CN1277383C - Refresh method for authorizing information in radio local area network - Google Patents

Refresh method for authorizing information in radio local area network Download PDF

Info

Publication number
CN1277383C
CN1277383C CN 200310102205 CN200310102205A CN1277383C CN 1277383 C CN1277383 C CN 1277383C CN 200310102205 CN200310102205 CN 200310102205 CN 200310102205 A CN200310102205 A CN 200310102205A CN 1277383 C CN1277383 C CN 1277383C
Authority
CN
China
Prior art keywords
authorization
authorization message
indication
information
refresh
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Lifetime
Application number
CN 200310102205
Other languages
Chinese (zh)
Other versions
CN1610318A (en
Inventor
张文林
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Huawei Technologies Co Ltd
Original Assignee
Huawei Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Huawei Technologies Co Ltd filed Critical Huawei Technologies Co Ltd
Priority to CN 200310102205 priority Critical patent/CN1277383C/en
Publication of CN1610318A publication Critical patent/CN1610318A/en
Application granted granted Critical
Publication of CN1277383C publication Critical patent/CN1277383C/en
Anticipated expiration legal-status Critical
Expired - Lifetime legal-status Critical Current

Links

Images

Landscapes

  • Mobile Radio Communication Systems (AREA)

Abstract

The present invention discloses a refreshing method for authorization information in a wireless local area network. The method comprises the following steps that certification authorization equipment judges whether the change indication of authorization information is received or not. If the information is not received, the authorization information is refreshed, else in the certification authorization equipment, the associated equipment relevant to the change of the authorization information is obtained by analyzing according to the change indication of the received authorization information. The refresh indication of the authorization information is respectively sent to all the associated equipment. The associated equipment receiving the indication refreshes the relevant authorization information stored in the associated equipment according to indication contents. The authorization information in all the relevant equipment which is referred when the authorization information is changed can be refreshed at any time to improve a dynamic refresh mechanism of the authorization information.

