WO2014094487A1 - Method, device, and system for determining access authority of user to wireless local area network - Google Patents

Method, device, and system for determining access authority of user to wireless local area network Download PDF

Info

Publication number
WO2014094487A1
WO2014094487A1 PCT/CN2013/085314 CN2013085314W WO2014094487A1 WO 2014094487 A1 WO2014094487 A1 WO 2014094487A1 CN 2013085314 W CN2013085314 W CN 2013085314W WO 2014094487 A1 WO2014094487 A1 WO 2014094487A1
Authority
WO
WIPO (PCT)
Prior art keywords
user
wlan
location information
access
attachment location
Prior art date
Application number
PCT/CN2013/085314
Other languages
French (fr)
Chinese (zh)
Inventor
李华
王伟
孙翠萍
Original Assignee
华为技术有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 华为技术有限公司 filed Critical 华为技术有限公司
Publication of WO2014094487A1 publication Critical patent/WO2014094487A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W8/00Network data management
    • H04W8/02Processing of mobility data, e.g. registration information at HLR [Home Location Register] or VLR [Visitor Location Register]; Transfer of mobility data, e.g. between HLR, VLR or external networks
    • H04W8/04Registration at HLR or HSS [Home Subscriber Server]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication

Definitions

  • the present invention relates to the field of communications technologies, and in particular, to a method, device, and system for determining a user's access to a wireless local area network. Background technique
  • MBB mobile broadband
  • WLAN Wireless Local Area Network
  • Mobile users need to be authenticated and authenticated when they access the WLAN.
  • the authentication process needs to determine whether the user has access to the WLAN.
  • One method is to sign the user's access rights on the Home Subscriber Server (HSS)/Home Location Register (HLR), Authentication, Authorization, Accounting, AAA.
  • HSS Home Subscriber Server
  • HLR Home Location Register
  • AAA Authentication, Authorization, Accounting
  • the HLR/HSS When the HLR/HSS obtains the authentication data response message, it returns a failure. Moreover, in the method, for a roaming user, such as a user of another operator, the HLR/HSS to which the user belongs may not support the permission judgment of accessing the WLAN. Therefore, this method requires the operator to upgrade or modify the HLR/HSS of the existing network. When the mobile operator constructs and deploys the WLAN, it is generally not desirable to modify the HLR/HSS of the existing network.
  • Another method is to use a certain service identifier of the original mobile network as the subscription identifier of the WLAN, and the AAA server obtains the user's access to the WLAN at the same time when acquiring the user data.
  • ODB Operator Determined Barring
  • Embodiments of the present invention provide a method, device, and system for determining a user's access to a WLAN, and solve the problem of how to determine a user's access to a WLAN.
  • an embodiment of the present invention provides a method for determining a user access to a wireless local area network, including:
  • determining, according to the location information, the right of the user to access the WLAN specifically: determining, according to the location information, that the user is attached to the operator On the mobile network, the user is allowed to access the WLAN; or according to the The location information is attached to determine that the user's home network is included in a whitelist that can use the WLAN, allowing the user to access the WLAN.
  • a second possible implementation manner of the first aspect after the user accesses the WLAN, acquiring the location information of the user; and obtaining the attachment according to the user accessing the WLAN The location information determines that the user has left the mobile network of the operator, and disconnects the user from the WLAN.
  • determining that the user accessing the WLAN network according to the attachment location information specifically includes: determining, according to the attachment location information, that the user is not attached to the operation On the mobile network of the quotient, the user is denied access to the WLAN; or if the home network of the user is not included in the whitelist that can use the WLAN according to the attached location information, the user is denied access to the WLAN.
  • the short message center serving the user is sent a short message to notify the user that the After the operator's mobile network, the WLAN service can be used.
  • an embodiment of the present invention provides a device for determining a user access to a WLAN, including:
  • the first receiving unit 41 is configured to receive an access authentication request of a user initiated by the WLAN of the operator, and confirm that the user authenticates by using the user;
  • the first sending unit 42 is configured to send a request message to the user's home location register or the home subscriber server to request the user's attachment location information in the network;
  • the second receiving unit 43 is configured to receive the location information of the user sent by the home location register or the home subscriber server;
  • the determining unit 44 is configured to determine, according to the attached location information, the right of the user to access the WLAN.
  • the determining unit is specifically configured to be used according to the Determining the location information to determine that the user is attached to the mobile network of the operator, allowing the user to access the WLAN; or determining, according to the attached location information, that the user's home network is included in a whitelist that can use the WLAN , allowing the user to access the WLAN.
  • the method further includes: a disconnecting unit 45, configured to acquire the location information of the user after the user accesses the WLAN; The user is disconnected from the WLAN according to the location information obtained after the user accesses the WLAN, and determines that the user has left the mobile network of the operator.
  • the determining unit is specifically configured to determine, according to the location information, that the user is not attached to the mobile network of the operator, and reject the user access WLAN; or determining that the user's home network is not included in the whitelist that can use the WLAN according to the attached location information, the user is denied access to the WLAN.
  • the second sending unit 47 is further configured to send a short message to the short message center serving the user. To notify the user that the WLAN service can be used after attaching to the mobile network of the operator.
  • an embodiment of the present invention provides a system for determining a right of a roaming user to access a wireless local area network, including a first device 61 and a second device 63, where the first device 61 is configured to receive a wireless local area network (WLAN) of the operator. Initiating an access authentication request of the user, confirming that the user sends a request message to the second device 63 to request the user's attachment location information in the network, and receiving the attachment location of the user sent by the second device 63. And the second device 63 is configured to send, to the first device 61, the location information of the user in the network, according to the information about the attachment location.
  • WLAN wireless local area network
  • a method, device, and system for determining a user's access rights to a wireless local area network are provided by the embodiment of the present invention, and the user is authenticated by receiving a user's access authentication request initiated by the wireless local area network (WLAN) of the operator; User's home location register or home user server And taking the location information of the user in the network; determining, according to the location information, the permission of the user to access the WLAN.
  • the method does not need to sign the WLAN access rights of the user in the HLR/HSS, and solves the problem of how to determine the user's access rights to the WLAN.
  • FIG. 1 is a flowchart of a method for determining a permission of a roaming user to access a WLAN network according to an embodiment of the present invention
  • FIG. 2 is a flowchart of another method for determining a right of a roaming user to access a WLAN according to an embodiment of the present invention
  • FIG. 3 is a flowchart of another method for determining a right of a roaming user to access a WLAN according to an embodiment of the present invention
  • FIG. 4 is a structural diagram of an apparatus for determining a right of a roaming user to access a WLAN according to an embodiment of the present disclosure
  • FIG. 5 is a device for determining the right of a roaming user to access a WLAN according to an embodiment of the present invention.
  • FIG. 6 is a schematic diagram of a system for determining a right of a roaming user to access a WLAN according to an embodiment of the present invention.
  • FIG. 7 is another device for determining the permission of a roaming user to access a WLAN according to an embodiment of the present invention.
  • WLAN hotspot such as the hot spot deployed by China Mobile
  • the terminal will automatically connect.
  • WLAN hotspots such as hotspots deployed by China Mobile
  • FIG. 1 is a flow chart of a method for determining a user's access to a WLAN according to an embodiment of the present invention.
  • the user here can be a roaming user or a non-roaming user.
  • S101 Receive an access authentication request of a user initiated by a WLAN of the operator, and confirm that the user authenticates through the user.
  • the location information of the user in the network may be a visitor location register (VLR) number of the user, or a GPRS Service Support Node (SGSN) number, or a cell information of the user.
  • VLR visitor location register
  • SGSN GPRS Service Support Node
  • cell information of the user may be a cell information of the user.
  • the SGSN number may indicate the location information of the user in the Packet Switch (PS) domain
  • PS Packet Switch
  • CS Circuit Switch
  • the request message may be, but is not limited to, any one of the following messages: MAP- ANY-TIME-INTERROGATION MAP-PROVIDE-SUBSCRIBER-INFO, MAP_SEND- ROUTING_ INFORMATION MAP-SEND-ROUTING-INFO- FOR in the MAP message -SM message, and Server-Assignment-Request in DIAMETER message.
  • S105 Receive the attached location information of the user sent by the home location register or a home subscriber server.
  • the user may be determined to be attached to the mobile network of the operator according to the attached location information, or determine, according to the attached location information, that the user's home network is included in a whitelist that can use the WLAN. The user is then allowed to access the WLAN.
  • the whitelist here may include some operator information, and the operators can use the WLAN.
  • the user accesses the WLAN, if the user determines that the user has left the mobile network of the operator according to the subsequently obtained attachment location information, the user is disconnected from the WLAN.
  • the user can still obtain the location information of the user in the network after the user accesses the WLAN.
  • the user can periodically register with the home location register or the home user.
  • the server sends a request message to request to obtain the location information of the user in the network; or may request the location information of the user in the network by sending a subscription message to the home location register or the home subscriber server, so that the location information of the user is attached.
  • the HLR/HSS will actively notify the requester requesting the attachment location information.
  • the short message may be sent to the short message center serving the user to notify the user that after attaching to the mobile network of the operator, Use the carrier's WLAN service.
  • the user may be notified that if the mobile network of the operator is attached, the WLAN service of the operator may be used for free or preferentially. In this way, the roaming users can be attracted to use the operator's mobile network. Since the roaming users generally have higher tariffs, these roaming users can bring more benefits to the operators.
  • the method for determining the right of a roaming user to access the WLAN can solve the problem of determining the WLAN access authority of the user. This method does not require the WLAN access rights of the subscriber in the HLR/HS S. Moreover, for the roaming user, the operator does not need to upgrade or modify the HLR/HSS of the existing network, and the operator does not need to use the unified ODB or other identifier as the subscription identifier of the user to access the WLAN.
  • FIG. 2 is a flow chart of another method for determining a user's access to a WLAN according to an embodiment of the present invention.
  • the WLAN rights that the user has access to the carrier here, China Unicom for example
  • the user here can be a roaming user or a non-roaming user.
  • the user accesses the mobile network of China Unicom through a User Equipment (UE).
  • UE User Equipment
  • the MSC/SGSN initiates location registration with the HLR, and the HLR returns a location registration response message, and delivers the subscription data of the user.
  • the HLR records the location information of the UE in the mobile network, such as the SGSN number to which the UE is attached, or the VLR number to which the UE is attached, or the cell information to which the UE is attached.
  • the location registration message carries the VLR number, and optionally, the cell information may also be carried. If the location registration is initiated by the SGSN to the HLR, the location registration message carries the SGSN number.
  • the WLAN initiates an access authentication request to the AAA, where the message carries the identity of the user.
  • the AAA sends a request message for acquiring the user authentication vector to the HLR/HSS.
  • a request message for acquiring the user authentication vector to the HLR/HSS.
  • it can be MAP SEND AUTHENTICATION INFO or Multimedia- Auth-Request message.
  • HSS/HLR returns the authentication vector.
  • the location information of the user in the network is not included in the authentication vector.
  • the AAA initiates an authentication challenge to the UE.
  • the UE returns an authentication challenge response.
  • the AAA determines that the user authentication succeeds according to the authentication challenge response returned by the UE.
  • the AAA sends a request message for acquiring the location information of the user in the network to the HLR/HSS, so as to obtain the location information of the user in the network from the HLR/HS S.
  • the request message can be used but is not limited to the following messages: MAP- ANY-TIME-INTERROGATION in the MAP message, MAP-PROVIDE- SUBSCRIBER-INFO, MAP_SEND- ROUTING_ INFORMATION, MAP-SEND-ROUTING-INFO-FOR -SM message, or a message such as Server-Assignment-Request in the DIAMETER message.
  • HLR /HSS returns the user's attachment location information to AAA.
  • the attached location information returned here is the attached SGSN number recorded in the HLR/HSS, or the VLR number to which the UE is attached, or the cell information to which the UE is attached.
  • the AAA determines, according to the obtained attachment location information, whether the user has the right to access China Unicom. In this embodiment, the AAA determines that the user has the right to access the WLAN of China Unicom.
  • the AAA may determine, according to the pre-configured policy and the obtained attachment location information, whether the user has the right to access the WLAN of China Unicom.
  • the pre-configured policy may be that the user attaches to the mobile network of China Unicom through the VLR, SGSN or cell attached to the user, and the user has the right to access the WLAN of China Unicom; or, the user is attached to In some VLRs, SGSNs, or cells, the user has the right to use China Unicom's WLAN.
  • the whitelist is set in the AAA. The whitelist includes some other operators. When the user accesses the whitelist. In the operator's mobile network, the user has information on the rights of the China Unicom WLAN. S213. Return a message that the authentication succeeds to the WLAN.
  • the AAA may further obtain the location information of the user, and determine, according to the location information obtained after the user accesses the WLAN, that the user has already obtained When leaving the mobile network of the operator, the user is disconnected from the WLAN.
  • the AAA can obtain the location information of the user by: sending the request message to the HLR/HSS periodically to request the location information of the user in the network, so that the user accesses the WLAN.
  • the AAA can still obtain the location information of the user in the network; or, the AAA sends a subscription message to the HLR/HSS to request the location information of the user in the network, so that when the location information of the user changes, the HLR/HSS
  • the AAA will be notified to the location information of the user in the network.
  • the AAA disconnects the user from the WLAN of the operator if it determines that the user has left the mobile network of the operator according to the subsequent acquired location information.
  • the method for determining the user's access to the WLAN can solve the problem of determining the WLAN access authority of the user.
  • This method does not require the WLAN access rights of the subscriber in the HLR/HSS.
  • the operator does not need to upgrade or modify the HLR/HSS of the existing network, and the operator does not need to use the unified ODB or other identifier as the subscription identifier of the user to access the WLAN.
  • FIG. 3 is a flowchart of another method for determining a right of a roaming user to access a WLAN according to an embodiment of the present invention.
  • the WLAN rights that the user does not have access to the carrier here, China Unicom for example
  • the user here can be a roaming user or a non-roaming user.
  • the AAA sends a request message for acquiring the location information of the user in the network to the HLR/HSS, so as to obtain the location information of the user in the network from the HLR/HSS.
  • the request message may be used but is not limited to the following messages: MAP-ANY-TIME-INTERROGATION, MAP-PROVIDE-SUBSCRIBER-INFO in the MAP message,
  • the HLR/HSS returns the attachment location information of the user to the AAA.
  • the location information returned here is the SGSN number to which the UE is recorded in the HLR/HSS, or the VLR number to which the UE is attached, or the cell information to which the UE is attached.
  • the AAA determines, according to the obtained attachment location information, whether the user has the right to access China Unicom. In this embodiment, the AAA determines that the user does not have access to the China Unicom WLAN.
  • the AAA may determine whether the user has the right to access the China Unicom WLAN according to the pre-configured policy and the obtained attachment location information.
  • the pre-configured policy may be that the user attaches to the mobile network of China Unicom through the VLR, SGSN or cell attached to the user, and the user has the right to access the WLAN of China Unicom; or, the user is attached to In some VLRs, SGSNs, or cells, the user has the right to use China Unicom's WLAN.
  • the whitelist is set in the AAA. The whitelist includes some other carriers. When the user accesses the whitelist. In the mobile networks of these operators, users have information on the rights of China Unicom's WLAN.
  • the embodiment may further include two steps S314 and S315.
  • the AAA sends a short message to the short message center serving the user, to notify the user that the WLAN service of China Unicom can be used after attaching to the mobile network of China Unicom. Specifically: Users can be notified that if they are attached to China Unicom's mobile network, they can use China Unicom's WLAN service for free or preferentially.
  • the short message center sends a short message to the UE.
  • the short message center sends a short message to the UE.
  • the user who is roaming can be attracted to use the mobile network of China Unicom. Since the general tariff of the roaming user is high, this part of the roaming user can give to China. China Unicom brings more benefits.
  • the method for determining the user's access to the WLAN can solve the problem of determining the WLAN access authority of the user.
  • This method does not require the WLAN access rights of the subscriber in the HLR/HSS.
  • the operator does not need to upgrade or modify the HLR/HSS of the existing network, and the operator does not need to use the unified ODB or other identifier as the subscription identifier of the user to access the WLAN.
  • FIG. 4 it is a structural diagram of a device for determining a user's access to a WLAN according to an embodiment of the present invention.
  • the device includes:
  • the first receiving unit 41 is configured to receive an access authentication request of a user initiated by the WLAN of the operator, and confirm that the user authenticates by using the user;
  • the first sending unit 42 is configured to send a request message to the user's home location register or the home subscriber server to request the user's attachment location information in the network;
  • the second receiving unit 43 is configured to receive the location information of the user sent by the home location register or the home subscriber server;
  • the determining unit 44 is configured to determine, according to the attached location information, the right of the user to access the WLAN.
  • the determining unit is specifically configured to determine, according to the attached location information, that the user is attached to the mobile network of the operator, or determine, according to the attached location information, that a user's home network is included in an available In the white list of the WLAN, the user is allowed to access the WLAN.
  • the device may further include a disconnecting unit 45, configured to acquire the attached location information of the user after the user accesses the WLAN; and determine, according to the attached location information acquired after the user accesses the WLAN, that the user has left the When the operator's mobile network is connected, the user is disconnected from the WLAN.
  • the device that determines the user's access to the WLAN may be an AAA server, and the user may be a roaming user or a non-roaming user.
  • the device for determining the privilege of the user to access the WLAN provided by the embodiment can solve the problem of determining the WLAN access authority of the user. After using this device, you do not need to sign the user's WLAN access rights in HLR/HSS. Moreover, for the roaming user, the operator does not need to upgrade or modify the HLR/HSS of the existing network, and the operator does not need to use the unified ODB or other identifier as the subscription identifier of the user to access the WLAN.
  • FIG. 5 is a structural diagram of another apparatus for determining a user's access to a WLAN according to an embodiment of the present invention.
  • the apparatus comprises: a first receiving unit 41, a first transmitting unit 42, a second receiving unit 43, and a determining unit 44 in the embodiment shown in Fig. 4.
  • the determining unit is specifically configured to determine, according to the attached location information, that the user is not attached to the mobile network of the operator, or determine, according to the attached location information, that the user's home network is not included in the available network. In the white list of the WLAN, the user is denied access to the WLAN.
  • the device may further include a second sending unit 47, configured to send a short message to the short message center serving the user, to notify the user that the WLAN service may be used after attaching to the mobile network of the operator. .
  • the device that determines the user's access to the WLAN may specifically be an AAA server.
  • the user here can be a roaming user or a non-roaming user.
  • the device for determining the right of the roaming user to access the WLAN provided by the embodiment can solve the problem of determining the WLAN access authority of the user. After using this device, you do not need to sign the WLAN access rights of the user in the HLR/HSS. Moreover, for roaming users, no operator upgrades are required or To transform the HLR/HSS of the existing network, each operator does not need to use a unified ODB or other identifier as the subscription identifier for the user to access the WLAN.
  • a system for determining a user's access to a WLAN network includes: a first device 61 and a second device 63.
  • the first device 61 is configured to receive an access authentication request of the user initiated by the WLAN of the operator, and confirm that the user sends a request message to the second device 63 to request the user to attach to the network through user authentication.
  • the information is received by the second device 63, and the user's access to the WLAN is determined according to the attached location information.
  • the first device may be the device that determines the user accessing the WLAN according to the foregoing FIG. 4 or FIG. 5 .
  • the first device may be an AAA server
  • the second device may be a home location register or a home subscriber server of the user.
  • the user in this embodiment may be a roaming user or a non-roaming user.
  • the system for determining the privilege of the user to access the WLAN provided by the embodiment can solve the problem of determining the WLAN access authority of the user. After using this system, it is not necessary to sign the user's WLAN access rights in the HLR/HSS. Moreover, for the roaming user, the operator does not need to upgrade or modify the HLR/HSS of the existing network, and the operator does not need to use the unified ODB or other identifier as the subscription identifier of the user to access the WLAN.
  • FIG. 7 another device structure diagram for determining the right of a user to access a WLAN according to an embodiment of the present invention adopts a general computer system structure, and the computer system may be a processor-based computer.
  • the device for determining the user's access to the WLAN includes at least one processor 701, a communication bus 702, a memory 703, and at least one communication interface 704.
  • the processor may be a general purpose central processing unit (CPU), a microprocessor, an application-specific integrated circuit (ASIC), or one or more integrated circuits for controlling the execution of the program of the present invention.
  • the communication bus 702 can include a path for transferring information between the components.
  • the communication interface 704 uses means, such as any transceiver, for communicating with other devices or communication networks, such as Ethernet, Radio Access Network (RAN), Wireless Local Area Network (WLAN), and the like.
  • the computer system also includes one or more memories, which may be read-only memory (ROM) or other types of static storage devices that can store static information and instructions, random access memory (RAM) or Other types of dynamic storage devices that can store information and instructions, or Electrically Erasable Programmable Read-Only Memory (EEPROM), CD-ROM (Compact Disc Read-Only Memory, CD-ROM) Or other disc storage, disc storage (including compact discs, laser discs, optical discs, digital versatile discs, Blu-ray discs, etc.), disk storage media or other magnetic storage devices, or capable of carrying or storing in the form of instructions or data structures
  • ROM read-only memory
  • RAM random access memory
  • EEPROM Electrically Erasable Programmable Read-Only Memory
  • CD-ROM Compact Disc Read-Only Memory
  • CD-ROM Compact Disc Read-Only Memory
  • CD-ROM Compact Disc Read-Only Memory
  • disk storage media or other magnetic storage devices, or capable of carrying or storing in the form of instructions or data structures
  • the memory 703 is configured to store program code for executing the solution of the present invention, and the program code for executing the solution of the present invention is stored in a memory and controlled by a processor.
  • the program code may specifically include: a first receiving unit 7031, a first transmitting unit 7032, a second receiving unit 7033, and a determining unit 7034; the processor 701 is configured to execute a unit stored in the memory 703, when the unit is When the processor 701 is executed, the following functions are implemented:
  • the first receiving unit 7031 is configured to receive an access authentication request of the user initiated by the WLAN of the operator, and confirm that the user authenticates by using the user.
  • the first sending unit 7032 is configured to send a request message to the user's home location register or the home subscriber server to request the user's location information in the network;
  • a second receiving unit 7033 configured to receive the location information of the user sent by the home location register or a home subscriber server;
  • a determining unit 7034 configured to determine, according to the attached location information, that the user accesses the WLAN permissions.
  • the determining unit is specifically configured to determine, according to the attached location information, that the user is attached to the mobile network of the operator, or determine, according to the attached location information, that a user's home network is included in an available In the white list of the WLAN, the user is allowed to access the WLAN.
  • the program code may further include a disconnecting unit 7035, configured to acquire the attached location information of the user after the user accesses the WLAN; and determine, according to the attached location information acquired after the user accesses the WLAN, that the user has left the location When the operator's mobile network is described, the user is disconnected from the WLAN.
  • acquiring the location information of the user may be: sending a subscription message to the home location register or the home subscriber server to subscribe to the location information of the user in the network; or, periodically Sending a request message to the home location register or the home subscriber server to request the location information of the user in the network.
  • the determining unit is specifically configured to determine, according to the attached location information, that the user is not attached to the mobile network of the operator, or determine, according to the attached location information, that the user's home network is not included in the available network. In the white list of the WLAN, the user is denied access to the WLAN.
  • the program code may further include a second sending unit 7036, configured to send a short message to the short message center serving the user, to notify the user that the WLAN can be used after attaching to the mobile network of the operator. business.
  • the device that determines the user's access to the WLAN may specifically be an AAA server. Users can be roaming users or non-roaming users.
  • the device for determining the right of the roaming user to access the WLAN provided by the embodiment can solve the problem of determining the WLAN access authority of the user. After using this device, you do not need to sign the WLAN access rights of the user in the HLR/HSS. Moreover, for roaming users, operators are not required to upgrade or modify the HLR/HSS of the existing network, and each operator does not need to use a unified ODB or other identifiers. The subscription identifier of the user accessing the WLAN.
  • the various embodiments in the present specification are described in a progressive manner, and the same similar parts between the various embodiments may be referred to each other, and each embodiment focuses on different embodiments from other embodiments.
  • the description is relatively simple, and the execution process of each unit specific function can be referred to the description of the method embodiment.
  • the device embodiments described above are merely illustrative, wherein the units described as separate components may or may not be physically separated, and the components displayed as units may or may not be physical units, ie may be located in one place. , or it can be distributed to multiple network elements. Some or all of the modules may be selected according to actual needs to achieve the purpose of the solution of the embodiment. Those of ordinary skill in the art can understand and implement without any creative effort.

Abstract

Embodiments of the present invention provide a method, device, and system for determining an access authority of a user to a wireless local area network (WLAN). The method for determining an access authority of a user to a WLAN comprises: receiving an access authentication request of a user that is initiated by a WLAN of an operator, and confirming that the user succeeds in user authentication; sending a request message to a home location register or a home subscriber server of the user to request attachment location information of the user in the network; receiving the attachment location information of the user that is sent by the home location register or the home subscriber server; and determining, according to the attachment location information, an access authority of the user to the WLAN. By means of the method provided by the embodiment of the present invention, the problem of how to determine an access authority of a user to a WLAN is solved.

Description

一种确定用户接入无线局域网权限的方法、 设备和*** 本申请要求了 2012年 12月 18日提交的、 申请号为 201210551954.2、 发明名 称为 "一种确定用户接入无线局域网权限的方法、 设备和***" 的中国申请 的优先权, 其全部内容通过引用结合在本申请中。  Method, device and system for determining user access to wireless local area network permission. The present application claims a method and device for determining the user's access to a wireless local area network, which is filed on December 18, 2012 and has the application number of 201210551954.2. The priority of the Chinese application of the "systems", the entire contents of which is incorporated herein by reference.
技术领域 Technical field
本发明涉及通信技术领域, 尤其涉及一种确定用户接入无线局域网的权 限的方法、 设备和***。 背景技术  The present invention relates to the field of communications technologies, and in particular, to a method, device, and system for determining a user's access to a wireless local area network. Background technique
随着智能手机的普及和发展, 用户数据业务流量以及移动宽带 (Mobile Broadband, MBB) 业务量剧增, 越来越多的运营商也开始了无线局域网  With the popularity and development of smartphones, user data traffic and mobile broadband (MBB) traffic has increased dramatically, and more and more operators have begun wireless LANs.
(Wireless Local Area Network , WLAN) 的建设和部署。 一方面, 运营商利 用 WLAN分流原有的移动网络流量和提供更高的带宽; 另一方面, 运营商也 希望通过 WLAN的建设, 在分流移动网络流量的同时, 能吸引更多的价值用 户使用该运营商的移动网络, 促进其移动网络的利用率。  (Wireless Local Area Network, WLAN) construction and deployment. On the one hand, operators use WLAN to offload existing mobile network traffic and provide higher bandwidth. On the other hand, operators also hope that through the construction of WLAN, they can attract more value users while diverting mobile network traffic. The carrier's mobile network promotes the utilization of its mobile network.
在移动用户接入 WLAN时, 需要对移动用户进行鉴权和认证。 其中, 认 证过程需要判断用户是否有接入 WLAN的权限。  Mobile users need to be authenticated and authenticated when they access the WLAN. The authentication process needs to determine whether the user has access to the WLAN.
目前有两种方法可以判断用户是否有接入 WLAN的权限。  There are currently two ways to determine if a user has access to a WLAN.
一种方法是在归属用户服务器 (Home Subscriber Server, HSS ) /归属位 置寄存器 (Home Location Register, HLR) 上签约用户的接入权限, 鉴权授 权计费 (Authentication, Authorization, Accounting, AAA) 月艮务器在向 HLR/HSS获取鉴权数据时, 如果用户没有签约接入 WLAN的权限, 则  One method is to sign the user's access rights on the Home Subscriber Server (HSS)/Home Location Register (HLR), Authentication, Authorization, Accounting, AAA. When the server obtains the authentication data from the HLR/HSS, if the user does not have the right to subscribe to the WLAN,
HLR/HSS在获取鉴权数据响应消息时, 返回失败。 而且, 在该方法中, 对于漫游用户, 譬如其他运营商的用户, 该用户归 属的 HLR/HSS可能不支持接入 WLAN的权限判断。 因而, 这种方法需要运营 商升级或改造现网的 HLR/HSS, 而移动运营商建设和部署 WLAN时, 一般不 希望后续对现网的 HLR/HSS进行改动。 When the HLR/HSS obtains the authentication data response message, it returns a failure. Moreover, in the method, for a roaming user, such as a user of another operator, the HLR/HSS to which the user belongs may not support the permission judgment of accessing the WLAN. Therefore, this method requires the operator to upgrade or modify the HLR/HSS of the existing network. When the mobile operator constructs and deploys the WLAN, it is generally not desirable to modify the HLR/HSS of the existing network.
另一种方法是使用原有移动网络的某个业务标识作为 WLAN的签约标 识, AAA服务器在获取用户数据时, 同时获取用户接入 WLAN的权限。  Another method is to use a certain service identifier of the original mobile network as the subscription identifier of the WLAN, and the AAA server obtains the user's access to the WLAN at the same time when acquiring the user data.
而且, 在该方法中, 对于漫游用户, 可能是其他运营商的用户, 无法要 求其他运营商使用统一的运营商自定义的运营商决定的闭锁业务 (Operator Determined Barring , ODB) 或者其他标识作为用户接入 WLAN的签约标识, 因而造成不能识别, 进而鉴权失败。  Moreover, in this method, for roaming users, users of other operators may not be required to require other operators to use the Operator Determined Barring (ODB) or other identifier determined by the unified operator-defined operator as the user. Access to the WLAN's subscription identifier, resulting in unrecognizable, and authentication failure.
发明内容 Summary of the invention
本发明实施例提供一种确定用户接入无线局域网权限的方法、 设备和系 统, 解决了如何确定用户接入 WLAN的权限的问题。  Embodiments of the present invention provide a method, device, and system for determining a user's access to a WLAN, and solve the problem of how to determine a user's access to a WLAN.
第一方面, 本发明实施例提供了一种确定用户接入无线局域网权限的方 法, 包括:  In a first aspect, an embodiment of the present invention provides a method for determining a user access to a wireless local area network, including:
接收运营商的无线局域网 WLAN发起的用户的接入认证请求, 确认所述 用户通过用户鉴权;  Receiving an access authentication request of a user initiated by the WLAN of the operator, and confirming that the user authenticates through the user;
向用户的归属位置寄存器或归属用户服务器发送请求消息来请求用户在 网络中的附着位置信息;  Sending a request message to the user's home location register or the home subscriber server to request the user's attachment location information in the network;
接收所述归属位置寄存器或归属用户服务器发送的所述用户的附着位置 ^ I 自、 .;  Receiving the home location register or the attachment location of the user sent by the home subscriber server ^ I from , .
根据所述附着位置信息, 确定所述用户接入 WLAN的权限。  And determining, according to the attachment location information, the permission of the user to access the WLAN.
在第一方面的第一种可能的实施方式中, 根据所述附着位置信息, 确定 所述用户接入 WLAN的权限具体包括: 根据所述附着位置信息确定所述用户 附着在所述运营商的移动网络上, 则允许所述用户接入 WLAN; 或根据所述 附着位置信息来确定用户的归属网络被包括在可以使用 WLAN的白名单中, 则允许所述用户接入 WLAN。 In a first possible implementation manner of the first aspect, determining, according to the location information, the right of the user to access the WLAN, specifically: determining, according to the location information, that the user is attached to the operator On the mobile network, the user is allowed to access the WLAN; or according to the The location information is attached to determine that the user's home network is included in a whitelist that can use the WLAN, allowing the user to access the WLAN.
结合第一方面的第一种可能的实施方式, 在第一方面的第二种可能的实 施方式中, 当用户接入 WLAN后, 获取用户的附着位置信息; 根据用户接入 WLAN后获取的附着位置信息, 确定所述用户已经离开所述运营商的移动网 络, 则将所述用户从 WLAN上断开。  With reference to the first possible implementation manner of the first aspect, in a second possible implementation manner of the first aspect, after the user accesses the WLAN, acquiring the location information of the user; and obtaining the attachment according to the user accessing the WLAN The location information determines that the user has left the mobile network of the operator, and disconnects the user from the WLAN.
在第一方面的第二种可能的实施方式中, 根据所述附着位置信息, 确定 所述用户接入 WLAN网络的权限具体包括: 根据所述附着位置信息确定所述 用户没有附着在所述运营商的移动网络上, 则拒绝所述用户接入 WLAN; 或 根据附着位置信息来确定用户的归属网络没有被包括在可以使用 WLAN的白 名单中, 则拒绝所述用户接入 WLAN。  In a second possible implementation manner of the first aspect, determining that the user accessing the WLAN network according to the attachment location information specifically includes: determining, according to the attachment location information, that the user is not attached to the operation On the mobile network of the quotient, the user is denied access to the WLAN; or if the home network of the user is not included in the whitelist that can use the WLAN according to the attached location information, the user is denied access to the WLAN.
结合第一方面的第二种可能的实施方式, 在第一方面的第二种可能的实 施方式中, 向为所述用户服务的短消息中心发送短消息, 用以通知用户在附 着到所述运营商的移动网络后, 可以使用 WLAN业务。  In conjunction with the second possible implementation of the first aspect, in a second possible implementation of the first aspect, the short message center serving the user is sent a short message to notify the user that the After the operator's mobile network, the WLAN service can be used.
第二方面, 本发明实施例提供了一种确定用户接入无线局域网权限的设 备, 包括:  In a second aspect, an embodiment of the present invention provides a device for determining a user access to a WLAN, including:
第一接收单元 41, 用于接收运营商的无线局域网 WLAN发起的用户的接 入认证请求, 确认所述用户通过用户鉴权;  The first receiving unit 41 is configured to receive an access authentication request of a user initiated by the WLAN of the operator, and confirm that the user authenticates by using the user;
第一发送单元 42, 用于向用户的归属位置寄存器或归属用户服务器发送 请求消息来请求用户在网络中的附着位置信息;  The first sending unit 42 is configured to send a request message to the user's home location register or the home subscriber server to request the user's attachment location information in the network;
第二接收单元 43, 用于接收所述归属位置寄存器或归属用户服务器发送 的所述用户的附着位置信息;  The second receiving unit 43 is configured to receive the location information of the user sent by the home location register or the home subscriber server;
确定单元 44, 用于根据所述附着位置信息, 确定所述用户接入所述 WLAN的权限。  The determining unit 44 is configured to determine, according to the attached location information, the right of the user to access the WLAN.
在第二方面的第一种可能的实施方式中, 所述确定单元具体用于根据所 述附着位置信息确定所述用户附着在所述运营商的移动网络上, 则允许所述 用户接入 WLAN; 或根据所述附着位置信息来确定用户的归属网络包括在可 以使用 WLAN的白名单中, 则允许所述用户接入 WLAN。 In a first possible implementation manner of the second aspect, the determining unit is specifically configured to be used according to the Determining the location information to determine that the user is attached to the mobile network of the operator, allowing the user to access the WLAN; or determining, according to the attached location information, that the user's home network is included in a whitelist that can use the WLAN , allowing the user to access the WLAN.
结合第一方面的第一种可能的实施方式, 在第一方面的第二种可能的实 施方式中, 还包括断开单元 45, 用于当用户接入 WLAN后, 获取用户的附着 位置信息; 根据用户接入 WLAN后获取的附着位置信息, 确定所述用户已经 离开所述运营商的移动网络, 则将所述用户从 WLAN上断开。  With reference to the first possible implementation manner of the first aspect, in a second possible implementation manner of the first aspect, the method further includes: a disconnecting unit 45, configured to acquire the location information of the user after the user accesses the WLAN; The user is disconnected from the WLAN according to the location information obtained after the user accesses the WLAN, and determines that the user has left the mobile network of the operator.
在第一方面的第二种可能的实施方式中, 所述确定单元具体用于根据所 述附着位置信息确定所述用户没有附着在所述运营商的移动网络上, 则拒绝 所述用户接入 WLAN; 或根据附着位置信息来确定用户的归属网络没有被包 括在可以使用 WLAN的白名单中, 则拒绝所述用户接入 WLAN。  In a second possible implementation manner of the first aspect, the determining unit is specifically configured to determine, according to the location information, that the user is not attached to the mobile network of the operator, and reject the user access WLAN; or determining that the user's home network is not included in the whitelist that can use the WLAN according to the attached location information, the user is denied access to the WLAN.
结合第一方面的第二种可能的实施方式, 在第一方面的第二种可能的实 施方式中, 还包括第二发送单元 47, 用于向为所述用户服务的短消息中心发 送短消息, 以通知用户在附着到所述运营商的移动网络后, 可以使用 WLAN 业务。  In conjunction with the second possible implementation of the first aspect, in a second possible implementation manner of the first aspect, the second sending unit 47 is further configured to send a short message to the short message center serving the user. To notify the user that the WLAN service can be used after attaching to the mobile network of the operator.
第三方面, 本发明实施例提供了一种确定漫游用户接入无线局域网的权 限的***, 包括第一设备 61和第二设备 63, 所述第一设备 61用于接收运营商 的无线局域网 WLAN发起的用户的接入认证请求, 确认所述用户通过用户鉴 权, 向第二设备 63发送请求消息来请求用户在网络中的附着位置信息, 接收 第二设备 63发送的所述用户的附着位置信息, 根据所述附着位置信息, 确定 所述用户接入所述 WLAN的权限; 所述第二设备 63, 用于向第一设备 61发送 用户在网络中的附着位置信息。  In a third aspect, an embodiment of the present invention provides a system for determining a right of a roaming user to access a wireless local area network, including a first device 61 and a second device 63, where the first device 61 is configured to receive a wireless local area network (WLAN) of the operator. Initiating an access authentication request of the user, confirming that the user sends a request message to the second device 63 to request the user's attachment location information in the network, and receiving the attachment location of the user sent by the second device 63. And the second device 63 is configured to send, to the first device 61, the location information of the user in the network, according to the information about the attachment location.
本发明实施例提供的一种确定用户接入无线局域网的权限的方法、 设备 和***, 通过接收运营商的无线局域网 WLAN发起的用户的接入认证请求, 确认所述用户通过用户鉴权; 从用户的归属位置寄存器或归属用户服务器获 取所述用户在网络中的附着位置信息; 根据所述附着位置信息, 确定所述用 户接入所述 WLAN的权限。 该方法不需要在 HLR/HSS中签约用户的 WLAN接 入权限, 解决了如何确定用户接入 WLAN的权限的问题。 附图说明 A method, device, and system for determining a user's access rights to a wireless local area network are provided by the embodiment of the present invention, and the user is authenticated by receiving a user's access authentication request initiated by the wireless local area network (WLAN) of the operator; User's home location register or home user server And taking the location information of the user in the network; determining, according to the location information, the permission of the user to access the WLAN. The method does not need to sign the WLAN access rights of the user in the HLR/HSS, and solves the problem of how to determine the user's access rights to the WLAN. DRAWINGS
为了更清楚地说明本发明实施例的技术方案, 下面将对实施例描述中所 需要使用的附图作以简单地介绍, 显而易见地, 下面描述中的附图仅仅是本 发明的一些实施例, 对于本领域普通技术人员来讲, 在不付出创造性劳动的 前提下, 还可以根据这些附图获得其他的附图。  In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings used in the description of the embodiments will be briefly described. It is obvious that the drawings in the following description are only some embodiments of the present invention. Other drawings may also be obtained from those of ordinary skill in the art in view of the drawings.
图 1为本发明实施例提供的一种确定漫游用户接入 WLAN网络的权限的方 法流程图;  FIG. 1 is a flowchart of a method for determining a permission of a roaming user to access a WLAN network according to an embodiment of the present invention;
图 2为本发明实施例提供的另一种确定漫游用户接入 WLAN的权限的方法 流程图;  2 is a flowchart of another method for determining a right of a roaming user to access a WLAN according to an embodiment of the present invention;
图 3为本发明实施例提供的另一种确定漫游用户接入 WLAN的权限的方法 流程图;  FIG. 3 is a flowchart of another method for determining a right of a roaming user to access a WLAN according to an embodiment of the present invention;
图 4为本发明实施例提供的一种确定漫游用户接入 WLAN的权限的设备结 构图;  FIG. 4 is a structural diagram of an apparatus for determining a right of a roaming user to access a WLAN according to an embodiment of the present disclosure;
图 5为本发明实施例提供的另一种确定漫游用户接入 WLAN的权限的设备 图 6为本发明实施例提供的一种确定漫游用户接入 WLAN的权限的***示 意图;  5 is a device for determining the right of a roaming user to access a WLAN according to an embodiment of the present invention. FIG. 6 is a schematic diagram of a system for determining a right of a roaming user to access a WLAN according to an embodiment of the present invention;
图 7为本发明实施例提供的另一种确定漫游用户接入 WLAN的权限的设备  FIG. 7 is another device for determining the permission of a roaming user to access a WLAN according to an embodiment of the present invention;
具体实施方式 下面将结合本发明实施例中的附图, 对本发明实施例中的技术方案进行 清楚、 完整地描述, 显然, 所描述的实施例仅仅是本发明一部分实施例, 而 不是全部的实施例。 基于本发明中的实施例, 本领域普通技术人员在没有做 出创造性劳动前提下所获得的所有其他实施例, 都属于本发明保护的范围。 detailed description The technical solutions in the embodiments of the present invention are clearly and completely described in the following with reference to the accompanying drawings in the embodiments of the present invention. It is obvious that the described embodiments are only a part of the embodiments of the present invention, but not all of the embodiments. All other embodiments obtained by a person of ordinary skill in the art based on the embodiments of the present invention without departing from the inventive scope are the scope of the present invention.
一个国家或地区一般会存在多个移动运营商, 例如, 在中国就有移动运 营商、 联通运营商和电信运营商。 当用户打开其使用的智能终端的 WLAN功 能时, 智能终端会自动搜索到附件的 WLAN热点 (如***部署的热 点) , 如果用户选择了基于 (U) SIM卡的认证, 则终端会自动连接 WLAN热 点 (如***部署的热点) , 并发起认证请求。  There are usually multiple mobile operators in a country or region. For example, there are mobile operators, China Unicom operators and telecom operators in China. When the user turns on the WLAN function of the smart terminal used by the user, the smart terminal automatically searches for the attached WLAN hotspot (such as the hot spot deployed by China Mobile). If the user selects the (U) SIM card based authentication, the terminal will automatically connect. WLAN hotspots (such as hotspots deployed by China Mobile) and initiate authentication requests.
而且, 当一个其他国家的用户来到中国, 或者在中国一个地区的用户漫 游到中国的另一个地区, 用户是可以自主选择使用某个运营商的移动网络 的。  Moreover, when users from another country come to China, or users in one region of China travel to another region in China, users can choose to use a certain operator's mobile network.
图 1是本发明实施例提供的一种确定用户接入 WLAN的权限的方法流程 图。 这里的用户可以是漫游用户, 也可以是非漫游用户。  FIG. 1 is a flow chart of a method for determining a user's access to a WLAN according to an embodiment of the present invention. The user here can be a roaming user or a non-roaming user.
S101 , 接收运营商的无线局域网 WLAN发起的用户的接入认证请求, 确 认所述用户通过用户鉴权;  S101. Receive an access authentication request of a user initiated by a WLAN of the operator, and confirm that the user authenticates through the user.
S103 , 向用户的归属位置寄存器或归属用户服务器发送请求消息来请求 用户在网络中的附着位置信息;  S103. Send a request message to the user's home location register or the home subscriber server to request the user's location information in the network.
其中, 用户在网络中的附着位置信息可以是用户的拜访位置寄存器 (Visitor Location Register, VLR)号码, 或者是 GPRS服务支持节点 (Serving GPRS Support Node, SGSN)号码, 或者是用户所在的小区信息, 当然也不限 于此, 其他可以表示用户在网络中的附着位置的信息也可以。 进一歩的, SGSN号码可以表示用户在分组交换 (Packet Switch, PS) 域的位置信息, VLR号码或小区信息可以表示用户在电路交换 (Circuit Switch, CS ) 域的位 置信息。 请求消息可以采用但不限于如下消息中的任意一种: MAP消息中的 MAP- ANY-TIME-INTERROGATION MAP-PROVIDE-SUBSCRIBER-INFO, MAP— SEND— ROUTING— INFORMATION MAP-SEND-ROUTING-INFO- FOR-SM消息, 和 DIAMETER消息中的 Server-Assignment-Request等消息。 The location information of the user in the network may be a visitor location register (VLR) number of the user, or a GPRS Service Support Node (SGSN) number, or a cell information of the user. Of course, it is not limited to this, and other information indicating the location of the user's attachment in the network is also possible. Further, the SGSN number may indicate the location information of the user in the Packet Switch (PS) domain, and the VLR number or the cell information may indicate the location information of the user in the Circuit Switch (CS) domain. The request message may be, but is not limited to, any one of the following messages: MAP- ANY-TIME-INTERROGATION MAP-PROVIDE-SUBSCRIBER-INFO, MAP_SEND- ROUTING_ INFORMATION MAP-SEND-ROUTING-INFO- FOR in the MAP message -SM message, and Server-Assignment-Request in DIAMETER message.
S105 , 接收所述归属位置寄存器或归属用户服务器发送的所述用户的附 着位置信息;  S105. Receive the attached location information of the user sent by the home location register or a home subscriber server.
S107, 根据所述附着位置信息, 确定所述用户接入 WLAN的权限。  S107. Determine, according to the attachment location information, the permission of the user to access the WLAN.
可选的, 可以根据所述附着位置信息确定所述用户附着在所述运营商的 移动网络上, 或根据所述附着位置信息来确定用户的归属网络被包括在可以 使用 WLAN的白名单中, 则允许所述用户接入 WLAN。 其中, 这里的白名单 可以是包括一些运营商信息, 这些运营商可以使用该 WLAN。  Optionally, the user may be determined to be attached to the mobile network of the operator according to the attached location information, or determine, according to the attached location information, that the user's home network is included in a whitelist that can use the WLAN. The user is then allowed to access the WLAN. The whitelist here may include some operator information, and the operators can use the WLAN.
其中, 当用户接入 WLAN后, 可选的, 如果根据后续获取的附着位置信 息确定所述用户已经离开所述运营商的移动网络时, 则将所述用户从 WLAN 上断开。  After the user accesses the WLAN, if the user determines that the user has left the mobile network of the operator according to the subsequently obtained attachment location information, the user is disconnected from the WLAN.
当用户接入 WLAN后, 可选的, 采用如下方式可以在用户接入 WLAN后 仍然能获取到用户在网络中的附着位置信息, 例如: 可以通过周期性的向所 述归属位置寄存器或归属用户服务器发送请求消息来请求获取用户在网络中 的附着位置信息; 或者可以通过向所述归属位置寄存器或归属用户服务器发 送订阅消息来请求用户在网络中的附着位置信息, 这样当用户的附着位置信 息发生变化时, HLR /HSS会主动通知请求附着位置信息的请求方。  After the user accesses the WLAN, the user can still obtain the location information of the user in the network after the user accesses the WLAN. For example, the user can periodically register with the home location register or the home user. The server sends a request message to request to obtain the location information of the user in the network; or may request the location information of the user in the network by sending a subscription message to the home location register or the home subscriber server, so that the location information of the user is attached. When a change occurs, the HLR/HSS will actively notify the requester requesting the attachment location information.
可选的, 也可以根据所述附着位置信息确定所述用户没有附着在该运营 商的移动网络上, 或根据附着位置信息来确定用户的归属网络没有被包括在 可以使用 WLAN的白名单中, 则拒绝所述用户接入 WLAN。  Optionally, determining, according to the location information, that the user is not attached to the mobile network of the operator, or determining, according to the location information, that the user's home network is not included in a whitelist that can use the WLAN. The user is denied access to the WLAN.
其中, 当拒绝用户接入 WLAN后, 可选的, 可以向为所述用户服务的短 消息中心发送短消息, 用以通知用户在附着到该运营商的移动网络后, 可以 使用该运营商的 WLAN业务。 具体的: 可以通知用户如果附着到了该运营商 的移动网络后, 可以免费或者优惠使用该运营商的 WLAN业务。 通过这样的 方式, 可以吸引漫游入的用户更多的使用运营商的移动网络, 由于漫游用户 一般的资费较高, 所以这部分漫游用户可以给运营商带来更多的收益。 After the user is denied access to the WLAN, the short message may be sent to the short message center serving the user to notify the user that after attaching to the mobile network of the operator, Use the carrier's WLAN service. Specifically: The user may be notified that if the mobile network of the operator is attached, the WLAN service of the operator may be used for free or preferentially. In this way, the roaming users can be attracted to use the operator's mobile network. Since the roaming users generally have higher tariffs, these roaming users can bring more benefits to the operators.
上述提供的各个歩骤或特征的可选方案之间可以组合使用。  Alternatives to the various steps or features provided above may be used in combination.
通过本实施例提供的确定漫游用户接入 WLAN的权限的方法, 可以解决 如何确定用户的 WLAN接入权限的问题。 该方法不需要在 HLR/HS S中签约用 户的 WLAN接入权限。 而且, 对于漫游用户, 不需要运营商升级或改造现网 的 HLR/HSS, 也不需要各运营商使用统一的 ODB或者其他标识作为用户接入 WLAN的签约标识。  The method for determining the right of a roaming user to access the WLAN provided by the embodiment can solve the problem of determining the WLAN access authority of the user. This method does not require the WLAN access rights of the subscriber in the HLR/HS S. Moreover, for the roaming user, the operator does not need to upgrade or modify the HLR/HSS of the existing network, and the operator does not need to use the unified ODB or other identifier as the subscription identifier of the user to access the WLAN.
图 2是本发明实施例提供的另一种确定用户接入 WLAN的权限的方法流程 图。 本例中, 以用户有接入运营商 (这里以***为例) 部署的 WLAN的 权限为例。 这里的用户可以是漫游用户, 也可以是非漫游用户。  FIG. 2 is a flow chart of another method for determining a user's access to a WLAN according to an embodiment of the present invention. In this example, the WLAN rights that the user has access to the carrier (here, China Unicom for example) are used as an example. The user here can be a roaming user or a non-roaming user.
5201 , 用户通过用户终端 (User Equipment, UE) 接入到***的移动 网络。  5201. The user accesses the mobile network of China Unicom through a User Equipment (UE).
5202, MSC/SGSN向 HLR发起位置登记, HLR返回位置登记响应消息, 并下发用户的签约数据。 HLR记录 UE在移动网络中的附着位置信息, 如: UE 所附着的 SGSN号码, 或 UE所附着的 VLR号码, 或 UE所附着的小区信息。  5202. The MSC/SGSN initiates location registration with the HLR, and the HLR returns a location registration response message, and delivers the subscription data of the user. The HLR records the location information of the UE in the mobile network, such as the SGSN number to which the UE is attached, or the VLR number to which the UE is attached, or the cell information to which the UE is attached.
具体的, 如果是 VLR向 HLR发起的位置登记, 那么位置登记消息中携带 VLR号码, 可选的, 还可以携带小区信息。 如果是 SGSN向 HLR发起的位置登 记, 那么位置登记消息中携带 SGSN号码。  Specifically, if the location registration is initiated by the VLR to the HLR, the location registration message carries the VLR number, and optionally, the cell information may also be carried. If the location registration is initiated by the SGSN to the HLR, the location registration message carries the SGSN number.
5203 , UE和 WLAN建立关联之后, 向 WLAN发起鉴权。  5203. After the UE establishes an association with the WLAN, initiate authentication to the WLAN.
5204, WLAN向 AAA发起接入认证请求, 消息中携带用户的身份标识。 5204. The WLAN initiates an access authentication request to the AAA, where the message carries the identity of the user.
5205, 为了完成接入鉴权, AAA向 HLR/HSS发送获取用户鉴权向量的请 求消息。 例如可以是 MAP SEND AUTHENTICATION INFO或者 Multimedia- Auth-Request消息。 5205. In order to complete the access authentication, the AAA sends a request message for acquiring the user authentication vector to the HLR/HSS. For example, it can be MAP SEND AUTHENTICATION INFO or Multimedia- Auth-Request message.
5206, HSS/HLR返回鉴权向量。 该鉴权向量中不包括用户在网络中的附 着位置信息。  5206, HSS/HLR returns the authentication vector. The location information of the user in the network is not included in the authentication vector.
5207, AAA向 UE发起鉴权挑战。  5207. The AAA initiates an authentication challenge to the UE.
S208, UE返回鉴权挑战响应。  S208. The UE returns an authentication challenge response.
5209, AAA根据 UE返回的鉴权挑战响应, 确定用户鉴权成功。  S209: The AAA determines that the user authentication succeeds according to the authentication challenge response returned by the UE.
5210, AAA向 HLR/HSS发送获取用户在网络中的附着位置信息的请求消 息, 以从 HLR/HS S获取用户在网络中的附着位置信息。  5210. The AAA sends a request message for acquiring the location information of the user in the network to the HLR/HSS, so as to obtain the location information of the user in the network from the HLR/HS S.
其中, 该请求消息可以使用但不限于下列消息: MAP消息中的 MAP- ANY-TIME-INTERROGATION , MAP-PROVIDE- SUBSCRIBER-INFO , MAP— SEND— ROUTING— INFORMATION, MAP-SEND-ROUTING-INFO- FOR-SM消息, 或者 DIAMETER消息中的 Server-Assignment-Request等消息。  The request message can be used but is not limited to the following messages: MAP- ANY-TIME-INTERROGATION in the MAP message, MAP-PROVIDE- SUBSCRIBER-INFO, MAP_SEND- ROUTING_ INFORMATION, MAP-SEND-ROUTING-INFO-FOR -SM message, or a message such as Server-Assignment-Request in the DIAMETER message.
5211 , HLR /HSS向 AAA返回用户的附着位置信息。  5211, HLR /HSS returns the user's attachment location information to AAA.
其中, 这里返回的附着位置信息就是 HLR/HSS中记录的所附着的 SGSN号 码, 或 UE所附着的 VLR号码, 或 UE所附着的小区信息。  The attached location information returned here is the attached SGSN number recorded in the HLR/HSS, or the VLR number to which the UE is attached, or the cell information to which the UE is attached.
5212, AAA根据获得的附着位置信息判断用户是否有接入***的权 限, 在本实施例中, AAA确定用户有接入***的 WLAN的权限。  5212. The AAA determines, according to the obtained attachment location information, whether the user has the right to access China Unicom. In this embodiment, the AAA determines that the user has the right to access the WLAN of China Unicom.
具体的, AAA可以根据预先配置的策略和获得的附着位置信息来确定用 户是否有接入***的 WLAN的权限。 比如, 预先配置的策略, 可以是通 过用户附着的 VLR, SGSN或小区, 获知用户附着在了***的移动网络 上, 那么用户有接入***的 WLAN的权限; 也可以是, 用户附着在了某 些 VLR, SGSN或小区中, 则用户有使用***的 WLAN的权限; 也可以 是, AAA中设置白名单, 白名单中包括一些其他的运营商, 当用户接入白名 单中的这些运营商的移动网络中, 则用户有使用***的 WLAN的权限的 信息。 S213 , 向 WLAN返回认证成功的消息。 Specifically, the AAA may determine, according to the pre-configured policy and the obtained attachment location information, whether the user has the right to access the WLAN of China Unicom. For example, the pre-configured policy may be that the user attaches to the mobile network of China Unicom through the VLR, SGSN or cell attached to the user, and the user has the right to access the WLAN of China Unicom; or, the user is attached to In some VLRs, SGSNs, or cells, the user has the right to use China Unicom's WLAN. Alternatively, the whitelist is set in the AAA. The whitelist includes some other operators. When the user accesses the whitelist. In the operator's mobile network, the user has information on the rights of the China Unicom WLAN. S213. Return a message that the authentication succeeds to the WLAN.
在本实施例中, 可选的, 在 S213之后, 当用户接入 WLAN后, AAA可以 进一歩获取用户的附着位置信息; 当根据用户接入 WLAN后获取的附着位置 信息, 确定所述用户已经离开所述运营商的移动网络时, 则将所述用户从 WLAN上断开。  In this embodiment, optionally, after the S213, after the user accesses the WLAN, the AAA may further obtain the location information of the user, and determine, according to the location information obtained after the user accesses the WLAN, that the user has already obtained When leaving the mobile network of the operator, the user is disconnected from the WLAN.
其中, 当用户接入 WLAN后, AAA可以通过如下方式获取用户的附着位 置信息: 周期性的向 HLR/HSS发送该请求消息, 来请求用户在网络中的附着 位置信息, 这样在用户接入 WLAN后 AAA仍然能获取到用户在网络中的附着 位置信息; 或者, AAA向 HLR/HSS发送订阅消息来请求用户在网络中的附着 位置信息, 这样当用户的附着位置信息发生变化时, HLR /HSS会主动将用户 在网络中的附着位置信息通知 AAA。 在用户接入 WLAN后, AAA如果根据后 续获取的附着位置信息确定所述用户已经离开所述运营商的移动网络时, 则 将所述用户从该运营商的 WLAN上断开。  After the user accesses the WLAN, the AAA can obtain the location information of the user by: sending the request message to the HLR/HSS periodically to request the location information of the user in the network, so that the user accesses the WLAN. The AAA can still obtain the location information of the user in the network; or, the AAA sends a subscription message to the HLR/HSS to request the location information of the user in the network, so that when the location information of the user changes, the HLR/HSS The AAA will be notified to the location information of the user in the network. After the user accesses the WLAN, the AAA disconnects the user from the WLAN of the operator if it determines that the user has left the mobile network of the operator according to the subsequent acquired location information.
上述提供的各个歩骤或特征的可选方案之间可以组合使用。  Alternatives to the various steps or features provided above may be used in combination.
通过本实施例提供的确定用户接入 WLAN的权限的方法, 可以解决如何 确定用户的 WLAN接入权限的问题。 该方法不需要在 HLR/HSS中签约用户的 WLAN接入权限。 而且, 对于漫游用户, 不需要运营商升级或改造现网的 HLR/HSS, 也不需要各运营商使用统一的 ODB或者其他标识作为用户接入 WLAN的签约标识。  The method for determining the user's access to the WLAN provided by the embodiment can solve the problem of determining the WLAN access authority of the user. This method does not require the WLAN access rights of the subscriber in the HLR/HSS. Moreover, for the roaming user, the operator does not need to upgrade or modify the HLR/HSS of the existing network, and the operator does not need to use the unified ODB or other identifier as the subscription identifier of the user to access the WLAN.
图 3是本发明实施例提供的另一种确定漫游用户接入 WLAN的权限的方法 流程图。 本例中, 以用户没有接入运营商 (这里以***为例) 部署的 WLAN的权限为例。 这里的用户可以是漫游用户, 也可以是非漫游用户。  FIG. 3 is a flowchart of another method for determining a right of a roaming user to access a WLAN according to an embodiment of the present invention. In this example, the WLAN rights that the user does not have access to the carrier (here, China Unicom for example) are used as an example. The user here can be a roaming user or a non-roaming user.
S301-S309, 同图 2所示的实施例中的 S201-S209。  S301-S309, S201-S209 in the embodiment shown in Fig. 2.
S310, AAA向 HLR/HSS发送获取用户在网络中的附着位置信息的请求消 息, 以从 HLR/HS S获取用户在网络中的附着位置信息。 其中, 该请求消息可以使用但不限于下列消息: MAP消息中的 MAP- ANY-TIME-INTERROGATION, MAP-PROVIDE-SUBSCRIBER-INFO, S310. The AAA sends a request message for acquiring the location information of the user in the network to the HLR/HSS, so as to obtain the location information of the user in the network from the HLR/HSS. The request message may be used but is not limited to the following messages: MAP-ANY-TIME-INTERROGATION, MAP-PROVIDE-SUBSCRIBER-INFO in the MAP message,
MAP— SEND— ROUTING— INFORMATION, MAP-SEND-ROUTING-INFO- FOR-SM消息, 或者 DIAMETER消息中的 Server-Assignment-Request等消息。 MAP — SEND — ROUTING — INFORMATION, MAP-SEND-ROUTING-INFO- FOR-SM message, or Server-Assignment-Request message in DIAMETER message.
S311, HLR /HSS向 AAA返回用户的附着位置信息。  S311, the HLR/HSS returns the attachment location information of the user to the AAA.
其中, 这里返回的附着位置信息就是 HLR/HSS中记录的 UE所附着的 SGSN号码, 或 UE所附着的 VLR号码, 或 UE所附着的小区信息。  The location information returned here is the SGSN number to which the UE is recorded in the HLR/HSS, or the VLR number to which the UE is attached, or the cell information to which the UE is attached.
5312, AAA根据获得的附着位置信息判断用户是否有接入***的权 限, 在本实施例中, AAA确定用户没有接入***的 WLAN的权限。  The AAA determines, according to the obtained attachment location information, whether the user has the right to access China Unicom. In this embodiment, the AAA determines that the user does not have access to the China Unicom WLAN.
具体的, AAA可以根据预先配置的策略和获得的附着位置信息来确定用 户是否有接入***的 WLAN的权限。 比如, 预先配置的策略, 可以是通 过用户附着的 VLR, SGSN或小区, 获知用户附着在了***的移动网络 上, 那么用户有接入***的 WLAN的权限; 也可以是, 用户附着在了某 些 VLR, SGSN或小区中, 则用户有使用***的 WLAN的权限; 也可以 是, AAA中设置白名单, 白名单中包括一些其他的运营商名单, 当用户接入 白名单中的这些运营商的移动网络中, 则用户有使用***的 WLAN的权 限的信息。  Specifically, the AAA may determine whether the user has the right to access the China Unicom WLAN according to the pre-configured policy and the obtained attachment location information. For example, the pre-configured policy may be that the user attaches to the mobile network of China Unicom through the VLR, SGSN or cell attached to the user, and the user has the right to access the WLAN of China Unicom; or, the user is attached to In some VLRs, SGSNs, or cells, the user has the right to use China Unicom's WLAN. Alternatively, the whitelist is set in the AAA. The whitelist includes some other carriers. When the user accesses the whitelist. In the mobile networks of these operators, users have information on the rights of China Unicom's WLAN.
5313 , 向 WLAN返回认证失败的消息。  5313, returning the message that the authentication failed to the WLAN.
可选的, 本实施例在拒绝用户接入 WLAN后, 还可以包括 S314和 S315两 个歩骤。  Optionally, after the user is denied access to the WLAN, the embodiment may further include two steps S314 and S315.
5314, AAA向为所述用户服务的短消息中心发送短消息, 用以通知用户 在附着到***的移动网络后, 可以使用***的 WLAN业务。 具体 的: 可以通知用户如果附着到了***的移动网络后, 可以免费或者优惠 使用***的 WLAN业务。  5314. The AAA sends a short message to the short message center serving the user, to notify the user that the WLAN service of China Unicom can be used after attaching to the mobile network of China Unicom. Specifically: Users can be notified that if they are attached to China Unicom's mobile network, they can use China Unicom's WLAN service for free or preferentially.
5315, 短消息中心向 UE发送短消息。 通过在拒绝用户接入 WLAN后, 向用户发送短消息的方式, 可以吸引漫 游入的用户更多的使用***的移动网络, 由于漫游用户一般的资费较 高, 所以这部分漫游用户可以给***带来更多的收益。 5315. The short message center sends a short message to the UE. By sending a short message to the user after denying the user access to the WLAN, the user who is roaming can be attracted to use the mobile network of China Unicom. Since the general tariff of the roaming user is high, this part of the roaming user can give to China. China Unicom brings more benefits.
上述提供的各个歩骤或特征的可选方案之间可以组合使用。  Alternatives to the various steps or features provided above may be used in combination.
通过本实施例提供的确定用户接入 WLAN的权限的方法, 可以解决如何 确定用户的 WLAN接入权限的问题。 该方法不需要在 HLR/HSS中签约用户的 WLAN接入权限。 而且, 对于漫游用户, 不需要运营商升级或改造现网的 HLR/HSS, 也不需要各运营商使用统一的 ODB或者其他标识作为用户接入 WLAN的签约标识。  The method for determining the user's access to the WLAN provided by the embodiment can solve the problem of determining the WLAN access authority of the user. This method does not require the WLAN access rights of the subscriber in the HLR/HSS. Moreover, for the roaming user, the operator does not need to upgrade or modify the HLR/HSS of the existing network, and the operator does not need to use the unified ODB or other identifier as the subscription identifier of the user to access the WLAN.
如图 4所示, 为本发明实施例提供的一种确定用户接入 WLAN的权限的设 备结构图。 该设备包括:  As shown in FIG. 4, it is a structural diagram of a device for determining a user's access to a WLAN according to an embodiment of the present invention. The device includes:
第一接收单元 41, 用于接收运营商的无线局域网 WLAN发起的用户的接 入认证请求, 确认所述用户通过用户鉴权;  The first receiving unit 41 is configured to receive an access authentication request of a user initiated by the WLAN of the operator, and confirm that the user authenticates by using the user;
第一发送单元 42, 用于向用户的归属位置寄存器或归属用户服务器发送 请求消息来请求用户在网络中的附着位置信息;  The first sending unit 42 is configured to send a request message to the user's home location register or the home subscriber server to request the user's attachment location information in the network;
第二接收单元 43, 用于接收所述归属位置寄存器或归属用户服务器发送 的所述用户的附着位置信息;  The second receiving unit 43 is configured to receive the location information of the user sent by the home location register or the home subscriber server;
确定单元 44, 用于根据所述附着位置信息, 确定所述用户接入所述 WLAN的权限。  The determining unit 44 is configured to determine, according to the attached location information, the right of the user to access the WLAN.
可选的, 所述确定单元具体用于根据所述附着位置信息确定所述用户附 着在所述运营商的移动网络上, 或根据所述附着位置信息来确定用户的归属 网络被包括在可以使用 WLAN的白名单中, 则允许所述用户接入 WLAN。 进 一歩的, 该设备还可以包括断开单元 45, 用于当用户接入 WLAN后, 获取用 户的附着位置信息; 根据用户接入 WLAN后获取的附着位置信息, 确定所述 用户已经离开所述运营商的移动网络时, 则将所述用户从 WLAN上断开。 上述各单元之间的交互流程具体可以参考方法实施例中的描述, 这里不 再赘述。 Optionally, the determining unit is specifically configured to determine, according to the attached location information, that the user is attached to the mobile network of the operator, or determine, according to the attached location information, that a user's home network is included in an available In the white list of the WLAN, the user is allowed to access the WLAN. Further, the device may further include a disconnecting unit 45, configured to acquire the attached location information of the user after the user accesses the WLAN; and determine, according to the attached location information acquired after the user accesses the WLAN, that the user has left the When the operator's mobile network is connected, the user is disconnected from the WLAN. For details of the interaction process between the foregoing units, reference may be made to the description in the method embodiments, and details are not described herein again.
本实施例中, 确定用户接入 WLAN的权限的设备具体可以为 AAA服务 器, 用户可以是漫游用户, 也可以是非漫游用户。  In this embodiment, the device that determines the user's access to the WLAN may be an AAA server, and the user may be a roaming user or a non-roaming user.
通过本实施例提供的确定用户接入 WLAN的权限的设备, 可以解决如何 确定用户的 WLAN接入权限的问题。 运用该设备后, 不需要在 HLR/HSS中签 约用户的 WLAN接入权限。 而且, 对于漫游用户, 不需要运营商升级或改造 现网的 HLR/HSS , 也不需要各运营商使用统一的 ODB或者其他标识作为用户 接入 WLAN的签约标识。  The device for determining the privilege of the user to access the WLAN provided by the embodiment can solve the problem of determining the WLAN access authority of the user. After using this device, you do not need to sign the user's WLAN access rights in HLR/HSS. Moreover, for the roaming user, the operator does not need to upgrade or modify the HLR/HSS of the existing network, and the operator does not need to use the unified ODB or other identifier as the subscription identifier of the user to access the WLAN.
如图 5所示, 为本发明实施例提供的另一种确定用户接入 WLAN的权限的 设备结构图。 该设备包括: 图 4所示的实施例中的第一接收单元 41, 第一发送 单元 42, 第二接收单元 43和确定单元 44。  FIG. 5 is a structural diagram of another apparatus for determining a user's access to a WLAN according to an embodiment of the present invention. The apparatus comprises: a first receiving unit 41, a first transmitting unit 42, a second receiving unit 43, and a determining unit 44 in the embodiment shown in Fig. 4.
可选的, 所述确定单元具体用于根据所述附着位置信息确定所述用户没 有附着在所述运营商的移动网络上, 或根据附着位置信息来确定用户的归属 网络没有被包括在可以使用 WLAN的白名单中, 则拒绝所述用户接入 WLAN。 进一歩的, 该设备还可以包括第二发送单元 47, 用于向为所述用户 服务的短消息中心发送短消息, 以通知用户在附着到所述运营商的移动网络 后, 可以使用 WLAN业务。  Optionally, the determining unit is specifically configured to determine, according to the attached location information, that the user is not attached to the mobile network of the operator, or determine, according to the attached location information, that the user's home network is not included in the available network. In the white list of the WLAN, the user is denied access to the WLAN. Further, the device may further include a second sending unit 47, configured to send a short message to the short message center serving the user, to notify the user that the WLAN service may be used after attaching to the mobile network of the operator. .
上述各单元之间的交互流程具体可以参考方法实施例中的描述, 这里不 再赘述。  For details of the interaction process between the foregoing units, reference may be made to the description in the method embodiments, and details are not described herein.
本实施例中, 确定用户接入 WLAN的权限的设备具体可以为 AAA服务 器。 这里的用户可以是漫游用户, 也可以是非漫游用户。  In this embodiment, the device that determines the user's access to the WLAN may specifically be an AAA server. The user here can be a roaming user or a non-roaming user.
通过本实施例提供的确定漫游用户接入 WLAN的权限的设备, 可以解决 如何确定用户的 WLAN接入权限的问题。 运用该设备后, 不需要在 HLR/HSS 中签约用户的 WLAN接入权限。 而且, 对于漫游用户, 不需要运营商升级或 改造现网的 HLR/HSS , 也不需要各运营商使用统一的 ODB或者其他标识作为 用户接入 WLAN的签约标识。 The device for determining the right of the roaming user to access the WLAN provided by the embodiment can solve the problem of determining the WLAN access authority of the user. After using this device, you do not need to sign the WLAN access rights of the user in the HLR/HSS. Moreover, for roaming users, no operator upgrades are required or To transform the HLR/HSS of the existing network, each operator does not need to use a unified ODB or other identifier as the subscription identifier for the user to access the WLAN.
如图 6所示, 为本发明实施例提供的一种确定用户接入 WLAN网络的权限 的***, 该***包括: 第一设备 61和第二设备 63。  As shown in FIG. 6, a system for determining a user's access to a WLAN network according to an embodiment of the present invention includes: a first device 61 and a second device 63.
其中, 第一设备 61用于接收运营商的无线局域网 WLAN发起的用户的接 入认证请求, 确认所述用户通过用户鉴权, 向第二设备 63发送请求消息来请 求用户在网络中的附着位置信息, 接收第二设备 63发送的所述用户的附着位 置信息, 根据所述附着位置信息, 确定所述用户接入所述 WLAN的权限。  The first device 61 is configured to receive an access authentication request of the user initiated by the WLAN of the operator, and confirm that the user sends a request message to the second device 63 to request the user to attach to the network through user authentication. The information is received by the second device 63, and the user's access to the WLAN is determined according to the attached location information.
可选的, 第一设备可以为上述图 4或图 5所示的确定用户接入 WLAN的权 限的设备。  Optionally, the first device may be the device that determines the user accessing the WLAN according to the foregoing FIG. 4 or FIG. 5 .
第一设备可以为 AAA服务器, 第二设备可以为该用户的归属位置寄存器 或归属用户服务器。 本实施例中的用户可以是漫游用户, 也可以是非漫游用 户。  The first device may be an AAA server, and the second device may be a home location register or a home subscriber server of the user. The user in this embodiment may be a roaming user or a non-roaming user.
通过本实施例提供的确定用户接入 WLAN的权限的***, 可以解决如何 确定用户的 WLAN接入权限的问题。 运用该***后, 不需要在 HLR/HSS中签 约用户的 WLAN接入权限。 而且, 对于漫游用户, 不需要运营商升级或改造 现网的 HLR/HSS , 也不需要各运营商使用统一的 ODB或者其他标识作为用户 接入 WLAN的签约标识。  The system for determining the privilege of the user to access the WLAN provided by the embodiment can solve the problem of determining the WLAN access authority of the user. After using this system, it is not necessary to sign the user's WLAN access rights in the HLR/HSS. Moreover, for the roaming user, the operator does not need to upgrade or modify the HLR/HSS of the existing network, and the operator does not need to use the unified ODB or other identifier as the subscription identifier of the user to access the WLAN.
如图 7所示, 为本发明实施例提供的另一种确定用户接入 WLAN的权限的 设备结构图, 采用通用计算机***结构, 计算机***可具体是基于处理器的 计算机。 如图 7所示, 所述确定用户接入 WLAN的权限的设备包括至少一个处 理器 701, 通信总线 702, 存储器 703以及至少一个通信接口 704。  As shown in FIG. 7, another device structure diagram for determining the right of a user to access a WLAN according to an embodiment of the present invention adopts a general computer system structure, and the computer system may be a processor-based computer. As shown in FIG. 7, the device for determining the user's access to the WLAN includes at least one processor 701, a communication bus 702, a memory 703, and at least one communication interface 704.
处理器可以是一个通用中央处理器 (CPU) , 微处理器, 特定应用集成电 路 ( application-specific integrated circuit, ASIC), 或一个或多个用于控制本发 明方案程序执行的集成电路。 其中, 所述通信总线 702可包括一通路, 在上述组件之间传送信息。 所述 通信接口 704, 使用任何收发器一类的装置, 用于与以便与其他设备或通信网 络通信, 如以太网, 无线接入网 (RAN) , 无线局域网 (WLAN)等。 The processor may be a general purpose central processing unit (CPU), a microprocessor, an application-specific integrated circuit (ASIC), or one or more integrated circuits for controlling the execution of the program of the present invention. The communication bus 702 can include a path for transferring information between the components. The communication interface 704 uses means, such as any transceiver, for communicating with other devices or communication networks, such as Ethernet, Radio Access Network (RAN), Wireless Local Area Network (WLAN), and the like.
计算机***还包括一个或多个存储器, 可以是只读存储器 (read-only memory, ROM)或可存储静态信息和指令的其他类型的静态存储设备, 随机 存取存储器 (random access memory, RAM)或者可存储信息和指令的其他类 型的动态存储设备, 也可以是电可擦可编程只读存储器 (Electrically Erasable Programmable Read-Only Memory, EEPROM ) 、 只读光盘 ( Compact Disc Read-Only Memory , CD-ROM ) 或其他光盘存储、 光碟存储 (包括压缩光 碟、 激光碟、 光碟、 数字通用光碟、 蓝光光碟等) 、 磁盘存储介质或者其他 磁存储设备、 或者能够用于携带或存储具有指令或数据结构形式的期望的程 序代码并能够由计算机存取的任何其他介质, 但不限于此。 这些存储器通过 总线与处理器相连接。  The computer system also includes one or more memories, which may be read-only memory (ROM) or other types of static storage devices that can store static information and instructions, random access memory (RAM) or Other types of dynamic storage devices that can store information and instructions, or Electrically Erasable Programmable Read-Only Memory (EEPROM), CD-ROM (Compact Disc Read-Only Memory, CD-ROM) Or other disc storage, disc storage (including compact discs, laser discs, optical discs, digital versatile discs, Blu-ray discs, etc.), disk storage media or other magnetic storage devices, or capable of carrying or storing in the form of instructions or data structures The desired program code and any other medium that can be accessed by a computer, but is not limited thereto. These memories are connected to the processor via a bus.
其中, 所述存储器 703用于存储执行本发明方案的程序代码, 执行本发明 方案的程序代码保存在存储器中, 并由处理器来控制执行。 这些程序代码具 体可以包括: 第一接收单元 7031, 第一发送单元 7032, 第二接收单元 7033和 确定单元 7034 ; 所述处理器 701用于执行所述存储器 703中存储的单元, 当上 述单元被所述处理器 701执行时, 实现如下功能:  The memory 703 is configured to store program code for executing the solution of the present invention, and the program code for executing the solution of the present invention is stored in a memory and controlled by a processor. The program code may specifically include: a first receiving unit 7031, a first transmitting unit 7032, a second receiving unit 7033, and a determining unit 7034; the processor 701 is configured to execute a unit stored in the memory 703, when the unit is When the processor 701 is executed, the following functions are implemented:
第一接收单元 7031, 用于接收运营商的无线局域网 WLAN发起的用户的 接入认证请求, 确认所述用户通过用户鉴权;  The first receiving unit 7031 is configured to receive an access authentication request of the user initiated by the WLAN of the operator, and confirm that the user authenticates by using the user.
第一发送单元 7032, 用于向用户的归属位置寄存器或归属用户服务器发 送请求消息来请求用户在网络中的附着位置信息;  The first sending unit 7032 is configured to send a request message to the user's home location register or the home subscriber server to request the user's location information in the network;
第二接收单元 7033, 用于接收所述归属位置寄存器或归属用户服务器发 送的所述用户的附着位置信息;  a second receiving unit 7033, configured to receive the location information of the user sent by the home location register or a home subscriber server;
确定单元 7034, 用于根据所述附着位置信息, 确定所述用户接入所述 WLAN的权限。 a determining unit 7034, configured to determine, according to the attached location information, that the user accesses the WLAN permissions.
可选的, 所述确定单元具体用于根据所述附着位置信息确定所述用户附 着在所述运营商的移动网络上, 或根据所述附着位置信息来确定用户的归属 网络被包括在可以使用 WLAN的白名单中, 则允许所述用户接入 WLAN。 进 一歩的, 该程序代码还可以包括断开单元 7035, 用于当用户接入 WLAN后, 获取用户的附着位置信息; 根据用户接入 WLAN后获取的附着位置信息, 确 定所述用户已经离开所述运营商的移动网络时, 则将所述用户从 WLAN上断 开。 其中, 当用户接入 WLAN后, 获取用户的附着位置信息, 可以通过方 式: 向所述归属位置寄存器或归属用户服务器发送订阅消息来订阅所述用户 在网络中的附着位置信息; 或者, 周期性的向所述归属位置寄存器或归属用 户服务器发送请求消息, 来请求用户在网络中的附着位置信息。  Optionally, the determining unit is specifically configured to determine, according to the attached location information, that the user is attached to the mobile network of the operator, or determine, according to the attached location information, that a user's home network is included in an available In the white list of the WLAN, the user is allowed to access the WLAN. Further, the program code may further include a disconnecting unit 7035, configured to acquire the attached location information of the user after the user accesses the WLAN; and determine, according to the attached location information acquired after the user accesses the WLAN, that the user has left the location When the operator's mobile network is described, the user is disconnected from the WLAN. After the user accesses the WLAN, acquiring the location information of the user may be: sending a subscription message to the home location register or the home subscriber server to subscribe to the location information of the user in the network; or, periodically Sending a request message to the home location register or the home subscriber server to request the location information of the user in the network.
可选的, 所述确定单元具体用于根据所述附着位置信息确定所述用户没 有附着在所述运营商的移动网络上, 或根据附着位置信息来确定用户的归属 网络没有被包括在可以使用 WLAN的白名单中, 则拒绝所述用户接入 WLAN。 进一歩的, 该程序代码还可以包括第二发送单元 7036, 用于向为所 述用户服务的短消息中心发送短消息, 以通知用户在附着到所述运营商的移 动网络后, 可以使用 WLAN业务。  Optionally, the determining unit is specifically configured to determine, according to the attached location information, that the user is not attached to the mobile network of the operator, or determine, according to the attached location information, that the user's home network is not included in the available network. In the white list of the WLAN, the user is denied access to the WLAN. Further, the program code may further include a second sending unit 7036, configured to send a short message to the short message center serving the user, to notify the user that the WLAN can be used after attaching to the mobile network of the operator. business.
上述各单元之间的交互流程具体可以参考方法实施例中的描述, 这里不 再赘述。  For details of the interaction process between the foregoing units, reference may be made to the description in the method embodiments, and details are not described herein.
本实施例中, 确定用户接入 WLAN的权限的设备具体可以为 AAA服务 器。 用户可以是漫游用户, 也可以是非漫游用户。  In this embodiment, the device that determines the user's access to the WLAN may specifically be an AAA server. Users can be roaming users or non-roaming users.
通过本实施例提供的确定漫游用户接入 WLAN的权限的设备, 可以解决 如何确定用户的 WLAN接入权限的问题。 运用该设备后, 不需要在 HLR/HSS 中签约用户的 WLAN接入权限。 而且, 对于漫游用户, 不需要运营商升级或 改造现网的 HLR/HSS , 也不需要各运营商使用统一的 ODB或者其他标识作为 用户接入 WLAN的签约标识。 The device for determining the right of the roaming user to access the WLAN provided by the embodiment can solve the problem of determining the WLAN access authority of the user. After using this device, you do not need to sign the WLAN access rights of the user in the HLR/HSS. Moreover, for roaming users, operators are not required to upgrade or modify the HLR/HSS of the existing network, and each operator does not need to use a unified ODB or other identifiers. The subscription identifier of the user accessing the WLAN.
需要说明的是, 本说明书中的各个实施例均采用递进的方式描述, 各个 实施例之间相同相似的部分互相参见即可, 每个实施例重点说明的都是与其 他实施例的不同之处。 尤其, 对于设备实施例而言, 由于其基本相似于方法 实施例, 所以描述得比较简单, 各单元具体功能的执行过程参见方法实施例 的部分说明即可。 以上所描述的设备实施例仅仅是示意性的, 其中作为分离 部件说明的单元可以是或者也可以不是物理上分开的, 作为单元显示的部件 可以是或者也可以不是物理单元, 即可以位于一个地方, 或者也可以分布到 多个网络单元上。 可以根据实际的需要选择其中的部分或者全部模块来实现 本实施例方案的目的。 本领域普通技术人员在不付出创造性劳动的情况下, 即可以理解并实施。  It is to be noted that the various embodiments in the present specification are described in a progressive manner, and the same similar parts between the various embodiments may be referred to each other, and each embodiment focuses on different embodiments from other embodiments. At the office. In particular, for the device embodiment, since it is basically similar to the method embodiment, the description is relatively simple, and the execution process of each unit specific function can be referred to the description of the method embodiment. The device embodiments described above are merely illustrative, wherein the units described as separate components may or may not be physically separated, and the components displayed as units may or may not be physical units, ie may be located in one place. , or it can be distributed to multiple network elements. Some or all of the modules may be selected according to actual needs to achieve the purpose of the solution of the embodiment. Those of ordinary skill in the art can understand and implement without any creative effort.
以上所述, 仅为本发明的具体实施方式, 但本发明的保护范围并不局限 于此, 任何熟悉本技术领域的技术人员在本发明揭露的技术范围内, 可轻易 想到变化或替换, 都应涵盖在本发明的保护范围之内。 因此, 本发明的保护 范围应以所述权利要求的保护范围为准。  The above is only the specific embodiment of the present invention, but the scope of the present invention is not limited thereto, and any person skilled in the art can easily think of changes or substitutions within the technical scope of the present invention. It should be covered by the scope of the present invention. Therefore, the scope of the invention should be determined by the scope of the appended claims.

Claims

权 利 要 求 书 claims
1、 一种确定用户接入无线局域网的权限的方法, 其特征在于, 包括: 接收运营商的无线局域网 WLAN发起的用户的接入认证请求, 确认所述 用户通过用户鉴权; 1. A method for determining a user's access authority to a wireless local area network, which is characterized by: receiving a user's access authentication request initiated by the operator's wireless local area network WLAN, and confirming that the user has passed user authentication;
向用户的归属位置寄存器或归属用户服务器发送请求消息来请求用户在 网络中的附着位置信息; Send a request message to the user's home location register or home user server to request the user's attachment location information in the network;
接收所述归属位置寄存器或归属用户服务器发送的所述用户的附着位置 ^ I 自、 .; Receive the attachment location of the user sent by the home location register or the home user server ^ I from, .;
根据所述附着位置信息, 确定所述用户接入所述 WLAN的权限。 According to the attachment location information, the user's permission to access the WLAN is determined.
2、 如权利要求 1所述的方法, 其特征在于, 根据所述附着位置信息, 确 定所述用户接入所述 WLAN的权限具体包括: 根据所述附着位置信息确定所 述用户附着在所述运营商的移动网络上, 则允许所述用户接入 WLAN; 2. The method according to claim 1, characterized in that, based on the attachment location information, determining the user's permission to access the WLAN specifically includes: determining that the user is attached to the WLAN based on the attachment location information. On the operator's mobile network, the user is allowed to access WLAN;
或根据所述附着位置信息来确定用户的归属网络被包括在可以使用 WLAN的白名单中, 则允许所述用户接入 WLAN。 Or it is determined based on the attachment location information that the user's home network is included in a white list that can use WLAN, and then the user is allowed to access the WLAN.
3、 如权利要求 2所述的方法, 其特征在于, 所述允许所述用户接入 WLAN后, 进一歩包括: 3. The method of claim 2, wherein after allowing the user to access the WLAN, the further step includes:
当用户接入 WLAN后, 获取用户的附着位置信息; When the user accesses the WLAN, the user's attachment location information is obtained;
根据用户接入 WLAN后获取的附着位置信息, 确定所述用户已经离开所 述运营商的移动网络, 则将所述用户从 WLAN上断开。 According to the attachment location information obtained after the user accesses the WLAN, it is determined that the user has left the mobile network of the operator, and the user is disconnected from the WLAN.
4、 如权利要求 3所述的方法, 其特征在于, 所述当用户接入 WLAN后, 获取用户的附着位置信息, 具体包括: 向所述归属位置寄存器或归属用户服 务器发送订阅消息来订阅所述用户在网络中的附着位置信息。 4. The method according to claim 3, wherein after the user accesses the WLAN, obtaining the user's attachment location information specifically includes: sending a subscription message to the home location register or home user server to subscribe to all Describes the user's attachment location information in the network.
5、 如权利要求 3所述的方法, 其特征在于, 所述当用户接入 WLAN后, 获取用户的附着位置信息, 具体包括: 周期性的向所述归属位置寄存器或归 属用户服务器发送请求消息, 来请求用户在网络中的附着位置信息。 5. The method of claim 3, wherein: after the user accesses the WLAN, obtaining the user's attachment location information specifically includes: periodically sending request messages to the home location register or home user server. , to request the user's attachment location information in the network.
6、 如权利要求 1所述的方法, 其特征在于, 根据所述附着位置信息, 确 定所述用户接入所述 WLAN网络的权限具体包括: 6. The method of claim 1, wherein determining the user's permission to access the WLAN network according to the attachment location information specifically includes:
根据所述附着位置信息确定所述用户没有附着在所述运营商的移动网络 上, 则拒绝所述用户接入 WLAN; Determine that the user is not attached to the operator's mobile network based on the attachment location information, then deny the user access to the WLAN;
或根据附着位置信息来确定用户的归属网络没有被包括在可以使用 WLAN的白名单中, 则拒绝所述用户接入 WLAN。 Or it is determined based on the attachment location information that the user's home network is not included in the white list that can use the WLAN, and then the user is denied access to the WLAN.
7、 如权利要求 6所述的方法, 其特征在于, 进一歩包括: 向为所述用户 服务的短消息中心发送短消息, 用以通知用户在附着到所述运营商的移动网 络后, 可以使用 WLAN业务。 7. The method of claim 6, further comprising: sending a short message to a short message center serving the user to notify the user that after attaching to the mobile network of the operator, the user can Use WLAN service.
8、 一种确定用户接入无线局域网 WLAN的权限的设备, 其特征在于, 包 括: 8. A device for determining a user's permission to access a wireless local area network (WLAN), which is characterized by including:
第一接收单元 41, 用于接收运营商的无线局域网 WLAN发起的用户的接 入认证请求, 确认所述用户通过用户鉴权; The first receiving unit 41 is used to receive a user's access authentication request initiated by the operator's wireless local area network WLAN, and confirm that the user has passed user authentication;
第一发送单元 42, 用于向用户的归属位置寄存器或归属用户服务器发送 请求消息来请求用户在网络中的附着位置信息; The first sending unit 42 is used to send a request message to the user's home location register or home user server to request the user's attachment location information in the network;
第二接收单元 43, 用于接收所述归属位置寄存器或归属用户服务器发送 的所述用户的附着位置信息; The second receiving unit 43 is configured to receive the user's attachment location information sent by the home location register or the home user server;
确定单元 44, 用于根据所述附着位置信息, 确定所述用户接入所述 WLAN的权限。 The determining unit 44 is configured to determine the user's permission to access the WLAN according to the attachment location information.
9、 如权利要求 8所述的设备, 其特征在于, 所述确定单元具体用于根据 所述附着位置信息确定所述用户附着在所述运营商的移动网络上, 则允许所 述用户接入 WLAN; 或根据所述附着位置信息来确定用户的归属网络被包括 在可以使用 WLAN的白名单中, 则允许所述用户接入 WLAN。 9. The device according to claim 8, wherein the determining unit is specifically configured to determine that the user is attached to the mobile network of the operator according to the attachment location information, and then allow the user to access WLAN; or it is determined based on the attachment location information that the user's home network is included in a white list that can use WLAN, then the user is allowed to access WLAN.
10、 如权利要求 9所述的设备, 其特征在于, 包括: 10. The device according to claim 9, characterized in that it includes:
断开单元 45, 用于当用户接入 WLAN后, 获取用户的附着位置信息; 根 据用户接入 WLAN后获取的附着位置信息, 确定所述用户已经离开所述运营 商的移动网络, 则将所述用户从 WLAN上断开。 Disconnect unit 45, used to obtain the user's attachment location information after the user accesses the WLAN; Root According to the attachment location information obtained after the user accesses the WLAN, it is determined that the user has left the mobile network of the operator, and the user is disconnected from the WLAN.
11、 如权利要求 8所述的设备, 其特征在于, 所述确定单元具体用于根据 所述附着位置信息确定所述用户没有附着在所述运营商的移动网络上, 则拒 绝所述用户接入 WLAN; 或根据附着位置信息来确定用户的归属网络没有被 包括在可以使用 WLAN的白名单中, 则拒绝所述用户接入 WLAN。 11. The device according to claim 8, wherein the determining unit is specifically configured to determine that the user is not attached to the operator's mobile network according to the attachment location information, and then refuse the user access. access the WLAN; or it is determined based on the attachment location information that the user's home network is not included in the white list that can use the WLAN, then the user is denied access to the WLAN.
12、 如权利要求 11所述的设备, 其特征在于, 包括: 12. The device according to claim 11, characterized in that it includes:
第二发送单元 47, 用于向为所述用户服务的短消息中心发送短消息, 以 通知用户在附着到所述运营商的移动网络后, 可以使用 WLAN业务。 The second sending unit 47 is used to send a short message to the short message center serving the user to notify the user that the WLAN service can be used after being attached to the mobile network of the operator.
13、 一种确定漫游用户接入无线局域网的权限的***, 其特征在于, 包 括第一设备 61和第二设备 63, 13. A system for determining the permission of a roaming user to access a wireless local area network, which is characterized by including a first device 61 and a second device 63,
所述第一设备 61用于接收运营商的无线局域网 WLAN发起的用户的接入 认证请求, 确认所述用户通过用户鉴权, 向第二设备 63发送请求消息来请求 用户在网络中的附着位置信息, 接收第二设备 63发送的所述用户的附着位置 信息, 根据所述附着位置信息, 确定所述用户接入所述 WLAN的权限; The first device 61 is configured to receive a user's access authentication request initiated by the operator's wireless local area network WLAN, confirm that the user has passed user authentication, and send a request message to the second device 63 to request the user's attachment location in the network. information, receive the user's attachment location information sent by the second device 63, and determine the user's permission to access the WLAN based on the attachment location information;
所述第二设备 63, 用于向第一设备 61发送用户在网络中的附着位置信 息。 The second device 63 is used to send the user's attachment location information in the network to the first device 61.
14、 如权利要求 13所述的***, 其特征在于, 所述第一设备 61为权利要 求 8-12任一所述的设备。 14. The system according to claim 13, characterized in that the first device 61 is the device according to any one of claims 8-12.
PCT/CN2013/085314 2012-12-18 2013-10-16 Method, device, and system for determining access authority of user to wireless local area network WO2014094487A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201210551954.2A CN103052054B (en) 2012-12-18 2012-12-18 A kind of method, apparatus and system determining user's accessing WLAN authority
CN201210551954.2 2012-12-18

Publications (1)

Publication Number Publication Date
WO2014094487A1 true WO2014094487A1 (en) 2014-06-26

Family

ID=48064527

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2013/085314 WO2014094487A1 (en) 2012-12-18 2013-10-16 Method, device, and system for determining access authority of user to wireless local area network

Country Status (2)

Country Link
CN (1) CN103052054B (en)
WO (1) WO2014094487A1 (en)

Families Citing this family (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103052054B (en) * 2012-12-18 2016-03-30 华为技术有限公司 A kind of method, apparatus and system determining user's accessing WLAN authority
CN104113894B (en) * 2013-04-18 2018-12-07 华为技术有限公司 Control method, user equipment and the network controller of service distributing
CN104700040B (en) * 2013-12-10 2021-08-03 腾讯科技(深圳)有限公司 Authority control method and device
US10039112B2 (en) 2014-10-10 2018-07-31 Huawei Technologies Co., Ltd Methods and systems for provisioning a virtual network in software defined networks
JP6562434B2 (en) 2015-06-01 2019-08-21 ホアウェイ・テクノロジーズ・カンパニー・リミテッド Systems and methods for virtualized functions in the control and data plane
US10313887B2 (en) 2015-06-01 2019-06-04 Huawei Technologies Co., Ltd. System and method for provision and distribution of spectrum resources
US10111163B2 (en) 2015-06-01 2018-10-23 Huawei Technologies Co., Ltd. System and method for virtualized functions in control and data planes
US10212589B2 (en) 2015-06-02 2019-02-19 Huawei Technologies Co., Ltd. Method and apparatus to use infra-structure or network connectivity services provided by 3rd parties
US10700936B2 (en) 2015-06-02 2020-06-30 Huawei Technologies Co., Ltd. System and methods for virtual infrastructure management between operator networks
US10862818B2 (en) 2015-09-23 2020-12-08 Huawei Technologies Co., Ltd. Systems and methods for distributing network resources to network service providers
CN112867097A (en) * 2019-11-12 2021-05-28 华为技术有限公司 Network access method and communication device

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101730104A (en) * 2009-06-23 2010-06-09 中兴通讯股份有限公司 Method and device for authenticating access of user equipment and wireless local area network access network (WLAN AN)
CN102457938A (en) * 2010-10-18 2012-05-16 中兴通讯股份有限公司 User equipment (UE) access restriction method and system thereof
CN103052054A (en) * 2012-12-18 2013-04-17 华为技术有限公司 Method, equipment and system for determining access authority of users to wireless local area network (WLAN)

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8607316B2 (en) * 2010-08-31 2013-12-10 Blackberry Limited Simplified authentication via application access server

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101730104A (en) * 2009-06-23 2010-06-09 中兴通讯股份有限公司 Method and device for authenticating access of user equipment and wireless local area network access network (WLAN AN)
CN102457938A (en) * 2010-10-18 2012-05-16 中兴通讯股份有限公司 User equipment (UE) access restriction method and system thereof
CN103052054A (en) * 2012-12-18 2013-04-17 华为技术有限公司 Method, equipment and system for determining access authority of users to wireless local area network (WLAN)

Also Published As

Publication number Publication date
CN103052054B (en) 2016-03-30
CN103052054A (en) 2013-04-17

Similar Documents

Publication Publication Date Title
WO2014094487A1 (en) Method, device, and system for determining access authority of user to wireless local area network
US11089480B2 (en) Provisioning electronic subscriber identity modules to mobile wireless devices
CN112423301B (en) Private network registration management method and AMF network element
JP6339713B2 (en) Method for activating user, method for authenticating user, method for controlling user traffic, method for controlling user connection of 3G traffic Wi-Fi network and 3G traffic routing system
JP6574236B2 (en) UE-based network subscription management
CA2869189C (en) Service sharing system and apparatus
US11463883B2 (en) Cellular service account transfer for accessory wireless devices
US20130225123A1 (en) Method and apparatus for seamless delivery of services through a virtualized network
US20200374698A1 (en) Communication method and communications apparatus
US10660057B2 (en) Easy connectivity provisioning for cellular network
EP2856725B1 (en) Dynamic hotspot access control
WO2016155298A1 (en) Relay ue access control method and apparatus
CN108616805B (en) Emergency number configuration and acquisition method and device
WO2011054251A1 (en) Method, system and terminal for preventing access from illegal terminals
US20230076852A1 (en) Electronic device supporting plurality of sims and operating method therefor
WO2018058365A1 (en) Network access authorization method, and related device and system
WO2013170449A1 (en) Method, device and system for processing network sharing
RU2668114C2 (en) Method of managing shared network users, corresponding device and system
EP3114865A1 (en) Using services of a mobile packet core network
WO2013189319A1 (en) Implementation method and device for controlling terminal access to network
CN104754689B (en) home gateway access management method and system
US11606303B1 (en) Device initiated quality of service
WO2023169206A1 (en) Authorization verification method and device
EP4176604A1 (en) Method of slice support for vehicle-to-everything service
KR20220152950A (en) Network slice admission control (nsac) discovery and roaming enhancements

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 13866235

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 13866235

Country of ref document: EP

Kind code of ref document: A1