[go: up one dir, main page]

WO2013178138A1 - Method and identity information server for obtaining access identifier of terminal - Google Patents

Method and identity information server for obtaining access identifier of terminal Download PDF

Info

Publication number
WO2013178138A1
WO2013178138A1 PCT/CN2013/079257 CN2013079257W WO2013178138A1 WO 2013178138 A1 WO2013178138 A1 WO 2013178138A1 CN 2013079257 W CN2013079257 W CN 2013079257W WO 2013178138 A1 WO2013178138 A1 WO 2013178138A1
Authority
WO
WIPO (PCT)
Prior art keywords
terminal
aid
iis
home
network
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Ceased
Application number
PCT/CN2013/079257
Other languages
French (fr)
Chinese (zh)
Inventor
骆文
孙默
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
ZTE Corp
Original Assignee
ZTE Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by ZTE Corp filed Critical ZTE Corp
Publication of WO2013178138A1 publication Critical patent/WO2013178138A1/en
Anticipated expiration legal-status Critical
Ceased legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W8/00Network data management
    • H04W8/02Processing of mobility data, e.g. registration information at HLR [Home Location Register] or VLR [Visitor Location Register]; Transfer of mobility data, e.g. between HLR, VLR or external networks
    • H04W8/08Mobility data transfer
    • H04W8/12Mobility data transfer between location registers or mobility servers

Definitions

  • the present invention relates to the field of mobile communications, and in particular, to a method for acquiring an access identifier of a terminal and an identity information server. Background technique
  • IP Internet if a terminal wants to access the IP Internet, it must apply for a valid IP address from the network.
  • the IP address has a dual attribute that represents both the identity of the user and the location of the network topology in which the user is located.
  • the IP address can only be used in the topology (for example, it can only be used within the scope of one access gateway) .
  • This is certainly not a problem for fixed terminals, but for mobile terminals, the above IP address becomes an invalid address after the terminal moves from the scope of one access gateway to another.
  • the terminal must re-acquire a new IP address from the new topology. In this way, the continuity of the IP-based upper layer service cannot be guaranteed. For example, if the end user is making an IP call, the call will be broken.
  • the service experience increases the possibility that the terminal's IP packet encounters network congestion when it is transmitted on the network, causing the terminal service to be blocked or even impossible to implement (for example, real-time services such as voice, video, online games, etc.).
  • the network logical structure of the method mainly includes an Access Service Router (ASR) and an Identity Location Register (ILR).
  • ASR Access Service Router
  • ILR Identity Location Register
  • the ASR is connected to the access network under it, and is mainly responsible for accessing the user terminal; the ILR mainly stores the "identity-location" correspondence of the terminal.
  • a fixed access identifier needs to be configured for the end user. (Access Identity, AID for short), used to identify the identity of the user.
  • the AID is stored in the ILR.
  • Carrier B allows the terminals of Carrier A to access through their own networks and provide corresponding networks to the terminals. service.
  • the AID of the end user is stored in the ILR of the home operator of the user.
  • the user terminal A is the subscriber of the operator A (ie, the operator A is the home operator of the terminal A), and at this time, the user's AID is stored in the identity location register A (IRR-A). ).
  • the ASR-B cannot obtain the AID of the terminal. Because there is no record of the user in the ILR-B of the operator B, there is no AID information of the user. Therefore, in the foregoing method based on identity location separation, when a terminal roams, even if there is a roaming agreement between the home operator and the current visited operator, the terminal cannot obtain the AID of the terminal user. Network access.
  • the invention provides a method for acquiring an access identifier of a terminal and an identity information server, which can obtain an access identifier of the terminal in the case that the terminal roams.
  • an embodiment of the present invention provides a method for acquiring an access identifier of a terminal, including:
  • IIS identity information server
  • AID access identifier
  • the visited IIS queries the terminal's home IIS for the terminal's AID when the terminal's visited service access service router (ASR) queries the terminal's AID; and
  • ASR visited service access service router
  • the visited IIS receives the AID of the terminal returned by the home IIS of the terminal.
