for UE, and acquiring user access information by 3GPP AAA; reference may be made to steps 501 to 505 of example three.
602.3GPP AAA finds BBF AAA according to IP address and configuration relation in user access information, establishes conversation with BBF AAA, and sends the user access information to BBF AAA to inform BBF AAA about UE access, and explains that UE has passed EPS network authentication.
603. The BBF AAA finds the BPCF for the user access service according to the IP address information and the configuration relation in the user access information, establishes a session between the BBF AAA and the BPCF, and sends the user access information to the BPCF.
BPCF discovers PCRF according to user access information, and establishes S9*And (5) conversation.
605, DSMIP tunnel establishment procedure, and policy update procedure, refer to steps 511 to 515 in the third embodiment.
In conjunction with the above embodiments, the operation idea of the fixed network aware of the user access according to the present invention can be shown as fig. 7. Referring to fig. 7, fig. 7 is a simplified diagram of a process of sensing user access by a fixed network according to an embodiment of the present invention, where the process includes the following steps:
step 710: based on the authentication process stage of the mobile network to the UE, the 3GPP AAA acquires the user access information and further transmits the user access information to the BBF AAA.
Step 720: the BBF AAA provides the user access information to the BPCF.
Step 730: the BPCF discovers the PCRF serving the user according to the received user access information and initiates S9 to the PCRF*And establishing the session. Of course, a particular session may also include S9*Other sessions besides.
In order to ensure that the above-mentioned operation idea and embodiments can be realized smoothly, an arrangement as shown in fig. 8 may be performed. Referring to fig. 8, fig. 8 is a system diagram of sensing user access by a fixed network according to an embodiment of the present invention, where the system includes an information initial obtaining unit, an information forwarding unit, and an information application unit that are connected to each other. Wherein, the information initial acquisition unit may be arranged in 3GPP AAA; the information transfer unit can be arranged in the BBF AAA; the information application unit may be provided in the BPCF.
When the method is applied specifically, based on the authentication process stage of the mobile network to the UE, the information initial acquisition unit can acquire the user access information and further transmit the user access information to the information transfer unit; next, the information transfer unit can provide the user access information to the information application unit; the information application unit can discover the PCRF serving the user according to the received user access information and initiate S9 to the PCRF*And establishing the session. Of course, a particular session may also include S9*Other sessions besides.
In addition, when the initial information obtaining unit obtains the user access information, the initial information obtaining unit is configured to:
if the UE accesses the EPS network through the non-trusted BBF network, triggering the ePDG to provide the user access information to the information initial acquisition unit after the user access authentication is successful;
and if the UE accesses the EPS network through the trusted BBF network, triggering the P-GW to provide the user access information for the information initial acquisition unit after the user access authentication is successful.
The user access information comprises user identification and tunnel information; the user identification is: IMSI or NAI;
when the UE accesses the EPS network through the non-trusted BBF network, if the UE accesses in a route mode, the tunnel information comprises a CPE/RG IP address and an ePDG IP address; if the UE accesses by adopting a bridge mode, the tunnel information comprises an IP address of the UE and an IP address of the ePDG;
and when the UE accesses the EPS network through the trusted BBF network, the tunnel information comprises the CoA and the P-GW address.
When the information initial acquisition unit transmits the user access information to the information transfer unit, the information initial acquisition unit is used for:
a transfer unit for discovering information according to CPE/RG IP address, UE IP address or CoA contained in the tunnel information in the user access information and the configuration relation; the information initial acquisition unit and the information transfer unit establish a session, and the user access information is transmitted to the information transfer unit.
When the information transfer unit provides the user access information to the information application unit, the information transfer unit is configured to:
providing the user access information to the information application unit through BRAS/BNG; or,
and directly providing the user access information to the information application unit.
When the information transfer unit provides the user access information to the information application unit through the BRAS/BNG, the information transfer unit is configured to:
the process of discovering BRAS/BNG and the process of establishing session with BRAS/BNG, and finally transferring the user access information to BRAS/BNG;
the method also comprises the process that the BRAS/BNG discovers the information application unit and establishes a session with the information application unit, thereby ensuring that the user access information can be transferred to the information application unit.
When the information transfer unit provides the user access information to the information application unit through the BRAS/BNG, the information transfer unit is specifically configured to:
if the UE accesses in a route mode or the user identifier is a mobile identity identifier, the information transfer unit finds the BRAS/BNG according to the IP address and the configuration relation contained in the tunnel information in the acquired user access information, establishes a session with the BRAS/BNG and sends the user access information to the BRAS/BNG; the BRAS/BNG discovers the information application unit according to the user IP address/CoA/CPE/RG IP address and the configuration relation contained in the tunnel information, establishes a session with the information application unit and sends the user access information to the information application unit;
if the UE is accessed in a bridge mode, the UE carries the mobile and fixed network unified identity or fixed network identity when requesting the BRAS/BNG to allocate an IP address for the UE; the BRAS/BNG and the information transfer unit establish a session, and send an authentication request aiming at the user to the information transfer unit, wherein the request carries the identity and the BRAS/BNG IP address; the information transfer unit stores the mapping relation between the identity and the BRAS/BNG IP address; after the authentication is successful, the BRAS/BNG allocates an IP address for the user; the information transfer unit acquires the user access information and matches the user access information according to a mobile fixed network uniform identity identifier or a mobile network and fixed network dual identity identifier contained in the user access information, an identity identifier in the information transfer unit and a mapping relation of a BRAS/BNG IP address; when the user is identified to be authenticated by the fixed network, the session established during the fixed network authentication is used for issuing the user access information to the BRAS/BNG; the BRAS/BNG discovers the information application unit according to the user access information and the configuration relation, and establishes a session with the information application unit; and the BRAS/BNG sends the user access information to the information application unit.
The information application unit finds the PCRF and is used for, when initiating session establishment to the PCRF:
the information application unit finds the PCRF serving for the user according to the user identification contained in the user access information, and then initiates S9 to the PCRF*And establishing the session.
In summary, the technology for sensing user access by the fixed network of the present invention enables the fixed network device to identify user access according to user access information, thereby supporting the implementation of admission control on the service developed by the user.
The above description is only exemplary of the present invention and should not be taken as limiting the scope of the present invention, and any modifications, equivalents, improvements, etc. that are within the spirit and principle of the present invention should be included in the present invention.
Claims (16)
1. A method for a fixed network to sense user access, the method comprising:
based on the authentication process stage of the mobile network to the user equipment UE, the third generation partner plan authentication authorization accounting 3GPP AAA obtains the user access information and further transmits to the broadband forum authentication authorization accounting BBF AAA;
the BBF AAA provides the user access information to a Broadband Policy Control Function (BPCF);
the BPCF finds a policy and charging rule function PCRF serving the user according to the received user access information, and initiates session establishment to the PCRF.
2. The method of claim 1, wherein the process of 3GPP AAA obtaining the user access information comprises:
if the UE accesses an EPS network through an untrusted BBF network, after the user access authentication is successful, an ePDG provides the user access information to the 3GPP AAA;
and if the UE accesses the EPS network through the trusted BBF network, after the user access authentication is successful, the packet data network gateway P-GW provides the user access information for the 3 GPPAAA.
3. The method of claim 2, wherein the user access information comprises a user identifier and tunnel information; the user identification is: international mobile subscriber identity IMSI or network access identity NAI;
when the UE accesses the EPS network through the non-trusted BBF network, if the UE accesses the EPS network in a route mode, the tunnel information comprises the IP address of CPE/home gateway RG of the user station equipment and the IP address of ePDG; if the UE accesses by adopting a bridge mode, the tunnel information comprises an IP address of the UE and an IP address of the ePDG;
when the UE accesses the EPS network through the trusted BBF network, the tunnel information comprises a care-of address CoA and a P-GW address;
the method for providing the user access information to the 3GPP AAA by the ePDG comprises the following steps:
the ePDG directly provides the user access information to the 3GPP AAA; or,
the ePDG provides the user access information to the 3GPP AAA through the P-GW.
