CN1578487A - Method for mobile terminal switching in packet network - Google Patents
Method for mobile terminal switching in packet network Download PDFInfo
- Publication number
- CN1578487A CN1578487A CN03149841.8A CN03149841A CN1578487A CN 1578487 A CN1578487 A CN 1578487A CN 03149841 A CN03149841 A CN 03149841A CN 1578487 A CN1578487 A CN 1578487A
- Authority
- CN
- China
- Prior art keywords
- mobile terminal
- network
- access
- packet network
- mobile
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Landscapes
- Mobile Radio Communication Systems (AREA)
Abstract
本发明公开了一种移动终端接入分组网络的方法:A.预先给移动终端分配固定接入点名称并且设置含有移动终端所要接入的分组网络提供者标识的用户名;B.在接收到移动终端接入分组网络的请求后,根据用户名中的标识解析出分组网络提供者;C.如果解析得到的分组网络提供者表示提供企业私有网的企业,根据所述标识该移动终端接入所述企业私有网;如果解析得到的分组网络提供者表示移动运营商,根据所述固定接入点名称由移动网关支持节点分配给该移动终端一个IP地址,然后根据该移动终端设置的接入网络目的地址或网络协议将该移动终端接入所述移动运营商提供的相应分组网络。该方法简化了移动终端用户上网的过程,减少了运营商网络配置的复杂度。
The invention discloses a method for a mobile terminal to access a packet network: A. assign a fixed access point name to the mobile terminal in advance and set a user name containing the identifier of the packet network provider to be accessed by the mobile terminal; B. after receiving After the request of the mobile terminal to access the packet network, the packet network provider is resolved according to the identifier in the user name; C. If the resolved packet network provider indicates the enterprise that provides the private network of the enterprise, the mobile terminal accesses the packet network according to the identifier The private network of the enterprise; if the packet network provider obtained by parsing represents a mobile operator, an IP address is assigned to the mobile terminal by the mobile gateway support node according to the fixed access point name, and then according to the access set by the mobile terminal The network destination address or network protocol connects the mobile terminal to the corresponding packet network provided by the mobile operator. The method simplifies the process of the mobile terminal user surfing the Internet, and reduces the complexity of the operator's network configuration.
Description
技术领域technical field
本发明涉及移动通信网络与分组网络的接入技术,特别涉及一种移动终端接入分组网络的方法。The invention relates to the access technology of the mobile communication network and the packet network, in particular to a method for a mobile terminal to access the packet network.
背景技术Background technique
随着移动技术的进一步发展,当前移动通信业务的主体正逐步由语音业务向分组数据业务转移,目前能够承载分组数据业务的系统有通用分组无线业务(GPRS)和宽带码分多址(WCDMA)等。在GPRS或WCDMA中的移动终端可以通过无线上网与分组网络相连,浏览数据业务。With the further development of mobile technology, the main body of current mobile communication services is gradually shifting from voice services to packet data services. Currently, the systems that can carry packet data services include General Packet Radio Service (GPRS) and Wideband Code Division Multiple Access (WCDMA) wait. Mobile terminals in GPRS or WCDMA can connect to the packet network through wireless Internet access, and browse data services.
图1为现有技术中GPRS的移动终端接入分组网络的结构图,从图1中可以看出目前移动终端接入分组网络的过程包括:Fig. 1 is the structural diagram of the mobile terminal accessing packet network of GPRS in the prior art, can find out from Fig. 1 that the process of current mobile terminal accessing packet network comprises:
步骤1、移动终端设置接入点名称(APN),发起激活流程,移动终端使用APN如同因特网(Internet)上使用域名一样,决定该移动终端接入到哪个分组网络;Step 1, the mobile terminal sets the access point name (APN), initiates the activation process, and the mobile terminal uses the APN as the domain name is used on the Internet (Internet) to determine which packet network the mobile terminal accesses;
步骤2、该带有APN信息的激活请求消息经过基站子系统发送到服务GPRS支持节点(SGSN)中,在GPRS支持节点的域名服务器(DNS)解析出需要网关GPRS支持节点(GGSN)接入哪个分组网络;Step 2, the activation request message with the APN information is sent to the serving GPRS support node (SGSN) through the base station subsystem, and the domain name server (DNS) of the GPRS support node resolves which gateway GPRS support node (GGSN) needs to access packet network;
步骤3、确定GGSN接入哪个分组网络后,通知该GGSN创建分组数据协议(PDP)上下文激活该分组网络,使步骤1所述的移动终端根据所设置的APN选择不同的分组网络接入。Step 3, after determining which packet network the GGSN accesses, notify the GGSN to create a packet data protocol (PDP) context to activate the packet network, so that the mobile terminal described in step 1 selects a different packet network to access according to the set APN.
以下举一个例子进行说明,某运营商推出两种业务:一种是无线应用协议网络(WAP),另一种是Internet,对应两个不同的分组网络的两个不同的APN分别是“wap”和“internet”,当GPRS的移动终端想要上Internet浏览网页时,需要在移动终端上设置APN为“internet”,如果GPRS的移动终端想要进行WAP业务,则需要在移动终端上设置APN为“wap”。移动终端根据APN连接到不同的网络后,再通过设置不同的目的地址或不同的访问协议类型连接到不同的网站上,浏览网页。An example is given below to illustrate that a certain operator launches two services: one is Wireless Application Protocol Network (WAP), and the other is Internet, and the two different APNs corresponding to two different packet networks are respectively "wap" and "internet", when a GPRS mobile terminal wants to browse the web on the Internet, it needs to set the APN on the mobile terminal to "internet". If the GPRS mobile terminal wants to perform WAP services, it needs to set the APN on the mobile terminal to "waps". After the mobile terminal connects to different networks according to the APN, it connects to different websites by setting different destination addresses or different access protocol types, and browses the webpage.
如果移动通信系统的一个移动终端既要访问WAP,又要到Internet上浏览网页,或者又要访问某个企业的私有网络,就需要在该移动终端上不停地切换APN。APN是一个专业的配置参数,配置APN或切换APN用以连接到不同的网络需要接受专业技术的培训才能完成,这对于普通的用户来说,操作移动终端接入不同的网络十分困难。If a mobile terminal of the mobile communication system needs to access WAP, browse webpages on the Internet, or visit a private network of an enterprise, it is necessary to constantly switch the APN on the mobile terminal. APN is a professional configuration parameter. Configuring APN or switching APN to connect to different networks requires professional technical training. For ordinary users, it is very difficult to operate mobile terminals to access different networks.
移动运营商为了推出不同的业务,会建立越来越多的分组网络,就需要不停地增加APN,每增加一个APN,就需要更新GPRS或WCDMA系统中大量相关设备的配置参数,如:归属位置寄存器(HLR)中用户的开户数据,域名服务器(DNS)中域名解析配置参数,SGSN中的路由配置信息等等。这些工作大大增加了移动运营商网络管理的复杂度和成本。In order to launch different services, mobile operators will build more and more packet networks, and they need to continuously increase APNs. Every time an APN is added, it is necessary to update the configuration parameters of a large number of related devices in the GPRS or WCDMA system, such as: belonging Account opening data of the user in the location register (HLR), domain name resolution configuration parameters in the domain name server (DNS), routing configuration information in the SGSN, and the like. These tasks greatly increase the complexity and cost of mobile operator network management.
发明内容Contents of the invention
有鉴于此,本发明的主要目的是提供一种移动终端接入分组网络的方法,该方法不仅能简化移动终端用户上网的过程,而且能减少运营商网络配置的复杂度。In view of this, the main purpose of the present invention is to provide a method for a mobile terminal to access a packet network, which not only simplifies the process of surfing the Internet for mobile terminal users, but also reduces the complexity of operator network configuration.
根据上述目的,本发明的技术方案是这样实现的:According to above-mentioned purpose, technical scheme of the present invention is achieved like this:
一种移动终端接入分组网络的方法,该方法包括:A method for a mobile terminal to access a packet network, the method comprising:
A、预先给移动终端分配固定接入点名称并且设置含有移动终端所要接入的分组网络提供者标识的用户名;A. Pre-distribute the name of the fixed access point to the mobile terminal and set the user name containing the identification of the packet network provider to be accessed by the mobile terminal;
B、在接收到移动终端接入分组网络的请求后,根据用户名中的标识解析出分组网络提供者;B. After receiving the request of the mobile terminal to access the packet network, resolve the packet network provider according to the identifier in the user name;
C、如果解析得到的分组网络提供者表示提供企业私有网的企业,根据所述标识分配该移动终端一个因特网协议(IP)地址,将该移动终端接入所述企业私有网;C, if the packet network provider obtained by parsing represents an enterprise that provides the private network of the enterprise, an Internet Protocol (IP) address is allocated to the mobile terminal according to the identification, and the mobile terminal is connected to the private network of the enterprise;
如果解析得到的分组网络提供者表示移动运营商,根据所述固定接入点名称分配给该移动终端一个IP地址范围,在该IP地址范围内移动网关支持节点动态分配给该移动终端一个IP地址,然后根据该移动终端设置的接入网络目的地址或网络协议将该移动终端接入所述移动运营商提供的相应分组网络。If the analyzed packet network provider represents a mobile operator, assign an IP address range to the mobile terminal according to the fixed access point name, and within the IP address range, the mobile gateway support node dynamically assigns an IP address to the mobile terminal , and then access the mobile terminal to the corresponding packet network provided by the mobile operator according to the network access destination address or network protocol set by the mobile terminal.
在将移动终端接入企业私有网或移动运营商提供的分组网络之前,对移动终端进行鉴权操作。Before the mobile terminal is connected to the private network of the enterprise or the packet network provided by the mobile operator, the authentication operation is performed on the mobile terminal.
在将移动终端接入企业私有网之前,根据移动网关支持节点解析出的分组网络提供者所代表的实际接入点名称找到相应网络的鉴权服务器,对该移动终端的用户名和用户密码进行鉴权。Before the mobile terminal is connected to the private network of the enterprise, the authentication server of the corresponding network is found according to the actual access point name represented by the packet network provider parsed by the mobile gateway support node, and the user name and user password of the mobile terminal are authenticated. right.
在将移动终端接入移动运营商提供的分组网络之前,移动终端发起鉴权请求,鉴权服务器返回该移动终端允许接入网络的目的地址范围,如果移动终端要接入网络的目的地址在允许接入网络的目的地址范围之内,则允许接入该网络,否则,不允许接入。Before connecting the mobile terminal to the packet network provided by the mobile operator, the mobile terminal initiates an authentication request, and the authentication server returns the destination address range that the mobile terminal is allowed to access the network. If it is within the range of the destination address of the access network, access to the network is allowed, otherwise, access is not allowed.
在将移动终端接入移动运营商提供的分组网络时之前,移动终端发起鉴权请求,鉴权服务器返回该移动终端允许接入网络的协议类型,如果移动终端要接入网络的协议类型为鉴权服务器返回的该移动终端允许接入网络的协议类型,则允许接入该网络,否则,不允许接入。Before connecting the mobile terminal to the packet network provided by the mobile operator, the mobile terminal initiates an authentication request, and the authentication server returns the protocol type that the mobile terminal is allowed to access the network. If the protocol type that the mobile terminal wants to access the network is authentication If the protocol type returned by the authorization server allows the mobile terminal to access the network, the access to the network is allowed; otherwise, the access is not allowed.
所述的鉴权服务器集成在移动网关支持节点。The authentication server is integrated in the mobile gateway support node.
在将移动终端接入移动运营商提供的分组网络之前,移动终端在要接入的分组网络的鉴权服务器进行鉴权。Before the mobile terminal accesses the packet network provided by the mobile operator, the mobile terminal performs authentication at the authentication server of the packet network to be accessed.
所述步骤C中移动运营商提供的分组网络为因特网或无线应用协议网络网。The packet network provided by the mobile operator in step C is the Internet or a wireless application protocol network.
本发明提供的方法,使每一个移动终端只需要设置一个APN,而不是根据分组网络的不同设置不同的APN,因此不会随着分组网络的增加而需要不断更改移动通信网络所有设备上的配置数据,特别是不用修改SGSN上的配置数据,降低了运营成本;本发明提供的方法使移动终端根据不同的用户名区分不同的企业网或运营商提供的网络,移动终端用户不用经过技术的培训就可以直接设置用户名连入分组网络,减少了移动终端用户上网的难度;因此,本发明简化了移动终端用户上网的过程,减少了运营商网络配置的复杂度。The method provided by the present invention makes each mobile terminal only need to set one APN, instead of setting different APNs according to different packet networks, so it is not necessary to continuously change the configuration on all devices of the mobile communication network as the packet network increases Data, especially without modifying the configuration data on the SGSN, reduces operating costs; the method provided by the invention enables the mobile terminal to distinguish different enterprise networks or networks provided by operators according to different user names, and mobile terminal users do not need to undergo technical training The user name can be directly set to connect to the group network, which reduces the difficulty for mobile terminal users to access the Internet; therefore, the present invention simplifies the process of mobile terminal users accessing the Internet and reduces the complexity of operator network configuration.
附图说明Description of drawings
图1为现有GPRS的移动终端接入分组网络的结构图。FIG. 1 is a structural diagram of an existing GPRS mobile terminal accessing a packet network.
图2为本发明移动终端接入分组网络过程的流程图。Fig. 2 is a flow chart of the process of the mobile terminal accessing the packet network according to the present invention.
图3为本发明在GPRS网络中移动终端用户接入不同分组网络的框图。Fig. 3 is a block diagram of mobile terminal users accessing different packet networks in the GPRS network according to the present invention.
图4为移动终端用户接入企业私有网络的认证示意图。FIG. 4 is a schematic diagram of authentication for a mobile terminal user to access a private network of an enterprise.
图5为移动终端用户接入移动运营商网络的认证示意图。FIG. 5 is a schematic diagram of authentication for a mobile terminal user to access a mobile operator network.
具体实施方式Detailed ways
为了使本发明的目的、技术方案和优点更加清楚明白,以下举实施例并参照附图,对本发明进一步详细说明。In order to make the object, technical solution and advantages of the present invention clearer, the present invention will be further described in detail by citing the following embodiments and referring to the accompanying drawings.
本发明将移动终端接入的外部网络可以分为两大类:一类为运营商提供的网络,如:WAP和Internet;另一类为企业私有网,如银行系统的私有网。The present invention divides the external network accessed by the mobile terminal into two categories: one is the network provided by the operator, such as WAP and Internet; the other is the private network of the enterprise, such as the private network of the bank system.
本发明为所有的移动终端提供一个固定的APN号,而不是根据接入的分组网络分配不同的APN号。当移动终端要接入分组网络时,为移动终端设置一个用户名,该用户名中存在一个标识,该标识与所接入的分组网络提供者一一对应,如设置移动终端的用户名为David@BANKNAME,则该用户名与BANKNAME私网对应;设置移动终端的用户名为David@MCPNAME,则该用户名与移动运营商提供的网络对应,至于移动终端接入的为移动运营商提供的Internet网络还是WAP网络,则根据移动终端设置所接入的网络目的地址或设置的协议类型决定。The present invention provides a fixed APN number for all mobile terminals, instead of allocating different APN numbers according to the accessed packet network. When the mobile terminal wants to access the packet network, a user name is set for the mobile terminal, and there is an identifier in the user name, which corresponds to the provider of the packet network to which the mobile terminal is connected. For example, the user name of the mobile terminal is set to David @BANKNAME, the user name corresponds to the private network of BANKNAME; if the user name of the mobile terminal is set to David@MCPNAME, the user name corresponds to the network provided by the mobile operator, and the mobile terminal accesses the Internet provided by the mobile operator Whether the network or the WAP network is determined according to the destination address of the network that the mobile terminal is set to access or the type of protocol set.
如图2所示,图2为本发明移动终端接入分组网络过程的流程图,其具体步骤为:As shown in Figure 2, Figure 2 is a flow chart of the process of mobile terminal accessing the packet network of the present invention, and its specific steps are:
步骤200、预先分配给所有的移动终端一个固定的APN,当移动终端要接入分组网络时,设置一个用户名,该用户名中包含有接入分组网络提供者的标识信息;
步骤201、在GGSN中根据该移动终端的用户名解析出所接入分组网络真正的使用名称APN(Username-APN);
步骤202、当解析出所接入分组网络的Username-APN表示的为私有网络时,GGSN根据该Username-APN分配给移动终端一个IP地址并且接入该私有网络;当解析出所接入分组网络的Username-APN表示的为移动运营商提供的网络时,GGSN根据移动终端分配的固定APN分配给该移动终端一个IP地址范围,在这个IP地址范围内由GGSN动态分配给该移动终端IP地址,并且根据Username-APN接入移动运营商提供的网络,再根据移动终端所设定的访问目的网络地址或目的网络协议接入到移动运营商提供的WAP或Internet。Step 202, when parsing out the Username-APN of the accessed packet network indicates a private network, the GGSN assigns an IP address to the mobile terminal according to the Username-APN and accesses the private network; when parsing out the Username of the accessed packet network When -APN represents a network provided by a mobile operator, the GGSN allocates an IP address range to the mobile terminal according to the fixed APN assigned to the mobile terminal, and within this IP address range, the GGSN dynamically allocates the IP address to the mobile terminal, and according to Username-APN accesses the network provided by the mobile operator, and then accesses the WAP or Internet provided by the mobile operator according to the access destination network address or destination network protocol set by the mobile terminal.
当移动终端接入分组网络时,分组网络还可以对移动终端进行鉴权,移动终端通过鉴权才能接入分组网络。When the mobile terminal accesses the packet network, the packet network can also perform authentication on the mobile terminal, and the mobile terminal can only access the packet network through authentication.
以下对本发明作具体的说明。The present invention will be specifically described below.
对于企业私有网,移动终端用户设置统一的APN名,移动终端用户通过在移动终端上设置不同用户名的方式来区分不同的接入分组网络提供者,如私有公司系统的用户设置用户名为David@COMPANYNAME,银行系统用户为Jene@BANKNAME,移动终端用户进行数据网络访问的时候,GPRS根据移动终端用户登陆时所采用的用户名信息,在GGSN解析出真正的APN,如从David@COMPANYNAME解析出真正的APN为“COMPANYNAME”,根据这个APN允许该用户访问该COMEPANY的私有网络。For enterprise private networks, mobile terminal users set a unified APN name, and mobile terminal users distinguish between different access packet network providers by setting different user names on the mobile terminal. For example, users of private company systems set the user name as David @COMPANYNAME, the bank system user is Jene@BANKNAME, when the mobile terminal user accesses the data network, GPRS will analyze the real APN in GGSN according to the user name information used by the mobile terminal user to log in, such as David@COMPANYNAME The real APN is "COMPANYNAME", according to which the user is allowed to access the private network of COMEPANY.
对于移动运营商自己的网络,移动终端用户设置统一的APN和统一的用户名,该用户名表明了该移动终端接入移动运营商提供的网络,如:David@MCPNAME,在GGSN解析出真正的APN为移动运营商,移动终端再利用现有技术设置访问的目的地址或者设置访问的协议类型决定接入移动运营商提供的不同网络。For the mobile operator's own network, the mobile terminal user sets a unified APN and a unified user name. The user name indicates that the mobile terminal accesses the network provided by the mobile operator, such as: David@MCPNAME, and the GGSN parses out the real APN is a mobile operator, and the mobile terminal uses the existing technology to set the destination address of the access or the protocol type of the access to determine access to different networks provided by the mobile operator.
但是无论是需要接入到哪一类网络,一个移动终端用户所使用的APN名称是固定的一个,如:设置为“SingleAPN”。这个APN名称将被作为HLR开户、DNS数据库中唯一的APN进行配置管理,大大方便了HLR和DNS的维护管理。But no matter which type of network needs to be accessed, the APN name used by a mobile terminal user is fixed, such as: set to "SingleAPN". This APN name will be configured and managed as the only APN in HLR account opening and DNS database, which greatly facilitates the maintenance and management of HLR and DNS.
当移动终端要接入分组网络时,GGSN必须给该移动终端分配一个IP地址。如果移动终端用户使用固定的APN名,怎样对移动终端用户的IP地址进行分配呢?When a mobile terminal wants to access a packet network, the GGSN must assign an IP address to the mobile terminal. If the mobile terminal user uses a fixed APN name, how to allocate the IP address of the mobile terminal user?
对于访问企业私有网络的移动终端用户,移动终端用户的IP地址分配方式和分配地址池由该企业决定。在实际运营中GGSN通过解析用户名,得到真正的Username-APN,这个APN直接可以代表和区别不同企业。因此地址分配方式和分配地址池组织可根据用户名解析出来的Username-APN进行配置。例如:当移动终端用户设置的用户名为Jene@BANKNAME,GGSN解析出的Username-APN为BANKNAME,则根据该BANKNAME由GGSN分配给该移动终端一个IP地址。For mobile terminal users accessing the enterprise's private network, the IP address allocation method and allocation address pool for mobile terminal users are determined by the enterprise. In actual operation, GGSN obtains the real Username-APN by analyzing the user name, and this APN can directly represent and distinguish different enterprises. Therefore, the address allocation method and allocation address pool organization can be configured based on the Username-APN that is resolved from the username. For example: when the user name set by the mobile terminal user is Jene@BANKNAME, and the Username-APN analyzed by the GGSN is BANKNAME, then the GGSN assigns an IP address to the mobile terminal according to the BANKNAME.
对于访问移动运营商所提供分组网络的移动终端用户,由于移动运营商不仅仅提供一个分组网络给移动终端用户,移动运营商可以提供多个分组网络给移动终端,所以就不能根据GGSN解析出来的Username-APN给移动终端用户分配IP地址。移动运营商根据预先分配给移动终端的固定的APN统一对移动终端进行IP地址配置,即移动运营商根据APN分配一个IP地址范围,即分配该移动终端所在的地址池,在该IP范围中动态分配给该移动终端一个IP地址,如:当移动终端用户设置的APN为APN1时,GGSN根据该APN1分配给该移动终端一个IP地址范围为211.0.0.1~211.0.0.100,在这个地址范围内动态分配一个IP地址给移动终端用户。For mobile terminal users accessing the packet network provided by the mobile operator, since the mobile operator not only provides one packet network to the mobile terminal user, the mobile operator can provide multiple packet networks to the mobile terminal, so it cannot be resolved according to the GGSN Username-APN assigns IP addresses to mobile terminal users. The mobile operator uniformly configures the IP address of the mobile terminal according to the fixed APN pre-assigned to the mobile terminal, that is, the mobile operator allocates an IP address range according to the APN, that is, allocates the address pool where the mobile terminal is located, and dynamically configures the IP address in the IP range. Assign an IP address to the mobile terminal, for example: when the APN set by the mobile terminal user is APN1, the GGSN assigns the mobile terminal an IP address range of 211.0.0.1 to 211.0.0.100 according to the APN1, within this address range Assign an IP address to the mobile terminal user.
图3为本发明在GPRS网络中移动终端用户接入不同分组网络的框图,在图3中:Fig. 3 is the block diagram that mobile terminal user accesses different packet networks in GPRS network of the present invention, in Fig. 3:
设置GPRS用户A的APN为SingleAPN1,当GPRS用户A设置用户名为David@COMPANYNAME,则带有用户A的SingleAPN1的激活请求消息通过基站子系统和SGSN发送到GGSN上,GGSN根据激活请求消息中的该用户A中的用户名David@COMPANYNAME解析出Username-APN,即COMPANYNAME,COMPANYNAME代表了不同的企业网,根据这个COMPANYNAME由GGSN给该用户A配置一个固定的IP地址,并且与该企业网连接,即私有公司私网连接。Set the APN of GPRS user A to SingleAPN1, when GPRS user A sets the user name as David@COMPANYNAME, then the activation request message of SingleAPN1 with user A is sent to the GGSN through the base station subsystem and SGSN, GGSN according to the activation request message The user name David@COMPANYNAME in the user A resolves the Username-APN, which is COMPANYNAME, and COMPANYNAME represents a different enterprise network. According to this COMPANYNAME, the GGSN configures a fixed IP address for the user A and connects to the enterprise network. That is, a private company private network connection.
设置GPRS用户A的APN为SingleAPN1,当GPRS用户A设置用户名为David@MCPNAME,则带有用户A的用户名David@MCPNAME和SingleAPN1的激活请求消息通过基站子系统和SGSN发送到GGSN上,GGSN根据激活请求消息中的该用户A中的用户名David@MCPNAME解析出Username-APN,即MCPNAME,MCPNAME代表了移动运营商提供的网络,根据MCPNAME得知接入的为移动运营商提供的分组网络,GGSN根据激活请求消息中的该用户A的SingleAPN1给用户A分配一个IP地址,使用户A连接到移动运营商提供的网络中,再根据用户A所设置的访问的目的地址或访问的协议类型确定是连接到移动运营商提供的WAP或Internet。Set the APN of GPRS user A to SingleAPN1. When GPRS user A sets the user name as David@MCPNAME, the activation request message with user A’s user name David@MCPNAME and SingleAPN1 is sent to the GGSN through the base station subsystem and SGSN, and the GGSN According to the user name David@MCPNAME in the user A in the activation request message, the Username-APN, namely MCPNAME, is parsed out. MCPNAME represents the network provided by the mobile operator. According to the MCPNAME, the packet network provided by the mobile operator is learned. , GGSN allocates an IP address to user A according to the SingleAPN1 of the user A in the activation request message, so that user A can connect to the network provided by the mobile operator, and then according to the destination address or protocol type of access set by user A Make sure you are connected to the WAP or Internet provided by your mobile operator.
设置GPRS用户B的APN为SingleAPN1,当GPRS用户B设置用户名为Jene@MCPNAME,则带有用户B的用户名Jene@MCPNAME和SingleAPN2的激活请求消息通过基站子系统和SGSN发送到GGSN上,GGSN根据激活请求消息中的该用户B中的用户名Jene@MCPNAME解析出Username-APN,即MCPNAME,MCPNAME代表了移动运营商提供的网络,根据MCPNAME得知接入的为移动运营商提供的分组网络,GGSN根据激活请求消息中的该用户B的SingleAPN1给用户B分配一个IP地址范围,在该IP地址范围内动态分配给用户B一个IP地址,使用户B连接到运营商提供的网络中,再根据用户B所设置的访问的目的地址或访问的协议类型确定是连接到运营商提供的WAP或Internet。Set the APN of GPRS user B to SingleAPN1. When GPRS user B sets the user name as Jene@MCPNAME, the activation request message with user B’s user name Jene@MCPNAME and SingleAPN2 is sent to the GGSN through the base station subsystem and SGSN, and the GGSN According to the user name Jene@MCPNAME in the user B in the activation request message, the Username-APN is parsed out, that is, MCPNAME. MCPNAME represents the network provided by the mobile operator. According to the MCPNAME, the packet network provided by the mobile operator is learned. , GGSN allocates an IP address range to user B according to the SingleAPN1 of the user B in the activation request message, and dynamically allocates an IP address to user B within the IP address range, so that user B can connect to the network provided by the operator, and then According to the access destination address or access protocol type set by user B, it is determined whether to connect to the WAP or the Internet provided by the operator.
在移动终端接入分组网络之前,可以对该移动终端进行鉴权,鉴权通过后,再允许该移动终端接入分组网络。如果每个移动终端用户有一个固定的APN,那么怎样对移动终端用户接入网络的请求进行鉴权认证呢?Before the mobile terminal accesses the packet network, the mobile terminal can be authenticated, and after the authentication is passed, the mobile terminal is allowed to access the packet network. If each mobile terminal user has a fixed APN, how to authenticate the request of the mobile terminal user to access the network?
当移动终端用户接入企业私有网络,GGSN根据移动终端用户名解析出Username-APN,该Username-APN到相应网络的认证设备进行认证。When the mobile terminal user accesses the private network of the enterprise, the GGSN parses out the Username-APN according to the mobile terminal user name, and the Username-APN is authenticated to the authentication device of the corresponding network.
图4为移动终端用户接入企业私有网络的认证示意图,在图4中:Figure 4 is a schematic diagram of the authentication of a mobile terminal user accessing an enterprise private network, in Figure 4:
设置GPRS用户的接入点名为SingleAPN,当GPRS用户A设置用户名为David@COMPANYNAME,用户密码为AAA,则带有用户A的接入点名SingleAPN的激活请求消息通过基站子系统和SGSN发送到GGSN,GGSN根据激活请求消息中的该用户的用户名解析出Usernmame-APN,即COMPANYNAME,这个COMPANYNAME代表了不同的企业网,对COMPANYNAME用相应的私网认证服务器进行鉴权,即验证GPRS用户的用户名David@COMPANYNAME和用户密码AAA是否正确,如果正确,则该用户可以接入私有企业私网,否则,该用户不可以接入私有企业私网。Set the access point name of the GPRS user to SingleAPN. When GPRS user A sets the user name to David@COMPANYNAME and the user password to AAA, the activation request message with the access point name of user A to SingleAPN is sent to GGSN, GGSN resolves Usernname-APN according to the user name in the activation request message, that is, COMPANYNAME. This COMPANYNAME represents a different enterprise network, and uses the corresponding private network authentication server to authenticate COMPANYNAME, that is, to verify the GPRS user’s Whether the user name David@COMPANYNAME and user password AAA are correct, if correct, the user can access the private enterprise private network, otherwise, the user cannot access the private enterprise private network.
当移动终端用户接入移动运营商提供的网络时,可以有四种可选的不同认证方法:第一种,通过扩展RADIUS协议按照移动终端用户所访问网络的IP地址进行接入集中认证,即鉴权服务器收到移动终端的鉴权请求后返回的鉴权结果为移动终端允许接入的网络目的IP地址范围和不允许接入的网络目的IP地址范围,如果移动终端要接入的网络目的IP地址处于允许接入的网络目的IP地址范围之内,则可以接入该网络,否则,不可以接入该网络;第二种,通过扩展RADIUS接口按照移动终端用户所发送的数据包协议类型进行接入集中认证,即鉴权服务器收到移动终端的鉴权请求后返回的鉴权结果为允许接入的网络协议类型和不允许接入的网络协议类型,如果移动终端要接入网络的协议类型为允许接入的网络协议类型,则可以接入该网络,否则,不可以接入该网络;第三种,在GGSN上集成RADIUS认证服务器功能进行移动终端用户接入集中认证,在GGSN配置移动终端的权限,权限配置可以按目的IP地址或协议类型分别配置;第四种,对移动终端用户所发送的业务分散认证,即如果移动终端要访问网络A,则到网络A进行鉴权认证。When a mobile terminal user accesses a network provided by a mobile operator, there are four optional different authentication methods: the first one is to conduct centralized access authentication according to the IP address of the network visited by the mobile terminal user by extending the RADIUS protocol, that is, The authentication result returned by the authentication server after receiving the authentication request from the mobile terminal is the range of network destination IP addresses that the mobile terminal is allowed to access and the range of network destination IP addresses that are not allowed to be accessed. If the IP address is within the scope of the allowed network destination IP address, the network can be accessed, otherwise, the network cannot be accessed; the second method is to expand the RADIUS interface according to the protocol type of the data packet sent by the mobile terminal user Perform centralized access authentication, that is, the authentication result returned by the authentication server after receiving the authentication request from the mobile terminal is the type of network protocol that is allowed to access and the type of network protocol that is not allowed to access. If the mobile terminal wants to access the network If the protocol type is a network protocol type that is allowed to be accessed, the network can be accessed; otherwise, the network cannot be accessed; the third type is to integrate the RADIUS authentication server function on the GGSN for centralized authentication of mobile terminal user access, and the GGSN Configure the authority of the mobile terminal. The authority configuration can be configured separately according to the destination IP address or protocol type; the fourth is to disperse the authentication of the services sent by the mobile terminal user, that is, if the mobile terminal wants to access network A, it will go to network A for authentication certified.
如图5所示,图5为移动终端接入移动运营商网络时认证实施例的示意图,在图中:As shown in Figure 5, Figure 5 is a schematic diagram of an authentication embodiment when a mobile terminal accesses a mobile operator network, in the figure:
GPRS用户请求接入某个网络,GPRS用户在GGSN上进行接入鉴权,GGSN向认证服务器发送认证请求,该认证请求包含GPRS用户的APN号和用户名密码,认证服务器收到该认证请求后进行处理并且发送认证响应给GGSN,该认证响应中包含该GPRS用户允许接入的目的网络名称和不允许接入的目的网络名称,GPRS用户通过GGSN接入允许接入的目的网络。When a GPRS user requests to access a certain network, the GPRS user performs access authentication on the GGSN, and the GGSN sends an authentication request to the authentication server. The authentication request includes the GPRS user's APN number, username and password. Process and send an authentication response to the GGSN, which includes the name of the destination network that the GPRS user is allowed to access and the name of the destination network that is not allowed to be accessed, and the GPRS user accesses the destination network that is allowed to be accessed through the GGSN.
GGSN也可以不预先对GPRS用户的身份认证,即不对GPRS用户的APN号和用户名密码认证,当GPRS用户接入分组网络后,直接到GPRS用户所要访问的网络进行分散鉴权认证。如图5所示,当GPRS用户访问的为提供流媒体业务的网络时,到提供流媒体业务的网络进行GPRS用户的APN号和用户名密码认证,如果通过,就允许访问;当GPRS用户访问的为internet时,到internet网络进行GPRS用户的APN号和用户名密码认证,如果通过,就允许访问;当GPRS用户访问的为提供多媒体短消息业务的网络时,到提供多媒体短消息业务的网络进行GPRS用户的APN号和用户名密码认证,如果不通过,就不允许访问。GGSN also can not pre-authenticate the identity of the GPRS user, that is, not authenticate the APN number and user name password of the GPRS user. After the GPRS user accesses the packet network, it directly goes to the network that the GPRS user wants to visit to perform decentralized authentication. As shown in Figure 5, when what the GPRS user visits is to provide the network of streaming media service, carry out APN number and user name password authentication of GPRS user to the network that provides streaming media service, if pass, just allow to visit; When GPRS user visits When the Internet is the Internet, go to the Internet network to authenticate the GPRS user's APN number and user name password, and if it passes, the access is allowed; Authenticate the APN number and username and password of the GPRS user, if not passed, access is not allowed.
本发明提供的方法减少了运营商网络配置的复杂度,接入新的分组网络时不需要修改所有设备上的配置数据,而只需要修改GGSN的配置数据,降低了运营成本;本发明提供的方法减少了移动终端用户上网过程中设置的复杂度,大部分情况下只需要设置一个用户名就可以享受运营商提供的所有服务,在需要访问企业私用网络的时候,通过切换用户名登陆的方式实现,降低配置难度。The method provided by the invention reduces the complexity of operator network configuration, and does not need to modify the configuration data on all devices when accessing a new packet network, but only needs to modify the configuration data of the GGSN, which reduces operating costs; the method provided by the invention The method reduces the complexity of settings for mobile terminal users in the process of surfing the Internet. In most cases, only one user name needs to be set to enjoy all the services provided by the operator. way to reduce configuration difficulty.
以上所述仅为本发明的较佳实施例而已,并不用以限制本发明,凡在本发明的精神和原则之内所做的任何修改、等同替换和改进等,均应包含在本发明的保护范围之内。The above descriptions are only preferred embodiments of the present invention, and are not intended to limit the present invention. Any modifications, equivalent replacements and improvements made within the spirit and principles of the present invention should be included in the scope of the present invention. within the scope of protection.
Claims (8)
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNB031498418A CN100525523C (en) | 2003-07-28 | 2003-07-28 | Method for mobile terminal switching in packet network |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNB031498418A CN100525523C (en) | 2003-07-28 | 2003-07-28 | Method for mobile terminal switching in packet network |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN1578487A true CN1578487A (en) | 2005-02-09 |
| CN100525523C CN100525523C (en) | 2009-08-05 |
Family
ID=34579682
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CNB031498418A Expired - Fee Related CN100525523C (en) | 2003-07-28 | 2003-07-28 | Method for mobile terminal switching in packet network |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN100525523C (en) |
Cited By (20)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101175283B (en) * | 2007-11-28 | 2010-08-04 | 中兴通讯股份有限公司 | A Method of Dynamically Configuring Access Point Names |
| CN101884241A (en) * | 2007-10-01 | 2010-11-10 | 高通股份有限公司 | The equivalent home id that is used for mobile communication |
| CN102025800A (en) * | 2010-12-30 | 2011-04-20 | 华为技术有限公司 | IP address allocation method and device |
| CN102067662A (en) * | 2008-04-18 | 2011-05-18 | 法国电信公司 | Method for transferring a flow between two heterogeneous access points |
| CN101267397B (en) * | 2008-04-14 | 2011-09-14 | 华为技术有限公司 | Network node sharing method, device and system for realizing core network in access point system |
| WO2011137644A1 (en) * | 2010-05-05 | 2011-11-10 | 华为技术有限公司 | Method, apparatus and system for accessing service by terminal |
| CN102625389A (en) * | 2011-01-31 | 2012-08-01 | 华为技术有限公司 | Access method of mobile communication network, apparatus and system |
| CN102932953A (en) * | 2012-09-20 | 2013-02-13 | 中国联合网络通信集团有限公司 | PDP (packet data protocol) context activation method, device and system |
| CN101379853B (en) * | 2006-02-22 | 2013-03-27 | 日本电气株式会社 | Wireless access system and wireless access method |
| CN103052064A (en) * | 2011-10-13 | 2013-04-17 | 中国移动通信集团公司 | Method, equipment and system for accessing private services of operator |
| CN103619020A (en) * | 2013-12-09 | 2014-03-05 | 成都达信通通讯设备有限公司 | Mobile payment security system for wireless data private network physical isolation internet |
| CN103618736A (en) * | 2013-12-09 | 2014-03-05 | 成都达信通通讯设备有限公司 | Safety application system for mobile terminal to automatically switch between different channel networking interfaces |
| CN103841627A (en) * | 2012-11-22 | 2014-06-04 | 中国电信股份有限公司 | Method and system for using service provider services through VPDN (virtual private dialup network) |
| CN104640111A (en) * | 2013-11-11 | 2015-05-20 | 中兴通讯股份有限公司 | Network access processing method, device and system |
| CN104767712A (en) * | 2014-01-03 | 2015-07-08 | 中国银联股份有限公司 | Devices and secure browsers for secure information exchange |
| CN105471698A (en) * | 2015-12-23 | 2016-04-06 | 广东亿迅科技有限公司 | Inner network access system based on VPDN (virtual private dial network) and method thereof |
| CN102761866B (en) * | 2011-04-26 | 2018-01-02 | 福州天视信息技术有限公司 | The individual private possession network access control system of Android terminal based on Wireless Access Standard |
| CN107645722A (en) * | 2016-07-20 | 2018-01-30 | 中国电信股份有限公司 | Dedicated network selects cut-in method and system, public network MME, HSS and base station |
| CN110034984A (en) * | 2016-03-29 | 2019-07-19 | 华为技术有限公司 | A kind of cut-in method, equipment and system |
| CN112738809A (en) * | 2019-10-28 | 2021-04-30 | 成都鼎桥通信技术有限公司 | Mobile data connection switching method, device, equipment and storage medium |
-
2003
- 2003-07-28 CN CNB031498418A patent/CN100525523C/en not_active Expired - Fee Related
Cited By (39)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101379853B (en) * | 2006-02-22 | 2013-03-27 | 日本电气株式会社 | Wireless access system and wireless access method |
| CN101884241A (en) * | 2007-10-01 | 2010-11-10 | 高通股份有限公司 | The equivalent home id that is used for mobile communication |
| US9125139B2 (en) | 2007-10-01 | 2015-09-01 | Qualcomm Incorporated | Mobile access in a diverse access point network |
| US8588738B2 (en) | 2007-10-01 | 2013-11-19 | Qualcomm Incorporated | Mobile access in a diverse access point network |
| CN101175283B (en) * | 2007-11-28 | 2010-08-04 | 中兴通讯股份有限公司 | A Method of Dynamically Configuring Access Point Names |
| CN101267397B (en) * | 2008-04-14 | 2011-09-14 | 华为技术有限公司 | Network node sharing method, device and system for realizing core network in access point system |
| CN102067662A (en) * | 2008-04-18 | 2011-05-18 | 法国电信公司 | Method for transferring a flow between two heterogeneous access points |
| CN102067662B (en) * | 2008-04-18 | 2014-05-21 | 法国电信公司 | Method for transferring a flow between two heterogeneous access points |
| US9288828B2 (en) | 2010-05-05 | 2016-03-15 | Huawei Technologies Co., Ltd. | Method, apparatus and system for accessing service by mobile station |
| WO2011137644A1 (en) * | 2010-05-05 | 2011-11-10 | 华为技术有限公司 | Method, apparatus and system for accessing service by terminal |
| CN102025800A (en) * | 2010-12-30 | 2011-04-20 | 华为技术有限公司 | IP address allocation method and device |
| CN102025800B (en) * | 2010-12-30 | 2013-04-24 | 华为技术有限公司 | IP address allocation method and device |
| US9288179B2 (en) | 2010-12-30 | 2016-03-15 | Huawei Technologies Co., Ltd. | Method and apparatus for assigning IP address |
| WO2012089001A1 (en) * | 2010-12-30 | 2012-07-05 | 华为技术有限公司 | Ip address allocation method and device |
| CN102625389A (en) * | 2011-01-31 | 2012-08-01 | 华为技术有限公司 | Access method of mobile communication network, apparatus and system |
| US10021633B2 (en) | 2011-01-31 | 2018-07-10 | Huawei Technologies Co., Ltd. | Method, apparatus, and system for accessing to a mobile communication network |
| US9319954B2 (en) | 2011-01-31 | 2016-04-19 | Huawei Technologies Co., Ltd. | Method, apparatus, and system for accessing to a mobile communication network |
| CN102761866B (en) * | 2011-04-26 | 2018-01-02 | 福州天视信息技术有限公司 | The individual private possession network access control system of Android terminal based on Wireless Access Standard |
| CN103052064B (en) * | 2011-10-13 | 2016-05-25 | 中国移动通信集团公司 | Method, the equipment and system of the own business of a kind of access operator |
| CN103052064A (en) * | 2011-10-13 | 2013-04-17 | 中国移动通信集团公司 | Method, equipment and system for accessing private services of operator |
| CN102932953A (en) * | 2012-09-20 | 2013-02-13 | 中国联合网络通信集团有限公司 | PDP (packet data protocol) context activation method, device and system |
| CN102932953B (en) * | 2012-09-20 | 2016-04-13 | 中国联合网络通信集团有限公司 | PDP context activation method, equipment and system |
| CN103841627A (en) * | 2012-11-22 | 2014-06-04 | 中国电信股份有限公司 | Method and system for using service provider services through VPDN (virtual private dialup network) |
| CN103841627B (en) * | 2012-11-22 | 2017-12-12 | 中国电信股份有限公司 | The method and system of Operator Specific Service is used by Virtual Private Dialup Network |
| CN104640111A (en) * | 2013-11-11 | 2015-05-20 | 中兴通讯股份有限公司 | Network access processing method, device and system |
| CN104640111B (en) * | 2013-11-11 | 2019-06-11 | 中兴通讯股份有限公司 | Network access processing method, device and system |
| WO2015085808A1 (en) * | 2013-12-09 | 2015-06-18 | 成都达信通通讯设备有限公司 | Secure application system with mobile terminal automatically switching different channel networking interfaces |
| CN103619020B (en) * | 2013-12-09 | 2017-02-08 | 成都达信通通讯设备有限公司 | Mobile payment security system for wireless data private network physical isolation internet |
| CN103618736A (en) * | 2013-12-09 | 2014-03-05 | 成都达信通通讯设备有限公司 | Safety application system for mobile terminal to automatically switch between different channel networking interfaces |
| CN103619020A (en) * | 2013-12-09 | 2014-03-05 | 成都达信通通讯设备有限公司 | Mobile payment security system for wireless data private network physical isolation internet |
| CN104767712A (en) * | 2014-01-03 | 2015-07-08 | 中国银联股份有限公司 | Devices and secure browsers for secure information exchange |
| CN105471698A (en) * | 2015-12-23 | 2016-04-06 | 广东亿迅科技有限公司 | Inner network access system based on VPDN (virtual private dial network) and method thereof |
| CN110034984A (en) * | 2016-03-29 | 2019-07-19 | 华为技术有限公司 | A kind of cut-in method, equipment and system |
| US10911918B2 (en) | 2016-03-29 | 2021-02-02 | Huawei Technologies Co., Ltd. | Access method, device, and system |
| CN110034984B (en) * | 2016-03-29 | 2021-09-07 | 华为技术有限公司 | An access method, device and system |
| US12010598B2 (en) | 2016-03-29 | 2024-06-11 | Huawei Technologies Co., Ltd. | Access method, device, and system |
| CN107645722A (en) * | 2016-07-20 | 2018-01-30 | 中国电信股份有限公司 | Dedicated network selects cut-in method and system, public network MME, HSS and base station |
| CN107645722B (en) * | 2016-07-20 | 2021-01-26 | 中国电信股份有限公司 | Private network selective access method and system, public network MME, HSS and base station |
| CN112738809A (en) * | 2019-10-28 | 2021-04-30 | 成都鼎桥通信技术有限公司 | Mobile data connection switching method, device, equipment and storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN100525523C (en) | 2009-08-05 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN1578487A (en) | Method for mobile terminal switching in packet network | |
| EP1582081B1 (en) | Single sign-on for users of a packet radio network roaming in a multinational operator network | |
| CN1984155B (en) | Domain name configuration method and network equipment in IPv6 access network | |
| US20020164983A1 (en) | Method and apparatus for supporting cellular data communication to roaming mobile telephony devices | |
| CN1391758A (en) | Authentication method and system | |
| CN101056178A (en) | A method and system for controlling the user network access right | |
| CN102036422B (en) | Method, device and system for acquiring IP address | |
| CN101399699B (en) | Addressing method, network element device and network system for policy determination functional entity | |
| CN102148878A (en) | IP (internet protocol) address allocation method, system and device | |
| CN101080098A (en) | A communication method and system | |
| CN1460349A (en) | Allocating addresses to mobile stations | |
| CN101997934A (en) | Method and system for accessing addresses, mobile terminal and application method thereof | |
| WO2012089001A1 (en) | Ip address allocation method and device | |
| CN1744597A (en) | Method for host use obtaining IP address parameters in IPV6 network | |
| EP2472788A1 (en) | Method and system for implementing id/locator mapping | |
| CN101064936A (en) | A roaming user's home access method and system | |
| CN100442920C (en) | Method for Acquiring User Access Information in Next Generation Network | |
| CN1798158A (en) | Method for distributing second level address | |
| CN1929482A (en) | Network business identification method and device | |
| CN101039213A (en) | Method for controlling user access in communication network | |
| CN100358391C (en) | Method for accessing mobile station for general packet wireless business and domain name server | |
| CN1901746A (en) | Method for obtaining user cut-in homing GGSN and net element device | |
| CN1863111A (en) | Correlation method. system and apparatus of user relative information in network attached sub-system | |
| CN1835475A (en) | Method of side activating general packet radio service network | |
| CN100337451C (en) | Authentication for wireless package domain lateral activation |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20090805 Termination date: 20200728 |
|
| CF01 | Termination of patent right due to non-payment of annual fee |