[go: up one dir, main page]

CN101616463B - Method, device and system for realizing pre-certification - Google Patents

Method, device and system for realizing pre-certification Download PDF

Info

Publication number
CN101616463B
CN101616463B CN200810115813XA CN200810115813A CN101616463B CN 101616463 B CN101616463 B CN 101616463B CN 200810115813X A CN200810115813X A CN 200810115813XA CN 200810115813 A CN200810115813 A CN 200810115813A CN 101616463 B CN101616463 B CN 101616463B
Authority
CN
China
Prior art keywords
mobile node
authentication
candidate network
information
network
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Fee Related
Application number
CN200810115813XA
Other languages
Chinese (zh)
Other versions
CN101616463A (en
Inventor
陈惠芳
陈海永
沈斌
金煦
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Huawei Technologies Co Ltd
Original Assignee
Huawei Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Huawei Technologies Co Ltd filed Critical Huawei Technologies Co Ltd
Priority to CN200810115813XA priority Critical patent/CN101616463B/en
Priority to PCT/CN2009/072295 priority patent/WO2009155831A1/en
Publication of CN101616463A publication Critical patent/CN101616463A/en
Application granted granted Critical
Publication of CN101616463B publication Critical patent/CN101616463B/en
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • H04W12/062Pre-authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W36/00Hand-off or reselection arrangements
    • H04W36/24Reselection being triggered by specific parameters
    • H04W36/32Reselection being triggered by specific parameters by location or mobility data, e.g. speed data
    • H04W36/322Reselection being triggered by specific parameters by location or mobility data, e.g. speed data by location data
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W36/00Hand-off or reselection arrangements
    • H04W36/0005Control or signalling for completing the hand-off
    • H04W36/0011Control or signalling for completing the hand-off for data sessions of end-to-end connection
    • H04W36/0016Hand-off preparation specially adapted for end-to-end data sessions
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W36/00Hand-off or reselection arrangements
    • H04W36/24Reselection being triggered by specific parameters
    • H04W36/32Reselection being triggered by specific parameters by location or mobility data, e.g. speed data
    • H04W36/324Reselection being triggered by specific parameters by location or mobility data, e.g. speed data by mobility data, e.g. speed data
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W88/00Devices specially adapted for wireless communication networks, e.g. terminals, base stations or access point devices
    • H04W88/02Terminal devices

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

本发明公开了一种实现预认证的方法、信息服务器、移动节点和系统,属于通信技术领域。所述方法包括:信息服务器为移动节点选定候选网络,并预测移动节点将要在所述候选网络中出现的位置信息;信息服务器向移动节点发送携带所述候选网络信息和位置信息的预认证指示,以便于移动节点根据该预认证指示与候选网络进行预认证。所述信息服务器包括:预测模块和指示模块。所述移动节点包括:接收模块和预认证模块。所述系统包括信息服务器和移动节点。本发明提高了移动节点与候选网络进行预认证过程中业务的连续性,且可以适用于移动节点高速移动的应用场景。与现有技术相比,降低了预认证过程中移动节点的业务延迟或中断的情况出现的概率。

Figure 200810115813

The invention discloses a method for realizing pre-authentication, an information server, a mobile node and a system, and belongs to the technical field of communication. The method includes: the information server selects a candidate network for the mobile node, and predicts the location information that the mobile node will appear in the candidate network; the information server sends a pre-authentication instruction carrying the candidate network information and location information to the mobile node , so that the mobile node performs pre-authentication with the candidate network according to the pre-authentication indication. The information server includes: a prediction module and an indication module. The mobile node includes: a receiving module and a pre-authentication module. The system includes an information server and a mobile node. The invention improves the service continuity during the pre-authentication process between the mobile node and the candidate network, and is applicable to the application scene of the mobile node moving at high speed. Compared with the prior art, the probability of service delay or interruption of the mobile node in the pre-authentication process is reduced.

