[go: up one dir, main page]

WO2008148348A1 - Communication method, system, and home bs - Google Patents

Communication method, system, and home bs Download PDF

Info

Publication number
WO2008148348A1
WO2008148348A1 PCT/CN2008/071179 CN2008071179W WO2008148348A1 WO 2008148348 A1 WO2008148348 A1 WO 2008148348A1 CN 2008071179 W CN2008071179 W CN 2008071179W WO 2008148348 A1 WO2008148348 A1 WO 2008148348A1
Authority
WO
WIPO (PCT)
Prior art keywords
base station
home base
authentication
home
identification code
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Ceased
Application number
PCT/CN2008/071179
Other languages
French (fr)
Chinese (zh)
Inventor
Yong Qiu
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Huawei Technologies Co Ltd
Original Assignee
Huawei Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Huawei Technologies Co Ltd filed Critical Huawei Technologies Co Ltd
Publication of WO2008148348A1 publication Critical patent/WO2008148348A1/en
Anticipated expiration legal-status Critical
Ceased legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W84/00Network topologies
    • H04W84/02Hierarchically pre-organised networks, e.g. paging networks, cellular networks, WLAN [Wireless Local Area Network] or WLL [Wireless Local Loop]
    • H04W84/10Small scale networks; Flat hierarchical networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W84/00Network topologies
    • H04W84/02Hierarchically pre-organised networks, e.g. paging networks, cellular networks, WLAN [Wireless Local Area Network] or WLL [Wireless Local Loop]
    • H04W84/10Small scale networks; Flat hierarchical networks
    • H04W84/105PBS [Private Base Station] network

Definitions

  • the present invention relates to a communication technology, and more particularly to a communication method and system, and a home base station. Background technique
  • a home base station usually refers to a small, small base station for home or office use. It may be completely private. It can also be opened to the public for use with different priorities and permissions. Its ownership is private, not government.
  • the operator Or the operator; its use of the object may be a small range of users, but also a wide range of users. ⁇ Using home base stations to achieve wireless access, can better utilize existing network resources, save more network equipment operators' costs, and combine the advantages of mobile access networks and fixed access networks.
  • the device identity of the home base station is used to identify the user group that uses the home base station, and only after the user group using the home base station is registered, the member of the user group can use the home base station.
  • the home base station is a base station purchased by the user and placed at the user, that is, the home base station is under the control of the operator, so that when the home base station accesses the mobile network, it needs to be connected with the mobile network.
  • Mutual authentication is performed to identify the legitimacy of the home base station, and a symmetric key is used in the authentication process.
  • the user identifier of the home base station Since the user identifier of the home base station is used to identify the user group using the home base station, the following problems occur: (1) Since the identifier is the identifier of the home base station, it is provided by the manufacturer, and if the identifier is to be modified, It becomes very difficult; (2) When the identifier is used to find the relevant node of the network, because the device identifier is provided by the device provider and cannot contain routing information, the device identifier of the home base station is used in the mobile network to find the corresponding node. HSS (Home Subscriber Server) can be cumbersome.
  • HSS Home Subscriber Server
  • the embodiments of the present invention provide a communication method and system, and a home base station, which enhance the mobility of the home base station and facilitate the user.
  • An embodiment of the present invention provides a communication method, including:
  • the home base station user identification code is stored in the base station identity identification card by the home base station user identification code, and the base station identity identification card is detachably mounted on the base station body.
  • Embodiments of the present invention also provide a communication system including a home base station and a network side entity.
  • the home base station is configured to communicate with a network side entity by using a home base station user identification code, where the home base station includes a base station body and a base station identity identification card, where the user identification code is stored in a base station identity identification card, and the base station identity is The identification card is detachably mounted on the base station body.
  • An embodiment of the present invention further provides a home base station, including a base station body and a base station identity card.
  • the base station body includes: a first sending unit, configured to send a read home base station user identification code request to the base station identity identification card, where the first receiving unit is configured to receive the home base station user identification code sent by the base station identity identification card a confirmation message, configured to communicate with the network side by using the home base station user identification code;
  • the base station identity card is detachably mounted on the base station body, and includes a first storage unit, configured to store a home base station user identification code, and a first receiving unit, configured to receive a read home base station user identifier sent by the base station body And a first sending unit, configured to send, to the base station body, an acknowledgement message including a home base station user identification code.
  • the embodiment of the present invention enhances the mobility of the home base station by separating the home base station into a base station body and a BSIM (Base Station Identifier Module) card, so that the user can use any other home base station through the BSIM card.
  • BSIM Base Station Identifier Module
  • the BSIM card is easy to carry, when the user goes to the outside, the BSIM card only needs to be carried, and the BSIM card is installed on the base station body, and the network side can communicate with the network side, thereby greatly facilitating the user.
  • FIG. 1 shows the structure of a BSIM ID (Home Base Station User Identification Code) according to an embodiment of the present invention
  • FIG. 2 is a flowchart showing an authentication process of a home base station in a PLMN (Public Land Mobile Network) according to Embodiment 1 of the present invention
  • FIG. 3 is a diagram showing a scenario in which a home base station is managed by an MME (Mobile Management Entity) in a SAE (System Architecture Evolution)/LTE (Long Term Evolution) network according to Embodiment 2 of the present invention. Authentication process;
  • FIG. 4 is a flowchart showing an authentication process of a home base station in a UMTS (Universal Mobile Telecommunication System) network according to Embodiment 3 of the present invention
  • FIG. 5 is a diagram showing another authentication process of a home base station in a UMTS network according to Embodiment 4 of the present invention.
  • FIG. 6 is a flowchart showing an authentication process when a home base station is managed by an intermediate gateway GW in a SAE/LTE network or a UMTS network according to Embodiment 5 of the present invention
  • Fig. 7 shows a communication system of an embodiment of the present invention. detailed description
  • the entire home base station is composed of two parts: that is, the base station body and BSIM card.
  • the base station body stores the BS Number (home base station body number) of the home base station
  • the BSIM card stores the subscriber identity BSIM ID (home base station user identification code) of the home base station, and can also store related security parameters, and the related security.
  • the parameter may be a related parameter based on a symmetric key system, such as a basic key, and some authentication algorithms and a derivative key generation algorithm (hereinafter referred to as a key generation algorithm), or may be related parameters based on an asymmetric key system.
  • a key generation algorithm such as digital certificates.
  • the BSIM ID can be used to uniquely identify a group of users using a certain base station.
  • Other communication-related information may also be stored in the B SIM card, such as user data (such as a telephone number, etc.) and network data of each user using the home base station (for example, a list of users who are allowed to use the home base station, and a home base station when the last registration is used)
  • the location identification number, the derived key life cycle, etc.; the other communication-related information can be dynamically changed during the communication process.
  • the BSIM card can be detachably installed in any base station body.
  • the BSIM ID of the BSIM card can be used to register and authenticate to the mobile network.
  • the home base station can communicate with the network in various ways.
  • the BSIM ID and related service information are stored in the BSIM card, so the BSIM ID and related service information can be flexibly modified through the detachable installation of the BSIM card.
  • the BSIM ID can be composed of the following three parts:
  • MCC mobile country code
  • MNC mobile network code
  • a mobile home base station identification code identifies a home base station within a home network and may identify a home subscriber server HSS to which the home base station belongs. So you can find the corresponding HSS based on the MBIN of the BSIM ID.
  • NMBI National Mobile Home Base Station Identity
  • the allocation of the MCC can be managed by the ITU.
  • NMBI can be accounted for by each operator or national policy department.
  • the BSIM ID can also be composed in other ways as long as it can satisfy the user group that uniquely identifies the use of a certain base station.
  • the embodiment of the invention discloses a communication method, which comprises:
  • the home base station user identification code communicates with the network side, and the home base station user identification code is stored in the base station identity identification card, and the base station identity identification card is detachably installed on the base station body.
  • the base station body Before communicating with the network side, the base station body sends the home base station user identification code request information to the base station identity identification card, and receives the home base station user identification code returned by the base station identity identification card.
  • the base station identity card also stores related security parameters for the home base station to authenticate with the network side.
  • the authentication of the home base station and the network side includes: the home base station sends the home base station user identification code to the network side, so that the network side performs an authentication algorithm according to the received home base station user identification code, obtains the first authentication result, and returns the reference. Receiving a second authentication result according to the authentication request message and the security parameter; sending an authentication response message to the network side, the authentication response message includes a second authentication result; and causing the network side to perform the first authentication result according to the The second authentication result in the authentication response message is authenticated.
  • the communication method further includes: the home base station transmitting the home base station user identification code to the network side by using a registration request message; the home base station receiving the registration response message, and the registration response message is determined by the network side according to the first authentication result and the second authentication The result of the right is sent after authentication. Since the home base station is divided into the base station body and the BSIM card, the communication process change is mainly reflected in the authentication process of the home base station and the network side, and the registration authentication in various networks is respectively described by the first embodiment to the fifth embodiment. process.
  • This embodiment describes a registration authentication method of a home base station in a PLMN operator network.
  • the home base station includes the base station body and the BSIM card.
  • the registration authentication process of the home base station is as follows:
  • Step 201 The home base station is powered on, and sends a registration request message including a BSIM ID to the network side.
  • Step 202 After receiving the registration request message, the network side finds a corresponding basic key according to the BSIM ID in the registration request message, and then executes an authentication algorithm according to the BSIM ID and the basic key, and sends an authentication request message to the home base station.
  • Step 203 After receiving the authentication request message, the home base station performs an authentication algorithm by using the basic key in the BSIM card, and sends an authentication response message to the network.
  • a derived key may be generated by using a basic key, the derivative
  • the birth key can be used as a pre-shared key for IKE (Internet Key Exchange) in IPSec (Network Layer Security Protocol) to establish a security association (SA) in IPSEC. It can be used as a key to protect data transmitted between the home base station and the network.
  • IKE Internet Key Exchange
  • IPSec Network Layer Security Protocol
  • SA security association
  • Step 204 The network side authenticates the home base station. If the authentication succeeds, the user using the home base station is a legitimate user, and the network can provide a subscription service for the user through the home base station, and the network sends a registration response message to the home base station.
  • step 201 to step 204 an authentication method is simply exemplified, and those skilled in the art can know that other authentication methods can also be used for authentication.
  • the user After receiving the subscription service provided by the network through the home base station, the user can perform other corresponding processes by using the BSIM ID in the BSIM card according to the requirements of the network side, for example, adding or deleting users in the user list that can use the home base station.
  • the home base station according to the embodiment of the present invention is also suitable for other networks, such as UMTS network, SAE/LTE, etc., and the following describes the home base station in the UMTS network, SAE/LTE by using Embodiment 2 to Embodiment 5 with reference to FIG. 3 to FIG.
  • the authentication process in the case of power-on registration in the network is similar to the authentication process in other cases, and will not be described here.
  • BSIM denotes a BSIM card
  • MME denotes a mobility management entity, when the network is an SAE/LTE network, an MME node is used
  • SGSN is a serving GPRS support node, when the network is UMTS , using the SGSN node.
  • the HSS is a home subscriber server, which is used to store the BSIM ID of the home base station, and the corresponding basic key.
  • the intermediate gateway (GW) may be a security gateway or a sink node, and may share part of the network side and part. The function of the wireless control node.
  • this embodiment describes an authentication process when the home base station is managed by the MME in the SAE/LTE network.
  • Step 301 After the base station body is powered on, send the home base station user identification code request information to the BSIM card, for example, send a request message for reading the B SIM ID.
  • Step 302 The BSIM card returns BSIM ID information to the base station body, for example, sending an acknowledgement message, where the message includes the BSIM ID of the BSIM card.
  • a registration request message (Register)
  • Step 304 The MME sends an authentication information request message (AuthlnfoReq) to the HSS to request authentication information from the HSS, where the authentication information request message includes a BSIM ID.
  • AuthlnfoReq authentication information request message
  • Step 305 After receiving the authentication information request message, the HSS finds a corresponding basic key according to the BSIM ID in the authentication information request message, and generates a random number (Rand) according to the basic key, where the basic key and the random number are The parameter, the authentication algorithm is executed, and the authentication result Resultl is generated; at the same time, the HSS can also generate the derived key according to the basic key, the random number and the specific key generation algorithm, and then the HSS sends an authentication information response message (AuthlnfoResp) to the MME, Sending the authentication result Resultl, the random number, and the derived key to step 306, the MME sends an authentication request message (AuthChallenge) to the BSIM card, and sends the random number to the BSIM card;
  • AuthChallenge authentication request message
  • Step 307 The BSIM card generates an authentication result Result2 according to the received random number and the basic key stored in the BSIM card using the same authentication algorithm as that in step 305, or may be used according to the basic key and the random number in step 305.
  • the same key generation algorithm generates a derivative key.
  • the BSIM card sends an authentication response message to the MME, and sends the authentication result Result2 to the MME.
  • the derived key generated in step 305 and step 307 can be used as the IPSec.
  • the pre-shared key of IKE in the network layer security protocol is used to establish a security association (SA) in IPSEC, and can also be used as a key for protecting data transmitted between the home base station and the network.
  • SA security association
  • Step 308 The MME compares the authentication result Result2 with the authentication result Resultl transmitted by the HSS. If the authentication fails, the authentication fails. Otherwise, the authentication succeeds, and the MME sends a registration confirmation message RegisterAck to the base station entity.
  • step 301 to step 308 only one authentication method is simply mentioned, and those skilled in the art can know that other authentication methods can also be used for authentication.
  • this embodiment describes an authentication process at the time of power-on registration of a home base station in a UMTS network.
  • Step 401 After the base station body is powered on, send the home base station user identification code request information to the BSIM card, for example, a request message for reading the BSIM ID.
  • Step 402 The BSIM card returns BSIM ID information to the base station body, for example, sending an acknowledgement message, where the message includes the BSIM ID of the BSIM card.
  • Step 403 The base station body sends a registration request message (Register) to the RNC, where the registration request message includes a BSIM ID.
  • the registration request message includes a BSIM ID.
  • Step 404 The RNC sends an authentication information request message (AuthlnfoReq) to the HSS to request authentication information from the HSS, where the authentication information request message includes a BSIM ID.
  • AuthlnfoReq authentication information request message
  • Step 405 After receiving the authentication information request message, the HSS finds the corresponding basic key according to the BSIM ID in the authentication information request message, and generates a random number according to the basic key, and performs the authentication by using the basic key and Rand as parameters.
  • the weight algorithm generates the authentication result Resultl; at the same time, the HSS can also generate the derived key according to the basic key, the random number and the specific key generation algorithm, and then the HSS sends an authentication information response message (AuthlnfoResp) to the RNC, and the authentication result is obtained.
  • the Resultl, the random number, and the derived key are sent to the RNC, and the authentication information response message includes an authentication result Resultl, a random number, and a derived key.
  • Step 406 The RNC sends an authentication request message (AuthChallenge) to the BSIM card, and sends the random number to the BSIM card.
  • AuthChallenge an authentication request message
  • Step 407 The BSIM card generates the authentication result Result2 according to the random number and the basic key stored in the BSIM card using the same authentication algorithm as that in step 405, and may also use the same secret as in step 405 according to the basic key and the random number.
  • the key generation algorithm generates a derivative key, and then the BSIM card sends an authentication response message to the RNC, and sends the authentication result Result2 to the RNC; the derived key generated in step 405 and step 407 can be used as the pre-shared secret of IKE in IPSec.
  • the key, used to establish a security association (SA) in IPSEC can also be used as a key to protect data transmitted between the home base station and the network.
  • SA security association
  • Step 408 The RNC compares the authentication result Result2 with the authentication result Resultl transmitted by the HSS. If the authentication fails, the authentication fails. Otherwise, the authentication succeeds, and the RNC sends a registration confirmation message Register Ack to the base station entity.
  • step 401 to step 408 only one authentication method is simply mentioned, and those skilled in the art can know that other authentication methods can also be used for authentication.
  • Embodiment 4 is simply mentioned, and those skilled in the art can know that other authentication methods can also be used for authentication.
  • this embodiment describes an authentication process at the time of another boot registration of a home base station in a UMTS network.
  • Step 501 After the base station body is powered on, send the home base station user identification code request information to the BSIM card, for example, a request message for reading the BSIM ID.
  • Step 502 The BSIM card returns BSIM ID information to the base station body, for example, sending an acknowledgement message, where the message includes a BSIM ID of the BSIM card.
  • Step 503 The base station body sends a registration request message (Register) to the RNC, where the registration request message includes a BSIM ID.
  • the registration request message includes a BSIM ID.
  • Step 504 The RNC sends an authentication information request message (AuthlnfoReq) to the SGSN to request authentication information, where the authentication information request message includes a BSIM ID.
  • AuthlnfoReq authentication information request message
  • Step 505 The SGSN sends an authentication information request message (AuthlnfoReq) to the HSS to request authentication information from the HSS, where the authentication information request message includes a BSIM ID.
  • AuthlnfoReq authentication information request message
  • Step 506 After receiving the authentication information request message, the HSS finds the corresponding basic key according to the BSIM ID in the authentication information request message, and generates a random number, and performs an authentication algorithm by using the basic key and the Rand as parameters. The authentication result Resultl; at the same time, the HSS can also generate the derived key according to the basic key, the random number and the specific key generation algorithm, and then the HSS sends an authentication information response message (AuthlnfoResp) to the RNC, and the authentication result Resultl, the random number And the derived key is sent to the SGSN.
  • AuthlnfoResp authentication information response message
  • Step 507 The SGSN sends an authentication information response message (AuthlnfoResp) to the RNC, and sends the random number to the RNC.
  • AuthlnfoResp authentication information response message
  • Step 508 The RNC sends an authentication request message (AuthChallenge) to the BSIM card, and sends the random number to the BSIM card, where the authentication request message includes a random number.
  • AuthChallenge an authentication request message
  • Step 509 After receiving the authentication request message, the BSIM card generates the authentication result Result2 according to the random number in the authentication request message and the basic key stored in the BSIM card using the same authentication algorithm as that in step 505.
  • the basic key and the random number use the same key generation algorithm as in step 505 to generate the derived key, and the BSIM card sends an authentication response message to the RNC, and sends the authentication result Result2 to the RNC; the derivative generated in step 506 and step 509
  • the key can be used as a pre-shared key for IKE in IPSec, used to establish The Security Association (SA) in IPSEC can also be used as a key to protect data transmitted between the home base station and the network.
  • SA Security Association
  • Step 510 The RNC sends an authentication result comparison request (CompResultReq) to the SGSN, and sends the authentication result Result2 to the SGSN.
  • CompResultReq an authentication result comparison request
  • Step 511 The SGSN compares the authentication result Result2 with the authentication result Resultl transmitted by the HSS. If different, the authentication fails, otherwise the authentication succeeds, and the SGSN sends an authentication result comparison response (CompResultReq) to the RNC.
  • CompResultReq an authentication result comparison response
  • step 512 the RNC will send a registration confirmation message (RegisterAck) to the base station body.
  • Registration confirmation message (RegisterAck)
  • step 501 to step 512 only one authentication method is simply mentioned, and those skilled in the art can know that other authentication methods can also be used for authentication.
  • this embodiment describes an authentication process when the home base station is managed by the intermediate gateway GW in the SAE/LTE network or the UMTS network.
  • Step 601 After the base station body is powered on, send the home base station user identification code request information to the BSIM card, for example, send a request message for reading the B SIM ID.
  • Step 602 The BSIM card returns BSIM ID information to the base station body, for example, sending an acknowledgement message, where the message includes a BSIM ID of the BSIM card.
  • Step 603 The base station body sends a registration request message (Register) to the intermediate gateway, where the registration request message includes a BSIM ID.
  • the registration request message includes a BSIM ID.
  • Step 604 The intermediate gateway sends an authentication information request message (AuthlnfoReq) to the HSS to request authentication information from the HSS, where the authentication information request message includes a BSIM ID.
  • AuthlnfoReq authentication information request message
  • Step 605 After receiving the authentication information request message, the HSS finds the corresponding basic key according to the BSIM ID in the authentication information request message, and generates a random number according to the basic key, and performs the authentication by using the basic key and Rand as parameters.
  • the weight algorithm generates the authentication result Resultl; at the same time, the HSS can also generate the derived key according to the basic key, the random number and the specific key generation algorithm, and then the HSS sends an authentication information response message (AuthlnfoResp) to the intermediate gateway, and the authentication is performed.
  • the Resultl, the random number and the derived key are sent to the intermediate gateway, and the authentication information response message includes the authentication result Resultl, the random number and the derivative.
  • Raw key After receiving the authentication information request message, the HSS finds the corresponding basic key according to the BSIM ID in the authentication information request message, and generates a random number according to the basic key, and performs the authentication by using the basic key and Rand as parameters.
  • the weight algorithm generates the
  • Step 606 The intermediate gateway sends an authentication request message to the BSIM card.
  • Step 607 The BSIM card generates the authentication result Result2 by using the same authentication algorithm as that in step 605 according to the random number and the basic key stored in the BSIM card, and may also use the same secret as in step 605 according to the basic key and the random number.
  • the key generation algorithm generates a derivative key.
  • the BSIM card sends an authentication response message to the intermediate gateway, and sends the authentication result Result2 to the intermediate gateway.
  • the derived key generated in step 605 and step 607 can be used as the IKE pre-preparation in IPSec. Shared key, used to establish security associations in IPSEC
  • SA can also be used as a key to protect data transmitted between the home base station and the network.
  • Step 608 The intermediate gateway compares the authentication result Result2 with the authentication result Resultl transmitted by the HSS. If the authentication fails, the authentication fails. Otherwise, the authentication succeeds, and the intermediate gateway sends a registration confirmation message RegisterAck to the base station entity.
  • step 601 to step 608 only one authentication method is simply mentioned, and those skilled in the art can know that other authentication methods can also be used for authentication.
  • this embodiment discloses a communication system including a home base station 100 and a network side entity 200.
  • the home base station 100 is configured to communicate with the network side entity 200 by using a home base station user identification code.
  • the home base station 100 includes a base station body 110 and a base station identity card 120.
  • the user identification code is stored in the base station identity card 120, and the base station identity card 120 is stored. It is detachably mounted on the base station main body 110.
  • the network side entity 200 is configured to communicate with the home base station 100.
  • the home base station 100 includes a base station body 110 and a base station identity card 120, which may be a home base station or an AP (Access Point) in the UMTS network, or may be a home base station or a Home eNB in the SAE/LTE network.
  • the network side entity 200 may be an RNC in a UMTS network, or may be an MME or a GW in an SAE/LTE network.
  • the base station main body 110 includes a first transmitting unit 111, a first receiving unit 113, and a communication unit 112.
  • the first sending unit 111 is configured to send the home base station user identification code request information to the base station identity card 120, for example, send a home base station user identification code request;
  • the first receiving unit 113 is configured to receive the home base station user identification code, for example, receive The confirmation message sent by the base station identity card with the home base station user identification code;
  • the communication unit 112 is configured to communicate with the network side entity 200 by using the home base station user identification code. For example, in the authentication process, the communication unit 112 transmits a registration request message to the network side entity 200, and receives a registration confirmation message from the network side entity 200.
  • a base station identity card 120 detachably mounted on the base station body 110, includes a first storage unit 123, a second receiving unit 121, a second transmitting unit 124, and a second storage unit 122.
  • the first storage unit 123 is configured to store related security parameters; the second storage unit 122 is configured to store the home base station user identification code; and the second receiving unit 121 is configured to receive the home base station user identification code request information sent by the base station body 110.
  • the receiving home base station subscriber identity code request message is received; the second sending unit 124 is configured to send the home base station subscriber identity code to the base station body 110, for example, send an acknowledgement message including the home base station subscriber identity code.
  • the user does not have to re-replace the home base station.
  • the key is burned to the equipment operator, and the home base station user is also provided with more choices of the base station main body, which greatly facilitates the user and saves the user's investment in the base station main body.
  • the BSIM card can be carried, and the base station body does not need to be carried, which improves the mobility of the user and brings convenience to the user.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