  • the method also includes:
  • the step of the visited IIS querying the AID of the terminal to the home IIS of the terminal includes: the visited IIS is informed of the visited service ASR when receiving the identifier used by the terminal sent by the visited service ASR to access the authentication Querying the AID of the terminal;
  • the visited IIS sends the received identifier of the terminal for access authentication to the home IIS of the terminal, and queries the AID of the terminal;
  • the step of the visited IIS receiving the AID of the terminal returned by the home IIS of the terminal includes: the visited IIS receiving the identifier returned by the home IIS of the terminal according to the identifier used by the terminal for access authentication AID.
  • the method further includes: the visited IIS querying the terminal IIS to the terminal
  • the AID Before the AID, determining, according to the identifier used by the terminal for access authentication, whether the terminal belongs to the local network, and determining, when the terminal does not belong to the local network, determining the home IIS of the terminal, to query the home ns The AID of the terminal.
  • Each IIS is directly connected to each other or connected through one or more border gateways;
  • the border gateway between the IISs completes the interaction between the IISs according to the identifier used by the terminal for access authentication.
  • Each IIS interacts based on a Remote Authentication Dial-In User Service (RADIUS) message or a Diameter message.
  • RADIUS Remote Authentication Dial-In User Service
  • a Packet Data Network Gateway (P-GW) is used as an ASR; IIS is deployed on an Authentication, Authorization, and Accounting (AAA) server connected to the P-GW, and AAA in the network
  • AAA Authentication, Authorization, and Accounting
  • the servers are connected to each other; or IIS is deployed on a mobility management entity (MME) connected to the P-GW, and the MMEs in the network are connected to each other; or
  • the gateway general packet radio service support node (GGSN) is used as the ASR; the IIS is deployed on the AAA server connected to the GGSN, and the AAA servers in the network are connected to each other; or Deploy IIS on the home location register (HLR) connected to the GGSN, and connect the HLRs in the network to each other; or deploy IIS on the home subscription server (HSS) connected to the GGSN, and connect the HSSs in the network to each other. Connect; or,
  • the Broadband Remote Access Server (BRAS) is used as the ASR, and IIS is deployed in Connect to the BRAS on the AAA server and connect the AAA servers in the network to each other.
  • An embodiment of the present invention further provides a method for saving an access identifier of a terminal, including: establishing an interconnection between each identity location register (ILR) in the network;
  • the visited ILR receives the access identifier (AID) and the route identifier (RID) of the terminal sent by the visited service access service router (ASR) of the terminal, where the AID Querying from the visited location information server (IIS) by the visited service ASR; the RID is allocated by the visited service ASR to the terminal after querying the AID;
  • AID access identifier
  • RID route identifier
  • the visited ILR sends the AID and the RID of the terminal to the home ILR of the terminal, so that the home ILR saves the correspondence between the AID and the RID of the terminal.
  • the method further includes: before the AID and the RID of the terminal are sent to the home ILR of the terminal, determining, according to the AID of the terminal and the pre-configured information, whether the terminal belongs to the local network, and if not, determining the location Determining whether the terminal belongs to the local network, if not, according to the identity of the terminal, or determining whether the terminal belongs to the local network according to the identifier of the terminal that is sent by the ASR and the RID.
  • the internet before the AID and the RID of the terminal are sent to the home ILR of the terminal, determining, according to the AID of the terminal and the pre-configured information, whether the terminal belongs to the local network, and if not, determining the location Determining whether the terminal belongs to the local network, if not, according to the identity of the
  • Each ILR is directly connected to each other or connected through one or more border gateways;
  • the border gateway between the ILRs completes the interaction between the ILRs according to the AID of the terminal or the identifier used by the terminal for access authentication.
  • the method also includes:
  • the visited ILR receives the RID reassigned by the target ASR to which the terminal is handed over;
  • the visited ILR updates the RID re-allocated by the target ASR to the terminal to the home ILR of the terminal.
  • the method also includes:
  • the ILR in the network where the CN is located is used to determine the location information of the terminal when the service ASR of the CN queries the location information of the terminal. If the AID-RID correspondence of the terminal is not saved, the AID of the terminal is sent to the home ILR of the terminal to query the RID of the terminal;
  • the ILR in the network where the CN is located receives the RID of the terminal that the home ILR of the terminal queries and returns locally according to the received AID.
  • the method further includes: when the terminal retires or releases the IP address, the visited ILR sends the AID of the terminal to the home ILR of the terminal, and notifies the home ILR to delete the RID of the terminal.
  • Each ILR interacts based on a Remote Authentication Dial-In User Service (RADIUS) message or a Diameter message.
  • RADIUS Remote Authentication Dial-In User Service
  • a Packet Data Network Gateway (P-GW) is used as an ASR, and an ILR is deployed on an Authentication, Authorization, and Accounting (AAA) server connected to the P-GW, and AAA in the network.
  • the servers are connected to each other; or the ILRs are deployed on a mobility management entity (MME) connected to the P-GW, and the MMEs in the network are connected to each other; or
  • MME mobility management entity
  • the gateway general packet radio service support node (GGSN) is used as the ASR, the ILR is deployed on the AAA server connected to the GGSN, and the AAA servers in the network are connected to each other; or The ILR is deployed on the home location register (HLR) connected to the GGSN, and the HLRs in the network are connected to each other; or the ILR is deployed on a home subscription server (HSS) connected to the GGSN, and the HSSs in the network are mutually connected.
  • HLR home location register
  • HSS home subscription server
  • the Broadband Remote Access Server (BRAS) is used as the ASR, the ILR is deployed on the AAA server connected to the BRAS, and the AAA servers in the network are connected to each other.
  • An embodiment of the present invention further provides an identity information server, including: a data storage unit, an information interaction unit, and an information query unit, where:
  • the data storage unit is configured to initially save an access identifier (AID) of a terminal in a network; the information interaction unit is configured to establish an interconnection between each identity information server (IIS); the information query unit is configured to When the terminal is roaming access, when the visited service access router (ASR) of the terminal queries the AID of the terminal, the information interaction unit searches the home IIS of the terminal for the AID of the terminal, and receives the home IIS of the terminal. The AID of the returned terminal.
  • the data storage unit is further configured to initially save the identifier used by the terminal for access authentication, and associate the AID of the terminal with the identifier used by the terminal for access authentication;
  • the information querying unit is configured to query and receive the AID of the terminal by: when receiving the identifier used by the terminal sent by the visited service ASR to access the authentication, it is known that the visited service ASR is to be Querying the AID of the terminal, and sending the received identifier of the terminal for access authentication to the home IIS of the terminal, by using the information interaction unit to query the home IIS of the terminal for the AID of the terminal, and receiving The AID returned by the home IIS of the terminal according to the identifier used by the terminal for access authentication.
  • the information querying unit is further configured to determine, according to the identifier used by the terminal for access authentication, whether the terminal belongs to the local network before the home IIS of the terminal queries the AID of the terminal, and the terminal does not belong to the terminal.
  • the home IIS of the terminal is determined to query the home ns for the AID of the terminal.
  • the information querying unit is further configured to, after receiving the identifier sent by the terminal sent by the other identity information server for access authentication, query the corresponding data from the data storage unit according to the identifier used by the terminal for access authentication. AID, and return the queried AID to the corresponding identity information server.
  • An embodiment of the present invention further provides an identity location register, including an information interaction unit, a data storage unit, and an information update unit, where:
  • the information interaction unit is configured to establish an interconnection between respective identity location registers (ILRs) in the network;
  • ILRs identity location registers
  • the data storage unit is configured to receive and save an access identifier (AID) and a route identifier (RID) of the terminal sent by the visited service access service router ASR of the terminal when the terminal roams access, where the AID is The visited service ASR is queried from the visited identity information server (IIS); the RID is allocated by the visited service ASR to the terminal after querying the AID;
  • AID access identifier
  • RID route identifier
  • the information updating unit is configured to pass the AID of the terminal by the information interaction unit
  • the RID is sent to the home ILR of the terminal, so that the home ILR saves the correspondence between the AID and the RID of the terminal.
  • the information updating unit is further configured to send the AID and the RID of the terminal to the terminal Before the ILR, determine whether the terminal belongs to the local network according to the AID of the terminal and the pre-configured information, and if not, determine the home network of the terminal; or send the AID and the RID according to the visited service ASR.
  • the identifier used by the terminal for access authentication determines whether the terminal belongs to the local network. If not, determines the home network of the terminal.
  • the data storage unit is further configured to: after the terminal switches the ASR, receive the RID that the target ASR switched by the terminal is reassigned by the terminal;
  • the information updating unit is further configured to update the RID reassigned by the target ASR to the terminal to the home ILR of the terminal after the terminal does not belong to the local network and determine the home network of the terminal.
  • the information update unit is further configured to send the AID of the terminal to the home ILR of the terminal when the terminal retires or releases the IP address, and notify the home ILR to delete the RID of the terminal.
  • the present invention saves the AID of the terminal by setting the identity information server, and connects the identity information servers to each other for interaction of the AID of the terminal, so that in the method based on the identity location separation, when the terminal roams, The AID of the terminal can be obtained, so that the terminal can access the visited network.
  • FIG. 1 is an architectural diagram of an identity location separation network in the related art
  • FIG. 2 is a schematic diagram of a terminal roaming in an identity location separated network in the related art
  • FIG. 3 is an architectural diagram of a system for acquiring an access identifier of a terminal according to the present invention
  • FIG. 4 is a flowchart of Embodiment 1 of a method for acquiring an access identifier of a terminal according to the present invention
  • FIG. 5 is a flowchart of a method for acquiring an access identifier of a terminal in a terminal handover manner according to the present invention
  • FIG. 7 is a flowchart of Embodiment 3 of a method for obtaining an access identifier of a terminal according to the present invention
  • FIG. 8 is a flowchart of a method for acquiring an access identifier of a terminal according to the present invention.
  • 9 is a schematic diagram of a method of the present invention applied to a 3G network
  • 10 is a schematic diagram of a method of the present invention applied to a fixed network
  • FIG. 11 is an architectural diagram of an identity information server of the present invention.
  • Figure 12 is a block diagram of the identity location register of the present invention.
  • a dedicated identity information server (Identity Information Server, hereinafter referred to as IIS) is used to save the AID of the terminal user.
  • IIS Identity Information Server
  • Carrier A has its own Identity Server A (IIS-A)
  • Carrier B has its own IIS-B.
  • IIS records both the identity used by the end user for access authentication and the AID of the user, and associates the two.
  • the identifier used by the terminal user for access authentication generally includes an International Mobile Subscriber Identity (IMSI), a Network Access Identifier (NAI), and the like.
  • IMSI International Mobile Subscriber Identity
  • NAI Network Access Identifier
  • a signaling interface (shown in Figure 3) needs to be added between the visited operator's IIS (visited IIS) and the home operator's IIS (home IIS).
  • the function is to pass the end user's access identifier (AID) between the visited IIS and the home IIS.
  • the IIS of the visited operator can establish a directly connected interface with the IMS of the home carrier, or can indirectly establish an interface through one or more border gateways. That is, the visited operator and the home operator's IIS establish an interface with the above-mentioned border gateways, and the interaction between the two IISs is completed by the transit of the border gateway.
  • the general role of the border gateway is to protect the data security of both operators and to be free from attacks.
  • the border gateway here can be generally referred to as Border IIS (B-IIS), Gateway IIS (G-IIS) or Proxy IIS (P-IIS).
  • the location information of the terminal can also be grasped.
  • a signaling interface is added between the visited operator's ILR (visited ILR) and the home operator's ILR (home ILR).
  • the ILR of the visited operator can establish a directly connected interface with the home operator's ILR, or can indirectly establish an interface through one or more border gateways.
  • the border gateway can be generally referred to as Border ILR (B-ILR for short), Gateway ILR (G-ILR for short) or Proxy ILR (P-ILR for short).
  • Border ILR Border ILR
  • G-ILR Gateway ILR
  • P-ILR Proxy ILR
  • An interface is established between IIS-A of carrier A and IIS-B of carrier B. If terminal A roams access from carrier B, it accesses through access service router B (ASR-B). ASR-B requests the AID of the terminal from IIS-B. At this time, IIS-B can obtain the AID of terminal A from IIS-A through the above interface, and send it to the terminal. In this way, the problem that the terminal cannot be accessed by the roaming operator can be solved.
  • FIG. 4 shows a first embodiment of the present embodiment, which is a process in which a terminal accesses a network and obtains an access identifier (AID) of the terminal from the network, and specifically includes the following steps:
  • Step 401 The terminal roams to the visited operator, and accesses the network of the visited operator, and attaches to the access service router (ASR).