Description

The method for refreshing of authorization message in the WLAN (wireless local area network)
Technical field
The present invention relates to the information refresh technique, be meant the method for refreshing of authorization message in a kind of wireless lan (wlan) especially.
Background technology
Because the user is more and more higher to the requirement of wireless access rate, WLAN (wireless local area network) (WLAN, WirelessLocal Area Network) is arisen at the historic moment, and it can provide wireless data access at a high speed in more among a small circle.WLAN (wireless local area network) comprises multiple different technologies, a widely used technical standard is IEEE802.11b at present, it adopts the 2.4GHz frequency range, the maximum data transmission rate can reach 11Mbps, use the IEEE 802.11g and bluetooth (Bluetooth) technology in addition of this frequency range, wherein, 802.11g the maximum data transmission rate can reach 54Mbps.Other new technology such as IEEE 802.11a and ETSI BRAN Hiperlan2 use the 5GHz frequency range, and maximum transmission rate also can reach 54Mbps.
Although multiple different wireless access technology is arranged, most of WLAN is used for transmitting internet agreement (IP) packet data package.For a Wireless IP network, its concrete WLAN access technology that adopts generally is transparent for the IP on upper strata.Its basic structure all is to utilize access point (AP) to finish the wireless access of user terminal, connects to form the IP transmission network by network control and connection device.
Rise and development along with the WLAN technology, WLAN and various wireless mobile communication network, such as: the intercommunication of GSM, code division multiple access (CDMA) system, Wideband Code Division Multiple Access (WCDMA) (WCDMA) system, time division duplex-S-CDMA (TD-SCDMA) system, CDMA2000 system is just becoming the emphasis of current research.In third generation partner program (3GPP) standardization body, user terminal can link to each other with internet (Internet), Intranet (Intranet) by the access network of WLAN, can also be connected with the home network of 3GPP system or the accesses network of 3GPP system via the WLAN access network, specifically be exactly, when the WLAN user terminal inserts in this locality, link to each other with the home network of 3GPP via the WLAN access network, as shown in Figure 2; When roaming, link to each other with the accesses network of 3GPP via the WLAN access network, part entity in the 3GPP accesses network respectively with the 3GPP home network in corresponding entity interconnection, such as 3GPP authentication and authorization charging (AAA) agency in the 3GPP accesses network and 3GPP authentication and authorization charging (AAA) server in the 3GPP home network; WLAN (wireless local area network) in the 3GPP accesses network inserts packet data gateway (PDG, Packet DataGateway) in critical point (WAG) and the 3GPP home network or the like, as shown in Figure 1.Wherein, Fig. 1, Fig. 2 are respectively under the roaming condition and the networking structure schematic diagram of wlan system and the intercommunication of 3GPP system under the non-roaming situation.
Referring to Fig. 1, shown in Figure 2, in the 3GPP system, mainly comprise home signature user server (HSS)/attaching position register (HLR), 3GPP aaa server, 3GPP AAA agency, WAG, packet data gateway, charging critical point (CGw)/charging information collecting system (CCF) and Online Charging System (OCS).All entities of user terminal, WLAN access network and 3GPP system have constituted the 3GPP-WLAN Internet jointly, and this 3GPP-WLAN Internet can be used as a kind of LAN service system.Wherein, the 3GPP aaa server is responsible for authentication, mandate and the charging to the user, and the charging information collecting that the WLAN access network is sent here also sends charge system to; Packet data gateway is responsible for the transfer of data from the WLAN access network to 3GPP network or other packet networks with user data; Charge system mainly receives and writes down the customer charging information that network transmits, and comprises that also OCS transmits online cost information according to online charging user's expense situation indication network is periodic, and adds up and control.
Under non-roaming situation, when the WLAN user terminal wishes directly to insert Internet/Intranet, after user terminal was finished the access authentication mandate by WLAN Access Network and aaa server (AS), user terminal can be linked into Internet/Intranet by the WLAN Access Network.If the WLAN user terminal also wishes to insert 3GPP packet switching (PS) territory business, then can be further to the business of 3GPP home network application intercommunication scene 3 (Scenario3), that is: the WLAN user terminal is initiated the service authorization request of intercommunication scene 3 to the AS of 3GPP home network, the AS of 3GPP home network carries out service authentication and mandate to this service authorization request, if success, then AS sends access grant message to user terminal, and AS distributes corresponding PDG to user terminal, after setting up the tunnel between user terminal and the PDG that distributed, can insert 3GPPPS territory business.Simultaneously, CGw/CCF and OCS are according to the network operating position recording gauge charge information of user terminal.Under roaming condition, when the WLAN user terminal wished directly to insert Internet/Intranet, user terminal can be linked into Internet/Intranet to the application of 3GPP home network by the 3GPP accesses network.If user terminal also wishes to apply for intercommunication scene 3 business, be linked into 3GPP PS territory business, then user terminal need be initiated the service authorization process to the 3GPP home network by the 3GPP accesses network, this process is carried out between the AS of user terminal and 3GPP home network equally, after authorizing successfully, AS distributes corresponding ownership PDG to user terminal, after setting up the tunnel between the PDG of user terminal by WAG in the 3GPP accesses network and distribution, user terminal gets final product the 3GPP PS territory business of access belonging network.
For each WLAN user, all there is authorization message to this user, after user terminal inserts wlan network at every turn, all may cause this user's insertion authority information is changed because select the professional difference or variation or the variation of networking rule or the multiple factors such as variation of self CAMEL-Subscription-Information of account funds.Equally, for every business, service authorization information itself also can change because of a variety of causes generation is dynamic, such as: the mandate phase of a certain business finishes.
At present, to the situation that authorized user message recited above or business information change, when having only user signing contract information to change in HLR, HLR can send refreshing information to WLAN, changes the relevant information of storing among the WLAN.But there are following several point defects in the scheme of this HLR notice WLAN refreshing information:
1) this scheme has only considered that the static state of HLR CAMEL-Subscription-Information changes, and can not solve the dynamically processing of insertion authority variation in the service access process.
2) this scheme can not solve the processing to the dynamic change of service authorization information.
3) involved go-between and related access control equipment, such as: institute's canned datas such as VPLMN, WAG are not refreshed.
As seen, the problem that refreshes for authorization message among the WLAN, the authorization message here comprises user access authorization information, or claims access rules (ACCESS POLICY) and service authorization information, and prior art does not also propose perfect solution these problems are handled.
