CN106465096B - It accesses network and obtains method, terminal and the core net of client identification module information - Google Patents
It accesses network and obtains method, terminal and the core net of client identification module information Download PDFInfo
- Publication number
- CN106465096B CN106465096B CN201580034378.6A CN201580034378A CN106465096B CN 106465096 B CN106465096 B CN 106465096B CN 201580034378 A CN201580034378 A CN 201580034378A CN 106465096 B CN106465096 B CN 106465096B
- Authority
- CN
- China
- Prior art keywords
- terminal
- core network
- internet
- sim
- things
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W76/00—Connection management
- H04W76/10—Connection setup
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W8/00—Network data management
- H04W8/18—Processing of user or subscriber data, e.g. subscribed services, user preferences or user profiles; Transfer of user or subscriber data
- H04W8/20—Transfer of user or subscriber data
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/06—Authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W48/00—Access restriction; Network selection; Access point selection
- H04W48/08—Access restriction or access information delivery, e.g. discovery data delivery
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W48/00—Access restriction; Network selection; Access point selection
- H04W48/16—Discovering, processing access restriction or access information
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Databases & Information Systems (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
Description
技术领域technical field
本发明实施例涉及通信技术,尤其涉及接入网络和获取客户识别模块信息的方法、终端及核心网。The embodiment of the present invention relates to communication technology, and in particular to a method for accessing a network and acquiring customer identification module information, a terminal and a core network.
背景技术Background technique
随着物联网(Internet of Things,IoT)的兴起,机器到机器(Machine toMachine,M2M)终端逐渐被广泛使用。M2M终端在出厂时,需要预置客户识别模块(Subscriber Identity Module,SIM),预置的SIM对应某个运营商,当用户需要更新SIM信息时,可以远程进行更新。当预置的运营商并不是用户所需的运营商或者预置的SIM损坏时,终端无法接入网络。With the rise of the Internet of Things (Internet of Things, IoT), machine-to-machine (Machine to Machine, M2M) terminals are gradually being widely used. When the M2M terminal leaves the factory, a Subscriber Identity Module (SIM) needs to be preset, and the preset SIM corresponds to a certain operator. When a user needs to update SIM information, the update can be performed remotely. When the preset operator is not the operator required by the user or the preset SIM is damaged, the terminal cannot access the network.
发明内容Contents of the invention
有鉴于此,本发明实施例提供了一种接入网络和获取客户识别模块信息的方法、终端及核心网,以实现终端无SIM时接入网络或者获取SIM信息。In view of this, the embodiments of the present invention provide a method for accessing a network and obtaining customer identification module information, a terminal and a core network, so as to realize network access or obtain SIM information when the terminal does not have a SIM.
第一方面,提供了一种接入网络的方法,包括:终端向物联网核心网发送附着请求,所述附着请求携带所述终端的设备标识和无客户识别模块SIM接入指示,以使得物联网核心网根据所述无SIM接入指示允许所述终端附着并为所述终端分配临时标识;所述终端接收所述物联网核心网发送的附着响应,所述附着响应携带所述临时标识;所述终端向所述物联网核心网发送分组报文协议PDP上下文激活请求,所述PDP上下文激活请求携带所述临时标识,以使得所述物联网核心网接受所述PDP上下文激活请求,为所述终端分配专用网际协议IP地址;所述终端接收所述物联网核心网发送的激活成功消息,所述激活成功消息携带所述专用IP地址;所述终端接收物联网核心网发送的所述服务器地址列表。In the first aspect, a method for accessing a network is provided, including: a terminal sends an attach request to the core network of the Internet of Things, and the attach request carries the device identifier of the terminal and a SIM access indication without a customer identification module, so that the IoT The networking core network allows the terminal to attach according to the no-SIM access indication and assigns a temporary identifier to the terminal; the terminal receives an attach response sent by the Internet of Things core network, and the attach response carries the temporary identifier; The terminal sends a PDP context activation request to the Internet of Things core network, and the PDP context activation request carries the temporary identifier, so that the Internet of Things core network accepts the PDP context activation request for all The terminal is assigned a dedicated IP address; the terminal receives the activation success message sent by the core network of the Internet of Things, and the successful activation message carries the dedicated IP address; the terminal receives the server activation message sent by the core network of the Internet of Things address list.
在第一方面第一种可能的实现方式中,所述终端的设备标识是移动设备国际识别码IMEI,或者通用唯一识别码UUID,或者媒体访问控制MAC地址。In a first possible implementation manner of the first aspect, the device identifier of the terminal is an International Mobile Equipment Identity (IMEI), or a Universally Unique Identity (UUID), or a Media Access Control (MAC) address.
在第一方面第二种可能的实现方式中,所述临时标识是分组临时移动用户识别码P-TMSI,或者临时逻辑链路标识TLLI。In a second possible implementation manner of the first aspect, the temporary identifier is a packet temporary mobile subscriber identity P-TMSI, or a temporary logical link identifier TLLI.
结合第一方面或第一方面第一种或第二种可能的实现方式,在第三种可能的实现方式中,所述终端接收物联网核心网发送的所述服务器地址列表包括,所述终端通过所述附着响应或者所述激活成功消息接收所述服务器地址列表。With reference to the first aspect or the first or second possible implementation manner of the first aspect, in a third possible implementation manner, receiving the server address list sent by the Internet of Things core network by the terminal includes, the terminal The server address list is received through the attach response or the activation success message.
在第一方面第四种可能的实现方式中,所述服务器地址列表由所述物联网核心网本地配置,或者由所述物联网核心网从所述物联网核心网之外的网元获取。In a fourth possible implementation manner of the first aspect, the server address list is configured locally by the Internet of Things core network, or is obtained by the Internet of Things core network from a network element outside the Internet of Things core network.
第二方面,提供了一种获取客户识别模块SIM信息的方法,包括:终端向物联网核心网发送附着请求,所述附着请求携带所述终端的设备标识和无客户识别模块SIM接入指示,以使得物联网核心网根据所述无SIM接入指示允许所述终端附着并为所述终端分配临时标识;所述终端接收所述物联网核心网发送的附着响应,所述附着响应携带所述临时标识;所述终端向所述物联网核心网发送分组报文协议PDP上下文激活请求,所述PDP上下文激活请求携带所述临时标识,以使得所述物联网核心网接受所述PDP上下文激活请求,为所述终端分配专用网际协议IP地址;所述终端接收所述物联网核心网发送的激活成功消息,所述激活成功消息携带所述专用IP地址;所述终端从所述物联网核心网接收SIM下发服务器地址;所述终端与所述SIM下发服务器进行双向认证,建立双向安全通道;所述终端向所述SIM下发服务器发送SIM信息请求消息,所述SIM信息请求消息携带所述终端的设备标识,以使得所述SIM下发服务器对所述终端的设备标识进行有效性验证,在验证通过后为所述终端申请SIM信息;所述终端接收所述SIM下发服务器通过所述双向安全通道发送的SIM信息。In a second aspect, a method for obtaining SIM information of a customer identification module is provided, including: the terminal sends an attach request to the core network of the Internet of Things, and the attach request carries the device identifier of the terminal and an indication of SIM access without a customer identity module, so that the core network of the Internet of Things allows the terminal to attach according to the no-SIM access indication and assigns a temporary identifier to the terminal; the terminal receives an attach response sent by the core network of the Internet of Things, and the attach response carries the Temporary identification; the terminal sends a packet message protocol PDP context activation request to the Internet of Things core network, and the PDP context activation request carries the temporary identification, so that the Internet of Things core network accepts the PDP context activation request assigning a dedicated IP address to the terminal; the terminal receives an activation success message sent by the core network of the Internet of Things, and the successful activation message carries the dedicated IP address; the terminal receives the activation success message from the core network of the Internet of Things receiving the address of the SIM delivery server; the terminal performs bidirectional authentication with the SIM delivery server, and establishes a two-way security channel; the terminal sends a SIM information request message to the SIM delivery server, and the SIM information request message carries the The device identification of the terminal, so that the SIM delivery server performs validity verification on the device identification of the terminal, and applies for SIM information for the terminal after the verification is passed; the terminal receives the SIM delivery server through the The SIM information sent by the two-way secure channel.
在第二方面第一种可能的实现方式中,所述终端的设备标识是移动设备国际识别码IMEI,或者通用唯一识别码UUID,或者媒体访问控制MAC地址。In the first possible implementation manner of the second aspect, the device identifier of the terminal is an International Mobile Equipment Identity (IMEI), or a Universally Unique Identity (UUID), or a Media Access Control (MAC) address.
在第二方面第二种可能的实现方式中,所述临时标识是分组临时移动用户识别码P-TMSI,或者临时逻辑链路标识TLLI。In a second possible implementation manner of the second aspect, the temporary identifier is a packet temporary mobile subscriber identity P-TMSI, or a temporary logical link identifier TLLI.
结合第二方面或第二方面第一种或第二种可能的实现方式,在第三种可能的实现方式中,所述终端与所述SIM下发服务器进行双向认证,建立双向安全通道包括:所述终端向所述SIM下发服务器发送基于证书的认证请求,以使得所述SIM下发服务器通过第三方证书认证服务器进行认证,并在第三方证书认证服务器认证通过后,接收第三方证书认证服务器发送的认证通过确认;所述终端与所述SIM下发服务器建立安全传输层TLS安全通道或者数据报安全传输层DTLS安全通道。In combination with the second aspect or the first or second possible implementation of the second aspect, in a third possible implementation, the terminal and the SIM delivery server perform bidirectional authentication, and establishing a bidirectional secure channel includes: The terminal sends a certificate-based authentication request to the SIM delivery server, so that the SIM delivery server is authenticated by a third-party certificate authentication server, and receives the third-party certificate authentication request after the third-party certificate authentication server passes the authentication. The authentication sent by the server is confirmed; the terminal establishes a secure transport layer TLS channel or a datagram secure transport layer DTLS channel with the SIM delivery server.
第三方面,提供了一种接入网络的方法,其特征在于,所述方法包括:物联网核心网接收终端发送的附着请求,所述附着请求携带所述终端的设备标识和无客户识别模块SIM接入指示;所述物联网核心网根据所述无SIM接入指示,允许所述终端进行附着,并为所述终端分配临时标识,向所述终端返回附着响应,所述附着响应携带所述临时标识;所述物联网核心网接受所述终端的分组报文协议PDP上下文激活请求,为所述终端分配专用网际协议IP地址,所述PDP上下文激活请求携带所述临时标识;所述物联网核心网向所述终端发送激活成功消息,所述激活成功消息携带所述专用IP地址;所述物联网核心网向所述终端发送服务器地址列表。In a third aspect, a method for accessing a network is provided, wherein the method includes: the core network of the Internet of Things receives an attach request sent by a terminal, and the attach request carries the device identifier of the terminal and a clientless identification module SIM access indication; the Internet of Things core network allows the terminal to attach according to the no-SIM access indication, assigns a temporary identifier to the terminal, and returns an attach response to the terminal, the attach response carrying the The temporary identifier; the Internet of Things core network accepts the packet message protocol PDP context activation request of the terminal, and allocates a dedicated Internet Protocol IP address for the terminal, and the PDP context activation request carries the temporary identifier; the object The networking core network sends an activation success message to the terminal, and the activation success message carries the dedicated IP address; the IoT core network sends a server address list to the terminal.
在第三方面第一种可能的实现方式中,所述终端的设备标识是移动设备国际识别码IMEI,或者通用唯一识别码UUID,或者媒体访问控制MAC地址。In a first possible implementation manner of the third aspect, the device identifier of the terminal is an International Mobile Equipment Identity (IMEI), or a Universally Unique Identity (UUID), or a Media Access Control (MAC) address.
在第三方面第二种可能的实现方式中,所述临时标识是分组临时移动用户识别码P-TMSI,或者临时逻辑链路标识TLLI。In a second possible implementation manner of the third aspect, the temporary identifier is a packet temporary mobile subscriber identity P-TMSI, or a temporary logical link identifier TLLI.
结合第三方面或第三方面第一种或第二可能的实现方式,在第三种可能的实现方式中,所述物联网核心网包括第一核心网网元和第二核心网网元,所述第一核心网网元是服务GPRS支持节点SGSN,且所述第二核心网网元是网关GPRS支持节点GGSN,或者所述第一核心网网元是移动性管理实体MME,且所述第二核心网网元是分组数据网络网关SPGW。With reference to the third aspect or the first or second possible implementation of the third aspect, in a third possible implementation, the IoT core network includes a first core network element and a second core network element, The first core network element is a serving GPRS support node SGSN, and the second core network element is a gateway GPRS support node GGSN, or the first core network element is a mobility management entity MME, and the The second core network element is a packet data network gateway SPGW.
结合第三方面第三种可能的实现方式,在第四种可能的实现方式中,所述物联网核心网接受所述终端的分组报文协议PDP上下文激活请求,为所述终端分配专用网际协议IP地址包括:所述第一核心网网元接受所述PDP上下文激活请求,为所述终端分配专用接入点名称APN;所述第一核心网网元向所述第二核心网网元发送创建PDP上下文请求,所述创建PDP上下文请求携带所述临时标识和所述专用APN;所述第二核心网网元根据所述APN为所述终端分配专用IP地址,通过创建PDP上下文响应将所述专用IP地址发送给所述第一核心网网元。In combination with the third possible implementation of the third aspect, in a fourth possible implementation, the core network of the Internet of Things accepts the packet packet protocol PDP context activation request of the terminal, and assigns a dedicated Internet protocol to the terminal. The IP address includes: the first core network element accepts the PDP context activation request, and assigns a dedicated access point name APN to the terminal; the first core network element sends the Create a PDP context request, the create PDP context request carries the temporary identifier and the dedicated APN; the second core network element allocates a dedicated IP address for the terminal according to the APN, and responds to the created PDP context by creating a PDP context Send the dedicated IP address to the first core network element.
结合第三方面第四种可能的实现方式,在第五种可能的实现方式中,所述第二核心网网元针对所述IP地址对所述终端进行访问控制。With reference to the fourth possible implementation manner of the third aspect, in a fifth possible implementation manner, the network element of the second core network performs access control on the terminal based on the IP address.
结合第三方面第四种可能的实现方式,在第六种可能的实现方式中,所述物联网核心网向所述终端发送所述服务器地址列表包括,所述物联网核心网通过所述附着响应或者所述激活成功消息将所述服务器地址列表发送给所述终端。With reference to the fourth possible implementation manner of the third aspect, in a sixth possible implementation manner, sending the server address list to the terminal by the IoT core network includes that the IoT core network transmits the server address list through the attachment Sending the server address list to the terminal in response or the activation success message.
结合第三方面第六种可能的实现方式,在第七种可能的实现方式中,所述物联网核心网通过所述附着响应将所述服务器地址列表发送给所述终端包括,第一核心网网元将所述服务器地址列表通过扩展的信元发送给所述终端。With reference to the sixth possible implementation of the third aspect, in a seventh possible implementation, the Internet of Things core network sending the server address list to the terminal through the attach response includes: the first core network The network element sends the server address list to the terminal through an extended information element.
结合第三方面第六种可能的实现方式,在第八种可能的实现方式中,所述物联网核心网通过所述激活成功消息将所述服务器地址列表发送给所述终端包括,所述第二核心网网元将所述服务器列表通过所述创建PDP上下文响应中的协议配置选项PCO信元发送给所述第一核心网网元,所述第一核心网网元将所述PCO信元通过所述激活成功消息发送给所述终端。With reference to the sixth possible implementation manner of the third aspect, in an eighth possible implementation manner, sending the server address list to the terminal by the Internet of Things core network through the activation success message includes that the first The second core network element sends the server list to the first core network element through the protocol configuration option PCO information element in the create PDP context response, and the first core network element sends the PCO information element The activation success message is sent to the terminal.
结合第三方面,在第九种可能的实现方式中,所述服务器地址列表由所述物联网核心网本地配置,或者由所述物联网核心网从所述物联网核心网之外的网元获取。With reference to the third aspect, in a ninth possible implementation manner, the server address list is locally configured by the Internet of Things core network, or is configured by the Internet of Things core network from a network element outside the Internet of Things core network. Obtain.
第四方面,提供了一种终端,包括发送单元,接收单元,存储单元和处理单元,其中,所述发送单元,用于在所述处理单元的指示下向物联网核心网发送附着请求,所述附着请求携带所述终端的设备标识和无客户识别模块SIM接入指示,以使得所述物联网核心网根据所述无SIM接入指示允许所述终端附着并为所述终端分配临时标识;所述接收单元,用于接收所述物联网核心网发送的附着响应,所述附着响应携带所述临时标识;所述发送单元,还用于向所述物联网核心网发送分组报文协议PDP上下文激活请求,所述PDP上下文激活请求携带所述临时标识,以使得所述物联网核心网接受所述PDP上下文激活请求,为所述终端分配专用网际协议IP地址;所述接收单元,还用于接收所述物联网核心网发送的激活成功消息,所述激活成功消息携带所述专用IP地址;所述接收单元,还用于接收物联网核心网发送的服务器地址列表;所述存储单元,用于存储所述服务器地址列表。In a fourth aspect, a terminal is provided, including a sending unit, a receiving unit, a storage unit, and a processing unit, wherein the sending unit is configured to send an attachment request to the core network of the Internet of Things under the instruction of the processing unit, and the The attachment request carries the device identifier of the terminal and a SIM-free access indication, so that the Internet of Things core network allows the terminal to attach and assigns a temporary identifier to the terminal according to the SIM-free access indication; The receiving unit is configured to receive an attachment response sent by the Internet of Things core network, the attachment response carrying the temporary identifier; the sending unit is also configured to send a packet packet protocol PDP to the Internet of Things core network A context activation request, wherein the PDP context activation request carries the temporary identifier, so that the Internet of Things core network accepts the PDP context activation request, and assigns a dedicated Internet Protocol IP address to the terminal; the receiving unit also uses For receiving the activation success message sent by the Internet of Things core network, the activation success message carries the dedicated IP address; the receiving unit is also used to receive the server address list sent by the Internet of Things core network; the storage unit, Used to store the server address list.
结合第四方面,在第一种可能的实现方式中,所述终端的设备标识是移动设备国际识别码IMEI,或者通用唯一识别码UUID,或者媒体访问控制MAC地址。With reference to the fourth aspect, in a first possible implementation manner, the device identifier of the terminal is an International Mobile Equipment Identity (IMEI), or a Universally Unique Identity (UUID), or a Media Access Control (MAC) address.
结合第四方面,在第二种可能的实现方式中,所述临时标识是分组临时移动用户识别码P-TMSI,或者临时逻辑链路标识TLLI。With reference to the fourth aspect, in a second possible implementation manner, the temporary identifier is a packet temporary mobile subscriber identity P-TMSI, or a temporary logical link identifier TLLI.
结合第四方面,在第三种可能的实现方式中,所述接收单元接收物联网核心网发送的服务器地址列表包括,所述终端通过所述附着响应或者所述激活成功消息接收所述服务器地址列表。With reference to the fourth aspect, in a third possible implementation manner, the receiving unit receiving the server address list sent by the Internet of Things core network includes receiving the server address by the terminal through the attachment response or the activation success message list.
结合第四方面或第四方面第一至第三种任一可能的实现方式,在第四种可能的实现方式中,所述服务器地址列表包含SIM下发服务器的地址。With reference to the fourth aspect or any of the first to third possible implementation manners of the fourth aspect, in a fourth possible implementation manner, the server address list includes the address of the SIM delivery server.
结合第四方面第四种可能的实现方式,在第五种可能的实现方式中,所述处理单元,还用于与所述SIM下发服务器进行双向认证,建立双向安全通道;所述发送单元,还用于向所述SIM下发服务器发送SIM信息请求消息,所述SIM信息请求消息携带所述终端的设备标识,以使得所述SIM下发服务器对所述终端的设备标识进行有效性验证,在验证通过后为所述终端申请SIM信息;所述接收单元,还用于接收所述SIM下发服务器通过所述双向安全通道发送的所述SIM信息。With reference to the fourth possible implementation of the fourth aspect, in a fifth possible implementation, the processing unit is further configured to perform two-way authentication with the SIM delivery server and establish a two-way security channel; the sending unit is further configured to send a SIM information request message to the SIM delivery server, where the SIM information request message carries the device identifier of the terminal, so that the SIM delivery server verifies the validity of the device identifier of the terminal Applying for SIM information for the terminal after the verification is passed; the receiving unit is further configured to receive the SIM information sent by the SIM delivery server through the two-way secure channel.
结合第四方面第五种可能的实现方式,在第六种可能的实现方式中,所述处理单元与所述SIM下发服务器进行双向认证,建立双向安全通道包括:所述处理单元,用于指示所述发送单元向所述SIM下发服务器发送基于证书的认证请求,以使得所述SIM下发服务器通过第三方证书认证服务器进行认证;所述接收单元,用于在第三方证书认证服务器认证通过后,接收所述第三方证书认证服务器发送的认证通过确认;所述处理单元,用于与所述SIM下发服务器建立安全传输层TLS安全通道或者数据报安全传输层DTLS安全通道。With reference to the fifth possible implementation of the fourth aspect, in a sixth possible implementation, the processing unit performs bidirectional authentication with the SIM issuing server, and establishing a bidirectional security channel includes: the processing unit is configured to: Instructing the sending unit to send a certificate-based authentication request to the SIM issuing server, so that the SIM issuing server is authenticated by a third-party certificate authentication server; the receiving unit is configured to authenticate at the third-party certificate authentication server After passing, receiving the authentication pass confirmation sent by the third-party certificate authentication server; the processing unit is configured to establish a secure transport layer TLS secure channel or a datagram secure transport layer DTLS secure channel with the SIM delivery server.
第五方面,提供了一种物联网核心网,其特征在于,所述物联网核心网包括第一核心网网元和第二核心网网元,其中,所述第一核心网网元,用于接收终端发送的附着请求,所述附着请求携带所述终端的设备标识和无客户识别模块SIM接入指示,并根据所述无SIM接入指示,允许所述终端进行附着,并为所述终端分配临时标识,向所述终端返回附着响应,所述附着响应携带所述临时标识;所述第一核心网网元,还用于接受所述终端的分组报文协议PDP上下文激活请求,并为所述终端分配专用接入点名称APN,所述PDP上下文激活请求携带所述临时标识;所述第二核心网网元,用于接收所述第一核心网网元发送的创建PDP上下文请求,所述创建PDP上下文请求携带所述临时标识和所述专用APN,并根据所述APN为所述终端分配专用网际协议IP地址,向第一核心网网元发送创建PDP上下文响应,所述创建PDP上下文响应携带所述专用IP地址;所述第一核心网网元,还用于向所述终端发送激活成功消息,所述激活成功消息携带所述专用IP地址;所述第一核心网网元,还用于向所述终端发送服务器地址列表。In a fifth aspect, an Internet of Things core network is provided, wherein the Internet of Things core network includes a first core network element and a second core network element, wherein the first core network element is used receiving the attach request sent by the terminal, the attach request carrying the device identifier of the terminal and the SIM-less access indication, and according to the SIM-less access indication, allowing the terminal to attach, and providing the The terminal allocates a temporary identifier, and returns an attach response to the terminal, where the attach response carries the temporary identifier; the first core network element is further configured to accept a packet packet protocol PDP context activation request of the terminal, and Assigning a dedicated access point name APN to the terminal, the PDP context activation request carrying the temporary identifier; the second core network element is configured to receive the creation PDP context request sent by the first core network element , the request to create a PDP context carries the temporary identifier and the dedicated APN, and assigns a dedicated Internet Protocol IP address to the terminal according to the APN, and sends a create PDP context response to a network element of the first core network, and the create The PDP context response carries the dedicated IP address; the first core network element is further configured to send an activation success message to the terminal, and the activation success message carries the dedicated IP address; the first core network element, and is also used to send the server address list to the terminal.
在第五方面第一种可能的实现方式中,所述终端的设备标识是移动设备国际识别码IMEI,或者通用唯一识别码UUID,或者媒体访问控制MAC地址。In a first possible implementation manner of the fifth aspect, the device identifier of the terminal is an International Mobile Equipment Identity (IMEI), or a Universally Unique Identity (UUID), or a Media Access Control (MAC) address.
在第五方面第二种可能的实现方式中,所述临时标识是分组临时移动用户识别码P-TMSI,或者临时逻辑链路标识TLLI。In a second possible implementation manner of the fifth aspect, the temporary identifier is a packet temporary mobile subscriber identity P-TMSI, or a temporary logical link identifier TLLI.
在第五方面第三种可能的实现方式中,所述第二核心网网元还用于根据上述专用IP地址对所述终端进行访问控制。In a third possible implementation manner of the fifth aspect, the network element of the second core network is further configured to perform access control on the terminal according to the foregoing dedicated IP address.
结合第五方面或第五方面第一至第三种可能的实现方式,在第四种可能的实现方式中,所述所述第一核心网网元向所述终端发送服务器地址列表包括,所述第一核心网网元用于通过所述附着响应或者所述激活成功消息将所述服务器地址列表发送给所述终端。With reference to the fifth aspect or the first to third possible implementation manners of the fifth aspect, in a fourth possible implementation manner, the sending of the server address list by the first core network element to the terminal includes: The first core network element is configured to send the server address list to the terminal through the attach response or the activation success message.
结合第五方面第四种可能的实现方式,在第五种可能的实现方式中,所述第一核心网网元通过所述附着响应将所述服务器地址列表发送给所述终端包括,所述第一核心网网元用于将所述服务器地址列表通过所述附着响应中的扩展信元发送给所述终端。With reference to the fourth possible implementation manner of the fifth aspect, in a fifth possible implementation manner, sending the server address list to the terminal by the first core network element through the attach response includes, the The first core network element is configured to send the server address list to the terminal through an extended information element in the attach response.
结合第五方面第四种可能的实现方式,在第六种可能的实现方式中,所述第一核心网网元通过所述激活成功消息将所述服务器地址列表发送给所述终端包括:所述第一核心网网元用于接收第二核心网网元发送的创建PDP上下文响应,所述创建PDP上下文响应中的协议配置选项PCO信元携带所述服务器地址列表;所述第一核心网网元用于将所述PCO信元通过所述激活成功消息发送给所述终端。With reference to the fourth possible implementation manner of the fifth aspect, in a sixth possible implementation manner, sending the server address list to the terminal by the network element of the first core network through the activation success message includes: The first core network element is used to receive the creation PDP context response sent by the second core network element, and the protocol configuration option PCO information element in the creation PDP context response carries the server address list; the first core network The network element is configured to send the PCO information element to the terminal through the activation success message.
结合第五方面或第五方面第一至第六种可能的实现方式,在第七种可能的实现方式中,所述第一核心网网元是服务GPRS支持节点SGSN,且所述第二核心网网元是网关GPRS支持节点GGSN,或者所述第一核心网网元是移动性管理实体MME,且所述第二核心网网元是分组数据网络网关SPGW。With reference to the fifth aspect or the first to sixth possible implementations of the fifth aspect, in a seventh possible implementation, the first core network element is a serving GPRS support node SGSN, and the second core The network element is a gateway GPRS support node GGSN, or the first core network element is a mobility management entity MME, and the second core network element is a packet data network gateway SPGW.
在第五方面第八种可能的实现方式中,所述服务器地址列表由所述第一核心网网元或者所述第二核心网网元本地配置,或者从所述物联网核心网之外的网元获取。In an eighth possible implementation manner of the fifth aspect, the server address list is locally configured by the network element of the first core network or the network element of the second core network, or is configured from a network element outside the core network of the Internet of Things. NE acquisition.
通过上述方案,终端在无SIM或者SIM损坏情况下,利用设备标识和无SIM接入指示可以完成附着和激活PDP上下文流程,从而接入网络进行业务或者进一步获取SIM信息。Through the above solution, when the terminal has no SIM or the SIM is damaged, it can complete the process of attaching and activating the PDP context by using the device identification and the no-SIM access indication, so as to access the network to perform services or further obtain SIM information.
附图说明Description of drawings
图1a为本发明实施例提供的一种终端接入网络的方法流程图;FIG. 1a is a flowchart of a method for a terminal to access a network provided by an embodiment of the present invention;
图1b为本发明实施例提供的一种SIM信息发放方法流程图;Fig. 1b is a flowchart of a method for issuing SIM information provided by an embodiment of the present invention;
图2为本发明实施例提供的一种终端接入网络的方法流程图;FIG. 2 is a flowchart of a method for a terminal to access a network according to an embodiment of the present invention;
图3为本发明实施例提供的SIM信息发放方法的部分步骤流程图;FIG. 3 is a flow chart of some steps of the method for issuing SIM information provided by an embodiment of the present invention;
图4为本发明实施例提供的一种终端结构框图;FIG. 4 is a structural block diagram of a terminal provided by an embodiment of the present invention;
图5为本发明实施例提供的一种物联网核心网结构框图。FIG. 5 is a structural block diagram of an IoT core network provided by an embodiment of the present invention.
具体实施方式Detailed ways
图1a为本发明实施例提供的一种终端接入网络的方法流程图。该方法主要包括以下步骤:Fig. 1a is a flowchart of a method for a terminal to access a network provided by an embodiment of the present invention. The method mainly includes the following steps:
101、终端向物联网核心网(IoT core)发送附着请求,该附着请求携带终端的设备标识和无SIM接入指示。101. The terminal sends an attach request to an Internet of Things core network (IoT core), where the attach request carries a device identifier of the terminal and an indication of no-SIM access.
终端的设备标识可以是移动设备国际识别码(International Mobile EquipmentIdentity,IMEI),通用唯一识别码(Universally Unique Identifier,UUID),媒体访问控制(Media Access Control,MAC)地址等。The device identifier of the terminal may be an International Mobile Equipment Identity (IMEI), a Universally Unique Identifier (UUID), a Media Access Control (MAC) address, and the like.
102、物联网核心网根据无SIM接入指示,允许终端进行附着,并为终端分配临时标识。102. The core network of the Internet of Things allows the terminal to attach according to the no-SIM access indication, and assigns a temporary identifier to the terminal.
103、物联网核心网向终端返回附着响应,附着响应携带上述临时标识。103. The IoT core network returns an attach response to the terminal, and the attach response carries the temporary identifier.
终端的临时标识可以是分组临时移动用户识别码(Packet Temperate MobileSubs cription Identity,P-TMSI)、临时逻辑链路标识(Temporary Logical LinkIdentifier,TLLI)。The temporary identifier of the terminal may be a packet temporary mobile subscriber identity (Packet Temperate Mobile Subscriber Identity, P-TMSI) or a temporary logical link identifier (Temporary Logical LinkIdentifier, TLLI).
104、终端向物联网核心网发送分组报文协议上下文(Packet Data Protocolcontext,PDP context)激活请求,分组报文协议上下文激活请求携带上述临时标识。104. The terminal sends a packet data protocol context (PDP context, PDP context) activation request to the Internet of Things core network, and the packet data protocol context activation request carries the temporary identifier.
105、物联网核心网接受分组报文协议上下文激活请求,为终端分配专用网际协议(Internet Protocol,IP)地址。105. The Internet of Things core network accepts the packet message protocol context activation request, and assigns a dedicated Internet Protocol (Internet Protocol, IP) address to the terminal.
106、物联网核心网向终端发送激活成功消息,激活成功消息携带上述专用IP地址。106. The Internet of Things core network sends an activation success message to the terminal, and the activation success message carries the above-mentioned dedicated IP address.
107、物理网核心网向终端发送服务器地址列表。107. The physical network core network sends the server address list to the terminal.
需要说明的是,本发明实施例中,步骤107与其它步骤无严格先后关系,物理网核心网向终端发送服务器列表,可以通过附着响应发送,或者通过激活成功消息发送。It should be noted that, in the embodiment of the present invention, step 107 has no strict sequence relationship with other steps, and the physical network core network sends the server list to the terminal, which can be sent through an attach response or an activation success message.
服务器地址列表可以由物联网核心网本地配置,或者从其它网元获取。The server address list can be configured locally by the IoT core network, or obtained from other network elements.
本发明实施例中,终端将上述服务器地址列表存储到本地后可以进行访问。物联网核心网可以针对上述IP地址对终端进行访问控制。In the embodiment of the present invention, the terminal can access the above server address list after storing it locally. The core network of the Internet of Things can perform access control on the terminal according to the above IP address.
本发明实施例中,终端在发送附着请求之前,需要发起随机接入,与接入网建立连接。In the embodiment of the present invention, before sending an attach request, the terminal needs to initiate random access to establish a connection with the access network.
本发明实施例中,终端可以是移动台(Mobile Station,MS)、用户设备(UserEquipment,UE)、用户台(Subscriber Station,SS)等设备。In the embodiment of the present invention, the terminal may be a mobile station (Mobile Station, MS), a user equipment (User Equipment, UE), a subscriber station (Subscriber Station, SS) and other equipment.
本发明实施例中,终端在无SIM或者SIM损坏情况下,终端利用设备标识和无SIM接入指示可以完成附着和激活PDP上下文流程,从而接入网络进行业务。In the embodiment of the present invention, when the terminal has no SIM or the SIM is damaged, the terminal can use the device identification and the no-SIM access indication to complete the process of attaching and activating the PDP context, thereby accessing the network to perform services.
上述实例中,在终端接入网络后,进一步的,服务器地址列表中可以包含SIM下发服务器(SIM Distribution Server)地址,终端可以通过该服务器获取新的SIM信息。图1b为终端接入网络后获取SIM信息的方法流程图,该方法包括:In the above example, after the terminal accesses the network, further, the server address list may include the address of a SIM distribution server (SIM Distribution Server), through which the terminal may obtain new SIM information. Figure 1b is a flowchart of a method for obtaining SIM information after a terminal accesses the network, the method including:
108、终端与SIM下发服务器进行双向认证,建立双向安全通道。108. The terminal performs two-way authentication with the SIM delivery server, and establishes a two-way security channel.
109、终端向SIM下发服务器发送SIM信息请求消息,SIM信息请求消息携带终端的设备标识。109. The terminal sends a SIM information request message to the SIM delivery server, where the SIM information request message carries the device identifier of the terminal.
110、SIM下发服务器对上述设备标识进行有效性验证,验证通过后,为终端申请SIM信息。110. The SIM issuing server verifies the validity of the above-mentioned device identification, and applies for SIM information for the terminal after the verification is passed.
111、SIM下发服务器将SIM信息通过上述双向安全通道发送给终端。111. The SIM delivery server sends the SIM information to the terminal through the above-mentioned two-way secure channel.
步骤110中,可以根据合作关系,从终端生产厂商或M2M应用提供商处获取终端的有效设备标识数据库,该数据库可以存放在SIM下发服务器或者可供SIM下发服务器查阅的其他服务器(例如设备管理服务器)。当SIM下发服务器通过上述数据库确认终端属于合作方时,则为该终端申请SIM。In step 110, according to the cooperative relationship, the effective device identification database of the terminal can be obtained from the terminal manufacturer or the M2M application provider, and the database can be stored in the SIM delivery server or other servers (such as device management server). When the SIM delivery server confirms that the terminal belongs to the partner through the above database, it applies for a SIM for the terminal.
SIM下发服务器为终端申请SIM可以包括:SIM下发服务器向SIM管理平台发送SIM请求;SIM管理平台为终端分配SIM,并将SIM信息发送给SIM下发服务器。The SIM delivery server applying for a SIM for the terminal may include: the SIM delivery server sends a SIM request to the SIM management platform; the SIM management platform allocates a SIM for the terminal, and sends the SIM information to the SIM delivery server.
本发明实施例中,SIM信息可以包括国际移动用户识别码(International MobileSubscriber Identity,IMSI)、Ki密钥等。In the embodiment of the present invention, the SIM information may include an International Mobile Subscriber Identity (IMSI), a Ki key, and the like.
本发明实施例中,终端在无SIM的情况下,采用无SIM接入方式接入到蜂窝网络与SIM下发服务器建立连接,利用设备标识从SIM下发服务器远程获取SIM信息如IMSI及Ki密钥等,然后通过标准的网络接入流程即可接入网络,进行后续的业务。在终端SIM损坏或无SIM时,不需要人工更换SIM卡即可更新SIM信息,提高了终端SIM信息更新效率,降低了终端的维护成本。In the embodiment of the present invention, when there is no SIM, the terminal uses the SIM-free access method to access the cellular network to establish a connection with the SIM delivery server, and uses the device identifier to remotely obtain SIM information such as IMSI and Ki password from the SIM delivery server. Keys, etc., and then through the standard network access process, you can access the network and perform subsequent services. When the terminal SIM is damaged or there is no SIM, the SIM information can be updated without manual replacement of the SIM card, which improves the efficiency of updating the terminal SIM information and reduces the maintenance cost of the terminal.
本发明实施例中,物联网核心网IoT core具体可以包括服务GPRS支持节点(Serving GPRS Support Node,SGSN)、网关GPRS支持节点(Gateway GPRS Support Node,GGSN),或者包括移动性管理实体(Mobility Management Entity,MME)、服务和分组数据网络网关(Serving Gateway/PDN Gateway,SPGW)。但本发明实施例并不限于上述两种方式,只要能实现上述网元类似功能的网元都在本发明的保护范围内。In the embodiment of the present invention, the Internet of Things core network IoT core may specifically include a Serving GPRS Support Node (SGSN), a Gateway GPRS Support Node (Gateway GPRS Support Node, GGSN), or a Mobility Management Entity (Mobility Management Entity, MME), serving and packet data network gateway (Serving Gateway/PDN Gateway, SPGW). However, the embodiment of the present invention is not limited to the above two methods, as long as the network elements that can realize the similar functions of the above network elements are within the protection scope of the present invention.
下面对上述终端接入网络的实施例做更详细的描述,下文以第一核心网网元指代SGSN、MME或者类似功能实体,以第二核心网网元指代GGSN、SPGW或者类似功能实体。The following is a more detailed description of the above-mentioned embodiment of the terminal accessing the network. In the following, the first core network element refers to SGSN, MME or similar functional entities, and the second core network element refers to GGSN, SPGW or similar functions. entity.
图2为本发明实施例提供的一种接入网络的详细流程。FIG. 2 is a detailed flow of accessing a network provided by an embodiment of the present invention.
201、终端向第一核心网网元发送附着请求,该附着请求携带终端的设备标识和无SIM接入指示。201. The terminal sends an attach request to a network element of the first core network, where the attach request carries a device identifier of the terminal and a no-SIM access indication.
202、(可选)第一核心网网元对上述设备标识进行有效性验证。202. (Optional) The network element of the first core network performs validity verification on the foregoing device identification.
第一核心网网元对设备标识(例如IMEI)进行验证时,可以通过设备管理服务器进行验证,设备管理服务器中存储有有效的设备标识数据库。When the network element of the first core network verifies the device identifier (for example, IMEI), it may verify through the device management server, and the device management server stores a valid device identifier database.
203、第一核心网网元根据无SIM接入指示,允许终端进行附着,并为终端分配临时标识。203. The network element of the first core network allows the terminal to attach according to the no-SIM access indication, and allocates a temporary identifier to the terminal.
第一核心网网元可以将临时标识作为移动性管理(Mobility Manager,MM)上下文标识。The network element of the first core network may use the temporary identifier as a mobility management (Mobility Manager, MM) context identifier.
204、第一核心网网元向终端返回附着响应,附着响应携带上述临时标识。204. The network element of the first core network returns an attach response to the terminal, where the attach response carries the temporary identifier.
205、终端向第一核心网网元发送附着完成消息。205. The terminal sends an attach complete message to a network element of the first core network.
针对步骤203-205,若第一核心网网元不允许终端附着,则终端重新选择其他网络尝试接入。For steps 203-205, if the network element of the first core network does not allow the terminal to attach, the terminal reselects another network to try to access.
206、终端向第一核心网网元发送PDP上下文激活请求,该PDP上下文激活请求携带终端的临时标识。206. The terminal sends a PDP context activation request to the network element of the first core network, where the PDP context activation request carries the temporary identifier of the terminal.
207、第一核心网网元接受PDP上下文激活请求,为终端分配专用接入点名称(Access Point Name,APN)。207. The network element of the first core network accepts the PDP context activation request, and allocates a dedicated access point name (Access Point Name, APN) to the terminal.
208、第一核心网网元向第二核心网网元发送创建PDP上下文请求,该创建PDP上下文请求携带上述临时标识和上述专用APN。208. The first core network element sends a PDP context creation request to the second core network element, where the PDP context creation request carries the temporary identifier and the dedicated APN.
第一核心网网元可以将临时标识作为PDP上下文标识。The network element of the first core network may use the temporary identifier as the PDP context identifier.
209、第二核心网网元根据上述APN为终端分配专用IP地址。209. The network element of the second core network allocates a dedicated IP address for the terminal according to the foregoing APN.
第二核心网网元可以在特殊的IP地址网段(需配置)中为终端分配IP地址。The network element of the second core network can assign an IP address to the terminal in a special IP address network segment (need to be configured).
210、第二核心网网元向第一核心网网元发送创建PDP上下文响应,该创建PDP上下文响应携带上述专用IP地址。210. The second core network element sends a PDP context creation response to the first core network element, where the PDP context creation response carries the dedicated IP address.
211、第一核心网网元向终端发送激活成功消息,激活成功消息携带上述专用IP地址。211. The network element of the first core network sends an activation success message to the terminal, where the activation success message carries the dedicated IP address.
212、终端从物联网核心网接收服务器地址列表并存储到本地。212. The terminal receives the server address list from the Internet of Things core network and stores it locally.
终端从物联网核心网接收服务器列表可以通过附着响应或者激活成功消息获取。通过附着响应获取时,第一核心网网元将服务器地址列表通过扩展的信元发送给终端;通过激活成功消息获取时,第二核心网网元将服务器地址列表通过创建PDP上下文响应中的协议配置选项(Protocol Configuration Option,PCO)信元发送给第一核心网网元,第一核心网网元将上述PCO信元通过激活成功消息发送给终端。The server list received by the terminal from the IoT core network can be obtained through an attach response or an activation success message. When obtained through the attach response, the first core network element sends the server address list to the terminal through the extended information element; when obtained through the activation success message, the second core network element sends the server address list through the protocol in the create PDP context response The configuration option (Protocol Configuration Option, PCO) information element is sent to the first core network element, and the first core network element sends the PCO information element to the terminal through an activation success message.
此时,虽然PDP上下文已激活,但是第二核心网网元(例如GGSN或者SPGW)会根据APN和IP地址使终端仅能访问指定的目的地址。At this time, although the PDP context has been activated, the second core network element (such as GGSN or SPGW) will enable the terminal to only access the designated destination address according to the APN and IP address.
上述实施例中的步骤108终端与上述SIM下发服务器建立双向安全通道,可以包括:Step 108 in the above-mentioned embodiment establishes a two-way secure channel between the terminal and the above-mentioned SIM issuing server, which may include:
301、终端向SIM下发服务器发送基于证书的认证请求。301. The terminal sends a certificate-based authentication request to the SIM delivery server.
302、SIM下发服务器通过第三方证书认证服务器进行认证。302. The SIM delivery server performs authentication through a third-party certificate authentication server.
303、第三方证书认证服务器认证通过后,向SIM下发服务器发送认证通过确认。303. After passing the authentication, the third-party certificate authentication server sends an authentication pass confirmation to the SIM delivery server.
304、终端与SIM下发服务器建立安全传输层(Transport Layer Security,TLS)安全通道或者数据报安全传输层(Datagram Transport Layer Security,DTLS)安全通道。304. The terminal establishes a transport layer security (Transport Layer Security, TLS) security channel or a datagram transport layer security (Datagram Transport Layer Security, DTLS) security channel with the SIM delivery server.
本发明实施例中,终端发起基于证书的安全认证过程,终端和SIM下发服务器通过第三方证书认证服务器完成双向认证过程,之后建立起TLS/DTLS安全通道。后续对终端下发具有高度安全性要求的信息(例如IMSI,Ki密钥等),可以通过该安全通道来实现。SIM的请求和下发,均可以通过该安全通道实现。In the embodiment of the present invention, the terminal initiates a certificate-based security authentication process, the terminal and the SIM delivery server complete the two-way authentication process through a third-party certificate authentication server, and then establish a TLS/DTLS security channel. Subsequent delivery of information with high security requirements (such as IMSI, Ki key, etc.) to the terminal can be realized through this secure channel. Both the request and delivery of the SIM can be realized through this secure channel.
本发明实施例进一步给出实现上述方法实施例中各步骤及方法的装置实施例。Embodiments of the present invention further provide device embodiments for implementing the steps and methods in the above method embodiments.
本发明实施例给出了一种终端,如图4所示,该终端包括:发送单元401,接收单元402,存储单元403,处理单元404。An embodiment of the present invention provides a terminal. As shown in FIG. 4 , the terminal includes: a sending unit 401 , a receiving unit 402 , a storage unit 403 , and a processing unit 404 .
发送单元401,用于在处理单元404的指示下向物联网核心网发送附着请求,附着请求携带终端的设备标识和无SIM接入指示,以使得物联网核心网根据无SIM接入指示允许终端附着并为终端分配临时标识;The sending unit 401 is configured to send an attach request to the core network of the Internet of Things under the instruction of the processing unit 404, where the attach request carries the device identifier of the terminal and the no-SIM access indication, so that the Internet of Things core network allows the terminal according to the no-SIM access indication Attach and assign a temporary identity to the terminal;
接收单元402,用于接收物联网核心网发送的附着响应,附着响应携带临时标识;The receiving unit 402 is configured to receive an attach response sent by the core network of the Internet of Things, where the attach response carries a temporary identifier;
发送单元401,还用于向物联网核心网发送分组报文协议PDP上下文激活请求,PDP上下文激活请求携带临时标识,以使得物联网核心网接受PDP上下文激活请求,为终端分配专用网际协议IP地址;The sending unit 401 is also used to send a packet message protocol PDP context activation request to the Internet of Things core network, and the PDP context activation request carries a temporary identifier, so that the Internet of Things core network accepts the PDP context activation request and assigns a dedicated Internet Protocol IP address to the terminal ;
接收单元402,还用于接收物联网核心网发送的激活成功消息,激活成功消息携带专用IP地址;The receiving unit 402 is also used to receive an activation success message sent by the core network of the Internet of Things, where the activation success message carries a dedicated IP address;
接收单元402,还用于接收物理网核心网发送的服务器地址列表;The receiving unit 402 is also configured to receive the server address list sent by the physical network core network;
存储单元403,用于存储服务器地址列表。The storage unit 403 is configured to store the server address list.
可选的,接收单元402接收物联网核心网发送的服务器地址列表,可以通过附着响应或者激活成功消息接收。Optionally, the receiving unit 402 receives the server address list sent by the Internet of Things core network, which may be received through an attach response or an activation success message.
本发明实施例中,终端将上述服务器地址列表存储到本地后可以访问相应的服务器。物联网核心网可以针对上述IP地址对终端进行访问控制。In the embodiment of the present invention, the terminal can access the corresponding server after storing the server address list locally. The core network of the Internet of Things can perform access control on the terminal according to the above IP address.
本发明实施例中,终端在无SIM或者SIM损坏情况下,终端利用设备标识和无SIM接入指示可以完成附着和激活PDP上下文流程,从而接入网络进行业务。In the embodiment of the present invention, when the terminal has no SIM or the SIM is damaged, the terminal can use the device identification and the no-SIM access indication to complete the process of attaching and activating the PDP context, thereby accessing the network to perform services.
上述实例中,在终端接入网络后,进一步的,服务器地址列表中可以包含SIM下发服务器(SIM Distribution Server)地址,终端可以通过该服务器获取新的SIM信息,具体如下:In the above example, after the terminal accesses the network, further, the server address list may include a SIM distribution server (SIM Distribution Server) address, and the terminal may obtain new SIM information through the server, as follows:
处理单元403,还用于与SIM下发服务器进行双向认证,建立双向安全通道;The processing unit 403 is also configured to perform two-way authentication with the SIM issuing server and establish a two-way security channel;
发送单元401,还用于向SIM下发服务器发送SIM信息请求消息,SIM信息请求消息携带终端的设备标识,以使得SIM下发服务器对终端的设备标识进行有效性验证,在验证通过后为终端申请SIM信息;The sending unit 401 is also configured to send a SIM information request message to the SIM delivery server, where the SIM information request message carries the device identifier of the terminal, so that the SIM delivery server verifies the validity of the device identifier of the terminal, and after the verification is passed, the terminal Apply for SIM information;
接收单元402,还用于接收SIM下发服务器通过双向安全通道发送的SIM信息。The receiving unit 402 is also configured to receive the SIM information sent by the SIM delivery server through the two-way secure channel.
本发明实施例中,处理单元与SIM下发服务器进行双向认证,建立双向安全通道包括:In the embodiment of the present invention, the processing unit performs bidirectional authentication with the SIM delivery server, and establishing a bidirectional security channel includes:
处理单元404,用于指示发送单元401向SIM下发服务器发送基于证书的认证请求,以使得SIM下发服务器通过第三方证书认证服务器进行认证;The processing unit 404 is configured to instruct the sending unit 401 to send a certificate-based authentication request to the SIM delivery server, so that the SIM delivery server is authenticated by a third-party certificate authentication server;
接收单元402,用于在第三方证书认证服务器认证通过后,接收第三方证书认证服务器发送的认证通过确认;The receiving unit 402 is configured to receive the authentication pass confirmation sent by the third-party certificate authentication server after the third-party certificate authentication server passes the authentication;
处理单元404,用于与SIM下发服务器建立安全传输层TLS安全通道或者数据报安全传输层DTLS安全通道。The processing unit 404 is configured to establish a secure transport layer TLS channel or a datagram secure transport layer DTLS channel with the SIM delivery server.
本发明实施例中,终端在无SIM的情况下,采用无SIM接入方式接入到蜂窝网络与SIM下发服务器建立连接,利用设备标识从SIM下发服务器远程获取SIM信息如IMSI及Ki密钥等,然后通过标准的网络接入流程即可接入网络,进行后续的业务。在终端SIM损坏或无SIM时,不需要人工更换SIM卡即可更新SIM信息,提高了终端SIM信息更新效率,降低了终端的维护成本。In the embodiment of the present invention, when there is no SIM, the terminal uses the SIM-free access method to access the cellular network to establish a connection with the SIM delivery server, and uses the device identifier to remotely obtain SIM information such as IMSI and Ki password from the SIM delivery server. Keys, etc., and then through the standard network access process, you can access the network and perform subsequent services. When the terminal SIM is damaged or there is no SIM, the SIM information can be updated without manual replacement of the SIM card, which improves the efficiency of updating the terminal SIM information and reduces the maintenance cost of the terminal.
需要说明的是,上述实施例中,发送单元可以是发送器,接收单元可以是接收器,处理单元可以是处理器,存储单元可以是可以是计算机能够存取的任何可用介质。It should be noted that, in the above embodiments, the sending unit may be a transmitter, the receiving unit may be a receiver, the processing unit may be a processor, and the storage unit may be any available medium that can be accessed by a computer.
本发明实施例提供了一种物联网核心网,如图5所示,物联网核心网包括第一核心网网元501和第二核心网网元502。An embodiment of the present invention provides an Internet of Things core network. As shown in FIG. 5 , the Internet of Things core network includes a first core network element 501 and a second core network element 502 .
第一核心网网元501,用于接收终端发送的附着请求,附着请求携带终端的设备标识和无客户识别模块SIM接入指示,并根据无SIM接入指示,允许终端进行附着,并为终端分配临时标识,向终端返回附着响应,附着响应携带临时标识;The first core network element 501 is configured to receive the attach request sent by the terminal, the attach request carries the device identifier of the terminal and the no-SIM access indication, and allows the terminal to attach according to the no-SIM access indication, and provides the terminal with Allocate a temporary identifier, return an attach response to the terminal, and the attach response carries the temporary identifier;
第一核心网网元501,还用于接受终端的分组报文协议PDP上下文激活请求,并为终端分配专用接入点名称APN,PDP上下文激活请求携带临时标识,The first core network element 501 is also used for accepting the packet message protocol PDP context activation request of the terminal, and assigning a dedicated access point name APN to the terminal, where the PDP context activation request carries a temporary identifier,
第二核心网网元502,用于接收第一核心网网元501发送的创建PDP上下文请求,创建PDP上下文请求携带临时标识和专用APN,并根据APN为终端分配专用IP地址,向第一核心网网元501发送创建PDP上下文响应,该创建PDP上下文响应携带上述专用IP地址;The second core network element 502 is configured to receive the request for creating a PDP context sent by the first core network element 501. The request for creating a PDP context carries a temporary identifier and a dedicated APN, and allocates a dedicated IP address for the terminal according to the APN, and sends the request to the first core network. The network element 501 sends a response to create a PDP context, and the response to create a PDP context carries the above-mentioned dedicated IP address;
第一核心网网元501,还用于向终端发送激活成功消息,激活成功消息携带上述专用IP地址;The first core network element 501 is further configured to send an activation success message to the terminal, where the activation success message carries the above-mentioned dedicated IP address;
第一核心网网元501,还用于向终端发送服务器地址列表。The first core network element 501 is further configured to send the server address list to the terminal.
可选的,第一核心网网元501向终端发送服务器地址列表可以通过附着响应或者激活成功消息将服务器地址列表发送。通过附着响应发送时,第一核心网网元将服务器地址列表通过附着响应中的扩展信元发送给终端;通过激活成功消息发送时,第一核心网网元接收第二核心网网元发送的创建PDP上下文响应,创建PDP上下文响应中的协议配置选项PCO信元携带服务器地址列表,第一核心网网元将上述PCO信元通过激活成功消息发送给终端。Optionally, the first core network element 501 may send the server address list to the terminal through an attach response or an activation success message. When sending through the attach response, the first core network element sends the server address list to the terminal through the extension information element in the attach response; when sending through the activation success message, the first core network element receives the server address list sent by the second core network element Create a PDP context response, create a protocol configuration option PCO information element in the PDP context response to carry a server address list, and the first core network element sends the PCO information element to the terminal through an activation success message.
服务器地址列表可以在第一核心网网元或者第二核心网网元本地配置,或者从物联网核心网之外的网元获取。The server address list can be locally configured in the network element of the first core network or the network element of the second core network, or obtained from a network element outside the IoT core network.
本发明实施例中,第一核心网网元可以是SGSN、MME或者类似功能实体,第二核心网网元可以是GGSN、SPGW或者类似功能实体。第一核心网网元和第二核心网网元可以是虚拟功能实体或者物理实体。In the embodiment of the present invention, the first core network element may be a SGSN, MME or a similar functional entity, and the second core network element may be a GGSN, an SPGW or a similar functional entity. The first core network element and the second core network element may be virtual functional entities or physical entities.
可选的,第一核心网网元501,还可以用于在接收终端发送的附着请求后,对终端的设备标识进行有效性验证。Optionally, the first core network element 501 may also be configured to verify the validity of the device identifier of the terminal after receiving the attach request sent by the terminal.
第一核心网网元对设备标识(例如IMEI)进行验证时,可以通过设备管理服务器进行验证,设备管理服务器中存储有有效的设备标识数据库。When the network element of the first core network verifies the device identifier (for example, IMEI), it may verify through the device management server, and the device management server stores a valid device identifier database.
PDP上下文激活后,第二核心网网元(例如GGSN或者SPGW)可以用于根据上述专用IP地址对终端进行访问控制。After the PDP context is activated, the second core network element (such as GGSN or SPGW) can be used to perform access control on the terminal according to the above-mentioned dedicated IP address.
本发明实施例中,终端在无SIM或者SIM损坏情况下,物联网核心网允许终端完成附着和激活PDP上下文流程,从而接入网络进行业务。In the embodiment of the present invention, when the terminal has no SIM or the SIM is damaged, the core network of the Internet of Things allows the terminal to complete the process of attaching and activating the PDP context, thereby accessing the network to perform services.
通过以上的实施方式的描述,所属领域的技术人员可以清楚地了解到本发明可以用硬件实现,或固件实现,或它们的组合方式来实现。当使用软件实现时,可以将上述功能存储在计算机可读介质中或作为计算机可读介质上的一个或多个指令或代码进行传输。计算机可读介质包括计算机存储介质和通信介质,其中通信介质包括便于从一个地方向另一个地方传送计算机程序的任何介质。存储介质可以是计算机能够存取的任何可用介质。以此为例但不限于:计算机可读介质可以包括RAM、ROM、EEPROM、CD-ROM或其他光盘存储、磁盘存储介质或者其他磁存储设备、或者能够用于携带或存储具有指令或数据结构形式的期望的程序代码并能够由计算机存取的任何其他介质。此外。任何连接可以适当的成为计算机可读介质。例如,如果软件是使用同轴电缆、光纤光缆、双绞线、数字用户线(DSL)或者诸如红外线、无线电和微波之类的无线技术从网站、服务器或者其他远程源传输的,那么同轴电缆、光纤光缆、双绞线、DSL或者诸如红外线、无线和微波之类的无线技术包括在所属介质的定影中。如本发明所使用的,盘(Disk)和碟(disc)包括压缩光碟(CD)、激光碟、光碟、数字通用光碟(DVD)、软盘和蓝光光碟,其中盘通常磁性的复制数据,而碟则用激光来光学的复制数据。上面的组合也应当包括在计算机可读介质的保护范围之内。Through the above description of the implementation manners, those skilled in the art can clearly understand that the present invention can be implemented by hardware, firmware, or a combination thereof. When implemented in software, the functions described above may be stored on or transmitted over as one or more instructions or code on a computer-readable medium. Computer-readable media includes both computer storage media and communication media including any medium that facilitates transfer of a computer program from one place to another. A storage media may be any available media that can be accessed by a computer. By way of example but not limitation: computer-readable media may include RAM, ROM, EEPROM, CD-ROM or other optical disk storage, magnetic disk storage media or other magnetic storage devices, or may be used to carry or store information in the form of instructions or data structures desired program code and any other medium that can be accessed by a computer. also. Any connection can suitably be a computer-readable medium. For example, if the software is transmitted from a website, server, or other remote source using coaxial cable, fiber optic cable, twisted pair, digital subscriber line (DSL), or wireless technologies such as infrared, radio, and microwave, then the coaxial cable , fiber optic cable, twisted pair, DSL, or wireless technologies such as infrared, wireless, and microwave are included in the fixation of the respective media. As used herein, disk and disc include compact disc (CD), laser disc, optical disc, digital versatile disc (DVD), floppy disc, and Blu-ray disc, where discs usually reproduce data magnetically, and discs Lasers are used to optically reproduce the data. Combinations of the above should also be included within the scope of computer-readable media.
总之,以上所述仅为本发明技术方案的较佳实施例而已,并非用于限定本发明的保护范围。凡在本发明的精神和原则之内,所作的任何修改、等同替换、改进等,均应包含在本发明的保护范围之内。In a word, the above descriptions are only preferred embodiments of the technical solutions of the present invention, and are not intended to limit the protection scope of the present invention. Any modifications, equivalent replacements, improvements, etc. made within the spirit and principles of the present invention shall be included within the protection scope of the present invention.
Claims (35)
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| PCT/CN2015/088400 WO2017035699A1 (en) | 2015-08-28 | 2015-08-28 | Method and terminal for accessing network and acquiring client identification module information and core network |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN106465096A CN106465096A (en) | 2017-02-22 |
| CN106465096B true CN106465096B (en) | 2019-08-23 |
Family
ID=58184015
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201580034378.6A Active CN106465096B (en) | 2015-08-28 | 2015-08-28 | It accesses network and obtains method, terminal and the core net of client identification module information |
Country Status (2)
| Country | Link |
|---|---|
| CN (1) | CN106465096B (en) |
| WO (1) | WO2017035699A1 (en) |
Families Citing this family (14)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108235309B (en) * | 2016-12-21 | 2019-08-02 | 电信科学技术研究院 | A kind of data processing method and device |
| CN107948243B (en) * | 2017-10-25 | 2020-10-16 | 广州迅领科技有限公司 | Internet of things communication method, terminal and system |
| CN109756451B (en) | 2017-11-03 | 2022-04-22 | 华为技术有限公司 | Information interaction method and device |
| CN108768427A (en) * | 2018-04-03 | 2018-11-06 | 李珉玮 | Controller and its communication means, system |
| CN109769226A (en) * | 2018-12-26 | 2019-05-17 | 深圳市麦谷科技有限公司 | A kind of Internet of Things network interface card management-control method, system, computer equipment and storage medium |
| CN112134831B (en) * | 2019-06-25 | 2023-02-21 | 中兴通讯股份有限公司 | Method and device for sending and processing access request |
| CN111465003B (en) * | 2020-04-01 | 2022-05-13 | 中国联合网络通信集团有限公司 | A method and device for addressing a cardless terminal |
| CN111901387B (en) * | 2020-07-01 | 2022-07-08 | 中国联合网络通信集团有限公司 | A kind of cloud private line connection method and device |
| CN111970681B (en) * | 2020-08-26 | 2022-08-02 | 中国联合网络通信集团有限公司 | Equipment identification method and device |
| CN113542016B (en) * | 2021-06-30 | 2024-03-22 | 深圳市天视通视觉有限公司 | Activation method and device based on serial number and computer readable storage medium |
| CN113973302B (en) * | 2021-09-15 | 2024-07-09 | 杭州阿里云飞天信息技术有限公司 | Data identification method, device, storage medium and communication system |
| US20240023172A1 (en) * | 2022-07-14 | 2024-01-18 | T-Mobile Innovations Llc | Virtual 5g ue software stack distribution and management system |
| CN117714413B (en) * | 2023-07-28 | 2025-01-03 | 荣耀终端有限公司 | Method for determining device brand information, router and readable storage medium |
| CN118829002B (en) * | 2024-09-18 | 2024-12-27 | 中国电信股份有限公司 | Method for establishing data transmission channel and related equipment |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US6957060B1 (en) * | 2000-11-28 | 2005-10-18 | Nortel Networks Limited | Methods and apparatus for establishing a call in a cellular mobile network |
| CN103124440A (en) * | 2011-11-18 | 2013-05-29 | 中兴通讯股份有限公司 | Method and system for accessing terminal without SIM (Subscriber Identity Module) card to Internet of Things |
| CN103841560A (en) * | 2014-02-28 | 2014-06-04 | 深圳市中兴物联科技有限公司 | Method and equipment to enhance SIM card reliability |
| WO2014094835A1 (en) * | 2012-12-19 | 2014-06-26 | Telefonaktiebolaget L M Ericsson (Publ) | Device authentication by tagging |
| WO2014139709A1 (en) * | 2013-03-14 | 2014-09-18 | Intel Mobile Communications GmbH | Communication devices and cellular wide area radio base station |
Family Cites Families (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| EP2129095B1 (en) * | 2008-05-30 | 2012-07-11 | Koninklijke KPN N.V. | M2M communication using a plurality of SIM-less communication modules |
| US9515850B2 (en) * | 2009-02-18 | 2016-12-06 | Telefonaktiebolaget Lm Ericsson (Publ) | Non-validated emergency calls for all-IP 3GPP IMS networks |
| WO2012104477A1 (en) * | 2011-01-31 | 2012-08-09 | Nokia Corporation | Subscriber identity module provisioning |
| CN103096283A (en) * | 2011-11-07 | 2013-05-08 | 中兴通讯股份有限公司 | Achieving method and device of emergency call business |
-
2015
- 2015-08-28 WO PCT/CN2015/088400 patent/WO2017035699A1/en active Application Filing
- 2015-08-28 CN CN201580034378.6A patent/CN106465096B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US6957060B1 (en) * | 2000-11-28 | 2005-10-18 | Nortel Networks Limited | Methods and apparatus for establishing a call in a cellular mobile network |
| CN103124440A (en) * | 2011-11-18 | 2013-05-29 | 中兴通讯股份有限公司 | Method and system for accessing terminal without SIM (Subscriber Identity Module) card to Internet of Things |
| WO2014094835A1 (en) * | 2012-12-19 | 2014-06-26 | Telefonaktiebolaget L M Ericsson (Publ) | Device authentication by tagging |
| WO2014139709A1 (en) * | 2013-03-14 | 2014-09-18 | Intel Mobile Communications GmbH | Communication devices and cellular wide area radio base station |
| CN103841560A (en) * | 2014-02-28 | 2014-06-04 | 深圳市中兴物联科技有限公司 | Method and equipment to enhance SIM card reliability |
Also Published As
| Publication number | Publication date |
|---|---|
| CN106465096A (en) | 2017-02-22 |
| WO2017035699A1 (en) | 2017-03-09 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN106465096B (en) | It accesses network and obtains method, terminal and the core net of client identification module information | |
| US12057963B2 (en) | Connecting to a home area network via a mobile communication network | |
| CN110800331B (en) | Network verification method, related equipment and system | |
| CN104767715B (en) | Access control method and equipment | |
| US9288671B2 (en) | Device authentication method and devices | |
| CN103493541B (en) | Method and terminal for switching operator network | |
| CN108540973B (en) | Data service processing method, device and system in roaming scene | |
| WO2019042378A1 (en) | Method and apparatus for providing user identity information, and storage medium | |
| JP6063564B2 (en) | Method, apparatus and system for accessing a mobile network | |
| US8676999B2 (en) | System and method for remote authentication dial in user service (RADIUS) prefix authorization application | |
| TWI516151B (en) | Telecommunication method and telecommunication system | |
| CN104780536B (en) | Authentication method and terminal for Internet of Things device | |
| KR20080102906A (en) | Method and system for managing mobility of terminal in mobile communication system using mobile IP | |
| CN102421097A (en) | A user authentication method, device and system | |
| CN102215486B (en) | Network access method, system, network authentication method, equipment and terminal | |
| CN103313245B (en) | Based on the Network access method of mobile phone terminal, equipment and system | |
| KR100471615B1 (en) | System for managing IP address of Internet service provider using RADIUS server and method thereof | |
| CN104012035B (en) | Method and device for authentication and authorization of proximity services | |
| CN103974230B (en) | position information acquisition method and corresponding device | |
| CN104081804B (en) | Method and network element, terminal of a kind of mobile network to terminal authentication | |
| KR20080099991A (en) | Method and system for managing mobility of mobile terminal using proxy mobile internet protocol in mobile communication system | |
| CN104684038A (en) | A switching method and related device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |