WO2017219673A1 - Vowifi network access method and system, and terminal - Google Patents

Vowifi network access method and system, and terminal Download PDF

Info

Publication number
WO2017219673A1
WO2017219673A1 PCT/CN2017/072276 CN2017072276W WO2017219673A1 WO 2017219673 A1 WO2017219673 A1 WO 2017219673A1 CN 2017072276 W CN2017072276 W CN 2017072276W WO 2017219673 A1 WO2017219673 A1 WO 2017219673A1
Authority
WO
WIPO (PCT)
Prior art keywords
user identity
terminal
authentication
user
vowifi network
Prior art date
Application number
PCT/CN2017/072276
Other languages
French (fr)
Chinese (zh)
Inventor
王昭鑫
Original Assignee
中兴通讯股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 中兴通讯股份有限公司 filed Critical 中兴通讯股份有限公司
Publication of WO2017219673A1 publication Critical patent/WO2017219673A1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • H04W12/069Authentication using certificates or pre-shared keys
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W48/00Access restriction; Network selection; Access point selection
    • H04W48/16Discovering, processing access restriction or access information

Definitions

  • the present invention relates to the field of communications, and in particular, to a VoWiFi network access method and system, and a terminal.
  • VoWiFi Voice over Wi-Fi
  • the technology utilizes the existing Wi-Fi (WIreless-Fidelity) network to realize wireless VoIP voice calls, and the user can perform roaming voice and video calls at any time within the coverage of the WLAN network through the VoWiFi terminal device.
  • VoWiFi technology has attracted more and more attention because of its low communication cost and the convenience of users for WLAN.
  • the access authentication needs to be performed.
  • the authentication needs to be performed based on the user identity.
  • the terminal does not store the user identity, the authentication cannot be performed to access the VoWiFi network.
  • the use of the terminal is limited, and the user's experience is not good.
  • the embodiment of the present invention provides a VoWiFi network access method, system, and terminal, and at least solves the technical problem that a terminal that does not store a user identity cannot access the VoWiFi network, so that the use of the terminal is limited, and the user experience is not good. .
  • a VoWiFi network access method including:
  • the user authentication response is obtained, and the user authentication response is sent to the gateway, so that the gateway completes the authentication according to the user authentication response to access the VoWiFi network.
  • the sending by the device that stores the user identity, an acquisition request, and acquiring the user identity, including at least one of the following:
  • sending the authentication parameter to the device that stores the user identity including at least one of the following:
  • the device forwards the authentication parameter to the user identity terminal that stores the user identity identifier
  • the authentication parameter is sent to the user identity identity terminal that stores the user identity identifier.
  • the user identity identifier includes: an international mobile subscriber identity.
  • a VoWiFi network access method including:
  • the authentication parameter is a parameter used by the terminal to perform the VoWiFi network access authentication according to the user identity.
  • the user identity identifier is obtained according to the obtaining request, and the user identity identifier is sent to the terminal, including at least one of the following:
  • the user authentication response is obtained according to the authentication parameter, and the user authentication response is sent to the terminal, including at least one of the following:
  • the user authentication response is generated locally according to the authentication parameter, and the user authentication response is sent to the terminal;
  • the authentication parameter is forwarded to the user identity terminal, and the user identity terminal calculates the authentication parameter according to the authentication parameter.
  • the user authentication response is obtained, the user authentication response is obtained, and the user authentication response is sent to the terminal.
  • a VoWiFi network access terminal including:
  • the user identity obtaining module is configured to send an acquisition request to the device that stores the user identity to obtain the user identity identifier
  • the authentication parameter obtaining module is configured to obtain an authentication parameter for performing VoWiFi network access authentication according to the user identity identifier
  • the authentication parameter sending module is configured to send the authentication parameter to the device that stores the user identity, so that the device calculates the user authentication response according to the authentication parameter;
  • the user authentication response processing module is configured to obtain a user authentication response, and send the user authentication response to the gateway for performing the VoWiFi network access authentication, so that the gateway completes the authentication according to the user authentication response to access the VoWiFi network.
  • a wireless access point device including:
  • Obtaining a request receiving module configured to receive an acquisition request sent by the terminal, and obtain the request for the terminal to acquire the user identity identifier;
  • the user identity identification processing module is configured to acquire the user identity identifier according to the acquisition request, and send the user identity identifier to the terminal;
  • the authentication parameter processing module is configured to receive the authentication parameter sent by the terminal, obtain the user authentication response according to the authentication parameter, and send the user authentication response to the terminal; the authentication parameter is used by the terminal to perform the VoWiFi network access authentication according to the user identity identifier. Parameters.
  • a VoWiFi network access system comprising: the above VoWiFi network access terminal and a wireless access point device.
  • a computer storage medium having stored therein computer executable instructions for performing the VoWiFi network access method of any of the foregoing.
  • the VoWiFi network access method and system, the terminal, the wireless access point device, and the computer storage medium according to the embodiment of the present invention obtain the user identity by sending an acquisition request to the device storing the user identity identifier; Sending an authentication parameter acquisition request to the gateway configured to perform the VoWiFi network access authentication, obtaining an authentication parameter for performing the VoWiFi network access authentication, and sending the authentication parameter to the device storing the user identity, so that the device calculates according to the authentication parameter
  • the user authentication response is obtained; the user authentication response is obtained, and the user authentication response is sent to the gateway, so that the gateway completes the authentication according to the user authentication response to access the VoWiFi network.
  • the terminal can enable the VoWiFi network access authentication through the user identity stored by the other device, thereby accessing the VoWiFi network, thereby improving the user experience.
  • FIG. 1 is a flowchart of a method for accessing a VoWiFi network according to Embodiment 1 of the present invention
  • FIG. 2 is a flowchart of a method for accessing a VoWiFi network according to Embodiment 2 of the present invention
  • FIG. 3 is a schematic structural diagram of a VoWiFi network according to Embodiment 3 of the present invention.
  • FIG. 4 is a flowchart of a method for accessing a VoWiFi network according to Embodiment 3 of the present invention.
  • FIG. 5 is a schematic diagram of a VoWiFi network access terminal according to Embodiment 4 of the present invention.
  • FIG. 6 is a schematic diagram of a wireless access point device according to Embodiment 4 of the present invention.
  • FIG. 7 is a schematic diagram of a VoWiFi network access system according to Embodiment 4 of the present invention.
  • FIG. 8 is a schematic diagram of a management frame format in an 802.11 protocol according to Embodiment 3 of the present invention.
  • FIG. 9 is a schematic diagram of a format of an information element according to Embodiment 3 of the present invention.
  • Embodiment 1 is a diagrammatic representation of Embodiment 1:
  • This embodiment provides a VoWiFi network access method, Referring to Figure 1, the specific includes:
  • Step S101 Send an acquisition request to the device storing the user identity to obtain the user identity.
  • the user terminal when the user wants to use the WLAN-based voice and/or video service provided by VoWiFi, the user terminal needs to access the VoWiFi network, and when the terminal accesses the VoWiFi network, the user identity is used for access authentication, if the terminal If the user identity identifier for the VoWiFi network access authentication is stored, the access of the VoWiFi network can be conveniently implemented, but if the terminal is a terminal that does not store the user identity, or the user identity stored by itself is If the terminal is unavailable, the terminal may obtain the user identity from other devices that store the user identity, and perform VoWiFi network access authentication.
  • an acquisition request is sent to the device that stores the user identity, and the user identity is obtained, including at least one of the following: sending an acquisition request to the wireless access point device that stores the user identity, and obtaining the wireless access. a user identity identifier stored by the access point device; sending an acquisition request to the wireless access point device, and the wireless access point device forwards the acquisition request to the user identity terminal that establishes communication with the user identity identifier, and obtains the user
  • the user identity identifier stored by the identity terminal is sent to the user identity terminal that stores the user identity, and the user identity identifier stored by the user identity terminal is obtained.
  • WIFI wireless access points
  • APs wireless access points
  • VoWiFi networks they are generally provided through AP devices.
  • the WIFI network is connected to the VoWiFi network, so the user identity can be stored directly at the AP.
  • the terminal When the terminal needs to access the VoWiFi network, the terminal establishes communication with the AP device, that is, accesses the wireless local area network where the AP is located, and the AP device is connected to the AP device. Send a get request to obtain the user identity stored by the AP device.
  • the terminal may establish a communication with the AP, and then send an acquisition request to the AP, and the AP forwards the acquisition request to the user identity terminal that stores the user identity.
  • the terminal is configured to obtain the user identity identifier stored by the user identity terminal.
  • the user identity identification terminal storing the user identity may directly establish communication, and conveniently obtain the user identity stored by the user identity terminal; and the user identity terminal Directly establishing communication to obtain the user identity may be established by using Bluetooth, Near Field Communication (NFC), etc. to obtain the user identity; or may be through a wired connection. Establish communication and obtain the user identity.
  • NFC Near Field Communication
  • the user identity identifier in this embodiment includes: an international mobile subscriber identity.
  • the currently used VoWiFi is based on the EAP-AKA (Extensible Authentication Protocol-Authentication and Key Agreement) authentication, and the EAP-AKA authentication needs to be based on the SIM (Subscriber Identity Module, user).
  • the IMSI (International Mobile Subscriber Identification Number) information in the identification module/user identification card is not able to perform EAP-AKA authentication when the terminal does not have a SIM card, that is, the core network cannot be accessed. Therefore, when accessing the VoWiFi network, the terminal can obtain IMSI information of other devices equipped with the SIM card for authentication to access the VoWiFi network.
  • the terminal can obtain the IMSI information of other devices equipped with the SIM card, and then perform authentication by using the acquired IMSI information.
  • the device provided with the SIM card may be a common mobile phone provided with a SIM card, or may be an AP provided with a SIM card.
  • the terminal obtains the IMSI information in the SIM card of the other device, which may be acquired when the VoWiFi network needs to be accessed, or may be acquired at any other time, and then continues to be stored after being acquired, when the VoWiFi network needs to be accessed.
  • the access authentication can be performed directly through the IMSI information.
  • the SIM card in this embodiment may be a normal SIM card, or may be a USIM (Universal Subscriber Identity Module) card, an eSIM (Embedded SIM) card, or the like.
  • Information SIM card may also be a unique identifier of the user such as a phone number. The user unique identifier may be used to uniquely locate a user, and the user unique identifier may be used to determine the access authentication for the VoWiFi network according to the phone number. IMSI information, which enables access to the VoWiFi network.
  • Step S102 Send an authentication parameter acquisition request to the gateway configured to perform the VoWiFi network access authentication according to the user identity, and obtain an authentication parameter used for performing the VoWiFi network access authentication.
  • the gateway for performing VoWiFi network access authentication in the VoWiFi network is generally an ePDG (evolved Packet Data Gateway), when the terminal needs When accessing the VoWiFi network, the ePDG establishes a data channel for data transmission between the two, and the data channel can be an IPSec tunnel, and then the terminal sends an authentication parameter acquisition request including the user identity to the ePDG through the tunnel. After receiving the authentication parameter acquisition request, the ePDG sends an authentication vector acquisition request to the AAA (Authentication/Authorization/Accounting) server according to the user identity identifier; the AAA generates a corresponding profile according to the user identity identifier.
  • the AAA Authentication/Authorization/Accounting
  • the weight vector is sent to the ePDG, where the authentication vector includes an XRES (Expected Response) and an authentication parameter, and the authentication parameter includes an RAND (Random Number) and an AUT (Authentication Token). Further, the authentication vector further includes other information such as a key used for authentication.
  • the ePDG After receiving the authentication vector, the ePDG sends the authentication parameter to the terminal, and stores the expected user authentication response locally for subsequent VoWiFi network access authentication.
  • Step S103 Send the authentication parameter to the device that stores the user identity, so that the device calculates the user authentication response according to the authentication parameter.
  • the terminal receives the authentication parameter sent by the ePDG, to ensure the security of the terminal access, the authentication parameter is sent to the device storing the user identity, and the device calculates the corresponding RES by using the authentication parameter. Response, user authentication response), then the device returns its calculated user authentication response to the terminal.
  • the sending the authentication parameter to the device for storing the user identity includes at least one of the following: when the user identity is obtained from the wireless access point device, sending the authentication parameter to the wireless access interface storing the user identity. Incoming point; when the user identity is obtained from the user identity terminal that establishes communication with the wireless access point device, the authentication parameter is sent to the wireless access point device, and the wireless access point device forwards the authentication parameter
  • the user identity terminal that stores the user identity is sent; when the user identity is obtained directly from the user identity terminal that stores the user identity, the authentication parameter is sent to the user identity terminal.
  • the device that sends the authentication parameter to the storage user identity identifier may establish WIFI communication with the wireless access point device that obtains the user identity, and send the authentication parameter to the wireless access point device.
  • the device may establish a WIFI communication with the wireless access point device, and send the user identity to the wireless access point device, and the wireless access point device converts the authentication parameter.
  • a user identity terminal that is sent to store the user identity. It is also possible to establish Bluetooth communication with the user identity terminal storing the user identity, and directly send the authentication parameter to the user identity terminal.
  • Step S104 Acquire a user authentication response, and send the user authentication response to the gateway, so that the gateway completes the authentication according to the user authentication response, and accesses the VoWiFi network.
  • the user authentication response generated by the device storing the user identity is obtained, and the user authentication response is further sent to the ePDG, and the ePDG compares the user authentication response with the XRES stored locally to determine whether the two are consistent.
  • the terminal is authenticated and allowed to access the VoWiFi network; if not, the terminal is an untrusted terminal and refuses to access the VoWiFi network.
  • the terminal in this embodiment may obtain only one user identity identifier, or may obtain two or more user identity identifiers, and then select one of the user identity identifiers for authentication according to requirements, such as providing a WLAN according to requirements.
  • the operator of the network selects the user identity of the WLAN network to support the access, or selects the user identity with high credit to access the VoWiFi network.
  • the method for accessing the VoWiFi network in this embodiment obtains the user identity by sending an acquisition request to the device that stores the user identity, and sends an authentication parameter acquisition request to the gateway for performing the voice authentication of the VoWiFi network according to the identity of the user.
  • Obtaining an authentication parameter for performing the VoWiFi network access authentication sending the authentication parameter to the device storing the user identity, causing the device to calculate the user authentication response according to the authentication parameter; obtaining the user authentication response, and sending the user authentication response to
  • the gateway enables the gateway to complete authentication according to the user authentication response to access the VoWiFi network.
  • the terminal can enable the VoWiFi network access authentication through the user identity stored by the other device, thereby accessing the VoWiFi network, thereby improving the user experience.
  • Embodiment 2 is a diagrammatic representation of Embodiment 1:
  • This embodiment provides a method for accessing a VoWiFi network.
  • the method specifically includes:
  • Step S201 Receive an acquisition request sent by the terminal, where the acquisition request is used by the terminal to acquire the user identity.
  • the terminal when the terminal needs to obtain the user identity by using the wireless access point device to access the VoWiFi network, the terminal sends an acquisition request for acquiring the user identification identifier to the wireless access point device, and the wireless access point device receives the request.
  • the user identity in this embodiment may be IMSI information stored in the SIM card.
  • Step S202 Acquire a user identity identifier according to the acquisition request, and send the user identity identifier to the terminal.
  • the wireless access point device after receiving the obtaining request sent by the terminal, obtains the user identity and sends the user identity to the terminal according to the obtaining request, and includes at least one of the following: acquiring the locally stored user identity, and sending the user identity to the terminal. And forwarding the obtaining request to the user identity terminal storing the user identity, obtaining the user identity stored by the user identity terminal, and sending the user identity to the terminal.
  • the wireless access point device locally stores the user identity
  • the user identity is sent to the terminal according to the acquisition request; if the user identity is not stored locally or the acquisition request sent by the terminal is the user that obtains the user identity terminal storage
  • the identity identifier is sent by the wireless access point device to the user identity identifier terminal, and the user identity identifier stored by the user identity identifier terminal is obtained, and the user identity identifier is sent to the terminal.
  • Step S203 Receive an authentication parameter sent by the terminal, obtain a user authentication response according to the authentication parameter, and send the user authentication response to the terminal.
  • the authentication parameter is a parameter used by the terminal to perform VoWiFi network access authentication according to the user identity.
  • the authentication parameter that is sent by the terminal and is obtained from the gateway for performing VoWiFi network access authentication may include RAND and AUTN. Then, a corresponding user authentication response (RES) is calculated according to the authentication parameter, and the authentication parameter may be an authentication parameter obtained according to the IMSI information. After the user authentication response is calculated, the user authentication response is sent to the terminal, and the sending manner includes at least one of the following: if the user identity sent to the terminal is a locally stored user identity, the user is locally generated according to the authentication parameter.
  • RES user authentication response
  • the authentication response sends the user authentication response to the terminal; if the user identity sent to the terminal is the user identity stored by the user identity terminal, the authentication parameter is sent to the user identity terminal, and the user
  • the identity identification terminal calculates a user authentication response according to the authentication parameter, obtains a user authentication response, and sends the user authentication response to the terminal.
  • the SIM card in this embodiment may be a normal SIM card, or may be a SIM card in which IMSI information is stored, such as a USIM card or an eSIM card.
  • IMSI information such as a USIM card or an eSIM card.
  • the SIM card in this embodiment may be a normal SIM card, or may be a SIM card in which IMSI information is stored, such as a USIM card or an eSIM card.
  • IMSI information such as a USIM card or an eSIM card.
  • the terminal may select a user identity identifier to be sent to the terminal according to the acquisition request, or send all user identity identifiers to the terminal, and the terminal selects to use Obtain the user ID of the authentication parameter and obtain the authentication parameter.
  • the VoWiFi network access method provided by the embodiment is configured to receive the acquisition request sent by the terminal, and obtain the request for the terminal to obtain the user identity identifier; obtain the user identity identifier according to the acquisition request and send the identifier to the terminal; and receive the authentication parameter sent by the terminal, according to the authentication parameter.
  • the user authentication response is obtained and sent to the terminal; the authentication parameter is a parameter used by the terminal to perform VoWiFi network access authentication according to the user identity. That is, the user identity identifier can be provided for the terminal that needs to access the VoWiFi network, and the user authentication response is calculated according to the authentication parameter, so that the terminal can access the VoWiFi network, thereby improving the user experience.
  • Embodiment 3 is a diagrammatic representation of Embodiment 3
  • the user identity is the IMSI information of the SIM card.
  • the device When the terminal that is not provided with the SIM card needs to be accessed, the device may be obtained by acquiring the SIM card in a LAN.
  • the IMSI information of the SIM card is used for network access authentication, thereby implementing access to the VoWiFi network.
  • the SIM card may also be a SIM card in which IMSI information is stored, such as a USIM card or an eSIM card.
  • the structure of the VoWiFi network in this embodiment is as shown in FIG.
  • the terminal accesses the ePDG gateway through the wireless AP, and then accesses the EPC (Evolved Packet Core, Evolved Packet Core/4G core network) core network and IMS (IP Multimedia Subsystem). , IP Multimedia Subsystem) network, to achieve high-definition voice and video calls, so you can set the USIM card on the AP, by obtaining the IMSI information of the USIM card of the AP Realize access to the VoWiFi network.
  • a terminal that does not have a USIM card is used as a station STA (Station).
  • the terminal may be a computer with a wireless network card, or a smart phone with a WiFi module, and the AP with a USIM card is It provides WLAN access services and IMSI information.
  • the VoWiFi network access process provided in this embodiment includes:
  • Step S301 the STA connects to the AP to establish communication with the AP.
  • Step S302 the STA sends an IMSI acquisition request to the AP.
  • Step S303 After receiving the IMSI acquisition request, the AP reads the IMSI information of the built-in USIM card.
  • Step S304 the AP transmits the USIM card to the STA.
  • Step S305 After receiving the IMSI information sent by the AP, the STA stores the IMSI information.
  • Step S306 the STA initiates an access request, connects to the ePDG, and attaches the IMSI information.
  • an access request is initiated to the ePDG, and the request is made to access the VoWiFi network, and the acquired IMSI information is also sent to the ePDG. To make it more suitable for the IMSI information to obtain an authentication vector from the server.
  • step S307 the ePDG requests an authentication vector through the AAA server.
  • the ePDG after receiving the access request that is sent by the STA and including the IMSI information, the ePDG sends an authentication vector acquisition request to the AAA server.
  • step S308 the AAA server returns an authentication vector.
  • the server After receiving the authentication vector obtaining request, the server generates a corresponding authentication vector according to the IMSI information, where the authentication vector may be an authentication quintuple, including: RAND, AUTN, XRES, and IK (Integrity Key, Integrity protection key) and CK (Cipher Key).
  • the authentication vector may be an authentication quintuple, including: RAND, AUTN, XRES, and IK (Integrity Key, Integrity protection key) and CK (Cipher Key).
  • Step S309 after receiving the authentication vector, the ePDG server initiates an AKA-Challenge Request.
  • the ePDG after receiving the authentication vector returned by the AAA server, the ePDG initiates an authentication request AKA-Challenge Request to the STA, and sends RAND and AUTN as authentication parameters to the STA for authentication of the STA; and stores other authentication vectors. locally.
  • Step S310 the STA receives the Challenge Request, and requests the RES to be obtained from the AP through the data transmission module.
  • the STA forwards the authentication parameters RAND and AUTN to the AP, and performs authentication on the AP.
  • step S311 the AP calculates the RES through the USIM card module.
  • the AP calculates a corresponding authentication response through its USIM card module, that is, the user authentication response RES.
  • step S312 the AP returns the RES to the STA.
  • step S313 the STA sends an AKA-CHALLENGE respone with the RES.
  • step S314 the ePDG receives the RES and performs authentication verification.
  • the STA After receiving the RES calculated by the AP, the STA sends the authentication response AKA-CHALLENGE respone, that is, the user authentication response RES, to the ePDG. After receiving the RES, the ePDG compares it with the locally stored XRES, and determines Whether the two are consistent. If they are consistent, the authentication is successful, and the terminal can access the VoWiFi network.
  • AKA-CHALLENGE respone that is, the user authentication response RES
  • Step S315 the ePDG sends a notification message of successful authentication to the STA.
  • the STA sends a notification message of successful authentication to the STA, and allows the STA to access the VoWiFi network.
  • the STA obtains the IMSI information of the AP, which may be acquired when the VoWiFi network needs to be accessed, or may be acquired at any other time, and then continues to be stored after being acquired, and needs to access the VoWiFi network when needed.
  • the access authentication is performed directly through the IMSI information.
  • communication is established between the STA and the AP, and the data transmission may be based on the TCP/IP protocol, or may be based on the 802.11 wireless protocol.
  • the request message initiated by the STA may be extended by a Probe Request.
  • the frame is implemented, and the response message of the AP can be implemented by extending the Probe Response frame. All extensions are based on the management frame format of the 802.11 protocol.
  • the management frame format in the 802.11 protocol is shown in Figure 8.
  • the so-called information element refers to a data block of variable length. Each data block is labeled with the type number and size, and the data bits of various information elements have a specific interpretation.
  • the new 802.11 specification allows for the definition of new information elements.
  • the information element usually contains an Element ID (bit), a Length bit, and a variable length.
  • Element ID bit
  • Length bit bit
  • variable length bit
  • the 32-255 of the Element ID number is left unused, we can use the new Element ID to extend the frame.
  • the STA-initiated request message we extend based on the Information Element of the Probe Request frame.
  • the Element ID of the STA request information we can define the Element ID of the STA request information to be 60 (0x3C). If the request message is for the request to obtain the IMSI, you can set the Length to 4 (0x04), and then fill in the ASCII code of each letter of the IMSI, that is, "49 4D 53 49", then the byte stream of the Information Element of the entire frame is expressed in hexadecimal. It is "3C 04 49 4D 53 49".
  • the response message of the AP we can extend based on the Information Element of the Probe Response frame.
  • the Element ID of the fence response information we can define the Element ID of the fence response information to be 61 (0x3D). If the reply message is IMSI, the Length can be set to 4 ( 0x04), you can set the Length to 4 (0x04), and then fill in the ASCII code of each letter of the IMSI, that is, "49 4D 53 49", and then concatenate the ASCII code of the entire IMSI number.
  • the byte stream of the Information Element of the frame is expressed in hexadecimal as "3D 04 49 4D 53 49 34 36 30 30 32 37 39 32 36 33 37 35 38 37 34".
  • data transmission between the terminal and the AP may be performed by using TCP (Transmission Control Protocol) in the local area network.
  • TCP Transmission Control Protocol
  • the IPIP (Internet Protocol) method obtains the parameters related to the USIM card. If the terminal accesses the AP with the IP address 192.168.1.1 (with the USIM card) and the IP address assigned by the AP to the terminal is 192.168.1.100, the terminal can establish the connection between 192.168.1.100 and 192.168.1.1 through the TCP/IP protocol. Communication, which in turn transmits request and response information for USIM card parameters.
  • the terminal that is not provided with the USIM card in this embodiment may also obtain the IMSI information from the terminal provided with the USIM card to implement network access.
  • the terminal with the USIM card may be a mobile phone, and the terminal not provided with the card may be smart. TV. If the terminal accesses the AP with the IP address of 192.168.1.1 (without the USIM card), the AP assigns the IP address to the terminal as 192.168.1.100.
  • the mobile phone with the USIM card also accesses the AP.
  • the AP is connected to the AP.
  • the IP address assigned by the mobile phone is 192.168.1.101, and the terminal can establish communication between 192.168.1.100 and 192.168.1.101 through the TCP/IP protocol, thereby transmitting the request and response information of the IMSI information of the USIM card.
  • the method for accessing the VoWiFi network obtained by the embodiment of the present invention obtains the IMSI information in the SIM card, such as a mobile phone provided with a SIM card or the SIM card of the AP provided with the SIM card, by the terminal not provided with the SIM card, and then passes the IMSI information.
  • Log authentication with the ePDG to access the VoWiFi network, enabling the terminal to implement video communication based on WLAN voice, thereby improving the user experience.
  • Embodiment 4 is a diagrammatic representation of Embodiment 4:
  • the method includes: a user identity obtaining module 51, an authentication parameter obtaining module 52, an authentication parameter sending module 53 and a user authentication response processing module 54.
  • the user identity acquiring module 51 is configured to store the user identity identifier. Sending the acquisition request to obtain the user identity; the authentication parameter obtaining module 52 is configured to obtain the authentication parameter for performing the VoWiFi network access authentication according to the user identity identifier; the authentication parameter sending module 53 is configured to send the authentication parameter to the acquiring user identity.
  • the device is configured to calculate a user authentication response according to the authentication parameter, and obtain a user authentication response.
  • the user authentication response processing module 54 is configured to send the user authentication response to the gateway for performing the VoWiFi network access authentication, so that the gateway completes the response according to the user authentication. Authentication, access to the VoWiFi network.
  • the user identity obtaining module 51 sends an acquisition request to the device that stores the user identity to obtain the user identity, including: when the user wants to use the WLAN-based voice and/or video service provided by VoWiFi, the user terminal is required to be connected.
  • the terminal needs to perform access authentication through the user identity. If the terminal itself stores a user identity that can be used for access authentication of the VoWiFi network, the VoWiFi network can be conveniently connected. If the terminal is a terminal that does not store the user identity, or the user identity stored by the terminal is unavailable, the terminal may obtain the user identity from other devices that store the user identity, and perform the VoWiFi network. Access authentication.
  • the device sends the acquisition request to the device that stores the user identity, and obtains the user identity, including at least one of the following: sending an acquisition request to the wireless access point device that stores the user identity, and acquiring the wireless access point device.
  • the stored user identity identifier is sent to the wireless access point device, and the wireless access point device forwards the acquisition request to the user identity terminal with which the user identity is established and the user identity is stored, and obtains the user identity terminal storage.
  • the user identity identifier is sent to the user identity terminal storing the user identity, and the user identity identifier stored by the user identity terminal is obtained.
  • the user identity is directly stored on the AP device.
  • the terminal When the terminal needs to access the VoWiFi network, the terminal establishes communication with the AP device, that is, accesses the wireless local area network where the AP is located, and sends an acquisition request to the AP device to obtain the AP device.
  • the stored user ID Or when the other terminal that establishes communication with the AP stores the user identity, the terminal may establish a communication with the AP, and then send an acquisition request to the AP, and the AP forwards the acquisition request to the user identity terminal that stores the user identity.
  • the terminal is configured to obtain the user identity identifier stored by the user identity terminal.
  • the user identity identification terminal storing the user identity may directly establish communication, and conveniently obtain the user identity stored by the user identity terminal; and the user identity terminal Establishing communication directly to obtain the user identity can be established through Bluetooth, near field communication, etc. Obtain the user identity; or establish a communication through a wired connection to obtain the user identity.
  • the user identity identifier in this embodiment includes: an international mobile subscriber identity.
  • the currently used VoWiFi is based on EAP-AKA authentication, and the EAP-AKA authentication needs to be based on the IMSI information in the SIM.
  • EAP-AKA authentication cannot be performed, that is, The core network cannot be accessed. Therefore, when accessing the VoWiFi network, the terminal can obtain the IMSI information of other devices equipped with the SIM card for authentication to access the VoWiFi network.
  • the terminal can obtain the IMSI information of other devices equipped with the SIM card, and then perform authentication by using the acquired IMSI information.
  • the device provided with the SIM card may be a common mobile phone provided with a SIM card, or may be an AP provided with a SIM card.
  • the terminal obtains the IMSI information in the SIM card of the other device, which may be acquired when the VoWiFi network needs to be accessed, or may be acquired at any other time, and then continues to be stored after being acquired, when the VoWiFi network needs to be accessed.
  • the access authentication can be performed directly through the IMSI information.
  • the SIM card in this embodiment may be a normal SIM card, or may be a SIM card that stores IMSI information, such as a USIM card or an eSIM card.
  • the authentication parameter obtaining module 52 obtains the authentication parameter for performing the VoWiFi network access authentication according to the user identity, including: the gateway configured to perform the VoWiFi network access authentication in the VoWiFi network is generally an ePDG, and the terminal needs to access the VoWiFi network. And establishing, by the ePDG, a data channel for data transmission between the two, the data channel may be an IPSec tunnel, and then the terminal sends an authentication parameter acquisition request including the user identity to the ePDG through the tunnel.
  • the ePDG After receiving the authentication parameter obtaining request, the ePDG sends an authentication vector obtaining request to the AAA server according to the user identity identifier; the AAA generates a corresponding authentication vector according to the user identity identifier and sends the corresponding authentication vector to the ePDG, where the authentication vector includes the XRES and the The authentication parameter includes RAND and AUTN; further, the authentication vector further includes other information such as a key used for authentication.
  • the ePDG After receiving the authentication vector, the ePDG sends the authentication parameter to the terminal, and stores the expected user authentication response locally for subsequent VoWiFi network access authentication.
  • the authentication parameter sending module 53 sends the authentication parameter to the device that stores the user identity.
  • the device is configured to calculate the user authentication response according to the authentication parameter, including: after the terminal receives the authentication parameter sent by the ePDG, to ensure the security of the terminal access, the authentication parameter is sent to the device that obtains the identity of the user, and the device is allowed to be The corresponding RES is calculated by the authentication parameter, and then the device returns its calculated user authentication response to the terminal.
  • Sending the authentication parameter to the device for storing the user identity including at least one of the following: when the user identity is obtained from the wireless access point device, sending the authentication parameter to the wireless access point storing the user identity;
  • the authentication parameter is sent to the wireless access point device, and the wireless access point device forwards the authentication parameter to the storage user.
  • the identity of the user identity terminal when the user identity is obtained directly from the user identity terminal storing the user identity, the authentication parameter is sent to the user identity terminal.
  • the user authentication response processing module 54 obtains the user authentication response, and sends the user authentication response to the gateway, so that the gateway completes the authentication according to the user authentication response to implement the access of the VoWiFi network, including: after receiving the user authentication response, the terminal further The user authentication response is sent to the ePDG, and the ePDG compares the user authentication response with the locally stored XRES to determine whether the two are consistent. If the two are consistent, the terminal authenticates and allows access to the VoWiFi network; If the call is inconsistent, the terminal is a non-trusted terminal and refuses to access the VoWiFi network.
  • the terminal in this embodiment may obtain only one user identity identifier, or may obtain two or more user identity identifiers, and then select one of the user identity identifiers for authentication according to requirements, such as providing a WLAN according to requirements.
  • the operator of the network selects the user identity of the WLAN network to support the access, or selects the user identity with high credit to access the VoWiFi network.
  • the VoWiFi network access terminal provided by the embodiment, the terminal sends an acquisition request to the device storing the user identity, and obtains the user identity; and sends the authentication parameter to the gateway for performing the VoWiFi network access authentication according to the user identity.
  • Obtaining a request obtaining an authentication parameter for performing a VoWiFi network access authentication; sending the authentication parameter to a device storing the user identity, causing the device to calculate a user authentication response according to the authentication parameter; obtaining a user authentication response, and the user authentication response Send to the gateway, so that the gateway completes the authentication according to the user authentication response.
  • the terminal can enable the VoWiFi network access authentication through the user identity stored by the other device, thereby accessing the VoWiFi network, thereby improving the user experience.
  • the embodiment also provides a wireless access point device.
  • the method includes: an acquisition request receiving module 61, a user identity processing module 62, and an authentication parameter processing module 63.
  • the acquisition request receiving module 61 is configured as a receiving terminal.
  • the obtaining request for obtaining, the obtaining request is used by the terminal to obtain the user identity;
  • the user identity processing module 62 is configured to acquire the user identity according to the obtaining request, and send the user identity to the terminal;
  • the authentication parameter processing module 63 is configured to receive the sending by the terminal.
  • the authentication parameter is obtained according to the authentication parameter, and the user authentication response is sent to the terminal.
  • the authentication parameter is a parameter used by the terminal to perform the VoWiFi network access authentication according to the user identity.
  • the terminal when the terminal needs to obtain the user identity by using the wireless access point device to access the VoWiFi network, the terminal sends an acquisition request for acquiring the user identification identifier to the wireless access point device, and the wireless access point device passes the device.
  • the acquisition request receiving module 61 receives the acquisition request sent by the terminal.
  • the user identity in this embodiment may be IMSI information stored in the SIM card.
  • the user identity sending module 62 obtains the user identity and sends the user identity to the terminal according to the obtaining request, and the sending manner may be specifically if the wireless access point device locally stores The user identity identifier is sent to the terminal according to the acquisition request; if the user identity is not stored locally or the acquisition request sent by the terminal is the user identity identifier stored by the user identity identifier terminal, the wireless access point The device sends the acquisition request to the user identity identifier terminal, obtains the user identity identifier stored by the user identity identifier terminal, and sends the user identity identifier to the terminal.
  • the authentication parameter processing module 63 receives the authentication parameters that are obtained by the terminal and are obtained from the gateway for performing the VoWiFi network access authentication, and the authentication parameters may include RAND and AUTN. Then, a corresponding user authentication response (RES) is calculated according to the authentication parameter, and the authentication parameter may be an authentication parameter obtained according to the IMSI information. After the user authentication response is calculated, the user authentication response is sent to the terminal, which may be specifically sent by: if the user identity sent to the terminal is a locally stored user identity, it is generated locally according to the authentication parameter.
  • RES user authentication response
  • User authentication response sending a user authentication response to the terminal; if the user identity is sent to the terminal.
  • the user identity identifier stored in the user identity terminal is sent to the user identity identification terminal, and the user identity identification terminal calculates the user authentication response according to the authentication parameter, obtains the user authentication response, and sends the user authentication response to the terminal.
  • the SIM card in this embodiment may be a normal SIM card, or may be a SIM card in which IMSI information is stored, such as a USIM card or an eSIM card.
  • IMSI information such as a USIM card or an eSIM card.
  • the SIM card in this embodiment may be a normal SIM card, or may be a SIM card in which IMSI information is stored, such as a USIM card or an eSIM card.
  • IMSI information such as a USIM card or an eSIM card.
  • the terminal may select a user identity identifier to be sent to the terminal according to the acquisition request, or send all user identity identifiers to the terminal, and the terminal selects to use Obtain the user ID of the authentication parameter and obtain the authentication parameter.
  • the wireless access point device receives the acquisition request sent by the terminal, and obtains the request for the terminal to acquire the user identity; obtains the user identity according to the acquisition request, and sends the user identity to the terminal;
  • the authentication parameter is used to calculate a user authentication response according to the authentication parameter, and the user authentication response is sent to the terminal;
  • the authentication parameter is a parameter used by the terminal to perform VoWiFi network access authentication according to the user identity. That is, the user identity identifier can be provided for the terminal that needs to access the VoWiFi network, and the user authentication response is calculated according to the authentication parameter, so that the terminal can access the VoWiFi network, thereby improving the user experience.
  • FIG. 7 is a schematic diagram of a VoWiFi network access system according to Embodiment 4 of the present invention. As shown in FIG. 7, the system includes the above VoWiFi network access terminal and a wireless access point. The device adopts the VoWiFi network access system provided in this embodiment to implement the access of the VoWiFi network more conveniently and improve the user experience.
  • Embodiments of the present invention also provide a storage medium.
  • the foregoing storage medium may be configured to store program code for performing the following steps:
  • Step S101 Send an acquisition request to the device that stores the user identity, and obtain the user identity.
  • Step S102 according to the user identity identifier, set to perform VoWiFi network access authentication.
  • the gateway sends an authentication parameter acquisition request, and obtains an authentication parameter used for performing VoWiFi network access authentication.
  • Step S103 Send the authentication parameter to the device that stores the user identity, so that the device calculates the user authentication response according to the authentication parameter.
  • Step S104 Acquire a user authentication response, and send the user authentication response to the gateway, so that the gateway completes the authentication according to the user authentication response, and accesses the VoWiFi network.
  • the foregoing storage medium may be further configured to store program code for performing the following steps:
  • Step S201 Receive an acquisition request sent by the terminal, where the acquisition request is used by the terminal to acquire the user identity identifier;
  • Step S202 Acquire a user identity identifier according to the acquisition request, and send the user identity identifier to the terminal;
  • Step S203 Receive an authentication parameter sent by the terminal, obtain a user authentication response according to the authentication parameter, and send the user authentication response to the terminal.
  • the authentication parameter is a parameter used by the terminal to perform VoWiFi network access authentication according to the user identity.
  • the foregoing storage medium may include, but not limited to, a USB flash drive, a Read-Only Memory (ROM), a Random Access Memory (RAM), a mobile hard disk, and a magnetic memory.
  • ROM Read-Only Memory
  • RAM Random Access Memory
  • a mobile hard disk e.g., a hard disk
  • magnetic memory e.g., a hard disk
  • modules or steps of the present invention described above can be implemented by a general-purpose computing device that can be centralized on a single computing device or distributed across a network of multiple computing devices. Alternatively, they may be implemented by program code executable by the computing device so that they may be stored in the storage device by the computing device Execution, and in some cases, the steps shown or described may be performed in an order different than that herein, or they may be separately fabricated into individual integrated circuit modules, or a plurality of The integrated circuit module is implemented. Thus, the invention is not limited to any specific combination of hardware and software.
  • the VoWiFi network access method, system, and terminal provided by the embodiments of the present invention have the following beneficial effects:
  • the user identity identifier is obtained by sending an acquisition request to the device storing the user identity identifier;
  • the gateway for performing the access authentication of the VoWiFi network sends an authentication parameter acquisition request, and obtains an authentication parameter for performing the access authentication of the VoWiFi network.
  • the authentication parameter is sent to the device that stores the identity of the user, so that the device calculates the authentication parameter according to the authentication parameter.
  • the user authentication response is obtained, and the user authentication response is obtained, and the user authentication response is sent to the gateway, so that the gateway completes the authentication according to the user authentication response to access the VoWiFi network.
  • the terminal can enable the VoWiFi network access authentication through the user identity stored by the other device, thereby accessing the VoWiFi network, thereby improving the user experience.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Mobile Radio Communication Systems (AREA)
  • Small-Scale Networks (AREA)

Abstract

Provided are a VoWiFi network access method and system, and a terminal. The method comprises: a terminal sending an acquisition request to a device which stores a user identity identifier, and acquiring the user identity identifier; according to the user identity identifier, sending, to a gateway for performing VoWiFi network access authentication, an authentication parameter acquisition request, and acquiring an authentication parameter for performing VoWiFi network access authentication; sending the authentication parameter to a device storing the user identity identifier, so that the device calculates a user authentication response according to the authentication parameter; and acquiring the user authentication response, and sending the user authentication response to the gateway, so that the gateway completes authentication according to the user authentication response, so as to realize VoWiFi network access. By means of the present invention, a terminal can perform VoWiFi network access authentication by means of a user identity identifier stored by the other device, so as to access the VoWiFi network, thereby improving the user experience.

Description

VoWiFi网络接入方法和***、终端VoWiFi network access method and system, terminal 技术领域Technical field
本发明涉及通信领域,尤其涉及一种VoWiFi网络接入方法和***、终端。The present invention relates to the field of communications, and in particular, to a VoWiFi network access method and system, and a terminal.
背景技术Background technique
随着WLAN(Wireless Local Area Networks,无线局域网)和VoIP(Voice over Internet Protocol,互联网协议电话)业务的发展,VoWiFi(Voice over Wi-Fi,基于Wi-Fi的语音业务)技术应运而生,该技术是利用现有的Wi-Fi(WIreless-Fidelity,无线保真)网络实现无线的VoIP语音通话,用户可以通过VoWiFi终端设备在WLAN网络的覆盖范围内随时进行漫游语音、视频通话。VoWiFi技术由于通信成本低,而且又能使用户获得WLAN带来的方便性,所以越来越受到人们的关注。终端接入VoWiFi网络时,需要进行接入鉴权,该鉴权需要基于用户身份标识来进行,当终端自身未存储有该用户身份标识时,是无法进行鉴权以接入VoWiFi网络的,这使得终端的使用受限,用户的体验不好。With the development of WLAN (Wireless Local Area Networks) and VoIP (Voice over Internet Protocol) services, VoWiFi (Voice over Wi-Fi) technology has emerged. The technology utilizes the existing Wi-Fi (WIreless-Fidelity) network to realize wireless VoIP voice calls, and the user can perform roaming voice and video calls at any time within the coverage of the WLAN network through the VoWiFi terminal device. VoWiFi technology has attracted more and more attention because of its low communication cost and the convenience of users for WLAN. When the terminal accesses the VoWiFi network, the access authentication needs to be performed. The authentication needs to be performed based on the user identity. When the terminal does not store the user identity, the authentication cannot be performed to access the VoWiFi network. The use of the terminal is limited, and the user's experience is not good.
发明内容Summary of the invention
本发明实施例提供了一种VoWiFi网络接入方法和***、终端,以至少解决的技术问题是未存储有用户身份标识的终端无法接入VoWiFi网络,使得终端的使用受限,用户体验不好。The embodiment of the present invention provides a VoWiFi network access method, system, and terminal, and at least solves the technical problem that a terminal that does not store a user identity cannot access the VoWiFi network, so that the use of the terminal is limited, and the user experience is not good. .
根据本发明的一个实施例,提供了一种VoWiFi网络接入方法,包括:According to an embodiment of the present invention, a VoWiFi network access method is provided, including:
向存储有用户身份标识的设备发送获取请求,获取用户身份标识;Sending an acquisition request to the device storing the user identity to obtain the user identity;
根据用户身份标识向用于进行VoWiFi网络接入鉴权的网关发送认证参数获取请求,获取用于进行VoWiFi网络接入鉴权的认证参数;Sending an authentication parameter acquisition request to the gateway for performing VoWiFi network access authentication according to the user identity, and obtaining an authentication parameter for performing VoWiFi network access authentication;
将认证参数发送给存储用户身份标识的设备,使设备根据认证参数计算出用户认证响应; Sending the authentication parameter to the device storing the user identity, so that the device calculates the user authentication response according to the authentication parameter;
获取用户认证响应,并将用户认证响应发送给网关,使网关根据用户认证响应完成鉴权,以接入VoWiFi网络。The user authentication response is obtained, and the user authentication response is sent to the gateway, so that the gateway completes the authentication according to the user authentication response to access the VoWiFi network.
可选地,所述向存储有用户身份标识的设备发送获取请求,获取所述用户身份标识,包括以下至少一种:Optionally, the sending, by the device that stores the user identity, an acquisition request, and acquiring the user identity, including at least one of the following:
向存储有用户身份标识的无线访问接入点设备发送获取请求,获取所述无线访问接入点设备存储的所述用户身份标识;Sending an acquisition request to the wireless access point device that stores the user identity, and acquiring the user identity identifier stored by the wireless access point device;
向无线访问接入点设备发送获取请求,由所述无线访问接入点设备将所述获取请求转发给存储有用户身份标识的用户身份标识终端,获取所述用户身份标识终端存储的所述用户身份标识;Sending an acquisition request to the wireless access point device, and the wireless access point device forwards the acquisition request to the user identity terminal that stores the user identity, and acquires the user stored by the user identity terminal. Identity
向存储有所述用户身份标识的用户身份标识终端发送获取请求,获取所述用户身份标识终端存储的所述用户身份标识。Sending an acquisition request to the user identity terminal that stores the user identity, and acquiring the user identity identifier stored by the user identity terminal.
可选地,将所述认证参数发送给存储所述用户身份标识的所述设备,包括以下至少一种:Optionally, sending the authentication parameter to the device that stores the user identity, including at least one of the following:
当所述用户身份标识是从无线访问接入点设备获取的时,将所述认证参数发送给存储所述用户身份标识的所述无线访问接入点;Sending the authentication parameter to the wireless access point storing the user identity when the user identity is obtained from a wireless access point device;
当所述用户身份标识是从与无线访问接入点设备建立通信的用户身份标识终端获取的时,将所述认证参数发送给所述无线访问接入点设备,由所述无线访问接入点设备将所述认证参数转发给存储所述用户身份标识的所述用户身份标识终端;Sending the authentication parameter to the wireless access point device when the user identity is obtained from a user identity terminal that establishes communication with the wireless access point device, by the wireless access point The device forwards the authentication parameter to the user identity terminal that stores the user identity identifier;
当所述用户身份标识是直接从存储所述用户身份标识的用户身份标识终端获取的时,将所述认证参数发送给存储所述用户身份标识的所述用户身份标识终端。And when the user identity identifier is directly obtained from the user identity identifier terminal that stores the user identity identifier, the authentication parameter is sent to the user identity identity terminal that stores the user identity identifier.
可选地,所述用户身份标识包括:国际移动用户识别码。Optionally, the user identity identifier includes: an international mobile subscriber identity.
根据本发明的另一实施例,还提供一种VoWiFi网络接入方法,包括:According to another embodiment of the present invention, a VoWiFi network access method is further provided, including:
接收终端发送的获取请求,获取请求用于终端获取用户身份标识;Receiving an acquisition request sent by the terminal, and acquiring the request for the terminal to acquire the user identity identifier;
根据获取请求获取用户身份标识,将用户身份标识发送给终端; Obtaining a user identity according to the obtaining request, and sending the user identity to the terminal;
接收终端发送的认证参数,根据认证参数得到用户认证响应,并将用户认证响应发送给终端;认证参数为终端根据用户身份标识获取的用于进行VoWiFi网络接入鉴权的参数。Receiving the authentication parameter sent by the terminal, obtaining the user authentication response according to the authentication parameter, and sending the user authentication response to the terminal; the authentication parameter is a parameter used by the terminal to perform the VoWiFi network access authentication according to the user identity.
可选地,根据所述获取请求获取所述用户身份标识,将所述用户身份标识发送给所述终端,包括以下至少一种:Optionally, the user identity identifier is obtained according to the obtaining request, and the user identity identifier is sent to the terminal, including at least one of the following:
获取本地存储的所述用户身份标识,将所述用户身份标识发送给所述终端;Obtaining the locally stored user identity, and sending the user identity to the terminal;
将所述获取请求转发给存储有用户身份标识的用户身份标识终端,获取所述用户身份标识终端存储的所述用户身份标识,将所述用户身份标识发送给所述终端。And forwarding the obtaining request to the user identity terminal that stores the user identity, acquiring the user identity identifier stored by the user identity terminal, and sending the user identity to the terminal.
可选地,根据所述认证参数得到用户认证响应,并将所述用户认证响应发送给所述终端,包括以下至少一种:Optionally, the user authentication response is obtained according to the authentication parameter, and the user authentication response is sent to the terminal, including at least one of the following:
若发送给所述终端的所述用户身份标识为本地存储的用户身份标识,则在本地根据所述认证参数生成用户认证响应,将所述用户认证响应发送给所述终端;If the user identity that is sent to the terminal is a locally stored user identity, the user authentication response is generated locally according to the authentication parameter, and the user authentication response is sent to the terminal;
若发送给所述终端的所述用户身份标识为用户身份标识终端存储的用户身份标识,将所述认证参数转发给所述用户身份标识终端,由所述用户身份标识终端根据所述认证参数计算出所述用户认证响应,获取所述用户认证响应,将所述用户认证响应发送给所述终端。If the user identity that is sent to the terminal is a user identity that is stored by the user identity terminal, the authentication parameter is forwarded to the user identity terminal, and the user identity terminal calculates the authentication parameter according to the authentication parameter. The user authentication response is obtained, the user authentication response is obtained, and the user authentication response is sent to the terminal.
根据本发明的另一实施例,还提供一种VoWiFi网络接入终端,包括:According to another embodiment of the present invention, a VoWiFi network access terminal is further provided, including:
用户身份标识获取模块,设置为向存储有用户身份标识的设备发送获取请求,获取用户身份标识;The user identity obtaining module is configured to send an acquisition request to the device that stores the user identity to obtain the user identity identifier;
认证参数获取模块,设置为根据用户身份标识获取用于进行VoWiFi网络接入鉴权的认证参数;The authentication parameter obtaining module is configured to obtain an authentication parameter for performing VoWiFi network access authentication according to the user identity identifier;
认证参数发送模块,设置为将认证参数发送给存储用户身份标识的设备,使设备根据认证参数计算出用户认证响应; The authentication parameter sending module is configured to send the authentication parameter to the device that stores the user identity, so that the device calculates the user authentication response according to the authentication parameter;
用户认证响应处理模块,设置为获取用户认证响应,并将用户认证响应发送给用于进行VoWiFi网络接入鉴权的网关,使网关根据用户认证响应完成鉴权,以接入VoWiFi网络。The user authentication response processing module is configured to obtain a user authentication response, and send the user authentication response to the gateway for performing the VoWiFi network access authentication, so that the gateway completes the authentication according to the user authentication response to access the VoWiFi network.
根据本发明的另一实施例,还提供了一种无线访问接入点设备,包括:According to another embodiment of the present invention, a wireless access point device is further provided, including:
获取请求接收模块,设置为接收终端发送的获取请求,获取请求用于终端获取用户身份标识;Obtaining a request receiving module, configured to receive an acquisition request sent by the terminal, and obtain the request for the terminal to acquire the user identity identifier;
用户身份标识处理模块,设置为根据获取请求获取用户身份标识,将用户身份标识发送给终端;The user identity identification processing module is configured to acquire the user identity identifier according to the acquisition request, and send the user identity identifier to the terminal;
认证参数处理模块,设置为接收终端发送的认证参数,根据认证参数得到用户认证响应,并将用户认证响应发送给终端;认证参数为终端根据用户身份标识获取的用于进行VoWiFi网络接入鉴权的参数。The authentication parameter processing module is configured to receive the authentication parameter sent by the terminal, obtain the user authentication response according to the authentication parameter, and send the user authentication response to the terminal; the authentication parameter is used by the terminal to perform the VoWiFi network access authentication according to the user identity identifier. Parameters.
根据本发明的再一实施例,还提供了一种VoWiFi网络接入***,包括:上述VoWiFi网络接入终端和无线访问接入点设备。According to still another embodiment of the present invention, a VoWiFi network access system is further provided, comprising: the above VoWiFi network access terminal and a wireless access point device.
根据本发明的又一实施例,还提供了一种计算机存储介质,计算机存储介质中存储有计算机可执行指令,计算机可执行指令用于执行前述的任一项的VoWiFi网络接入方法。According to still another embodiment of the present invention, there is further provided a computer storage medium having stored therein computer executable instructions for performing the VoWiFi network access method of any of the foregoing.
本发明实施例的有益效果是:The beneficial effects of the embodiments of the present invention are:
根据本发明实施例提供的VoWiFi网络接入方法和***、终端及无线访问接入点设备以及计算机存储介质,通过向存储有用户身份标识的设备发送获取请求,获取用户身份标识;根据用户身份标识向设置为进行VoWiFi网络接入鉴权的网关发送认证参数获取请求,获取用于进行VoWiFi网络接入鉴权的认证参数;将认证参数发送给存储用户身份标识的设备,使设备根据认证参数计算出用户认证响应;获取用户认证响应,并将用户认证响应发送给网关,使网关根据用户认证响应完成鉴权,以接入VoWiFi网络。使得终端能够通过其他设备存储的用户身份标识进行VoWiFi网络接入鉴权,从而接入该VoWiFi网络,提高了用户的体验。 The VoWiFi network access method and system, the terminal, the wireless access point device, and the computer storage medium according to the embodiment of the present invention obtain the user identity by sending an acquisition request to the device storing the user identity identifier; Sending an authentication parameter acquisition request to the gateway configured to perform the VoWiFi network access authentication, obtaining an authentication parameter for performing the VoWiFi network access authentication, and sending the authentication parameter to the device storing the user identity, so that the device calculates according to the authentication parameter The user authentication response is obtained; the user authentication response is obtained, and the user authentication response is sent to the gateway, so that the gateway completes the authentication according to the user authentication response to access the VoWiFi network. The terminal can enable the VoWiFi network access authentication through the user identity stored by the other device, thereby accessing the VoWiFi network, thereby improving the user experience.
附图说明DRAWINGS
此处所说明的附图用来提供对本发明的进一步理解,构成本申请的一部分,本发明的示意性实施例及其说明用于解释本发明,并不构成对本发明的不当限定。在附图中:The drawings described herein are intended to provide a further understanding of the invention, and are intended to be a part of the invention. In the drawing:
图1为本发明实施例一的VoWiFi网络接入方法流程图;1 is a flowchart of a method for accessing a VoWiFi network according to Embodiment 1 of the present invention;
图2为本发明实施例二的VoWiFi网络接入方法流程图;2 is a flowchart of a method for accessing a VoWiFi network according to Embodiment 2 of the present invention;
图3为本发明实施例三的VoWiFi网络结构示意图;3 is a schematic structural diagram of a VoWiFi network according to Embodiment 3 of the present invention;
图4为本发明实施例三的VoWiFi网络接入方法流程图;4 is a flowchart of a method for accessing a VoWiFi network according to Embodiment 3 of the present invention;
图5为本发明实施例四的VoWiFi网络接入终端示意图;5 is a schematic diagram of a VoWiFi network access terminal according to Embodiment 4 of the present invention;
图6为本发明实施例四的无线访问接入点设备示意图;6 is a schematic diagram of a wireless access point device according to Embodiment 4 of the present invention;
图7为本发明实施例四的VoWiFi网络接入***示意图;7 is a schematic diagram of a VoWiFi network access system according to Embodiment 4 of the present invention;
图8为本发明实施例三的802.11协议中的管理帧格式示意图;8 is a schematic diagram of a management frame format in an 802.11 protocol according to Embodiment 3 of the present invention;
图9为本发明实施例三的信息元素的格式示意图。FIG. 9 is a schematic diagram of a format of an information element according to Embodiment 3 of the present invention.
具体实施方式detailed description
下文中将参考附图并结合实施例来详细说明本发明。需要说明的是,在不冲突的情况下,本申请中的实施例及实施例中的特征可以相互组合。The invention will be described in detail below with reference to the drawings in conjunction with the embodiments. It should be noted that the embodiments in the present application and the features in the embodiments may be combined with each other without conflict.
需要说明的是,本发明的说明书和权利要求书及上述附图中的术语“第一”、“第二”等是用于区别类似的对象,而不必用于描述特定的顺序或先后次序。It is to be understood that the terms "first", "second" and the like in the specification and claims of the present invention are used to distinguish similar objects, and are not necessarily used to describe a particular order or order.
实施例一:Embodiment 1:
为了使终端可以更为自由的接入VoWiFi网络,不需要受限于自身必须存储有用户身份标识,才能接入VoWiFi网络,从而提高用户体验;本实施例提供一种VoWiFi网络接入方法,请参见图1,具体包括:In order to enable the terminal to access the VoWiFi network more freely, the user does not need to be restricted to store the user identity to access the VoWiFi network, thereby improving the user experience. This embodiment provides a VoWiFi network access method, Referring to Figure 1, the specific includes:
步骤S101,向存储有用户身份标识的设备发送获取请求,获取用户身份标识。 Step S101: Send an acquisition request to the device storing the user identity to obtain the user identity.
具体的,当用户想使用VoWiFi提供的基于WLAN的语音和/或视频服务时,需要用户终端接入VoWiFi网络,终端接入VoWiFi网络时,需要通过用户身份标识进行接入鉴权,若该终端自身存储有可用于VoWiFi网络接入鉴权的用户身份标识,则可以方便的实现VoWiFi网络的接入,但是若该终端是未存储有用户身份标识的终端,或其自身存储的用户身份标识是不可用的,则终端可以从其他存储有用户身份标识的设备处获取用户身份标识,进行VoWiFi网络接入鉴权。Specifically, when the user wants to use the WLAN-based voice and/or video service provided by VoWiFi, the user terminal needs to access the VoWiFi network, and when the terminal accesses the VoWiFi network, the user identity is used for access authentication, if the terminal If the user identity identifier for the VoWiFi network access authentication is stored, the access of the VoWiFi network can be conveniently implemented, but if the terminal is a terminal that does not store the user identity, or the user identity stored by itself is If the terminal is unavailable, the terminal may obtain the user identity from other devices that store the user identity, and perform VoWiFi network access authentication.
进一步的,本实施例中向存储有用户身份标识的设备发送获取请求,获取用户身份标识,包括以下至少一种:向存储有用户身份标识的无线访问接入点设备发送获取请求,获取无线访问接入点设备存储的用户身份标识;向无线访问接入点设备发送获取请求,由无线访问接入点设备将获取请求转发给与其建立通信且存储有用户身份标识的用户身份标识终端,获取用户身份标识终端存储的用户身份标识;向存储有用户身份标识的用户身份标识终端发送获取请求,获取用户身份标识终端存储的用户身份标识。Further, in this embodiment, an acquisition request is sent to the device that stores the user identity, and the user identity is obtained, including at least one of the following: sending an acquisition request to the wireless access point device that stores the user identity, and obtaining the wireless access. a user identity identifier stored by the access point device; sending an acquisition request to the wireless access point device, and the wireless access point device forwards the acquisition request to the user identity terminal that establishes communication with the user identity identifier, and obtains the user The user identity identifier stored by the identity terminal is sent to the user identity terminal that stores the user identity, and the user identity identifier stored by the user identity terminal is obtained.
具体的,随着WIFI的普及,越来越多的终端支持使用无线访问接入点(AP,Wireless Access Point)提供的WIFI网络,而且终端在接入VoWiFi网络时,一般都是通过AP设备提供的WIFI网络进行VoWiFi网络接入的,所以可以在AP处直接存储用户身份标识,在终端需要接入VoWiFi网络时,与该AP设备建立通信,即接入该AP所在的无线局域网,向AP设备发送获取请求,获取该AP设备存储的用户身份标识。或者当与AP建立通信的其他终端存储有用户身份标识时,终端可以与该AP建立通信,然后向AP发送获取请求,由AP将获取请求转发给该存储有用户身份标识的用户身份标识终端,使得终端获取该用户身份标识终端存储的用户身份标识。除了上述与AP建立通信,获取用户身份标识的方式,也可以与存储用户身份标识的用户身份标识终端直接建立通信,方便的获取到该用户身份标识终端存储的用户身份标识;与用户身份标识终端直接建立通信获取用户身份标识可以是通过蓝牙、近场通信(Near Field Communication,NFC)等方式建立通信,获取用户身份标识;也可以是通过有线连接方式 建立通信,获取用户身份标识。Specifically, with the popularity of WIFI, more and more terminals support the use of WIFI networks provided by wireless access points (APs), and when terminals are connected to VoWiFi networks, they are generally provided through AP devices. The WIFI network is connected to the VoWiFi network, so the user identity can be stored directly at the AP. When the terminal needs to access the VoWiFi network, the terminal establishes communication with the AP device, that is, accesses the wireless local area network where the AP is located, and the AP device is connected to the AP device. Send a get request to obtain the user identity stored by the AP device. Or when the other terminal that establishes communication with the AP stores the user identity, the terminal may establish a communication with the AP, and then send an acquisition request to the AP, and the AP forwards the acquisition request to the user identity terminal that stores the user identity. The terminal is configured to obtain the user identity identifier stored by the user identity terminal. In addition to the foregoing manner of establishing communication with the AP and obtaining the user identity, the user identity identification terminal storing the user identity may directly establish communication, and conveniently obtain the user identity stored by the user identity terminal; and the user identity terminal Directly establishing communication to obtain the user identity may be established by using Bluetooth, Near Field Communication (NFC), etc. to obtain the user identity; or may be through a wired connection. Establish communication and obtain the user identity.
本实施例中的用户身份标识包括:国际移动用户识别码。具体的,目前使用的VoWiFi都是基于EAP-AKA(Extensible Authentication Protocol-Authentication and Key Agreement,扩展认证密钥协商协议)鉴权的,而EAP-AKA鉴权又需要基于SIM(Subscriber Identity Module,用户识别模块/用户身份识别卡)中的IMSI(International Mobile Subscriber Identification Number,国际移动用户识别码)信息,当终端没有SIM卡时,是无法进行EAP-AKA鉴权的,即无法接入核心网,所以在接入VoWiFi网络时,终端可以获取其他设置有SIM卡的设备的IMSI信息来进行鉴权以接入VoWiFi网络。即如常用的智能电视、智能腕表、平板电脑等终端是未设置有SIM卡的,则前述终端可以去获取其他设置有SIM卡的设备的IMSI信息,然后通过获取到的IMSI信息进行鉴权以接入该VoWiFi网络。该设置有SIM卡的设备可以是常见的设置有SIM卡的手机,也可以是设置有SIM卡的AP。本实施例中终端获取其他设备SIM卡中的IMSI信息可以是在需要接入VoWiFi网络时才去获取,也可以是在其他任意时间去获取,获取到以后继续存储,当需要接入VoWiFi网络时,直接通过该IMSI信息进行接入鉴权即可。另外,本实施例中的SIM卡可以是普通SIM卡,也可以是USIM(Universal Subscriber Identity Module,通用用户识别模块)卡、eSIM(Embedded SIM,嵌入式用户身份识别卡)卡等其他存储有IMSI信息的SIM卡。当然该用户身份标识也可以是电话号码等用户唯一标识,通过该电话号码等用户唯一标识可以唯一定位一位用户,并根据该电话号码等用户唯一标识可以确定用于VoWiFi网络接入鉴权的IMSI信息,从而可以实现VoWiFi网络的接入。The user identity identifier in this embodiment includes: an international mobile subscriber identity. Specifically, the currently used VoWiFi is based on the EAP-AKA (Extensible Authentication Protocol-Authentication and Key Agreement) authentication, and the EAP-AKA authentication needs to be based on the SIM (Subscriber Identity Module, user). The IMSI (International Mobile Subscriber Identification Number) information in the identification module/user identification card is not able to perform EAP-AKA authentication when the terminal does not have a SIM card, that is, the core network cannot be accessed. Therefore, when accessing the VoWiFi network, the terminal can obtain IMSI information of other devices equipped with the SIM card for authentication to access the VoWiFi network. That is, if a terminal such as a smart TV, a smart watch, or a tablet computer is not provided with a SIM card, the terminal can obtain the IMSI information of other devices equipped with the SIM card, and then perform authentication by using the acquired IMSI information. To access the VoWiFi network. The device provided with the SIM card may be a common mobile phone provided with a SIM card, or may be an AP provided with a SIM card. In this embodiment, the terminal obtains the IMSI information in the SIM card of the other device, which may be acquired when the VoWiFi network needs to be accessed, or may be acquired at any other time, and then continues to be stored after being acquired, when the VoWiFi network needs to be accessed. The access authentication can be performed directly through the IMSI information. In addition, the SIM card in this embodiment may be a normal SIM card, or may be a USIM (Universal Subscriber Identity Module) card, an eSIM (Embedded SIM) card, or the like. Information SIM card. Of course, the user identity may also be a unique identifier of the user such as a phone number. The user unique identifier may be used to uniquely locate a user, and the user unique identifier may be used to determine the access authentication for the VoWiFi network according to the phone number. IMSI information, which enables access to the VoWiFi network.
步骤S102,根据用户身份标识向设置为进行VoWiFi网络接入鉴权的网关发送认证参数获取请求,获取用于进行VoWiFi网络接入鉴权的认证参数。Step S102: Send an authentication parameter acquisition request to the gateway configured to perform the VoWiFi network access authentication according to the user identity, and obtain an authentication parameter used for performing the VoWiFi network access authentication.
具体的,VoWiFi网络中用于进行VoWiFi网络接入鉴权的网关一般是ePDG(evolved Packet Data Gateway,演进型分组数据网关),当终端需要 接入VoWiFi网络时,与ePDG建立二者之间进行数据传输的数据通道,该数据通道可以是IPSec隧道,然后终端通过该隧道向ePDG发送包含用户身份标识的认证参数获取请求。当ePDG收到该认证参数获取请求后,根据用户身份标识向AAA(Authentication/Authorization/Accounting,验证、授权和记账)服务器发送鉴权向量获取请求;AAA则根据该用户身份标识生成相应的鉴权向量发送给ePDG,该鉴权向量中包含XRES(Expected Response,期待用户认证响应)和认证参数,该认证参数包括RAND(Random Number,随机数)和AUTN(Authentication Token,用户认证令牌);进一步的,该鉴权向量还包括其他用于鉴权的密钥等信息。ePDG收到该鉴权向量后,将其中的认证参数发送给该终端,将期待用户认证响应存储在本地,以便进行后续的VoWiFi网络接入鉴权。Specifically, the gateway for performing VoWiFi network access authentication in the VoWiFi network is generally an ePDG (evolved Packet Data Gateway), when the terminal needs When accessing the VoWiFi network, the ePDG establishes a data channel for data transmission between the two, and the data channel can be an IPSec tunnel, and then the terminal sends an authentication parameter acquisition request including the user identity to the ePDG through the tunnel. After receiving the authentication parameter acquisition request, the ePDG sends an authentication vector acquisition request to the AAA (Authentication/Authorization/Accounting) server according to the user identity identifier; the AAA generates a corresponding profile according to the user identity identifier. The weight vector is sent to the ePDG, where the authentication vector includes an XRES (Expected Response) and an authentication parameter, and the authentication parameter includes an RAND (Random Number) and an AUT (Authentication Token). Further, the authentication vector further includes other information such as a key used for authentication. After receiving the authentication vector, the ePDG sends the authentication parameter to the terminal, and stores the expected user authentication response locally for subsequent VoWiFi network access authentication.
步骤S103,将认证参数发送给存储用户身份标识的设备,使设备根据认证参数计算出用户认证响应。Step S103: Send the authentication parameter to the device that stores the user identity, so that the device calculates the user authentication response according to the authentication parameter.
具体的,当终端收到ePDG发送的认证参数后,为保证终端接入的安全性,将该认证参数发送给存储该用户身份标识的设备,让该设备通过该认证参数计算出相应的RES(Response,用户认证响应),然后该设备将其计算出的用户认证响应返回给终端。Specifically, after the terminal receives the authentication parameter sent by the ePDG, to ensure the security of the terminal access, the authentication parameter is sent to the device storing the user identity, and the device calculates the corresponding RES by using the authentication parameter. Response, user authentication response), then the device returns its calculated user authentication response to the terminal.
进一步的,将认证参数发送给存储用户身份标识的设备,包括以下至少一种:当用户身份标识是从无线访问接入点设备获取的时,将认证参数发送给存储用户身份标识的无线访问接入点;当用户身份标识是从与无线访问接入点设备建立通信的用户身份标识终端获取的时,将认证参数发送给无线访问接入点设备,由无线访问接入点设备将认证参数转发给存储用户身份标识的用户身份标识终端;当用户身份标识是直接从存储用户身份标识的用户身份标识终端获取的时,将认证参数发送给用户身份标识终端。即将认证参数发送给存储用户身份标识的设备可以是与获取该用户身份标识的无线访问接入点设备建立WIFI通信,将认证参数发送给无线访问接入点设备。也可以是与无线访问接入点设备建立WIFI通信,将用户身份标识发送给无线访问接入点设备,由无线访问接入点设备将认证参数转 发给存储用户身份标识的用户身份标识终端。还可以是与存储有用户身份标识的用户身份标识终端建立蓝牙通信,将认证参数直接发送给该用户身份标识终端。Further, the sending the authentication parameter to the device for storing the user identity includes at least one of the following: when the user identity is obtained from the wireless access point device, sending the authentication parameter to the wireless access interface storing the user identity. Incoming point; when the user identity is obtained from the user identity terminal that establishes communication with the wireless access point device, the authentication parameter is sent to the wireless access point device, and the wireless access point device forwards the authentication parameter The user identity terminal that stores the user identity is sent; when the user identity is obtained directly from the user identity terminal that stores the user identity, the authentication parameter is sent to the user identity terminal. The device that sends the authentication parameter to the storage user identity identifier may establish WIFI communication with the wireless access point device that obtains the user identity, and send the authentication parameter to the wireless access point device. Alternatively, the device may establish a WIFI communication with the wireless access point device, and send the user identity to the wireless access point device, and the wireless access point device converts the authentication parameter. A user identity terminal that is sent to store the user identity. It is also possible to establish Bluetooth communication with the user identity terminal storing the user identity, and directly send the authentication parameter to the user identity terminal.
步骤S104,获取用户认证响应,并将用户认证响应发送给网关,使网关根据用户认证响应完成鉴权,接入VoWiFi网络。Step S104: Acquire a user authentication response, and send the user authentication response to the gateway, so that the gateway completes the authentication according to the user authentication response, and accesses the VoWiFi network.
具体的,获取存储有用户身份标识的设备生成的用户认证响应,进一步将此用户认证响应发送给ePDG,由ePDG将此用户认证响应与其本地存储的XRES进行对比,判断二者是否一致,若一致,则说明该终端通过认证鉴权,允许其接入VoWiFi网络;若不一致,则该终端是非可信终端,拒绝其接入VoWiFi网络。Specifically, the user authentication response generated by the device storing the user identity is obtained, and the user authentication response is further sent to the ePDG, and the ePDG compares the user authentication response with the XRES stored locally to determine whether the two are consistent. The terminal is authenticated and allowed to access the VoWiFi network; if not, the terminal is an untrusted terminal and refuses to access the VoWiFi network.
需要理解的是,本实施例中的终端可以只获取一个用户身份标识,也可以获取两个或两个以上的用户身份标识,后续根据需要选择其中一个用户身份标识进行鉴权,如根据提供WLAN网络的运营商来选择该WLAN网络支持接入的用户身份标识来进行接入,或选择信用度高的用户身份标识来接入VoWiFi网络。It is to be understood that the terminal in this embodiment may obtain only one user identity identifier, or may obtain two or more user identity identifiers, and then select one of the user identity identifiers for authentication according to requirements, such as providing a WLAN according to requirements. The operator of the network selects the user identity of the WLAN network to support the access, or selects the user identity with high credit to access the VoWiFi network.
本实施例提供的VoWiFi网络接入方法,通过向存储有用户身份标识的设备发送获取请求,获取用户身份标识;根据用户身份标识向用于进行VoWiFi网络接入鉴权的网关发送认证参数获取请求,获取用于进行VoWiFi网络接入鉴权的认证参数;将认证参数发送给存储用户身份标识的设备,使设备根据认证参数计算出用户认证响应;获取用户认证响应,并将用户认证响应发送给网关,使网关根据用户认证响应完成鉴权,以接入VoWiFi网络。使得终端能够通过其他设备存储的用户身份标识进行VoWiFi网络接入鉴权,从而接入该VoWiFi网络,提高了用户的体验。The method for accessing the VoWiFi network in this embodiment obtains the user identity by sending an acquisition request to the device that stores the user identity, and sends an authentication parameter acquisition request to the gateway for performing the voice authentication of the VoWiFi network according to the identity of the user. Obtaining an authentication parameter for performing the VoWiFi network access authentication; sending the authentication parameter to the device storing the user identity, causing the device to calculate the user authentication response according to the authentication parameter; obtaining the user authentication response, and sending the user authentication response to The gateway enables the gateway to complete authentication according to the user authentication response to access the VoWiFi network. The terminal can enable the VoWiFi network access authentication through the user identity stored by the other device, thereby accessing the VoWiFi network, thereby improving the user experience.
实施例二:Embodiment 2:
本实施例提供一种VoWiFi网络接入方法,请参见图2,具体包括:This embodiment provides a method for accessing a VoWiFi network. Referring to FIG. 2, the method specifically includes:
步骤S201,接收终端发送的获取请求,获取请求用于终端获取用户身份标识。 Step S201: Receive an acquisition request sent by the terminal, where the acquisition request is used by the terminal to acquire the user identity.
具体的,当终端需要通过无线接入点设备获取用户身份标识以接入VoWiFi网络时,会向无线接入点设备发送用于获取用户识别标识的获取请求,此时该无线接入点设备接收终端发送的获取请求。本实施例中的用户身份标识可以是SIM卡中存储的IMSI信息。Specifically, when the terminal needs to obtain the user identity by using the wireless access point device to access the VoWiFi network, the terminal sends an acquisition request for acquiring the user identification identifier to the wireless access point device, and the wireless access point device receives the request. The acquisition request sent by the terminal. The user identity in this embodiment may be IMSI information stored in the SIM card.
步骤S202,根据获取请求获取用户身份标识,将用户身份标识发送给终端。Step S202: Acquire a user identity identifier according to the acquisition request, and send the user identity identifier to the terminal.
具体的,当无线接入点设备收到终端发送的获取请求后,根据获取请求获取用户身份标识发送给终端,包括以下至少一种:获取本地存储的用户身份标识,将用户身份标识发送给终端;将获取请求转发给存储有用户身份标识的用户身份标识终端,获取用户身份标识终端存储的用户身份标识,将用户身份标识发送给终端。即若无线接入点设备本地存储有用户身份标识,则根据获取请求将该用户身份标识发送给终端;若本地未存储有用户身份标识或终端发送的获取请求是获取用户身份标识终端存储的用户身份标识,则该无线接入点设备将该获取请求发送给该用户身份标识终端,获取该用户身份标识终端存储的用户身份标识,将该用户身份标识发送给终端。Specifically, after receiving the obtaining request sent by the terminal, the wireless access point device obtains the user identity and sends the user identity to the terminal according to the obtaining request, and includes at least one of the following: acquiring the locally stored user identity, and sending the user identity to the terminal. And forwarding the obtaining request to the user identity terminal storing the user identity, obtaining the user identity stored by the user identity terminal, and sending the user identity to the terminal. That is, if the wireless access point device locally stores the user identity, the user identity is sent to the terminal according to the acquisition request; if the user identity is not stored locally or the acquisition request sent by the terminal is the user that obtains the user identity terminal storage The identity identifier is sent by the wireless access point device to the user identity identifier terminal, and the user identity identifier stored by the user identity identifier terminal is obtained, and the user identity identifier is sent to the terminal.
步骤S203,接收终端发送的认证参数,根据认证参数得到用户认证响应,并将用户认证响应发送给终端;认证参数为终端根据用户身份标识获取的用于进行VoWiFi网络接入鉴权的参数。Step S203: Receive an authentication parameter sent by the terminal, obtain a user authentication response according to the authentication parameter, and send the user authentication response to the terminal. The authentication parameter is a parameter used by the terminal to perform VoWiFi network access authentication according to the user identity.
具体的,接收终端发送的从用于进行VoWiFi网络接入鉴权的网关处获取的认证参数,该认证参数可以包括RAND和AUTN。然后根据该认证参数计算出对应的用户认证响应(RES),该认证参数可以是根据IMSI信息获取的认证参数。计算出用户认证响应后,将该用户认证响应再发送给终端,其发送方式包括以下至少一种:若发送给终端的用户身份标识为本地存储的用户身份标识,则在本地根据认证参数生成用户认证响应,将用户认证响应发送给终端;若发送给终端的用户身份标识为用户身份标识终端存储的用户身份标识,将认证参数发送给用户身份标识终端,由用户 身份标识终端根据认证参数计算出用户认证响应,获取用户认证响应,将用户认证响应发送给终端。Specifically, the authentication parameter that is sent by the terminal and is obtained from the gateway for performing VoWiFi network access authentication may include RAND and AUTN. Then, a corresponding user authentication response (RES) is calculated according to the authentication parameter, and the authentication parameter may be an authentication parameter obtained according to the IMSI information. After the user authentication response is calculated, the user authentication response is sent to the terminal, and the sending manner includes at least one of the following: if the user identity sent to the terminal is a locally stored user identity, the user is locally generated according to the authentication parameter. The authentication response sends the user authentication response to the terminal; if the user identity sent to the terminal is the user identity stored by the user identity terminal, the authentication parameter is sent to the user identity terminal, and the user The identity identification terminal calculates a user authentication response according to the authentication parameter, obtains a user authentication response, and sends the user authentication response to the terminal.
需要理解的是本实施例中的SIM卡可以是普通SIM卡,也可以是USIM卡、eSIM卡等存储有IMSI信息的SIM卡。另外,当本地只存储有一个用户身份标识,如只设置有一个SIM卡,将该用户身份标识发送给终端;若本地存储有两个或两个以上的用户身份标识,如本地设置有两张或两张以上的SIM卡,则在接收到终端的获取请求后,可以根据该获取请求选择一个用户身份标识发送给该终端,也可以将全部用户身份标识都发送给终端,由终端选择用于获取认证参数的用户身份标识,进行认证参数获取。It should be understood that the SIM card in this embodiment may be a normal SIM card, or may be a SIM card in which IMSI information is stored, such as a USIM card or an eSIM card. In addition, when only one user identity is stored locally, for example, only one SIM card is set, and the user identity is sent to the terminal; if two or more user identifiers are stored locally, for example, two local settings are provided. Or two or more SIM cards, after receiving the acquisition request of the terminal, may select a user identity identifier to be sent to the terminal according to the acquisition request, or send all user identity identifiers to the terminal, and the terminal selects to use Obtain the user ID of the authentication parameter and obtain the authentication parameter.
本实施例提供的VoWiFi网络接入方法,通过接收终端发送的获取请求,获取请求用于终端获取用户身份标识;根据获取请求获取用户身份标识发送给终端;接收终端发送的认证参数,根据认证参数得到用户认证响应并发送给终端;认证参数为终端根据用户身份标识获取的用于进行VoWiFi网络接入鉴权的参数。即可以为需要接入VoWiFi网络的终端提供用户身份标识,并根据认证参数计算用户认证响应,使得终端能够接入VoWiFi网络,提高了用户的体验。The VoWiFi network access method provided by the embodiment is configured to receive the acquisition request sent by the terminal, and obtain the request for the terminal to obtain the user identity identifier; obtain the user identity identifier according to the acquisition request and send the identifier to the terminal; and receive the authentication parameter sent by the terminal, according to the authentication parameter. The user authentication response is obtained and sent to the terminal; the authentication parameter is a parameter used by the terminal to perform VoWiFi network access authentication according to the user identity. That is, the user identity identifier can be provided for the terminal that needs to access the VoWiFi network, and the user authentication response is calculated according to the authentication parameter, so that the terminal can access the VoWiFi network, thereby improving the user experience.
实施例三:Embodiment 3:
本实施例提供的VoWiFi网络接入方法中,用户身份标识为SIM卡的IMSI信息,当未设置有SIM卡的终端需要接入时,可以通过获取在一个局域网内设置有SIM卡的设备中的SIM卡的IMSI信息来进行网络接入鉴权,从而实现VoWiFi网络的接入,该SIM卡也可以是USIM卡,eSIM卡等存储有IMSI信息的SIM卡。本实施例中的VoWiFi网络结构如图3所示,终端是通过无线AP接入ePDG网关,进而接入EPC(Evolved Packet Core,演进型分组核心/4G核心网)核心网和IMS(IP Multimedia Subsystem,IP多媒体子***)网络,来实现高清语音和视频通话的,所以可以在AP上设置USIM卡,通过获取该AP的USIM卡的IMSI信息来 实现VoWiFi网络的接入。本实施例中,将未设有USIM卡的终端作为站点STA(Station,站点),该终端可以是装有无线网卡的计算机,也可以是有WiFi模块的智能手机,设有USIM卡的AP为其提供WLAN的接入服务和IMSI信息。In the VoWiFi network access method provided in this embodiment, the user identity is the IMSI information of the SIM card. When the terminal that is not provided with the SIM card needs to be accessed, the device may be obtained by acquiring the SIM card in a LAN. The IMSI information of the SIM card is used for network access authentication, thereby implementing access to the VoWiFi network. The SIM card may also be a SIM card in which IMSI information is stored, such as a USIM card or an eSIM card. The structure of the VoWiFi network in this embodiment is as shown in FIG. 3, and the terminal accesses the ePDG gateway through the wireless AP, and then accesses the EPC (Evolved Packet Core, Evolved Packet Core/4G core network) core network and IMS (IP Multimedia Subsystem). , IP Multimedia Subsystem) network, to achieve high-definition voice and video calls, so you can set the USIM card on the AP, by obtaining the IMSI information of the USIM card of the AP Realize access to the VoWiFi network. In this embodiment, a terminal that does not have a USIM card is used as a station STA (Station). The terminal may be a computer with a wireless network card, or a smart phone with a WiFi module, and the AP with a USIM card is It provides WLAN access services and IMSI information.
请参见图4,本实施例提供的VoWiFi网络接入过程包括:Referring to FIG. 4, the VoWiFi network access process provided in this embodiment includes:
步骤S301,STA连接到AP,与AP建立通信。Step S301, the STA connects to the AP to establish communication with the AP.
步骤S302,STA发送IMSI获取请求给AP。Step S302, the STA sends an IMSI acquisition request to the AP.
步骤S303,AP收到该IMSI获取请求后,读取其内置的USIM卡的IMSI信息。Step S303: After receiving the IMSI acquisition request, the AP reads the IMSI information of the built-in USIM card.
步骤S304,AP将USIM卡的传输到STA。Step S304, the AP transmits the USIM card to the STA.
步骤S305,STA接收到AP发送的IMSI信息后,存储该IMSI信息。Step S305: After receiving the IMSI information sent by the AP, the STA stores the IMSI information.
步骤S306,STA发起接入请求,连接ePDG,附加IMSI信息。Step S306, the STA initiates an access request, connects to the ePDG, and attaches the IMSI information.
具体的,当STA需要接入VoWiFi网络,进行语音或视频通话时,向ePDG发起接入请求,请求接入该VoWiFi网络,在发起请求的同时,将其获取到的IMSI信息也发送给该ePDG,使其更具该IMSI信息从服务器获取鉴权向量。Specifically, when the STA needs to access the VoWiFi network to perform a voice or video call, an access request is initiated to the ePDG, and the request is made to access the VoWiFi network, and the acquired IMSI information is also sent to the ePDG. To make it more suitable for the IMSI information to obtain an authentication vector from the server.
步骤S307,ePDG通过AAA服务器请求鉴权向量。In step S307, the ePDG requests an authentication vector through the AAA server.
具体的,ePDG在接收到STA发送的包含IMSI信息的接入请求后,向AAA服务器发送鉴权向量获取请求。Specifically, after receiving the access request that is sent by the STA and including the IMSI information, the ePDG sends an authentication vector acquisition request to the AAA server.
步骤S308,AAA服务器返回鉴权向量。In step S308, the AAA server returns an authentication vector.
具体的,服务器接收到鉴权向量获取请求后,根据IMSI信息生成对应的鉴权向量,该鉴权向量可以是鉴权五元组,包括:RAND、AUTN、XRES,还包括IK(Integrity Key,完整性保护密钥)和CK(Cipher Key,加密密钥)。Specifically, after receiving the authentication vector obtaining request, the server generates a corresponding authentication vector according to the IMSI information, where the authentication vector may be an authentication quintuple, including: RAND, AUTN, XRES, and IK (Integrity Key, Integrity protection key) and CK (Cipher Key).
步骤S309,ePDG服务器收到鉴权向量后,发起AKA-Challenge Request。 Step S309, after receiving the authentication vector, the ePDG server initiates an AKA-Challenge Request.
具体的,当ePDG接收到AAA服务器返回的鉴权向量后,向STA发起鉴权请求AKA-Challenge Request,将RAND和AUTN作为认证参数发送给STA,进行STA的鉴权;将其他鉴权向量存储在本地。Specifically, after receiving the authentication vector returned by the AAA server, the ePDG initiates an authentication request AKA-Challenge Request to the STA, and sends RAND and AUTN as authentication parameters to the STA for authentication of the STA; and stores other authentication vectors. locally.
步骤S310,STA收到Challenge Request,通过数据传输模块请求从AP获取RES。Step S310, the STA receives the Challenge Request, and requests the RES to be obtained from the AP through the data transmission module.
具体的,当STA接收到鉴权请求后,将认证参数RAND和AUTN转发给AP,在AP端进行鉴权。Specifically, after receiving the authentication request, the STA forwards the authentication parameters RAND and AUTN to the AP, and performs authentication on the AP.
步骤S311,AP通过USIM卡模块计算出RES。In step S311, the AP calculates the RES through the USIM card module.
具体的,当AP收到认证参数后,通过其USIM卡模块计算出对应的鉴权响应,即用户认证响应RES。Specifically, after receiving the authentication parameter, the AP calculates a corresponding authentication response through its USIM card module, that is, the user authentication response RES.
步骤S312,AP将RES返回给STA。In step S312, the AP returns the RES to the STA.
步骤S313,STA发送AKA-CHALLENGE respone,附带RES。In step S313, the STA sends an AKA-CHALLENGE respone with the RES.
步骤S314,ePDG收到RES,进行鉴权验证。In step S314, the ePDG receives the RES and performs authentication verification.
具体的,STA接收到AP计算得到的RES后,将RES将鉴权响应AKA-CHALLENGE respone,即用户认证响应RES发送给ePDG,ePDG收到RES后,将其与本地存储的XRES进行比较,判断二者是否一致,若一致,则说明鉴权成功,该终端可以接入VoWiFi网络。Specifically, after receiving the RES calculated by the AP, the STA sends the authentication response AKA-CHALLENGE respone, that is, the user authentication response RES, to the ePDG. After receiving the RES, the ePDG compares it with the locally stored XRES, and determines Whether the two are consistent. If they are consistent, the authentication is successful, and the terminal can access the VoWiFi network.
步骤S315,ePDG向STA发送鉴权成功的通知消息。Step S315, the ePDG sends a notification message of successful authentication to the STA.
ePDG鉴权成功,则向STA发送鉴权成功的通知消息,允许该STA接入VoWiFi网络。If the ePDG authentication succeeds, the STA sends a notification message of successful authentication to the STA, and allows the STA to access the VoWiFi network.
需要理解的是,本实施例中STA获取AP的IMSI信息可以是在需要接入VoWiFi网络时才去获取,也可以是在其他任意时间去获取,获取到以后继续存储,当需要接入VoWiFi网络时,直接通过该IMSI信息进行接入鉴权即可。另外,本实施例中,STA和AP之间建立通信,进行数据传输可以是基于TCP/IP协议,也可以基于802.11无线协议。It should be understood that, in this embodiment, the STA obtains the IMSI information of the AP, which may be acquired when the VoWiFi network needs to be accessed, or may be acquired at any other time, and then continues to be stored after being acquired, and needs to access the VoWiFi network when needed. When the access authentication is performed directly through the IMSI information. In addition, in this embodiment, communication is established between the STA and the AP, and the data transmission may be based on the TCP/IP protocol, or may be based on the 802.11 wireless protocol.
其中,STA发起的请求消息可以通过扩展Probe Request(检测请求) 帧来实现,AP的响应消息可以通过扩展Probe Response(检测应答)帧来实现,所有扩展都是基于802.11协议的管理帧格式。802.11协议中的管理帧格式如图8所示。The request message initiated by the STA may be extended by a Probe Request. The frame is implemented, and the response message of the AP can be implemented by extending the Probe Response frame. All extensions are based on the management frame format of the 802.11 protocol. The management frame format in the 802.11 protocol is shown in Figure 8.
在Frame Body(帧主体)中,我们可以加入我们需要的Information Element(信息元素)。所谓信息元素,是指长度不定的数据区块。每个数据区块均会标注上类型编号与大小,各种信息元素的数据位都有特定的解释方式。新版的802.11规格书允许定义新的信息元素,信息元素通常包含一个Element ID(元素识别码)位、一个Length(长度)位以及一个长度不定的位,信息元素的格式如图9所示。In the Frame Body, we can add the Information Element we need. The so-called information element refers to a data block of variable length. Each data block is labeled with the type number and size, and the data bits of various information elements have a specific interpretation. The new 802.11 specification allows for the definition of new information elements. The information element usually contains an Element ID (bit), a Length bit, and a variable length. The format of the information element is shown in Figure 9.
其中,Element ID编号的32-255保留未使用,我们可以使用新的Element ID来对帧进行扩展。Among them, the 32-255 of the Element ID number is left unused, we can use the new Element ID to extend the frame.
对于STA发起的请求消息,我们基于Probe Request帧的Information Element进行扩展,根据802.11协议,我们可以定义STA请求信息的Element ID为60(0x3C)。如果请求消息为请求获取IMSI的话,可以设置Length为4(0x04),后面填充IMSI的各个字母的ASCII码,即“49 4D 53 49”,则整个帧的Information Element的字节流用16进制表示为“3C 04 49 4D 53 49”。For the STA-initiated request message, we extend based on the Information Element of the Probe Request frame. According to the 802.11 protocol, we can define the Element ID of the STA request information to be 60 (0x3C). If the request message is for the request to obtain the IMSI, you can set the Length to 4 (0x04), and then fill in the ASCII code of each letter of the IMSI, that is, "49 4D 53 49", then the byte stream of the Information Element of the entire frame is expressed in hexadecimal. It is "3C 04 49 4D 53 49".
对于AP的响应消息,我们可以基于Probe Response帧的Information Element进行扩展,根据802.11协议,我们可以定义围栏响应信息的Element ID为61(0x3D),如果回复消息为IMSI的话,可以设置Length为4(0x04),可以设置Length为4(0x04),后面填充IMSI的各个字母的ASCII码,即“49 4D 53 49”,然后再串联整个IMSI的号码的ASCII码,如果IMSI号码为“460027926375874”则整个帧的Information Element的字节流用16进制表示为“3D 04 49 4D 53 49 34 36 30 30 32 37 39 32 36 33 37 35 38 37 34”。For the response message of the AP, we can extend based on the Information Element of the Probe Response frame. According to the 802.11 protocol, we can define the Element ID of the fence response information to be 61 (0x3D). If the reply message is IMSI, the Length can be set to 4 ( 0x04), you can set the Length to 4 (0x04), and then fill in the ASCII code of each letter of the IMSI, that is, "49 4D 53 49", and then concatenate the ASCII code of the entire IMSI number. If the IMSI number is "460027926375874" then the whole The byte stream of the Information Element of the frame is expressed in hexadecimal as "3D 04 49 4D 53 49 34 36 30 30 32 37 39 32 36 33 37 35 38 37 34".
另外,本实施中终端与AP间进行数据传输,也可以是通过可以在局域网内通过TCP(Transmission Control Protocol,传输控制协 议)/IP(Internet Protocol,网络之间互联协议)方式获取到USIM卡相关参数。如终端接入IP地址为192.168.1.1的AP(带有USIM卡),AP为终端分配的IP地址为192.168.1.100,则终端可以通过TCP/IP协议建立192.168.1.100和192.168.1.1之间的通信,进而传输USIM卡参数的请求信息和响应信息。In addition, in this implementation, data transmission between the terminal and the AP may be performed by using TCP (Transmission Control Protocol) in the local area network. The IPIP (Internet Protocol) method obtains the parameters related to the USIM card. If the terminal accesses the AP with the IP address 192.168.1.1 (with the USIM card) and the IP address assigned by the AP to the terminal is 192.168.1.100, the terminal can establish the connection between 192.168.1.100 and 192.168.1.1 through the TCP/IP protocol. Communication, which in turn transmits request and response information for USIM card parameters.
本实施例中未设置有USIM卡的终端也可以从设置有USIM卡的终端获取IMSI信息,来实现网络接入,该设置有USIM卡的终端可以是手机,未设置有卡的终端可以是智能电视。如终端先接入IP地址为192.168.1.1的AP(无USIM卡),AP为终端分配的IP地址为192.168.1.100,带有USIM卡的手机也接入该AP,AP为带有USIM卡的手机分配的IP地址为192.168.1.101,则终端可以通过TCP/IP协议建立192.168.1.100和192.168.1.101之间的通信,进而传输USIM卡的IMSI信息的获取请求和响应信息。The terminal that is not provided with the USIM card in this embodiment may also obtain the IMSI information from the terminal provided with the USIM card to implement network access. The terminal with the USIM card may be a mobile phone, and the terminal not provided with the card may be smart. TV. If the terminal accesses the AP with the IP address of 192.168.1.1 (without the USIM card), the AP assigns the IP address to the terminal as 192.168.1.100. The mobile phone with the USIM card also accesses the AP. The AP is connected to the AP. The IP address assigned by the mobile phone is 192.168.1.101, and the terminal can establish communication between 192.168.1.100 and 192.168.1.101 through the TCP/IP protocol, thereby transmitting the request and response information of the IMSI information of the USIM card.
本发明实施例提供的VoWiFi网络接入方法,通过使未设置有SIM卡的终端获取设置有SIM卡的手机等终端或设置有SIM卡的AP的SIM卡中的IMSI信息,然后通过该IMSI信息与ePDG进行日志鉴权以接入VoWiFi网络,使得该终端能够实现基于WLAN的语音的视频通信,提高了用户的体验。The method for accessing the VoWiFi network provided by the embodiment of the present invention obtains the IMSI information in the SIM card, such as a mobile phone provided with a SIM card or the SIM card of the AP provided with the SIM card, by the terminal not provided with the SIM card, and then passes the IMSI information. Log authentication with the ePDG to access the VoWiFi network, enabling the terminal to implement video communication based on WLAN voice, thereby improving the user experience.
实施例四:Embodiment 4:
为了使终端可以更为自由的接入VoWiFi网络,不需要受限于自身必须存储有用户身份标识,才能接入VoWiFi网络,从而提高用户的体验;本实施例提供一种VoWiFi网络接入终端,请参见图5,包括:用户身份标识获取模块51,认证参数获取模块52,认证参数发送模块53和用户认证响应处理模块54;其中用户身份标识获取模块51设置为向存储有用户身份标识的设备发送获取请求,获取用户身份标识;认证参数获取模块52设置为根据用户身份标识获取用于进行VoWiFi网络接入鉴权的认证参数;认证参数发送模块53设置为将认证参数发送给获取用户身份标识的设备, 使设备根据认证参数计算出用户认证响应,并获取用户认证响应;用户认证响应处理模块54设置为将用户认证响应发送给用于进行VoWiFi网络接入鉴权的网关,使网关根据用户认证响应完成鉴权,接入VoWiFi网络。In order to enable the terminal to access the VoWiFi network more freely, the user does not need to be restricted to store the user identity to access the VoWiFi network, thereby improving the user experience. This embodiment provides a VoWiFi network access terminal. Referring to FIG. 5, the method includes: a user identity obtaining module 51, an authentication parameter obtaining module 52, an authentication parameter sending module 53 and a user authentication response processing module 54. The user identity acquiring module 51 is configured to store the user identity identifier. Sending the acquisition request to obtain the user identity; the authentication parameter obtaining module 52 is configured to obtain the authentication parameter for performing the VoWiFi network access authentication according to the user identity identifier; the authentication parameter sending module 53 is configured to send the authentication parameter to the acquiring user identity. device of, The device is configured to calculate a user authentication response according to the authentication parameter, and obtain a user authentication response. The user authentication response processing module 54 is configured to send the user authentication response to the gateway for performing the VoWiFi network access authentication, so that the gateway completes the response according to the user authentication. Authentication, access to the VoWiFi network.
具体的,用户身份标识获取模块51向存储有用户身份标识的设备发送获取请求,获取用户身份标识,包括:当用户想使用VoWiFi提供的基于WLAN的语音和/或视频服务时,需要用户终端接入VoWiFi网络,终端接入VoWiFi网络时,需要通过用户身份标识进行接入鉴权,若该终端自身存储有可用于VoWiFi网络接入鉴权的用户身份标识,则可以方便的实现VoWiFi网络的接入,但是若该终端是未存储有用户身份标识的终端,或其自身存储的用户身份标识是不可用的,则终端可以从其他存储有用户身份标识的设备处获取用户身份标识,进行VoWiFi网络接入鉴权。Specifically, the user identity obtaining module 51 sends an acquisition request to the device that stores the user identity to obtain the user identity, including: when the user wants to use the WLAN-based voice and/or video service provided by VoWiFi, the user terminal is required to be connected. When accessing the VoWiFi network, the terminal needs to perform access authentication through the user identity. If the terminal itself stores a user identity that can be used for access authentication of the VoWiFi network, the VoWiFi network can be conveniently connected. If the terminal is a terminal that does not store the user identity, or the user identity stored by the terminal is unavailable, the terminal may obtain the user identity from other devices that store the user identity, and perform the VoWiFi network. Access authentication.
进一步的,向存储有用户身份标识的设备发送获取请求,获取用户身份标识,包括以下至少一种:向存储有用户身份标识的无线访问接入点设备发送获取请求,获取无线访问接入点设备存储的用户身份标识;向无线访问接入点设备发送获取请求,由无线访问接入点设备将获取请求转发给与其建立通信且存储有用户身份标识的用户身份标识终端,获取用户身份标识终端存储的用户身份标识;向存储有用户身份标识的用户身份标识终端发送获取请求,获取用户身份标识终端存储的用户身份标识。Further, the device sends the acquisition request to the device that stores the user identity, and obtains the user identity, including at least one of the following: sending an acquisition request to the wireless access point device that stores the user identity, and acquiring the wireless access point device. The stored user identity identifier is sent to the wireless access point device, and the wireless access point device forwards the acquisition request to the user identity terminal with which the user identity is established and the user identity is stored, and obtains the user identity terminal storage. The user identity identifier is sent to the user identity terminal storing the user identity, and the user identity identifier stored by the user identity terminal is obtained.
具体的,在AP设备上直接存储用户身份标识,在终端需要接入VoWiFi网络时,与该AP设备建立通信,即接入该AP所在的无线局域网,向AP设备发送获取请求,获取该AP设备存储的用户身份标识。或者当与AP建立通信的其他终端存储有用户身份标识时,终端可以与该AP建立通信,然后向AP发送获取请求,由AP将获取请求转发给该存储有用户身份标识的用户身份标识终端,使得终端获取该用户身份标识终端存储的用户身份标识。除了上述与AP建立通信,获取用户身份标识的方式,也可以与存储用户身份标识的用户身份标识终端直接建立通信,方便的获取到该用户身份标识终端存储的用户身份标识;与用户身份标识终端直接建立通信获取用户身份标识可以是通过蓝牙、近场通信等方式建立通信, 获取用户身份标识;也可以是通过有线连接方式建立通信,获取用户身份标识。Specifically, the user identity is directly stored on the AP device. When the terminal needs to access the VoWiFi network, the terminal establishes communication with the AP device, that is, accesses the wireless local area network where the AP is located, and sends an acquisition request to the AP device to obtain the AP device. The stored user ID. Or when the other terminal that establishes communication with the AP stores the user identity, the terminal may establish a communication with the AP, and then send an acquisition request to the AP, and the AP forwards the acquisition request to the user identity terminal that stores the user identity. The terminal is configured to obtain the user identity identifier stored by the user identity terminal. In addition to the foregoing manner of establishing communication with the AP and obtaining the user identity, the user identity identification terminal storing the user identity may directly establish communication, and conveniently obtain the user identity stored by the user identity terminal; and the user identity terminal Establishing communication directly to obtain the user identity can be established through Bluetooth, near field communication, etc. Obtain the user identity; or establish a communication through a wired connection to obtain the user identity.
本实施例中的用户身份标识包括:国际移动用户识别码。具体的,目前使用的VoWiFi都是基于EAP-AKA鉴权的,而EAP-AKA鉴权又需要基于SIM中的IMSI信息,当终端没有SIM卡时,是无法进行EAP-AKA鉴权的,即无法接入核心网,所以在接入VoWiFi网络时,终端可以获取其他设置有SIM卡的设备的IMSI信息来进行鉴权以接入VoWiFi网络。即如常用的智能电视、智能腕表、平板电脑等终端是未设置有SIM卡的,则前述终端可以去获取其他设置有SIM卡的设备的IMSI信息,然后通过获取到的IMSI信息进行鉴权以接入该VoWiFi网络。该设置有SIM卡的设备可以是常见的设置有SIM卡的手机,也可以是设置有SIM卡的AP。本实施例中终端获取其他设备SIM卡中的IMSI信息可以是在需要接入VoWiFi网络时才去获取,也可以是在其他任意时间去获取,获取到以后继续存储,当需要接入VoWiFi网络时,直接通过该IMSI信息进行接入鉴权即可。另外,本实施例中的SIM卡可以是普通SIM卡,也可以是USIM卡、eSIM卡等其他存储有IMSI信息的SIM卡。The user identity identifier in this embodiment includes: an international mobile subscriber identity. Specifically, the currently used VoWiFi is based on EAP-AKA authentication, and the EAP-AKA authentication needs to be based on the IMSI information in the SIM. When the terminal does not have a SIM card, EAP-AKA authentication cannot be performed, that is, The core network cannot be accessed. Therefore, when accessing the VoWiFi network, the terminal can obtain the IMSI information of other devices equipped with the SIM card for authentication to access the VoWiFi network. That is, if a terminal such as a smart TV, a smart watch, or a tablet computer is not provided with a SIM card, the terminal can obtain the IMSI information of other devices equipped with the SIM card, and then perform authentication by using the acquired IMSI information. To access the VoWiFi network. The device provided with the SIM card may be a common mobile phone provided with a SIM card, or may be an AP provided with a SIM card. In this embodiment, the terminal obtains the IMSI information in the SIM card of the other device, which may be acquired when the VoWiFi network needs to be accessed, or may be acquired at any other time, and then continues to be stored after being acquired, when the VoWiFi network needs to be accessed. The access authentication can be performed directly through the IMSI information. In addition, the SIM card in this embodiment may be a normal SIM card, or may be a SIM card that stores IMSI information, such as a USIM card or an eSIM card.
认证参数获取模块52根据用户身份标识获取用于进行VoWiFi网络接入鉴权的认证参数,包括:VoWiFi网络中设置为进行VoWiFi网络接入鉴权的网关一般是ePDG,当终端需要接入VoWiFi网络时,与ePDG建立二者之间进行数据传输的数据通道,该数据通道可以是IPSec隧道,然后终端通过该隧道向ePDG发送包含用户身份标识的认证参数获取请求。当ePDG收到该认证参数获取请求后,根据用户身份标识向AAA服务器发送鉴权向量获取请求;AAA则根据该用户身份标识生成相应的鉴权向量发送给ePDG,该鉴权向量中包含XRES和认证参数,该认证参数包括RAND和AUTN;进一步的,该鉴权向量还包括其他用于鉴权的密钥等信息。ePDG收到该鉴权向量后,将其中的认证参数发送给该终端,将期待用户认证响应存储在本地,以便进行后续的VoWiFi网络接入鉴权。The authentication parameter obtaining module 52 obtains the authentication parameter for performing the VoWiFi network access authentication according to the user identity, including: the gateway configured to perform the VoWiFi network access authentication in the VoWiFi network is generally an ePDG, and the terminal needs to access the VoWiFi network. And establishing, by the ePDG, a data channel for data transmission between the two, the data channel may be an IPSec tunnel, and then the terminal sends an authentication parameter acquisition request including the user identity to the ePDG through the tunnel. After receiving the authentication parameter obtaining request, the ePDG sends an authentication vector obtaining request to the AAA server according to the user identity identifier; the AAA generates a corresponding authentication vector according to the user identity identifier and sends the corresponding authentication vector to the ePDG, where the authentication vector includes the XRES and the The authentication parameter includes RAND and AUTN; further, the authentication vector further includes other information such as a key used for authentication. After receiving the authentication vector, the ePDG sends the authentication parameter to the terminal, and stores the expected user authentication response locally for subsequent VoWiFi network access authentication.
认证参数发送模块53将认证参数发送给存储用户身份标识的设备, 使设备根据认证参数计算出用户认证响应,包括:当终端收到ePDG发送的认证参数后,为保证终端接入的安全性,将该认证参数发送给获取该用户身份标识的设备,让该设备通过该认证参数计算出相应的RES,然后该设备将其计算出的用户认证响应返回给终端。将认证参数发送给存储用户身份标识的设备,包括以下至少一种:当用户身份标识是从无线访问接入点设备获取的时,将认证参数发送给存储用户身份标识的无线访问接入点;当用户身份标识是从与无线访问接入点设备建立通信的用户身份标识终端获取的时,将认证参数发送给无线访问接入点设备,由无线访问接入点设备将认证参数转发给存储用户身份标识的用户身份标识终端;当用户身份标识是直接从存储用户身份标识的用户身份标识终端获取的时,将认证参数发送给用户身份标识终端。The authentication parameter sending module 53 sends the authentication parameter to the device that stores the user identity. The device is configured to calculate the user authentication response according to the authentication parameter, including: after the terminal receives the authentication parameter sent by the ePDG, to ensure the security of the terminal access, the authentication parameter is sent to the device that obtains the identity of the user, and the device is allowed to be The corresponding RES is calculated by the authentication parameter, and then the device returns its calculated user authentication response to the terminal. Sending the authentication parameter to the device for storing the user identity, including at least one of the following: when the user identity is obtained from the wireless access point device, sending the authentication parameter to the wireless access point storing the user identity; When the user identity is obtained from the user identity terminal that establishes communication with the wireless access point device, the authentication parameter is sent to the wireless access point device, and the wireless access point device forwards the authentication parameter to the storage user. The identity of the user identity terminal; when the user identity is obtained directly from the user identity terminal storing the user identity, the authentication parameter is sent to the user identity terminal.
用户认证响应处理模块54,获取用户认证响应,并将用户认证响应发送给网关,使网关根据用户认证响应完成鉴权,以实现VoWiFi网络的接入,包括:终端接收到用户认证响应后,进一步将此用户认证响应发送给ePDG,由ePDG将此用户认证响应与其本地存储的XRES进行对比,判断二者是否一致,若一致,则说明该终端通过认证鉴权,允许其接入VoWiFi网络;若不一致,则该终端是非可信终端,拒绝其接入VoWiFi网络。The user authentication response processing module 54 obtains the user authentication response, and sends the user authentication response to the gateway, so that the gateway completes the authentication according to the user authentication response to implement the access of the VoWiFi network, including: after receiving the user authentication response, the terminal further The user authentication response is sent to the ePDG, and the ePDG compares the user authentication response with the locally stored XRES to determine whether the two are consistent. If the two are consistent, the terminal authenticates and allows access to the VoWiFi network; If the call is inconsistent, the terminal is a non-trusted terminal and refuses to access the VoWiFi network.
需要理解的是,本实施例中的终端可以只获取一个用户身份标识,也可以获取两个或两个以上的用户身份标识,后续根据需要选择其中一个用户身份标识进行鉴权,如根据提供WLAN网络的运营商来选择该WLAN网络支持接入的用户身份标识来进行接入,或选择信用度高的用户身份标识来接入VoWiFi网络。It is to be understood that the terminal in this embodiment may obtain only one user identity identifier, or may obtain two or more user identity identifiers, and then select one of the user identity identifiers for authentication according to requirements, such as providing a WLAN according to requirements. The operator of the network selects the user identity of the WLAN network to support the access, or selects the user identity with high credit to access the VoWiFi network.
本实施例提供的VoWiFi网络接入终端,该终端通过向存储有用户身份标识的设备发送获取请求,获取用户身份标识;根据用户身份标识向用于进行VoWiFi网络接入鉴权的网关发送认证参数获取请求,获取用于进行VoWiFi网络接入鉴权的认证参数;将认证参数发送给存储用户身份标识的设备,使设备根据认证参数计算出用户认证响应;获取用户认证响应,并将用户认证响应发送给网关,使网关根据用户认证响应完成鉴权,以接 入VoWiFi网络。使得终端能够通过其他设备存储的用户身份标识进行VoWiFi网络接入鉴权,从而接入该VoWiFi网络,提高了用户的体验。The VoWiFi network access terminal provided by the embodiment, the terminal sends an acquisition request to the device storing the user identity, and obtains the user identity; and sends the authentication parameter to the gateway for performing the VoWiFi network access authentication according to the user identity. Obtaining a request, obtaining an authentication parameter for performing a VoWiFi network access authentication; sending the authentication parameter to a device storing the user identity, causing the device to calculate a user authentication response according to the authentication parameter; obtaining a user authentication response, and the user authentication response Send to the gateway, so that the gateway completes the authentication according to the user authentication response. Into the VoWiFi network. The terminal can enable the VoWiFi network access authentication through the user identity stored by the other device, thereby accessing the VoWiFi network, thereby improving the user experience.
本实施例还提供一种无线访问接入点设备,请参见图6,包括:获取请求接收模块61,用户身份标识处理模块62和认证参数处理模块63;其中获取请求接收模块61设置为接收终端发送的获取请求,获取请求用于终端获取用户身份标识;用户身份标识处理模块62设置为根据获取请求获取用户身份标识,将用户身份标识发送给终端;认证参数处理模块63设置为接收终端发送的认证参数,根据认证参数得到用户认证响应,并将用户认证响应发送给终端;认证参数为终端根据用户身份标识获取的用于进行VoWiFi网络接入鉴权的参数。The embodiment also provides a wireless access point device. Referring to FIG. 6, the method includes: an acquisition request receiving module 61, a user identity processing module 62, and an authentication parameter processing module 63. The acquisition request receiving module 61 is configured as a receiving terminal. The obtaining request for obtaining, the obtaining request is used by the terminal to obtain the user identity; the user identity processing module 62 is configured to acquire the user identity according to the obtaining request, and send the user identity to the terminal; the authentication parameter processing module 63 is configured to receive the sending by the terminal. The authentication parameter is obtained according to the authentication parameter, and the user authentication response is sent to the terminal. The authentication parameter is a parameter used by the terminal to perform the VoWiFi network access authentication according to the user identity.
具体的,当终端需要通过无线接入点设备获取用户身份标识以接入VoWiFi网络时,会向无线接入点设备发送用于获取用户识别标识的获取请求,此时该无线接入点设备通过获取请求接收模块61接收终端发送的获取请求。本实施例中的用户身份标识可以是SIM卡中存储的IMSI信息。在获取请求接收模块61接收到终端发送的获取请求后,由用户身份标识发送模块62根据该获取请求获取用户身份标识发送给终端,其发送方式具体可以是若该无线接入点设备本地存储有用户身份标识,则根据获取请求将该用户身份标识发送给终端;若其本地未存储有用户身份标识或终端发送的获取请求是获取用户身份标识终端存储的用户身份标识,则该无线接入点设备将该获取请求发送给该用户身份标识终端,获取该用户身份标识终端存储的用户身份标识,将该用户身份标识发送给终端。Specifically, when the terminal needs to obtain the user identity by using the wireless access point device to access the VoWiFi network, the terminal sends an acquisition request for acquiring the user identification identifier to the wireless access point device, and the wireless access point device passes the device. The acquisition request receiving module 61 receives the acquisition request sent by the terminal. The user identity in this embodiment may be IMSI information stored in the SIM card. After the obtaining request receiving module 61 receives the obtaining request sent by the terminal, the user identity sending module 62 obtains the user identity and sends the user identity to the terminal according to the obtaining request, and the sending manner may be specifically if the wireless access point device locally stores The user identity identifier is sent to the terminal according to the acquisition request; if the user identity is not stored locally or the acquisition request sent by the terminal is the user identity identifier stored by the user identity identifier terminal, the wireless access point The device sends the acquisition request to the user identity identifier terminal, obtains the user identity identifier stored by the user identity identifier terminal, and sends the user identity identifier to the terminal.
认证参数处理模块63接收终端转发的从用于进行VoWiFi网络接入鉴权的网关处获取的认证参数,该认证参数可以包括RAND和AUTN。然后根据该认证参数计算出对应的用户认证响应(RES),该认证参数可以是根据IMSI信息获取的认证参数。计算出用户认证响应后,将该用户认证响应再发送给终端,其具体可以是通过以下方式来发送:若发送给终端的用户身份标识为本地存储的用户身份标识,则在本地根据认证参数生成用户认证响应,将用户认证响应发送给终端;若发送给终端的用户身份标 识为用户身份标识终端存储的用户身份标识,将认证参数发送给用户身份标识终端,由用户身份标识终端根据认证参数计算出用户认证响应,获取用户认证响应,将用户认证响应发送给终端。The authentication parameter processing module 63 receives the authentication parameters that are obtained by the terminal and are obtained from the gateway for performing the VoWiFi network access authentication, and the authentication parameters may include RAND and AUTN. Then, a corresponding user authentication response (RES) is calculated according to the authentication parameter, and the authentication parameter may be an authentication parameter obtained according to the IMSI information. After the user authentication response is calculated, the user authentication response is sent to the terminal, which may be specifically sent by: if the user identity sent to the terminal is a locally stored user identity, it is generated locally according to the authentication parameter. User authentication response, sending a user authentication response to the terminal; if the user identity is sent to the terminal The user identity identifier stored in the user identity terminal is sent to the user identity identification terminal, and the user identity identification terminal calculates the user authentication response according to the authentication parameter, obtains the user authentication response, and sends the user authentication response to the terminal.
需要理解的是本实施例中的SIM卡可以是普通SIM卡,也可以是USIM卡、eSIM卡等存储有IMSI信息的SIM卡。另外,当本地只存储有一个用户身份标识,如只设置有一个SIM卡,将该用户身份标识发送给终端;若本地存储有两个或两个以上的用户身份标识,如本地设置有两张或两张以上的SIM卡,则在接收到终端的获取请求后,可以根据该获取请求选择一个用户身份标识发送给该终端,也可以将全部用户身份标识都发送给终端,由终端选择用于获取认证参数的用户身份标识,进行认证参数获取。It should be understood that the SIM card in this embodiment may be a normal SIM card, or may be a SIM card in which IMSI information is stored, such as a USIM card or an eSIM card. In addition, when only one user identity is stored locally, for example, only one SIM card is set, and the user identity is sent to the terminal; if two or more user identifiers are stored locally, for example, two local settings are provided. Or two or more SIM cards, after receiving the acquisition request of the terminal, may select a user identity identifier to be sent to the terminal according to the acquisition request, or send all user identity identifiers to the terminal, and the terminal selects to use Obtain the user ID of the authentication parameter and obtain the authentication parameter.
本实施例提供的无线访问接入点设备,通过接收终端发送的获取请求,获取请求用于终端获取用户身份标识;根据获取请求获取用户身份标识,将用户身份标识发送给终端;接收终端发送的认证参数,根据认证参数计算出用户认证响应,并将用户认证响应发送给终端;认证参数为终端根据用户身份标识获取的用于进行VoWiFi网络接入鉴权的参数。即可以为需要接入VoWiFi网络的终端提供用户身份标识,并根据认证参数计算用户认证响应,使得终端能够接入VoWiFi网络,提高了用户的体验。The wireless access point device provided in this embodiment receives the acquisition request sent by the terminal, and obtains the request for the terminal to acquire the user identity; obtains the user identity according to the acquisition request, and sends the user identity to the terminal; The authentication parameter is used to calculate a user authentication response according to the authentication parameter, and the user authentication response is sent to the terminal; the authentication parameter is a parameter used by the terminal to perform VoWiFi network access authentication according to the user identity. That is, the user identity identifier can be provided for the terminal that needs to access the VoWiFi network, and the user authentication response is calculated according to the authentication parameter, so that the terminal can access the VoWiFi network, thereby improving the user experience.
本实施例还提供一种VoWiFi网络接入***,图7为本发明实施例四的VoWiFi网络接入***示意图,如图7所示,该***包括上述VoWiFi网络接入终端和无线访问接入点设备,采用本实施例提供的VoWiFi网络接入***可以更为便捷的实现VoWiFi网络的接入,提高用户体验。The present embodiment further provides a VoWiFi network access system. FIG. 7 is a schematic diagram of a VoWiFi network access system according to Embodiment 4 of the present invention. As shown in FIG. 7, the system includes the above VoWiFi network access terminal and a wireless access point. The device adopts the VoWiFi network access system provided in this embodiment to implement the access of the VoWiFi network more conveniently and improve the user experience.
本发明的实施例还提供了一种存储介质。可选地,在本实施例中,上述存储介质可以被设置为存储用于执行以下步骤的程序代码:Embodiments of the present invention also provide a storage medium. Optionally, in the embodiment, the foregoing storage medium may be configured to store program code for performing the following steps:
步骤S101,向存储有用户身份标识的设备发送获取请求,获取用户身份标识;Step S101: Send an acquisition request to the device that stores the user identity, and obtain the user identity.
步骤S102,根据用户身份标识向设置为进行VoWiFi网络接入鉴权的 网关发送认证参数获取请求,获取用于进行VoWiFi网络接入鉴权的认证参数;Step S102, according to the user identity identifier, set to perform VoWiFi network access authentication. The gateway sends an authentication parameter acquisition request, and obtains an authentication parameter used for performing VoWiFi network access authentication.
步骤S103,将认证参数发送给存储用户身份标识的设备,使设备根据认证参数计算出用户认证响应;Step S103: Send the authentication parameter to the device that stores the user identity, so that the device calculates the user authentication response according to the authentication parameter.
步骤S104,获取用户认证响应,并将用户认证响应发送给网关,使网关根据用户认证响应完成鉴权,接入VoWiFi网络。Step S104: Acquire a user authentication response, and send the user authentication response to the gateway, so that the gateway completes the authentication according to the user authentication response, and accesses the VoWiFi network.
可选地,在本实施例中,上述存储介质还可以被设置为存储用于执行以下步骤的程序代码:Optionally, in this embodiment, the foregoing storage medium may be further configured to store program code for performing the following steps:
步骤S201,接收终端发送的获取请求,获取请求用于终端获取用户身份标识;Step S201: Receive an acquisition request sent by the terminal, where the acquisition request is used by the terminal to acquire the user identity identifier;
步骤S202,根据获取请求获取用户身份标识,将用户身份标识发送给终端;Step S202: Acquire a user identity identifier according to the acquisition request, and send the user identity identifier to the terminal;
步骤S203,接收终端发送的认证参数,根据认证参数得到用户认证响应,并将用户认证响应发送给终端;认证参数为终端根据用户身份标识获取的用于进行VoWiFi网络接入鉴权的参数。Step S203: Receive an authentication parameter sent by the terminal, obtain a user authentication response according to the authentication parameter, and send the user authentication response to the terminal. The authentication parameter is a parameter used by the terminal to perform VoWiFi network access authentication according to the user identity.
可选地,在本实施例中,上述存储介质可以包括但不限于:U盘、只读存储器(ROM,Read-Only Memory)、随机存取存储器(RAM,Random Access Memory)、移动硬盘、磁碟或者光盘等各种可以存储程序代码的介质。Optionally, in this embodiment, the foregoing storage medium may include, but not limited to, a USB flash drive, a Read-Only Memory (ROM), a Random Access Memory (RAM), a mobile hard disk, and a magnetic memory. A variety of media that can store program code, such as a disc or a disc.
可选地,本实施例中的具体示例可以参考上述实施例及可选实施方式中所描述的示例,本实施例在此不再赘述。For example, the specific examples in this embodiment may refer to the examples described in the foregoing embodiments and the optional embodiments, and details are not described herein again.
显然,本领域的技术人员应该明白,上述的本发明的各模块或各步骤可以用通用的计算装置来实现,它们可以集中在单个的计算装置上,或者分布在多个计算装置所组成的网络上,可选地,它们可以用计算装置可执行的程序代码来实现,从而,可以将它们存储在存储装置中由计算装置来 执行,并且在某些情况下,可以以不同于此处的顺序执行所示出或描述的步骤,或者将它们分别制作成各个集成电路模块,或者将它们中的多个模块或步骤制作成单个集成电路模块来实现。这样,本发明不限制于任何特定的硬件和软件结合。It will be apparent to those skilled in the art that the various modules or steps of the present invention described above can be implemented by a general-purpose computing device that can be centralized on a single computing device or distributed across a network of multiple computing devices. Alternatively, they may be implemented by program code executable by the computing device so that they may be stored in the storage device by the computing device Execution, and in some cases, the steps shown or described may be performed in an order different than that herein, or they may be separately fabricated into individual integrated circuit modules, or a plurality of The integrated circuit module is implemented. Thus, the invention is not limited to any specific combination of hardware and software.
以上所述仅为本发明的优选实施例而已,并不用于限制本发明,对于本领域的技术人员来说,本发明可以有各种更改和变化。凡在本发明的精神和原则之内,所作的任何修改、等同替换、改进等,均应包含在本发明的保护范围之内。The above description is only the preferred embodiment of the present invention, and is not intended to limit the present invention, and various modifications and changes can be made to the present invention. Any modifications, equivalent substitutions, improvements, etc. made within the spirit and scope of the present invention are intended to be included within the scope of the present invention.
工业实用性Industrial applicability
如上所述,本发明实施例提供的一种VoWiFi网络接入方法和***、终端,具有以下有益效果:通过向存储有用户身份标识的设备发送获取请求,获取用户身份标识;根据用户身份标识向用于进行VoWiFi网络接入鉴权的网关发送认证参数获取请求,获取用于进行VoWiFi网络接入鉴权的认证参数;将认证参数发送给存储用户身份标识的设备,使设备根据认证参数计算出用户认证响应;获取用户认证响应,并将用户认证响应发送给网关,使网关根据用户认证响应完成鉴权,以接入VoWiFi网络。使得终端能够通过其他设备存储的用户身份标识进行VoWiFi网络接入鉴权,从而接入该VoWiFi网络,提高了用户的体验。 As described above, the VoWiFi network access method, system, and terminal provided by the embodiments of the present invention have the following beneficial effects: the user identity identifier is obtained by sending an acquisition request to the device storing the user identity identifier; The gateway for performing the access authentication of the VoWiFi network sends an authentication parameter acquisition request, and obtains an authentication parameter for performing the access authentication of the VoWiFi network. The authentication parameter is sent to the device that stores the identity of the user, so that the device calculates the authentication parameter according to the authentication parameter. The user authentication response is obtained, and the user authentication response is obtained, and the user authentication response is sent to the gateway, so that the gateway completes the authentication according to the user authentication response to access the VoWiFi network. The terminal can enable the VoWiFi network access authentication through the user identity stored by the other device, thereby accessing the VoWiFi network, thereby improving the user experience.

Claims (11)

  1. 一种VoWiFi网络接入方法,包括:A VoWiFi network access method includes:
    向存储有用户身份标识的设备发送获取请求,获取所述用户身份标识;Sending an acquisition request to the device storing the user identity to obtain the user identity;
    根据所述用户身份标识向用于进行VoWiFi网络接入鉴权的网关发送认证参数获取请求,获取用于进行VoWiFi网络接入鉴权的认证参数;Sending an authentication parameter acquisition request to the gateway for performing VoWiFi network access authentication according to the user identity, and acquiring an authentication parameter for performing VoWiFi network access authentication;
    将所述认证参数发送给存储所述用户身份标识的所述设备,使所述设备根据所述认证参数计算出用户认证响应;Sending the authentication parameter to the device storing the user identity, and causing the device to calculate a user authentication response according to the authentication parameter;
    获取所述用户认证响应,并将所述用户认证响应发送给所述网关,使所述网关根据所述用户认证响应完成鉴权,以接入所述VoWiFi网络。Obtaining the user authentication response, and sending the user authentication response to the gateway, so that the gateway completes authentication according to the user authentication response to access the VoWiFi network.
  2. 如权利要求1所述的VoWiFi网络接入方法,其中,所述向存储有用户身份标识的设备发送获取请求,获取所述用户身份标识,包括以下至少一种:The method for accessing a VoWiFi network according to claim 1, wherein the sending the acquisition request to the device storing the user identity, and acquiring the user identity, includes at least one of the following:
    向存储有用户身份标识的无线访问接入点设备发送获取请求,获取所述无线访问接入点设备存储的所述用户身份标识;Sending an acquisition request to the wireless access point device that stores the user identity, and acquiring the user identity identifier stored by the wireless access point device;
    向无线访问接入点设备发送获取请求,由所述无线访问接入点设备将所述获取请求转发给存储有用户身份标识的用户身份标识终端,获取所述用户身份标识终端存储的所述用户身份标识;Sending an acquisition request to the wireless access point device, and the wireless access point device forwards the acquisition request to the user identity terminal that stores the user identity, and acquires the user stored by the user identity terminal. Identity
    向存储有所述用户身份标识的用户身份标识终端发送获取请求,获取所述用户身份标识终端存储的所述用户身份标识。Sending an acquisition request to the user identity terminal that stores the user identity, and acquiring the user identity identifier stored by the user identity terminal.
  3. 如权利要求2所述的VoWiFi网络接入方法,其中,将所述认证参数发送给存储所述用户身份标识的所述设备,包括以下至少一种:The method for accessing a VoWiFi network according to claim 2, wherein the sending the authentication parameter to the device storing the user identity comprises at least one of the following:
    当所述用户身份标识是从无线访问接入点设备获取的时,将所述认证参数发送给存储所述用户身份标识的所述无线访问接入点;Sending the authentication parameter to the wireless access point storing the user identity when the user identity is obtained from a wireless access point device;
    当所述用户身份标识是从与无线访问接入点设备建立通信的用户身份标识终端获取的时,将所述认证参数发送给所述无线访问接入点 设备,由所述无线访问接入点设备将所述认证参数转发给存储所述用户身份标识的所述用户身份标识终端;Sending the authentication parameter to the wireless access point when the user identity is obtained from a user identity terminal that establishes communication with the wireless access point device The device, by the wireless access point device, forwarding the authentication parameter to the user identity terminal storing the user identity identifier;
    当所述用户身份标识是直接从存储所述用户身份标识的用户身份标识终端获取的时,将所述认证参数发送给存储所述用户身份标识的所述用户身份标识终端。And when the user identity identifier is directly obtained from the user identity identifier terminal that stores the user identity identifier, the authentication parameter is sent to the user identity identity terminal that stores the user identity identifier.
  4. 如权利要求1-3任一项所述的VoWiFi网络接入方法,其中,所述用户身份标识包括:国际移动用户识别码。The VoWiFi network access method according to any one of claims 1 to 3, wherein the user identity identifier comprises: an international mobile subscriber identity.
  5. 一种VoWiFi网络接入方法,包括:A VoWiFi network access method includes:
    接收终端发送的获取请求,所述获取请求用于所述终端获取用户身份标识;Receiving an acquisition request sent by the terminal, where the obtaining request is used by the terminal to acquire a user identity identifier;
    根据所述获取请求获取所述用户身份标识,将所述用户身份标识发送给所述终端;Obtaining the user identity identifier according to the obtaining request, and sending the user identity identifier to the terminal;
    接收所述终端发送的认证参数,根据所述认证参数得到用户认证响应,并将所述用户认证响应发送给所述终端;所述认证参数为所述终端根据所述用户身份标识获取的用于进行VoWiFi网络接入鉴权的参数。Receiving the authentication parameter sent by the terminal, obtaining a user authentication response according to the authentication parameter, and sending the user authentication response to the terminal; the authentication parameter is used by the terminal according to the user identity identifier Parameters for performing VoWiFi network access authentication.
  6. 如权利要求5所述的VoWiFi网络接入方法,其中,根据所述获取请求获取所述用户身份标识,将所述用户身份标识发送给所述终端,包括以下至少一种:The method for accessing a VoWiFi network according to claim 5, wherein the user identity is obtained according to the obtaining request, and the user identity is sent to the terminal, including at least one of the following:
    获取本地存储的所述用户身份标识,将所述用户身份标识发送给所述终端;Obtaining the locally stored user identity, and sending the user identity to the terminal;
    将所述获取请求转发给存储有用户身份标识的用户身份标识终端,获取所述用户身份标识终端存储的所述用户身份标识,将所述用户身份标识发送给所述终端。And forwarding the obtaining request to the user identity terminal that stores the user identity, acquiring the user identity identifier stored by the user identity terminal, and sending the user identity to the terminal.
  7. 如权利要求6所述的VoWiFi网络接入方法,其中,根据所述认证参数得到用户认证响应,并将所述用户认证响应发送给所述终端, 包括以下至少一种:The method for accessing a VoWiFi network according to claim 6, wherein the user authentication response is obtained according to the authentication parameter, and the user authentication response is sent to the terminal, Includes at least one of the following:
    若发送给所述终端的所述用户身份标识为本地存储的用户身份标识,则在本地根据所述认证参数生成用户认证响应,将所述用户认证响应发送给所述终端;If the user identity that is sent to the terminal is a locally stored user identity, the user authentication response is generated locally according to the authentication parameter, and the user authentication response is sent to the terminal;
    若发送给所述终端的所述用户身份标识为用户身份标识终端存储的用户身份标识,将所述认证参数转发给所述用户身份标识终端,由所述用户身份标识终端根据所述认证参数计算出所述用户认证响应,获取所述用户认证响应,将所述用户认证响应发送给所述终端。If the user identity that is sent to the terminal is a user identity that is stored by the user identity terminal, the authentication parameter is forwarded to the user identity terminal, and the user identity terminal calculates the authentication parameter according to the authentication parameter. The user authentication response is obtained, the user authentication response is obtained, and the user authentication response is sent to the terminal.
  8. 一种VoWiFi网络接入终端,包括:A VoWiFi network access terminal includes:
    用户身份标识获取模块,设置为向存储有用户身份标识的设备发送获取请求,获取所述用户身份标识;The user identity obtaining module is configured to send an acquisition request to the device storing the user identity to obtain the user identity identifier;
    认证参数获取模块,设置为根据所述用户身份标识获取用于进行VoWiFi网络接入鉴权的认证参数;An authentication parameter obtaining module is configured to obtain an authentication parameter used for performing VoWiFi network access authentication according to the user identity identifier;
    认证参数发送模块,设置为将所述认证参数发送给存储所述用户身份标识的所述设备,使所述设备根据所述认证参数计算出用户认证响应;The authentication parameter sending module is configured to send the authentication parameter to the device that stores the user identity, so that the device calculates a user authentication response according to the authentication parameter;
    用户认证响应处理模块,设置为获取所述用户认证响应,并将所述用户认证响应发送给用于进行VoWiFi网络接入鉴权的网关,使所述网关根据所述用户认证响应完成鉴权,以接入VoWiFi网络。The user authentication response processing module is configured to obtain the user authentication response, and send the user authentication response to a gateway for performing VoWiFi network access authentication, so that the gateway completes authentication according to the user authentication response. To access the VoWiFi network.
  9. 一种无线访问接入点设备,包括:A wireless access point device, comprising:
    获取请求接收模块,设置为接收终端发送的获取请求,所述获取请求用于所述终端获取用户身份标识;Obtaining a request receiving module, configured to receive an acquisition request sent by the terminal, where the obtaining request is used by the terminal to acquire a user identity identifier;
    用户身份标识处理模块,设置为根据所述获取请求获取所述用户身份标识,将所述用户身份标识发送给所述终端;The user identity processing module is configured to acquire the user identity identifier according to the acquiring request, and send the user identity identifier to the terminal;
    认证参数处理模块,设置为接收所述终端发送的认证参数,根据所述认证参数得到用户认证响应,并将所述用户认证响应发送给所述 终端;所述认证参数为所述终端根据所述用户身份标识获取的用于进行VoWiFi网络接入鉴权的参数。An authentication parameter processing module is configured to receive an authentication parameter sent by the terminal, obtain a user authentication response according to the authentication parameter, and send the user authentication response to the The authentication parameter is a parameter used by the terminal to perform VoWiFi network access authentication according to the user identity.
  10. 一种VoWiFi网络接入***,包括:权利要求8所述的VoWiFi网络接入终端和权利要求9所述的无线访问接入点设备。A VoWiFi network access system comprising: the VoWiFi network access terminal of claim 8 and the wireless access point device of claim 9.
  11. 一种存储介质,设置为存储用于执行如权利要求1至7中任一项所述的VoWiFi网络接入方法的计算机程序。 A storage medium arranged to store a computer program for performing the VoWiFi network access method according to any one of claims 1 to 7.
PCT/CN2017/072276 2016-06-21 2017-01-23 Vowifi network access method and system, and terminal WO2017219673A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201610450147.XA CN107529160B (en) 2016-06-21 2016-06-21 VoWiFi network access method and system, terminal and wireless access point equipment
CN201610450147.X 2016-06-21

Publications (1)

Publication Number Publication Date
WO2017219673A1 true WO2017219673A1 (en) 2017-12-28

Family

ID=60734993

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2017/072276 WO2017219673A1 (en) 2016-06-21 2017-01-23 Vowifi network access method and system, and terminal

Country Status (2)

Country Link
CN (1) CN107529160B (en)
WO (1) WO2017219673A1 (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112055358A (en) * 2020-09-10 2020-12-08 国网江苏省电力有限公司信息通信分公司 WIFI network security access method based on radio frequency fingerprint
CN112351425A (en) * 2020-10-15 2021-02-09 维沃移动通信有限公司 Access authentication method and device and electronic equipment
CN114158136A (en) * 2020-08-17 2022-03-08 Oppo(重庆)智能科技有限公司 WiFi mode configuration method and device and computer readable storage medium

Families Citing this family (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109361666A (en) * 2018-10-12 2019-02-19 浙江工业大学 A kind of hidden long-range control method under WiFi physical isolation environment
CN111163493B (en) * 2018-11-08 2022-08-19 中国电信股份有限公司 Communication configuration method, system and related equipment
CN109922160B (en) * 2019-03-28 2021-07-06 全球能源互联网研究院有限公司 Terminal secure access method, device and system based on power Internet of things
CN110381486A (en) * 2019-07-09 2019-10-25 广东以诺通讯有限公司 A kind of method, Tag label and terminal for sharing VoWiFi business by NFC
CN111093289A (en) * 2019-12-24 2020-05-01 维沃移动通信有限公司 Service transmission method and electronic equipment
CN113596836A (en) * 2021-07-02 2021-11-02 厦门亿联网络技术股份有限公司 Single-card multi-point access and authentication method, device and system based on IMS (IP multimedia subsystem) environment
CN113873491A (en) * 2021-10-29 2021-12-31 中国电信股份有限公司 Communication apparatus, system, and computer-readable storage medium
CN114338157B (en) * 2021-12-28 2023-11-07 中国电信股份有限公司 Terminal service authentication method, device, equipment, system and medium
CN116669042B (en) * 2023-07-26 2023-11-14 中国电信股份有限公司 Re-authentication method and device for voice wireless local area network and communication equipment

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102823282A (en) * 2010-01-04 2012-12-12 电子部品研究院 Key authentication method for binary CDMA
CN103152731A (en) * 2013-02-27 2013-06-12 东南大学 3G accessed IMSI (international mobile subscriber identity) privacy protection method
CN104066073A (en) * 2014-06-30 2014-09-24 中国联合网络通信集团有限公司 Voice service processing method and system
CN105049442A (en) * 2015-08-11 2015-11-11 宇龙计算机通信科技(深圳)有限公司 Network switching method and terminal
WO2016082872A1 (en) * 2014-11-26 2016-06-02 Nokia Solutions And Networks Oy Blocking of nested connections

Family Cites Families (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20060003296A (en) * 2004-07-05 2006-01-10 삼성전자주식회사 Method and system for providing hand-off service between a mobile communication system and a wireless local access network
US7136651B2 (en) * 2004-08-30 2006-11-14 Tatara Systems, Inc. Mobile services control platform providing a converged voice service
AU2008212898B2 (en) * 2007-02-06 2012-02-23 Nokia Technologies Oy Support of UICC-less calls
CN101252770A (en) * 2007-12-27 2008-08-27 华为技术有限公司 Method for terminal access authentication of IMS, communicating system and relevant equipment
CN102695302B (en) * 2012-06-15 2014-12-24 吴芳 System and method for expanding mobile communication function of portable terminal electronic equipment
EP3592018B1 (en) * 2013-06-20 2023-08-02 Samsung Electronics Co., Ltd. Method and device for controlling quality of service in wireless lan
US9736617B2 (en) * 2013-09-13 2017-08-15 Samsung Electronics Co., Ltd. Apparatus, method, and system for activating a mobile terminal
US9648019B2 (en) * 2014-04-15 2017-05-09 Telefonaktiebolaget Lm Ericsson (Publ) Wi-Fi integration for non-SIM devices

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102823282A (en) * 2010-01-04 2012-12-12 电子部品研究院 Key authentication method for binary CDMA
CN103152731A (en) * 2013-02-27 2013-06-12 东南大学 3G accessed IMSI (international mobile subscriber identity) privacy protection method
CN104066073A (en) * 2014-06-30 2014-09-24 中国联合网络通信集团有限公司 Voice service processing method and system
WO2016082872A1 (en) * 2014-11-26 2016-06-02 Nokia Solutions And Networks Oy Blocking of nested connections
CN105049442A (en) * 2015-08-11 2015-11-11 宇龙计算机通信科技(深圳)有限公司 Network switching method and terminal

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114158136A (en) * 2020-08-17 2022-03-08 Oppo(重庆)智能科技有限公司 WiFi mode configuration method and device and computer readable storage medium
CN114158136B (en) * 2020-08-17 2023-06-09 Oppo(重庆)智能科技有限公司 WiFi mode configuration method and device and computer-readable storage medium
CN112055358A (en) * 2020-09-10 2020-12-08 国网江苏省电力有限公司信息通信分公司 WIFI network security access method based on radio frequency fingerprint
CN112351425A (en) * 2020-10-15 2021-02-09 维沃移动通信有限公司 Access authentication method and device and electronic equipment

Also Published As

Publication number Publication date
CN107529160B (en) 2022-07-15
CN107529160A (en) 2017-12-29

Similar Documents

Publication Publication Date Title
WO2017219673A1 (en) Vowifi network access method and system, and terminal
EP3100430B1 (en) Session and service control for wireless devices using common subscriber information
JP5992554B2 (en) System and method for authenticating a second client station using first client station credentials
JP6668407B2 (en) Terminal authentication method and apparatus used in mobile communication system
US9775093B2 (en) Architecture that manages access between a mobile communications device and an IP network
JP5523632B2 (en) WiFi communication implementation method, user equipment, and wireless router
US20150327073A1 (en) Controlling Access of a User Equipment to Services
US20160242033A1 (en) Communication service using method and electronic device supporting the same
US20150245278A1 (en) Wireless access point
CN106105134A (en) Improved end-to-end data protection
CN101785343B (en) Method, system and device for fast transitioning resource negotiation
JP2008042862A (en) Wireless lan communication system, method thereof and program
EP3158827B1 (en) Method for generating a common identifier for a wireless device in at least two different types of networks
EP3213545B1 (en) Identification of a wireless device in a wireless communication environment
US20230275883A1 (en) Parameter exchange during emergency access using extensible authentication protocol messaging
CN108353269A (en) Subscriber profiles in WLAN are pre-configured
US20190200226A1 (en) Method of authenticating access to a wireless communication network and corresponding apparatus
CN108540493B (en) Authentication method, user equipment, network entity and service side server
CN110381486A (en) A kind of method, Tag label and terminal for sharing VoWiFi business by NFC
WO2016023385A1 (en) Wifi-based network sharing method, device and storage medium
WO2016065847A1 (en) Wifi offload method, device and system
JP6205391B2 (en) Access point, server, communication system, wireless communication method, connection control method, wireless communication program, and connection control program
KR20120106425A (en) Apparatus and method for connecting with wireless lan

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 17814413

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 17814413

Country of ref document: EP

Kind code of ref document: A1