4. The method of claim 1, wherein the 3GPP AAA procedure for passing the user access information to a BBF AAA comprises:
the 3GPP AAA finds a BBF AAA according to a CPE/RG IP address, a UE IP address or CoA contained in the tunnel information in the user access information and a configuration relation; and the 3GPP AAA and the BBF AAA establish a session and transfer the user access information to the BBF AAA.
5. The method according to any of claims 1 to 4, wherein the manner of providing the user access information to the BPCF by the BBF AAA comprises:
the BBF AAA provides the user access information to the BPCF through a broadband access server BRAS/broadband network gateway BNG; or,
the BBF AAA provides the user access information directly to the BPCF.
6. The method of claim 5, wherein the BBF AAA providing the user access information to the BPCF via the BRAS/BNG comprises:
the BBF AAA finds the BRAS/BNG process, and establishes the conversation with BRAS/BNG process, and finally transfers the user access information to BRAS/BNG;
the method also comprises the procedures that the BRAS/BNG discovers the BPCF and establishes a session with the BPCF, and the user access information can be guaranteed to be transferred to the BPCF.
7. The method of claim 6, wherein the specific procedure for the BBF AAA to provide the user access information to the BPCF through the BRAS/BNG comprises:
if UE accesses in a route mode or the user identifier is a mobile identity identifier, BBF AAA finds BRAS/BNG according to an IP address and a configuration relation contained in tunnel information in the user access information acquired from 3GPP AAA, establishes a session with the BRAS/BNG, and sends the user access information to the BRAS/BNG; the BRAS/BNG discovers the BPCF according to the user IP address/CoA/CPE/RG IP address and the configuration relation contained in the tunnel information, establishes a session with the BPCF and sends the user access information to the BPCF;
if the UE is accessed in a bridge mode, the UE carries the mobile and fixed network unified identity or fixed network identity when requesting the BRAS/BNG to allocate an IP address for the UE; the BRAS/BNG and the BBF AAA establish a session, and send an authentication and authorization request aiming at the user to the BBF AAA, wherein the request carries the identity and the BRAS/BNG IP address; the BBF AAA stores the mapping relation between the identity and the BRAS/BNG IP address; after the authentication is successful, the BRAS/BNG allocates an IP address for the user; the BBF AAA acquires the user access information from the 3GPP AAA, and matches according to the mobile fixed network uniform identity mark or the dual identity mark of the mobile network and the fixed network contained in the user access information, the identity mark in the BBF AAA and the mapping relation of the BRAS/BNG IP address; when the user is identified to be authenticated by the fixed network, the session established during the fixed network authentication is used for issuing the user access information to the BRAS/BNG; the BRAS/BNG discovers BPCF according to the user access information and the configuration relation, and establishes a session with the BPCF; and the BRAS/BNG sends the user access information to the BPCF.
8. The method of any of claims 1-4, wherein the BPCF discovering the PCRF and initiating session establishment towards the PCRF comprises:
the BPCF discovers the PCRF serving the user according to the user identification contained in the user access information, and further initiates S9 to the PCRF*And establishing the session.
9. A system for fixed network aware subscriber access, the system comprising: the system comprises an information initial acquisition unit, an information transfer unit and an information application unit; wherein,
the information initial acquisition unit is used for acquiring user access information and further transmitting the user access information to the information transfer unit based on the authentication process stage of the mobile network to the UE;
the information transfer unit is used for providing the user access information to the information application unit;
the information application unit is used for discovering the PCRF serving for the user according to the received user access information and initiating session establishment to the PCRF.
10. The system according to claim 9, wherein the initial information obtaining unit, when obtaining the user access information, is configured to:
if the UE accesses the EPS network through the non-trusted BBF network, triggering the ePDG to provide the user access information to the information initial acquisition unit after the user access authentication is successful;
and if the UE accesses the EPS network through the trusted BBF network, triggering the P-GW to provide the user access information for the information initial acquisition unit after the user access authentication is successful.
11. The system of claim 10, wherein the user access information comprises user identification, tunnel information; the user identification is: IMSI or NAI;
when the UE accesses the EPS network through the non-trusted BBF network, if the UE accesses in a route mode, the tunnel information comprises a CPE/RG IP address and an ePDG IP address; if the UE accesses by adopting a bridge mode, the tunnel information comprises an IP address of the UE and an IP address of the ePDG;
and when the UE accesses the EPS network through the trusted BBF network, the tunnel information comprises the CoA and the P-GW address.
12. The system according to claim 9, wherein when the information initial obtaining unit transfers the user access information to the information relaying unit, the information initial obtaining unit is configured to:
a transfer unit for discovering information according to CPE/RG IP address, UE IP address or CoA contained in the tunnel information in the user access information and the configuration relation; the information initial acquisition unit and the information transfer unit establish a session, and the user access information is transmitted to the information transfer unit.
13. The system according to any one of claims 9 to 12, wherein the information forwarding unit, when providing the user access information to the information application unit, is configured to:
providing the user access information to the information application unit through BRAS/BNG; or,
and directly providing the user access information to the information application unit.
14. The system according to claim 13, wherein said information relay unit, when providing said subscriber access information to said information application unit via BRAS/BNG, is configured to:
the process of discovering BRAS/BNG and the process of establishing session with BRAS/BNG, and finally transferring the user access information to BRAS/BNG;
the method also comprises the process that the BRAS/BNG discovers the information application unit and establishes a session with the information application unit, thereby ensuring that the user access information can be transferred to the information application unit.
15. The system according to claim 14, wherein when the information relay unit provides the subscriber access information to the information application unit via the BRAS/BNG, the information relay unit is specifically configured to:
if the UE accesses in a route mode or the user identifier is a mobile identity identifier, the information transfer unit finds the BRAS/BNG according to the IP address and the configuration relation contained in the tunnel information in the acquired user access information, establishes a session with the BRAS/BNG and sends the user access information to the BRAS/BNG; the BRAS/BNG discovers the information application unit according to the user IP address/CoA/CPE/RG IP address and the configuration relation contained in the tunnel information, establishes a session with the information application unit and sends the user access information to the information application unit;
if the UE is accessed in a bridge mode, the UE carries the mobile and fixed network unified identity or fixed network identity when requesting the BRAS/BNG to allocate an IP address for the UE; the BRAS/BNG and the information transfer unit establish a session, and send an authentication request aiming at the user to the information transfer unit, wherein the request carries the identity and the BRAS/BNG IP address; the information transfer unit stores the mapping relation between the identity and the BRAS/BNG IP address; after the authentication is successful, the BRAS/BNG allocates an IP address for the user; the information transfer unit acquires the user access information and matches the user access information according to a mobile fixed network uniform identity identifier or a mobile network and fixed network dual identity identifier contained in the user access information, an identity identifier in the information transfer unit and a mapping relation of a BRAS/BNG IP address; when the user is identified to be authenticated by the fixed network, the session established during the fixed network authentication is used for issuing the user access information to the BRAS/BNG; the BRAS/BNG discovers the information application unit according to the user access information and the configuration relation, and establishes a session with the information application unit; and the BRAS/BNG sends the user access information to the information application unit.
16. The system according to any of claims 9 to 12, wherein the information application unit discovers the PCRF and, when initiating session establishment towards the PCRF, is configured to:
the information application unit finds the PCRF serving for the user according to the user identification contained in the user access information, and then initiates S9 to the PCRF*And establishing the session.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201010514716.5A CN102457847B (en) | 2010-10-21 | 2010-10-21 | A kind of method and system of fixed network perception user access |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201010514716.5A CN102457847B (en) | 2010-10-21 | 2010-10-21 | A kind of method and system of fixed network perception user access |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN102457847A true CN102457847A (en) | 2012-05-16 |
| CN102457847B CN102457847B (en) | 2015-09-16 |
Family
ID=46040400
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201010514716.5A Active CN102457847B (en) | 2010-10-21 | 2010-10-21 | A kind of method and system of fixed network perception user access |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102457847B (en) |
Cited By (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103458390A (en) * | 2012-06-04 | 2013-12-18 | 电信科学技术研究院 | IP address transmitting method and device |
| CN103596272A (en) * | 2012-08-13 | 2014-02-19 | 电信科学技术研究院 | A method, an apparatus, and a system for allocating resource of a fixed broadband network |
| CN103974230A (en) * | 2013-02-05 | 2014-08-06 | 中兴通讯股份有限公司 | Positional information acquiring method and corresponding device |
| CN104113930A (en) * | 2013-04-16 | 2014-10-22 | 中兴通讯股份有限公司 | Method of realizing termination connection, and system of realizing termination connection |
| WO2015035795A1 (en) * | 2013-09-11 | 2015-03-19 | Tencent Technology (Shenzhen) Company Limited | Method, apparatus and system for network access |
| CN105471611A (en) * | 2014-09-05 | 2016-04-06 | 中兴通讯股份有限公司 | Processing method, device and system for providing user service |
| WO2016131297A1 (en) * | 2015-07-10 | 2016-08-25 | 中兴通讯股份有限公司 | Method and device for limiting non-permissive user equipment on access to home gateway |
| US9451464B2 (en) | 2013-09-11 | 2016-09-20 | Tencent Technology (Shenzhen) Company Limited | Method, apparatus and system for network access |
| WO2018192179A1 (en) * | 2017-04-19 | 2018-10-25 | 中兴通讯股份有限公司 | Ip address allocation method and device |
| CN109104435A (en) * | 2018-10-12 | 2018-12-28 | 中国科学院上海高等研究院 | A method of realizing that data sequentially transmit |
| WO2023124482A1 (en) * | 2021-12-28 | 2023-07-06 | 中国电信股份有限公司 | Service authentication method and apparatus, and device, system and medium |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101217810A (en) * | 2008-01-16 | 2008-07-09 | 中兴通讯股份有限公司 | A selecting method of strategy and charging rule functions |
| WO2010020637A1 (en) * | 2008-08-18 | 2010-02-25 | Telefonaktiebolaget L M Ericsson (Publ) | Handling of aggregate maximum bit rate by policy and charge control |
-
2010
- 2010-10-21 CN CN201010514716.5A patent/CN102457847B/en active Active
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101217810A (en) * | 2008-01-16 | 2008-07-09 | 中兴通讯股份有限公司 | A selecting method of strategy and charging rule functions |
| WO2010020637A1 (en) * | 2008-08-18 | 2010-02-25 | Telefonaktiebolaget L M Ericsson (Publ) | Handling of aggregate maximum bit rate by policy and charge control |
Non-Patent Citations (3)
| Title |
|---|
| 3GPP: "《3GPP TR23.839 V0.1.1》", 31 May 2010 * |
| MOTOROLA: "《TD S2-104849 3GPP TSG SA WG2 Meeting #81》", 15 October 2010 * |
| ZTE: "《TD S2-103412 3GPP TSG SA WG2 Meeting #80》", 3 September 2010 * |
Cited By (19)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103458390B (en) * | 2012-06-04 | 2016-12-14 | 电信科学技术研究院 | A kind of IP address transmission method and device |
| CN103458390A (en) * | 2012-06-04 | 2013-12-18 | 电信科学技术研究院 | IP address transmitting method and device |
| CN103596272A (en) * | 2012-08-13 | 2014-02-19 | 电信科学技术研究院 | A method, an apparatus, and a system for allocating resource of a fixed broadband network |
| WO2014026545A1 (en) * | 2012-08-13 | 2014-02-20 | 电信科学技术研究院 | Resource allocation method, apparatus, and system in fixed broadband network |
| US9750011B2 (en) | 2012-08-13 | 2017-08-29 | China Academy Of Telecommunications Technology | Resource allocation method, apparatus, and system in fixed broadband network |
| CN103974230A (en) * | 2013-02-05 | 2014-08-06 | 中兴通讯股份有限公司 | Positional information acquiring method and corresponding device |
| CN103974230B (en) * | 2013-02-05 | 2019-12-06 | 中兴通讯股份有限公司 | position information acquisition method and corresponding device |
| CN104113930A (en) * | 2013-04-16 | 2014-10-22 | 中兴通讯股份有限公司 | Method of realizing termination connection, and system of realizing termination connection |
| WO2014169781A1 (en) * | 2013-04-16 | 2014-10-23 | 中兴通讯股份有限公司 | Method and system for terminating connection by user |
| CN104113930B (en) * | 2013-04-16 | 2019-02-15 | 中兴通讯股份有限公司 | A kind of method and system for realizing user's termination connection |
| US9961553B2 (en) | 2013-09-11 | 2018-05-01 | Tencent Technology (Shenzhen) Company Limited | Method, apparatus and system for network access |
| US9451464B2 (en) | 2013-09-11 | 2016-09-20 | Tencent Technology (Shenzhen) Company Limited | Method, apparatus and system for network access |
| WO2015035795A1 (en) * | 2013-09-11 | 2015-03-19 | Tencent Technology (Shenzhen) Company Limited | Method, apparatus and system for network access |
| CN105471611A (en) * | 2014-09-05 | 2016-04-06 | 中兴通讯股份有限公司 | Processing method, device and system for providing user service |
| WO2016131297A1 (en) * | 2015-07-10 | 2016-08-25 | 中兴通讯股份有限公司 | Method and device for limiting non-permissive user equipment on access to home gateway |
| WO2018192179A1 (en) * | 2017-04-19 | 2018-10-25 | 中兴通讯股份有限公司 | Ip address allocation method and device |
| CN109104435A (en) * | 2018-10-12 | 2018-12-28 | 中国科学院上海高等研究院 | A method of realizing that data sequentially transmit |
| CN109104435B (en) * | 2018-10-12 | 2021-04-06 | 中国科学院上海高等研究院 | Method for realizing data in-sequence transmission |
| WO2023124482A1 (en) * | 2021-12-28 | 2023-07-06 | 中国电信股份有限公司 | Service authentication method and apparatus, and device, system and medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN102457847B (en) | 2015-09-16 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN102457847B (en) | A kind of method and system of fixed network perception user access | |
| US8849273B2 (en) | Method and system for reporting fixed network access information | |
| US9113436B2 (en) | Method and system for information transmission | |
| CN105393630B (en) | Establish method, gateway and the terminal of network connection | |
| JP5903728B2 (en) | Method and trusted gateway for WIFI terminal to access packet data PS service domain | |
| CN102457444B (en) | A kind of converging fixed network and the system and method for mobile network | |
| US9544832B2 (en) | Method, apparatus and system for policy control | |
| CN102695236B (en) | A kind of data routing method and system | |
| US20120113968A1 (en) | Multiple access method and system of terminal in evovled packet system | |
| WO2012003770A1 (en) | System, device and method for user equipment to access mobile network | |
| CN106470465B (en) | WIFI voice service initiating method, LTE communication equipment, terminal and communication system | |
| JP5972467B2 (en) | Method and system for notifying location information of access network | |
| CN103796281A (en) | Management method, device and system for packet-data network type | |
| CN102625305B (en) | Access the method and system of evolved packet system | |
| CN104113930B (en) | A kind of method and system for realizing user's termination connection | |
| EP2299748B1 (en) | Method and system for supporting mobility security in the next generation network | |
| CN102347892B (en) | A kind of method and system of acquiring user access information by network equipment | |
| CN103139914A (en) | Resource control method and system on local unloaded data | |
| WO2012171430A1 (en) | Method for obtaining tunnel information, a security gateway(segw) and an evolved home base station/ a home base station | |
| CN102378144B (en) | A kind of method and system setting up session, policy distribution | |
| CN102547884B (en) | A kind of method that between base station, switchable resource controls |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant |