WO2011015091A1 - Method, device, system and authentication authorization accounting (aaa) server for home node base station accessing - Google Patents

Method, device, system and authentication authorization accounting (aaa) server for home node base station accessing Download PDF

Info

Publication number
WO2011015091A1
WO2011015091A1 PCT/CN2010/074088 CN2010074088W WO2011015091A1 WO 2011015091 A1 WO2011015091 A1 WO 2011015091A1 CN 2010074088 W CN2010074088 W CN 2010074088W WO 2011015091 A1 WO2011015091 A1 WO 2011015091A1
Authority
WO
WIPO (PCT)
Prior art keywords
base station
home base
server
identifier
access
Prior art date
Application number
PCT/CN2010/074088
Other languages
French (fr)
Chinese (zh)
Inventor
骆文
楚俊生
Original Assignee
中兴通讯股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 中兴通讯股份有限公司 filed Critical 中兴通讯股份有限公司
Publication of WO2011015091A1 publication Critical patent/WO2011015091A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W48/00Access restriction; Network selection; Access point selection
    • H04W48/08Access restriction or access information delivery, e.g. discovery data delivery
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/08Configuration management of networks or network elements
    • H04L41/085Retrieval of network configuration; Tracking network configuration history
    • H04L41/0853Retrieval of network configuration; Tracking network configuration history by actively collecting configuration information or by backing up configuration information
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0892Network architectures or network communication protocols for network security for authentication of entities by using authentication-authorization-accounting [AAA] servers or protocols

Definitions

  • the present invention relates to the field of communications, and in particular to a method, device, system and AAA for authentication of a home base station (Authentication Authorization) Accounting, authentication ⁇ ⁇ authorized charging) server.
  • a home base station Authentication Authorization
  • AAA authentication ⁇ ⁇ authorized charging
  • home base stations are usually installed in homes, office areas, and the like.
  • the home base station is a small, low-power base station with advantages such as affordability, convenience, and low power output.
  • 1 is a schematic diagram of a communication network for a home base station. As shown in FIG. 1, the home base station can access the core network through the access gateway.
  • a security gateway exists between the home base station and the access gateway (Femto Gateway, referred to as Fe-GW).
  • the security gateway can be set up with the access gateway or with the access gateway.
  • the main function of the security gateway is to ensure link security between the home base station and the network elements such as the access gateway and the user data server.
  • the main functions of the access gateway include: verifying the security of the home base station, handling the registration of the home base station, performing operation and maintenance management on the home base station, configuring and controlling the home base station according to the operator's requirements, and between the core network and the home base station. Data exchange.
  • the AAA server is an important facility in the communication network. It is used to implement network operator control and management of data and users.
  • the home base station provides authentication and authorization and account services, usually with network access control, gateway server, database and user information. Directory and other work together.
  • the working and operating parameters of the home base station are dynamically configured by the network.
  • it is configured by a Self Organizing Network Server (SON Server).
  • the SON server is used to discover/extract a series of operation and maintenance parameters of the home base station (for example, the wireless environment around the home base station) without manual intervention, thereby providing initial configuration parameters (including wireless air interface parameters, etc.) for the home base station. Supports bootstrapping initialization of home base stations.
  • the SON server belongs to the access network operator and only provides services to the access network to which it belongs.
  • the network containing the home base station also includes a Femto Management System (not shown), which is connected to the home base station via the security gateway.
  • the home base station management system is responsible for the operation and maintenance management of the home base station to which it belongs, and is also responsible for saving a part of the home base station subscription information. Different from the ordinary macro cell base station, which is purchased and deployed by the access network operator, the home base station is purchased and placed by the user, and the user must sign the home base station with at least one home base station operator, where the home base station is subscribed. After connecting and registering to a suitable access network, the user can use the services provided by the home base station.
  • the home base station uses the IP broadband network as its backhaul connection to first access the registered home base station operator (Femto Network Service Provider, referred to as Femto-NSP), and accepts the operation of the home base station.
  • Femto-NSP Femto Network Service Provider
  • the home base station operator provides the home base station with a set of candidate access networks in the form of providing the home base station with a SON server in the candidate access network
  • the home base station finds permission
  • the SON server in the registered access network is connected, and the initial bootstrapping is completed by using the initial configuration parameters provided by the SON server, and finally the connection is registered to the access network.
  • the candidate access network allows the home base station to connect to the registration, an important basis is whether the home base station is within the 4 authorized operation Geography /® area of the operator to which the access network belongs. In other words, when the home base station is located in a specific geographic/urban area, some candidate access networks allow their connection registration, while some access networks do not allow their connection registration.
  • the SON server in the candidate access network decides whether to allow the home base station connection to register to the candidate access network.
  • the SON server provides initialization parameters only if allowed.
  • the access network operator provides the home base station operator with which the contract is associated with the SON server address in the access network, and the home base station operator configures the SON server address in the DHCP of the home base station operator domain. And / or DNS server.
  • the home base station obtains the SON server address in the candidate access network by querying the DHCP and/or DNS server in the home base station operator domain.
  • the DHCP and/or DNS server returns all the SON server addresses of the access network that have a contractual relationship with the home base station operator to the home base station in a list form, so that the home base station needs to connect to the above list one by one when accessing.
  • An object of the present invention is to provide a method, an apparatus, a system, and an AAA server for a home base station, which can solve the technical problem that the time delay of the home base station entering the network is too long and affects the user experience in the related art.
  • an access method for a home base station including: acquiring, by a network side, location information of a home base station; and providing, to the home base station, an identifier of the ad hoc network server of the mobile communication network according to the location information;
  • the base station is connected to the ad hoc network server according to the identifier to obtain initial configuration parameters, initializes the initialization configuration parameters, and accesses the mobile communication network.
  • the network side includes an AAA server of the home base station, a home base station management system server of the home base station, a location authentication server of the home base station, and the like.
  • the method further includes: the home base station acquiring an Internet Protocol IP address of the security gateway of the mobile communication network; and the home base station performing the security association initial interaction with the security gateway according to the IP address, establishing a security association.
  • the home base station sends an identity authentication request to the security gateway, where the identity of the home base station is carried; the security gateway sends an access request message to the authentication/acceptance charging AAA server of the home base station.
  • the network side acquires the location information of the home base station, and specifically includes at least one of the following: the AAA server or the home base station management system server acquires the location information of the home base station according to the subscription information of the home base station; the AAA server or the home base station management system The IP address of the home base station is used to find the IP broadband service operator of the home base station, and the location information of the home base station is obtained from the interface server of the IP broadband service provider; the AAA server obtains the home from the home base station management system server or the network management server Location information of the base station.
  • the AAA server or the home base station management system server acquires the location information of the home base station according to the subscription information of the home base station
  • the IP address of the home base station is used to find the IP broadband service operator of the home base station, and the location information of the home base station is obtained from the interface server of the IP broadband service provider
  • the AAA server obtains the home from the home base station management system server or the network management server Location information of the base station.
  • the providing the identifier of the ad hoc network server of the mobile communication network to the home base station according to the location information comprises: the AAA server or the home base station management system server querying the mobile communication that is allowed to be accessed by the home base station at the location indicated by the location information An ad hoc network server of the network; the AAA server or the home base station management system server provides the identity of the ad hoc network server to the home base station.
  • the providing the identifier of the ad hoc network server of the mobile communication network to the home base station according to the location information comprises: the AAA server or the home base station management system server querying the mobile communication that is allowed to be accessed by the home base station at the location indicated by the location information
  • the self-organizing network server of the network if the number of self-organizing network servers is greater than 1, the AAA server or the home base station management system server queries the current load of each self-organizing network server; AAA month
  • the server or the home base station management system server compares the current load of each self-organizing network server, and obtains the identifier of the self-organizing network server with the smallest current load; the AAA server or the home base station management system server minimizes the current load
  • the identity of the organization network server is provided to the home base station as an identity of the ad hoc network server.
  • the AAA server provides the identifier of the ad hoc network server to the home base station, specifically: the AAA server sends an access success message to the security gateway of the mobile communication network, where the identifier of the self-organizing network server is carried; The base station sends an identity authentication response message, where the access success message and the identifier of the ad hoc network server are carried.
  • the AAA server provides the identifier of the ad hoc network server to the home base station, and the method includes: the AAA server sending an access success message to the security gateway of the mobile communication network, where the identifier of the self-organizing network server is carried; The identifier of the network server is sent, and the identity authentication response message is sent to the home base station, where the access success message is sent; the home base station sends an identity authentication request message to the security gateway, where the identity of the home base station is carried; and the security gateway performs the home base station After the authentication is passed, the identity authentication response message is sent to the home base station, where the identifier of the self-organizing network server is carried.
  • the identifier of the ad hoc network server that provides the mobile communication network to the home base station according to the location information specifically includes: the home base station sends the request information to the home base station management system server; the home base station management system server acquires the location information of the home base station; The system server provides the home base station with an identification of the ad hoc network server of the mobile communication network based on the location information.
  • the identity authentication request message further carries an identifier of the ad hoc network server identifier that is required to return to the home base station.
  • the method further includes: the home base station authenticating the identity of the security gateway of the mobile communication network.
  • the method further comprises: establishing a secure tunnel between the home base station and the security gateway of the mobile communication network, wherein the secure tunnel is an Internet Security Protocol IPSec tunnel.
  • the identifier of the ad hoc network server is an IP address of the ad hoc network server or a domain name of the ad hoc network server.
  • an AAA server including: an obtaining module, configured to acquire location information of a home base station; and an allocation module, configured to provide a self-organizing network server of the mobile communication network to the home base station according to the location information Logo.
  • an access device for a home base station including: an acquiring module, configured to acquire location information of a home base station; and a providing module, configured to provide mobile communication to the home base station according to the location information
  • An identifier of the ad hoc network server of the network an access module, configured to connect to the ad hoc network server according to the identifier to obtain an initial configuration parameter, complete initialization according to the initial configuration parameter, and access the mobile communication network.
  • an access system for a home base station including: an AAA server, configured to acquire location information of a home base station, and provide a mobile communication network to the home base station according to the location information.
  • the security gateway configured to authenticate the home base station, and forward the access request of the home base station to the AAA
  • the server forwards the access success response of the AAA server to the home base station, and the identifier of the self-organizing network server is carried in the access success response;
  • the self-organizing network server is configured to configure initial configuration parameters for the home base station;
  • the method includes an access module, configured to connect to the ad hoc network server according to the identifier to obtain initial configuration parameters, complete initialization according to the initial configuration parameter, and connect the home base station to the mobile communication network.
  • the identifier of the SON server is provided to the home base station according to the location information of the home base station, so that the home base station only needs to connect to the SON server that is allowed to access when accessing, thereby
  • the home base station when the home base station is connected, it is necessary to try to connect the SON server in the list one by one until it finds the SON server in the access network that allows the connection to register, which causes the home base station to enter the network for a long time delay.
  • a technical problem affecting the user's body-risk achieving the technical effect of improving the network access efficiency of the home base station and improving the user experience.
  • FIG. 1 is a schematic diagram of a communication network for a home base station in the related art
  • 2 is a flowchart of an access method for a home base station according to a first embodiment of the present invention
  • FIG. 3 is a flowchart of an access method for a home base station according to a second embodiment of the present invention
  • FIG. 5 is a block diagram of an AAA server according to a fourth embodiment of the present invention.
  • FIG. 6 is a view for a fifth embodiment of the present invention.
  • a block diagram of an access device of a home base station A block diagram of an access device of a home base station
  • Fig. 7 is a block diagram showing the structure of an access system for a home base station according to a sixth embodiment of the present invention.
  • the access success message returned by the AAA server to the security gateway is enhanced to carry the SON server identifier assigned by the AAA server to the home base station; and the identity authentication response returned by the security gateway to the home base station is enhanced to be carried.
  • the AAA server may acquire location information of the home base station and provide the home base station with the identifier of the SON server during the process of authenticating the home base station.
  • FIG. 2 is a flowchart of an access method for a home base station according to a first embodiment of the present invention. As shown in FIG.
  • the access method for the home base station according to the first embodiment of the present invention includes: Step S202: The network side acquires location information of the home base station; Step S204, provides the mobile communication network to the home base station according to the location information.
  • the DHCP and/or DNS server returns the SON server address of the access network that has a contractual relationship with the home base station operator to the home base station, and the access method for the home base station according to the first embodiment of the present invention passes.
  • the home base station Providing the identity (IP address, domain name, etc.) of the SON server according to the location information (geographic/city location information) of the home base station, so that the home base station only needs to connect to the SON server that allows access to the home base station when accessing, thereby
  • the home base station when the home base station is connected, it is necessary to try to connect the SON server in the list one by one until it finds the SON server in the access network that allows the connection to register, which causes the home base station to enter the network for a long time delay.
  • the technical problem affecting the user experience achieves the technical effect of improving the network access efficiency of the home base station and improving the user experience.
  • the access network of the mobile communication network may perform location authentication again on the home base station to ensure the home based on the operator's policy.
  • the geographic/urban area in which the base station is located is within the authorized operating area of the access network operator, and the process can be performed by the SON server in the access network.
  • the method before the acquiring, by the network side, the location information of the home base station, the method further includes: the home base station acquiring an Internet Protocol IP address of the security gateway of the mobile communication network; and the home base station performing the security association initial interaction with the security gateway according to the IP address, establishing a security association.
  • the home base station sends an identity authentication request to the security gateway, where the identity of the home base station is carried; the security gateway sends an access request message to the authentication/acceptance charging AAA server of the home base station.
  • the home base station can obtain the IP address of the security gateway through a mechanism such as a DHCP request and a DNS query, or can also configure an IP address of the security gateway in the home base station, for example, by using a local management interface of the home base station to obtain a security gateway by manual configuration. IP address.
  • the home base station negotiates a set of security keys with the security gateway, and establishes a security association between the home base station and the security gateway to protect the base station.
  • the interaction process of the IKE_SA_INIT message in Internet Key Exchange version 2 can be used to interact with the Internet Key.
  • the identity authentication request sent by the home base station to the security gateway may further carry information requesting to provide the identifier of the SON server.
  • the security gateway sends an access to the AAA server of the home base station. The message is requested to request the home base station AAA to perform authentication and authentication on the home base station.
  • the network side acquires location information of the home base station, and specifically includes at least one of the following: the AAA server acquires location information of the home base station according to the subscription information of the home base station; and the AAA server searches for the IP broadband monthly service of the home base station according to the IP address of the home base station.
  • the operator obtains the location information of the home base station from the interface server of the IP broadband service provider; the AAA server manages the home base station operator from the home base station (ie, the home base station management system, the home base station management server) or The network management server obtains location information of the home base station.
  • the AAA server can provide the SON server to the home base station according to the subscription information of the home base station. For example, according to the subscription information, the home base station can only be used in a certain geographical area, and the AAA server can provide the home base station with the identifier of the SON server of the access network that can accept the home base station connection registration in the area.
  • the AAA server finds an IP broadband service operator that provides IP broadband backhaul connection service for the home base station (eg, through the IP address of the home base station), and then obtains geographic/city location information of the home base station from the operator (eg, through the home base station) IP address ;).
  • the AAA server can directly access the appropriate server from the carrier domain (for example, the management system, the network management system) Get the geographic/city location information of the home base station in the server, etc.).
  • the location information of the home base station is extracted from the DOCSIS system based on the Cable modem associated with the home base station in the DOCSIS network, which is especially applicable to home base stations with built-in Cable modems.
  • the AAA service can also obtain the location information of the terminal by directly accessing the home base station operator intra-domain management system or the network management server of the home base station; the management system or the network management server specifically executes the process of acquiring the terminal location information, and the AAA month can be used.
  • the method used by the server to obtain the location information eg, obtained from the subscription information, obtained from the IP broadband service operator.
  • the identifier of the SON server that provides the mobile communication network to the home base station according to the location information specifically includes: the AAA server queries the SON server of the mobile communication network that is allowed to access the home base station at the location; the AAA server The identity of the SON server is provided to the home base station.
  • the SON server of the mobile communication network is provided to the home base station according to the location information.
  • the AAA server queries the SON server of the mobile communication network that is allowed to access the home base station at the location; if the number of the SON server is greater than 1, the AAA server queries the current load of each SON server; The current load of the SON server, and obtain the identifier of the SON server with the smallest current load; the AAA server provides the identifier of the SON server to the home base station.
  • the home base station operator If the home base station operator only has the address of one SON server in the selected access network, the home base station operator directly provides the identifier of the SON server to the home base station; if the home base station operator owns the connection After multiple SON server addresses in the network, the AAA server can also preferentially select the SON server with the smallest current load or less than a certain threshold, and provide its identifier to the home base station. For example, the AAA server can query the load of the SON server in the access network, or query other network elements (for example, the network management server) to obtain related parameters.
  • the AAA server can query the load of the SON server in the access network, or query other network elements (for example, the network management server) to obtain related parameters.
  • the home base station can be prevented from being connected to the SON server with a large load, and the SON server redirection in the access domain needs to be performed, thereby further reducing the access delay of the home base station.
  • the providing, by the AAA server, the identifier of the SON server to the home base station specifically includes:
  • the AAA server sends an access success message to the security gateway of the mobile communication network, which carries the identifier of the SON server.
  • the security gateway sends an identity authentication response message to the home base station, where the AAA server carries the access success message and the identifier of the SON server.
  • the AAA server can send the identifier of the SON server to the security gateway through a RADIUS/Diameter message; the security gateway can send the identifier to the home base station through IKEv2.
  • IKEv2 protocol you can use the configuration parameters in the configuration payload to carry the above SON server identifier.
  • the identifier is an IP address
  • the address is placed in the value field of the parameter of the type SON_Server_IP_Address described above.
  • the providing, by the AAA server, the identifier of the SON server to the home base station specifically includes:
  • the AAA server sends an access success message to the security gateway of the mobile communication network, where the identifier of the SON server is carried; the security gateway saves the identifier of the SON server, and sends an identity authentication response message to the home base station, which carries the access success message; The security gateway sends an identity authentication request message, where the identity of the home base station is carried. The security gateway authenticates the home base station, and after the authentication is passed, sends an identity authentication response message to the home base station, where the identifier of the SON server is carried.
  • the AAA server may send the identifier of the SON server to the security gateway through a RADIUS/Diameter message; the security gateway may send the identifier to the home base station through IKEv2.
  • the configuration parameters in the configuration payload can carry the above SON server identifier.
  • the identifier is an IP address
  • the address is placed in the value field of the parameter of the type SON_Server_IP_Address described above.
  • the identifier of the ad hoc network server that provides the mobile communication network to the home base station according to the location information specifically includes: the AAA server provides the home base station with the management system server in the home base station operator domain (ie, the above-mentioned home base station management system, the home base station management) The address of the server; the home base station sends a request to the management system server; the location information of the home base station is obtained by the management system server, and the identifier of the ad hoc network server of the mobile communication network is provided to the home base station according to the location information.
  • the AAA server provides the home base station with the management system server in the home base station operator domain (ie, the above-mentioned home base station management system, the home base station management) The address of the server; the home base station sends a request to the management system server; the location information of the home base station is obtained by the management system server, and the identifier of the ad hoc network server of the mobile communication network is provided to the home base station according to
  • the AAA does not return the SON identifier to the home base station in the process of access authentication, but returns the address of the management system server in the home base station operator domain, or may be another server capable of allocating the SON server to the home base station, such as a location authentication server;
  • the home base station queries the server for the address of the SON server, and finally the server obtains the location information of the home base station, allocates the SON server to the home base station according to the location information, and returns the identifier of the SON server to the home.
  • Base station This/some services can use the method used by the above AAA server to select a suitable self-SON server (for example, querying a SON server that allows access to a home base station at that location, etc.).
  • the identity authentication request message further carries an identifier of the SON server identifier that is required to return to the home base station.
  • the configuration parameter (Configuration Attributes) in the configuration payload of the IKEv2 protocol can be used to carry the identifier of the SON server identifier that is required to return to the home base station, and the identifier includes the parameter type (Attribute TYPE) and the value. (Value ) Two fields.
  • a parameter can be newly defined and assigned a new parameter type (for example, the parameter type is defined as SON_Server_IP_Address), which is used to indicate that the home base station is to the security gateway. Request the address of the SON server.
  • the home base station is connected to the SON server according to the identifier to obtain the initial configuration parameter.
  • the number, and before the access to the mobile communication network according to the initial configuration parameters, further includes: the home base station authenticates the identity of the security gateway of the mobile communication network.
  • the method further comprises: establishing a secure tunnel between the home base station and the security gateway of the mobile communication network, wherein the secure tunnel is an Internet Security Protocol IPSec tunnel.
  • the secure tunnel is an Internet Security Protocol IPSec tunnel.
  • the identifier of the SON server is an IP address of the SON server or a Fully Qualified Domain Name (FQDN).jpg
  • the home address is provided by the IP address of the SON server provided to the home base station.
  • the base station can be directly connected to the SON server.
  • the identifier can also be a domain name of the SON server or another identifier capable of indicating the location of the SON server.
  • FIG. 3 is a flowchart of an access method for a home base station according to a second embodiment of the present invention.
  • the authentication process of the home base station is performed between the home base station and the AAA server of the home base station.
  • the AAA server of the home base station provides the preferred SON server for the home base station according to the location information of the home base station.
  • the SON server is located in an access network that can accept the registration of the home base station, and the specific steps are as follows: Step 301: The home base station first connects to the IP broadband backhaul network, and can obtain an IP address capable of accessing the Internet network by performing a DHCP-related process. Step 302: Initiating a security association between the home base station and the security gateway by the home base station Initial interaction; through the security association initial interaction, the home base station negotiates a set of security keys with the security gateway, and establishes a security association between the home base station and the security gateway to protect the home base station and the security gateway.
  • Step 303 The home base station sends an identity authentication request message to the security gateway to implement mutual authentication between the home base station and the security gateway.
  • the identity authentication request message carries the identifier of the home base station, such as BSID, NAI, etc.
  • Step 304 The security gateway sends an access request message to the AAA server of the home base station to request the AAA server to authenticate the home base station.
  • the AAA server initiates an access authentication process for the home base station, and after the authentication of the home base station is successfully authenticated, the AAA and the home base station use the secrets (for example, passwords, certificates, etc.) jointly learned by the two base stations, and are used for authentication.
  • secrets for example, passwords, certificates, etc.
  • MSK Master Session Key
  • Step 306 The AAA server provides the preferred SON server for the home base station IP address;
  • Step 307 The AAA server sends an access success message to the security gateway, where the MSK generated by the AAA server and the IP address of the SON server provided by the AAA server for the home base station are included;
  • Step 309 The security gateway sends an identity authentication response message to the home base station, where the access success message is carried;
  • Step 314 The home base station interacts with the AAA server for the SON server to implement the configuration.
  • the initialization parameters of the base station for example, wireless parameters such as the working frequency point
  • the home base station is connected to the access gateway to complete the initial attachment process of the home base station; thereafter, the home base station can serve as a real base station.
  • step 303, step 309 to step 311 may correspond to the IKE_AUTH message in the IKEv2 protocol.
  • the AAA server may provide the SON server to the home base station according to the subscription information of the home base station.
  • the home base station can only be used in a certain geographical area, and the AAA server can provide the home base station with the identifier of the SON server that can accept the access network registered by the home base station in the area; the AAA server can also Find an IP broadband service provider that provides IP broadband backhaul connectivity for the home base station (eg, through the IP address of the home base station), and then obtain the geographic/city location information of the home base station from the operator (eg, via the home base station) IP address), and then provide the home base station with the identity of the SON server that allows it to access according to its location information; in addition, when the home base station operator is the same as the IP broadband monthly service operator described above When the quotient is used, the AAA server can directly obtain the geographic/city location information of the home base station from the appropriate server in the carrier domain, and then provide the home base station with the identifier of the SON server that is allowed to access according to its location information, for example, according to A cable modem associated with a home base station in the area;
  • step 306 if the home base station operator only has the address of one of the selected access networks, the home base station operator provides the address of the SON server to the home base station;
  • the home base station operator has multiple SON server addresses in the access network, and the AAA server can also preferentially select the SON server whose current load is the smallest, or whose load is less than a certain threshold, and provide it to the home base station.
  • the AAA server can query the load of the SON server in the access network, or query other network elements (for example, the network management server) to obtain related parameters. In this way, the home base station can be prevented from selecting a SON server with a large load, and the SON server redirection in the access domain needs to be performed.
  • the AAA server may not provide the identifier of the ad hoc network server for the home base station, but provide the home base station with a server in the home base station operator domain that can allocate the ad hoc network server to the home base station. For example, the address of the server of the home base station operator's management system (ie, the home base station management system, the home base station management server), the network management server, or the location authentication server, and then the access authentication and the security gateway are completed at the home base station.
  • the home base station may request the server to allocate an ad hoc network server, and after obtaining the location information of the home base station, the server returns a status to the home base station according to the location information.
  • the identifier of the selected ad hoc network server which may also be the IP address of the ad hoc network server or its domain name.
  • These servers can obtain the location information of the home base station by using the method used by the AAA server (for example, obtaining according to the subscription information of the home base station, acquiring from the interface server of the IP broadband service provider, etc.); these servers can also use the above AAA server.
  • the method used selects a suitable ad hoc network server (eg, queries the SON server that is allowed to access the home base station at that location).
  • the above method for the server to acquire the location information of the home base station is that the home base station can place its own location information in the above request sent to the server, and send its own location information to the server.
  • the access method for the home base station according to the second embodiment of the present invention avoids that the home base station in the related art needs to try to connect the SON server in the list one by one until accessing the access network that allows the connection registration thereof.
  • FIG. 4 is a flowchart of an access method for a home base station according to a third embodiment of the present invention.
  • Step 401 The home base station first connects to the IP broadband backhaul network, and can obtain an IP address capable of accessing the Internet network by performing a DHCP-related process.
  • Step 402 Initiating a security association initial interaction between the home base station and the security gateway by the home base station; and performing a security association initial interaction, the home base station negotiates a set of security keys with the security gateway, and on the basis of the home base station and A security association is established between the security gateways to protect the signaling security between the home base station and the security gateway.
  • the signaling between the home base station and the security gateway refers to the message in steps 403 to 411.
  • Step 403 Home The base station sends an identity authentication request message to the security gateway to implement mutual authentication between the home base station and the security gateway.
  • the identity authentication request message carries the identifier of the home base station, for example, BSID, NAI, etc.
  • Step 404 The security gateway sends an access request message to the AAA server of the home base station to request the AAA server to authenticate the home base station; 405: The AAA server initiates an access authentication process for the home base station, and after the authentication of the home base station is successfully authenticated, the AAA and the home base station use the secrets (for example, passwords, certificates, etc.) jointly learned by the two base stations, and are used for authentication.
  • secrets for example, passwords, certificates, etc.
  • MSK Master Session Key
  • Step 406 The AAA server provides the preferred SON server for the home base station IP address;
  • Step 407 The AAA server sends an access success message to the security gateway, where the MSK generated by the AAA server and the IP address of the SON server allocated by the AAA server to the home base station are used;
  • the home base station saves the address of the SON server allocated by the AAA server locally;
  • Step 411 The security gateway authenticates the home base station by using an MSK from the AAA server and an authentication vector from the home base station After the authentication is passed, the security gateway also generates a set of authentication vectors based on the MSK; and sends an identity authentication response message to the home base station;
  • Step 412 The home base station and the security gateway generate a set of security associations based on the respective MSKs. Based on the security association, an IPSec security tunnel is established between the home base station and the security gateway to ensure subsequent connection between the home base station and the security gateway.
  • Step 413 The home base station and the AAA server interact with each other for the SON server assigned thereto, and implement initialization functions (for example, working frequency points, etc.) for configuring the home base station; finally, the home base station is connected to the access gateway.
  • the initial network access procedure of the home base station is completed; thereafter, the home base station can start serving the terminal as a real base station.
  • the identity authentication request message may further carry an identifier of the ad hoc network server address that the security gateway is required to return to the home base station.
  • the AAA server may provide the SON server to the home base station according to the subscription information of the home base station.
  • the home base station can only be used in a certain geographical area, and the AAA server can provide the home base station with the identifier of the SON server that can accept the access network registered by the home base station in the area; the AAA server can also Find an IP broadband service provider that provides IP broadband backhaul connectivity for the home base station (eg, through the IP address of the home base station), and then obtain geographic/city location information for the home base station from the carrier (eg, via the home base station) IP address), and then provide the home base station with the identity of the SON server that allows it to access according to its location information; in addition, when the home base station operator is the same as the IP broadband monthly service operator described above When the quotient is used, the AAA server can directly obtain the geographic/city location information of the home base station from the appropriate server in the carrier domain, and then provide the home base station with the identifier of the SON server that is allowed to access according to its location information, for example, according to Cable modem associated with a home base station in a
  • step 406 if the home base station operator only has the address of one of the selected access networks, the home base station operator provides the address of the SON server to the home base station;
  • the home base station operator has multiple SON server addresses in the access network, and the AAA server can also preferentially select the SON server whose current load is the smallest, or whose load is less than a certain threshold, and provide it to the home base station.
  • the AAA server can query the load of the SON server in the access network, or query other network elements (for example, the network management server) to obtain related parameters.
  • FIG. 5 is a block diagram showing an AAA server according to a fourth embodiment of the present invention.
  • the AAA server 500 includes: an obtaining module 502, configured to acquire location information of a home base station; and an allocation module 504, configured to provide a SON of the mobile communication network to the home base station according to the location information.
  • the identity of the server The AAA server according to the fourth embodiment of the present invention uses the obtaining module to query the location information of the home base station, and then uses the allocation module to provide the identifier of the SON server to the home base station according to the location information, so that the home base station only needs to connect when accessing.
  • the access device for the home base station according to the fifth embodiment of the present invention includes: an obtaining module 502, configured to acquire location information of the home base station, and a providing module 602, configured to provide the home base station according to the location information.
  • the access device for the home base station uses the acquisition module to acquire the location information of the home base station, and then uses the allocation module to provide the identifier of the SON server to the home base station according to the location information, so that the home base station is connected.
  • the SON server prevents the home base station in the related art from trying to connect to the SON server in the list one by one until it finds the SON server in the access network that allows the connection to register, causing the home base station to enter the network for a long delay.
  • the technical problem affecting the user's body-risk to achieve the technical effect of improving the network access efficiency of the home base station and improving the user experience.
  • an access system for a home base station according to a sixth embodiment of the present invention includes: an AAA server 500, configured to acquire location information of a home base station, and provide a SON server of the mobile communication network to the home base station according to the location information.
  • the identifier is sent to the security gateway of the mobile communication network; the security gateway 702 is configured to authenticate the home base station, and forward the access request of the home base station to the AAA server, and the AAA monthly service
  • the access success response of the device is forwarded to the home base station, and the access success response carries the identifier of the SON server; the SON server 704 is configured to configure initial configuration parameters for the home base station; and the access module 706 is configured to connect to the SON server according to the identifier. Get initialization configuration parameters, complete initialization according to the initialization configuration parameters, and access to the mobile communication network.
  • the access module is an access gateway 708 that accesses the mobile terminal network.
  • the security gateway 702 can also be combined with the access gateway 708 of the mobile communication network; the access mode is set in the home base station.
  • An access system for a home base station according to a sixth embodiment of the present invention uses an AAA server to acquire location information of a home base station, and provides an identifier of the SON server to the home base station according to the location information, so that when the home base station is connected, It only needs to be connected to the SON server that allows it to access, so that the home base station in the related art needs to try to connect to the SON server in the list one by one until it finds the SON server in the access network that allows it to connect and register.
  • the access method, the device, the system, and the AAA server for the home base station prevent the home base station in the related art from attempting to connect the SON server in the list one by one until the access is performed. Finding the SON server in the access network that allows it to connect to the registration, causing the home base station to enter the network for a long delay, affecting the user experience, and improving the home base station. Network access efficiency, improving the technical effect of the user experience.
  • modules or steps of the present invention can be implemented by a general-purpose computing device, which can be concentrated on a single computing device or distributed over a network composed of multiple computing devices. Alternatively, they may be implemented by program code executable by the computing device, such that they may be stored in the storage device by the computing device, or they may be separately fabricated into individual integrated circuit modules, or they may be Multiple modules or steps are made into a single integrated circuit module.
  • the invention is not limited to any specific combination of hardware and software.
  • the above is only the preferred embodiment of the present invention, and is not intended to limit the present invention, and various modifications and changes can be made to the present invention. Any modifications, equivalent substitutions, improvements, etc. made within the scope of the present invention are intended to be included within the scope of the present invention.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Business, Economics & Management (AREA)
  • Accounting & Taxation (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

A method, device, system and Authentication Authorization Accounting (AAA) server for home node base station accessing are provided. The method includes that: the network side obtains location information of the home node base station, and provides an identifier of a self organizing network server of a mobile communication network to the home node base station according to the location information; the home node base station connects to the self organizing network server according to the identifier to obtain initialization configuration parameters, completes the initialization according to the initialization configuration parameters, and accesses the mobile communication network. The present invention improves the access efficiency of the home node base station, and enhances user experience.

Description

用于家用基站的接入方法、 装置、 ***及 AAA月良务器 技术领域 本发明涉及通信领域,具体而言, 尤其涉及一种用于家用基站接入方法、 装置、 ***及 AAA ( Authentication Authorization Accounting, 鉴权 ·ί受权计费) 服务器。 背景技术 为了向用户提供更高的业务速率并降低使用高速率服务所需要的费用, 同时为了弥补已有分布式蜂窝无线通信***覆盖的不足, 通常会在家庭、 办 公区域等场所设置家用基站。 家用基站是一种小型、 低功率的基站, 具有实 惠、 便捷、 低功率输出等优点。 图 1是用于家用基站的通信网络示意图, 如图 1所示, 家用基站可以通 过接入网关这个還辑网元接入到核心网。 家庭基站和接入网关 (Femto Gateway, 简称为 Fe-GW )之间存在安全 网关 (Security Gateway, 简称为 Se-GW )。 安全网关可以与接入网关合设也 可以与接入网关分设。 安全网关的主要作用是保障家用基站和接入网关、 用 户数据服务器等网元之间的链路安全。 接入网关的主要功能包括: 验证家用基站的安全性、 处理家用基站的注 册、 对家用基站进行运行维护管理、 根据运营商的要求对家用基站进行配置 和控制、 在核心网和家用基站之间进行数据交换。 鉴权授权计费 AAA服务器是通信网络中的重要设施, 用于实现网络运 营商对数据、 用户的控制和管理, 提供认证授权及账户服务, 通常与网络访 问控制、 网关服务器、 数据库以及用户信息目录等协同工作。 家用基站的工作、 运行参数由网络动态配置, 在现有技术中, 由自组织 网络服务器 ( Self Organizing Network Server, 简称 SON服务器) 来配置。 SON 服务器用于在无需人工千预的情况下, 发现 /提取家用基站的一系列运 营维护参数(例如, 家用基站周边的无线环境), 从而为家用基站提供初始化 配置参数 (包括无线空口参数等), 支持家用基站的自举初始化。 在现有的网 络部署方案中, SON服务器归属于接入网运营商, 仅为其所属的接入网提供 服务。 含有家用基站的网络还包括一个未在图中标出的家用基站管理*** ( Femto Management System ), 家用基站通过上述安全网关与之相连。 家用 基站管理***负责对其所属的家用基站的运维管理, 同时也负责保存一部分 家用基站签约信息。 与普通宏蜂窝基站归属于接入网, 并由接入网运营商购置和部署不同, 家用基站由用户购买安置, 且用户必须为该家用基站与至少一个家用基站运 营商签约, 在该家用基站连接并注册到一个合适的接入网以后, 用户才能使 用该家用基站提供的服务。 在现有的家用基站初始化入网流程中,家用基站使用 IP宽带网络作为其 回程连接首先接入到与之签约的家用基站运营商 (Femto Network Service Provider, 简称为 Femto-NSP ), 接受家用基站运营商对该家用基站的认证; 家用基站运营商以向该家用基站提供候选接入网中的 SON 月艮务器的形式, 来为该家用基站提供一组候选接入网; 家用基站找到允许其连接注册的接入 网中的 SON服务器, 并使用该 SON服务器提供的初始化配置参数完成初始 化自举, 最后连接注册到该接入网中。 候选接入网是否允许该家用基站连接注册, 一条重要的依据是该家用基 站是否处在该接入网所属的运营商的 4受权运营地理( Geography )/城市( Civic ) 区域之内。 换句话说, 当家用基站位于特定的地理 /城市区域内时, 有些候选 接入网允许其连接注册, 而有些接入网则不允许其连接注册。 在上述的初始 化入网流程中, 由候选接入网中的 SON 月艮务器决策是否允许该家用基站连 接注册到此候选接入网。 只有在允许的情况下, SON服务器才向其提供初始 化参数。 在现有技术中, 接入网运营商向与之有签约关系的家用基站运营商提供 其接入网内 SON服务器地址, 家用基站运营商将这些 SON服务器地址配置 在家用基站运营商域内的 DHCP和 /或 DNS月艮务器中。 家用基站通过查询家 用基站运营商域内的 DHCP和 /或 DNS服务器来获取候选接入网中的 SON服 务器地址。 DHCP和 /或 DNS服务器将所有与该家用基站运营商有签约关系 的接入网的 SON 月艮务器地址以列表形式返回给家用基站, 使得家用基站在 接入时, 需要逐个尝试连接上述列表中的 SON 服务器, 直到找到允许其连 接注册的接入网中的 SON 月艮务器为止, 导致家用基站入网时延过长, 影响 用户体 -险。 发明内容 本发明的目的在于提供一种用于家用基站接入方法、装置、 ***及 AAA 服务器, 能够解决相关技术中家用基站入网时延过长, 影响用户体验的技术 问题。 根据本发明的一个方面, 提供了一种用于家用基站的接入方法, 包括: 网络侧获取家用基站的位置信息; 根据位置信息向家用基站提供移动通信网 络的自组织网络服务器的标识; 家用基站才艮据标识连接到自组织网络服务器 以获取初始化配置参数, 居初始化配置参数完成初始化, 并接入到移动通 信网络。 优选地, 网络侧包含家用基站的 AAA服务器、 家用基站的家用基站管 理***服务器、 家用基站的位置认证服务器等。 优选地, 在网络侧获取家用基站的位置信息之前还包括: 家用基站获取 移动通信网络的安全网关的因特网协议 IP地址; 家用基站才艮据 IP地址与安 全网关执行安全关联初始交互, 建立安全关联; 家用基站向安全网关发送身 份认证请求, 其中携带家用基站的标识; 安全网关向家用基站的鉴权 ·ί受权计 费 AAA服务器发送接入请求消息。 优选地, 网络侧获取家用基站的位置信息具体包括以下至少一种: AAA 服务器或家用基站管理***服务器根据家用基站的签约信息获取家用基站的 位置信息; AAA月艮务器或家用基站管理***月艮务器 居家用基站的 IP地址 查找家用基站的 IP宽带服务运营商, 并从 IP宽带服务运营商的接口服务器 中获取家用基站的位置信息; AAA服务器从家用基站管理***服务器或网管 服务器获取家用基站的位置信息。 优选地, 根据位置信息向家用基站提供移动通信网络的自组织网络服务 器的标识具体包括: AAA服务器或所述家用基站管理***服务器查询允许处 于该位置信息指示的位置的家用基站接入的移动通信网络的自组织网络月艮务 器; AAA服务器或所述家用基站管理***服务器将自组织网络服务器的标识 提供给家用基站。 优选地, 根据位置信息向家用基站提供移动通信网络的自组织网络服务 器的标识具体包括: AAA服务器或所述家用基站管理***服务器查询允许处 于该位置信息指示的位置的家用基站接入的移动通信网络的自组织网络月艮务 器; 如果自组织网络服务器的个数大于 1 , 则 AAA服务器或所述家用基站管 理***月艮务器查询各个自组织网络月艮务器的当前负荷; AAA月艮务器或所述家 用基站管理***服务器比较各个自组织网络服务器的当前负荷, 并获取当前 负荷最小的自组织网络服务器的标识; AAA服务器或所述家用基站管理*** 服务器将当前负荷最小的自组织网络服务器的标识作为自组织网络服务器的 标识提供给家用基站。 优选地, AAA服务器将自组织网络服务器的标识提供给家用基站具体包 括: AAA服务器向移动通信网络的安全网关发送接入成功消息, 其中携带自 组织网络月艮务器的标识; 安全网关向家用基站发送身份认证响应消息, 其中 携带接入成功消息和自组织网络服务器的标识。 优选地, AAA服务器将自组织网络服务器的标识提供给家用基站具体包 括: AAA服务器向移动通信网络的安全网关发送接入成功消息, 其中携带自 组织网络月艮务器的标识; 安全网关保存自组织网络月艮务器的标识, 并向家用 基站发送身份认证响应消息, 其中携带接入成功消息; 家用基站向安全网关 发送身份认证请求消息, 其中携带家用基站的标识; 安全网关对家用基站进 行认证, 并在认证通过后, 向家用基站发送身份认证响应消息, 其中携带自 组织网络月艮务器的标识。 优选地, 根据位置信息向家用基站提供移动通信网络的自组织网络服务 器的标识具体包括: 家用基站向家用基站管理***服务器发送请求信息; 家 用基站管理***服务器获取家用基站的位置信息; 家用基站管理***服务器 根据位置信息向家用基站提供移动通信网络的自组织网络服务器的标识。 优选地, 身份认证请求消息中还携带要求返回家用基站的自组织网络服 务器标识的标识。 优选地, 在家用基站根据标识连接到自组织网络服务器以获取初始化配 置参数之前还包括: 家用基站对移动通信网络的安全网关的身份进行认证。 优选地, 该方法还包括: 在家用基站与移动通信网络的安全网关之间建 立安全隧道, 其中, 安全隧道是因特网安全协议 IPSec隧道。 优选地, 自组织网络月艮务器的标识是自组织网络月艮务器的 IP地址或自组 织网络服务器的域名。 根据本发明的另一个方面, 还提供了一种 AAA服务器, 包括: 获取模 块, 用于获取家用基站的位置信息; 分配模块, 用于根据位置信息向家用基 站提供移动通信网络的自组织网络服务器的标识。 根据本发明的又一个方面, 还提供了一种用于家用基站的接入装置, 包 括: 获取模块, 用于获取家用基站的位置信息; 提供模块, 用于根据位置信 息向家用基站提供移动通信网络的自组织网络服务器的标识; 接入模块, 用 于根据标识连接到自组织网络服务器以获取初始化配置参数, 并根据初始化 配置参数完成初始化, 并接入到移动通信网络。 根据本发明的又一个方面, 还提供了一种用于家用基站的接入***, 包 括: AAA服务器, 用于获取家用基站的位置信息, 才艮据位置信息向家用基站 提供移动通信网络的自组织网络月艮务器的标识, 并将自组织网络月艮务器的标 识发送给移动通信网络的安全网关; 安全网关, 用于对家用基站进行认证, 将家用基站的接入请求转发给 AAA服务器,将 AAA服务器的接入成功响应 转发给家用基站, 接入成功响应中携带自组织网络月艮务器的标识; 自组织网 络服务器, 用于为家用基站配置初始化配置参数; 家用基站, 其包括接入模 块, 用于根据标识连接到自组织网络服务器以获取初始化配置参数, 并根据 初始化配置参数完成初始化, 并将家用基站接入到移动通信网络。 借助于本发明的上述至少一个技术方案, 通过才艮据家用基站的位置信息 来向其提供 SON 服务器的标识, 使得家用基站在接入时, 只需要连接到允 许其接入的 SON 服务器, 从而避免了相关技术中家用基站在接入时, 需要 逐个尝试连接列表中的 SON 服务器, 直到找到允许其连接注册的接入网中 的 SON 月艮务器为止, 导致家用基站入网时延过长, 影响用户体 -险的技术问 题, 达到提高家用基站的入网效率, 改善用户体验的技术效果。 附图说明 附图用来提供对本发明的进一步理解, 并且构成说明书的一部分, 与本 发明的实施例一起用于解释本发明, 并不构成对本发明的限制。 在附图中: 图 1是相关技术中的用于家用基站的通信网络示意图; 图 2是根据本发明第一实施例的用于家用基站的接入方法的流程图; 图 3是根据本发明第二实施例的用于家用基站的接入方法的流程图; 图 4是根据本发明第三实施例的用于家用基站的接入方法的流程图; 图 5是才艮据本发明第四实施例的 AAA服务器的方框图; 图 6是根据本发明第五实施例的用于家用基站的接入装置的方框图; 图 7 是根据本发明第六实施例的用于家用基站的接入***的结构示意 图。 具体实施方式 在本发明中, 增强 AAA服务器向安全网关返回的接入成功消息, 使其 携带 AAA服务器为家用基站分配的 SON服务器标识; 增强安全网关向家用 基站返回的身份认证响应, 使其携带 AAA服务器为家用基站分配的 SON服 务器标识。 另外, AAA服务器可以在对家用基站进行鉴权的过程中, 来获取 家用基站的位置信息并向该家用基站提供 SON月艮务器的标识。 以下结合附图对本发明的优选实施例进行说明, 应当理解, 此处所描述 的优选实施例仅用于说明和解释本发明, 并不用于限定本发明。 在以下的描述中, 为了解释的目的, 描述了多个特定的细节, 以提供对 本发明的透彻理解。 然而, 艮显然, 在没有这些特定细节的情况下, 也可以 实现本发明, 此外, 在不冲突的情况下, 即在不背离所附权利要求阐明的精 神和范围的情况下,下述实施例以及实施例中的各个细节可以进行各种组合。 第一实施例 图 2是根据本发明第一实施例的用于家用基站的接入方法的流程图。 如 图 2所示, 根据本发明第一实施例的用于家用基站的接入方法包括: 步骤 S202 , 网络侧获取家用基站的位置信息; 步骤 S204, 根据位置信息向家用基站提供移动通信网络的 SON服务器 的标识; 步骤 S206, 家用基站根据标识连接到 SON服务器以获取初始化配置参 数, 根据初始化配置参数完成初始化, 并接入到移动通信网络。 相关技术中, DHCP和 /或 DNS服务器将所有与家用基站运营商有签约 关系的接入网的 SON 服务器地址返回给家用基站, 根据本发明第一实施例 的用于家用基站的接入方法通过根据家用基站的位置信息(地理 /城市位置信 息 ) 来向其提供 SON服务器的标识 ( IP地址、 域名等), 使得家用基站在接 入时, 只需要连接到允许其接入的 SON 服务器, 从而避免了相关技术中家 用基站在接入时, 需要逐个尝试连接列表中的 SON 服务器, 直到找到允许 其连接注册的接入网中的 SON 月艮务器为止, 导致家用基站入网时延过长, 影响用户体验的技术问题, 达到提高家用基站的入网效率, 改善用户体验的 技术效果。 此外, 若移动通信网络的接入网认为家用基站的 AAA服务器获得的家 用基站的位置不足够精确, 则基于运营商的策略, 接入网还可以对家用基站 再次进行位置认证, 以确保该家用基站所处的地理 /城市区域在该接入网运营 商的授权运营区域范围之内, 该过程可以由接入网中的 SON服务器来执行。 优选地, 在网络侧获取家用基站的位置信息之前还包括: 家用基站获取 移动通信网络的安全网关的因特网协议 IP地址; 家用基站才艮据 IP地址与安 全网关执行安全关联初始交互, 建立安全关联; 家用基站向安全网关发送身 份认证请求, 其中携带家用基站的标识; 安全网关向家用基站的鉴权 ·ί受权计 费 AAA服务器发送接入请求消息。 家用基站可以通过 DHCP请求以及 DNS查询等机制来获得安全网关的 IP地址, 或者也可以在家用基站中配置一个安全网关的 IP地址, 例如通过 家用基站的本地管理接口来用手工配置来获得安全网关的 IP地址。 另外, 通过家用基站与安全网关之间进行的安全关联初始交互, 家用基 站会与安全网关协商一组安全密钥, 并在此基础上在家用基站和安全网关之 间建立安全关联, 用来保护家用基站和安全网关之间的信令安全。 在该过程 中, 可以使用因特网密钥交互十办议版本 2 ( Internet Key Exchange version2, 简称 IKEv2 ) 中的 IKE_SA_INIT消息的交互过程。 另外, 家用基站向安全网关发送的身份认证请求中还可以携带请求提供 SON服务器的标识的信息。 安全网关向家用基站的 AAA服务器发送接入请 求消息, 以请求家用基站 AAA对该家用基站进行鉴权认证。 优选地, 网络侧获取家用基站的位置信息具体包括以下至少一种: AAA 服务器根据家用基站的签约信息获取家用基站的位置信息; AAA服务器根据 家用基站的 IP地址查找家用基站的 IP宽带月艮务运营商, 并从 IP宽带月艮务运 营商的接口服务器中获取家用基站的位置信息; AAA服务器从家用基站的家 用基站运营商的管理*** (即, 家用基站管理***、 家用基站管理服务器) 或网管服务器获取家用基站的位置信息。 The present invention relates to the field of communications, and in particular to a method, device, system and AAA for authentication of a home base station (Authentication Authorization) Accounting, authentication · ί authorized charging) server. BACKGROUND OF THE INVENTION In order to provide users with higher service rates and lower the cost of using high-rate services, and in order to compensate for the deficiencies of existing distributed cellular wireless communication systems, home base stations are usually installed in homes, office areas, and the like. The home base station is a small, low-power base station with advantages such as affordability, convenience, and low power output. 1 is a schematic diagram of a communication network for a home base station. As shown in FIG. 1, the home base station can access the core network through the access gateway. A security gateway (Se-GW) exists between the home base station and the access gateway (Femto Gateway, referred to as Fe-GW). The security gateway can be set up with the access gateway or with the access gateway. The main function of the security gateway is to ensure link security between the home base station and the network elements such as the access gateway and the user data server. The main functions of the access gateway include: verifying the security of the home base station, handling the registration of the home base station, performing operation and maintenance management on the home base station, configuring and controlling the home base station according to the operator's requirements, and between the core network and the home base station. Data exchange. Authentication and Authorization Accounting The AAA server is an important facility in the communication network. It is used to implement network operator control and management of data and users. It provides authentication and authorization and account services, usually with network access control, gateway server, database and user information. Directory and other work together. The working and operating parameters of the home base station are dynamically configured by the network. In the prior art, it is configured by a Self Organizing Network Server (SON Server). The SON server is used to discover/extract a series of operation and maintenance parameters of the home base station (for example, the wireless environment around the home base station) without manual intervention, thereby providing initial configuration parameters (including wireless air interface parameters, etc.) for the home base station. Supports bootstrapping initialization of home base stations. In the existing network In the network deployment solution, the SON server belongs to the access network operator and only provides services to the access network to which it belongs. The network containing the home base station also includes a Femto Management System (not shown), which is connected to the home base station via the security gateway. The home base station management system is responsible for the operation and maintenance management of the home base station to which it belongs, and is also responsible for saving a part of the home base station subscription information. Different from the ordinary macro cell base station, which is purchased and deployed by the access network operator, the home base station is purchased and placed by the user, and the user must sign the home base station with at least one home base station operator, where the home base station is subscribed. After connecting and registering to a suitable access network, the user can use the services provided by the home base station. In the process of initializing the incoming network of the existing home base station, the home base station uses the IP broadband network as its backhaul connection to first access the registered home base station operator (Femto Network Service Provider, referred to as Femto-NSP), and accepts the operation of the home base station. Authenticating the home base station; the home base station operator provides the home base station with a set of candidate access networks in the form of providing the home base station with a SON server in the candidate access network; the home base station finds permission The SON server in the registered access network is connected, and the initial bootstrapping is completed by using the initial configuration parameters provided by the SON server, and finally the connection is registered to the access network. Whether the candidate access network allows the home base station to connect to the registration, an important basis is whether the home base station is within the 4 authorized operation Geography / Civic area of the operator to which the access network belongs. In other words, when the home base station is located in a specific geographic/urban area, some candidate access networks allow their connection registration, while some access networks do not allow their connection registration. In the above initialization network access procedure, the SON server in the candidate access network decides whether to allow the home base station connection to register to the candidate access network. The SON server provides initialization parameters only if allowed. In the prior art, the access network operator provides the home base station operator with which the contract is associated with the SON server address in the access network, and the home base station operator configures the SON server address in the DHCP of the home base station operator domain. And / or DNS server. The home base station obtains the SON server address in the candidate access network by querying the DHCP and/or DNS server in the home base station operator domain. The DHCP and/or DNS server returns all the SON server addresses of the access network that have a contractual relationship with the home base station operator to the home base station in a list form, so that the home base station needs to connect to the above list one by one when accessing. In the SON server, until it is found to allow it Up to the SON server in the registered access network, the delay of the home base station entering the network is too long, affecting the user's body-risk. SUMMARY OF THE INVENTION An object of the present invention is to provide a method, an apparatus, a system, and an AAA server for a home base station, which can solve the technical problem that the time delay of the home base station entering the network is too long and affects the user experience in the related art. According to an aspect of the present invention, an access method for a home base station is provided, including: acquiring, by a network side, location information of a home base station; and providing, to the home base station, an identifier of the ad hoc network server of the mobile communication network according to the location information; The base station is connected to the ad hoc network server according to the identifier to obtain initial configuration parameters, initializes the initialization configuration parameters, and accesses the mobile communication network. Preferably, the network side includes an AAA server of the home base station, a home base station management system server of the home base station, a location authentication server of the home base station, and the like. Preferably, before the acquiring, by the network side, the location information of the home base station, the method further includes: the home base station acquiring an Internet Protocol IP address of the security gateway of the mobile communication network; and the home base station performing the security association initial interaction with the security gateway according to the IP address, establishing a security association. The home base station sends an identity authentication request to the security gateway, where the identity of the home base station is carried; the security gateway sends an access request message to the authentication/acceptance charging AAA server of the home base station. Preferably, the network side acquires the location information of the home base station, and specifically includes at least one of the following: the AAA server or the home base station management system server acquires the location information of the home base station according to the subscription information of the home base station; the AAA server or the home base station management system The IP address of the home base station is used to find the IP broadband service operator of the home base station, and the location information of the home base station is obtained from the interface server of the IP broadband service provider; the AAA server obtains the home from the home base station management system server or the network management server Location information of the base station. Preferably, the providing the identifier of the ad hoc network server of the mobile communication network to the home base station according to the location information comprises: the AAA server or the home base station management system server querying the mobile communication that is allowed to be accessed by the home base station at the location indicated by the location information An ad hoc network server of the network; the AAA server or the home base station management system server provides the identity of the ad hoc network server to the home base station. Preferably, the providing the identifier of the ad hoc network server of the mobile communication network to the home base station according to the location information comprises: the AAA server or the home base station management system server querying the mobile communication that is allowed to be accessed by the home base station at the location indicated by the location information The self-organizing network server of the network; if the number of self-organizing network servers is greater than 1, the AAA server or the home base station management system server queries the current load of each self-organizing network server; AAA month The server or the home base station management system server compares the current load of each self-organizing network server, and obtains the identifier of the self-organizing network server with the smallest current load; the AAA server or the home base station management system server minimizes the current load The identity of the organization network server is provided to the home base station as an identity of the ad hoc network server. Preferably, the AAA server provides the identifier of the ad hoc network server to the home base station, specifically: the AAA server sends an access success message to the security gateway of the mobile communication network, where the identifier of the self-organizing network server is carried; The base station sends an identity authentication response message, where the access success message and the identifier of the ad hoc network server are carried. Preferably, the AAA server provides the identifier of the ad hoc network server to the home base station, and the method includes: the AAA server sending an access success message to the security gateway of the mobile communication network, where the identifier of the self-organizing network server is carried; The identifier of the network server is sent, and the identity authentication response message is sent to the home base station, where the access success message is sent; the home base station sends an identity authentication request message to the security gateway, where the identity of the home base station is carried; and the security gateway performs the home base station After the authentication is passed, the identity authentication response message is sent to the home base station, where the identifier of the self-organizing network server is carried. Preferably, the identifier of the ad hoc network server that provides the mobile communication network to the home base station according to the location information specifically includes: the home base station sends the request information to the home base station management system server; the home base station management system server acquires the location information of the home base station; The system server provides the home base station with an identification of the ad hoc network server of the mobile communication network based on the location information. Preferably, the identity authentication request message further carries an identifier of the ad hoc network server identifier that is required to return to the home base station. Preferably, before the home base station connects to the ad hoc network server according to the identifier to obtain the initial configuration parameter, the method further includes: the home base station authenticating the identity of the security gateway of the mobile communication network. Preferably, the method further comprises: establishing a secure tunnel between the home base station and the security gateway of the mobile communication network, wherein the secure tunnel is an Internet Security Protocol IPSec tunnel. Preferably, the identifier of the ad hoc network server is an IP address of the ad hoc network server or a domain name of the ad hoc network server. According to another aspect of the present invention, an AAA server is further provided, including: an obtaining module, configured to acquire location information of a home base station; and an allocation module, configured to provide a self-organizing network server of the mobile communication network to the home base station according to the location information Logo. According to still another aspect of the present invention, an access device for a home base station is provided, including: an acquiring module, configured to acquire location information of a home base station; and a providing module, configured to provide mobile communication to the home base station according to the location information An identifier of the ad hoc network server of the network; an access module, configured to connect to the ad hoc network server according to the identifier to obtain an initial configuration parameter, complete initialization according to the initial configuration parameter, and access the mobile communication network. According to still another aspect of the present invention, an access system for a home base station is provided, including: an AAA server, configured to acquire location information of a home base station, and provide a mobile communication network to the home base station according to the location information. Organizing the identifier of the network server, and transmitting the identifier of the self-organizing network server to the security gateway of the mobile communication network; the security gateway, configured to authenticate the home base station, and forward the access request of the home base station to the AAA The server forwards the access success response of the AAA server to the home base station, and the identifier of the self-organizing network server is carried in the access success response; the self-organizing network server is configured to configure initial configuration parameters for the home base station; The method includes an access module, configured to connect to the ad hoc network server according to the identifier to obtain initial configuration parameters, complete initialization according to the initial configuration parameter, and connect the home base station to the mobile communication network. By means of the above at least one technical solution of the present invention, the identifier of the SON server is provided to the home base station according to the location information of the home base station, so that the home base station only needs to connect to the SON server that is allowed to access when accessing, thereby In the related art, when the home base station is connected, it is necessary to try to connect the SON server in the list one by one until it finds the SON server in the access network that allows the connection to register, which causes the home base station to enter the network for a long time delay. A technical problem affecting the user's body-risk, achieving the technical effect of improving the network access efficiency of the home base station and improving the user experience. The drawings are intended to provide a further understanding of the invention, and are intended to be a part of the description of the invention. In the drawings: FIG. 1 is a schematic diagram of a communication network for a home base station in the related art; 2 is a flowchart of an access method for a home base station according to a first embodiment of the present invention; FIG. 3 is a flowchart of an access method for a home base station according to a second embodiment of the present invention; A flowchart of an access method for a home base station according to a third embodiment of the present invention; FIG. 5 is a block diagram of an AAA server according to a fourth embodiment of the present invention; FIG. 6 is a view for a fifth embodiment of the present invention; A block diagram of an access device of a home base station; Fig. 7 is a block diagram showing the structure of an access system for a home base station according to a sixth embodiment of the present invention. In the present invention, the access success message returned by the AAA server to the security gateway is enhanced to carry the SON server identifier assigned by the AAA server to the home base station; and the identity authentication response returned by the security gateway to the home base station is enhanced to be carried. The SON server identifier assigned by the AAA server to the home base station. In addition, the AAA server may acquire location information of the home base station and provide the home base station with the identifier of the SON server during the process of authenticating the home base station. The preferred embodiments of the present invention are described in the following with reference to the accompanying drawings, which are intended to illustrate and illustrate the invention. In the following description, numerous specific details are set forth However, it is apparent that the present invention may be practiced without these specific details. Further, in the case of no conflict, that is, without departing from the spirit and scope of the appended claims, the following embodiments And various details in the embodiments can be variously combined. First Embodiment FIG. 2 is a flowchart of an access method for a home base station according to a first embodiment of the present invention. As shown in FIG. 2, the access method for the home base station according to the first embodiment of the present invention includes: Step S202: The network side acquires location information of the home base station; Step S204, provides the mobile communication network to the home base station according to the location information. The identifier of the SON server; Step S206: The home base station connects to the SON server according to the identifier to obtain an initial configuration parameter, completes initialization according to the initial configuration parameter, and accesses the mobile communication network. In the related art, the DHCP and/or DNS server returns the SON server address of the access network that has a contractual relationship with the home base station operator to the home base station, and the access method for the home base station according to the first embodiment of the present invention passes. Providing the identity (IP address, domain name, etc.) of the SON server according to the location information (geographic/city location information) of the home base station, so that the home base station only needs to connect to the SON server that allows access to the home base station when accessing, thereby In the related art, when the home base station is connected, it is necessary to try to connect the SON server in the list one by one until it finds the SON server in the access network that allows the connection to register, which causes the home base station to enter the network for a long time delay. The technical problem affecting the user experience achieves the technical effect of improving the network access efficiency of the home base station and improving the user experience. In addition, if the access network of the mobile communication network considers that the location of the home base station obtained by the AAA server of the home base station is not sufficiently accurate, the access network may perform location authentication again on the home base station to ensure the home based on the operator's policy. The geographic/urban area in which the base station is located is within the authorized operating area of the access network operator, and the process can be performed by the SON server in the access network. Preferably, before the acquiring, by the network side, the location information of the home base station, the method further includes: the home base station acquiring an Internet Protocol IP address of the security gateway of the mobile communication network; and the home base station performing the security association initial interaction with the security gateway according to the IP address, establishing a security association. The home base station sends an identity authentication request to the security gateway, where the identity of the home base station is carried; the security gateway sends an access request message to the authentication/acceptance charging AAA server of the home base station. The home base station can obtain the IP address of the security gateway through a mechanism such as a DHCP request and a DNS query, or can also configure an IP address of the security gateway in the home base station, for example, by using a local management interface of the home base station to obtain a security gateway by manual configuration. IP address. In addition, through the initial interaction of the security association between the home base station and the security gateway, the home base station negotiates a set of security keys with the security gateway, and establishes a security association between the home base station and the security gateway to protect the base station. Signaling security between the home base station and the security gateway. In this process, the interaction process of the IKE_SA_INIT message in Internet Key Exchange version 2 (IKEv2) can be used to interact with the Internet Key. In addition, the identity authentication request sent by the home base station to the security gateway may further carry information requesting to provide the identifier of the SON server. The security gateway sends an access to the AAA server of the home base station. The message is requested to request the home base station AAA to perform authentication and authentication on the home base station. Preferably, the network side acquires location information of the home base station, and specifically includes at least one of the following: the AAA server acquires location information of the home base station according to the subscription information of the home base station; and the AAA server searches for the IP broadband monthly service of the home base station according to the IP address of the home base station. The operator obtains the location information of the home base station from the interface server of the IP broadband service provider; the AAA server manages the home base station operator from the home base station (ie, the home base station management system, the home base station management server) or The network management server obtains location information of the home base station.
AAA服务器可以根据家用基站的签约信息来向家用基站提供 SON服务 器。 例如根据签约信息, 该家用基站只能在一定的地理区域内使用, 则 AAA 服务器可以为家用基站提供在该区域内能够接受家用基站连接注册的接入网 的 SON服务器的标识。 The AAA server can provide the SON server to the home base station according to the subscription information of the home base station. For example, according to the subscription information, the home base station can only be used in a certain geographical area, and the AAA server can provide the home base station with the identifier of the SON server of the access network that can accept the home base station connection registration in the area.
AAA服务器找到为家用基站提供 IP宽带回程连接服务的 IP宽带服务运 营商 (例如, 通过家用基站的 IP地址), 然后从该运营商处获取家用基站的 地理 /城市位置信息 (例如, 通过家用基站的 IP地址;)。 当家用基站运营商与为家用基站提供 IP宽带回程连接艮务的 IP宽带月艮 务运营商是同一个运营商时, AAA服务器可以直接从该运营商域内合适的服 务器(例如, 管理***、 网管服务器等) 中获取家用基站的地理 /城市位置信 息。 例如, 根据 DOCSIS 网络中与家用基站关联的 Cable 调制解调器, 从 DOCSIS ***中提取家用基站的位置信息, 该方法对内置有 Cable调制解调 器的家用基站尤其适用。 The AAA server finds an IP broadband service operator that provides IP broadband backhaul connection service for the home base station (eg, through the IP address of the home base station), and then obtains geographic/city location information of the home base station from the operator (eg, through the home base station) IP address ;). When the home base station operator and the IP broadband monthly service provider providing the IP broadband backhaul connection service for the home base station are the same operator, the AAA server can directly access the appropriate server from the carrier domain (for example, the management system, the network management system) Get the geographic/city location information of the home base station in the server, etc.). For example, the location information of the home base station is extracted from the DOCSIS system based on the Cable modem associated with the home base station in the DOCSIS network, which is especially applicable to home base stations with built-in Cable modems.
AAA 服务还可以直接通过访问该家用基站的家用基站运营商域内管理 ***或网管服务器来获取终端的位置信息; 由该管理***或网管服务器具体 执行获取终端位置信息的流程, 它们可用上述的 AAA月艮务器所使用的方法 来获取该位置信息(如, 从签约信息中获取、 从 IP宽带服务运营商处获取)。 优选地, 才艮据位置信息向家用基站提供移动通信网络的 SON 月艮务器的 标识具体包括: AAA 艮务器查询允许处于该位置的家用基站接入的移动通信 网络的 SON服务器; AAA服务器将 SON服务器的标识提供给家用基站。从 而使得家用基站在接入时, 只需要连接允许其接入的接入网, 达到减少接入 时延, 改善用户体验的技术效果。 优选地, 才艮据位置信息向家用基站提供移动通信网络的 SON 月艮务器的 标识具体包括: AAA 艮务器查询允许处于该位置的家用基站接入的移动通信 网络的 SON服务器; 如果 SON服务器的个数大于 1 , 则 AAA服务器查询各 个 SON服务器的当前负荷; AAA服务器比较各个 SON服务器的当前负荷, 并获取当前负荷最小的 SON服务器的标识; AAA服务器将 SON服务器的标 识提供给家用基站。 若家用基站运营商只拥有上述选中的接入网中的一个 SON 月艮务器的地 址, 则家用基站运营商就直接将该 SON 服务器的标识提供给家用基站; 若 家用基站运营商拥有该接入网中的多个 SON月艮务器地址, 则 AAA月艮务器还 可以优先选择当前负荷最小, 或者负荷小于一定阈值的 SON 服务器, 并将 其标识提供给该家用基站。 例如, AAA服务器可以查询该接入网中可供选择 的 SON 服务器的负荷, 或者通过查询其他网元 (例如, 网管服务器) 来获 得相关的参数。 这样可以避免家用基站连接到负荷较大的 SON 服务器, 而 导致需要执行该接入网域内的 SON 服务器重定向, 从而达到进一步减少家 用基站的接入时延的目的。 优选地, AAA服务器将 SON服务器的标识提供给家用基站具体包括:The AAA service can also obtain the location information of the terminal by directly accessing the home base station operator intra-domain management system or the network management server of the home base station; the management system or the network management server specifically executes the process of acquiring the terminal location information, and the AAA month can be used. The method used by the server to obtain the location information (eg, obtained from the subscription information, obtained from the IP broadband service operator). Preferably, the identifier of the SON server that provides the mobile communication network to the home base station according to the location information specifically includes: the AAA server queries the SON server of the mobile communication network that is allowed to access the home base station at the location; the AAA server The identity of the SON server is provided to the home base station. Therefore, when the home base station accesses, it only needs to connect to the access network that allows access, thereby achieving the technical effect of reducing the access delay and improving the user experience. Preferably, the SON server of the mobile communication network is provided to the home base station according to the location information. The AAA server queries the SON server of the mobile communication network that is allowed to access the home base station at the location; if the number of the SON server is greater than 1, the AAA server queries the current load of each SON server; The current load of the SON server, and obtain the identifier of the SON server with the smallest current load; the AAA server provides the identifier of the SON server to the home base station. If the home base station operator only has the address of one SON server in the selected access network, the home base station operator directly provides the identifier of the SON server to the home base station; if the home base station operator owns the connection After multiple SON server addresses in the network, the AAA server can also preferentially select the SON server with the smallest current load or less than a certain threshold, and provide its identifier to the home base station. For example, the AAA server can query the load of the SON server in the access network, or query other network elements (for example, the network management server) to obtain related parameters. In this way, the home base station can be prevented from being connected to the SON server with a large load, and the SON server redirection in the access domain needs to be performed, thereby further reducing the access delay of the home base station. Preferably, the providing, by the AAA server, the identifier of the SON server to the home base station specifically includes:
AAA服务器向移动通信网络的安全网关发送接入成功消息, 其中携带 SON 服务器的标识; 安全网关向家用基站发送身份认证响应消息, 其中携带接入 成功消息和 SON月艮务器的标识。 The AAA server sends an access success message to the security gateway of the mobile communication network, which carries the identifier of the SON server. The security gateway sends an identity authentication response message to the home base station, where the AAA server carries the access success message and the identifier of the SON server.
AAA服务器可以通过 RADIUS/Diameter消息将 SON服务器的标识发送 到安全网关;安全网关可以通过 IKEv2将标识发送到家用基站。在使用 IKEv2 协议时, 可以使用配置载荷中的配置参数来携带上述 SON 月艮务器标识。 例 如,当该标识是 IP地址时,把该地址放在上述类型为 SON_Server_IP_Address 的参数的取值字段中来传递。 以达到将 SON 服务器的标识传递给家用基站 的目的。 优选地, AAA服务器将 SON服务器的标识提供给家用基站具体包括:The AAA server can send the identifier of the SON server to the security gateway through a RADIUS/Diameter message; the security gateway can send the identifier to the home base station through IKEv2. When using the IKEv2 protocol, you can use the configuration parameters in the configuration payload to carry the above SON server identifier. For example, when the identifier is an IP address, the address is placed in the value field of the parameter of the type SON_Server_IP_Address described above. In order to achieve the purpose of transmitting the identity of the SON server to the home base station. Preferably, the providing, by the AAA server, the identifier of the SON server to the home base station specifically includes:
AAA服务器向移动通信网络的安全网关发送接入成功消息, 其中携带 SON 服务器的标识; 安全网关保存 SON 服务器的标识, 并向家用基站发送身份 认证响应消息, 其中携带接入成功消息; 家用基站向安全网关发送身份认证 请求消息, 其中携带家用基站的标识; 安全网关对家用基站进行认证, 并在 认证通过后, 向家用基站发送身份认证响应消息, 其中携带 SON 服务器的 标识。 AAA服务器可以通过 RADIUS/Diameter消息将 SON服务器的标识发送 到安全网关;安全网关可以通过 IKEv2将标识发送到家用基站。在使用 IKEv2 协议时, 可以使用配置载荷中的配置参数来携带上述 SON 月艮务器标识。 例 如,当该标识是 IP地址时,把该地址放在上述类型为 SON_Server_IP_Address 的参数的取值字段中来传递。 以达到将 SON 服务器的标识传递给家用基站 的目的。 优选地, 根据位置信息向家用基站提供移动通信网络的自组织网络服务 器的标识具体包括: AAA服务器向家用基站提供家用基站运营商域内的管理 ***服务器 (即上述的家用基站管理***、 家用基站管理服务器) 的地址; 家用基站向上述管理***服务器发送请求; 由管理***服务器获取家用基站 的位置信息, 并根据位置信息向家用基站提供移动通信网络的自组织网络服 务器的标识。 The AAA server sends an access success message to the security gateway of the mobile communication network, where the identifier of the SON server is carried; the security gateway saves the identifier of the SON server, and sends an identity authentication response message to the home base station, which carries the access success message; The security gateway sends an identity authentication request message, where the identity of the home base station is carried. The security gateway authenticates the home base station, and after the authentication is passed, sends an identity authentication response message to the home base station, where the identifier of the SON server is carried. The AAA server may send the identifier of the SON server to the security gateway through a RADIUS/Diameter message; the security gateway may send the identifier to the home base station through IKEv2. When using the IKEv2 protocol, you can use the configuration parameters in the configuration payload to carry the above SON server identifier. For example, when the identifier is an IP address, the address is placed in the value field of the parameter of the type SON_Server_IP_Address described above. In order to achieve the purpose of transmitting the identity of the SON server to the home base station. Preferably, the identifier of the ad hoc network server that provides the mobile communication network to the home base station according to the location information specifically includes: the AAA server provides the home base station with the management system server in the home base station operator domain (ie, the above-mentioned home base station management system, the home base station management) The address of the server; the home base station sends a request to the management system server; the location information of the home base station is obtained by the management system server, and the identifier of the ad hoc network server of the mobile communication network is provided to the home base station according to the location information.
AAA在接入鉴权的流程中不向家用基站返回 SON标识, 而是返回家用 基站运营商域内的管理***服务器的地址, 也可以是位置认证服务器等其他 能够为家用基站分配 SON 服务器的服务器; 在接入鉴权完毕以后, 家用基 站向该服务器查询 SON服务器的地址, 最后这个 /些服务器获取家用基站的 位置信息, 根据位置信息为家用基站分配 SON服务器, 并将 SON服务器的 标识返回给家用基站。 这个 /些服务可用上述 AAA服务器所使用的方法来选 出合适的自 SON服务器 (如, 查询允许处于该位置的家用基站接入的 SON 服务器等)。 优选地, 身份认证请求消息中还携带要求返回家用基站的 SON 服务器 标识的标识。 在使用 IKEv2协议时, 可以利用 IKEv2协议的配置载荷 ( Configuration Payload ) 中的配置参数 ( Configuration Attributes ) 来携带要求返回家用基站 的 SON服务器标识的标识, 该标识包括参数类型 (Attribute TYPE ) 和取值 ( Value ) 两个字段。 例如, 当 SON服务器标识是指 SON服务器的 IP地址 时, 可以新定义一个参数, 并为其分配一个新的参数类型 (如, 将参数类型 定义为 SON_Server_IP_Address ),用来表示该家用基站向安全网关请求 SON 月艮务器的地址。 当然, 如果为家用基站分配 SON 月艮务器是安全网关的默认 行为, 则上述的标识可以携带, 也可以不携带。 优选地, 在家用基站才艮据标识连接到 SON 服务器以获取初始化配置参 数, 并才艮据初始化配置参数接入到移动通信网络之前还包括: 家用基站对移 动通信网络的安全网关的身份进行认证。 以确保接收到的 SON 服务器的标 识是可信任的。 优选地, 该方法还包括: 在家用基站与移动通信网络的安全网关之间建 立安全隧道, 其中, 安全隧道是因特网安全协议 IPSec隧道。 以保障后续在 家用基站和移动通信网络之间的数据通信的安全。 优选地, SON服务器的标识是 SON服务器的 IP地址 ( IP Address ) 或 SON月艮务器的域名 ( Fully Qualified Domain Name, 简称为 FQDN )„ 通过向家用基站提供的 SON服务器的 IP地址, 使得家用基站能够直接 连接到该 SON服务器。 可选地, 该标识也可以是 SON服务器的域名或其他 能够表示 SON 艮务器位置的标识。 根据本发明第一实施例的用于家用基站的接入方法避免了相关技术中家 用基站在接入时, 需要逐个尝试连接列表中的 SON 服务器, 直到找到允许 其连接注册的接入网中的 SON 月艮务器为止, 导致家用基站入网时延过长, 影响用户体验的技术问题, 达到提高家用基站的入网效率, 改善用户体验的 技术效果。 第二实施例 图 3是根据本发明第二实施例的用于家用基站的接入方法的流程图。 在 本实施例中, 在家用基站与家用基站的 AAA服务器之间执行家用基站的鉴 权认证过程中, 家用基站的 AAA月艮务器才艮据家用基站的位置信息为家用基 站提供优选的 SON服务器, 该 SON服务器位于一个能够接受该家用基站注 册的接入网中, 具体步 4聚如下: 步骤 301 :家用基站首先连接到 IP宽带回程网上,并可以通过执行 DHCP 相关的流程获得一个能够访问 Internet网络的 IP地址; 步骤 302: 由家用基站发起, 在家用基站和安全网关之间执行安全关联 初始交互; 通过安全关联初始交互, 家用基站会与安全网关协商一组安全密 钥, 并在此基础上在家用基站和安全网关之间建立安全关联, 用来保护家用 基站和安全网关之间的信令安全; 其中, 家用基站和安全网关之间的信令是 指步 4聚 303至步 4聚 311中的消息; 步骤 303: 家用基站向安全网关发送身份认证请求消息, 以实现家用基 站和安全网关之间的相互认证。 身份认证请求消息中携带家用基站的标识, 例如 BSID, NAI等; 步骤 304: 安全网关向家用基站的 AAA服务器发送接入请求消息, 以请 求 AAA月艮务器对该家用基站鉴权认证; 步骤 305: AAA服务器对该家用基站发起接入鉴权流程, 在对该家用基 站鉴权认证成功以后, AAA和家用基站使用两者共同掌握的秘密(例如, 密 码, 证书等), 使用在鉴权过程中协商好的方法, 各自在本地生成共享密钥; 该密钥可以被称为主会话密钥 ( Master Session Key , 简称 MSK ); 步骤 306: AAA服务器为该家用基站提供优选的 SON服务器的 IP地址; 步骤 307: AAA服务器向安全网关发送接入成功消息, 其中携带上述由 AAA服务器生成的 MSK,以及上述的 AAA服务器为该家用基站提供的 SON 月艮务器的 IP地址; 步骤 308:在收到接入成功消息以后,安全网关将上述 MSK保存在本地, 并将 AAA 艮务器为该家用基站分配的 SON 艮务器的地址暂存在本地; 步骤 309: 安全网关向家用基站发送身份认证响应消息, 其中携带接入 成功消息; 步骤 310: 在收到接入成功消息以后, 家用基站基于家用基站在本地生 成的 MSK计算生成一组认证向量; 并再次向安全网关发送身份认证请求消 息; 该消息中携带该认证向量和该家用基站的标识; 该身份认证请求消息中 还可以携带一个要求安全网关向其返回为该家用基站月艮务的 SON 月艮务器地 址的标识; 如果为家用基站分配 SON 服务器是安全网关的默认行为, 则可 以携带, 也可以不携带上述标识; 步骤 311 : 安全网关利用来自 AAA服务器的 MSK以及来自家用基站的 认证向量对该家用基站进行认证; 认证通过后, 该安全网关也基于 MSK生 成一组认证向量; 并向家用基站发送身份认证响应消息, 其中携带上述 AAA 服务器为家用基站分配的 SON服务器地址; 步骤 312:收到身份认证响应消息以后,家用基站利用其本地保存的 MSK 以及来自安全网关的认证向量对安全网关的身份进行认证; 认证通过后, 家 用基站将 AAA月艮务器为其分配的 SON月艮务器的地址取出并保存在本地; 步骤 313: 家用基站与安全网关基于各自拥有的 MSK生成一组安全关 联, 基于该安全关联, 在家用基站和安全网关之间建立一条 IPSec安全隧道, 用来保障后续在家用基站和安全网关之间的数据通信的安全; 步骤 314: 家用基站与 AAA服务器为其分配的 SON服务器交互, 实现 配置家用基站的初始化参数 (例如, 工作频点等无线参数) 等工作; 最后该 家用基站连接到接入网关上,完成家用基站的初始化入网( Initial Attachment ) 流程; 此后, 家用基站可以作为一个真正的基站开始为终端提供服务。 在本实施例中, 步骤 303、 步骤 309至步骤 311可以对应于 IKEv2协议 中的 IKE_AUTH消息。 在步骤 306中, AAA服务器可以根据家用基站的签约信息来向家用基站 提供 SON 服务器。 例如根据签约信息, 该家用基站只能在一定的地理区域 内使用, 则 AAA服务器可以为家用基站提供在该区域内能够接受家用基站 连接注册的接入网的 SON服务器的标识; AAA服务器也可以找到为家用基 站提供 IP宽带回程连接艮务的 IP宽带 艮务运营商 (例如, 通过家用基站的 IP地址), 再从该运营商处获取家用基站的地理 /城市位置信息 (例如, 通过 家用基站的 IP地址), 然后为该家用基站提供根据其位置信息, 允许其接入 的 SON月艮务器的标识; 另外, 当家用基站运营商与上述的 IP宽带月艮务运营 商是同一个运营商时, AAA服务器可以直接从该运营商域内合适的服务器中 获取家用基站的地理 /城市位置信息, 然后为该家用基站提供根据其位置信 息, 允许其接入的 SON服务器的标识, 例如, 根据 DOCSIS 网络中与家用 基站关联的 Cable调制解调器,从 DOCSIS***中提取家用基站的位置信息, 该方法对内置有 Cable调制解调器的家用基站尤其适用。 另外, 在步骤 306中, 若家用基站运营商只拥有上述选中的接入网中的 一个 SON 艮务器的地址, 则家用基站运营商就将该 SON 艮务器的地址提供 给家用基站; 若家用基站运营商拥有该接入网中的多个 SON 月艮务器地址, 则 AAA服务器还可以优先选择当前负荷最小, 或者负荷小于一定阈值的那 个 SON服务器, 并将之提供给该家用基站。 例如, AAA服务器可以查询该 接入网中可供选择的 SON 服务器的负荷, 或者通过查询其他网元 (例如, 网管服务器) 来获得相关的参数。 这样可以避免家用基站选择了一个负荷较 大的 SON服务器, 而导致需要执行该接入网域内的 SON服务器重定向, 可 以进一步减少家用基站的如时延。 另夕卜, 在步骤 306中, AAA服务器也可以不为家用基站提供自组织网络 服务器的标识, 而是为家用基站提供家用基站运营商域内的能够为该家用基 站分配自组织网络服务器的服务器, 例如, 该家用基站运营商的管理***的 服务器(即, 家用基站管理***、 家用基站管理服务器)、 网管服务器、 或位 置认证服务器的地址, 然后在家用基站完成接入鉴权以及与安全网关之间建 立好安全隧道之后, 家用基站可以向上述月艮务器请求为其分配自组织网络月艮 务器, 该服务器在获取该家用基站的位置信息以后, 根据位置信息向该家用 基站返回一个为其选定的自组织网络服务器的标识, 该标识同样可以是该自 组织网络服务器的 IP地址, 也可以是其域名。 这些服务器可用上述 AAA服 务器所使用的方法来获取家用基站的位置信息 (如, 根据家用基站的签约信 息中获取、 从 IP宽带服务运营商的接口服务器中获取等); 这些服务器也可 用上述 AAA服务器所使用的方法, 选出合适的自组织网络服务器 (如, 查 询允许处于该位置的家用基站接入的 SON服务器)。 此外, 上述的服务器获取家用基站的位置信息的另一种方法是, 家用基 站可以将自己的位置信息放在上述发送给服务器的请求中, 将自己的位置信 息发送到上述服务器。 根据本发明第二实施例的用于家用基站的接入方法避免了相关技术中家 用基站在接入时, 需要逐个尝试连接列表中的 SON 服务器, 直到找到允许 其连接注册的接入网中的 SON 月艮务器为止, 导致家用基站入网时延过长, 影响用户体验的技术问题, 达到提高家用基站的入网效率, 改善用户体验的 技术效果。 第三实施例 图 4是根据本发明第三实施例的用于家用基站的接入方法的流程图。 在 本实施例中, 在家用基站与家用基站的 AAA服务器之间执行家用基站的鉴 权认证过程中, 家用基站的 AAA服务器根据家用基站的位置信息为家用基 站提供优选的 SON服务器, 该 SON服务器位于一个能够接受该家用基站注 册的接入网中, 具体步 4聚如下: 步骤 401 :家用基站首先连接到 IP宽带回程网上,并可以通过执行 DHCP 相关的流程获得一个能够访问 Internet网络的 IP地址; 步骤 402: 由家用基站发起, 在家用基站和安全网关之间执行安全关联 初始交互; 通过安全关联初始交互, 家用基站会与安全网关协商一组安全密 钥, 并在此基础上在家用基站和安全网关之间建立安全关联, 用来保护家用 基站和安全网关之间的信令安全; 其中, 家用基站和安全网关之间的信令是 指步骤 403至步骤 411中的消息; 步骤 403: 家用基站向安全网关发送身份认证请求消息, 以实现家用基 站和安全网关之间的相互认证。 身份认证请求消息中携带家用基站的标识, 例如 BSID, NAI等; 步骤 404: 安全网关向家用基站的 AAA服务器发送接入请求消息, 以请 求 AAA月艮务器对该家用基站鉴权认证; 步骤 405: AAA服务器对该家用基站发起接入鉴权流程, 在对该家用基 站鉴权认证成功以后, AAA和家用基站使用两者共同掌握的秘密(例如, 密 码, 证书等), 使用在鉴权过程中协商好的方法, 各自在本地生成共享密钥; 该密钥可以被称为主会话密钥 ( Master Session Key , 简称 MSK ); 步骤 406: AAA服务器为该家用基站提供优选的 SON服务器的 IP地址; 步骤 407: AAA服务器向安全网关发送接入成功消息, 其中携带上述由 AAA服务器生成的 MSK,以及上述的 AAA服务器为该家用基站分配的 SON 月艮务器的 IP地址; 步骤 408: 安全网关向家用基站发送身份认证响应消息, 其中携带接入 成功消息和 SON服务器的 IP地址; 步骤 409: 家用基站将 AAA服务器为其分配的 SON服务器的地址保存 在本地; 步 4聚 410: 在收到接入成功消息以后, 家用基站基于家用基站在本地生 成的 MSK计算生成一组认证向量; 并再次向安全网关发送身份认证请求消 息; 该消息中携带该认证向量和该家用基站的标识; 步骤 411 : 安全网关利用来自 AAA服务器的 MSK以及来自家用基站的 认证向量对该家用基站进行认证; 认证通过后, 该安全网关也基于 MSK生 成一组认证向量; 并向家用基站发送身份认证响应消息; 步骤 412: 家用基站与安全网关基于各自拥有的 MSK生成一组安全关 联, 基于该安全关联, 在家用基站和安全网关之间建立一条 IPSec安全隧道, 用来保障后续在家用基站和安全网关之间的数据通信的安全; 步骤 413 : 家用基站与 AAA服务器为其分配的 SON服务器交互, 实现 配置家用基站的初始化参数 (例如, 工作频点等) 等工作; 最后该家用基站 连接到接入网关上, 完成家用基站的初始化入网流程; 此后, 家用基站可以 作为一个真正的基站开始为终端提供服务。 在步骤 403中, 身份认证请求消息中还可以携带要求安全网关向其返回 为该家用基站月艮务的自组织网络月艮务器地址的标识。 在步骤 406中, AAA服务器可以根据家用基站的签约信息来向家用基站 提供 SON 服务器。 例如根据签约信息, 该家用基站只能在一定的地理区域 内使用, 则 AAA服务器可以为家用基站提供在该区域内能够接受家用基站 连接注册的接入网的 SON服务器的标识; AAA服务器也可以找到为家用基 站提供 IP宽带回程连接艮务的 IP宽带 艮务运营商 (例如, 通过家用基站的 IP地址), 然后从该运营商处获取家用基站的地理 /城市位置信息 (例如, 通 过家用基站的 IP地址), 然后为该家用基站提供根据其位置信息, 允许其接 入的 SON月艮务器的标识; 另外, 当家用基站运营商与上述的 IP宽带月艮务运 营商是同一个运营商时, AAA服务器可以直接从该运营商域内合适的服务器 中获取家用基站的地理 /城市位置信息, 然后为该家用基站提供根据其位置信 息, 允许其接入的 SON服务器的标识, 例如, 根据 DOCSIS 网络中与家用 基站关联的 Cable调制解调器,从 DOCSIS***中提取家用基站的位置信息, 该方法对内置有 Cable调制解调器的家用基站尤其适用。 另外, 在步骤 406中, 若家用基站运营商只拥有上述选中的接入网中的 一个 SON 艮务器的地址, 则家用基站运营商就将该 SON 艮务器的地址提供 给家用基站; 若家用基站运营商拥有该接入网中的多个 SON 月艮务器地址, 则 AAA服务器还可以优先选择当前负荷最小, 或者负荷小于一定阈值的那 个 SON服务器, 并将之提供给该家用基站。 例如, AAA服务器可以查询该 接入网中可供选择的 SON 服务器的负荷, 或者通过查询其他网元 (例如, 网管服务器) 来获得相关的参数。 这样可以避免家用基站选择了一个负荷较 大的 SON服务器, 而导致需要执行该接入网域内的 SON服务器重定向, 可 以进一步减少家用基站的如时延。 根据本发明第三实施例的用于家用基站的接入方法避免了相关技术中家 用基站在接入时, 需要逐个尝试连接列表中的 SON 服务器, 直到找到允许 其连接注册的接入网中的 SON 月艮务器为止, 导致家用基站入网时延过长, 影响用户体验的技术问题, 达到提高家用基站的入网效率, 改善用户体验的 技术效果。 第四实施例 图 5是才艮据本发明第四实施例的 AAA服务器的方框图。 如图 5所示, 根据本发明第四实施例的 AAA服务器 500包括: 获取模 块 502 , 用于获取家用基站的位置信息; 分配模块 504 , 用于根据位置信息 向家用基站提供移动通信网络的 SON服务器的标识。 根据本发明第四实施例的 AAA服务器利用获取模块来查询家用基站的 位置信息, 然后利用分配模块根据该位置信息来向家用基站提供 SON 服务 器的标识, 使得家用基站在接入时, 只需要连接到允许其接入的 SON 服务 器, 从而避免了相关技术中家用基站在接入时, 需要逐个尝试连接列表中的 SON服务器, 直到找到允许其连接注册的接入网中的 SON服务器为止, 导 致家用基站入网时延过长, 影响用户体验的技术问题, 达到提高家用基站的 入网效率, 改善用户体-险的技术效果。 值得说明的是, 当由家用基站管理月艮 务器、 网管服务器、 或位置认证服务器来根据位置信息为家用基站提供 SON 月艮务器的标识时, 本实施例的结构图, 也适用于上述月艮务器, 没有本质区别。 第五实施例 图 6是根据本发明第五实施例的用于家用基站的接入装置的方框图。 如图 6所示, 根据本发明第五实施例的用于家用基站的接入装置包括: 获取模块 502 , 用于获取家用基站的位置信息; 提供模块 602 , 用于根据位 置信息向家用基站提供移动通信网络的 SON服务器的标识; 接入模块 604 , 用于根据标识连接到 SON 服务器以获取初始化配置参数, 并根据初始化配 置参数完成初始化, 并接入到移动通信网络。 根据本发明第五实施例的用于家用基站的接入装置利用获取模块来获取 家用基站的位置信息, 然后利用分配模块根据该位置信息来向家用基站提供 SON 服务器的标识, 使得家用基站在接入时, 只需要连接到允许其接入的 SON服务器, 从而避免了相关技术中家用基站在接入时, 需要逐个尝试连接 列表中的 SON服务器, 直到找到允许其连接注册的接入网中的 SON服务器 为止, 导致家用基站入网时延过长, 影响用户体-险的技术问题, 达到提高家 用基站的入网效率, 改善用户体验的技术效果。 第六实施例 图 7 是根据本发明第六实施例的用于家用基站的接入***的结构示意 图。 如图 7所示, 根据本发明第六实施例的用于家用基站的接入***包括: AAA服务器 500 , 用于获取家用基站的位置信息, 根据位置信息向家用基站 提供移动通信网络的 SON服务器的标识, 并将 SON服务器的标识发送给移 动通信网络的安全网关; 安全网关 702 , 用于对家用基站进行认证, 将家用 基站的接入请求转发给 AAA月艮务器,将 AAA月艮务器的接入成功响应转发给 家用基站, 接入成功响应中携带 SON服务器的标识; SON服务器 704 , 用 于为家用基站配置初始化配置参数;接入模块 706 ,用于根据标识连接到 SON 服务器以获取初始化配置参数, 并根据初始化配置参数完成初始化, 并接入 到移动通信网络。 其中, 接入模块是接入到移动终端网络的接入网关 708。 在本实施例中, 安全网关 702也可以与移动通信网络的接入网关 708合设; 接入模式设置在 家用基站中。 根据本发明第六实施例的用于家用基站的接入***利用 AAA服务器来 获取家用基站的位置信息, 并根据该位置信息来向家用基站提供 SON 服务 器的标识, 使得家用基站在接入时, 只需要连接到允许其接入的 SON 服务 器, 从而避免了相关技术中家用基站在接入时, 需要逐个尝试连接列表中的 SON服务器, 直到找到允许其连接注册的接入网中的 SON服务器为止, 导 致家用基站入网时延过长, 影响用户体验的技术问题, 达到提高家用基站的 入网效率, 改善用户体 -险的技术效果。 总之, 根据本发明实施例的用于家用基站的接入方法、 装置、 ***、 及 AAA服务器避免了相关技术中家用基站在接入时,需要逐个尝试连接列表中 的 SON月艮务器, 直到找到允许其连接注册的接入网中的 SON月艮务器为止, 导致家用基站入网时延过长, 影响用户体验的技术问题, 达到提高家用基站 的入网效率, 改善用户体验的技术效果。 显然, 本领域的技术人员应该明白, 上述的本发明的各模块或各步骤可 以用通用的计算装置来实现, 它们可以集中在单个的计算装置上, 或者分布 在多个计算装置所组成的网络上, 可选地, 它们可以用计算装置可执行的程 序代码来实现, 从而, 可以将它们存储在存储装置中由计算装置来执行, 或 者将它们分别制作成各个集成电路模块, 或者将它们中的多个模块或步骤制 作成单个集成电路模块来实现。 这样, 本发明不限制于任何特定的硬件和软 件结合。 以上所述仅为本发明的优选实施例而已, 并不用于限制本发明, 对于本 领域的技术人员来说, 本发明可以有各种更改和变化。 凡在本发明的 ^"神和 原则之内, 所作的任何修改、 等同替换、 改进等, 均应包含在本发明的保护 范围之内。 The AAA does not return the SON identifier to the home base station in the process of access authentication, but returns the address of the management system server in the home base station operator domain, or may be another server capable of allocating the SON server to the home base station, such as a location authentication server; After the access authentication is completed, the home base station queries the server for the address of the SON server, and finally the server obtains the location information of the home base station, allocates the SON server to the home base station according to the location information, and returns the identifier of the SON server to the home. Base station. This/some services can use the method used by the above AAA server to select a suitable self-SON server (for example, querying a SON server that allows access to a home base station at that location, etc.). Preferably, the identity authentication request message further carries an identifier of the SON server identifier that is required to return to the home base station. When the IKEv2 protocol is used, the configuration parameter (Configuration Attributes) in the configuration payload of the IKEv2 protocol can be used to carry the identifier of the SON server identifier that is required to return to the home base station, and the identifier includes the parameter type (Attribute TYPE) and the value. (Value ) Two fields. For example, when the SON server identifier refers to the IP address of the SON server, a parameter can be newly defined and assigned a new parameter type (for example, the parameter type is defined as SON_Server_IP_Address), which is used to indicate that the home base station is to the security gateway. Request the address of the SON server. Of course, if the SON server is configured as the default behavior of the security gateway, the foregoing identifier may or may not be carried. Preferably, the home base station is connected to the SON server according to the identifier to obtain the initial configuration parameter. The number, and before the access to the mobile communication network according to the initial configuration parameters, further includes: the home base station authenticates the identity of the security gateway of the mobile communication network. To ensure that the identity of the received SON server is trusted. Preferably, the method further comprises: establishing a secure tunnel between the home base station and the security gateway of the mobile communication network, wherein the secure tunnel is an Internet Security Protocol IPSec tunnel. To ensure the security of subsequent data communication between the home base station and the mobile communication network. Preferably, the identifier of the SON server is an IP address of the SON server or a Fully Qualified Domain Name (FQDN). „ The home address is provided by the IP address of the SON server provided to the home base station. The base station can be directly connected to the SON server. Optionally, the identifier can also be a domain name of the SON server or another identifier capable of indicating the location of the SON server. The access method for the home base station according to the first embodiment of the present invention. In the related art, when the home base station is connected, it is necessary to try to connect the SON server in the list one by one until it finds the SON server in the access network that allows the connection to register, which causes the home base station to enter the network for a long time delay. The technical problem affecting the user experience is to achieve the technical effect of improving the network access efficiency of the home base station and improving the user experience. Second Embodiment FIG. 3 is a flowchart of an access method for a home base station according to a second embodiment of the present invention. In this embodiment, the authentication process of the home base station is performed between the home base station and the AAA server of the home base station. The AAA server of the home base station provides the preferred SON server for the home base station according to the location information of the home base station. The SON server is located in an access network that can accept the registration of the home base station, and the specific steps are as follows: Step 301: The home base station first connects to the IP broadband backhaul network, and can obtain an IP address capable of accessing the Internet network by performing a DHCP-related process. Step 302: Initiating a security association between the home base station and the security gateway by the home base station Initial interaction; through the security association initial interaction, the home base station negotiates a set of security keys with the security gateway, and establishes a security association between the home base station and the security gateway to protect the home base station and the security gateway. Signaling security; wherein, the signaling between the home base station and the security gateway refers to the message in step 4 303 to step 4 311; Step 303: The home base station sends an identity authentication request message to the security gateway to implement mutual authentication between the home base station and the security gateway. The identity authentication request message carries the identifier of the home base station, such as BSID, NAI, etc. Step 304: The security gateway sends an access request message to the AAA server of the home base station to request the AAA server to authenticate the home base station. 305: The AAA server initiates an access authentication process for the home base station, and after the authentication of the home base station is successfully authenticated, the AAA and the home base station use the secrets (for example, passwords, certificates, etc.) jointly learned by the two base stations, and are used for authentication. The method negotiated in the process, each generating a shared key locally; the key may be referred to as a Master Session Key (MSK); Step 306: The AAA server provides the preferred SON server for the home base station IP address; Step 307: The AAA server sends an access success message to the security gateway, where the MSK generated by the AAA server and the IP address of the SON server provided by the AAA server for the home base station are included; Step 308: After receiving the access success message, the security gateway saves the foregoing MSK locally, and divides the AAA server into the home base station. The address of the SON server is temporarily stored locally; Step 309: The security gateway sends an identity authentication response message to the home base station, where the access success message is carried; Step 310: After receiving the access success message, the home base station is based on the home base station The locally generated MSK calculates a set of authentication vectors; and sends an identity authentication request message to the security gateway again; the message carries the authentication vector and the identity of the home base station; the identity authentication request message may further carry a request security gateway to It is returned to the identifier of the SON server address of the home base station; if the SON server is assigned to the home base station as the default behavior of the security gateway, it may or may not carry the identifier; Step 311: The security gateway utilizes The MSK from the AAA server and the authentication vector from the home base station authenticate the home base station; after the authentication is passed, the security gateway also generates a set of authentication vectors based on the MSK; and sends an identity authentication response message to the home base station, where the AAA server is carried SON server assigned to the home base station Address; Step 312: After the authentication response message is received, the home base station using its locally stored authentication vectors from the MSK and the security gateway to authenticate the identity of the security gateway; after the authentication, the home The AAA server is used by the base station to take out and save the address of the SON server assigned to it by the AAA server; Step 313: The home base station and the security gateway generate a set of security associations based on the respective MSKs, based on the security association, An IPSec security tunnel is established between the home base station and the security gateway to ensure the security of data communication between the home base station and the security gateway. Step 314: The home base station interacts with the AAA server for the SON server to implement the configuration. The initialization parameters of the base station (for example, wireless parameters such as the working frequency point) work; finally, the home base station is connected to the access gateway to complete the initial attachment process of the home base station; thereafter, the home base station can serve as a real base station. Start providing services to the terminal. In this embodiment, step 303, step 309 to step 311 may correspond to the IKE_AUTH message in the IKEv2 protocol. In step 306, the AAA server may provide the SON server to the home base station according to the subscription information of the home base station. For example, according to the subscription information, the home base station can only be used in a certain geographical area, and the AAA server can provide the home base station with the identifier of the SON server that can accept the access network registered by the home base station in the area; the AAA server can also Find an IP broadband service provider that provides IP broadband backhaul connectivity for the home base station (eg, through the IP address of the home base station), and then obtain the geographic/city location information of the home base station from the operator (eg, via the home base station) IP address), and then provide the home base station with the identity of the SON server that allows it to access according to its location information; in addition, when the home base station operator is the same as the IP broadband monthly service operator described above When the quotient is used, the AAA server can directly obtain the geographic/city location information of the home base station from the appropriate server in the carrier domain, and then provide the home base station with the identifier of the SON server that is allowed to access according to its location information, for example, according to A cable modem associated with a home base station in a DOCSIS network, from the DOCSIS system Location information of the home base station, the method is particularly suitable for the home base station Cable modem built. In addition, in step 306, if the home base station operator only has the address of one of the selected access networks, the home base station operator provides the address of the SON server to the home base station; The home base station operator has multiple SON server addresses in the access network, and the AAA server can also preferentially select the SON server whose current load is the smallest, or whose load is less than a certain threshold, and provide it to the home base station. For example, the AAA server can query the load of the SON server in the access network, or query other network elements (for example, the network management server) to obtain related parameters. In this way, the home base station can be prevented from selecting a SON server with a large load, and the SON server redirection in the access domain needs to be performed. To further reduce the delay of the home base station. In addition, in step 306, the AAA server may not provide the identifier of the ad hoc network server for the home base station, but provide the home base station with a server in the home base station operator domain that can allocate the ad hoc network server to the home base station. For example, the address of the server of the home base station operator's management system (ie, the home base station management system, the home base station management server), the network management server, or the location authentication server, and then the access authentication and the security gateway are completed at the home base station. After the security tunnel is established, the home base station may request the server to allocate an ad hoc network server, and after obtaining the location information of the home base station, the server returns a status to the home base station according to the location information. The identifier of the selected ad hoc network server, which may also be the IP address of the ad hoc network server or its domain name. These servers can obtain the location information of the home base station by using the method used by the AAA server (for example, obtaining according to the subscription information of the home base station, acquiring from the interface server of the IP broadband service provider, etc.); these servers can also use the above AAA server. The method used selects a suitable ad hoc network server (eg, queries the SON server that is allowed to access the home base station at that location). In addition, the above method for the server to acquire the location information of the home base station is that the home base station can place its own location information in the above request sent to the server, and send its own location information to the server. The access method for the home base station according to the second embodiment of the present invention avoids that the home base station in the related art needs to try to connect the SON server in the list one by one until accessing the access network that allows the connection registration thereof. As far as the SON server is concerned, the delay in the network access delay of the home base station is too long, which affects the user experience, and the technical effect of improving the user network access efficiency and improving the user experience is achieved. Third Embodiment FIG. 4 is a flowchart of an access method for a home base station according to a third embodiment of the present invention. In this embodiment, in the process of performing authentication authentication of the home base station between the home base station and the AAA server of the home base station, the AAA server of the home base station provides a preferred SON server for the home base station according to the location information of the home base station, and the SON server In an access network capable of accepting registration of the home base station, the specific steps are as follows: Step 401: The home base station first connects to the IP broadband backhaul network, and can obtain an IP address capable of accessing the Internet network by performing a DHCP-related process. ; Step 402: Initiating a security association initial interaction between the home base station and the security gateway by the home base station; and performing a security association initial interaction, the home base station negotiates a set of security keys with the security gateway, and on the basis of the home base station and A security association is established between the security gateways to protect the signaling security between the home base station and the security gateway. The signaling between the home base station and the security gateway refers to the message in steps 403 to 411. Step 403: Home The base station sends an identity authentication request message to the security gateway to implement mutual authentication between the home base station and the security gateway. The identity authentication request message carries the identifier of the home base station, for example, BSID, NAI, etc. Step 404: The security gateway sends an access request message to the AAA server of the home base station to request the AAA server to authenticate the home base station; 405: The AAA server initiates an access authentication process for the home base station, and after the authentication of the home base station is successfully authenticated, the AAA and the home base station use the secrets (for example, passwords, certificates, etc.) jointly learned by the two base stations, and are used for authentication. The method negotiated in the process, each generating a shared key locally; the key may be referred to as a Master Session Key (MSK); Step 406: The AAA server provides the preferred SON server for the home base station IP address; Step 407: The AAA server sends an access success message to the security gateway, where the MSK generated by the AAA server and the IP address of the SON server allocated by the AAA server to the home base station are used; Step 408: The security gateway sends an identity authentication response message to the home base station, where the access success message and the IP address of the SON server are carried; Step 409: The home base station saves the address of the SON server allocated by the AAA server locally; Step 4: 410: After receiving the access success message, the home base station generates a set of authentication vectors based on the locally generated MSK calculation by the home base station. And sending an identity authentication request message to the security gateway again; the message carries the authentication vector and the identity of the home base station; Step 411: The security gateway authenticates the home base station by using an MSK from the AAA server and an authentication vector from the home base station After the authentication is passed, the security gateway also generates a set of authentication vectors based on the MSK; and sends an identity authentication response message to the home base station; Step 412: The home base station and the security gateway generate a set of security associations based on the respective MSKs. Based on the security association, an IPSec security tunnel is established between the home base station and the security gateway to ensure subsequent connection between the home base station and the security gateway. Security of the data communication; Step 413: The home base station and the AAA server interact with each other for the SON server assigned thereto, and implement initialization functions (for example, working frequency points, etc.) for configuring the home base station; finally, the home base station is connected to the access gateway. The initial network access procedure of the home base station is completed; thereafter, the home base station can start serving the terminal as a real base station. In step 403, the identity authentication request message may further carry an identifier of the ad hoc network server address that the security gateway is required to return to the home base station. In step 406, the AAA server may provide the SON server to the home base station according to the subscription information of the home base station. For example, according to the subscription information, the home base station can only be used in a certain geographical area, and the AAA server can provide the home base station with the identifier of the SON server that can accept the access network registered by the home base station in the area; the AAA server can also Find an IP broadband service provider that provides IP broadband backhaul connectivity for the home base station (eg, through the IP address of the home base station), and then obtain geographic/city location information for the home base station from the carrier (eg, via the home base station) IP address), and then provide the home base station with the identity of the SON server that allows it to access according to its location information; in addition, when the home base station operator is the same as the IP broadband monthly service operator described above When the quotient is used, the AAA server can directly obtain the geographic/city location information of the home base station from the appropriate server in the carrier domain, and then provide the home base station with the identifier of the SON server that is allowed to access according to its location information, for example, according to Cable modem associated with a home base station in a DOCSIS network, from the DOCSIS system Take home base station location information, the method is particularly suitable for the home base station Cable modem built. In addition, in step 406, if the home base station operator only has the address of one of the selected access networks, the home base station operator provides the address of the SON server to the home base station; The home base station operator has multiple SON server addresses in the access network, and the AAA server can also preferentially select the SON server whose current load is the smallest, or whose load is less than a certain threshold, and provide it to the home base station. For example, the AAA server can query the load of the SON server in the access network, or query other network elements (for example, the network management server) to obtain related parameters. In this way, the home base station can be prevented from selecting a SON server with a large load, and the SON server redirection in the access domain needs to be performed, which can further reduce the delay of the home base station. The access method for the home base station according to the third embodiment of the present invention avoids the need for the home base station in the related art to attempt to connect the SON servers in the list one by one until access is found in the access network that allows the connection registration thereof. As far as the SON server is concerned, the delay in the network access delay of the home base station is too long, which affects the user experience, and the technical effect of improving the user network access efficiency and improving the user experience is achieved. Fourth Embodiment FIG. 5 is a block diagram showing an AAA server according to a fourth embodiment of the present invention. As shown in FIG. 5, the AAA server 500 according to the fourth embodiment of the present invention includes: an obtaining module 502, configured to acquire location information of a home base station; and an allocation module 504, configured to provide a SON of the mobile communication network to the home base station according to the location information. The identity of the server. The AAA server according to the fourth embodiment of the present invention uses the obtaining module to query the location information of the home base station, and then uses the allocation module to provide the identifier of the SON server to the home base station according to the location information, so that the home base station only needs to connect when accessing. To the SON server that allows access, thereby avoiding the need for the home base station in the related art to connect to the SON server in the list one by one until the SON server in the access network that allows the connection registration is found, resulting in the home The base station's network access delay is too long, which affects the technical problems of the user experience, improves the network access efficiency of the home base station, and improves the technical effect of the user's body-risk. It should be noted that, when the home base station manages the server, the network management server, or the location authentication server to provide the identifier of the SON server for the home base station according to the location information, the structural diagram of the embodiment is also applicable to the foregoing. There is no essential difference between the server. Fifth Embodiment FIG. 6 is a block diagram of an access apparatus for a home base station according to a fifth embodiment of the present invention. As shown in FIG. 6, the access device for the home base station according to the fifth embodiment of the present invention includes: an obtaining module 502, configured to acquire location information of the home base station, and a providing module 602, configured to provide the home base station according to the location information. An identifier of the SON server of the mobile communication network; the access module 604 is configured to connect to the SON server according to the identifier to obtain an initial configuration parameter, complete initialization according to the initial configuration parameter, and access the mobile communication network. The access device for the home base station according to the fifth embodiment of the present invention uses the acquisition module to acquire the location information of the home base station, and then uses the allocation module to provide the identifier of the SON server to the home base station according to the location information, so that the home base station is connected. When entering, only need to connect to allow it to access The SON server prevents the home base station in the related art from trying to connect to the SON server in the list one by one until it finds the SON server in the access network that allows the connection to register, causing the home base station to enter the network for a long delay. The technical problem affecting the user's body-risk, to achieve the technical effect of improving the network access efficiency of the home base station and improving the user experience. Sixth Embodiment FIG. 7 is a block diagram showing the configuration of an access system for a home base station according to a sixth embodiment of the present invention. As shown in FIG. 7, an access system for a home base station according to a sixth embodiment of the present invention includes: an AAA server 500, configured to acquire location information of a home base station, and provide a SON server of the mobile communication network to the home base station according to the location information. The identifier is sent to the security gateway of the mobile communication network; the security gateway 702 is configured to authenticate the home base station, and forward the access request of the home base station to the AAA server, and the AAA monthly service The access success response of the device is forwarded to the home base station, and the access success response carries the identifier of the SON server; the SON server 704 is configured to configure initial configuration parameters for the home base station; and the access module 706 is configured to connect to the SON server according to the identifier. Get initialization configuration parameters, complete initialization according to the initialization configuration parameters, and access to the mobile communication network. The access module is an access gateway 708 that accesses the mobile terminal network. In this embodiment, the security gateway 702 can also be combined with the access gateway 708 of the mobile communication network; the access mode is set in the home base station. An access system for a home base station according to a sixth embodiment of the present invention uses an AAA server to acquire location information of a home base station, and provides an identifier of the SON server to the home base station according to the location information, so that when the home base station is connected, It only needs to be connected to the SON server that allows it to access, so that the home base station in the related art needs to try to connect to the SON server in the list one by one until it finds the SON server in the access network that allows it to connect and register. The technical problem of affecting the user experience caused by the delay of the home base station entering the network is too long, and the network efficiency of the home base station is improved, and the technical effect of the user body-risk is improved. In summary, the access method, the device, the system, and the AAA server for the home base station according to the embodiment of the present invention prevent the home base station in the related art from attempting to connect the SON server in the list one by one until the access is performed. Finding the SON server in the access network that allows it to connect to the registration, causing the home base station to enter the network for a long delay, affecting the user experience, and improving the home base station. Network access efficiency, improving the technical effect of the user experience. Obviously, those skilled in the art should understand that the above modules or steps of the present invention can be implemented by a general-purpose computing device, which can be concentrated on a single computing device or distributed over a network composed of multiple computing devices. Alternatively, they may be implemented by program code executable by the computing device, such that they may be stored in the storage device by the computing device, or they may be separately fabricated into individual integrated circuit modules, or they may be Multiple modules or steps are made into a single integrated circuit module. Thus, the invention is not limited to any specific combination of hardware and software. The above is only the preferred embodiment of the present invention, and is not intended to limit the present invention, and various modifications and changes can be made to the present invention. Any modifications, equivalent substitutions, improvements, etc. made within the scope of the present invention are intended to be included within the scope of the present invention.

Claims

权 利 要 求 书 Claim
1. 一种用于家用基站的接入方法, 其特征在于, 包括: An access method for a home base station, comprising:
网络侧获取家用基站的位置信息;  The network side acquires location information of the home base station;
根据所述位置信息向所述家用基站提供移动通信网络的自组织网络 服务器的标识;  Providing, to the home base station, an identifier of the ad hoc network server of the mobile communication network according to the location information;
所述家用基站 居所述标识连接到所述自组织网络月艮务器以获取初 始化配置参数, 居所述初始化配置参数完成初始化, 并接入到所述移 动通信网络。  The home base station is connected to the self-organizing network server to obtain an initial configuration parameter, and the initial configuration parameter is initialized and accessed to the mobile communication network.
2. 根据权利要求 1所述的方法, 其特征在于, 所述网络侧包括: 2. The method according to claim 1, wherein the network side comprises:
所述家用基站的鉴权授权计费 AAA服务器、 所述家用基站的家用 基站管理***服务器。  The authentication and authorization charging AAA server of the home base station and the home base station management system server of the home base station.
3. 根据权利要求 1所述的方法, 其特征在于, 在所述网络侧获取所述家用 基站的所述位置信息之前还包括: The method according to claim 1, wherein before the acquiring, by the network side, the location information of the home base station, the method further includes:
所述家用基站获取所述移动通信网络的安全网关的因特网协议 IP 地址;  Obtaining, by the home base station, an Internet Protocol IP address of a security gateway of the mobile communication network;
所述家用基站才艮据所述 IP 地址与所述安全网关执行安全关联初始 交互, 建立安全关联;  The home base station performs a security association initial interaction with the security gateway according to the IP address to establish a security association;
所述家用基站向所述安全网关发送身份认证请求, 其中携带所述家 用基站的标识;  The home base station sends an identity authentication request to the security gateway, where the identifier of the home base station is carried;
所述安全网关向所述家用基站的 AAA月艮务器发送接入请求消息。  The security gateway sends an access request message to the AAA server of the home base station.
4. 根据权利要求 1所述的方法, 其特征在于, 所述网络侧获取所述家用基 站的所述位置信息具体包括以下至少一种: The method according to claim 1, wherein the acquiring, by the network side, the location information of the home base station comprises at least one of the following:
所述 AAA服务器或所述家用基站管理***服务器根据所述家用基 站的签约信息获取所述家用基站的位置信息;  Obtaining, by the AAA server or the home base station management system server, location information of the home base station according to the subscription information of the home base station;
所述 AAA服务器或所述家用基站管理***服务器根据家用基站的 IP地址查找家用基站的 IP宽带 艮务运营商, 并从所述 IP宽带 艮务运营 商的接口服务器中获取所述家用基站的位置信息; 所述 AAA服务器从所述家用基站管理***服务器或网管服务器获 取所述家用基站的位置信息。 The AAA server or the home base station management system server searches for an IP broadband service operator of the home base station according to the IP address of the home base station, and acquires the location of the home base station from the interface server of the IP broadband service operator. information; The AAA server acquires location information of the home base station from the home base station management system server or a network management server.
5. 居权利要求 1所述的方法, 其特征在于, 居所述位置信息向所述家 用基站提供所述移动通信网络的自组织网络服务器的标识具体包括:The method of claim 1, wherein the providing the location information to the home base station to provide the identifier of the ad hoc network server of the mobile communication network comprises:
AAA 月艮务器或所述家用基站管理***月艮务器查询允许处于所述位 置信息指示的位置的家用基站接入的所述移动通信网络的自组织网络月艮 务器; The AAA server or the home base station management system queries the ad hoc network server of the mobile communication network that is allowed to access the home base station at the location indicated by the location information;
所述 AAA服务器或所述家用基站管理***服务器将所述自组织网 络服务器的标识提供给所述家用基站。  The AAA server or the home base station management system server provides an identity of the ad hoc network server to the home base station.
6. 居权利要求 1所述的方法, 其特征在于, 居所述位置信息向所述家 用基站提供所述移动通信网络的自组织网络服务器的标识具体包括:The method of claim 1, wherein the providing the location information to the home base station to provide the identifier of the ad hoc network server of the mobile communication network comprises:
AAA 月艮务器或所述家用基站管理***月艮务器查询允许处于所述位 置信息指示的位置的家用基站接入的所述移动通信网络的自组织网络月艮 务器; The AAA server or the home base station management system queries the ad hoc network server of the mobile communication network that is allowed to access the home base station at the location indicated by the location information;
如果所述自组织网络服务器的个数大于 1 ,则所述 AAA服务器或所 述家用基站管理***服务器查询各个所述自组织网络服务器的当前负 荷;  If the number of the ad hoc network servers is greater than 1, the AAA server or the home base station management system server queries the current load of each of the ad hoc network servers;
所述 AAA服务器或所述家用基站管理***服务器比较各个所述自 组织网络服务器的当前负荷, 并获取所述当前负荷最小的自组织网络服 务器的标识;  The AAA server or the home base station management system server compares the current load of each of the self-organizing network servers, and acquires an identifier of the self-organizing network server with the smallest current load;
所述 AAA服务器或所述家用基站管理***服务器将所述当前负荷 最小的自组织网络服务器的标识作为所述自组织网络服务器的标识提供 给所述家用基站。  The AAA server or the home base station management system server provides the identifier of the self-organizing network server with the smallest current load as the identifier of the ad hoc network server to the home base station.
7. 根据权利要求 5或 6所述的方法, 其特征在于, 所述 AAA服务器将所 述自组织网络服务器的标识提供给所述家用基站具体包括: The method according to claim 5 or 6, wherein the providing, by the AAA server, the identifier of the ad hoc network server to the home base station comprises:
所述 AAA月艮务器向所述移动通信网络的安全网关发送接入成功消 息, 其中携带所述自组织网络服务器的标识;  The AAA server sends an access success message to the security gateway of the mobile communication network, where the identifier of the self-organizing network server is carried;
所述安全网关向所述家用基站发送身份认证响应消息, 其中携带接 入成功消息和所述自组织网络月艮务器的标识。 The security gateway sends an identity authentication response message to the home base station, where the access success message and the identifier of the ad hoc network server are carried.
8. 根据权利要求 5或 6所述的方法, 其特征在于, 所述 AAA服务器将所 述自组织网络服务器的标识提供给所述家用基站具体包括: The method according to claim 5 or 6, wherein the providing, by the AAA server, the identifier of the ad hoc network server to the home base station comprises:
所述 AAA月艮务器向所述移动通信网络的安全网关发送接入成功消 息, 其中携带所述自组织网络服务器的标识;  The AAA server sends an access success message to the security gateway of the mobile communication network, where the identifier of the self-organizing network server is carried;
所述安全网关保存所述自组织网络月艮务器的标识, 并向所述家用基 站发送身份认证响应消息, 其中携带接入成功消息;  The security gateway saves the identifier of the ad hoc network server, and sends an identity authentication response message to the home base station, where the access success message is carried;
所述家用基站向所述安全网关发送身份认证请求消息, 其中携带所 述家用基站的标识;  The home base station sends an identity authentication request message to the security gateway, where the identifier of the home base station is carried;
所述安全网关对所述家用基站进行认证, 并在认证通过后, 向所述 家用基站发送身份认证响应消息, 其中携带所述自组织网络服务器的标 识。  The security gateway authenticates the home base station, and after the authentication is passed, sends an identity authentication response message to the home base station, where the identity of the ad hoc network server is carried.
9. 居权利要求 1所述的方法, 其特征在于, 居所述位置信息向所述家 用基站提供移动通信网络的自组织网络服务器的标识具体包括: The method according to claim 1, wherein the identifier of the ad hoc network server that provides the mobile communication network to the home base station according to the location information specifically includes:
所述家用基站向所述家用基站管理***服务器发送请求信息; 所述家用基站管理***服务器获取所述家用基站的位置信息; 所述家用基站管理***服务器根据所述位置信息向所述家用基站提 供移动通信网络的自组织网络服务器的标识。  The home base station sends request information to the home base station management system server; the home base station management system server acquires location information of the home base station; and the home base station management system server provides the home base station according to the location information. The identity of the ad hoc network server of the mobile communication network.
10. 根据权利要求 3所述的方法, 其特征在于, 所述身份认证请求消息中还 携带要求返回所述家用基站的自组织网络服务器标识的标识。 The method according to claim 3, wherein the identity authentication request message further carries an identifier of an ad hoc network server identifier that is required to return to the home base station.
11. 根据权利要求 8所述的方法, 其特征在于, 所述身份认证请求消息中还 携带要求返回所述家用基站的自组织网络服务器标识的标识。 The method according to claim 8, wherein the identity authentication request message further carries an identifier of an ad hoc network server identifier that is required to return to the home base station.
12. 根据权利要求 1所述的方法, 其特征在于, 在所述家用基站根据所述标 识连接到所述自组织网络服务器以获取初始化配置参数之前还包括: 所述家用基站对所述移动通信网络的安全网关的身份进行认证。 The method according to claim 1, wherein before the home base station connects to the ad hoc network server according to the identifier to obtain initial configuration parameters, the method further includes: the home base station to the mobile communication The identity of the security gateway of the network is authenticated.
13. 根据权利要求 1所述的方法, 其特征在于, 还包括: 13. The method according to claim 1, further comprising:
在所述家用基站与所述移动通信网络的安全网关之间建立安全隧 道, 其中, 所述安全隧道是因特网安全协议 IPSec隧道。 Establishing a secure tunnel between the home base station and a security gateway of the mobile communication network, where the secure tunnel is an Internet Security Protocol IPSec tunnel.
14. 根据权利要求 1所述的方法, 其特征在于, 所述自组织网络服务器的标 识是所述自组织网络服务器的 IP地址或所述自组织网络服务器的域名。 The method according to claim 1, wherein the identifier of the ad hoc network server is an IP address of the ad hoc network server or a domain name of the ad hoc network server.
15. —种 AAA服务器, 其特征在于, 包括: 15. An AAA server, characterized by comprising:
获取模块, 用于获取家用基站的位置信息; 分配模块, 用于根据所述位置信息向所述家用基站提供移动通信网 络的自组织网络服务器的标识。  And an obtaining module, configured to obtain location information of the home base station, and an allocation module, configured to provide the home base station with an identifier of the ad hoc network server of the mobile communication network according to the location information.
16. —种用于家用基站的接入装置, 其特征在于, 包括: 16. An access device for a home base station, comprising:
获取模块, 用于获取家用基站的位置信息; 提供模块, 用于根据所述位置信息向所述家用基站提供移动通信网 络的自组织网络服务器的标识;  And an obtaining module, configured to obtain location information of the home base station, and a providing module, configured to provide the home base station with an identifier of the ad hoc network server of the mobile communication network according to the location information;
接入模块, 用于根据所述标识连接到所述自组织网络服务器以获取 初始化配置参数, 并 -据所述初始化配置参数完成初始化, 并接入到所 述移动通信网络。  And an access module, configured to connect to the ad hoc network server according to the identifier to obtain an initial configuration parameter, and perform initialization according to the initial configuration parameter, and access the mobile communication network.
17. —种用于家用基站的接入***, 其特征在于, 包括: 17. An access system for a home base station, comprising:
AAA服务器, 用于获取家用基站的位置信息, 根据所述位置信息向 所述家用基站提供移动通信网络的自组织网络服务器的标识, 并将所述 自组织网络月艮务器的标识发送给移动通信网络的安全网关;  An AAA server, configured to acquire location information of the home base station, provide an identifier of the ad hoc network server of the mobile communication network to the home base station according to the location information, and send the identifier of the ad hoc network server to the mobile Security gateway of the communication network;
所述安全网关, 用于对所述家用基站进行认证, 将所述家用基站的 接入请求转发给所述 AAA服务器,将所述 AAA服务器的接入成功响应 转发给所述家用基站, 所述接入成功响应中携带所述自组织网络服务器 的标识;  The security gateway is configured to authenticate the home base station, forward the access request of the home base station to the AAA server, and forward the access success response of the AAA server to the home base station, where The identifier of the self-organizing network server is carried in the access success response;
所述自组织网络服务器,用于为所述家用基站配置初始化配置参数; 所述家用基站, 其包括接入模块, 用于 居所述标识连接到所述自 组织网络月艮务器以获取初始化配置参数, 并 居所述初始化配置参数完 成初始化, 并将所述家用基站接入到所述移动通信网络。  The self-organizing network server is configured to configure initialization configuration parameters for the home base station, and the home base station includes an access module, configured to connect to the identifier to connect to the self-organizing network server to obtain initialization And configuring the parameter, and completing initialization of the initial configuration parameter, and accessing the home base station to the mobile communication network.
PCT/CN2010/074088 2009-08-05 2010-06-18 Method, device, system and authentication authorization accounting (aaa) server for home node base station accessing WO2011015091A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN2009101603931A CN101990218A (en) 2009-08-05 2009-08-05 Access method, device, system and AAA server for home base station
CN200910160393.1 2009-08-05

Publications (1)

Publication Number Publication Date
WO2011015091A1 true WO2011015091A1 (en) 2011-02-10

Family

ID=43543911

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2010/074088 WO2011015091A1 (en) 2009-08-05 2010-06-18 Method, device, system and authentication authorization accounting (aaa) server for home node base station accessing

Country Status (2)

Country Link
CN (1) CN101990218A (en)
WO (1) WO2011015091A1 (en)

Families Citing this family (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2013107495A1 (en) * 2012-01-16 2013-07-25 Nokia Siemens Networks Oy Vendor specific base station auto - configuration framework
CN104023093B (en) * 2014-05-09 2018-09-14 京信通信***(中国)有限公司 Method, system and the access guiding server of home base station access gateway
CN104168566B (en) * 2014-08-19 2018-11-06 京信通信***(中国)有限公司 A kind of method and device of access network
CN104320771A (en) * 2014-10-15 2015-01-28 京信通信***(中国)有限公司 Method, device and system for configuring home node B parameters
WO2018098761A1 (en) * 2016-11-30 2018-06-07 华为技术有限公司 Data transmission method and device

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1623311A (en) * 2001-11-19 2005-06-01 艾利森电话股份有限公司 Method and apparatus for identifying a node for data communications using its geographical location
WO2007057732A1 (en) * 2005-11-15 2007-05-24 Alcatel Lucent Access network, gateway and management server for a cellular wireless communication system
CN101321101A (en) * 2007-06-05 2008-12-10 华为技术有限公司 Method and system for access network node self-allocation
CN101374073A (en) * 2007-08-25 2009-02-25 华为技术有限公司 Method and system for managing household base station
CN101437223A (en) * 2007-11-16 2009-05-20 华为技术有限公司 Access method, system and apparatus for household base station

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8855007B2 (en) * 2007-11-19 2014-10-07 Qualcomm Incorporated Configuring an identifier for an access point

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1623311A (en) * 2001-11-19 2005-06-01 艾利森电话股份有限公司 Method and apparatus for identifying a node for data communications using its geographical location
WO2007057732A1 (en) * 2005-11-15 2007-05-24 Alcatel Lucent Access network, gateway and management server for a cellular wireless communication system
CN101321101A (en) * 2007-06-05 2008-12-10 华为技术有限公司 Method and system for access network node self-allocation
CN101374073A (en) * 2007-08-25 2009-02-25 华为技术有限公司 Method and system for managing household base station
CN101437223A (en) * 2007-11-16 2009-05-20 华为技术有限公司 Access method, system and apparatus for household base station

Also Published As

Publication number Publication date
CN101990218A (en) 2011-03-23

Similar Documents

Publication Publication Date Title
US20220225263A1 (en) Interworking function using untrusted network
US20200153830A1 (en) Network authentication method, related device, and system
CN107852407B (en) Unified authentication for integrating small cells and Wi-Fi networks
EP3132628B1 (en) Method and nodes for integrating networks
US9219816B2 (en) System and method for automated whitelist management in an enterprise small cell network environment
JP3869392B2 (en) User authentication method in public wireless LAN service system and recording medium storing program for causing computer to execute the method
ES2432072T3 (en) An access point, a server and a system to distribute an unlimited number of virtual IEEE 802.11 wireless networks through a heterogeneous infrastructure
WO2009000206A1 (en) Method and system for access control of home node b
WO2019017837A1 (en) Network security management method and apparatus
US9125053B2 (en) Communication system, connection control apparatus, mobile terminal, base station control method, service request method, and program
US20120208504A1 (en) Femto access point initialization and authentication
CA2818507A1 (en) Automatic remote access to ieee 802.11 networks
RU2009138223A (en) USER PROFILE, POLICY, AND PMIP KEY DISTRIBUTION IN A WIRELESS COMMUNICATION NETWORK
WO2015196396A1 (en) Method for establishing network connection, gateway and terminal
WO2016023262A1 (en) Resource sharing method and resource sharing system
CN106797539A (en) Set up and configuration dynamic is subscribed to
WO2018058365A1 (en) Network access authorization method, and related device and system
WO2011015091A1 (en) Method, device, system and authentication authorization accounting (aaa) server for home node base station accessing
CN102026163A (en) Method and device for selecting access to Internet through wireless fidelity access network
WO2010130118A1 (en) System and method for carrying out authentication on users of home nodeb
CN116746214A (en) PDU session continuity for a UE moving between a telecommunications network and a gateway device
WO2010139147A1 (en) Mehtod and system for subscriber access, method and system for managing subscriber of closed subscriber group
US10219309B2 (en) D2D service authorizing method and device and home near field communication server
TWI592001B (en) System and method for providing telephony services over wifi for non-cellular devices
AU2018366777A1 (en) Authentication method and apparatus

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 10805995

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 10805995

Country of ref document: EP

Kind code of ref document: A1