WO2008092317A1 - Net connecting method - Google Patents

Net connecting method Download PDF

Info

Publication number
WO2008092317A1
WO2008092317A1 PCT/CN2007/002019 CN2007002019W WO2008092317A1 WO 2008092317 A1 WO2008092317 A1 WO 2008092317A1 CN 2007002019 W CN2007002019 W CN 2007002019W WO 2008092317 A1 WO2008092317 A1 WO 2008092317A1
Authority
WO
WIPO (PCT)
Prior art keywords
user equipment
mobile subscriber
subscriber identity
network
resource control
Prior art date
Application number
PCT/CN2007/002019
Other languages
French (fr)
Chinese (zh)
Inventor
Pu Kan
Guangqing Xi
Original Assignee
Zte Corporation
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Zte Corporation filed Critical Zte Corporation
Publication of WO2008092317A1 publication Critical patent/WO2008092317A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities

Definitions

  • the present invention relates to the field of communications, and in particular, to a network connection method.
  • a UE is authenticated by a Security Function module when a user equipment (User Equipment, UE for short) accesses the network.
  • the authentication is mainly performed on the legitimacy of the UE itself, and the authentication 5-tuple of the UE is obtained through the interaction between the core network and the Home Location Register (HLR), and the authentication 5-tuple is obtained.
  • the UE is judged by comparing with the information obtained from the UE.
  • HLR Home Location Register
  • HLR Home Location Register
  • HLR Home Location Register
  • operators have proposed a family base station (Hnodeb), which is a small family
  • Nodeb the coverage of the Nodeb is relatively small, and the bearer users are also small, but the property belongs to the user, and the operator can provide the tariff, bandwidth and other offers.
  • Nodeb in order to protect the owner's rights, we should limit access to only this individual user to access this Nodeb, other unprivileged users should be rejected.
  • authentication is mainly performed on the Core Network (CN).
  • CN Core Network
  • the CN cannot know the cell information of the UE.
  • RA Routing Area
  • LA Location Area
  • the network connection method includes the following steps: S202: The user equipment sends a radio resource control connection establishment request to the radio network controller, where the radio resource control connection establishment request carries the identifier information of the user equipment; S204, The wireless network controller performs the game right on the user equipment according to the identification information of the user equipment; and S206, in the case that the authentication is passed, the wireless network controller establishes a wireless resource control connection with the user equipment.
  • Another network connection method includes the following steps: S302, user equipment directions
  • the radio network controller sends a radio resource control connection establishment request;
  • S304 the radio network controller establishes a radio resource control connection with the user equipment in response to the request of the user equipment;
  • S306 the radio network controller acquires the user equipment from the user equipment Identifying information, and authenticating the user equipment according to the identification information of the user equipment; and
  • the method includes the following steps: S402: The user equipment sends a radio resource control connection establishment request to the radio network controller; S404, the radio network controller establishes and responds to the request of the user equipment. a wireless resource control connection between the user equipments; S406, the wireless network controller acquires the identification information of the user equipment from the core network, and authenticates the user equipment according to the identification information of the user equipment; and S408, if the authentication passes, the wireless The network controller maintains a radio resource control connection with the user equipment, otherwise releases the radio resource control connection with the user equipment.
  • S402 The user equipment sends a radio resource control connection establishment request to the radio network controller
  • S404 the radio network controller establishes and responds to the request of the user equipment. a wireless resource control connection between the user equipments
  • S406 the wireless network controller acquires the identification information of the user equipment from the core network, and authenticates the user equipment according to the identification information of the user equipment
  • S408 if the authentication passes, the wireless The network controller maintains a
  • FIG. 1 is a schematic flowchart of a radio resource control connection establishment process in an original protocol
  • FIG. 2 is a flow chart of a network connection method according to a first embodiment of the present invention
  • FIG. 3 is a schematic diagram of a network connection method according to a second embodiment of the present invention.
  • FIG. 4 is a flow chart of a network connection method according to a third embodiment of the present invention.
  • the basic idea of the present invention is to pass a radio network controller (Radio Network
  • the name of the RNC is the international mobile subscriber identity (UE) of the UE when the UE performs the Radio Resource Control (RRC) connection. Subscriber Identification Number, the cartridge is called IMSI) for authentication.
  • the RRC connection setup is shown in Figure 1 (see 3GPP 25.433).
  • the RRC setup request carries the identifier information of the UE.
  • the RNC also knows the cell information from which the UE is coming from. If the RRC setup request carries the IMSI identifier, the RNC may perform authentication according to the IMSI information, and if the UE has the right to access the cell, the RRC connection request may be accepted; otherwise, the RRC extinction message is sent.
  • the RRC connection request does not carry the IMSI identifier, it carries the Temporary Mobile Subscriber Identification Number (TMSI) or the packet temporary mobile subscriber "acket -Temporary Mobile Subscriber Identification Number".
  • TMSI Temporary Mobile Subscriber Identification Number
  • the cylinder is called p-TMSI
  • the RNC accepts the RRC connection request of the UE, and then simulates that the CN sends an identity clearing message to the UE to obtain the IMSI number of the UE, and then authenticates according to the IMSI.
  • the CN informs the IMSI number of the UE through the shared ID (common Id) as soon as possible. It is also possible to decide whether to accept the user after receiving the Common Id. Since the agreement does not specify strict strict Id The timing of the transmission, so this method has certain requirements for the CN.
  • the RNC also needs to listen to the subsequent TMSI/p-TMSI redistribution process to obtain the relationship between IMSI and TMSI/p-TSMI. In this way, when the UE accesses the RNC for the first time, it needs to use multiple times to identify the odd request, and the subsequent process is completely the same as the normal RRC access.
  • the 3GPP protocol if it is required to be compatible with R99 and R4, it is necessary to carry the frequency point information of another cell in the RRC connection rejection, and import the rejected UE into another cell; if it is not required to be compatible with R99, R4 Then, another ⁇ !, regional frequency point or cell number information can be directly carried in the RRC connection release, and imported into another cell.
  • the network connection method includes the following steps:
  • the UE initiates an R C connection request to the RNC.
  • the RNC obtains the IMSI according to the TMSI/p-TMSI, or directly determines the IMSI and the cell. The relationship between the authentication.
  • the RNC If the RNC can receive, the RNC sends an R C connection setup message to the UE, and the UE initiates an RRC connection setup complete message to the RNC. If not, the R C connection reject message is returned.
  • the UE does not carry the IMSI in the RRC request, and the RNC does not know the correspondence between the TMSI/p-TMSI and the RNC.
  • the network connection method includes the following steps:
  • the UE initiates an RRC connection request to the RNC, where the message carries the TMSI or the p-TMSI.
  • the RNC sends an RRC connection setup message to the UE in response to the request of the UE, and the UE sends an RRC connection setup complete message to the NC to complete the RRC connection.
  • the RNC simulates that the CN initiates an identification request to the UE to obtain an IMSI number of the UE. Specifically, the RNC initiates an identity request to the UE; the UE sends an identity response to the RNC, and the message carries its own IMSI number.
  • the RNC checks the obtained IMSI number and checks its legality. If it is not legal, the RRC connection is released. If the UE is compatible with R99 and R4, after the UE initiates the RRC connection again, it can be refused to be imported into the normal cell through the RRC connection. If only the UE supporting the R5 and above is required, the message can be directly released through the RRC connection. , the UE is imported into the normal cell.
  • FIG. 4 a third embodiment in accordance with the present invention is illustrated. In this embodiment, the UE does not carry the IMSI in the RRC request, and the R C does not know the correspondence between the TMSI/p-TMSI and the R C.
  • the network connection method includes the following steps:
  • the UE initiates an RRC connection request to the RNC.
  • the RNC sends an R C connection setup message to the UE in response to the request of the UE, and the UE sends an RRC connection setup complete message to the RNC to complete the RRC connection.
  • S406 The UE sends an initial direct transmission message to the CN, and after receiving the initial direct transmission message, the CN sends the IMSI number of the UE to the RNC through the Common Id.
  • the RNC checks the obtained IMSI number and checks its legality. If it is not legal, then Release the RRC connection. If the UE is compatible with R99 and R4, after the UE initiates the RRC connection again, it can refuse to import it to the normal cell through the RC connection. If only the UE supporting R5 and above is required, the message can be directly released through the RRC connection. , the UE is imported into the normal cell.
  • the premise of the third embodiment is that the CN should send the Common Id to the RNC as soon as possible after receiving the initial direct transmission message, at least in the routing area update (RAU) / location area update (Location Area). Update, referred to as LAU), and before the Radio Access Bearer (RAB) assignment.
  • RAU routing area update
  • LAU location area update
  • RAB Radio Access Bearer
  • the RNC first waits for the Common Id of the CN. If the Common Id has not been sent to the RNC for a certain period of time, the RC sends an identification request to the UE, requesting the UE to return the IMSI number.
  • the RNC can obtain the IMSI of the UE, and can determine whether the UE can be admitted to the designated cell according to the previously configured information.
  • An advantage of the present invention is that only the RNC needs to be modified without any impact on the UE and the core network.
  • the present invention is applicable to Wideband Code Division Multiple Access (WCDMA)/Time Division-Code Division Multiple Access (TD-CDMA) networks.
  • WCDMA Wideband Code Division Multiple Access
  • TD-CDMA Time Division-Code Division Multiple Access

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

A net connecting method, include steps: an user equipment sends a request for a Radio Resource Control connecting, which carries the identification information of the user equipment, to Radio Net Controller (S202); Radio Net Controller authenticates the user equipment depending on the identification information of the user equipment (S204); the radio net controller then establishes the Radio Resource Control connecting to the user equipment if it is authenticated (S206). Through this, the user equipment is limited to access the cell.

Description

网络连接方法 技术领域 本发明涉及通信领域, 更具体地涉及一种网络连接方法。 背景技术 通常, 在用户设备(User Equipment, 简称 UE )接入网络时, 通过安 全功能( Security Function )模块对 UE进行鉴权。 该鉴权主要是针对 UE本 身的合法性进行的, 主要通过核心网和归属位置寄存器 (Home Location Register, 简称 HLR )的交互, 获得 UE的鉴权 5元组, 并将该鉴权 5元组与 从 UE获得的信息进行比较, 来判断 UE的合法性。 目前, 运营商提出了家庭基站 ( Hnodeb ) 的 4既念, 即为家庭提供小型 TECHNICAL FIELD The present invention relates to the field of communications, and in particular, to a network connection method. A UE is authenticated by a Security Function module when a user equipment (User Equipment, UE for short) accesses the network. The authentication is mainly performed on the legitimacy of the UE itself, and the authentication 5-tuple of the UE is obtained through the interaction between the core network and the Home Location Register (HLR), and the authentication 5-tuple is obtained. The UE is judged by comparing with the information obtained from the UE. At present, operators have proposed a family base station (Hnodeb), which is a small family
Nodeb, 该 Nodeb的覆盖范围比较小, 承载用户也小, 但是产权属于用户, 运营商可以提供资费、 带宽等优惠。 对于这类 Nodeb, 为保护所有者的权利, 我们应该限定只允许个别用户接入此 Nodeb, 其它无权限用户应该被拒绝。 在目前的 3G架构中, 鉴权主要在核心网 ( Core Network, 简称 CN )进 行。 但是, 在目前的 3G框架下, CN无法获知 UE所在的小区信息。 当然, 如养为每个 Hnodeb单独配置路由区域( Routing Area , 简称 RA ) /位置区域 ( Location Area, 简称 LA ), 贝' J CN也是可以进行鉴权的, 但是 RA/LA的位 数有限, 在大规模部署 HNodeb的情况下, 该方案并不适用。 发明内容 鉴于以上的一个或多个问题, 本发明提供了一种新的网络连接方法。 根据本发明的一种网络连接方法, 包括以下步骤: S202, 用户设备向无 线网络控制器发送无线资源控制连接建立请求, 其中, 无线资源控制连接建 立请求中携带有用户设备的标识信息; S204, 无线网络控制器根据用户设备 的标识信息对用户设备进行赛权; 以及 S206, 在鉴权通过的情况下, 无线网 络控制器建立与用户设备之间的无线资源控制连接。 根据本发明的另一种网絡连接方法, 包括以下步骤: S302, 用户设备向 无线网络控制器发送无线资源控制连接建立请求; S304, 无线网络控制器响 应于用户设备的请求, 建立与用户设备之间的无线资源控制连接; S306, 无 线网络控制器向用户设备获取用户设备的标识信息, 并根据用户设备的标识 信息对用户设备进行鉴权; 以及 S308, 如果鉴权通过, 则无线网络控制器维 持与用户设备之间的无线资源控制连接, 否则释放与用户设备之间的无线资 源控制连接。 才艮据本发明的又一种网络连接方法, 包括以下步骤: S402, 用户设备向 无线网络控制器发送无线资源控制连接建立请求; S404, 无线网络控制器响 应于用户设备的莆求, 建立与用户设备之间的无线资源控制连接; S406, 无 线网络控制器向核心网获取用户设备的标识信息, 并根据用户设备的标识信 息对用户设备进行鉴权; 以及 S408, 如果鉴权通过, 则无线网络控制器维持 与用户设备之间的无线资源控制连接, 否则释放与用户设备之间的无线资源 控制连接。 通过本发明, 可以对 UE进入小区进行限制。 并且由于本发明对核心网 以及 UE没有要求, 所以 艮好地兼容了现有的协议。 附图说明 此处所说明的附图用来提供对本发明的进一步理解,构成本申请的一部 分, 本发明的示意性实施例及其说明用于解释本发明, 并不构成对本发明的 不当限定。 在附图中: 图 1是原始协议中无线资源控制连接建立过程的流程示意图; 图 2是根据本发明第一实施例的网络连接方法的流程示意图; 图 3是根据本发明第二实施例的网络连接方法的流程示意图; 以及 图 4是根据本发明第三实施例的网络连接方法的流程示意图。 具体实施方式 本发明的基本思路在于, 通过无线网絡控制器 ( Radio NetworkNodeb, the coverage of the Nodeb is relatively small, and the bearer users are also small, but the property belongs to the user, and the operator can provide the tariff, bandwidth and other offers. For this type of Nodeb, in order to protect the owner's rights, we should limit access to only this individual user to access this Nodeb, other unprivileged users should be rejected. In the current 3G architecture, authentication is mainly performed on the Core Network (CN). However, under the current 3G framework, the CN cannot know the cell information of the UE. Of course, if you configure a Routing Area (RA) / Location Area (LA) for each Hnodeb, you can authenticate it, but the number of RA/LA bits is limited. In the case of large-scale deployment of HNodeb, this solution does not apply. SUMMARY OF THE INVENTION In view of one or more of the above problems, the present invention provides a new method of network connection. The network connection method according to the present invention includes the following steps: S202: The user equipment sends a radio resource control connection establishment request to the radio network controller, where the radio resource control connection establishment request carries the identifier information of the user equipment; S204, The wireless network controller performs the game right on the user equipment according to the identification information of the user equipment; and S206, in the case that the authentication is passed, the wireless network controller establishes a wireless resource control connection with the user equipment. Another network connection method according to the present invention includes the following steps: S302, user equipment directions The radio network controller sends a radio resource control connection establishment request; S304, the radio network controller establishes a radio resource control connection with the user equipment in response to the request of the user equipment; S306, the radio network controller acquires the user equipment from the user equipment Identifying information, and authenticating the user equipment according to the identification information of the user equipment; and S308, if the authentication is passed, the radio network controller maintains a radio resource control connection with the user equipment, otherwise releasing the relationship with the user equipment Wireless resource control connection. According to still another network connection method of the present invention, the method includes the following steps: S402: The user equipment sends a radio resource control connection establishment request to the radio network controller; S404, the radio network controller establishes and responds to the request of the user equipment. a wireless resource control connection between the user equipments; S406, the wireless network controller acquires the identification information of the user equipment from the core network, and authenticates the user equipment according to the identification information of the user equipment; and S408, if the authentication passes, the wireless The network controller maintains a radio resource control connection with the user equipment, otherwise releases the radio resource control connection with the user equipment. With the present invention, it is possible to restrict the UE from entering the cell. And since the present invention does not require the core network and the UE, it is well compatible with existing protocols. BRIEF DESCRIPTION OF THE DRAWINGS The accompanying drawings, which are set to illustrate,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,, 1 is a schematic flowchart of a radio resource control connection establishment process in an original protocol; FIG. 2 is a flow chart of a network connection method according to a first embodiment of the present invention; FIG. 3 is a schematic diagram of a network connection method according to a second embodiment of the present invention; A schematic flowchart of a network connection method; and FIG. 4 is a flow chart of a network connection method according to a third embodiment of the present invention. DETAILED DESCRIPTION OF THE INVENTION The basic idea of the present invention is to pass a radio network controller (Radio Network
Controller, 筒称 RNC )在 UE进行无线资源控制 ( Radio Resource Control, 简称 RRC ) 连接时, 对 UE 的国际移动用户识别码 ( International Mobile Subscriber Identification Number, 筒称 IMSI )进行鉴权。在原始协议中, RRC 连接建立如图 1所示 (参见 3GPP 25.433 )。 其中, 在 RRC建立请求中, 携 带了 UE的标识信息。 RNC也知道 UE来自的小区信息。 如果 RRC建立请求携带了 IMSI标识, 则 RNC可以根据该 IMSI信息 进行鉴权, 如果该 UE具有接入该小区的权限, 则可以接受 RRC连接请求; 否则发出 RRC ^绝消息。 如果 RRC连接请求中没有携带 IMSI标识, 携带的是临时移动用户识 另 \|码 ( Temporary Mobile Subscriber Identification Number, 简称 TMSI )或者 是分组临时移动用户 "i只别码 ( acket -Temporary Mobile Subscriber Identification Number, 筒称 p-TMSI ), 则 RNC接受 UE的 RRC连接请求, 并在随后模拟 CN向 UE发送标识清求消息, 以获得 UE的 IMSI号码, 并在 随后根据 IMSI进行鉴权。 另一个选择是,在 CN收到初始直传消息后,尽快通过共用 ID( common Id )告知该 UE的 IMSI号码。 也可以在收到 Common Id之后决定是否接纳 此用户。 由于协议中并没有规定 common Id的严格发送时机, 所以该方法对 CN有一定的要求。 Controller, the name of the RNC is the international mobile subscriber identity (UE) of the UE when the UE performs the Radio Resource Control (RRC) connection. Subscriber Identification Number, the cartridge is called IMSI) for authentication. In the original protocol, the RRC connection setup is shown in Figure 1 (see 3GPP 25.433). The RRC setup request carries the identifier information of the UE. The RNC also knows the cell information from which the UE is coming from. If the RRC setup request carries the IMSI identifier, the RNC may perform authentication according to the IMSI information, and if the UE has the right to access the cell, the RRC connection request may be accepted; otherwise, the RRC extinction message is sent. If the RRC connection request does not carry the IMSI identifier, it carries the Temporary Mobile Subscriber Identification Number (TMSI) or the packet temporary mobile subscriber "acket -Temporary Mobile Subscriber Identification Number". The cylinder is called p-TMSI), then the RNC accepts the RRC connection request of the UE, and then simulates that the CN sends an identity clearing message to the UE to obtain the IMSI number of the UE, and then authenticates according to the IMSI. Another option is After receiving the initial direct transmission message, the CN informs the IMSI number of the UE through the shared ID (common Id) as soon as possible. It is also possible to decide whether to accept the user after receiving the Common Id. Since the agreement does not specify strict strict Id The timing of the transmission, so this method has certain requirements for the CN.
RNC还需要监听后续的 TMSI/p-TMSI 重分配过程, 以获得 IMSI 和 TMSI/p-TSMI之间的关系。 这样, UE最多只要第一次接入 RNC时, 需要多 #文一次标识奇求, 后续的流程完全和普通的 RRC接入相同。 在 3GPP协议中, 如果需要兼容 R99, R4的话, 则需要在 RRC连接拒 绝中携带另一小区的频点信息, 将其被拒绝的 UE导入到另一小区中; 如果 不需要兼容 R99, R4的话,则可以直接在 RRC连接释放中携带另一 < ·!、区频点 或者小区号信息, 将其导入到另外一个小区中。 下面参考附图, 详细说明本发明的具体实施方式。 参考图 2, 说明才艮据本发明的第一实施例。 在该实施例中, UE在 RRC 请求中携带了 IMSI或者 RNC已经知道 TMSI/p-TMSI和 IMSI之间的对应关 系。 如图 2所示, 该网络连接方法包括以下步骤: The RNC also needs to listen to the subsequent TMSI/p-TMSI redistribution process to obtain the relationship between IMSI and TMSI/p-TSMI. In this way, when the UE accesses the RNC for the first time, it needs to use multiple times to identify the odd request, and the subsequent process is completely the same as the normal RRC access. In the 3GPP protocol, if it is required to be compatible with R99 and R4, it is necessary to carry the frequency point information of another cell in the RRC connection rejection, and import the rejected UE into another cell; if it is not required to be compatible with R99, R4 Then, another <·!, regional frequency point or cell number information can be directly carried in the RRC connection release, and imported into another cell. Specific embodiments of the present invention will be described in detail below with reference to the accompanying drawings. Referring to Figure 2, a first embodiment of the present invention will be described. In this embodiment, the UE carries the IMSI or the RNC already knows the correspondence between TMSI/p-TMSI and IMSI in the RRC request. As shown in FIG. 2, the network connection method includes the following steps:
S202, UE向 RNC发起 R C连接清求。 S202. The UE initiates an R C connection request to the RNC.
S204, RNC根据 TMSI/p-TMSI得到 IMSI, 或者直接判断 IMSI和小区 之间的鉴权关系。 S204, the RNC obtains the IMSI according to the TMSI/p-TMSI, or directly determines the IMSI and the cell. The relationship between the authentication.
S206,如果可以接纳, RNC向 UE发送 R C连接建立消息, UE向 RNC 发起 RRC连接建立完成消息,如果不可以接纳,则返回 R C连接拒绝消息。 参考图 3 , 说明根据本发明的第二实施例。 在该实施例中, UE在 RRC 请求中未携带 IMSI, 且 RNC也不知道 TMSI/p-TMSI和 RNC的对应关系。 如图 3所示, 该网络连接方法包括以下步骤: S206. If the RNC can receive, the RNC sends an R C connection setup message to the UE, and the UE initiates an RRC connection setup complete message to the RNC. If not, the R C connection reject message is returned. Referring to Figure 3, a second embodiment in accordance with the present invention will be described. In this embodiment, the UE does not carry the IMSI in the RRC request, and the RNC does not know the correspondence between the TMSI/p-TMSI and the RNC. As shown in FIG. 3, the network connection method includes the following steps:
S302, UE 向 RNC 发起 RRC 连接请求, 消息中携带了 TMSI 或者 p-TMSI。 S302. The UE initiates an RRC connection request to the RNC, where the message carries the TMSI or the p-TMSI.
S304, RNC响应于 UE的请求, 向 UE发送 RRC连接建立消息, UE 向 NC发送 RRC连接建立完成消息, 完成 RRC连接。 S304. The RNC sends an RRC connection setup message to the UE in response to the request of the UE, and the UE sends an RRC connection setup complete message to the NC to complete the RRC connection.
S306, RNC模拟 CN向 UE发起标识请求, 以获得 UE的 IMSI号码。 具体地, RNC向 UE发起标识请求; UE向 RNC发送标识响应, 消息中携带 自己的 IMSI号码。 S306. The RNC simulates that the CN initiates an identification request to the UE to obtain an IMSI number of the UE. Specifically, the RNC initiates an identity request to the UE; the UE sends an identity response to the RNC, and the message carries its own IMSI number.
S308, RNC检查获得的 IMSI号码并且检查其合法性, 如果不合法, 则 释放 RRC连接。 如果需要兼容 R99 , R4的 UE , 则可以在 UE再次发起 RRC 连接后, 通过 RRC连接拒绝将其导入到普通小区; 如果只需要支持 R5及其 以上协议的 UE, 则可以直接通过 RRC连接释放消息, 将 UE导入到普通小 区。 参考图 4, 说明根据本发明的第三实施例。 在该实施例中, UE在 RRC 请求中未携带 IMSI, 且 R C也不知道 TMSI/p-TMSI和 R C的对应关系。 如图 4所示, 该网络连接方法包括以下步骤: S308. The RNC checks the obtained IMSI number and checks its legality. If it is not legal, the RRC connection is released. If the UE is compatible with R99 and R4, after the UE initiates the RRC connection again, it can be refused to be imported into the normal cell through the RRC connection. If only the UE supporting the R5 and above is required, the message can be directly released through the RRC connection. , the UE is imported into the normal cell. Referring to Figure 4, a third embodiment in accordance with the present invention is illustrated. In this embodiment, the UE does not carry the IMSI in the RRC request, and the R C does not know the correspondence between the TMSI/p-TMSI and the R C. As shown in FIG. 4, the network connection method includes the following steps:
S402, UE向 RNC发起 RRC连接请求。 S402. The UE initiates an RRC connection request to the RNC.
S404, RNC响应于 UE的请求, 向 UE发送 R C连接建立消息, UE 向 RNC发送 RRC连接建立完成消息, 完成 RRC连接。 S406, UE向 CN发送初始直传消息, CN在收到初始直传消息后, 通 过 Common Id向 RNC发送该 UE的 IMSI号码。 S404. The RNC sends an R C connection setup message to the UE in response to the request of the UE, and the UE sends an RRC connection setup complete message to the RNC to complete the RRC connection. S406: The UE sends an initial direct transmission message to the CN, and after receiving the initial direct transmission message, the CN sends the IMSI number of the UE to the RNC through the Common Id.
S408, RNC检查获得的 IMSI号码并且检查其合法性, 如果不合法, 则 释放 RRC连接。如果需要兼容 R99, R4的 UE, 则可以在 UE再次发起 RRC 连接后, 通过 R C连接拒绝将其导入到普通小区; 如果只需要支持 R5及其 以上协议的 UE , 则可以直接通过 RRC 连接释放消息, 将 UE导入到普通小 区。 第三实施例的前提在于, CN在收到初始直传消息后, 应该尽可能早地 向 RNC发送 Common Id, 至少应该在路由区更新 ( Route Area Update , 简称 RAU ) /位置区更新 ( Location Area Update, 简称 LAU ) 完成、 以及无线接 入承载(Radio Access Bearer, 简称 RAB )指派之前。 即, RNC首先等待 CN 的 Common Id, 如果到了一定时间 Common Id还没有下发给 RNC, 则 R C 向 UE发送标识请求, 要求 UE返回 IMSI号码。 综上所述, RNC可以获得 UE的 IMSI, 并可以根据事先配置的信息决 定 UE是否可以接纳到指定小区中。 本发明的优点在于, 只需要修改 RNC, 而对于 UE 以及核心网没有任何影响。 另外, 本发明对宽带码分多址 ( Wideband Code Division Multiple Access, 简称 WCDMA ) /时分码分多址 ( Time Division-Code Division Multiple Access , 简称 TD-CDMA ) 网络均可 适用。 以上所述仅为本发明的实施例而已, 并不用于限制本发明,对于本领 i或 的技术人员来说, 本发明可以有各种更改和变化。 凡在本发明的精神和原则 之内, 所作的任何修改、 等同替换、 改进等, 均应包含在本发明的权利要求 范围之内。 S408, the RNC checks the obtained IMSI number and checks its legality. If it is not legal, then Release the RRC connection. If the UE is compatible with R99 and R4, after the UE initiates the RRC connection again, it can refuse to import it to the normal cell through the RC connection. If only the UE supporting R5 and above is required, the message can be directly released through the RRC connection. , the UE is imported into the normal cell. The premise of the third embodiment is that the CN should send the Common Id to the RNC as soon as possible after receiving the initial direct transmission message, at least in the routing area update (RAU) / location area update (Location Area). Update, referred to as LAU), and before the Radio Access Bearer (RAB) assignment. That is, the RNC first waits for the Common Id of the CN. If the Common Id has not been sent to the RNC for a certain period of time, the RC sends an identification request to the UE, requesting the UE to return the IMSI number. In summary, the RNC can obtain the IMSI of the UE, and can determine whether the UE can be admitted to the designated cell according to the previously configured information. An advantage of the present invention is that only the RNC needs to be modified without any impact on the UE and the core network. In addition, the present invention is applicable to Wideband Code Division Multiple Access (WCDMA)/Time Division-Code Division Multiple Access (TD-CDMA) networks. The above is only the embodiment of the present invention, and is not intended to limit the present invention, and various modifications and changes can be made to the present invention. Any modifications, equivalents, improvements, etc., made within the spirit and scope of the invention are intended to be included within the scope of the appended claims.

Claims

权 利 要 求 书 Claim
1. 一种网絡连接方法, 其特征在于, 包括以下步骤: A network connection method, comprising the steps of:
S202 , 用户设备向无线网络控制器发送无线资源控制连接建立请 求, 其中, 所述无线资源控制连接建立请求中携带有所述用户设备的标 识信息;  S202, the user equipment sends a radio resource control connection establishment request to the radio network controller, where the radio resource control connection establishment request carries the identification information of the user equipment;
S204,所述无线网络控制器才艮据所述用户设备的标识信息对所述用 户设备进行鉴权; 以及  S204, the radio network controller authenticates the user equipment according to the identifier information of the user equipment;
S206, 在鉴权通过的情况下, 所述无线网络控制器建立与所述用户 设备之间的所述无线资源控制连接。  S206. The radio network controller establishes the radio resource control connection with the user equipment when the authentication is passed.
2. 根据权利要求 1所述的网络连接方法, 其特征在于, 所述用户设备的标 识信息是国际移动用户识别码、 临时移动用户识别码、 或分组临时移动 用户识别码。 The network connection method according to claim 1, wherein the identification information of the user equipment is an international mobile subscriber identity, a temporary mobile subscriber identity, or a packet temporary mobile subscriber identity.
3. 根据权利要求 2所述的网络连接方法, 其特征在于, 在所述用户设备的 标识信息是国际移动用户识别码的情况下, 所述无线网络控制器直接根 据所述用户设备的国际移动用户识别码对所述用户设备进行鉴权。 The network connection method according to claim 2, wherein, in the case that the identification information of the user equipment is an international mobile subscriber identity, the radio network controller is directly based on the international mobility of the user equipment The user identifier authenticates the user equipment.
4. 根据权利要求 2所述的网络连接方法, 其特征在于, 在所述用户设备的 标识信息是临时移动用户识别码或分组临时移动用户识别码的情况下, 所述无线网络控制设备根据其存储的所述用户设备的临时移动用户识别 码或分组临时移动用户识别码与所述用户设备的国际移动用户识别码之 间的对应关系, 获取所述用户设备的国际移动用户识别码, 并利用所述 用户设备的国际移动用户识别码对所述用户设备进行鉴权。 The network connection method according to claim 2, wherein, in a case where the identification information of the user equipment is a temporary mobile subscriber identity or a packet temporary mobile subscriber identity, the wireless network control device according to the Corresponding relationship between the stored temporary mobile subscriber identity of the user equipment or the packet temporary mobile subscriber identity and the international mobile subscriber identity of the user equipment, acquiring an international mobile subscriber identity of the subscriber equipment, and utilizing The user equipment of the user equipment authenticates the user equipment.
5. 根据权利要求 1至 4中任一项所述的网络连接方法, 其特征在于, 所述 方法适用于宽带码分复用多址接入网络、 以及时分码分多址接入网络。 The network connection method according to any one of claims 1 to 4, wherein the method is applicable to a wideband code division multiplexing multiple access network and a time division code division multiple access network.
6. 一种网络连接方法, 其特征在于, 包括以下步驟: A network connection method, comprising the steps of:
S302, 用户设备向无线网络控制器发送无线资源控制连接建立请 求;  S302. The user equipment sends a radio resource control connection establishment request to the radio network controller.
S304, 所述无线网络控制器响应于所述用户设备的请求, 建立与所 述用户设备之间的无线资源控制连接; S306 ,所述无线网络控制器向所述用户设备获取所述用户设备的标 识信息, 并 居所述用户设备的标识信息对所述用户设备进行鉴权; 以 及 S304. The radio network controller establishes a radio resource control connection with the user equipment in response to the request of the user equipment. S306, the radio network controller acquires the identifier information of the user equipment from the user equipment, and authenticates the user equipment by using the identifier information of the user equipment;
S308 , 如果鉴权通过, 则所述无线网络控制器维持与所述用户设备 之间的所述无线资源控制连接, 否则释放与所述用户设备之间的所述无 线资源控制连接。  S308. If the authentication passes, the radio network controller maintains the radio resource control connection with the user equipment, otherwise releases the radio resource control connection with the user equipment.
7. 根据权利要求 5所述的网络连接方法, 其特征在于 , 所述用户设备的标 识信息是国际移动用户识别码、 临时移动用户识别码、 或分组临时移动 用户识别码。 The network connection method according to claim 5, wherein the identification information of the user equipment is an international mobile subscriber identity, a temporary mobile subscriber identity, or a packet temporary mobile subscriber identity.
8. 根据权利要求 6或 7所述的网络连接方法, 其特征在于, 所述方法适用 于宽带码分复用多址接入网络、 以及时分码分多址接入网络。 The network connection method according to claim 6 or 7, wherein the method is applicable to a wideband code division multiplexing multiple access network and a time division code division multiple access network.
9. 一种网络连接方法, 其特征在于, 包括以下步骤: A network connection method, comprising the steps of:
S402 , 用户设备向无线网络控制器发送无线资源控制连接建立请 求;  S402. The user equipment sends a radio resource control connection establishment request to the radio network controller.
S404, 所述无线网络控制器响应于所述用户设备的请求, 建立与所 述用户设备之间的无线资源控制连接;  S404. The radio network controller establishes a radio resource control connection with the user equipment in response to the request of the user equipment.
S406 , 所述无线网络控制器向核心网获取所述用户设备的标识信 息, 并根据所述用户设备的标识信息对所述用户设备进行鉴权; 以及 S406, the radio network controller acquires the identifier information of the user equipment from the core network, and authenticates the user equipment according to the identifier information of the user equipment;
S408, 如果鉴权通过, 则所述无线网络控制器维持与所述用户设备 之间的所述无线资源控制连接, 否则释放与所述用户设备之间的所述无 线资源控制连接。 S408. If the authentication passes, the radio network controller maintains the radio resource control connection with the user equipment, otherwise releases the radio resource control connection with the user equipment.
10. 根据权利要求 9 所述的网络连接方法, 其特征在于, 在所述步骤 S406 中, 在所述无线网络控制器在特定时间内没有从所述核心网获取到所述 用户设备的标识信息的情况下 , 所述无线网络控制器向所述用户设备获 取所述用户设备的标识信息。 The network connection method according to claim 9, wherein in the step S406, the radio network controller does not obtain the identification information of the user equipment from the core network in a specific time. The wireless network controller acquires the identification information of the user equipment from the user equipment.
11. 居权利要求 9或 10所述的网络连接方法 , 其特征在于 , 所述用户设备 的标识信息是国际移动用户识别码、 临时移动用户识别码、 或分组临时 移动用户识别码。 根据权利要求 11所述的网络连接方法, 其特征在于, 所述方法适用于宽 带码分复用多址接入网络、 以及时分码分多址接入网络。 The network connection method according to claim 9 or 10, wherein the identification information of the user equipment is an international mobile subscriber identity, a temporary mobile subscriber identity, or a packet temporary mobile subscriber identity. The network connection method according to claim 11, wherein the method is applicable to a wideband code division multiplexing multiple access network and a time division code division multiple access network.
PCT/CN2007/002019 2007-01-24 2007-06-28 Net connecting method WO2008092317A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN200710073035.8 2007-01-24
CNB2007100730358A CN100488314C (en) 2007-01-24 2007-01-24 A method for restricting the access of the user terminal in the 3G network

Publications (1)

Publication Number Publication Date
WO2008092317A1 true WO2008092317A1 (en) 2008-08-07

Family

ID=38697986

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2007/002019 WO2008092317A1 (en) 2007-01-24 2007-06-28 Net connecting method

Country Status (2)

Country Link
CN (1) CN100488314C (en)
WO (1) WO2008092317A1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2022262611A1 (en) * 2021-06-15 2022-12-22 华为技术有限公司 Communication method and apparatus

Families Citing this family (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101141818B (en) * 2007-10-16 2011-08-10 华为技术有限公司 Network cell dwelling and converting method, device and subscriber terminal
CN101931975A (en) * 2010-09-17 2010-12-29 中国联合网络通信集团有限公司 System and method for preventing user terminal at current network from accessing into test carrier cell
CN102438292B (en) * 2010-09-29 2015-06-10 中兴通讯股份有限公司 Radio resource control method and system
WO2012055093A1 (en) * 2010-10-26 2012-05-03 华为技术有限公司 Calling processing method and device in mobile switching center pool
CN107251611B (en) 2015-03-13 2020-04-14 华为技术有限公司 Service processing method, related device and system

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1662090A (en) * 2004-02-23 2005-08-31 华为技术有限公司 Method for testing identification of intermational mobile device
WO2006071179A1 (en) * 2004-12-30 2006-07-06 Teliasonera Ab Method and system for service access control in shared networks
CN1853433A (en) * 2003-09-15 2006-10-25 高通股份有限公司 Systems and methods for home carrier determination using a centralized server

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP0929986A2 (en) * 1996-09-30 1999-07-21 Siemens Aktiengesellschaft Process for controlling access for a communication terminal
CN100397942C (en) * 2004-03-26 2008-06-25 华为技术有限公司 Method for switching in user attaching network server in universal right discriminating frame
JP4288199B2 (en) * 2004-03-31 2009-07-01 株式会社エヌ・ティ・ティ・ドコモ Mobile communication method, mobile station, and radio control apparatus
CN100550728C (en) * 2004-06-08 2009-10-14 华为技术有限公司 2G user inserts the method for IP-based IP multimedia subsystem, IMS
CN100499900C (en) * 2005-12-02 2009-06-10 华为技术有限公司 Method for authentication of access of wireless communication terminal

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1853433A (en) * 2003-09-15 2006-10-25 高通股份有限公司 Systems and methods for home carrier determination using a centralized server
CN1662090A (en) * 2004-02-23 2005-08-31 华为技术有限公司 Method for testing identification of intermational mobile device
WO2006071179A1 (en) * 2004-12-30 2006-07-06 Teliasonera Ab Method and system for service access control in shared networks

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2022262611A1 (en) * 2021-06-15 2022-12-22 华为技术有限公司 Communication method and apparatus

Also Published As

Publication number Publication date
CN101009944A (en) 2007-08-01
CN100488314C (en) 2009-05-13

Similar Documents

Publication Publication Date Title
DK2547134T3 (en) IMPROVED SUBSCRIPTION AUTHENTICATION FOR UNAUTHORIZED MOBILE ACCESS SIGNALS
KR100678151B1 (en) Method and system for servicing roaming in mobile communication system
JP6564022B2 (en) Effective user equipment identification information for heterogeneous networks
US8855606B2 (en) Integrated circuit for radio communication mobile station device and call connection method
WO2019017837A1 (en) Network security management method and apparatus
US8611859B2 (en) System and method for providing secure network access in fixed mobile converged telecommunications networks
WO2010095020A1 (en) Non-validated emergency calls for all-ip 3gpp ims networks
WO2013016968A1 (en) Access method,system and mobile intelligent access point
WO2008125062A1 (en) Method of admittance judgment and paging user in mobile communication system, system and device thereof
KR20080086127A (en) A method and apparatus of security and authentication for mobile telecommunication system
WO2008092317A1 (en) Net connecting method
JP4377328B2 (en) Personal information protection of mobile terminals by improving home location register
WO2012109823A1 (en) Congestion control method and system of machine type communication equipments
EP4135371A1 (en) User equipment (ue) and communication method for ue
WO2014075534A1 (en) Communication path switching method and device, and switching processing device and system
WO2019120696A1 (en) Techniques for establishing data communication based on user identification
WO2014056449A1 (en) Method, device, and system for management and verification of device-to-device communication
WO2017129101A1 (en) Routing control method, apparatus and system
WO2010091589A1 (en) Security authentication method
WO2010124569A1 (en) Method and system for user access control
CN101990207A (en) Access control method, home base station (HBS) and HBS authorization server
KR100590863B1 (en) Apparatus and method for processing a terminal authentication and a call in a private wireless high-speed data system
CN110226319A (en) Method and apparatus for the parameter exchange during promptly accessing
KR100602629B1 (en) A private wireless high-speed data system and a data service method using thereof
ES2822916T3 (en) Network access entity and method of establishing a roaming connection using a network access entity

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 07721590

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 07721590

Country of ref document: EP

Kind code of ref document: A1