Summary of the invention
In view of this, main purpose of the present invention is to provide the method for refreshing of authorization message in a kind of WLAN (wireless local area network), authorization message in all relevant devices that relate in the time of changing to authorization message at any time refreshes, the perfect dynamic refresh mechanism of authorization message.
For achieving the above object, technical scheme of the present invention is achieved in that
The method for refreshing of authorization message in a kind of WLAN (wireless local area network), this method may further comprise the steps:
If A, Certificate Authority equipment are received authorization message and are changed indication, then execution in step B; If do not receive, then do not make the authorization message refresh process;
B, Certificate Authority equipment change indication according to the authorization message of being received, determine to change the associate device that relevant needs refresh authorization message with this authorization message; And send authorization message respectively to determined associate device and refresh indication, the associate device of receiving indication refreshes the associated authorization information of self storage by instruction content.
This method further comprises: associate device returns response message to Certificate Authority equipment after refreshing the associated authorization information of self storing.Then this method also further comprises: Certificate Authority equipment is finished subsequent operation according to the response message of being received.
After Certificate Authority equipment determines self to receive that authorization message changes indication, judge further whether self authorization message needs to refresh, and if desired, then refreshes self authorization message earlier, sends authorization message respectively to determined associate device again and refreshes indication; Otherwise, directly send authorization message respectively and refresh indication to determined associate device.
In the such scheme, the authorization message that described Certificate Authority equipment receives changes indication from home signature user server/attaching position register, user's dynamic service request, the service authorization change request of charge system.Described associate device is WAG, PDG, AC, DHCP.
In the such scheme, described Certificate Authority equipment is aaa server, and in the 3G system, described aaa server can be the 3GPP aaa server.Described authorization message is user access authorization information, service authorization information, charging authorization message, user signing contract information.
The method for refreshing of authorization message in the WLAN (wireless local area network) provided by the present invention, by Certificate Authority equipment the current information of receiving is analyzed, judge whether the variation of authorization message, once just finding that further analysis obtains this authorization message and changes involved associate device, notify each associate device to refresh separately associated authorization and control information then, or change relevant control strategy the user.So, can be provided at various factors in the dynamic process and cause under the situation that authorization message changes, the refresh scheme to relevant associate device carries out the access control mandate solves the problem of associate device dynamic refresh, and then improves the flush mechanism of authorization message.
Description of drawings
Fig. 1 is the schematic network structure of wlan system and the intercommunication of 3GPP system under the roaming condition;
Fig. 2 is the schematic network structure of wlan system and the intercommunication of 3GPP system under the non-roaming situation;
Fig. 3 is the realization flow figure of the inventive method;
The basic example processing procedure schematic diagram that Fig. 4 refreshes for the WLAN authorized user message;
Fig. 5 is the process chart of the inventive method one embodiment;
Fig. 6 is the process chart of another embodiment of the inventive method.
Embodiment
Basic thought of the present invention is: if Certificate Authority equipment receives the indication that authorization message changes, just analyzing according to the indication of receiving is which kind of authorization message changes, and the involved relevant associate device of this information change, then, to refresh indication and send to relevant associate device respectively, receive that the equipment that refreshes indication handles accordingly.
Fig. 3 is a process chart of the present invention, and as shown in Figure 3, the method for refreshing of authorization message may further comprise the steps among the present invention:
Step 301: Certificate Authority equipment judges self whether to receive that authorization message changes indication, if do not receive, then do not make the authorization message refresh process, continue to judge; Otherwise, enter step 302;
Step 302: Certificate Authority equipment changes indication according to the authorization message received, analyzes to draw the associate device relevant with information change and to the indication that refreshes that should associate device; Here, described analysis is meant that Certificate Authority equipment compares the authorization message received, indication changes and the CAMEL-Subscription-Information of self record, such as: the activation marker of judging the pairing CAMEL-Subscription-Information of authorization message that indication changes, if activated the mandate on certain equipment, then need not refresh, if the un-activation mandate then needs to refresh, so, the pairing equipment of this authorization message that need refresh is associate device.So, can draw all relevant associate devices.
Step 303~304: if Certificate Authority equipment self relevant information need refresh, then at first refresh self information, then, Certificate Authority equipment sends authorization message respectively to all associate devices again and refreshes indication, the associate device of receiving indication refreshes the associated authorization information of self storing by instruction content, enforcement associated authorization rule, such as: the access strategy to the user is made amendment; DHCP distributes new local ip address or the like to the user.
After the step 304, associate device can return response message to Certificate Authority equipment, this response message contains result and the relevant information that associate device is operated successfully and failed, according to response message, if Certificate Authority equipment self relevant information need refresh, can refresh himself relevant information once more.Certainly, associate device also can not return response.
Wherein, Certificate Authority equipment can be aaa server, in 3G network, can be the 3GPP aaa server; Described associate device can be equipment such as WAG, PDG, AC, DHCP.Here, change can be from HSS/HLR, user's dynamic service request, service authorization change request of charge system or the like for the authorization message that receives of Certificate Authority equipment.Authorization message can be user access authorization information, service authorization information, charging authorization message, user signing contract information etc.
After above-mentioned flow process was finished, if associate device has returned response, then Certificate Authority equipment such as 3GPP aaa server can carry out follow-up operation and processing according to the response condition of returning.The two kinds of situations that are divided into are handled in described subsequent operation: a kind of is if all associate devices all complete successfully processing according to the indication of 3GPP aaa server, then directly to finish.Second kind is, if some associate device can't be finished processing according to the indication of 3GPP aaa server, then further carries out refresh process, such as: initiate removing or break in service and require the user to insert again, finish refreshing of associated authorization information to ensure network.
The basic example handling process that Fig. 4 refreshes for the WLAN authorized user message, in the present embodiment, Certificate Authority equipment is the 3GPP aaa server; Associate device is WAG; The authorization message that receives is changed to insertion authority information and changes, from HLR.Present embodiment is based on networking structure shown in Figure 1, and the AAA agency as intermediate equipment, is transmitted relevant information.
When certain WLAN user terminal inserts the 3GPP-WLAN intercommunication network by the WLAN request, initiate access authentication procedure by WLAN user terminal or network, network side carries out access authentication to this WLAN user terminal.Be exactly in the access authentication licensing process, to finish the enforcement of user terminal insertion authority by the access authentication granted unit of network side by the access control unit, shown in step 401 specifically.Here, the access control unit can be the AC in the WLAN Access Network, or the access critical point WAG of Operation Network, or both combinations; The core processing unit of access authentication granted unit can be the 3GPP aaa server.
So, referring to Fig. 4, the method for refreshing of authorization message is such in the present embodiment:
After step 402:WLAN user terminal successfully inserts wlan network, if the 3GPP aaa server is received the indication of user access authorization information change, just analyze the associate device that relates to according to the indication information of being received, execution in step 403 then.
Step 403~406:3GPP aaa server sends to WAG with insertion authority information refresh requests via the AAA of accesses network agency, carries the content that will refresh, promptly new access rules in this insertion authority information refresh requests; After WAG receives, the relevant information of self storing is refreshed, and then send insertion authority information refresh response to the 3GPP aaa server, carry the information of Flushing success or failure in this response, that is: refresh the information of performance through the AAA agency.
In the present embodiment, if WAG is by AAA agency control, then the AAA agency is the associate device of 3GPP aaa server, the 3GPP aaa server directly notifies the AAA agency to refresh, after the AAA agency received, discovery need refresh WAG, then further notifies WAG to refresh, after WAG handles result is reported the AAA agency, the AAA agency further offers the result 3GPP aaa server.If do not need AAA agency control WAG, and only transmit the data of AAA to WAG through the agency, then WAG is the associate device of 3GPP aaa server, and the 3GPP aaa server carries out with WAG by the AAA agency alternately.
Shown in step 502~506 of Fig. 5, inserting as the user in the process of a certain business, service authorization information changes, and then the 3GPP aaa server directly notifies PDG to carry out refreshing of service authorization information.If because the change of this service authorization information causes WAG insertion authority information also to change, then the 3GPPAAA server also needs to notify WAG to carry out refreshing of insertion authority information, these two are refreshed and can carry out simultaneously, also can carry out with any suitable order.
Insert in the process of new business the same problem that refreshes authorization message that exists in user terminal requests.Shown in step 601~610 of Fig. 6, the WLAN user terminal passes through the access authentication with wlan network, after success inserts WLAN, if this user's dynamic requests is to the access of certain business, after the professional request of setting up arrives the 3GPP aaa server through the service resolution unit, the 3GPP aaa server is analyzed, and discovery can authorize certain purpose PDG equipment to carry out; Simultaneously, it is open that the 3GPP aaa server finds that also WAG needs the mandate that inserts route to this requested service, therefore, notify WAG open this route, after obtaining the open response of WAG route, authorize purpose PDG equipment to insert again, and the WLAN user terminal mandate of initiating to ask through service resolution unit notice allow.In this process, the business authentication authorization requests that the service resolution unit sends to the 3GPP aaa server just is equivalent to the indication that authorization message changes, this request can cause that the 3GPP aaa server sends authorization message to associate device WAG and refreshes indication, and the open route notice here just is equivalent to authorization message and refreshes indication.
Distribute the IP address that belongs to certain mandate colony if find this service needed DHCP, and current IP address does not belong to this scope, then needs to notify DHCP to refresh and redistributes its IP address.If AAA agency then needs to notify the AAA agency to refresh to the request of 3GPP aaa server and stored relevant information.
Method of the present invention can realize the processing to the authorization message of dynamic change fully, give an example: when charging and service control system find that certain account reaches certain limit value, need the access of the user of restriction this account correspondence to certain business, behind charging and the service control system notice 3GPP aaa server, the 3GPP aaa server is analyzed, find that current business information issued PDG, and in commission or pending, so, just will refresh indication and send to the relevant outdated information of PDG requirement removing; Simultaneously, the 3GPP aaa server finds that also WAG has the mandate that inserts route open to this business, then notifies WAG to close corresponding route; Distribute the IP address that belongs to certain mandate colony if find this service needed DHCP, then need to notify DHCP to refresh and redistribute its IP address.
Give an example again: when user signing contract information changes, need to change user's charging way, then behind the user signing contract information unit notice 3GPP aaa server, the 3GPP aaa server is analyzed, and finds that current service charging information issued PDG, WAG, AAA agency, and is in the execution or pending, just need refresh relevant information, so, just will refresh indication and send to these equipment requirements outdated information of will being correlated with and remove, and refresh and be up-to-date information.If the charge system of relating to such as OCS, then needs to notify OCS refreshing information.Distribute the IP address that belongs to certain mandate colony if find this service needed DHCP, then need to notify DHCP to refresh and redistribute its IP address.
Among above-mentioned various embodiment or the embodiment, if the 3GPP aaa server is found some associate device and can't be executed instruction, or relevant refreshing can't be finished under stage of current access or state, then can at first force the user to change access state, roll off the production line such as directly initiating force users, remove the information of all associate devices, relevant information was redistributed and is refreshed when the user landed again.
The above is preferred embodiment of the present invention only, is not to be used for limiting protection scope of the present invention.