Figure 200810115813

Description

Realize pre-authentication method, device and system
Technical field
The present invention relates to communication technical field, particularly a kind of realization pre-authentication method, device and system.
Background technology
The appearance of many interfaces MN (MobileNode, mobile node) can connect single mobile node simultaneously with a plurality of networks.Support the multiple interface mobile node that a plurality of networks connect, can between different networks, switch.Because heterogeneous network there are differences on the medium access technology, mobile node is carrying out relating to safety problem when objective network inserts, therefore objective network must carry out authentication to mobile node, but can not adopt the conventional authentication method relevant with the medium Access Layer because the isomerism of network makes when carrying out access authentication.Based on EAP (Extensible Authentication Protocol, Extensible Authentication Protocol) authentication method, utilize MIH (Media Independent Handover, media-independent switches) layer can realize the handover of mobile node between heterogeneous network.Need the long time but be based on the EAP verification process, can cause the handoff procedure of mobile node to be affected, cause professional delay or interruption.In order to address this problem, active pre-authentication techniques based on EAP has appearred, a mobile node can carry out pre-authentication process with a plurality of networks simultaneously, solve to a certain extent and finish the delay problem that verification process causes, can realize the seamless switching of mobile node between heterogeneous network generally speaking.
Active pre-authenticating method based on EAP mainly is that mobile node is before needs switch, by the MIH information server, the heterogeneous network that selection may switch to is as candidate network, and after mobile node enters the overlay area of candidate network, initiatively initiate with candidate network in certificate server carry out pre-authentication, pre-authentication finishes the back and set up pre-Security Association between the access point of mobile node and candidate network.When mobile node determines to switch to certain candidate network; this candidate network promptly becomes the objective network of switching; the pre-Security Association that the access point utilization of mobile node and objective network has been set up authenticates mutually, and produces the key that is used to protect access link, finishes the access of objective network.
After above-mentioned prior art was analyzed, the inventor found:
Active pre-authentication process itself based on EAP also needs certain hour, for the multiple interface mobile node that is in high-speed mobile, the very possible coverage that before pre-authentication is finished, has just broken away from the current service network, this mobile node can only be carried out complete verification process with objective network and realize network insertion at this moment, therefore can cause professional continuity to be damaged, can not satisfy the demand of real time business.
Summary of the invention
In order to guarantee continuity professional in the handoff procedure, the embodiment of the invention provides a kind of realization pre-authentication method, device and system.Described technical scheme is as follows:
On the one hand, the embodiment of the invention provides a kind of realization pre-authentication method, and described method comprises:
The positional information in service network that information server is repeatedly sent according to mobile node, predict the motion track of described mobile node, according to described motion track, determine the candidate network of described mobile node, and predict the positional information that described mobile node will occur in described candidate network;
Described information server sends the information of carrying described candidate network and the pre-authentication indication of positional information to described mobile node, so that described mobile node according to the information and the positional information of described candidate network, carries out pre-authentication with described candidate network.
On the other hand, the embodiment of the invention also provides a kind of information server, and described information server comprises: prediction module and indicating module;
Described prediction module comprises:
The trajectory predictions unit is used for the positional information in service network repeatedly sent according to mobile node, predicts the motion track of described mobile node;
The candidate network selected cell is used for the motion track according to the prediction of described trajectory predictions unit, determines the candidate network of described mobile node;
Position prediction unit is used for motion track and the definite candidate network of described candidate network selected cell according to the prediction of described trajectory predictions unit, predicts the positional information that described mobile node will occur in described candidate network;
Described indicating module, be used for sending the pre-authentication indication of the positional information of the information of carrying the selected candidate network of described prediction module and prediction to described mobile node, so that described mobile node according to the information and the positional information of described candidate network, carries out pre-authentication with candidate network.
Another aspect, the embodiment of the invention also provide a kind of mobile node, and described mobile node comprises:
Receiver module is used to receive the pre-authentication indication that information server is sent, and comprises the position that the described mobile node of selected candidate network of described information server and prediction will occur in described candidate network in the described pre-authentication indication;
Pre-authentication module is used for after described receiver module is received the indication of described pre-authentication, and pre-authentication as current position, is carried out with described candidate network in the position of described information server prediction;
Wherein, described candidate network is after the positional information in service network that described information server is repeatedly sent according to described mobile node is predicted the motion track of described mobile node, determines according to described motion track.
On the one hand, the embodiment of the invention also provides a kind of system that realizes pre-authentication again, and described system comprises information server and mobile node;
Described information server, be used for the positional information in service network repeatedly sent according to described mobile node, predict the motion track of described mobile node, according to described motion track, determine the candidate network of described mobile node, and predict the positional information that described mobile node will occur in described candidate network, carry the pre-authentication indication of the information and the positional information of described candidate network to described mobile node transmission, so that described mobile node according to the information and the positional information of described candidate network, carries out pre-authentication with candidate network;
Described mobile node is used to receive the pre-authentication indication that described information server is sent, and the described positional information of carrying during described pre-authentication is indicated is carried out pre-authentication as current position information with described candidate network.
The following position that the embodiment of the invention is determined candidate network and predicted mobile node by information server, the indication mobile node carries out pre-authentication, improve mobile node and candidate network and carried out continuity professional in the pre-authentication process, and gone for the application scenarios of mobile node high-speed mobile.Compared with prior art, for the mobile node that is in high-speed moving state, can avoid since from the overlay area of target approach network to time of the overlay area of leaving service network less than the needed time of objective network access authentication procedure, and the traffic delay of the mobile node that brings or interruption; Can avoid again because the overlapping area of coverage of current service network and objective network is less, mobile node is overlapping covered to leaving this overlapping covered time less than the needed time of objective network access authentication procedure from entering this, and the traffic delay of the mobile node that brings or interruption.
Description of drawings
Fig. 1 is a kind of flow chart of realization pre-authentication method that the embodiment of the invention provides;
Fig. 2 is the another kind of flow chart of realization pre-authentication method that the embodiment of the invention provides;
To be the mobile node that provides of the embodiment of the invention move to the schematic flow sheet of pre-authentication the scene of wireless MAN from WLAN (wireless local area network) to Fig. 3;
Fig. 4 is the structure chart of the information server that provides of the embodiment of the invention;
Fig. 5 is the structure chart of the mobile node that provides of the embodiment of the invention;
Fig. 6 is the system construction drawing of the realization pre-authentication that provides of the embodiment of the invention.
Embodiment
For making the purpose, technical solutions and advantages of the present invention clearer, embodiment of the present invention is described further in detail below in conjunction with accompanying drawing.
Referring to Fig. 1, the embodiment of the invention provides a kind of realization pre-authentication method, comprising:
101: information server is the selected candidate network of mobile node, and predicts the positional information that this mobile node will occur in selected candidate network;
102: information server sends the pre-authentication indication of the positional information of the information carry selected candidate network and prediction to mobile node, so that this mobile node according to the information and the positional information of this candidate network, carries out pre-authentication with candidate network.
Candidate network in the embodiment of the invention includes but not limited to: the network that mobile node will enter under the state of high-speed mobile.The technical scheme that the embodiment of the invention provides is mainly used in the scene that mobile node does not also enter candidate network, especially smaller scene in the overlay region of the covering of the service network of the scene of mobile node high-speed mobile and mobile node and candidate network or the like.The following position that the embodiment of the invention is determined candidate network and predicted mobile node by information server, the indication mobile node carries out pre-authentication, improve mobile node and candidate network and carried out continuity professional in the pre-authentication process, and gone for the application scenarios of mobile node high-speed mobile.Compared with prior art, for the mobile node that is in high-speed moving state, can avoid since from the overlay area of target approach network to time of the overlay area of leaving service network less than the needed time of objective network access authentication procedure, and the traffic delay of the mobile node that brings or interruption; Can avoid again because the overlapping area of coverage of current service network and objective network is less, mobile node is overlapping covered to leaving this overlapping covered time less than the needed time of objective network access authentication procedure from entering this, and the traffic delay of the mobile node that brings or interruption.
Referring to Fig. 2, the realization pre-authentication method that the embodiment of the invention provides can specifically comprise:
201: mobile node reports the current location information in the service network of place to give information server, can regularly report according to report cycle, this report cycle can be pre-if be handed down to mobile node by information server in mobile node, promptly or by mobile node initiatively current position is reported information server, or information server active request mobile node reports current location information; Further, mobile node can also report the signal strength information of the current service network that monitors etc.
202: information server receives the positional information that mobile node reports, after receiving a plurality of positional informations, motion track according to these a plurality of positional information prediction mobile nodes, if mobile node has reported signal strength information, then predict the motion track of mobile node, thereby can improve prediction accuracy according to positional information and signal strength information.
203: information server is according to the motion track of the mobile node of prediction, determine the access possibility of mobile node and each network, thereby determine the candidate network of mobile node, the candidate network of determining can be for one or more, when being a plurality of, can determine the priority of each candidate network according to the size of the access possibility of mobile node and each candidate network, thereby obtain the candidate network tabulation.
Further, information server can also be determined candidate network according to the motion track and the default collocation strategy of the mobile node of predicting.Wherein, Yu She collocation strategy is according at least a selection candidate network in the roaming agreement between signal cover, signal strength signal intensity, bandwidth information, power supply status, tariff information and the operator.For example, configured strategy is a candidate network for selecting the stronger network of signal strength signal intensity.Configured strategy is to select candidate network according to the power supply status of mobile node for another example, be specifically as follows: when the electric quantity of power supply abundance of mobile node, preferential higher, QoS (the Quality ofService of transmission rate that selects, service quality) network preferably, when the electric quantity of power supply deficiency of mobile node, the preferential relatively network of power saving of selecting; Perhaps when the electric quantity of power supply of mobile node is sufficient and a plurality of candidate network carry out pre-authentication, when the electric quantity of power supply of mobile node is not enough, only and the highest network of priority carry out pre-authentication or the like.
Because mobile node is the dynamic real-time reporting position information, therefore information server also is dynamically to generate the candidate network tabulation, change in location along with mobile node, the priority orders of the candidate network in the candidate network tabulation also changes, if the priority orders in the priority orders of current definite candidate network and the tabulation of existing candidate network is inconsistent, then information server can be revised the candidate network tabulation according to the priority orders of current definite candidate network, make its priority orders consistent, thereby can indicate mobile node to initiate pre-authentication according to the priority orders of the candidate network of current affirmation with current definite candidate network.
For example, mobile node is in the 3GPP2 network, information server is selected WLAN (Wireless Local Area Network, WLAN (wireless local area network)) and WMAN (Wireless metropolitan area network, wireless MAN) two candidate network, and the access priority of wlan network is higher than the WMAN network.Mobile node reports current location information to give information server by the 3GPP2 interface, the motion track of information server prediction mobile node, determine the current wlan network that more likely inserts of mobile node, therefore need not revise the priority of existing candidate network tabulation, information server indication mobile node at first carries out pre-authentication with wlan network, and then whether decision will carry out pre-authentication with the WMAN network according to strategy.
204: information server is according to the motion track and the candidate network of determining of prediction, the positional information that the prediction mobile node will occur in the candidate network of determining.
205: information server sends the pre-authentication indication to mobile node, carries the selected candidate network information and the positional information of prediction in this pre-authentication indication, so that mobile node carries out pre-authentication according to the information of candidate network and positional information and candidate network.
206: after mobile node receives the pre-authentication indication that information server sends,, this predicted position information as current position information, is carried out pre-authentication with this candidate network according to the candidate network information and the predicted position information that comprise in this pre-authentication indication.
Further, after pre-authentication is finished, between the certificate server of mobile node and candidate network, set up pre-Security Association, in the time of in mobile node moves to the scope that this candidate network covers, can carry out the access of network according to the access point of the pre-Security Association of having set up and this candidate network (being generally the certificate server selection of candidate network).
Further, the method in the embodiment of the invention can also comprise:
After mobile node and candidate network were finished pre-authentication, mobile node was opened the interface corresponding with described candidate network when entering candidate network or when not entering described candidate network.Open interface when entering candidate network and be meant unlatching interface when mobile node detects corresponding candidate network signal, promptly adopt means same as the prior art to open interface; After the unlatching interface is meant that verification process is finished when not entering candidate network, start a timer, length of timer in the time of timer expiry, is opened interface by information server indication or the local configuration of mobile node automatically.Thereby can avoid mobile node to be under the high-speed moving state, open the time-delay that the interface that is in closed condition brings and destroy professional continuity.When candidate network has when a plurality of, mobile node can select to open the interface of the highest candidate network correspondence of access priority, also can select opening section or whole interfaces of candidate network correspondences according to the power supply situation of mobile node.
Mobile node and candidate network are carried out the process of pre-authentication in the above-mentioned steps 206, can finish by the access point of current service network.When the candidate network of determining when information server is a plurality of, mobile node can according to the priority orders of candidate network successively with a plurality of candidate network in subnetwork or overall network carry out pre-authentication.Referring to Fig. 3, moving to WMAN with mobile node from WLAN is that example specifies, and wherein, the communications protocol that adopts between mobile node, information server and the access point is the MIH agreement, the embodiment of the invention is not limited thereto, and also can adopt other communications protocol to realize.
301: the current wlan network that is in of mobile node, the access point by interface 802.11 and wlan network carries out the business datum exchange;
302: mobile node regularly reports the current location information in WLAN to give information server, as reporting once every 1 minute;
303: information server is received the definite candidate network WMAN in back, and predicts position that mobile node will occur in the WMAN network and the access point of selecting WMAN;
304: information server returns the position of definite candidate network, prediction and the WMAN access-in point information of selection, and indication mobile node and WMAN carry out pre-authentication; Wherein, the WMAN access-in point information comprises at least: the MIH ID of access point, the IP address information of MIH transport layer and access base station information or the like;
305: the information that mobile node returns according to information server, carry out pre-authentication by the MIH module in the WLAN access point, MIH module in the WMAN access point and the certificate server (AAA Server) of WMAN, this pre-authentication process carries out according to existing EAP verification process, wherein, MIH module in the WLAN access point is responsible for transmitting verify data, and MIH module and the MIH module in the WMAN access point in the WLAN access point are carried out in the process of communication, do not get rid of and can also carry out data forwarding or the like through other MIH entity;
306: after pre-authentication process was finished, movable contact was opened 802.16 interfaces, prepared for inserting WMAN.
307: when mobile node enters the coverage of WMAN, carry out the link access procedure by pre-established Security Association and WMAN access point;
308: after mobile node was finished the network switching, movable contact disconnection and WLAN were connected, and close 802.11 interfaces;
309: after mobile node access WMAN finished, mobile node and WMAN network carried out the business datum exchange.
In application scenarios shown in Figure 3, mobile node can also report information server with the network signal intensity that monitors, and network signal intensity when sudden change especially, can make information server definite candidate network that upgrades in time.For example, the candidate network priority that information server is determined from height to low order is: WMAN, WLAN, mobile node carries out pre-authentication with the WMAN network earlier according to this order, in the process of pre-authentication, the signal that mobile node monitors wlan network strengthens suddenly, then this information is reported information server, information server is predicted the motion track of mobile node again, judging the candidate network that mobile node more likely inserts is wlan network, therefore upgrade the order of candidate network tabulation medium priority, upgrading back priority from height to low order is: WLAN, WMAN, and indicate mobile node to carry out pre-authentication again according to the result after upgrading, after mobile node was received this indication, then the pre-authentication of termination and WMAN network began to carry out pre-authentication with wlan network.
The following position that the said method that the embodiment of the invention provides is determined candidate network and predicted mobile node by information server, the indication mobile node carries out pre-authentication, improve mobile node and candidate network and carried out continuity professional in the pre-authentication process, and gone for the application scenarios of mobile node high-speed mobile.Compared with prior art, for the mobile node that is in high-speed moving state, can avoid since from the overlay area of target approach network to time of the overlay area of leaving service network less than the needed time of objective network access authentication procedure, and the traffic delay of the mobile node that brings or interruption; Can avoid again because current service network and objective network overlapping covered less, mobile node is overlapping covered to leaving this overlapping covered time less than the needed time of objective network access authentication procedure from entering this, and the traffic delay of the mobile node that brings or interruption.The motion track of the positional information prediction mobile node that reports by mobile node by information server, dynamically determine candidate network, the continuity that can keep the mobile node business better, reduce the network insertion failed probability, go for the situation of the moving direction generation flip-flop of mobile node.After pre-authentication was finished, mobile node was opened the interface of candidate network correspondence, had further improved the speed that the mobile node network switches.
Referring to Fig. 4, the embodiment of the invention also provides a kind of information server, specifically comprises:
Prediction module 401 is used to mobile node to select candidate network, and predicts the positional information that mobile node will occur in this candidate network;
Indicating module 402 is used for sending to mobile node the pre-authentication indication of the positional information carry selected candidate network information of prediction module 401 and prediction, so that mobile node according to this candidate network information and positional information, carries out pre-authentication with candidate network.
Wherein, prediction module 401 can specifically comprise:
The trajectory predictions unit is used for the positional information in service network repeatedly sent according to mobile node, the motion track of prediction mobile node;
The candidate network selected cell is used for motion track and default collocation strategy according to the prediction of trajectory predictions unit, determines the candidate network of mobile node;
Position prediction unit is used for motion track and the definite candidate network of candidate network selected cell according to the prediction of trajectory predictions unit, the positional information that the prediction mobile node will occur in candidate network.
Further, above-mentioned information server also comprises:
Select module 403, be used for selecting the access point of candidate network according to the selected candidate network of prediction module 401; Correspondingly, indicating module 402 specifically comprises:
Indicating member, be used for pre-authentication indication from the access point that module 403 selects to mobile node that send the positional information of the information carry the selected candidate network of prediction module 401, prediction and select, so that mobile node according to information, positional information and the access point of candidate network, carries out pre-authentication with candidate network.
In addition, prediction module 401 can specifically comprise:
Selected cell is used to mobile node to select a plurality of candidate network, and determines the priority of a plurality of candidate network;
Predicting unit is used for predicting the positional information that mobile node will occur in a plurality of candidate network; Correspondingly, indicating module 402 also is used for carrying the precedence information that selected cell is determined in the pre-authentication indication.
The information server that the embodiment of the invention provides is by determining candidate network and the following position of predicting mobile node, the indication mobile node carries out pre-authentication, improve mobile node and candidate network and carried out continuity professional in the pre-authentication process, and gone for the application scenarios of mobile node high-speed mobile.Compared with prior art, for the mobile node that is in high-speed moving state, can avoid since from the overlay area of target approach network to time of the overlay area of leaving service network less than the needed time of objective network access authentication procedure, and the traffic delay of the mobile node that brings or interruption; Can avoid again because current service network and objective network overlapping covered less, mobile node is overlapping covered to leaving this overlapping covered time less than the needed time of objective network access authentication procedure from entering this, and the traffic delay of the mobile node that brings or interruption.Predict the motion track of mobile node by the positional information that reports by mobile node, dynamically determine candidate network, the continuity that can keep the mobile node business better reduces the network insertion failed probability, goes for the situation of the moving direction generation flip-flop of mobile node.
Referring to Fig. 5, the embodiment of the invention also provides a kind of mobile node, comprising:
Receiver module 501 is used to receive the pre-authentication indication that information server is sent, and comprises the position that the mobile node of selected candidate network of information server and prediction will occur in candidate network in this pre-authentication indication;
Pre-authentication module 502 is used for after receiver module 501 is received pre-authentication indication, and pre-authentication as current position, is carried out with candidate network in the position of information server prediction.
Further, can also comprise the access point of the candidate network that information server is selected in the pre-authentication indication that receiver module 501 receives, correspondingly, pre-authentication module 502 can specifically comprise:
The first pre-authentication unit, be used for after receiver module 501 receives the pre-authentication indication, pre-authentication as current position, by the access point of service network and the access point of candidate network, is carried out to the certificate server of candidate network in the position of information server prediction.
In addition, can also comprise the priority of a plurality of candidate network that information server is selected in the pre-authentication indication that receiver module 501 receives, correspondingly, pre-authentication module 502 can specifically comprise:
The second pre-authentication unit is used for after receiver module 501 receives pre-authentication indication, and pre-authentication as current position, is carried out according to priority and candidate network in this pre-authentication indication in the position of information server prediction.
Further, above-mentioned mobile node also comprises:
Opening module 503 is used for after mobile node and candidate network are finished pre-authentication, and mobile node is opened the interface corresponding with candidate network when entering candidate network or when not entering candidate network.
The mobile node that the embodiment of the invention provides, candidate network and the predicted position information sent according to information server, carry out pre-authentication with candidate network, improve mobile node and candidate network and carried out continuity professional in the pre-authentication process, and gone for the application scenarios of mobile node high-speed mobile.Compared with prior art, for the mobile node that is in high-speed moving state, can avoid since from the overlay area of target approach network to time of the overlay area of leaving service network less than the needed time of objective network access authentication procedure, and the traffic delay of the mobile node that brings or interruption; Can avoid again because current service network and objective network overlapping covered less, mobile node is overlapping covered to leaving this overlapping covered time less than the needed time of objective network access authentication procedure from entering this, and the traffic delay of the mobile node that brings or interruption.
Referring to Fig. 6, the embodiment of the invention also provides a kind of system that realizes pre-authentication, comprising:
Information server 601, be used to mobile node to select candidate network, and the prediction mobile node positional information that will in candidate network, occur, send the pre-authentication indication of carrying candidate network information and positional information to mobile node, so that mobile node according to this candidate network information and positional information, carries out pre-authentication with candidate network;
Mobile node 602 is used to receive the pre-authentication indication that information server 601 is sent, and the positional information of carrying during this pre-authentication is indicated is carried out pre-authentication as current position information with candidate network.
Wherein, the positional information in service network that information server 601 can repeatedly be sent according to mobile node, the motion track of prediction mobile node, and determine candidate network according to this motion track.The candidate network of determining can further, can also be determined the priority of these a plurality of candidate network for a plurality of, and is carried in the pre-authentication indication, so that mobile node can carry out pre-authentication with these a plurality of candidate network respectively according to the order of this priority.
Further, information server 601 also is used to select the access point of candidate network, and the information of carrying this access point in above-mentioned pre-authentication indication, and correspondingly, said system can also comprise:
The certificate server of candidate network (AAA Server) is used for carrying out pre-authentication by the access point and the mobile node of above-mentioned candidate network.
In addition, mobile node 602 is opened the interface corresponding with this candidate network when can or not enter this candidate network when mobile node enters this candidate network after finishing pre-authentication with candidate network.
The following position that the said system that the embodiment of the invention provides is determined candidate network and predicted mobile node by information server, the indication mobile node carries out pre-authentication, improve mobile node and candidate network and carried out continuity professional in the pre-authentication process, and gone for the application scenarios of mobile node high-speed mobile.Compared with prior art, for the mobile node that is in high-speed moving state, can avoid since from the overlay area of target approach network to time of the overlay area of leaving service network less than the needed time of objective network access authentication procedure, and the traffic delay of the mobile node that brings or interruption; Can avoid again because current service network and objective network overlapping covered less, mobile node is overlapping covered to leaving this overlapping covered time less than the needed time of objective network access authentication procedure from entering this, and the traffic delay of the mobile node that brings or interruption.
The embodiment of the invention can utilize software to realize that corresponding software programs can be stored in the storage medium that can read, for example, and in the hard disk of computer, buffer memory or the CD.
The above only is preferred embodiment of the present invention, and is in order to restriction the present invention, within the spirit and principles in the present invention not all, any modification of being done, is equal to replacement, improvement etc., all should be included within protection scope of the present invention.

Claims (16)

1.一种实现预认证的方法,其特征在于,所述方法包括:1. A method for realizing pre-authentication, characterized in that the method comprises: 信息服务器根据移动节点多次发来的在服务网络内的位置信息,预测所述移动节点的移动轨迹,根据所述移动轨迹,确定所述移动节点的候选网络,并预测所述移动节点将要在所述候选网络中出现的位置信息;The information server predicts the moving trajectory of the mobile node according to the location information in the service network sent by the mobile node multiple times, determines the candidate network of the mobile node according to the moving trajectory, and predicts that the mobile node will be in location information present in said candidate network; 所述信息服务器向所述移动节点发送携带所述候选网络的信息和位置信息的预认证指示,以便于所述移动节点根据所述候选网络的信息和位置信息,与所述候选网络进行预认证。The information server sends a pre-authentication indication carrying the information and location information of the candidate network to the mobile node, so that the mobile node performs pre-authentication with the candidate network according to the information and location information of the candidate network . 2.根据权利要求1所述的实现预认证的方法,其特征在于,所述根据所述移动轨迹,确定所述移动节点的候选网络,具体包括:2. The method for realizing pre-authentication according to claim 1, wherein the determining the candidate network of the mobile node according to the moving trajectory specifically comprises: 所述信息服务器根据所述移动轨迹和预设的配置策略,确定所述移动节点的候选网络,所述预设的配置策略为根据信号覆盖范围、信号强度、带宽信息、电源状态、资费信息和运营商之间的漫游协议中的至少一种选择候选网络。The information server determines the candidate network of the mobile node according to the moving trajectory and a preset configuration strategy, and the preset configuration strategy is based on signal coverage, signal strength, bandwidth information, power status, tariff information and At least one of roaming agreements between operators selects a candidate network. 3.根据权利要求1所述的实现预认证的方法,其特征在于,所述预测所述移动节点将要在所述候选网络中出现的位置信息,具体包括:3. The method for realizing pre-authentication according to claim 1, wherein the predicting the location information that the mobile node will appear in the candidate network specifically includes: 所述信息服务器根据所述移动轨迹与候选网络,预测所述移动节点将要在所述候选网络中出现的位置信息。The information server predicts the location information where the mobile node will appear in the candidate network according to the moving track and the candidate network. 4.根据权利要求1所述的实现预认证的方法,其特征在于,所述方法还包括:4. The method for realizing pre-authentication according to claim 1, wherein the method further comprises: 所述移动节点接收到所述信息服务器的预认证指示后,将所述信息服务器预测的位置信息作为当前的位置信息,与所述候选网络进行预认证。After receiving the pre-authentication instruction from the information server, the mobile node uses the location information predicted by the information server as current location information, and performs pre-authentication with the candidate network. 5.根据权利要求1所述的实现预认证的方法,其特征在于,所述方法还包括:5. The method for realizing pre-authentication according to claim 1, wherein the method further comprises: 所述信息服务器选择所述候选网络的接入点,并在所述预认证指示中携带所述候选网络的接入点的信息;The information server selects the access point of the candidate network, and carries the information of the access point of the candidate network in the pre-authentication indication; 所述移动节点接收到所述信息服务器的预认证指示后,将所述信息服务器预测的位置信息作为当前的位置信息,通过服务网络的接入点和所述候选网络的接入点,向所述候选网络的认证服务器进行预认证。After receiving the pre-authentication instruction from the information server, the mobile node uses the location information predicted by the information server as the current location information, and sends the information to the location information through the access point of the serving network and the access point of the candidate network. pre-authentication with the authentication server of the candidate network. 6.根据权利要求1所述的实现预认证的方法,其特征在于,当所述信息服务器选定的候选网络为多个时,所述信息服务器向所述移动节点发送的预认证指示还包括该多个候选网络的优先级,以指示所述移动节点根据所述优先级与候选网络进行预认证。6. The method for realizing pre-authentication according to claim 1, wherein when the information server selects multiple candidate networks, the pre-authentication instruction sent by the information server to the mobile node further includes The priorities of the plurality of candidate networks are used to instruct the mobile node to perform pre-authentication with the candidate networks according to the priorities. 7.根据权利要求1所述的实现预认证的方法,其特征在于,所述方法还包括:7. The method for realizing pre-authentication according to claim 1, wherein the method further comprises: 当所述移动节点与候选网络完成预认证后,所述移动节点在进入所述候选网络时或未进入所述候选网络时开启与所述候选网络对应的接口。After the mobile node completes pre-authentication with the candidate network, the mobile node starts an interface corresponding to the candidate network when entering the candidate network or when not entering the candidate network. 8.一种信息服务器,其特征在于,所述信息服务器包括:预测模块和指示模块;8. An information server, characterized in that the information server comprises: a prediction module and an indication module; 所述预测模块包括:The prediction module includes: 轨迹预测单元,用于根据移动节点多次发来的在服务网络内的位置信息,预测所述移动节点的移动轨迹;A trajectory prediction unit, configured to predict the movement trajectory of the mobile node according to the location information in the service network sent by the mobile node multiple times; 候选网络选择单元,用于根据所述轨迹预测单元预测的移动轨迹,确定所述移动节点的候选网络;a candidate network selection unit, configured to determine a candidate network of the mobile node according to the trajectory predicted by the trajectory prediction unit; 位置预测单元,用于根据所述轨迹预测单元预测的移动轨迹和所述候选网络选择单元确定的候选网络,预测所述移动节点将要在所述候选网络中出现的位置信息;a location prediction unit, configured to predict the location information of the mobile node that will appear in the candidate network according to the trajectory predicted by the trajectory prediction unit and the candidate network determined by the candidate network selection unit; 所述指示模块,用于向所述移动节点发送携带所述预测模块选定的候选网络的信息和预测的位置信息的预认证指示,以便于所述移动节点根据所述候选网络的信息和位置信息,与候选网络进行预认证。The indication module is configured to send to the mobile node a pre-authentication indication carrying the information of the candidate network selected by the prediction module and the predicted location information, so that the mobile node can information to pre-authenticate with candidate networks. 9.根据权利要求8所述的信息服务器,其特征在于,所述信息服务器还包括:9. The information server according to claim 8, wherein the information server further comprises: 选择模块,用于根据所述预测模块选定的候选网络,选择所述候选网络的接入点;A selection module, configured to select an access point of the candidate network according to the candidate network selected by the prediction module; 所述指示模块具体包括:The instruction module specifically includes: 指示单元,用于向所述移动节点发送携带所述预测模块选定的候选网络的信息、预测的位置信息以及所述选择模块选择的接入点的预认证指示,以便于所述移动节点根据所述候选网络的信息、位置信息和接入点,与候选网络进行预认证。an indication unit, configured to send to the mobile node a pre-authentication indication carrying the information of the candidate network selected by the prediction module, the predicted location information, and the access point selected by the selection module, so that the mobile node can The information, location information and access point of the candidate network are pre-authenticated with the candidate network. 10.根据权利要求8所述的信息服务器,其特征在于,所述预测模块具体包括:10. The information server according to claim 8, wherein the prediction module specifically comprises: 选择单元,用于为移动节点选定多个候选网络,并确定所述多个候选网络的优先级;a selection unit, configured to select a plurality of candidate networks for the mobile node, and determine priorities of the plurality of candidate networks; 预测单元,用于预测所述移动节点将要在所述多个候选网络中出现的位置信息;a predicting unit, configured to predict location information where the mobile node will appear in the plurality of candidate networks; 所述指示模块还用于在所述预认证指示中携带所述选择单元确定的优先级信息。The indication module is further configured to carry the priority information determined by the selection unit in the pre-authentication indication. 11.一种移动节点,其特征在于,所述移动节点包括:11. A mobile node, characterized in that the mobile node comprises: 接收模块,用于接收信息服务器发来的预认证指示,所述预认证指示中包含所述信息服务器选定的候选网络和预测的所述移动节点将要在所述候选网络中出现的位置;A receiving module, configured to receive a pre-authentication instruction sent by an information server, where the pre-authentication instruction includes a candidate network selected by the information server and a predicted location where the mobile node will appear in the candidate network; 预认证模块,用于在所述接收模块收到所述预认证指示后,将所述信息服务器预测的位置作为当前的位置,与所述候选网络进行预认证;A pre-authentication module, configured to use the location predicted by the information server as the current location after the receiving module receives the pre-authentication instruction, and perform pre-authentication with the candidate network; 其中,所述候选网络为所述信息服务器根据所述移动节点多次发来的在服务网络内的位置信息预测所述移动节点的移动轨迹后,根据所述移动轨迹确定的。Wherein, the candidate network is determined according to the moving track after the information server predicts the moving track of the mobile node according to the location information in the serving network sent by the mobile node multiple times. 12.根据权利要求11所述的移动节点,其特征在于,所述接收模块接收的预认证指示中还包括所述信息服务器选择的所述候选网络的接入点,所述预认证模块具体包括:12. The mobile node according to claim 11, wherein the pre-authentication instruction received by the receiving module further includes the access point of the candidate network selected by the information server, and the pre-authentication module specifically includes : 第一预认证单元,用于在所述接收模块接收到所述预认证指示后,将所述信息服务器预测的位置作为当前的位置,通过服务网络的接入点和所述候选网络的接入点,向所述候选网络的认证服务器进行预认证。The first pre-authentication unit is configured to use the location predicted by the information server as the current location after the receiving module receives the pre-authentication instruction, and pass through the access point of the service network and the access of the candidate network point, perform pre-authentication with the authentication server of the candidate network. 13.根据权利要求11所述的移动节点,其特征在于,所述接收模块接收的预认证指示中还包括所述信息服务器选定的多个候选网络的优先级,所述预认证模块具体包括:13. The mobile node according to claim 11, wherein the pre-authentication instruction received by the receiving module further includes the priorities of multiple candidate networks selected by the information server, and the pre-authentication module specifically includes : 第二预认证单元,用于在所述接收模块接收到所述预认证指示后,将所述信息服务器预测的位置作为当前的位置,根据所述优先级与候选网络进行预认证。The second pre-authentication unit is configured to use the location predicted by the information server as the current location after the receiving module receives the pre-authentication instruction, and perform pre-authentication with the candidate network according to the priority. 14.根据权利要求11所述的移动节点,其特征在于,所述移动节点还包括:14. The mobile node according to claim 11, further comprising: 开启模块,用于当所述移动节点与候选网络完成预认证后,所述移动节点在进入所述候选网络时或未进入所述候选网络时开启与所述候选网络对应的接口。An enabling module, configured to activate an interface corresponding to the candidate network when the mobile node enters the candidate network or when not entering the candidate network after the mobile node and the candidate network complete pre-authentication. 15.一种实现预认证的系统,其特征在于,所述系统包括信息服务器和移动节点;15. A system for realizing pre-authentication, characterized in that the system includes an information server and a mobile node; 所述信息服务器,用于根据所述移动节点多次发来的在服务网络内的位置信息,预测所述移动节点的移动轨迹,根据所述移动轨迹,确定所述移动节点的候选网络,并预测所述移动节点将要在所述候选网络中出现的位置信息,向所述移动节点发送携带所述候选网络的信息和位置信息的预认证指示,以便于所述移动节点根据所述候选网络的信息与位置信息,与候选网络进行预认证;The information server is configured to predict the movement trajectory of the mobile node according to the location information in the service network sent by the mobile node multiple times, determine the candidate network of the mobile node according to the movement trajectory, and Predicting the location information that the mobile node will appear in the candidate network, and sending a pre-authentication indication carrying the information of the candidate network and the location information to the mobile node, so that the mobile node can Information and location information, pre-authentication with candidate networks; 所述移动节点,用于接收所述信息服务器发来的预认证指示,将所述预认证指示中携带的所述位置信息作为当前的位置信息,与所述候选网络进行预认证。The mobile node is configured to receive the pre-authentication instruction sent by the information server, use the location information carried in the pre-authentication instruction as current location information, and perform pre-authentication with the candidate network. 16.根据权利要求15所述的实现预认证的系统,其特征在于,所述信息服务器还用于选择所述候选网络的接入点,并在所述预认证指示中携带所述接入点的信息,所述系统还包括:16. The system for implementing pre-authentication according to claim 15, wherein the information server is further configured to select an access point of the candidate network, and carry the access point in the pre-authentication indication information, the system also includes: 所述候选网络的认证服务器,用于通过所述接入点与所述移动节点进行预认证。The authentication server of the candidate network is configured to perform pre-authentication with the mobile node through the access point.
CN200810115813XA 2008-06-27 2008-06-27 Method, device and system for realizing pre-certification Expired - Fee Related CN101616463B (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CN200810115813XA CN101616463B (en) 2008-06-27 2008-06-27 Method, device and system for realizing pre-certification
PCT/CN2009/072295 WO2009155831A1 (en) 2008-06-27 2009-06-16 Method, system, information server and mobile node for pre-authentication

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN200810115813XA CN101616463B (en) 2008-06-27 2008-06-27 Method, device and system for realizing pre-certification

Publications (2)

Publication Number Publication Date
CN101616463A CN101616463A (en) 2009-12-30
CN101616463B true CN101616463B (en) 2011-11-16

Family

ID=41444020

Family Applications (1)

Application Number Title Priority Date Filing Date
CN200810115813XA Expired - Fee Related CN101616463B (en) 2008-06-27 2008-06-27 Method, device and system for realizing pre-certification

Country Status (2)

Country Link
CN (1) CN101616463B (en)
WO (1) WO2009155831A1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106714251A (en) * 2017-01-24 2017-05-24 维沃移动通信有限公司 Network connection method and mobile terminal

Families Citing this family (15)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102202368B (en) * 2010-03-26 2014-10-08 华为终端有限公司 Method and device for acquiring network information
CN102075353B (en) * 2010-12-29 2013-06-19 北京星网锐捷网络技术有限公司 Mobility management method of working station and network management server
EP2783535B1 (en) * 2011-11-25 2016-09-14 Bandwidthx Inc. System for providing intelligent network access selection for a mobile wireless device
US9313613B2 (en) * 2012-02-24 2016-04-12 Lg Electronics Inc. Method, apparatus, and system for performing unsolicited location-based download
CN102625378B (en) * 2012-02-29 2015-08-12 西安电子科技大学 A kind of heterogeneous wireless network fast handover protocol flow process
CN103582082A (en) * 2012-08-02 2014-02-12 中兴通讯股份有限公司 Web selecting method and device
US9826464B2 (en) 2013-03-26 2017-11-21 Bandwidthx Inc. Systems and methods for establishing wireless connections based on access conditions
CN104581757B (en) * 2013-10-18 2019-04-30 中兴通讯股份有限公司 M2M terminal active switching method and device in a kind of M2M network
CN104066134A (en) * 2014-05-26 2014-09-24 河南省尖端智能控制技术有限公司 Seamless switching method for multiple access points of WiFi network
WO2018125704A1 (en) 2016-12-27 2018-07-05 Bandwidthx Inc. Radio management based on user intervention
WO2018125682A1 (en) 2016-12-27 2018-07-05 Bandwidthx Inc. Auto-discovery of amenities
CN108712715B (en) * 2018-04-04 2020-08-21 天地融科技股份有限公司 Method for switching network by using Bluetooth hotspot
CN111417169B (en) * 2018-12-19 2022-06-17 中国电信股份有限公司 Wireless access control method, wireless access control device, communication network system and storage medium
CN113938986B (en) * 2020-07-14 2023-11-17 华为技术有限公司 Method and device for determining wireless access strategy
CN116209030B (en) * 2023-05-06 2023-08-18 四川中普盈通科技有限公司 Mobile platform anti-weak network communication gateway access method and system

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6711408B1 (en) * 2000-02-05 2004-03-23 Ericsson Inc. Position assisted handoff within a wireless communications network
CN1943211A (en) * 2005-02-04 2007-04-04 株式会社东芝 Framework of media-independent pre-authentication
CN1969568A (en) * 2004-01-22 2007-05-23 株式会社东芝 Mobile architecture using pre-authentication, pre-configuration and/or virtual soft handover
KR100739888B1 (en) * 2006-02-13 2007-07-13 주식회사 팬택앤큐리텔 How to shorten the connection time of the PC with the CDMA network when handovering from the CDMA network to the CDMA network

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6711408B1 (en) * 2000-02-05 2004-03-23 Ericsson Inc. Position assisted handoff within a wireless communications network
CN1969568A (en) * 2004-01-22 2007-05-23 株式会社东芝 Mobile architecture using pre-authentication, pre-configuration and/or virtual soft handover
CN1943211A (en) * 2005-02-04 2007-04-04 株式会社东芝 Framework of media-independent pre-authentication
KR100739888B1 (en) * 2006-02-13 2007-07-13 주식회사 팬택앤큐리텔 How to shorten the connection time of the PC with the CDMA network when handovering from the CDMA network to the CDMA network

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106714251A (en) * 2017-01-24 2017-05-24 维沃移动通信有限公司 Network connection method and mobile terminal
CN106714251B (en) * 2017-01-24 2019-04-12 维沃移动通信有限公司 A kind of method for connecting network and mobile terminal

Also Published As

Publication number Publication date
CN101616463A (en) 2009-12-30
WO2009155831A1 (en) 2009-12-30

Similar Documents

Publication Publication Date Title
CN101616463B (en) Method, device and system for realizing pre-certification
Aljeri et al. Mobility management in 5G-enabled vehicular networks: Models, protocols, and classification
JP4585969B2 (en) Target network selection for seamless handover from multiple wireless networks
Lampropoulos et al. Media-independent handover for seamless service provision in heterogeneous networks
US20220264390A1 (en) Cho resource processing method, apparatus and system
CN102625378B (en) A kind of heterogeneous wireless network fast handover protocol flow process
WO2005027557A1 (en) Seamless handover in heterogeneous network
CN101296481A (en) A network switching method, device and system
KR20100029869A (en) Apparatus and method for supporting media independent seamless service in heterogeneous wireless network
CN1852568B (en) Small-zone switching-over method
CN101026874A (en) Cross-domain heterogeneous network system and adjacent network switching method and device
EP1665854B1 (en) Context transfer for seamless handover
Aljeri et al. Smart and green mobility management for 5G‐enabled vehicular networks
CN101394359B (en) Communication system and method for supporting end-to-end QoS in heterogeneous wireless network
Michalas et al. An integrated MIH-FPMIPv6 mobility management approach for evolved-packet system architectures
KR100939217B1 (en) How to provide OS service during handover of mobile terminal
Aguiar et al. Scalable QoS-aware mobility for future mobile operators
WO2022061839A1 (en) Handover method and apparatus, devices and storage medium
KR100753845B1 (en) Method and system for supporting handover of a mobile terminal capable of multiple interfaces in an IP-based broadband integrated mobile network environment
CN101483900A (en) Method for processing switching between heterogeneous systems
KR100678125B1 (en) Handover Method in Next Generation Mobile Communication Systems with Overlap Area
CA2657021A1 (en) User network and method for using multiple access systems to connect to remote communications network(s)
Makaya et al. Adaptive handoff scheme for heterogeneous IP wireless networks
CN101291534B (en) Method for transmission facility to trigger resource control system for guarantee continuity of conversation
Omheni et al. Enhanced handover architecture in IEEE 802.21-enabled heterogeneous wireless networks

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant
CF01 Termination of patent right due to non-payment of annual fee
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20111116