[go: up one dir, main page]

CN1909561B - When the session is abnormally terminated, the method of deregistering the MS is implemented - Google Patents

When the session is abnormally terminated, the method of deregistering the MS is implemented Download PDF

Info

Publication number
CN1909561B
CN1909561B CN200510089146A CN200510089146A CN1909561B CN 1909561 B CN1909561 B CN 1909561B CN 200510089146 A CN200510089146 A CN 200510089146A CN 200510089146 A CN200510089146 A CN 200510089146A CN 1909561 B CN1909561 B CN 1909561B
Authority
CN
China
Prior art keywords
message
key
mip
authenticator
information
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Fee Related
Application number
CN200510089146A
Other languages
Chinese (zh)
Other versions
CN1909561A (en
Inventor
肖正飞
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Huawei Technologies Co Ltd
Original Assignee
Huawei Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Huawei Technologies Co Ltd filed Critical Huawei Technologies Co Ltd
Priority to CN200510089146A priority Critical patent/CN1909561B/en
Publication of CN1909561A publication Critical patent/CN1909561A/en
Application granted granted Critical
Publication of CN1909561B publication Critical patent/CN1909561B/en
Anticipated expiration legal-status Critical
Expired - Fee Related legal-status Critical Current

Links

Images

Landscapes

  • Mobile Radio Communication Systems (AREA)

Abstract

本发明涉及一种当会话异常终止时实现将MS去注册的方法,其核心是:当会话异常终止时,网络侧的实体向连接服务网络发起去注册过程并通过与连接服务网络间信息的交互实现将MS去注册。通过本发明解决了在CMIP方式下,当MS异常掉网时,必须等到MIP的生命周期减少到0的时候,由HA发起MIP的去注册过程的问题,进而能够作到比较精确的计费。

The present invention relates to a method for deregistering an MS when a session terminates abnormally, the core of which is: when a session terminates abnormally, an entity on the network side initiates a deregistration process to the connection service network and through information interaction with the connection service network Realize that MS will be deregistered. The invention solves the problem that in the CMIP mode, when the MS is abnormally disconnected from the network, the HA must wait until the MIP life cycle is reduced to 0, and the HA initiates the MIP de-registration process, thereby achieving more accurate billing.

Description

当会话异常终止时实现将MS去注册的方法 When the session is abnormally terminated, the method of deregistering the MS is realized

技术领域technical field

本发明涉及通信领域,尤其涉及一种当会话异常终止时实现将MS去注册的方法。The invention relates to the communication field, in particular to a method for deregistering an MS when a session is terminated abnormally.

背景技术Background technique

移动IP(Mobile IP)是一个为移动终端传送信息的解决方案,它是一个由因特网工程组制定的因特网协议标准。移动IP与MS(Mobile Station;移动终端)通信时所采用的物理媒介无关,它允许MS在不中断通信和不重新启动应用程序的情况下改变地理位置。移动IP具有可扩展性、可靠性和安全性,并使MS在切换链路时仍可保持正在进行的通信。移动IP提供了一种IP路由机制,使MS可以用一个永久的IP地址连接到通信链路上。Mobile IP (Mobile IP) is a solution for transmitting information to mobile terminals. It is an Internet protocol standard formulated by the Internet Engineering Group. Mobile IP has nothing to do with the physical medium used by MS (Mobile Station; mobile terminal) to communicate, and it allows MS to change the geographic location without interrupting the communication and restarting the application program. Mobile IP has scalability, reliability and security, and enables MS to maintain ongoing communication while switching links. Mobile IP provides an IP routing mechanism, so that MS can use a permanent IP address to connect to the communication link.

随着因特网业务的蓬勃发展和无线网络的广泛应用,用户的移动性需求日趋强烈。为了支持移动IP,在定义宽带无线接入网络架构体系和需求时,提出了两种不同的移动IP实现方式:CMIP(CMIP Client Mobile InternetProtocol;客户端移动因特网协议)和PMIP(PMIP Proxy Mobile InternetProtocol;代理移动因特网协议)。With the vigorous development of Internet services and the wide application of wireless networks, users have increasingly strong mobility requirements. In order to support mobile IP, when defining the broadband wireless access network architecture system and requirements, two different mobile IP implementation methods are proposed: CMIP (CMIP Client Mobile Internet Protocol; Client Mobile Internet Protocol) and PMIP (PMIP Proxy Mobile Internet Protocol; Proxy Mobile Internet Protocol).

移动IP的CMIP实现方式和传统的移动IP一样,在MS上实现了移动节点的所有功能,移动IP过程中的注册/去注册过程都是由MS上的MIP Client(移动IP客户端)发起。对MS来说,当移动到一个外地链路上,并收到新的外地代理发送的代理广播消息时,就会根据消息中的地址发起MIP(Mobile InternetProtocol;移动因特网协议)注册过程。在这种方式下,移动IP对终端来说不是透明的,终端需要实现移动IP中移动节点的所有功能。The CMIP implementation method of Mobile IP is the same as that of traditional Mobile IP. All the functions of the mobile node are realized on the MS. The registration/de-registration process in the Mobile IP process is initiated by the MIP Client (Mobile IP Client) on the MS. For MS, when moving to a foreign link and receiving an agent broadcast message sent by a new foreign agent, it will initiate a MIP (Mobile Internet Protocol; Mobile Internet Protocol) registration process according to the address in the message. In this way, the mobile IP is not transparent to the terminal, and the terminal needs to realize all the functions of the mobile node in the mobile IP.

移动IP的PMIP实现方式将MIP Client(移动IP客户端)从MS中分离出来,在ASN内的一个PMN(Proxy Mobile Node;鉴权移动节点)逻辑网元上实现。在这种方式下,移动IP的注册/去注册过程对MS来说是透明的。在MS看来,它始终工作在自己的家乡链路上,并用一个永久的IP地址连接到通信链路上。当移动终端移动到一个新的外地链路上时,外地链路所在的ASN或BS中的PMN逻辑网元代替所述MS发起MIP注册过程;当MS离开该链路或者异常掉网的时候,由PMN代替MS发起MIP正常的注册/去注册过程。The PMIP implementation of mobile IP separates the MIP Client (mobile IP client) from the MS, and implements it on a PMN (Proxy Mobile Node; authentication mobile node) logical network element in the ASN. In this way, the registration/de-registration process of Mobile IP is transparent to MS. From the MS's point of view, it always works on its own home link, and connects to the communication link with a permanent IP address. When the mobile terminal moves to a new foreign link, the PMN logic network element in the ASN or BS where the foreign link is located replaces the MS to initiate the MIP registration process; when the MS leaves the link or goes offline abnormally, The PMN replaces the MS to initiate the normal MIP registration/de-registration process.

移动IP的PMIP实现方式,在进行MIP注册/去注册过程之前,必须首先在MIP Client和HA(Home Agent;家乡代理)之间建立一个信任状(Credential)。然后在MIP Client发起MIP注册/去注册时,根据该信任状,对注册请求消息计算消息校验码(MAC),HA收到MIP注册请求后根据它与MIP Client之间的信任状对消息进行认证。通过认证后发送MIP注册响应消息,并使用与MIP之间的信任状计算消息校验码(MAC)。MIP Client收到注册响应消息后也需要根据其持有的信任状对消息进行认证。In the PMIP implementation of mobile IP, before performing the MIP registration/de-registration process, a Credential must first be established between the MIP Client and the HA (Home Agent; Home Agent). Then when MIP Client initiates MIP registration/de-registration, according to the credential, the message verification code (MAC) is calculated for the registration request message. certified. After passing the authentication, send a MIP registration response message, and use the credential with the MIP to calculate the message check code (MAC). After receiving the registration response message, the MIP Client also needs to authenticate the message according to the credentials it holds.

与本发明有关的现有技术一的技术方案,描述了在PMIP方式下,在MS通过Authenticator完成鉴权认证后,MIP Client和HA之间通过初始MIP注册流程建立信任状,其基于WiMAX网络架构体系实现.所述WiMAX网络架构体系,如图1所示,包括MS110、ASN120、CSN130,其中所述ASN120包括ASN-GW121和BS122网元.而且,在ASN中设置PMN逻辑网元123、Authenticator逻辑网元124和FA125(因为在PMN中需要保存与HA之间的信任状,因此,一般考虑将其与ASN中的另一个逻辑网元Authenticator在同一个物理实体中实现.当然,PMN逻辑网元也可以设置在BS中.),所述FA与ASN-GW设置在一个物理实体上;在CSN中设置AAA Server逻辑网元131和HA132。The technical solution of the prior art 1 related to the present invention describes that in the PMIP mode, after the MS completes the authentication through the Authenticator, the MIP Client and the HA establish a credential through the initial MIP registration process, which is based on the WiMAX network architecture System realization. Described WiMAX network framework system, as shown in Figure 1, comprises MS110, ASN120, CSN130, and wherein said ASN120 comprises ASN-GW121 and BS122 network element. And, set PMN logic network element 123, Authenticator logic in ASN Network element 124 and FA125 (because the trust certificate with HA needs to be saved in PMN, so it is generally considered to be implemented in the same physical entity as another logical network element Authenticator in ASN. Of course, PMN logical network element It can also be set in the BS.), the FA and the ASN-GW are set on one physical entity; the AAA Server logical network element 131 and HA132 are set in the CSN.

下面结合图1描述各个网元(包括逻辑网元)以及接口的功能。The functions of various network elements (including logical network elements) and interfaces are described below in conjunction with FIG. 1 .

1、BS:其与MSS一起实现了IEEE 802.16定义的空中接口;与后端的ASN-GW/FA和Authenticator/PMN连接,向用户提供接入网服务。1. BS: It implements the air interface defined by IEEE 802.16 together with MSS; it is connected with the back-end ASN-GW/FA and Authenticator/PMN to provide users with access network services.

2、Authenticator:其为MSS认证、授权和计费功能提供proxy(代理)功能;为通过它进行认证的MSS保存了一个根密钥信息(MSK)。2. Authenticator: It provides proxy (proxy) function for MSS authentication, authorization and accounting functions; it saves a root key information (MSK) for MSS authenticated by it.

3、PMN:在PMIP方式下,其作为移动终端的Proxy,实现了MIP Client的功能,代替MS发起MIP注册/去注册过程。3. PMN: In the PMIP mode, it acts as the Proxy of the mobile terminal and realizes the function of the MIP Client, and initiates the MIP registration/de-registration process instead of the MS.

4、ASN GW:其作为ASN中的一个主要控制单元和数据面单元,实现了切换过程的控制,并提供了到CSN的数据通道,一般来说,与FA在同一个物理实体里实现。4. ASN GW: As a main control unit and data plane unit in the ASN, it realizes the control of the handover process and provides a data channel to the CSN. Generally speaking, it is implemented in the same physical entity as the FA.

5、FA:其为移动IP中的外地代理,一般来说,与ASN GW在同一个物理实体里实现。5. FA: It is a foreign agent in mobile IP. Generally speaking, it is implemented in the same physical entity as ASN GW.

6、AAA Server:主要是完成为MSS认证、授权和计费功能。并且通过和MSS之间的达成的密钥生成机制相互交换产生密钥所必需的信息。由于这些信息是在建立安全通道之前交换的,Authentication服务器和MSS之间采用的密钥算法等都必须保证信息的泄漏并不对安全机制产生影响。主要功能包括:a、完成为MSS认证、授权和计费功能;b、产生并分发根密钥信息到Authenticator上;c、在用户信息产生变化,及时通知Authenticator和其他网元信息改变所产生的后果。6. AAA Server: It mainly completes the MSS authentication, authorization and accounting functions. And the information necessary to generate the key is exchanged through the key generation mechanism agreed with the MSS. Since the information is exchanged before the establishment of the secure channel, the key algorithm used between the Authentication server and the MSS must ensure that information leakage does not affect the security mechanism. The main functions include: a. Complete MSS authentication, authorization and billing functions; b. Generate and distribute root key information to Authenticator; c. When user information changes, timely notify Authenticator and other network element information changes as a result of.

7、HA:其实现移动IP中的家乡代理。7. HA: It realizes the home agent in mobile IP.

8、MSS:其为移动用户设备。8. MSS: it is a mobile user equipment.

在PMIP方式下,假设将所述MIP Client在PMN逻辑网元上实现,在MS通过Authenticator完成鉴权认证后,MIP Client和HA之间通过初始MIP注册流程建立信任状的具体实施过程,图2所示,包括:  步骤1、PMN从根密钥MSK派生PMN-AAA Key;In the PMIP mode, assuming that the MIP Client is implemented on the PMN logical network element, after the MS completes the authentication through the Authenticator, the specific implementation process of establishing a credential between the MIP Client and the HA through the initial MIP registration process, as shown in Figure 2 As shown, including: Step 1, PMN derives PMN-AAA Key from the root key MSK;

步骤2、使用PMN-AAA Key为注册请求消息计算MN-AAA认证扩展域;Step 2. Use the PMN-AAA Key to calculate the MN-AAA authentication extension field for the registration request message;

步骤3、PMN向MSS所属的FA发送注册请求消息。消息中包含了一个名为MN-HA Key Generation Nonce Request的扩展域,此外,消息中还包含了PMIP的指示扩展域,表示使用了PMIP方式;Step 3. The PMN sends a registration request message to the FA to which the MSS belongs. The message contains an extension field named MN-HA Key Generation Nonce Request. In addition, the message also contains the PMIP indication extension field, indicating that the PMIP method is used;

步骤4、FA根据所述注册请求消息中的MN-HA Key Generation NonceRequest的扩展域将该注册请求消息中继到消息中指定的HA上;Step 4, FA relays the registration request message to the HA specified in the message according to the extension domain of the MN-HA Key Generation NonceRequest in the registration request message;

步骤5、HA向AAA Server发送Radius AccRq消息。消息中的KeyGenNonceRq属性是根据步骤2中所述MN-AAA认证扩展域得到的,其用于指示AAA Server产生一个用于生成密钥的随机数;Step 5. The HA sends a Radius AccRq message to the AAA Server. The KeyGenNonceRq attribute in the message is obtained according to the MN-AAA authentication extension domain described in step 2, and it is used to instruct the AAA Server to generate a random number for generating a key;

步骤6、AAA Server接收到所述Radius AccRq消息,从根密钥MSK中派生PMN-AAA Key;Step 6, AAA Server receives said Radius AccRq message, derives PMN-AAA Key from root key MSK;

步骤7、AAA Server使用所述PMN-AAA Key对注册消息中的所述MN-AAA认证扩展域进行认证,从而实现对PMN的认证;Step 7, AAA Server uses described PMN-AAA Key to carry out authentication to described MN-AAA authentication extension domain in the registration message, thereby realizes the authentication to PMN;

步骤8、AAA Server根据所述Radius AccRq消息中KeyGenNonceRq属性产生一个随机数KeyGenNonce;Step 8, AAA Server generates a random number KeyGenNonce according to the KeyGenNonceRq attribute in the Radius AccRq message;

步骤9、AAA Server使用所述KeyGenNonce随机数和其它参数,根据RFC(Request For Comments)3957派生PMN-HA Key;Step 9, AAA Server uses the KeyGenNonce random number and other parameters to derive PMN-HA Key according to RFC (Request For Comments) 3957;

步骤10、AAA server通过它与HA之间的安全链路,将所述PMN-HA Key和KeyGenNonce发送给HA;Step 10, AAA server sends described PMN-HA Key and KeyGenNonce to HA through the secure link between it and HA;

步骤11、HA将PMN-HA Key存储在它的移动安全连接上下文中;Step 11, HA stores PMN-HA Key in its mobile security connection context;

步骤12、HA根据步骤11中所述保存的PMN-HA Key计算注册响应消息中的MN-HA认证扩展域;Step 12, HA calculates the MN-HA authentication extension domain in the registration response message according to the PMN-HA Key preserved described in step 11;

步骤13、HA将带有所述MN-HA认证扩展域的注册响应消息发送给FA,消息中还包含了AAA Server产生的用于生成PMN-HA Key的随机数KeyGenNonce。并指示建立HA与MS之间的数据转发通道;Step 13. The HA sends a registration response message with the MN-HA authentication extension domain to the FA, and the message also includes the random number KeyGenNonce generated by the AAA Server for generating the PMN-HA Key. And instruct to establish a data forwarding channel between HA and MS;

步骤14、FA在成功收到MIP响应消息后开始建立HA与MS之间的数据转发通道,并将注册响应消息中继到PMN上;Step 14. After successfully receiving the MIP response message, the FA starts to establish a data forwarding channel between the HA and the MS, and relays the registration response message to the PMN;

步骤15、所述PMN从注册响应消息中得到KeyGenNonce,并根据RFC3957派生PMN-HA Key;Step 15, the PMN obtains the KeyGenNonce from the registration response message, and derives the PMN-HA Key according to RFC3957;

步骤16、使用步骤15中派生出的PMN-HA Key对注册响应消息进行认证;Step 16, use the PMN-HA Key derived in step 15 to authenticate the registration response message;

步骤17、所述PMN将Proxy MN-HA Key保存在它的移动安全连接上下文中。Step 17, the PMN saves the Proxy MN-HA Key in its mobile security connection context.

至此,建立所述PMN和HA之间的信任状过程完成,PMN为每个MS与HA之间建立了一条用于MIP注册/去注册的安全连接。So far, the process of establishing the credential between the PMN and the HA is completed, and the PMN establishes a secure connection for MIP registration/de-registration between each MS and the HA.

在移动IP的情况下,MS在通信过程中可能会出现异常掉网的情况,如掉电,突然脱离服务区等,BS可以通过对空口信道资源的检测快速发现MS这种异常掉网。In the case of mobile IP, the MS may experience abnormal network disconnection during the communication process, such as power failure, sudden departure from the service area, etc., and the BS can quickly detect the abnormal network disconnection of the MS through the detection of air interface channel resources.

在PMIP方式下,当出现MS异常掉网的情况,BS检测到这种异常时,由于移动IP的PMIP实现方式将MIP Client(移动IP客户端)从MS中分离出来,将其放置在ASN中,BS就会通过信令通知Authenticator(鉴权者)/PMN,由Authenticator/PMN上的MIP Client发起正常的注册/去注册过程,或者MIPClient发现MIP的生命周期即将终止时,也可以发起注册/去注册过程。此时,直接由PMN向HA发起正常的注册/去注册请求,FA中继注册/去注册消息,不再通过AAA Server,如图3所示,具体包括:In the PMIP mode, when the MS is abnormally disconnected from the network and the BS detects this abnormality, the PMIP implementation of the mobile IP separates the MIP Client (mobile IP client) from the MS and places it in the ASN , the BS will notify the Authenticator (authenticator)/PMN through signaling, and the MIP Client on the Authenticator/PMN will initiate a normal registration/de-registration process, or when the MIPClient finds that the life cycle of the MIP is about to end, it can also initiate a registration/deregistration process. Go to the registration process. At this point, the PMN directly initiates a normal registration/de-registration request to the HA, and the FA relays the registration/de-registration message without passing through the AAA Server, as shown in Figure 3, specifically including:

步骤1、FA发现MS需要发起注册/去注册过程时,通过消息触发PMN发起注册/去注册过程,或者由PMN中的MIP Client直接触发注册/去注册过程;Step 1. When the FA finds that the MS needs to initiate the registration/de-registration process, it triggers the PMN to initiate the registration/de-registration process through a message, or the MIP Client in the PMN directly triggers the registration/de-registration process;

步骤2、PMN向FA发送MIP注册/去注册请求,该消息中包含了使用初始MIP注册过程中生成的密钥PMN-HA Key计算的MN-HA认证扩展域;Step 2. The PMN sends a MIP registration/de-registration request to the FA, which includes the MN-HA authentication extension domain calculated using the key PMN-HA Key generated during the initial MIP registration process;

步骤3、FA将MIP注册/去注册请求发送给HA;Step 3, FA sends MIP registration/de-registration request to HA;

步骤4、HA使用初始MIP注册过程中生成的密钥PMN-HA Key对注册/去注册请求进行认证,认证通过后,发送注册/去注册响应消息给FA,消息中包含了使用密钥PMN-HA Key计算的MN-HA认证扩展域;Step 4. The HA uses the key PMN-HA Key generated during the initial MIP registration process to authenticate the registration/de-registration request. After passing the authentication, it sends a registration/de-registration response message to the FA, which contains the key PMN-HA Key used. MN-HA authentication extension field calculated by HA Key;

步骤5、FA将注册/去注册响应消息发送给PMN;Step 5, FA sends the registration/de-registration response message to PMN;

步骤6、PMN使用所述密钥PMN-HA Key对注册/去注册响应消息进行认证,若认证通过,则确认注册/去注册过程完成。Step 6. The PMN uses the key PMN-HA Key to authenticate the registration/de-registration response message. If the authentication is passed, the registration/de-registration process is confirmed to be completed.

由上述现有技术的技术方案可以看出,现有技术中只定义了PMIP方式下MIP Client和HA之间通过初始MIP注册流程建立信任状的方法,没有定义CMIP方式下MIP Client和HA之间建立信任状的方法,以及出现MS异常掉网的情况,如何发起正常的注册/去注册过程的解决方案。It can be seen from the above-mentioned technical solutions of the prior art that only the method for establishing a credential between the MIP Client and the HA in the PMIP mode is defined in the prior art through the initial MIP registration process, and the method between the MIP Client and the HA in the CMIP mode is not defined. The method of establishing a certificate of trust, and the solution of how to initiate a normal registration/de-registration process in the case of an abnormal MS disconnection.

对于移动IP的CMIP方式,由于MIP Client位于MS内,如果出现MS的异常掉网的情况时,则不能立刻发起MIP去注册过程。必须等到MIP的生命周期减少到0的时候,由HA自动发起MIP的去注册过程。如果这个生命周期较长,就会出现一个Session(会话)在MS异常掉网后长时间不能被终止,可能这时候计费还在继续进行,对用户和网络来说,这都是不可忍受的。因此,在CMIP方式下,当MS异常掉网时,需要由ASN内的某个网元代替MS发起去注册过程。For the CMIP mode of mobile IP, since the MIP Client is located in the MS, if the MS is abnormally disconnected from the network, the MIP de-registration process cannot be initiated immediately. The HA must wait until the life cycle of the MIP is reduced to 0, and then the HA will automatically initiate the de-registration process of the MIP. If the life cycle is longer, there will be a Session (session) that cannot be terminated for a long time after the MS goes offline abnormally, and billing may still continue at this time, which is unbearable for users and the network . Therefore, in the CMIP mode, when the MS is abnormally disconnected from the network, a certain network element in the ASN needs to initiate the deregistration process instead of the MS.

发明内容Contents of the invention

本发明的目的是提供一种当会话异常终止时实现将MS去注册的方法,解决了目前在CMIP方式下,当MS异常掉网时,必须等到MIP的生命周期减少到0的时候,由HA发起MIP的去注册过程的问题。The purpose of the present invention is to provide a method for deregistering the MS when the session is abnormally terminated, which solves the problem that in the current CMIP mode, when the MS is abnormally disconnected from the network, it must wait until the life cycle of the MIP is reduced to 0. Issue with initiating the de-registration process of the MIP.

本发明的目的是通过以下技术方案实现的:The purpose of the present invention is achieved through the following technical solutions:

本发明提供的一种当会话异常终止时实现将MS去注册的方法,包括:The present invention provides a method for deregistering an MS when a session is abnormally terminated, including:

A、当会话异常终止时,网络侧的实体向连接服务网络发起去注册过程,并通过与连接服务网络间信息的交互实现将MS去注册;A. When the session is abnormally terminated, the entity on the network side initiates a de-registration process to the connection service network, and deregisters the MS through information interaction with the connection service network;

其中,所述步骤A具体包括:Wherein, the step A specifically includes:

A1、当会话异常终止时,网络侧的保存了移动终端MS的MIP密钥信息的鉴权者Authenticator实体向连接服务网络发起去注册过程,并通过与连接服务网络间信息的交互实现将MS去注册;A1. When the session is abnormally terminated, the Authenticator entity on the network side, which has saved the MIP key information of the mobile terminal MS, initiates a de-registration process to the connection service network, and deregisters the MS through information interaction with the connection service network. register;

或,or,

A2、当会话异常终止时,AAA服务器向连接服务网络发起去注册过程,并通过与连接服务网络间信息的交互实现将MS去注册。A2. When the session is abnormally terminated, the AAA server initiates a de-registration process to the connection service network, and deregisters the MS through information interaction with the connection service network.

其中,所述步骤A1具体包括:Wherein, the step A1 specifically includes:

A11、通过移动终端MS、Authenticator、AAA服务器、外地代理FA和连接服务网络中的家乡代理HA间的MIP消息的交互,在所述HA内生成并保存了所述MS的MIP密钥信息,以及在所述FA中保存从初始注册过程中的MIP消息中获取的MN-HA KeyGenNonce随机数;A11, through the interaction of MIP messages among the mobile terminal MS, Authenticator, AAA server, foreign agent FA and home agent HA in the connection service network, the MIP key information of the MS is generated and saved in the HA, and Save the MN-HA KeyGenNonce random number obtained from the MIP message in the initial registration process in the FA;

A12、当网络侧BS检测到MS异常掉网后通知FA,FA将所述保存的随机数发送给Authenticator,所述Authenticator利用所述随机数计算密钥K2信息,并保存;A12. When the BS on the network side detects that the MS is abnormally disconnected from the network, it notifies the FA, and the FA sends the stored random number to the Authenticator, and the Authenticator uses the random number to calculate the key K2 information and saves it;

A13、所述HA根据保存的MIP密钥信息且所述Authenticator根据保存的密钥K2信息对所述Authenticator与所述HA间交互的MIP消息进行认证,当确认认证通过时,所述HA将所述MS去注册;A13. The HA authenticates the MIP message exchanged between the Authenticator and the HA according to the saved MIP key information and the Authenticator according to the saved key K2 information. When the authentication is confirmed to pass, the HA sends the Said MS to register;

或,or,

A14、通过移动终端MS、Authenticator、AAA服务器和连接服务网络中的家乡代理HA间的MIP消息的交互,在所述Authenticator和HA内生成并保存了所述MS的MIP密钥信息;A14, through the interaction of MIP messages between the mobile terminal MS, Authenticator, AAA server and the home agent HA in the connection service network, the MIP key information of the MS is generated and saved in the Authenticator and HA;

A15、当MS会话异常终止时,所述Authenticator与所述HA根据各自保存的MIP密钥信息对所述Authenticator与所述HA间交互的MIP消息进行认证,当确认认证通过时,所述HA将所述MS去注册;A15. When the MS session terminates abnormally, the Authenticator and the HA authenticate the MIP message exchanged between the Authenticator and the HA according to the MIP key information saved respectively. When it is confirmed that the authentication is passed, the HA will the MS de-registers;

其中,所述步骤A11具体包括:Wherein, the step A11 specifically includes:

A111、通过MS、HA与AAA服务器的信息交互,在AAA服务器中生成所述MS的MIP密钥K1以及密钥K2信息,并通过所述k1对消息中的扩展域进行验证,验证通过后,通过MIP响应消息将所述密钥K2信息和生成密钥K2使用的随机数MN-HA KeyGenNonce发送给HA;A111, through information interaction between MS, HA and AAA server, generate the MIP key K1 and key K2 information of the MS in the AAA server, and verify the extended field in the message through the k1, after the verification is passed, Send the key K2 information and the random number MN-HA KeyGenNonce used to generate the key K2 to the HA through the MIP response message;

A112、所述HA从所述响应消息中获得所述密钥K2信息,并保存起来,然后向FA发送MIP RRP消息,消息中包含了使用所述K2计算的MN-HA-AE认证扩展域,以及生成密钥K2使用的随机数MN-HA KeyGenNonce;A112, the HA obtains the key K2 information from the response message, saves it, and then sends a MIP RRP message to the FA, the message includes the MN-HA-AE authentication extension field calculated using the K2, And the random number MN-HA KeyGenNonce used to generate the key K2;

A113、所述FA从所述MIP RRP消息中获得所述随机数MN-HAKeyGenNonce,并将其进行保存。A113. The FA obtains the random number MN-HAKeyGenNonce from the MIP RRP message, and stores it.

其中,所述步骤A11还包括:Wherein, said step A11 also includes:

A114、所述FA将所述MIP RRP消息发送给MS,消息中包含了所述MN-HA-AE认证扩展域和随机数MN-HA KeyGenNonce;A114. The FA sends the MIP RRP message to the MS, and the message includes the MN-HA-AE authentication extension field and the random number MN-HA KeyGenNonce;

A115、所述MS根据接收到的所述MIP RRP消息中的所述随机数MN-HAKeyGenNonce,使用所述随机数生成密钥K2信息,并使用所述密钥K2信息对所述消息中的MN-HA-AE认证扩展域进行验证;A115. According to the random number MN-HAKeyGenNonce in the received MIP RRP message, the MS uses the random number to generate key K2 information, and uses the key K2 information to update the MN in the message -HA-AE authentication extension domain for verification;

A116、验证通过后,所述MS保存所述密钥K2信息。A116. After passing the verification, the MS saves the key K2 information.

其中,所述步骤A12具体包括:Wherein, the step A12 specifically includes:

A121、当BS检测到MS会话异常终止时时,通知FA向Authenticator发送MN-HA KeyGenNonce Notify消息,消息中包含了所述FA保存的随机数MN-HA KeyGenNonce;A121. When the BS detects that the MS session is abnormally terminated, it notifies the FA to send the MN-HA KeyGenNonce Notify message to the Authenticator, and the message includes the random number MN-HA KeyGenNonce saved by the FA;

A122、所述Authenticator根据接收到的所述MN-HA KeyGenNonceNotify消息,获取所述随机数MN-HA KeyGenNonce,并使用根密钥MSK中未使用的160位作为密钥K1以及根据所述随机数MN-HA KeyGenNonce生成密钥K2并将其进行保存。A122. The Authenticator obtains the random number MN-HA KeyGenNonce according to the received MN-HA KeyGenNonceNotify message, and uses the unused 160 bits in the root key MSK as the key K1 and according to the random number MN -HA KeyGenNonce generates key K2 and saves it.

其中,所述步骤A13具体包括:Wherein, the step A13 specifically includes:

A131、所述Authenticator发送MIP去注册请求消息给FA,消息中包含了使用所述密钥K2信息计算的MN-HA认证扩展域;A131. The Authenticator sends a MIP de-registration request message to the FA, and the message includes the MN-HA authentication extension domain calculated using the key K2 information;

A132、所述FA将所述MIP去注册请求转发给HA;A132. The FA forwards the MIP de-registration request to the HA;

A133、所述HA根据其内保存的密钥K2信息对所述MIP去注册请求消息进行认证,当认证通过后,通过FA发送去注册响应消息给所述Authenticator,消息中包含了使用所述密钥K2信息计算的MN-HA认证扩展域,同时将相应的数据转发通道终止;A133. The HA authenticates the MIP de-registration request message according to the key K2 information stored in it. After the authentication is passed, the HA sends a de-registration response message to the Authenticator through the FA. The MN-HA authentication extension field calculated by the key K2 information, and at the same time terminate the corresponding data forwarding channel;

A134、所述Authenticator根据其内保存的密钥K2信息对所述去注册响应消息中的MN-HA认证扩展域进行认证,当认证通过后,则确认去注册成功。A134. The Authenticator authenticates the MN-HA authentication extension field in the de-registration response message according to the key K2 information stored therein, and confirms that the de-registration is successful after the authentication is passed.

其中,所述步骤A14具体包括:Wherein, the step A14 specifically includes:

A141、通过MS、HA与AAA服务器间信息的交互,在AAA服务器中生成所述MS的MIP密钥K1以及密钥K2信息,并通过所述K1对消息中的扩展域进行验证,验证通过后,通过MIP响应消息将所述密钥K2信息和生成密钥K2使用的随机数MN-HA KeyGenNonce发送给HA;A141. Through information interaction between the MS, HA and the AAA server, generate the MIP key K1 and key K2 information of the MS in the AAA server, and verify the extended field in the message through the K1. After the verification is passed , sending the key K2 information and the random number MN-HA KeyGenNonce used to generate the key K2 to the HA through the MIP response message;

A142、所述HA从所述响应消息中获得所述密钥K2信息,并保存起来,然后向FA发送MIP RRP消息,消息中包含了使用K2计算的MN-HA-AE认证扩展域,以及生成密钥K2使用的随机数MN-HA KeyGenNonce;A142. The HA obtains the key K2 information from the response message, saves it, and then sends a MIP RRP message to the FA, which contains the MN-HA-AE authentication extension domain calculated using K2, and generates The random number MN-HA KeyGenNonce used by key K2;

A143、所述FA向所述MS转发所述RRP消息;同时向所述Authenticator发送MN-HA KeyGenNonce Notify消息,消息中包含了所述随机数MN-HAKeyGenNonce;A143. The FA forwards the RRP message to the MS; at the same time, sends a MN-HA KeyGenNonce Notify message to the Authenticator, and the message includes the random number MN-HAKeyGenNonce;

A144、所述MS根据接收到的所述MIP RRP消息,获取MN-HA-AE和MN-HA KeyGenNonce随机数,并根据获取到的所述MN-HA KeyGenNonce随机数,计算并生成密钥K2,然后通过所述K2对所述MN-HA-AE进行验证,验证通过后,将K2进行保存;A144. The MS obtains MN-HA-AE and MN-HA KeyGenNonce random numbers according to the received MIP RRP message, and calculates and generates a key K2 according to the obtained MN-HA KeyGenNonce random numbers, Then verify the MN-HA-AE through the K2, and save the K2 after the verification is passed;

同时,所述Authenticator根据接收到的所述MN-HA KeyGenNonceNotify消息,获取所述随机数MN-HA KeyGenNonce,并使用根密钥MSK中未使用的160位作为密钥K1以及根据所述随机数MN-HA KeyGenNonce生成密钥K2并将其进行保存。At the same time, the Authenticator obtains the random number MN-HA KeyGenNonce according to the received MN-HA KeyGenNonceNotify message, and uses the unused 160 bits in the root key MSK as the key K1 and according to the random number MN -HA KeyGenNonce generates key K2 and saves it.

其中,所述步骤A15具体包括:Wherein, the step A15 specifically includes:

A151、当BS检测到MS异常掉网时,BS通过FA通知所述Authenticator向HA发送MIP去注册请求;A151. When the BS detects that the MS is abnormally disconnected from the network, the BS notifies the Authenticator to send a MIP de-registration request to the HA through the FA;

A152、所述Authenticator通过FA向HA发送MIP去注册请求消息,该消息中包含了根据其内保存的所述密钥K2计算的MN-HA-AE认证扩展域;A152. The Authenticator sends a MIP de-registration request message to the HA through the FA, and the message includes the MN-HA-AE authentication extension field calculated according to the key K2 stored in it;

A153、HA根据其内保存的密钥K2对所述去注册请求消息中的所述MN-HA-AE认证扩展域进行认证,认证通过后,终止相应的数据转发通道,同时通过FA发送去注册响应消息给所述Authenticator,消息中包含了使用密钥K2计算的MN-HA认证扩展域;A153. The HA authenticates the MN-HA-AE authentication extension domain in the de-registration request message according to the key K2 stored in it. After the authentication is passed, the corresponding data forwarding channel is terminated, and the de-registration is sent through the FA at the same time A response message is sent to the Authenticator, and the message includes the MN-HA authentication extension domain calculated using the key K2;

A154、所述Authenticator根据其内保存的密钥K2对所述去注册响应消息中的MN-HA认证扩展域进行认证,若认证通过,则确认完成去注册过程,并通过发送去注册成功的响应消息通知BS去注册过程成功。A154. The Authenticator authenticates the MN-HA authentication extension field in the de-registration response message according to the key K2 stored in it. If the authentication is passed, it confirms that the de-registration process is completed, and sends a successful de-registration response The message notifies the BS that the registration process was successful.

其中,所述步骤A111或步骤A141具体包括:Wherein, said step A111 or step A141 specifically includes:

A1111、MS通过FA向HA发送MIP注册请求消息,消息中包含了消息的扩展域MN-AAA-AE和MN-HA KeyGenNonce Rq指示;A1111. The MS sends a MIP registration request message to the HA through the FA, and the message includes the message extension field MN-AAA-AE and the MN-HA KeyGenNonce Rq indication;

A1112、所述HA接收所述MIP注册请求消息,并向AAA Server发送所述Radius AccRq消息,消息中包含了所述MN-AAA-AE和MN-HAKeyGenNonce Rq指示;A1112. The HA receives the MIP registration request message, and sends the Radius AccRq message to the AAA Server, which includes the MN-AAA-AE and MN-HAKeyGenNonce Rq indications;

A1113、AAA Server根据根密钥信息得到密钥K1信息,并根据所述K1对接收到的所述Radius AccRq消息的MN-AAA-AE进行验证;当验证通过后,AAA Server生成随机数MN-HA KeyGenNonce,并根据所述随机数生成密钥K2信息,然后向HA发送MIP RAA响应消息,消息中包含了所述K2以及所述随机数MN-HA KeyGenNonce。A1113. The AAA Server obtains the key K1 information according to the root key information, and verifies the received MN-AAA-AE of the Radius AccRq message according to the K1; when the verification is passed, the AAA Server generates a random number MN- HA KeyGenNonce, and generate key K2 information according to the random number, and then send a MIP RAA response message to the HA, the message includes the K2 and the random number MN-HA KeyGenNonce.

其中,所述步骤A2具体包括:Wherein, the step A2 specifically includes:

A21、当BS检测到MS会话异常终止时,使用消息/原语通知Authenticator发送Radius消息通知AAA服务器向相应的连接服务网络中的HA发起去注册指示;A21. When the BS detects that the MS session is abnormally terminated, it uses a message/primitive to notify the Authenticator to send a Radius message to notify the AAA server to initiate a de-registration instruction to the HA in the corresponding connection service network;

A22、AAA Server收到消息后向HA发送Radius消息,通知HA将相应的MS去注册,终止相关的数据转发通道;A22. After receiving the message, the AAA Server sends a Radius message to the HA, notifying the HA to register the corresponding MS, and terminate the relevant data forwarding channel;

A23、所述HA接收到所述Radius消息后,根据所述消息指示将相应的MS去注册,并终止相关的数据转发通道。A23. After receiving the Radius message, the HA deregisters the corresponding MS according to the message instruction, and terminates the relevant data forwarding channel.

其中,所述步骤A21具体包括:Wherein, the step A21 specifically includes:

A211、当BS检测到MS会话异常终止时,BS在本地释放MS的相关资源,同时获得MS的相关信息,并通过消息通知Authenticator实体;A211. When the BS detects that the MS session is abnormally terminated, the BS releases the relevant resources of the MS locally, obtains relevant information of the MS, and notifies the Authenticator entity through a message;

A212、所述Authenticator根据所述消息通知AAA服务器向相应的连接服务网络中的HA发起去注册指示。A212. The Authenticator notifies the AAA server to initiate a de-registration instruction to the corresponding HA in the connection service network according to the message.

其中,所述步骤A212还包括:Wherein, said step A212 also includes:

A2121、所述HA回送AAA Server去注册成功的响应消息;A2121. The HA sends back a response message that the AAA Server has successfully registered;

A2122、所述AAA Server根据接收到的响应消息,回送Radius响应消息给所述Authenticator;A2122. The AAA Server returns a Radius response message to the Authenticator according to the received response message;

A2123、所述Authenticator发送响应消息/原语通知BS已成功完成相应的MS去注册过程;A2123. The Authenticator sends a response message/primitive to notify the BS that the corresponding MS de-registration process has been successfully completed;

A2124、所述BS通知相关的网元释放相应MS的占用资源。A2124. The BS notifies the relevant network element to release the resources occupied by the corresponding MS.

由上述本发明提供的技术方案可以看出,当会话异常终止时,网络侧的实体向连接服务网络发起去注册过程并通过与连接服务网络间信息的交互实现将MS去注册,因此解决了在CMIP方式下,当MS异常掉网时,必须等到MIP的生命周期减少到0的时候,由HA发起MIP的去注册过程的问题,进而能够作到比较精确的计费。It can be seen from the above-mentioned technical solution provided by the present invention that when the session is abnormally terminated, the entity on the network side initiates a de-registration process to the connection service network and realizes de-registration of the MS through information interaction with the connection service network, thus solving the problem of In the CMIP mode, when the MS is abnormally disconnected from the network, it must wait until the MIP life cycle is reduced to 0, and the HA initiates the MIP de-registration process, so that more accurate billing can be achieved.

附图说明Description of drawings

图1为在PMIP方式下,WiMAX网络架构体系;Figure 1 shows the WiMAX network architecture system in the PMIP mode;

图2为现有技术中PMIP方式下的初始注册过程的流程图;Fig. 2 is the flowchart of the initial registration process under PMIP mode in the prior art;

图3为现有技术中PMIP方式下的正常注册流程图;Fig. 3 is the flow chart of normal registration under the PMIP mode in the prior art;

图4为本发明中CMIP方式下的MIP初始注册过程的流程图;Fig. 4 is the flow chart of the MIP initial registration process under CMIP mode among the present invention;

图5为本发明第三实施例中MS异常掉网时的去注册过程的流程图。Fig. 5 is a flow chart of the de-registration process when the MS goes offline abnormally in the third embodiment of the present invention.

具体实施方式Detailed ways

本发明提供了一种当会话异常终止时实现将MS去注册的方法,其核心是:当会话异常终止时,网络侧的实体向连接服务网络发起去注册过程并通过与连接服务网络间信息的交互实现将MS去注册。The present invention provides a method for deregistering an MS when a session is abnormally terminated. The core is: when a session is terminated abnormally, the entity on the network side initiates a deregistration process to the connection service network and passes the information exchange with the connection service network. The interactive implementation deregisters the MS.

本发明提供的第一实施方案的核心是,在进行CMIP方式下的MIP初始注册过程中,FA将从初始注册过程中的MIP RRP消息中获得的MN-HAKeyGenNonce随机数保存起来。当BS检测到MS异常掉网后通知FA,FA再向Authenticator发送MN-HA KeyGenNonce Notify消息,Authenticator收到该消息后利用所述随机数计算密钥K2,同时向HA发起去注册请求。The core of the first embodiment provided by the present invention is that during the MIP initial registration process in the CMIP mode, the FA saves the MN-HAKeyGenNonce random number obtained from the MIP RRP message in the initial registration process. When the BS detects that the MS is abnormally disconnected from the network, it notifies the FA, and the FA sends the MN-HA KeyGenNonce Notify message to the Authenticator. After receiving the message, the Authenticator uses the random number to calculate the key K2, and at the same time initiates a de-registration request to the HA.

其中进行CMIP方式下的MIP初始注册过程,如图4所示,包括:Wherein the MIP initial registration process under the CMIP mode is carried out, as shown in Figure 4, including:

步骤1、MS中的MIP Client使用根密钥MSK(在初始注册前的接入认证的过程中获得所述MSK根密钥)中未使用的160位作为密钥K1。Step 1. The MIP Client in the MS uses the unused 160 bits of the root key MSK (obtained in the process of access authentication before the initial registration) as the key K1.

步骤2、MIP Client使用K1为MIP RRQ消息计算MN-AAA-AE认证扩展域。Step 2. The MIP Client uses K1 to calculate the MN-AAA-AE authentication extension field for the MIP RRQ message.

步骤3、MIP Client向FA发送MIP RRQ(MIP注册请求)消息,消息中包含了所述MN-AAA-AE认证扩展域和MN-HA KeyGenNonce Rq指示。Step 3. The MIP Client sends a MIP RRQ (MIP Registration Request) message to the FA, which includes the MN-AAA-AE authentication extension field and the MN-HA KeyGenNonce Rq indication.

步骤4、FA将接收到的MIP RRQ消息发送给HA。Step 4, FA sends the received MIP RRQ message to HA.

步骤5、所述HA接收所述MIP RRQ消息,并向AAA Server发送所述Radius AccRq消息,消息中包含了HA_ID,Auth_ID/MS_ID,MN-AAA-AE和MN-HA KeyGenNonce Rq指示。Step 5, the HA receives the MIP RRQ message, and sends the Radius AccRq message to the AAA Server, the message includes HA_ID, Auth_ID/MS_ID, MN-AAA-AE and MN-HA KeyGenNonce Rq indication.

步骤6、AAA Server使用MSK中未使用的160位作为密钥K1。Step 6. The AAA Server uses the unused 160 bits in the MSK as the key K1.

步骤7、AAA Server根据所述密钥K1对所述Radius AccRq消息的MN-AAA-AE认证扩展域进行验证。当验证通过后,继续执行步骤8。Step 7: The AAA Server verifies the MN-AAA-AE authentication extension domain of the Radius AccRq message according to the key K1. After the verification is passed, go to step 8.

步骤8、AAA Server根据所述Radius AccRq消息中的MN-HAKeyGenNonce Rq指示,在其内部生成随机数MN-HA KeyGenNonce。Step 8, AAA Server internally generates a random number MN-HA KeyGenNonce according to the MN-HAKeyGenNonce Rq indication in the Radius AccRq message.

步骤9、AAA Server根据所述生成的随机数派生密钥K2=kdf(K1,KeyGenNonce,Auth_ID/MSS_ID)。Step 9. The AAA Server derives the key K2=kdf(K1, KeyGenNonce, Auth_ID/MSS_ID) according to the generated random number.

步骤10、AAA Server向HA发送RAA(Radius Access-Accept)响应消息,所述响应消息中包含了密钥信息K2,以及所述生成的随机数MN-HAKeyGenNonce。Step 10, the AAA Server sends a RAA (Radius Access-Accept) response message to the HA, the response message includes the key information K2, and the generated random number MN-HAKeyGenNonce.

步骤11、HA将K2存储在它的MN-HA安全连接上下文中。Step 11, HA stores K2 in its MN-HA security connection context.

步骤12、HA使用所述K2为MIP RRP消息计算MN-HA-AE认证扩展域。Step 12, the HA uses the K2 to calculate the MN-HA-AE authentication extension field for the MIP RRP message.

步骤13、HA向FA发送MIP RRP消息,消息中包含了所述使用K2计算得到的MN-HA-AE认证扩展域和随机数MN-HA KeyGenNonce。Step 13. The HA sends a MIP RRP message to the FA, and the message includes the MN-HA-AE authentication extension field and the random number MN-HA KeyGenNonce calculated by using K2.

步骤14、FA从接收到的所述MIP RRP消息中获得随机数MN-HAKeyGenNonce,并将其保存下来,然后将所述MIP RRP消息发送给MS的MIP Client,消息中包含了所述MN-HA-AE认证扩展域和随机数MN-HAKeyGenNonce。Step 14, FA obtains the random number MN-HAKeyGenNonce from the received MIP RRP message, and saves it, and then sends the MIP RRP message to the MIP Client of MS, which contains the MN-HA - AE authentication extension field and random number MN-HAKeyGenNonce.

步骤15、所述MS的MIP Client根据接收到的所述MIP RRP消息中的所述随机数MN-HA KeyGenNonce,派生密钥信息,如:K2=kdf(K1,KeyGenNonce,Auth_ID/MSS_ID)。Step 15, the MIP Client of the MS derives key information according to the random number MN-HA KeyGenNonce in the received MIP RRP message, such as: K2=kdf(K1, KeyGenNonce, Auth_ID/MSS_ID).

步骤16、所述MS的MIP Client使用所述密钥信息K2对所述消息中的MN-HA-AE认证扩展域进行验证。Step 16, the MIP Client of the MS uses the key information K2 to verify the MN-HA-AE authentication extension field in the message.

步骤17、验证通过后,所述MS的MIP Client将K2保存在其MN-HA安全连接上下文中。Step 17: After passing the verification, the MIP Client of the MS saves K2 in its MN-HA security connection context.

经过上述步骤1至步骤17的过程后,所述MS与所述HA中均保存了所述MS的密钥信息K2,也就是说,通过上述初始认证过程中所述MS、HA与AAA服务器间的MIP消息的认证,所述MS与所述HA共享了同一个密钥。这为后续的过程打下了基础。After the process from step 1 to step 17 above, the key information K2 of the MS is stored in both the MS and the HA, that is to say, through the above initial authentication process, the MS, the HA and the AAA server The authentication of the MIP message, the MS shares the same key with the HA. This sets the stage for the subsequent process.

当BS检测到MS异常掉网时,执行步骤14’至18’的实施过程。When the BS detects that the MS is abnormally disconnected from the network, it executes the implementation process of steps 14' to 18'.

步骤14’、当BS检测到MS掉网后通知FA,通过FA向Authenticator发送MN-HA KeyGenNonce Notify消息,消息中包含了MS_ID、HA_ID以及所述FA保存的随机数M N-HA KeyGenNonce。Step 14', when the BS detects that the MS is disconnected from the network, the FA is notified, and the FA sends the MN-HA KeyGenNonce Notify message to the Authenticator, which includes the MS_ID, HA_ID and the random number M N-HA KeyGenNonce saved by the FA.

步骤15’、所述Authenticator向FA回送MN-HA KeyGenNonce ACK响应消息。Step 15', the Authenticator sends back the MN-HA KeyGenNonce ACK response message to the FA.

步骤16’、所述Authenticator使用MSK中未使用的160位作为密钥K1。Step 16', the Authenticator uses the unused 160 bits in the MSK as the key K1.

步骤17’、所述Authenticator根据所述密钥K1,以及接收到的MN-HAKeyGenNonce Notify消息中的MN-HA KeyGenNonce随机数,派生密钥K2=kdf(K1,KeyGenNonce,Auth_ID/MS_ID)。Step 17', the Authenticator derives the key K2=kdf(K1, KeyGenNonce, Auth_ID/MS_ID) according to the key K1 and the MN-HA KeyGenNonce random number in the received MN-HAKeyGenNonce Notify message.

步骤18’、所述Authenticator使用密钥信息K2向HA发起去注册过程。Step 18', the Authenticator uses the key information K2 to initiate a de-registration process to the HA.

所述Authenticator使用密钥信息K2向HA发起去注册过程具体包括:The Authenticator uses the key information K2 to initiate a de-registration process to the HA, which specifically includes:

步骤101、所述Authenticator发送MIP去注册请求消息给HA。Step 101, the Authenticator sends a MIP de-registration request message to the HA.

步骤102、HA根据初始MIP注册过程中所述保存的所述密钥K2信息对所述去注册请求消息进行认证,认证通过后,终止相应的数据转发通道,同时发送去注册响应消息给FA,消息中包含了使用密钥K2信息计算的MN-HA认证扩展域.Step 102, the HA authenticates the de-registration request message according to the key K2 information saved in the initial MIP registration process, and after passing the authentication, terminates the corresponding data forwarding channel, and simultaneously sends a de-registration response message to the FA, The message contains the MN-HA authentication extension field calculated using the key K2 information.

步骤103、FA将所述去注册响应消息转发给所述Authenticator。Step 103, the FA forwards the de-registration response message to the Authenticator.

步骤104、所述Authenticator根据其内保存的密钥K2对所述去注册响应消息进行认证,若认证通过,则确认完成去注册过程。Step 104, the Authenticator authenticates the de-registration response message according to the key K2 stored therein, and if the authentication passes, it confirms that the de-registration process is completed.

本发明提供的第二实施方案的核心是,在进行CMIP方式下的MIP初始注册过程中,FA向Authenticator发送MN-HA KeyGenNonce Notify消息,Authenticator收到该消息后为相应的MS计算密钥K2并保存起来,当BS检测到MS异常掉网时,BS通知Authenticator代替MS上的MIP Client向HA发起去注册过程。The core of the second embodiment provided by the present invention is that, during the initial MIP registration process under CMIP mode, FA sends MN-HA KeyGenNonce Notify message to Authenticator, and Authenticator calculates key K2 for corresponding MS after receiving this message and Save it, when the BS detects that the MS is abnormally disconnected from the network, the BS notifies the Authenticator to replace the MIP Client on the MS to initiate the registration process to the HA.

在进行CMIP方式下的MIP初始注册过程中,与第一实施例不同之处在于,执行完步骤1至步骤13过程后,执行步骤14至步骤17的过程,并同时执行步骤14’至步骤18’的执行过程。具体实施过程包括:In the MIP initial registration process under the CMIP mode, the difference from the first embodiment is that after the steps 1 to 13 are executed, the steps 14 to 17 are executed, and at the same time, the steps 14' to 18 are executed 'The execution process. The specific implementation process includes:

步骤1、MS中的MIP Client使用MSK根密钥(在初始注册前的接入认证的过程中获得所述MSK根密钥)中未使用的160位作为密钥K1。Step 1. The MIP Client in the MS uses the unused 160 bits of the MSK root key (obtained in the process of access authentication before the initial registration) as the key K1.

步骤2、MIP Client使用K1为MIP RRQ(注册请求)消息计算MN-AAA-AE认证扩展域。Step 2. The MIP Client uses K1 to calculate the MN-AAA-AE authentication extension field for the MIP RRQ (Registration Request) message.

步骤3、MIP Client向FA发送MIP RRQ(MIP注册请求)消息,消息中包含了所述MN-AAA-AE认证扩展域和MN-HA KeyGenNonce Rq指示。Step 3. The MIP Client sends a MIP RRQ (MIP Registration Request) message to the FA, which includes the MN-AAA-AE authentication extension field and the MN-HA KeyGenNonce Rq indication.

步骤4、FA将接收到的MIP RRQ消息发送给HA。Step 4, FA sends the received MIP RRQ message to HA.

步骤5、所述HA接收所述MIP RRQ消息,并向AAA Server发送所述Radius AccRq消息,消息中包含了HA_ID,Auth_ID/MS_ID,MN-AAA-AE和MN-HA KeyGenNonce Rq指示。Step 5, the HA receives the MIP RRQ message, and sends the Radius AccRq message to the AAA Server, the message includes HA_ID, Auth_ID/MS_ID, MN-AAA-AE and MN-HA KeyGenNonce Rq indication.

步骤6、AAA Server使用MSK中未使用的160位作为密钥K1。Step 6. The AAA Server uses the unused 160 bits in the MSK as the key K1.

步骤7、AAA Server根据所述密钥K1对所述Radius AccRq消息的MN-AAA-AE认证扩展域进行验证。当验证通过后,继续执行步骤8。Step 7: The AAA Server verifies the MN-AAA-AE authentication extension domain of the Radius AccRq message according to the key K1. After the verification is passed, go to step 8.

步骤8、AAA Server在其内部生成随机数MN-HA KeyGenNonce。Step 8, AAA Server internally generates a random number MN-HA KeyGenNonce.

步骤9、AAA Server根据所述密钥K1,以及所述生成的随机数派生密钥K2=kdf(K1,KeyGenNonce,Auth_ID/MS_ID)。Step 9. The AAA Server derives a key K2=kdf(K1, KeyGenNonce, Auth_ID/MS_ID) according to the key K1 and the generated random number.

步骤10、AAA Server向HA发送RAA(Radius Access-Accept)消息,所述消息中包含了密钥信息K2,以及所述随机数MN-HA KeyGenNonce。Step 10, the AAA Server sends a RAA (Radius Access-Accept) message to the HA, the message includes the key information K2, and the random number MN-HA KeyGenNonce.

步骤11、HA将K2存储在它的MN-HA安全连接上下文中。Step 11, HA stores K2 in its MN-HA security connection context.

步骤12、HA使用所述K2为MIP RAA消息计算MN-HA-AE。Step 12, the HA uses the K2 to calculate the MN-HA-AE for the MIP RAA message.

步骤13、HA从MIP RAA消息中获得MN-HA KeyGenNonce,并保存起来,然后向FA发送MIP RRP(MIP Register Response;MIP注册响应消息)消息,消息中包含了所述使用K2计算得到的MN-HA-AE认证扩展域和随机数MN-HA KeyGenNonce。Step 13. The HA obtains the MN-HA KeyGenNonce from the MIP RAA message, saves it, and then sends a MIP RRP (MIP Register Response; MIP Registration Response message) message to the FA, which contains the MN-HA KeyGenNonce calculated using K2. HA-AE authentication extension field and random number MN-HA KeyGenNonce.

步骤14、FA将接收到的所述MIP RRP消息发送给MS的MIP Client,消息中包含了MN-HA-AE认证扩展域和MN-HA KeyGenNonce随机数。Step 14, the FA sends the received MIP RRP message to the MIP Client of the MS, and the message includes the MN-HA-AE authentication extension field and the MN-HA KeyGenNonce random number.

同时FA向Authenticator发送MN-HA KeyGenNonce Notify消息,消息中包含了MS_ID、HA_ID以及MN-HA KeyGenNonce。At the same time, FA sends MN-HA KeyGenNonce Notify message to Authenticator, which contains MS_ID, HA_ID and MN-HA KeyGenNonce.

步骤15、所述MS的MIP Client根据接收到的所述MIP RRP消息,获取到所述MN-HA KeyGenNonce随机数以及MN-HA-AE认证扩展域,并根据所述MN-HA KeyGenNonce随机数,派生密钥K2=kdf(K1,KeyGenNonce,AuthID/MSS_ID);并根据所述K2对接收到的所述MN-HA-AE认证扩展域进行验证,以及将所述密钥K2保存在其MN-HA安全连接上下文中.Step 15, the MIP Client of the MS obtains the MN-HA KeyGenNonce random number and the MN-HA-AE authentication extension field according to the received MIP RRP message, and according to the MN-HA KeyGenNonce random number, Deriving the key K2=kdf(K1, KeyGenNonce, AuthID/MSS_ID); and verifying the received MN-HA-AE authentication extension field according to the K2, and saving the key K2 in its MN- HA secure connection context.

在执行步骤15的同时,所述Authenticator向FA返回MN-HAKeyGenNonce ACK响应消息,并使用MSK中未使用的160位作为密钥K1,,对接收到的所述MIP RRP消息中的所述MN-HA-AE认证扩展域进行验证;根据接收到的所述MN-HA KeyGenNonce Notify消息中的MN-HAKeyGenNonce随机数,派生密钥K2=kdf(K1,KeyGenNonce,Auth_ID/MS_ID),并为MS保存所述密钥K2信息。While executing step 15, the Authenticator returns the MN-HAKeyGenNonce ACK response message to the FA, and uses the unused 160 bits in the MSK as the key K1, for the MN-HAKeyGenNonce ACK response message in the received MIP RRP message. The HA-AE authentication extension field is verified; according to the MN-HAKeyGenNonce random number in the received MN-HA KeyGenNonce Notify message, derive the key K2=kdf(K1, KeyGenNonce, Auth_ID/MS_ID), and save the The above key K2 information.

经过上述步骤后,所述MS、HA以及所述Authenticator中均保存了所述MS的MIP Client的密钥信息。After the above steps, the key information of the MIP Client of the MS is stored in the MS, the HA and the Authenticator.

当出现MS异常掉网的情况时,所述Authenticator代替MS发起去注册的过程,具体实现过程包括:When the MS is abnormally disconnected from the network, the Authenticator initiates a de-registration process instead of the MS, and the specific implementation process includes:

步骤201、当BS检测到MS异常掉网时,BS通知所述Authenticator发送MIP去注册请求。Step 201. When the BS detects that the MS is abnormally disconnected from the network, the BS notifies the Authenticator to send a MIP de-registration request.

步骤202、所述Authenticator向FA发送MIP去注册请求消息,该消息中包含了根据初始MIP注册过程中保存的所述密钥K2计算的MN-HA-AE认证扩展域。Step 202, the Authenticator sends a MIP de-registration request message to the FA, the message includes the MN-HA-AE authentication extension field calculated according to the key K2 saved in the initial MIP registration process.

步骤203、所述FA将MIP去注册请求转发给HA。Step 203, the FA forwards the MIP de-registration request to the HA.

步骤204、HA根据初始MIP注册过程中保存的密钥K2对所述去注册请求消息进行认证,认证通过后,终止相应的数据转发通道,同时发送去注册响应消息给FA,消息中包含了使用密钥K2计算的MN-HA认证扩展域。Step 204, HA authenticates the de-registration request message according to the key K2 saved in the initial MIP registration process, after the authentication is passed, terminates the corresponding data forwarding channel, and sends a de-registration response message to the FA at the same time. The MN-HA authentication extension field calculated by the key K2.

步骤205、FA将所述去注册响应消息转发给PMN上的所述Authenticator;Step 205, FA forwards the de-registration response message to the Authenticator on the PMN;

步骤206、所述Authenticator根据其内保存的密钥K2对所述去注册响应消息进行认证,若认证通过,则确认完成去注册过程。Step 206, the Authenticator authenticates the de-registration response message according to the key K2 stored therein, and if the authentication passes, it confirms that the de-registration process is completed.

步骤207、通过发送去注册成功的响应消息通知BS去注册过程成功。Step 207: Notify the BS that the de-registration process is successful by sending a response message of de-registration success.

本发明提供的第三实施例的技术方案,利用了AAA Server和Authenticaor以及HA之间的安全通道实现了CMIP方式下MS异常掉网时的MIP去注册。其核心是:当BS通过空口检测到MS异常掉网时,BS通过消息通知Authenticator,消息中包含了MS及相应的HA的地址信息。Authenticator收到该消息后通知AAA Server向相应的HA发起去注册指示,AAA Server收到该通知后指示HA将相应的数据转发通道终止。从而实现了MS异常掉网情况下的MIP去注册。The technical solution of the third embodiment provided by the present invention utilizes the secure channel between the AAA Server, Authenticaor and HA to realize the MIP de-registration when the MS is abnormally disconnected from the network in the CMIP mode. Its core is: when the BS detects that the MS is abnormally disconnected from the network through the air interface, the BS notifies the Authenticator through a message, which contains the address information of the MS and the corresponding HA. After receiving the message, the Authenticator notifies the AAA Server to initiate a de-registration instruction to the corresponding HA, and the AAA Server instructs the HA to terminate the corresponding data forwarding channel after receiving the notification. In this way, MIP de-registration is realized when the MS is abnormally disconnected from the network.

实现了MS异常掉网情况下的MIP去注册过程,如图5所示,具体包括:Realized the MIP de-registration process when the MS is abnormally disconnected from the network, as shown in Figure 5, including:

步骤301、当BS检测到MS异常掉网时,BS在本地释放MS的相关资源,同时获得MS的相关信息。然后向MS所属的Authenticator发送一个R3_Session_Release.Notify消息/原语,该消息/原语中包含MS的ID等信息,通知MS已经异常掉网。Step 301. When the BS detects that the MS is abnormally disconnected from the network, the BS releases relevant resources of the MS locally and acquires relevant information of the MS at the same time. Then send an R3_Session_Release.Notify message/primitive to the Authenticator to which the MS belongs. The message/primitive contains information such as the ID of the MS, notifying that the MS has been disconnected from the network abnormally.

所述MS的相关信息包括:MS的ID等信息。The relevant information of the MS includes information such as the ID of the MS.

步骤302、Authenticator收到该消息/原语后,向AAA Server发送一个Radius消息,指示AAA Server通知相应的HA将MS去注册。Step 302: After receiving the message/primitive, the Authenticator sends a Radius message to the AAA Server, instructing the AAA Server to notify the corresponding HA to register the MS.

步骤303、AAA Server收到该消息后向HA发送Radius消息,通知HA将相应的MS去注册,终止相关的数据转发通道。Step 303: After receiving the message, the AAA Server sends a Radius message to the HA, notifying the HA to deregister the corresponding MS, and terminate the relevant data forwarding channel.

步骤304、所述HA接收到所述Radius消息后,根据所述消息指示将相应的MS去注册,并终止相关的数据转发通道.Step 304: After receiving the Radius message, the HA deregisters the corresponding MS according to the message instruction, and terminates the relevant data forwarding channel.

步骤305、所述HA回送AAA Server去注册成功Radius响应消息。Step 305, the HA sends back a Radius response message of successful registration of the AAA Server.

步骤306、所述AAA Server回送Radius响应消息给所述Authenticator。Step 306, the AAA Server returns a Radius response message to the Authenticator.

步骤307、所述Authenticator通过发送R3_Session_Release.ACK响应消息/原语向BS确认相应的MS去注册过程已成功完成,该消息/原语中包含MS的ID等信息。Step 307, the Authenticator confirms to the BS that the de-registration process of the corresponding MS has been successfully completed by sending an R3_Session_Release.ACK response message/primitive, and the message/primitive contains information such as the ID of the MS.

步骤308、BS通知相关的网元(如ASN-GW/FA)释放MS占用的资源。Step 308, the BS notifies the relevant network element (such as ASN-GW/FA) to release the resources occupied by the MS.

由上述本发明提供的技术方案可以看出,当会话异常终止时,本发明通过AAA服务器或保存了所述MS的MIP密钥信息的鉴权者Authenticator实体向连接服务网络发起去注册过程并通过与连接服务网络间信息的交互实现将MS去注册,因此解决了在CMIP方式下,当MS异常掉网时,必须等到MIP的生命周期减少到0的时候,由HA发起MIP的去注册过程的问题,进而能够作到比较精确的计费。It can be seen from the above-mentioned technical solution provided by the present invention that when the session terminates abnormally, the present invention initiates a de-registration process to the connection service network through the AAA server or the Authenticator entity that has saved the MIP key information of the MS and passes The information interaction with the connection service network realizes the de-registration of the MS, so it solves the problem that in the CMIP mode, when the MS is abnormally disconnected from the network, it must wait until the life cycle of the MIP is reduced to 0, and the HA initiates the de-registration process of the MIP problems, and thus more accurate billing can be achieved.

以上所述,仅为本发明较佳的具体实施方式,但本发明的保护范围并不局限于此,任何熟悉本技术领域的技术人员在本发明揭露的技术范围内,可轻易想到的变化或替换,都应涵盖在本发明的保护范围之内。因此,本发明的保护范围应该以权利要求的保护范围为准。The above is only a preferred embodiment of the present invention, but the scope of protection of the present invention is not limited thereto. Any person skilled in the art within the technical scope disclosed in the present invention can easily think of changes or Replacement should be covered within the protection scope of the present invention. Therefore, the protection scope of the present invention should be determined by the protection scope of the claims.

Claims (12)

1. when session abnormal end, realize MS is gone process registration for one kind, it is characterized in that, comprising:
A, when session abnormal end, the entity of network side initiates to go registration process to connectivity serving network, and by and connectivity serving network between the mutual realization of information MS is gone registration;
Described steps A specifically comprises:
A1, when session abnormal end, the preservation of network side the authentication person Authenticator entity of MIP key information of mobile terminal MS initiate to go registration process to connectivity serving network, and by and connectivity serving network between the mutual realization of information MS is gone registration;
Or,
A2, when session abnormal end, aaa server initiates to go registration process to connectivity serving network, and by and connectivity serving network between the mutual realization of information MS is gone registration.
2. method according to claim 1 is characterized in that, described steps A 1 specifically comprises:
A11, mutual by the MIP message between the home agent HA in mobile terminal MS, Authenticator, aaa server, foreign agent FA and the connectivity serving network, in described HA, generate and preserved the MIP key information of described MS, and the MN-HA KeyGenNonce random number of in described FA, obtaining in the MIP message of preservation from initial registration procedure;
A12, fall net back notice FA unusually when network side BS detects MS, FA sends to Authenticator with the random number of described preservation, and described Authenticator utilizes described random number computation key K2 information, and preservation;
A13, described HA authenticate MIP message mutual between described Authenticator and described HA according to key K 2 information of preserving according to MIP key information of preserving and described Authenticator, when confirming that authentication is passed through, described HA goes described MS to registration;
Or,
A14, mutual by the MIP message between the home agent HA in mobile terminal MS, Authenticator, aaa server and the connectivity serving network generate and have preserved the MIP key information of described MS in described Authenticator and HA;
A15, when MS session abnormal end, described Authenticator and described HA authenticate MIP message mutual between described Authenticator and described HA according to the MIP key information of preserving separately, when confirming that authentication is passed through, described HA goes described MS to registration.
3. method according to claim 2 is characterized in that, described steps A 11 specifically comprises:
A111, the information interaction by MS, HA and aaa server, in aaa server, generate MIP key K 1 and key K 2 information of described MS, and the extension field in the message is verified by described K1, after checking is passed through, described key K 2 information are sent to HA with the random number MN-HA KeyGenNonce that generates key K 2 uses by the MIP response message;
A112, described HA obtain described key K 2 information from described response message, and preserve, send MIP RRP message to FA then, comprised the MN-HA-AE authentication extension territory of using described K2 to calculate in the message, and generate the random number MN-HA KeyGenNonce that key K 2 is used;
A113, described FA obtain described random number MN-HAKeyGen Nonce from described MIP RRP message, and it is preserved.
4. method according to claim 3 is characterized in that, described steps A 11 also comprises:
A114, described FA send to MS with described MIP RRP message, have comprised described MN-HA-AE authentication extension territory and random number M N-HA KeyGenNonce in the message;
A115, described MS are according to the described random number MN-HAKeyGenNonce in the described MIP RRP message that receives, use described random number to generate key K 2 information, and use described key K 2 information that the MN-HA-AE authentication extension territory in the described message is verified;
After A116, checking were passed through, described MS preserved described key K 2 information.
5. method according to claim 2 is characterized in that, described steps A 12 specifically comprises:
A121, detect MS session abnormal end constantly as BS, notice FA sends MN-HA KeyGenNonce Notify message to Authenticator, has comprised the random number MN-HA KeyGenNonce that described FA preserves in the message;
A122, described Authenticator are according to the described MN-HA KeyGenNonceNotify message that receives, obtain described random number MN-HA KeyGenNonce, and use among the root key MSK untapped 160 to generate key K 2 and it is preserved as key K 1 and according to described random number MN-HA KeyGenNonce.
6. method according to claim 2 is characterized in that, described steps A 13 specifically comprises:
A131, described Authenticator send MIP and go login request message to FA, have comprised the MN-HA authentication extension territory of using described key K 2 information calculations in the message;
A132, described FA go register requirement to be transmitted to HA described MIP;
A133, described HA go login request message to authenticate according to key K 2 information of preserving in it to described MIP, after authentication is passed through, go registration reply message to described Authenticator by the FA transmission, comprised the MN-HA authentication extension territory of using described key K 2 information calculations in the message, simultaneously corresponding data forwarding passage has been stopped;
A134, described Authenticator go to the MN-HA authentication extension territory in the registration reply message to authenticate according to key K 2 information of preserving in it to described, after authentication is passed through, then confirm to go to succeed in registration.
7. method according to claim 2 is characterized in that, described steps A 14 specifically comprises:
A141, mutual by information between MS, HA and aaa server, in aaa server, generate MIP key K 1 and key K 2 information of described MS, and the extension field in the message is verified by described K1, after checking is passed through, described key K 2 information are sent to HA with the random number MN-HA KeyGenNonce that generates key K 2 uses by the MIP response message;
A142, described HA obtain described key K 2 information from described response message, and preserve, send MIP RRP message to FA then, comprised the MN-HA-AE authentication extension territory of using K2 to calculate in the message, and generate the random number MN-HA KeyGenNonce that key K 2 is used;
A143, described FA transmit described RRP message to described MS; Send MN-HA KeyGenNonce Notify message to described Authenticator simultaneously, comprised described random number MN-HAKeyGenNonce in the message;
A144, described MS are according to the described MIP RRP message that receives, obtain MN-HA-AE and MN-HA KeyGenNonce random number, and according to the described MN-HA KeyGenNonce random number that gets access to, calculate and generate key K 2, by described K2 described MN-HA-AE is verified then, after checking is passed through, K2 is preserved;
Simultaneously, described Authenticator is according to the described MN-HA KeyGenNonce Notify message that receives, obtain described random number MN-HA KeyGenNonce, and use among the root key MSK untapped 160 to generate key K 2 and it is preserved as key K 1 and according to described random number MN-HA KeyGenNonce.
8. method according to claim 2 is characterized in that, described steps A 15 specifically comprises:
A151, when BS detects MS and falls to net unusually, BS notifies described Authenticator to send MIP to HA by FA and goes register requirement;
A152, described Authenticator send MIP by FA to HA and go login request message, have comprised the MN-HA-AE authentication extension territory of calculating according to the described key K 2 of preserving in it in this message;
A153, HA go to the described MN-HA-AE authentication extension territory in the login request message to authenticate according to 2 pairs of key K of preserving in it are described, after authentication is passed through, stop corresponding data forwarding passage, send by FA simultaneously and go registration reply message, comprised the MN-HA authentication extension territory of using key K 2 to calculate in the message to described Authenticator;
A154, described Authenticator go to the MN-HA authentication extension territory in the registration reply message to authenticate according to 2 pairs of key K of preserving in it are described, if authentication is passed through, then confirm to finish registration process, and go the response message notice BS that succeeds in registration to go the registration process success by transmission.
9. according to claim 3 or 7 described methods, it is characterized in that described steps A 111 or steps A 141 specifically comprise:
A1111, MS send the MIP login request message by FA to HA, have comprised the extension field MN-AAA-AE and the MN-HA KeyGenNonce Rq indication of message in the message;
A1112, described HA receive described MIP login request message, and send described Radius AccRq message to AAA Server, have comprised described MN-AAA-AE and MN-HAKeyGenNonce Rq indication in the message;
A1113, AAA Server obtain key K 1 information according to root key information, and according to described K1 the MN-AAA-AE of the described Radius AccRq message that receives are verified; After checking is passed through, AAA Server generates random number MN-HA KeyGenNonce, and, send MIP RAA response message to HA then according to described random number generation key K 2 information, comprised described K2 and described random number MN-HA KeyGenNonce in the message.
10. method according to claim 1 is characterized in that, described steps A 2 specifically comprises:
A21, when BS detects MS session abnormal end, use message/primitive notice Authenticator to send the HA of Radius message informing aaa server in corresponding connectivity serving network and initiate to go the registration indication;
A22, AAA Server send Radius message to HA after receiving message, and notice HA goes corresponding M S to registration, stops relevant data forwarding passage;
After A23, described HA receive described Radius message, according to described message indication corresponding M S is gone registration, and stop relevant data forwarding passage.
11. method according to claim 10 is characterized in that, described steps A 21 specifically comprises:
A211, when BS detects MS session abnormal end, BS discharges the related resource of MS in this locality, obtain the relevant information of MS simultaneously, and by message informing Authenticator entity;
A212, described Authenticator initiate to go the registration indication according to the HA of described message informing aaa server in corresponding connectivity serving network.
12. method according to claim 11 is characterized in that, described steps A 212 also comprises:
A2121, described HA loopback AAA Server remove the response message that succeeds in registration;
A2122, described AAA Server are according to the response message that receives, and loopback Radius response message is given described Authenticator;
A2123, described Authenticator send response message/primitive notice BS and have completed successfully corresponding M S and gone registration process;
The relevant network element of A2124, described BS notice discharges the resource that takies of corresponding MS.
CN200510089146A 2005-08-04 2005-08-04 When the session is abnormally terminated, the method of deregistering the MS is implemented Expired - Fee Related CN1909561B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN200510089146A CN1909561B (en) 2005-08-04 2005-08-04 When the session is abnormally terminated, the method of deregistering the MS is implemented

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN200510089146A CN1909561B (en) 2005-08-04 2005-08-04 When the session is abnormally terminated, the method of deregistering the MS is implemented

Publications (2)

Publication Number Publication Date
CN1909561A CN1909561A (en) 2007-02-07
CN1909561B true CN1909561B (en) 2010-05-05

Family

ID=37700549

Family Applications (1)

Application Number Title Priority Date Filing Date
CN200510089146A Expired - Fee Related CN1909561B (en) 2005-08-04 2005-08-04 When the session is abnormally terminated, the method of deregistering the MS is implemented

Country Status (1)

Country Link
CN (1) CN1909561B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102209321B (en) * 2010-03-31 2013-10-09 华为终端有限公司 Handover processing method, communication system, and related equipment

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6400950B1 (en) * 1999-07-28 2002-06-04 Ericsson Inc. System and method for de-registration of multiple H.323 end points from a H.323 gatekeeper
CN1428973A (en) * 2001-12-27 2003-07-09 兄弟工业株式会社 Network and Terminal Equipment

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6400950B1 (en) * 1999-07-28 2002-06-04 Ericsson Inc. System and method for de-registration of multiple H.323 end points from a H.323 gatekeeper
CN1428973A (en) * 2001-12-27 2003-07-09 兄弟工业株式会社 Network and Terminal Equipment

Also Published As

Publication number Publication date
CN1909561A (en) 2007-02-07

Similar Documents

Publication Publication Date Title
CN101616410B (en) Access method and access system for cellular mobile communication network
JP4965671B2 (en) Distribution of user profiles, policies and PMIP keys in wireless communication networks
JP4643657B2 (en) User authentication and authorization in communication systems
JP5378603B2 (en) Pre-registration security support in multi-technology interworking
CN102036244B (en) Method and system of changing access service network of mobile station in communication system
JP2008537398A (en) Using Generic Authentication Architecture for Mobile Internet Protocol Key Distribution
EP2315371A2 (en) Security protected non-access stratum protocol operation supporting method in a mobile telecommunication system
US9226153B2 (en) Integrated IP tunnel and authentication protocol based on expanded proxy mobile IP
US8289929B2 (en) Method and apparatus for enabling mobility in mobile IP based wireless communication systems
US7561692B2 (en) Method of authenticating mobile terminal
CN101106452A (en) Method and system for generating and distributing mobile IP key
CN107615825A (en) Multiple PDN connections in insincere WLAN accesses
CN101102600A (en) Key processing method when switching between different mobile access systems
CN107683616A (en) Improvements in security in cellular network
Kim et al. MoTH: mobile terminal handover security protocol for HUB switching based on 5G and beyond (5GB) P2MP backhaul environment
JP7014800B2 (en) Link reestablishment method, device, and system
CN103037369B (en) Authentication method and device for local network co-access network element and terminal equipment
WO2007004208A1 (en) Transfer of secure communication sessions between wireless networks access points
CN101079705B (en) Method and system for generating and distributing mobile IP keys after re-authentication
CN106302376A (en) Re-authentication recognition methods, evolution packet data gateway and system
CN1909561B (en) When the session is abnormally terminated, the method of deregistering the MS is implemented
CN101656959B (en) Method, apparatus and system for obtaining MN-HA key in HA of PMIP
CN101160784B (en) A key update negotiation method and device
CN101754200B (en) Registration method, registration system and registration device
CN101325804B (en) Method, device and system for acquiring cryptographic key

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant
C17 Cessation of patent right
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20100505

Termination date: 20130804