Claims (9)

1, the method for refreshing of authorization message in a kind of WLAN (wireless local area network) is characterized in that this method may further comprise the steps:
If A, Certificate Authority equipment are received authorization message and are changed indication, then execution in step B; If do not receive, then do not make the authorization message refresh process;
B, Certificate Authority equipment change indication according to the authorization message of being received, determine to change the associate device that relevant needs refresh authorization message with this authorization message; And send authorization message respectively to determined associate device and refresh indication, the associate device of receiving indication refreshes the associated authorization information of self storage by instruction content.
2, method according to claim 1 is characterized in that, this method further comprises: associate device returns response message to Certificate Authority equipment after refreshing the associated authorization information of self storing.
3, method according to claim 2 is characterized in that, this method further comprises: Certificate Authority equipment is finished subsequent operation according to the response message of being received.
4, method according to claim 1, it is characterized in that the authorization message that described Certificate Authority equipment receives changes indication from home signature user server/attaching position register, user's dynamic service request, the service authorization change request of charge system.
5, method according to claim 1, it is characterized in that, after Certificate Authority equipment determines self to receive that authorization message changes indication, further judge whether self authorization message needs to refresh, if desired, then refresh self authorization message earlier, send authorization message respectively to determined associate device again and refresh indication; Otherwise, directly send authorization message respectively and refresh indication to determined associate device.
According to each described method of claim 1 to 5, it is characterized in that 6, described Certificate Authority equipment is authentication and authorization charging server.
7, method according to claim 6 is characterized in that, described authentication and authorization charging server is the 3GPP authentication and authorization charging server.
8, method according to claim 1 is characterized in that, described associate device is that WLAN (wireless local area network) inserts critical point, packet data gateway, access controller, DHCP equipment.
9, method according to claim 1 is characterized in that, described authorization message is user access authorization information, service authorization information, charging authorization message, user signing contract information.
CN 200310102205 2003-10-24 2003-10-24 Refresh method for authorizing information in radio local area network Expired - Lifetime CN1277383C (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN 200310102205 CN1277383C (en) 2003-10-24 2003-10-24 Refresh method for authorizing information in radio local area network

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN 200310102205 CN1277383C (en) 2003-10-24 2003-10-24 Refresh method for authorizing information in radio local area network

Publications (2)

Publication Number Publication Date
CN1610318A CN1610318A (en) 2005-04-27
CN1277383C true CN1277383C (en) 2006-09-27

Family

ID=34756322

Family Applications (1)

Application Number Title Priority Date Filing Date
CN 200310102205 Expired - Lifetime CN1277383C (en) 2003-10-24 2003-10-24 Refresh method for authorizing information in radio local area network

Country Status (1)

Country Link
CN (1) CN1277383C (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2018098713A1 (en) * 2016-11-30 2018-06-07 华为技术有限公司 Method and device for acquiring authorization file

Also Published As

Publication number Publication date
CN1610318A (en) 2005-04-27

Similar Documents

Publication Publication Date Title
CN1266891C (en) Method for user cut-in authorization in wireless local net
CN1283072C (en) Method for processing user terminal network selection information in WLAN
CN1279722C (en) Method for rapid accessing attached networks of user terminal in wireless LAN
CN1277393C (en) Method of selecting gateway of data packets by users in wireless local area network
US7493084B2 (en) Method for grouping 802.11 stations into authorized service sets to differentiate network access and services
CN1293728C (en) Rapid interactive method for selection of accessing mobile network by user terminal in WLAN
CN1276620C (en) Method for providing location based service for WLAN user
US20060187892A1 (en) Interactive method for determining network selection information for a user terminal in a wireless local area network
CN100433742C (en) Radio local network connecting gateway strategy loading method in radio local network
CN1271822C (en) Method of interactive processing of user terminal network selection information in WLAN
CN1293729C (en) Method for preventing wireless LAN from frequently selective interacting of network
CN1264309C (en) A method for transmitting service data to WLAN user
CN1277368C (en) Interactive method for reselecting operation network for radio local net user terminal
CN101304610A (en) Method, system and microminiature gateway for communication between microminiature honeycomb network and macro network
CN1642076A (en) Method for obtaiing user identification by packet data gate for wireless LAN
CN1277383C (en) Refresh method for authorizing information in radio local area network
CN100508506C (en) Radio local network connecting gateway strategy renewing new method in radio local network
CN100337444C (en) A method for redirecting packet data gateway in wireless LAN
CN1248461C (en) Method for handling information of signing contract to user in wireless local network
CN100341341C (en) Method for user terminal to obtain group data gate address in wireless local network
CN100370774C (en) Service log-on method based on IP access
CN1617522A (en) Method for sending a ata of user mark after renewing
CN100387010C (en) Method for obtaining packet data gate information by user terminal for wireless LAN
CN1588955A (en) Method for realizing moving node directly interview each other in same extending network domain
CN1297156C (en) Position business system and communication method based on same

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant
CX01 Expiry of patent term

Granted publication date: 20060927

CX01 Expiry of patent term