A method, a system, and a home BS for communication are provided. The communication method include: a user communicates with a network through the user ID code of the home BS, the user ID code of the home BS is stored in a BSID card, the BSID card is detachly installed in the BS main body.

Description

一种通信方法和系统、 及家用基站 技术领域  Communication method and system, and home base station

本发明涉及一种通信技术, 尤其涉及一种通信方法和系统、及家 用基站。 背景技术  The present invention relates to a communication technology, and more particularly to a communication method and system, and a home base station. Background technique

随着 Internet (互联网 ) 业务的蓬勃发展, 以及宽带接入网络和 无线网络的广泛应用, 高速、 便捷地接入网络是人们追求的目标。 为 了更好的利用现有网络的资源,保护网络设备运营商的成本,在 3GPP ( 3rd Generation Partnership Project, 第三代移动通信标准化组织)中 引入了家用基站的概念。 家用基站通常是指小型化的、 家庭或者办公 室用的小基站, 可能是完全私有的, 也可以在设置不同优先级、 权限 的情况下, 开放给大众使用, 其所有权归私人, 而不是归政府或者运 营商; 其使用对象则可能是小范围的用户, 也可能是大范围的用户。 釆用家用基站来实现无线接入, 能够更好地利用现有网络资源, 更多 地节约网络设备运营商的成本,融合移动接入网络和固定接入网络的 各自优点。  With the rapid development of Internet (Internet) services and the wide application of broadband access networks and wireless networks, high-speed and convenient access to the network is the goal pursued by people. In order to better utilize the resources of the existing network and protect the cost of network equipment operators, the concept of a home base station is introduced in the 3GPP (3rd Generation Partnership Project). A home base station usually refers to a small, small base station for home or office use. It may be completely private. It can also be opened to the public for use with different priorities and permissions. Its ownership is private, not government. Or the operator; its use of the object may be a small range of users, but also a wide range of users.家用Using home base stations to achieve wireless access, can better utilize existing network resources, save more network equipment operators' costs, and combine the advantages of mobile access networks and fixed access networks.

对于家用基站而言,利用家用基站的设备标识来标识使用该家用 基站的用户群组, 只有对使用家用基站的用户群组进行注册后, 该用 户群组的成员才可使用家用基站。 另外由于家用基站是用户自己购 买、放置在用户处的基站,也就是说家用基站是在运营商的控制之夕卜, 这样当家用基站在接入到移动网络中时,就需要和移动网络之间进行 相互鉴权,以鉴别家用基站的合法性,在鉴权过程中,釆用对称密钥。  For the home base station, the device identity of the home base station is used to identify the user group that uses the home base station, and only after the user group using the home base station is registered, the member of the user group can use the home base station. In addition, since the home base station is a base station purchased by the user and placed at the user, that is, the home base station is under the control of the operator, so that when the home base station accesses the mobile network, it needs to be connected with the mobile network. Mutual authentication is performed to identify the legitimacy of the home base station, and a symmetric key is used in the authentication process.

由于釆用家用基站的设备标识来标识使用该家用基站的用户群 组, 这样, 会产生如下问题: (1 ) 由于该标识为家用基站的标识, 是 制造商提供的, 如果要修改该标识将变得很困难; (2 ) 当使用该标识 来寻找网络的相关节点, 因为设备标识是设备商提供的, 不能包含路 由信息, 因此, 在移动网络中使用家用基站的设备标识来寻找相应的 HSS ( Home Subscriber Server, 归属用户服务器)会比较麻烦。 同时 由于家用基站的用户只能使用他所注册的这个家用基站提供的业务, 这样家用基站的用户在外地时,如果享受他所注册的这个家用基站提 供的业务, 就必须随身携带这个家用基站, 因此, 对用户来讲家用基 站的移动性很差。 发明内容 Since the user identifier of the home base station is used to identify the user group using the home base station, the following problems occur: (1) Since the identifier is the identifier of the home base station, it is provided by the manufacturer, and if the identifier is to be modified, It becomes very difficult; (2) When the identifier is used to find the relevant node of the network, because the device identifier is provided by the device provider and cannot contain routing information, the device identifier of the home base station is used in the mobile network to find the corresponding node. HSS (Home Subscriber Server) can be cumbersome. At the same time, since the user of the home base station can only use the service provided by the home base station to which he is registered, when the user of the home base station is in the field, if he enjoys the service provided by the home base station to which he is registered, the home base station must be carried with him, therefore, The mobility of the home base station is very poor for the user. Summary of the invention

本发明实施例提供了一种通信方法和系统、及家用基站, 增强了 家用基站的移动性, 并方便了用户。  The embodiments of the present invention provide a communication method and system, and a home base station, which enhance the mobility of the home base station and facilitate the user.

本发明的实施例提供了一种通信方法, 包括:  An embodiment of the present invention provides a communication method, including:

通过家用基站用户标识码与网络侧进行通信,所述家用基站用户 标识码存储在基站身份标识卡中,所述基站身份标识卡可拆卸地安装 在基站主体上。  The home base station user identification code is stored in the base station identity identification card by the home base station user identification code, and the base station identity identification card is detachably mounted on the base station body.

本发明的实施例还提供了一种通信系统,包括家用基站和网络侧 实体,  Embodiments of the present invention also provide a communication system including a home base station and a network side entity.

所述家用基站,用于通过家用基站用户标识码与网络侧实体进行 通信, 所述家用基站包括基站主体和基站身份标识卡, 所述用户标识 码存储在基站身份标识卡中,所述基站身份标识卡可拆卸地安装在基 站主体上。  The home base station is configured to communicate with a network side entity by using a home base station user identification code, where the home base station includes a base station body and a base station identity identification card, where the user identification code is stored in a base station identity identification card, and the base station identity is The identification card is detachably mounted on the base station body.

本发明的实施例还提供了一种家用基站,包括基站主体和基站身 份标识卡,  An embodiment of the present invention further provides a home base station, including a base station body and a base station identity card.

所述基站主体, 其包括: 第一发送单元, 用于向基站身份标识卡 发送读家用基站用户标识码请求, 第一接收单元, 用于接收基站身份 标识卡发送的带有家用基站用户标识码的确认消息; 通信单元, 用于 通过所述家用基站用户标识码与网络侧进行通信;  The base station body includes: a first sending unit, configured to send a read home base station user identification code request to the base station identity identification card, where the first receiving unit is configured to receive the home base station user identification code sent by the base station identity identification card a confirmation message, configured to communicate with the network side by using the home base station user identification code;

所述基站身份标识卡, 其可拆卸地安装在基站主体上, 包括第一 存储单元, 用于存储有家用基站用户标识码; 第一接收单元, 用于接 收基站主体发送的读家用基站用户标识码请求消息; 第一发送单元, 用于向基站主体发送包含家用基站用户标识码的确认消息。 本发明实施例通过将家用基站分离为基站主体和 BSIM ( Base Station Identifier Module, 基站身份标识)卡, 使得用户通过 BSIM卡 可以使用其它任何家用基站, 增强了家用基站的移动性。 另外, 由于 BSIM卡易于携带, 用户到外地时, 只需携带 BSIM卡, 将 BSIM卡 安装在基站主体上, 就可与网络侧通信, 接收网络侧的业务, 从而大 大方便了用户。 附图说明 The base station identity card is detachably mounted on the base station body, and includes a first storage unit, configured to store a home base station user identification code, and a first receiving unit, configured to receive a read home base station user identifier sent by the base station body And a first sending unit, configured to send, to the base station body, an acknowledgement message including a home base station user identification code. The embodiment of the present invention enhances the mobility of the home base station by separating the home base station into a base station body and a BSIM (Base Station Identifier Module) card, so that the user can use any other home base station through the BSIM card. In addition, since the BSIM card is easy to carry, when the user goes to the outside, the BSIM card only needs to be carried, and the BSIM card is installed on the base station body, and the network side can communicate with the network side, thereby greatly facilitating the user. DRAWINGS

图 1示出了本发明实施例的 BSIM ID (家用基站用户标识码)的 结构;  1 shows the structure of a BSIM ID (Home Base Station User Identification Code) according to an embodiment of the present invention;

图 2 示出了本发明实施例一的在 PLMN ( Public Land Mobile Network, 公共陆地移动网络) 中家用基站的鉴权流程;  FIG. 2 is a flowchart showing an authentication process of a home base station in a PLMN (Public Land Mobile Network) according to Embodiment 1 of the present invention;

图 3 示出了本发明实施例二的在 SAE ( System Architecture Evolution, 系统架构演进 ) /LTE ( Long Term Evolution, 长期演进) 网络中当家用基站由 MME ( Mobile Managenment Entity, 移动管理 实体)管理时的鉴权流程;  FIG. 3 is a diagram showing a scenario in which a home base station is managed by an MME (Mobile Management Entity) in a SAE (System Architecture Evolution)/LTE (Long Term Evolution) network according to Embodiment 2 of the present invention. Authentication process;

图 4 示出了本发明实施例三的在 UMTS ( Universal Mobile Telecommunication System ,通用移动通信系统)网络中家用基站的鉴 权流程;  4 is a flowchart showing an authentication process of a home base station in a UMTS (Universal Mobile Telecommunication System) network according to Embodiment 3 of the present invention;

图 5示出了本发明实施例四的在 UMTS网络中家用基站的另一 种鉴权流程;  FIG. 5 is a diagram showing another authentication process of a home base station in a UMTS network according to Embodiment 4 of the present invention;

图 6示出了本发明实施例五的在 SAE/LTE网络中或 UMTS网络 中, 当家用基站由中间网关 GW管理时的鉴权流程;  6 is a flowchart showing an authentication process when a home base station is managed by an intermediate gateway GW in a SAE/LTE network or a UMTS network according to Embodiment 5 of the present invention;

图 7示出了本发明实施例的通信系统。 具体实施方式  Fig. 7 shows a communication system of an embodiment of the present invention. detailed description

为了便于本领域一般技术人员理解和实现本发明 ,现结合附图描 述本发明的实施例。  In order to facilitate a person skilled in the art to understand and implement the present invention, the embodiments of the present invention are described in conjunction with the accompanying drawings.

在本发明实施例中, 整个家用基站由两部分组成: 即基站主体和 BSIM卡。 在基站主体中存储家用基站的 BS Number (家用基站主体 号码), 在 BSIM卡中存储家用基站的签约用户标识 BSIM ID (家用 基站用户标识码), 还可以存储相关的安全参数, 这些相关的安全参 数可以是基于对称密钥体制的相关参数, 比如基本密钥, 以及一些鉴 权算法和衍生密钥生成算法 (以下简称密钥生成算法), 也可以是基 于非对称密钥体制的相关参数, 比如数字证书。 BSIM ID可以用于唯 一标识使用某一基站的用户群组。 B SIM卡中还可存储其它与通信相 关的信息,如使用家用基站的各个用户的用户数据(例如电话号码等) 和网络数据(例如允许使用该家用基站的用户列表、 最近一次登记时 家用基站所在位置识别号、 衍生密钥生命周期等); 所述其它与通信 相关的信息在通信过程中可以动态变化。 In the embodiment of the present invention, the entire home base station is composed of two parts: that is, the base station body and BSIM card. The base station body stores the BS Number (home base station body number) of the home base station, and the BSIM card stores the subscriber identity BSIM ID (home base station user identification code) of the home base station, and can also store related security parameters, and the related security. The parameter may be a related parameter based on a symmetric key system, such as a basic key, and some authentication algorithms and a derivative key generation algorithm (hereinafter referred to as a key generation algorithm), or may be related parameters based on an asymmetric key system. Such as digital certificates. The BSIM ID can be used to uniquely identify a group of users using a certain base station. Other communication-related information may also be stored in the B SIM card, such as user data (such as a telephone number, etc.) and network data of each user using the home base station (for example, a list of users who are allowed to use the home base station, and a home base station when the last registration is used) The location identification number, the derived key life cycle, etc.; the other communication-related information can be dynamically changed during the communication process.

当开户登记时, 会获得一个 BSIM卡。 当获得 BSIM卡后, 可将 BSIM卡可拆卸地安装在任一基站主体中, 基站主体在开机时, 就可 利用 BSIM卡的 BSIM ID向移动网络进行登记和鉴权, 当登记鉴权 成功后, 家用基站就可与网络进行各种通信。 BSIM ID和相关的业务 信息是保存在 BSIM卡中的, 因此通过 BSIM卡的可拆卸安装可以实 现灵活地修改 BSIM ID和相关业务信息的功能。  When you open an account, you will get a BSIM card. After the BSIM card is obtained, the BSIM card can be detachably installed in any base station body. When the base station body is powered on, the BSIM ID of the BSIM card can be used to register and authenticate to the mobile network. When the registration authentication is successful, The home base station can communicate with the network in various ways. The BSIM ID and related service information are stored in the BSIM card, so the BSIM ID and related service information can be flexibly modified through the detachable installation of the BSIM card.

如图 1所示, 所述 BSIM ID可由下述三部分组成:  As shown in FIG. 1, the BSIM ID can be composed of the following three parts:

移动国家代码(MCC ), 唯一地标识家用基站所在的国家; 移动网络代码(MNC ), 标识家用基站的归属的网络;  a mobile country code (MCC) that uniquely identifies the country in which the home base station is located; a mobile network code (MNC) that identifies the home network to which the home base station belongs;

移动家用基站识别码(MBIN ), 标识一个归属网内的家用基站, 并且可以标识家用基站所属的归属用户服务器 HSS。 所以可以根据 BSIM ID的 MBIN找到相应的 HSS。  A mobile home base station identification code (MBIN) identifies a home base station within a home network and may identify a home subscriber server HSS to which the home base station belongs. So you can find the corresponding HSS based on the MBIN of the BSIM ID.

MNC和 MBIN合起来,组成国家移动家用基站识别码 ( NMBI )。  MNC and MBIN are combined to form the National Mobile Home Base Station Identity (NMBI).

MCC的分配可由 ITU管理。 NMBI可由每个运营商或国家政策部门 负责。 The allocation of the MCC can be managed by the ITU. NMBI can be accounted for by each operator or national policy department.

BSIM ID也可按其它方式组成,只要能够满足唯一标识使用某一 基站的用户群组即可。  The BSIM ID can also be composed in other ways as long as it can satisfy the user group that uniquely identifies the use of a certain base station.

本发明实施例公开了一种通信方法, 该方法包括: 家用基站通过 家用基站用户标识码与网络侧进行通信,家用基站用户标识码存储在 基站身份标识卡中,基站身份标识卡可拆卸地安装在基站主体上。 在 与网络侧进行通信之前,基站主体向基站身份标识卡发送家用基站用 户标识码请求信息,并接收基站身份标识卡返回的家用基站用户标识 码。基站身份标识卡还存储有相关的安全参数, 用于家用基站与网络 侧进行鉴权。 家用基站与网络侧进行鉴权具体包括: 家用基站向网络 侧发送家用基站用户标识码,使网络侧根据接收到的家用基站用户标 识码执行鉴权算法, 获得第一鉴权结果, 并返回鉴权请求消息; 根据 鉴权请求消息和安全参数, 获得第二鉴权结果; 向网络侧发送鉴权响 应消息, 鉴权响应消息包括第二鉴权结果; 使网络侧根据第一鉴权结 果和鉴权响应消息中的第二鉴权结果进行鉴权。上述的通信方法还包 括,家用基站通过登记请求消息向所述网络侧发送所述家用基站用户 标识码; 家用基站接收登记响应消息, 登记响应消息由网络侧根据第 一鉴权结果和第二鉴权结果进行鉴权之后发送。由于将家用基站分为 基站主体和 BSIM卡后,通信过程变化主要体现在家用基站与网络侧 进行鉴权过程中,下面通过实施例一至实施例五分别描述在各种不同 网络中的登记鉴权过程。 The embodiment of the invention discloses a communication method, which comprises: The home base station user identification code communicates with the network side, and the home base station user identification code is stored in the base station identity identification card, and the base station identity identification card is detachably installed on the base station body. Before communicating with the network side, the base station body sends the home base station user identification code request information to the base station identity identification card, and receives the home base station user identification code returned by the base station identity identification card. The base station identity card also stores related security parameters for the home base station to authenticate with the network side. The authentication of the home base station and the network side includes: the home base station sends the home base station user identification code to the network side, so that the network side performs an authentication algorithm according to the received home base station user identification code, obtains the first authentication result, and returns the reference. Receiving a second authentication result according to the authentication request message and the security parameter; sending an authentication response message to the network side, the authentication response message includes a second authentication result; and causing the network side to perform the first authentication result according to the The second authentication result in the authentication response message is authenticated. The communication method further includes: the home base station transmitting the home base station user identification code to the network side by using a registration request message; the home base station receiving the registration response message, and the registration response message is determined by the network side according to the first authentication result and the second authentication The result of the right is sent after authentication. Since the home base station is divided into the base station body and the BSIM card, the communication process change is mainly reflected in the authentication process of the home base station and the network side, and the registration authentication in various networks is respectively described by the first embodiment to the fifth embodiment. process.

实施例一  Embodiment 1

本实施例描述家用基站在 PLMN运营商网络中的登记鉴权方法。 在图 2中, 家用基站包含了基站主体和 BSIM卡, 如图 2所示, 家用基站的登记鉴权过程如下:  This embodiment describes a registration authentication method of a home base station in a PLMN operator network. In FIG. 2, the home base station includes the base station body and the BSIM card. As shown in FIG. 2, the registration authentication process of the home base station is as follows:

步骤 201 , 家用基站开机, 向网络侧发送包含 BSIM ID的登记请 求消息。  Step 201: The home base station is powered on, and sends a registration request message including a BSIM ID to the network side.

步骤 202 , 网络侧接收到登记请求消息后, 根据登记请求消息中 的 BSIM ID找到相应的基本密钥, 然后根据 BSIM ID和基本密钥执 行鉴权算法, 并向家用基站发送鉴权请求消息。  Step 202: After receiving the registration request message, the network side finds a corresponding basic key according to the BSIM ID in the registration request message, and then executes an authentication algorithm according to the BSIM ID and the basic key, and sends an authentication request message to the home base station.

步骤 203 , 家用基站接收到鉴权请求消息后, 使用 BSIM卡中的 基本密钥执行鉴权算法, 并向网络发送鉴权响应消息。  Step 203: After receiving the authentication request message, the home base station performs an authentication algorithm by using the basic key in the BSIM card, and sends an authentication response message to the network.

在步骤 202和步骤 203中, 可利用基本密钥生成衍生密钥, 该衍 生密钥可以用作 IPSec (—种网络层安全协议) 中 IKE ( Internet Key Exchange, 网络密钥交换)的预共享密钥, 用于建立 IPSEC中的安全 关联(SA ), 该衍生密钥也可以用作对家用基站和网络之间传输数据 进行保护的密钥。 In step 202 and step 203, a derived key may be generated by using a basic key, the derivative The birth key can be used as a pre-shared key for IKE (Internet Key Exchange) in IPSec (Network Layer Security Protocol) to establish a security association (SA) in IPSEC. It can be used as a key to protect data transmitted between the home base station and the network.

步骤 204, 网络侧对家用基站进行鉴权, 如果鉴权成功, 则使用 该家用基站的用户为合法用户, 网络可通过该家用基站为用户提供签 约服务, 网络向家用基站发送登记响应消息。  Step 204: The network side authenticates the home base station. If the authentication succeeds, the user using the home base station is a legitimate user, and the network can provide a subscription service for the user through the home base station, and the network sends a registration response message to the home base station.

在步骤 201至步骤 204中, 只是简单举出一种鉴权方法, 本领域 技术人员可以知道还可釆用其它鉴权方法进行鉴权。  In step 201 to step 204, an authentication method is simply exemplified, and those skilled in the art can know that other authentication methods can also be used for authentication.

用户通过家用基站接受网络提供的签约服务后,可以根据网络侧 的要求, 使用 BSIM卡中的 BSIM ID执行其它相应的过程, 例如增 加或者删除可以使用该家用基站的用户列表中的用户等。  After receiving the subscription service provided by the network through the home base station, the user can perform other corresponding processes by using the BSIM ID in the BSIM card according to the requirements of the network side, for example, adding or deleting users in the user list that can use the home base station.

依据本发明实施例的家用基站还适合其它网络, 如 UMTS网络、 SAE/LTE等网络, 下面参照图 3至图 6, 通过实施例二至实施例五来 描述家用基站在 UMTS网络、 SAE/LTE等网络中开机登记时的鉴权 过程, 对于其它情况下的鉴权过程, 与之类似, 在此不再赘述。 在图 3至图 6中, BSIM表示 BSIM卡, MME表示移动性管理实体, 当所 述网络是 SAE/LTE网络时, 釆用 MME节点; SGSN是服务 GPRS 支持节点, 当所述网络是 UMTS时, 釆用 SGSN节点。 HSS是归属 用户服务器, 用于存储家用基站的 BSIM ID其对应的基本密钥; 在 图 6中, 中间网关( GW )可以是一个安全网关或者是一个汇聚节点, 可以 7 担部分网络侧和部分无线控制节点的功能。  The home base station according to the embodiment of the present invention is also suitable for other networks, such as UMTS network, SAE/LTE, etc., and the following describes the home base station in the UMTS network, SAE/LTE by using Embodiment 2 to Embodiment 5 with reference to FIG. 3 to FIG. The authentication process in the case of power-on registration in the network is similar to the authentication process in other cases, and will not be described here. In FIG. 3 to FIG. 6, BSIM denotes a BSIM card, MME denotes a mobility management entity, when the network is an SAE/LTE network, an MME node is used; SGSN is a serving GPRS support node, when the network is UMTS , using the SGSN node. The HSS is a home subscriber server, which is used to store the BSIM ID of the home base station, and the corresponding basic key. In FIG. 6, the intermediate gateway (GW) may be a security gateway or a sink node, and may share part of the network side and part. The function of the wireless control node.

实施例二  Embodiment 2

如图 3 所示, 本实施例描述在 SAE/LTE 网络中当家用基站由 MME管理的情况下开机登记时的鉴权过程。  As shown in FIG. 3, this embodiment describes an authentication process when the home base station is managed by the MME in the SAE/LTE network.

步骤 301 , 基站主体开机后, 向 BSIM卡发送家用基站用户标识 码请求信息 , 例如发送读取 B SIM ID的请求消息。  Step 301: After the base station body is powered on, send the home base station user identification code request information to the BSIM card, for example, send a request message for reading the B SIM ID.

步骤 302, BSIM卡向基站主体返回 BSIM ID信息, 例如, 发送 确认消息, 消息中包含 BSIM卡的 BSIM ID。 步骤 303 , 基站主体向 MME发送登记请求消息 (Register ), 所 述登记请求消息包括 BSIM ID。 Step 302: The BSIM card returns BSIM ID information to the base station body, for example, sending an acknowledgement message, where the message includes the BSIM ID of the BSIM card. Step 303: The base station body sends a registration request message (Register) to the MME, where the registration request message includes a BSIM ID.

步骤 304, MME向 HSS发送鉴权信息请求消息( AuthlnfoReq ), 以便从 HSS请求鉴权信息, 所述鉴权信息请求消息包括 BSIM ID。  Step 304: The MME sends an authentication information request message (AuthlnfoReq) to the HSS to request authentication information from the HSS, where the authentication information request message includes a BSIM ID.

步骤 305, HSS接收到鉴权信息请求消息后, 根据鉴权信息请求 消息中的 BSIM ID找到相应的基本密钥, 并根据基本密钥产生随机 数(Rand ), 以基本密钥和随机数为参数, 执行鉴权算法, 产生鉴权 结果 Resultl ; 同时 HSS也可以根据基本密钥、 随机数和特定的密钥 产生算法生成衍生密钥, 然后 HSS向 MME发送鉴权信息响应消息 ( AuthlnfoResp ), 将鉴权结果 Resultl、 随机数和衍生密钥发送给 步骤 306, MME向 BSIM卡发送鉴权请求消息( AuthChallenge ), 将随机数发送给 BSIM卡;  Step 305: After receiving the authentication information request message, the HSS finds a corresponding basic key according to the BSIM ID in the authentication information request message, and generates a random number (Rand) according to the basic key, where the basic key and the random number are The parameter, the authentication algorithm is executed, and the authentication result Resultl is generated; at the same time, the HSS can also generate the derived key according to the basic key, the random number and the specific key generation algorithm, and then the HSS sends an authentication information response message (AuthlnfoResp) to the MME, Sending the authentication result Resultl, the random number, and the derived key to step 306, the MME sends an authentication request message (AuthChallenge) to the BSIM card, and sends the random number to the BSIM card;

步骤 307, BSIM卡根据接收到的随机数和 BSIM卡中存储的基 本密钥使用与步骤 305 中相同的鉴权算法产生鉴权结果 Result2, 也 可以根据基本密钥和随机数使用与步骤 305 中相同的密钥产生算法 生成衍生密钥, 接着, BSIM卡向 MME发送鉴权响应消息, 将鉴权 结果 Result2发送给 MME; 步骤 305和步骤 307中生成的衍生密钥 可以用作 IPSec (—种网络层安全协议) 中 IKE的预共享密钥, 用于 建立 IPSEC中的安全关联( SA ), 也可以用作对家用基站和网络之间 传输数据进行保护的密钥。  Step 307: The BSIM card generates an authentication result Result2 according to the received random number and the basic key stored in the BSIM card using the same authentication algorithm as that in step 305, or may be used according to the basic key and the random number in step 305. The same key generation algorithm generates a derivative key. Then, the BSIM card sends an authentication response message to the MME, and sends the authentication result Result2 to the MME. The derived key generated in step 305 and step 307 can be used as the IPSec. The pre-shared key of IKE in the network layer security protocol is used to establish a security association (SA) in IPSEC, and can also be used as a key for protecting data transmitted between the home base station and the network.

步骤 308, MME将该鉴权结果 Result2与 HSS传送过来的鉴权 结果 Resultl 相比较, 如果不同则鉴权失败, 否则鉴权成功, MME 将向基站主体发送登记确认消息 RegisterAck。  Step 308: The MME compares the authentication result Result2 with the authentication result Resultl transmitted by the HSS. If the authentication fails, the authentication fails. Otherwise, the authentication succeeds, and the MME sends a registration confirmation message RegisterAck to the base station entity.

在步骤 301至步骤 308中, 只是简单举出一种鉴权方法, 本领域 技术人员可以知道还可釆用其它鉴权方法进行鉴权。  In step 301 to step 308, only one authentication method is simply mentioned, and those skilled in the art can know that other authentication methods can also be used for authentication.

实施例三  Embodiment 3

如图 4所示, 本实施例描述在 UMTS 网络中家用基站的开机登 记时的鉴权过程。 步骤 401 , 基站主体开机后, 向 BSIM卡发送家用基站用户标识 码请求信息 , 例如读取 BSIM ID的请求消息。 As shown in FIG. 4, this embodiment describes an authentication process at the time of power-on registration of a home base station in a UMTS network. Step 401: After the base station body is powered on, send the home base station user identification code request information to the BSIM card, for example, a request message for reading the BSIM ID.

步骤 402, BSIM卡向基站主体返回 BSIM ID信息, 例如, 发送 确认消息 , 消息中包含 BSIM卡的 BSIM ID。  Step 402: The BSIM card returns BSIM ID information to the base station body, for example, sending an acknowledgement message, where the message includes the BSIM ID of the BSIM card.

步骤 403 , 基站主体向 RNC发送登记请求消息(Register ), 所述 登记请求消息包括 BSIM ID。  Step 403: The base station body sends a registration request message (Register) to the RNC, where the registration request message includes a BSIM ID.

步骤 404, RNC向 HSS发送鉴权信息请求消息 ( AuthlnfoReq ), 以便从 HSS请求鉴权信息, 所述鉴权信息请求消息包括 BSIM ID。  Step 404: The RNC sends an authentication information request message (AuthlnfoReq) to the HSS to request authentication information from the HSS, where the authentication information request message includes a BSIM ID.

步骤 405 , HSS接收到鉴权信息请求消息后, 根据鉴权信息请求 消息中的 BSIM ID找到相应的基本密钥, 并根据基本密钥产生随机 数,以基本密钥和 Rand为参数,执行鉴权算法,产生鉴权结果 Resultl; 同时 HSS也可以根据基本密钥、 随机数和特定的密钥产生算法生成 衍生密钥,然后 HSS向 RNC发送鉴权信息响应消息( AuthlnfoResp ), 将鉴权结果 Resultl、 随机数和衍生密钥发送给 RNC, 所述鉴权信息 响应消息包括鉴权结果 Resultl、 随机数和衍生密钥。  Step 405: After receiving the authentication information request message, the HSS finds the corresponding basic key according to the BSIM ID in the authentication information request message, and generates a random number according to the basic key, and performs the authentication by using the basic key and Rand as parameters. The weight algorithm generates the authentication result Resultl; at the same time, the HSS can also generate the derived key according to the basic key, the random number and the specific key generation algorithm, and then the HSS sends an authentication information response message (AuthlnfoResp) to the RNC, and the authentication result is obtained. The Resultl, the random number, and the derived key are sent to the RNC, and the authentication information response message includes an authentication result Resultl, a random number, and a derived key.

步骤 406, RNC向 BSIM卡发送鉴权请求消息( AuthChallenge ), 将随机数发送给 BSIM卡;  Step 406: The RNC sends an authentication request message (AuthChallenge) to the BSIM card, and sends the random number to the BSIM card.

步骤 407, BSIM卡根据随机数和 BSIM卡中存储的基本密钥使 用与步骤 405 中相同的鉴权算法产生鉴权结果 Result2, 也可以根据 基本密钥和随机数使用与步骤 405 中相同的密钥产生算法生成衍生 密钥,接着, BSIM卡向 RNC发送鉴权响应消息,将鉴权结果 Result2 发送给 RNC; 步骤 405和步骤 407中生成的衍生密钥可以用作 IPSec 中 IKE的预共享密钥, 用于建立 IPSEC中的安全关联(SA ), 也可以 用作对家用基站和网络之间传输数据进行保护的密钥。  Step 407: The BSIM card generates the authentication result Result2 according to the random number and the basic key stored in the BSIM card using the same authentication algorithm as that in step 405, and may also use the same secret as in step 405 according to the basic key and the random number. The key generation algorithm generates a derivative key, and then the BSIM card sends an authentication response message to the RNC, and sends the authentication result Result2 to the RNC; the derived key generated in step 405 and step 407 can be used as the pre-shared secret of IKE in IPSec. The key, used to establish a security association (SA) in IPSEC, can also be used as a key to protect data transmitted between the home base station and the network.

步骤 408, RNC将该鉴权结果 Result2与 HSS传送过来的鉴权结 果 Resultl相比较, 如果不同则鉴权失败, 否则鉴权成功, RNC将向 基站主体发送登记确认消息 Register Ack。  Step 408: The RNC compares the authentication result Result2 with the authentication result Resultl transmitted by the HSS. If the authentication fails, the authentication fails. Otherwise, the authentication succeeds, and the RNC sends a registration confirmation message Register Ack to the base station entity.

在步骤 401至步骤 408中, 只是简单举出一种鉴权方法, 本领域 技术人员可以知道还可釆用其它鉴权方法进行鉴权。 实施例四 In step 401 to step 408, only one authentication method is simply mentioned, and those skilled in the art can know that other authentication methods can also be used for authentication. Embodiment 4

如图 5所示, 本实施例描述在 UMTS 网络中家用基站的另一种 开机登记时的鉴权过程。  As shown in Fig. 5, this embodiment describes an authentication process at the time of another boot registration of a home base station in a UMTS network.

步骤 501 , 基站主体开机后, 向 BSIM卡发送家用基站用户标识 码请求信息 , 例如读取 BSIM ID的请求消息。  Step 501: After the base station body is powered on, send the home base station user identification code request information to the BSIM card, for example, a request message for reading the BSIM ID.

步骤 502, BSIM卡向基站主体返回 BSIM ID信息, 例如, 发送 确认消息 , 消息中包含 BSIM卡的 BSIM ID。  Step 502: The BSIM card returns BSIM ID information to the base station body, for example, sending an acknowledgement message, where the message includes a BSIM ID of the BSIM card.

步骤 503 , 基站主体向 RNC发送登记请求消息(Register ), 所述 登记请求消息包括 BSIM ID。  Step 503: The base station body sends a registration request message (Register) to the RNC, where the registration request message includes a BSIM ID.

步骤 504, RNC向 SGSN发送鉴权信息请求消息( AuthlnfoReq ), 以便请求鉴权信息, 所述鉴权信息请求消息包括 BSIM ID。  Step 504: The RNC sends an authentication information request message (AuthlnfoReq) to the SGSN to request authentication information, where the authentication information request message includes a BSIM ID.

步骤 505, SGSN向 HSS发送鉴权信息请求消息( AuthlnfoReq ), 以便从 HSS请求鉴权信息, 所述鉴权信息请求消息包括 BSIM ID。  Step 505: The SGSN sends an authentication information request message (AuthlnfoReq) to the HSS to request authentication information from the HSS, where the authentication information request message includes a BSIM ID.

步骤 506 , HSS接收到鉴权信息请求消息后, 根据鉴权信息请求 消息中的 BSIM ID找到相应的基本密钥, 并产生随机数, 以基本密 钥和 Rand为参数, 执行鉴权算法, 产生鉴权结果 Resultl ; 同时 HSS 也可以根据基本密钥、 随机数和特定的密钥产生算法生成衍生密钥, 然后 HSS向 RNC发送鉴权信息响应消息( AuthlnfoResp ) ,将鉴权结 果 Resultl、 随机数和衍生密钥发送给 SGSN。  Step 506: After receiving the authentication information request message, the HSS finds the corresponding basic key according to the BSIM ID in the authentication information request message, and generates a random number, and performs an authentication algorithm by using the basic key and the Rand as parameters. The authentication result Resultl; at the same time, the HSS can also generate the derived key according to the basic key, the random number and the specific key generation algorithm, and then the HSS sends an authentication information response message (AuthlnfoResp) to the RNC, and the authentication result Resultl, the random number And the derived key is sent to the SGSN.

步骤 507 , SGSN向 RNC发送鉴权信息响应消息( AuthlnfoResp ), 将随机数发送给 RNC。  Step 507: The SGSN sends an authentication information response message (AuthlnfoResp) to the RNC, and sends the random number to the RNC.

步骤 508, RNC向 BSIM卡发送鉴权请求消息( AuthChallenge ), 将随机数发送给 BSIM卡, 所述鉴权请求消息包括随机数。  Step 508: The RNC sends an authentication request message (AuthChallenge) to the BSIM card, and sends the random number to the BSIM card, where the authentication request message includes a random number.

步骤 509、 BSIM卡收到鉴权请求消息后, 根据鉴权请求消息中 的随机数和 BSIM卡中存储的基本密钥使用与步骤 505中相同的鉴权 算法产生鉴权结果 Result2, 也可以根据基本密钥、 随机数使用与步 骤 505中相同的密钥产生算法生成衍生密钥, BSIM卡向 RNC发送 鉴权响应消息,将鉴权结果 Result2发送给 RNC;步骤 506和步骤 509 中生成的衍生密钥可以用作 IPSec 中 IKE的预共享密钥, 用于建立 IPSEC中的安全关联(SA ), 也可以用作对家用基站和网络之间传输 数据进行保护的密钥。 Step 509: After receiving the authentication request message, the BSIM card generates the authentication result Result2 according to the random number in the authentication request message and the basic key stored in the BSIM card using the same authentication algorithm as that in step 505. The basic key and the random number use the same key generation algorithm as in step 505 to generate the derived key, and the BSIM card sends an authentication response message to the RNC, and sends the authentication result Result2 to the RNC; the derivative generated in step 506 and step 509 The key can be used as a pre-shared key for IKE in IPSec, used to establish The Security Association (SA) in IPSEC can also be used as a key to protect data transmitted between the home base station and the network.

步骤 510 , RNC 向 SGSN 发送鉴权结果比较请求 ( CompResultReq ), 将鉴权结果 Result2发送给 SGSN。  Step 510: The RNC sends an authentication result comparison request (CompResultReq) to the SGSN, and sends the authentication result Result2 to the SGSN.

步骤 511 , SGSN将该鉴权结果 Result2与 HSS传送过来的鉴权 结果 Resultl 相比较, 如果不同则鉴权失败, 否则鉴权成功, SGSN 向 RNC发送鉴权结果比较响应 ( CompResultReq )。  Step 511: The SGSN compares the authentication result Result2 with the authentication result Resultl transmitted by the HSS. If different, the authentication fails, otherwise the authentication succeeds, and the SGSN sends an authentication result comparison response (CompResultReq) to the RNC.

步骤 512, RNC将向基站主体发送登记确认消息(RegisterAck )。 在步骤 501至步骤 512中只是简单举出一种鉴权方法,本领域技 术人员可以知道还可釆用其它鉴权方法进行鉴权。  In step 512, the RNC will send a registration confirmation message (RegisterAck) to the base station body. In step 501 to step 512, only one authentication method is simply mentioned, and those skilled in the art can know that other authentication methods can also be used for authentication.

实施例五  Embodiment 5

如图 6所示, 本实施例描述在 SAE/LTE网络中或 UMTS网络中 当家用基站由中间网关 GW管理时开机登记时的鉴权过程。  As shown in FIG. 6, this embodiment describes an authentication process when the home base station is managed by the intermediate gateway GW in the SAE/LTE network or the UMTS network.

步骤 601 , 基站主体开机后, 向 BSIM卡发送家用基站用户标识 码请求信息 , 例如发送读取 B SIM ID的请求消息。  Step 601: After the base station body is powered on, send the home base station user identification code request information to the BSIM card, for example, send a request message for reading the B SIM ID.

步骤 602, BSIM卡向基站主体返回 BSIM ID信息, 例如, 发送 确认消息 , 消息中包含 BSIM卡的 BSIM ID。  Step 602: The BSIM card returns BSIM ID information to the base station body, for example, sending an acknowledgement message, where the message includes a BSIM ID of the BSIM card.

步骤 603 , 基站主体向中间网关发送登记请求消息 ( Register ), 所述登记请求消息包括 BSIM ID。  Step 603: The base station body sends a registration request message (Register) to the intermediate gateway, where the registration request message includes a BSIM ID.

步骤 604 , 中 间 网关向 HSS 发送鉴权信息请求消息 ( AuthlnfoReq ), 以便从 HSS请求鉴权信息, 所述鉴权信息请求消息 包括 BSIM ID。  Step 604: The intermediate gateway sends an authentication information request message (AuthlnfoReq) to the HSS to request authentication information from the HSS, where the authentication information request message includes a BSIM ID.

步骤 605, HSS接收到鉴权信息请求消息后, 根据鉴权信息请求 消息中的 BSIM ID找到相应的基本密钥, 并根据基本密钥产生随机 数,以基本密钥和 Rand为参数,执行鉴权算法,产生鉴权结果 Resultl; 同时 HSS也可以根据基本密钥、 随机数和特定的密钥产生算法生成 衍生密钥, 然后 HSS 向中间网关发送鉴权信息响应消息 ( AuthlnfoResp ), 将鉴权结果 Resultl、 随机数和衍生密钥发送给中 间网关, 所述鉴权信息响应消息包括鉴权结果 Resultl、 随机数和衍 生密钥。 Step 605: After receiving the authentication information request message, the HSS finds the corresponding basic key according to the BSIM ID in the authentication information request message, and generates a random number according to the basic key, and performs the authentication by using the basic key and Rand as parameters. The weight algorithm generates the authentication result Resultl; at the same time, the HSS can also generate the derived key according to the basic key, the random number and the specific key generation algorithm, and then the HSS sends an authentication information response message (AuthlnfoResp) to the intermediate gateway, and the authentication is performed. The Resultl, the random number and the derived key are sent to the intermediate gateway, and the authentication information response message includes the authentication result Resultl, the random number and the derivative. Raw key.

步骤 606 , 中 间 网关向 BSIM 卡发送鉴权请求消息 Step 606: The intermediate gateway sends an authentication request message to the BSIM card.

( AuthChallenge ) , 将随机数发送给 BSIM卡。 ( AuthChallenge ) , sends the random number to the BSIM card.

步骤 607, BSIM卡根据随机数和 BSIM卡中存储的基本密钥使 用与步骤 605 中相同的鉴权算法产生鉴权结果 Result2, 也可以根据 基本密钥和随机数使用与步骤 605 中相同的密钥产生算法生成衍生 密钥, 接着, BSIM 卡向中间网关发送鉴权响应消息, 将鉴权结果 Result2发送给中间网关; 步骤 605和步骤 607中生成的衍生密钥可 以用作 IPSec中 IKE的预共享密钥, 用于建立 IPSEC中的安全关联 Step 607: The BSIM card generates the authentication result Result2 by using the same authentication algorithm as that in step 605 according to the random number and the basic key stored in the BSIM card, and may also use the same secret as in step 605 according to the basic key and the random number. The key generation algorithm generates a derivative key. Then, the BSIM card sends an authentication response message to the intermediate gateway, and sends the authentication result Result2 to the intermediate gateway. The derived key generated in step 605 and step 607 can be used as the IKE pre-preparation in IPSec. Shared key, used to establish security associations in IPSEC

( SA ), 也可以用作对家用基站和网络之间传输数据进行保护的密 钥。 (SA) can also be used as a key to protect data transmitted between the home base station and the network.

步骤 608, 中间网关将该鉴权结果 Result2与 HSS传送过来的鉴 权结果 Resultl相比较, 如果不同则鉴权失败, 否则鉴权成功, 中间 网关将向基站主体发送登记确认消息 RegisterAck。  Step 608: The intermediate gateway compares the authentication result Result2 with the authentication result Resultl transmitted by the HSS. If the authentication fails, the authentication fails. Otherwise, the authentication succeeds, and the intermediate gateway sends a registration confirmation message RegisterAck to the base station entity.

在步骤 601至步骤 608中只是简单举出一种鉴权方法,本领域技 术人员可以知道还可釆用其它鉴权方法进行鉴权。  In step 601 to step 608, only one authentication method is simply mentioned, and those skilled in the art can know that other authentication methods can also be used for authentication.

实施例六  Embodiment 6

如图 7所示, 本实施例公开了一种通信系统, 包括家用基站 100 和网络侧实体 200。  As shown in FIG. 7, this embodiment discloses a communication system including a home base station 100 and a network side entity 200.

家用基站 100用于通过家用基站用户标识码与网络侧实体 200进 行通信, 家用基站 100包括基站主体 110和基站身份标识卡 120, 用 户标识码存储在基站身份标识卡 120中,基站身份标识卡 120可拆卸 地安装在基站主体 110上。 网络侧实体 200, 用于与家用基站 100进 行通信。  The home base station 100 is configured to communicate with the network side entity 200 by using a home base station user identification code. The home base station 100 includes a base station body 110 and a base station identity card 120. The user identification code is stored in the base station identity card 120, and the base station identity card 120 is stored. It is detachably mounted on the base station main body 110. The network side entity 200 is configured to communicate with the home base station 100.

家用基站 100包括基站主体 110和基站身份标识卡 120, 可以是 UMTS网络中的家用基站或者 AP ( Access Point, 接入点), 也可以 是 SAE/LTE网络中的家用基站或者 Home eNB 等。 网络侧实体 200 可以是 UMTS网络中的 RNC,也可以是 SAE/LTE网络中的 MME或 者 GW等。 基站主体 110包括第一发送单元 111、 第一接收单元 113和通信 单元 112。 The home base station 100 includes a base station body 110 and a base station identity card 120, which may be a home base station or an AP (Access Point) in the UMTS network, or may be a home base station or a Home eNB in the SAE/LTE network. The network side entity 200 may be an RNC in a UMTS network, or may be an MME or a GW in an SAE/LTE network. The base station main body 110 includes a first transmitting unit 111, a first receiving unit 113, and a communication unit 112.

其中,第一发送单元 111用于向基站身份标识卡 120发送家用基 站用户标识码请求信息, 例如发送读家用基站用户标识码请求; 第一 接收单元 113用于接收家用基站用户标识码,例如接收基站身份标识 卡发送的带有家用基站用户标识码的确认消息;通信单元 112用于通 过所述家用基站用户标识码与网络侧实体 200进行通信。 例如, 在鉴 权过程中, 通信单元 112向网络侧实体 200发送登记请求消息, 并接 收来自网络侧实体 200的登记确认消息。  The first sending unit 111 is configured to send the home base station user identification code request information to the base station identity card 120, for example, send a home base station user identification code request; the first receiving unit 113 is configured to receive the home base station user identification code, for example, receive The confirmation message sent by the base station identity card with the home base station user identification code; the communication unit 112 is configured to communicate with the network side entity 200 by using the home base station user identification code. For example, in the authentication process, the communication unit 112 transmits a registration request message to the network side entity 200, and receives a registration confirmation message from the network side entity 200.

基站身份标识卡 120, 其可拆卸地安装在基站主体 110上, 包括 第一存储单元 123、 第二接收单元 121、 第二发送单元 124和第二存 储单元 122。  A base station identity card 120, detachably mounted on the base station body 110, includes a first storage unit 123, a second receiving unit 121, a second transmitting unit 124, and a second storage unit 122.

其中, 第一存储单元 123 , 用于存储相关的安全参数; 第二存储 单元 122用于存储家用基站用户标识码;第二接收单元 121用于接收 基站主体 110发送的家用基站用户标识码请求信息, 例如, 接收读家 用基站用户标识码请求消息; 第二发送单元 124用于向基站主体 110 发送家用基站用户标识码, 例如, 发送包含家用基站用户标识码的确 认消息。  The first storage unit 123 is configured to store related security parameters; the second storage unit 122 is configured to store the home base station user identification code; and the second receiving unit 121 is configured to receive the home base station user identification code request information sent by the base station body 110. For example, the receiving home base station subscriber identity code request message is received; the second sending unit 124 is configured to send the home base station subscriber identity code to the base station body 110, for example, send an acknowledgement message including the home base station subscriber identity code.

根据本发明实施例, 通过将家用基站分为基站主体和 BSIM卡, 由于在 BSIM卡上存储 BSIM ID和基本密钥, 由于基本密钥是存储 在 BSIM卡上的,用户更换家用基站时不必重新到设备运营商那里烧 录密钥, 同时也给家用基站用户提供了更多的基站主体的选择, 这极 大的方便了用户, 节省了用户对基站主体的投资。  According to the embodiment of the present invention, by dividing the home base station into the base station body and the BSIM card, since the BSIM ID and the basic key are stored on the BSIM card, since the basic key is stored on the BSIM card, the user does not have to re-replace the home base station. The key is burned to the equipment operator, and the home base station user is also provided with more choices of the base station main body, which greatly facilitates the user and saves the user's investment in the base station main body.

当用户在外地使用他所注册的这个家用基站提供的业务时,只要 携带 BSIM卡就可以了, 不必携带基站主体, 提高了用户的移动性, 给用户带来了方便。  When the user uses the service provided by the home base station that he is registered in the field, the BSIM card can be carried, and the base station body does not need to be carried, which improves the mobility of the user and brings convenience to the user.

虽然通过实施例描绘了本发明, 但本领域普通技术人员知道, 在 不脱离本发明的精神和实质的情况下,就可使本发明有许多变形和变 化, 本发明的范围由所附的权利要求来限定。  While the invention has been described by the embodiments of the invention, the invention Request to limit.

Claims

权利要求 Rights request 1、 一种通信方法, 其特征在于, 包括: A communication method, comprising: 通过家用基站用户标识码与网络侧进行通信,所述家用基站用户 标识码存储在基站身份标识卡中,所述基站身份标识卡可拆卸地安装 在基站主体上。  The home base station user identification code is stored in the base station identity identification card by the home base station user identification code, and the base station identity identification card is detachably mounted on the base station body. 2、 根据权利要求 1所述的通信方法, 其特征在于, 在与网络侧 进行通信之前, 还包括:  2. The communication method according to claim 1, further comprising: before communicating with the network side, further comprising: 所述基站主体向所述基站身份标识卡发送家用基站用户标识码 请求信息,并接收所述基站身份标识卡返回的所述家用基站用户标识 码。  The base station body sends the home base station user identification code request information to the base station identity identification card, and receives the home base station user identification code returned by the base station identity identification card. 3、 根据权利要求 1所述的通信方法, 其特征在于, 所述基站身 份标识卡还存储有相关的安全参数,用于所述家用基站与所述网络侧 进行鉴权。  The communication method according to claim 1, wherein the base station identity identification card further stores an associated security parameter for the home base station to authenticate with the network side. 4、 根据权利要求 3所述的通信方法, 其特征在于, 所述家用基 站与网络侧进行鉴权具体包括:  The communication method according to claim 3, wherein the authenticating the home base station and the network side comprises: 向所述网络侧发送所述家用基站用户标识码,使所述网络侧根据 接收到的所述家用基站用户标识码执行鉴权算法, 获得第一鉴权结 果, 并返回鉴权请求消息;  Sending the home base station user identification code to the network side, so that the network side performs an authentication algorithm according to the received home base station user identification code, obtains a first authentication result, and returns an authentication request message; 根据所述鉴权请求消息和所述安全参数, 获得第二鉴权结果; 向所述网络侧发送鉴权响应消息,所述鉴权响应消息包括所述第 二鉴权结果;使所述网络侧根据所述第一鉴权结果和所述鉴权响应消 息中的所述第二鉴权结果进行鉴权。  Obtaining a second authentication result according to the authentication request message and the security parameter; sending an authentication response message to the network side, where the authentication response message includes the second authentication result; The side performs authentication according to the first authentication result and the second authentication result in the authentication response message. 5、 根据权利要求 4所述的通信方法, 其特征在于, 通过登记请 求消息向所述网络侧发送所述家用基站用户标识码。  The communication method according to claim 4, wherein the home base station user identification code is transmitted to the network side by a registration request message. 6、 根据权利要求 4所述的通信方法, 其特征在于, 还包括接收 登记响应消息,所述登记响应消息由所述网络侧根据所述第一鉴权结 果和所述第二鉴权结果进行鉴权之后发送。  The communication method according to claim 4, further comprising receiving a registration response message, wherein the registration response message is performed by the network side according to the first authentication result and the second authentication result. Sent after authentication. 7、 根据权利要求 1至 6中任一权利要求之一所述的通信方法, 其特征在于, 所述家用基站用户标识码, 包括: The communication method according to any one of claims 1 to 6, The user base station user identification code includes: 移动国家代码, 唯一地标识所述家用基站所在的国家; 移动网络代码, 标识所述家用基站的归属网络;  Moving the country code, uniquely identifying the country where the home base station is located; a mobile network code identifying the home network of the home base station; 移动家用基站识别码, 标识一个归属网内的家用基站, 并且可以 标识所述家用基站所属的归属用户服务器。  The mobile home base station identification code identifies a home base station in a home network, and may identify a home subscriber server to which the home base station belongs. 8、 一种通信系统, 其特征在于, 包括:  8. A communication system, comprising: 家用基站, 用于通过家用基站用户标识码与网络侧实体进行通 信, 包括基站主体和基站身份标识卡, 所述家用基站用户标识码存储 在所述基站身份标识卡中,所述基站身份标识卡可拆卸地安装在所述 基站主体上;  a home base station, configured to communicate with a network side entity by using a home base station user identification code, including a base station body and a base station identity identification card, where the home base station user identification code is stored in the base station identity identification card, the base station identity identification card Removably mounted on the base station body; 网络侧实体, 用于与家用基站进行通信。  A network side entity, configured to communicate with a home base station. 9、 根据权利要求 8所述通信系统, 其特征在于, 所述基站主体 还用于向所述基站身份标识卡发送家用基站用户标识码请求信息 ,并 接收来自所述基站身份标识卡的所述家用基站用户标识码。  The communication system according to claim 8, wherein the base station body is further configured to send the home base station user identification code request information to the base station identity identification card, and receive the identifier from the base station identity identification card. Home base station user identification code. 10、 根据权利要求 8所述的通信系统, 其特征在于, 所述基站身 份标识卡用于存储相关的安全参数,所述安全参数用于所述家用基站 与所述网络侧进行鉴权。  The communication system according to claim 8, wherein the base station identity identification card is configured to store related security parameters, and the security parameters are used by the home base station to authenticate with the network side. 11、 一种家用基站, 其特征在于, 包括基站主体和基站身份标识 卡,  A home base station, comprising: a base station body and a base station identity card, 所述基站主体包括: 第一发送单元, 用于向基站身份标识卡发送 家用基站用户标识码请求信息; 第一接收单元, 用于接收来自所述基 站身份标识卡的家用基站用户标识码; 通信单元, 用于通过所述家用 基站用户标识码与网络侧进行通信;  The base station body includes: a first sending unit, configured to send a home base station user identification code request information to a base station identity identification card; a first receiving unit, configured to receive a home base station user identification code from the base station identity identification card; a unit, configured to communicate with the network side by using the home base station user identification code; 所述基站身份标识卡, 可拆卸地安装在所述基站主体上, 包括: 第一存储单元, 用于存储家用基站用户标识码; 第二接收单元, 用于 接收所述基站主体发送的家用基站用户标识码请求信息;第二发送单 元, 用于向基站主体发送家用基站用户标识码。  The base station identity card is detachably installed on the base station body, and includes: a first storage unit, configured to store a home base station user identification code; and a second receiving unit, configured to receive the home base station sent by the base station body User identification code request information; a second sending unit, configured to send a home base station user identification code to the base station body. 12、 根据权利要求 11所述家用基站, 其特征在于,  12. The home base station according to claim 11, wherein: 在鉴权过程中,所述通信单元用于向所述网络侧发送登记请求消 息 , 并接收来自网络侧的登记确认消息。 In the authentication process, the communication unit is configured to send a registration request to the network side. And receive a registration confirmation message from the network side. 13、 根据权利要求 11所述家用基站, 其特征在于, 所述基站身 份标识卡还包括:  The home base station according to claim 11, wherein the base station identity identification card further comprises: 第二存储单元, 用于存储相关的安全参数, 所述安全参数用于所 述家用基站与所述网络侧进行鉴权。  And a second storage unit, configured to store related security parameters, where the security parameter is used by the home base station to perform authentication with the network side.
PCT/CN2008/071179 2007-06-04 2008-06-04 Communication method, system, and home bs Ceased WO2008148348A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN200710107384.7 2007-06-04
CN2007101073847A CN101321100B (en) 2007-06-04 2007-06-04 Communication method and system, and household base station

Publications (1)

Publication Number Publication Date
WO2008148348A1 true WO2008148348A1 (en) 2008-12-11

Family

ID=40093193

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2008/071179 Ceased WO2008148348A1 (en) 2007-06-04 2008-06-04 Communication method, system, and home bs

Country Status (2)

Country Link
CN (1) CN101321100B (en)
WO (1) WO2008148348A1 (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2010078920A1 (en) * 2009-01-08 2010-07-15 Deutsche Telekom Ag Process for updating additional information stored in a terminal for terminal-based recognition of home base stations in a cellular land mobile system
CN102056164A (en) * 2009-11-10 2011-05-11 中兴通讯股份有限公司 Method for home base station to access network, home base station management server

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104349315B (en) * 2013-07-31 2018-01-05 普天信息技术有限公司 It is a kind of to ensure base station and the method and system of user equipment information safety
CN110245943B (en) * 2019-05-20 2021-04-23 创新先进技术有限公司 Receipt storage method and node based on judgment condition

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1558697A (en) * 2004-02-10 2004-12-29 Ut˹�￵ͨѶ���޹�˾ PHS system authentication method
CN1561136A (en) * 2004-02-18 2005-01-05 Ut˹�￵ͨѶ���޹�˾ PHS mobile phone network discriminating method

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
ES2349049T3 (en) * 2005-11-15 2010-12-22 Alcatel Lucent NETWORK ACCESS, PASSPORT AND MANAGEMENT SERVER FOR A WIRELESS COMMUNICATION CELL SYSTEM.

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1558697A (en) * 2004-02-10 2004-12-29 Ut˹�￵ͨѶ���޹�˾ PHS system authentication method
CN1561136A (en) * 2004-02-18 2005-01-05 Ut˹�￵ͨѶ���޹�˾ PHS mobile phone network discriminating method

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2010078920A1 (en) * 2009-01-08 2010-07-15 Deutsche Telekom Ag Process for updating additional information stored in a terminal for terminal-based recognition of home base stations in a cellular land mobile system
US8977286B2 (en) 2009-01-08 2015-03-10 Deutsche Telekom Ag Process for updating additional information stored in a terminal for a terminal-based recognition of home base stations in a cellular land mobile system
CN102056164A (en) * 2009-11-10 2011-05-11 中兴通讯股份有限公司 Method for home base station to access network, home base station management server

Also Published As

Publication number Publication date
CN101321100B (en) 2012-11-07
CN101321100A (en) 2008-12-10

Similar Documents

Publication Publication Date Title
CN110800331B (en) Network verification method, related equipment and system
JP3869392B2 (en) User authentication method in public wireless LAN service system and recording medium storing program for causing computer to execute the method
US10425808B2 (en) Managing user access in a communications network
US7831835B2 (en) Authentication and authorization in heterogeneous networks
CN114268943B (en) Authorization method and device
KR100813295B1 (en) Method for security association negotiation with Extensible Authentication Protocol in wireless portable internet system
US7450554B2 (en) Method for establishment of a service tunnel in a WLAN
CN101616410B (en) Access method and access system for cellular mobile communication network
TWI356614B (en) Improved subscriber authentication for unlicensed
CA2490131C (en) Key generation in a communication system
JP5597676B2 (en) Key material exchange
WO2019017837A1 (en) Network security management method and apparatus
CN114946153A (en) Method, device and system for application key generation and management in a communication network in encrypted communication with a service application
CN111869182A (en) Wireless Communication Network Certification
WO2013174267A1 (en) Method, system, and device for securely establishing wireless local area network
WO2018176441A1 (en) User authentication method and device
WO2008125062A1 (en) Method of admittance judgment and paging user in mobile communication system, system and device thereof
CN115989689A (en) User equipment authentication and authorization procedures for edge data networks
JP4687788B2 (en) Wireless access system and wireless access method
WO2008148348A1 (en) Communication method, system, and home bs
US9473934B2 (en) Wireless telecommunications network, and a method of authenticating a message
CN101990207A (en) Access control method, home base station (HBS) and HBS authorization server
CN102685742B (en) A kind of WLAN access authentication method and device
CN101877852A (en) User access control method and system
CN101822083A (en) Authentication method, trusted environment unit and home base station

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 08757590

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 08757590

Country of ref document: EP

Kind code of ref document: A1