  • ASR is the service ASR of the terminal (ie, the visited service) ASR ) ;
  • the service ASR obtains the identifier used by the terminal for access authentication in this step, such as the above-mentioned IMSI, NAI, or User Name. Based on the user name mentioned above, the network first performs access authentication on the terminal user, and then performs subsequent processes after the access authentication is passed.
  • Step 402 The ASR (located at the visited operator) queries the visited identity information server (IIS) for the AID of the terminal user, and carries the identifier of the obtained terminal for access authentication;
  • Step 403 Visiting the IIS After the above request, it is preferred to determine whether the user belongs to the local network;
  • IIS visited identity information server
  • the visited IIS can make a judgment according to the identifier used by the terminal for access authentication (that is, the identifier used by the user of the terminal for access authentication, and the following is expressed as the identifier used by the terminal for access authentication). .
  • the visited IIS since it is assumed that the user is currently accessing the visited operator, the visited IIS needs to further determine the home operator of the terminal user, and generally visits according to the identifier used by the terminal for access authentication.
  • IIS can determine the home operator of the terminal.
  • the visited IIS can also determine the home IIS of the terminal.
  • Step 404 The visited IIS sends a message to the home IIS (located in the home operator of the terminal user) of the terminal user, and queries the AID of the terminal, where the message carries the identifier used by the terminal to access the authentication;
  • Step 405 After receiving the foregoing request, the home IIS preferably first verifies that the request message is from a legal requester, and then locally queries the corresponding identifier according to the identifier used by the terminal for access authentication.
  • Step 406 Visiting IIS returns the queried AID to the ASR;
  • Step 407 The ASR sends the foregoing AID to the terminal, and the identity of the terminal is configured locally at the terminal.
  • the subsequent terminal uses the AID as its own IP address for communication with the outside world.
  • Step 408 After obtaining the AID of the terminal, the ASR further allocates a route identifier (RID, also referred to as a location identifier) to the terminal.
  • RID route identifier
  • Step 409 The ASR (the ASR is the ASR of the visited operator) updates the RID of the terminal to the ILR (visited ILR) of the visited operator, carries the AID of the terminal user, and the allocated RID, and preferably carries the above The identifier used by the terminal to access the authentication;
  • Step 410 The visited ILR saves the AID-RID correspondence of the terminal locally, and sends a message to the home ILR of the terminal, and carries the corresponding relationship of the AID-RID;
  • the visited ILR can determine that the terminal corresponding to the AID is not attributable to the operator.
  • the visited ILR can determine, according to the AID and the pre-configured information, that the AID does not belong to the operator, and can determine the operator to which the AID belongs; or, the visited ILR is used for access according to the terminal that is preferably carried in step 409.
  • the identifier of the authentication determines that the corresponding AID does not belong to the carrier, and can determine the operator to which the AID belongs.
  • Step 411 After the home ILR obtains the foregoing information, the corresponding relationship of the AID-RID of the terminal is saved locally;
  • the home operator of the terminal can also obtain the current location information of the terminal.
  • the home ILR returns a response message to the visited ILR.
  • Step 412 The visited ILR returns a response message to the ASR.
  • the visited ILR may also not record the terminal.
  • the AID-RID corresponds to the relationship, and the AID-RID of the terminal is directly sent to the home ILR of the terminal user, and only the home ILR stores the AID-RID correspondence of the terminal.
  • the problems of the prior art can be solved by the method of the above embodiment of the present invention.
  • the terminal roams
  • the ASR of the visited carrier accesses the network, it can also obtain its own AID and use the AID as its own source address to communicate with the outside world.
  • the visited IIS and the home IIS are directly interacted with each other.
  • the visited IIS and the home IIS can communicate with each other through one or more border gateways (such as B-IIS, G-IIS or P-IIS mentioned above), and the border gateway can also be based on the above terminal.
  • the identity used for access authentication determines which next hop border gateway or home IIS should be sent the corresponding message (as described in step 403).
  • the visited ILR and the home ILR may also be interworked through one or more border gateways (such as B-ILR, P-ILR, G-ILR), and the border gateway may follow the method described in step 410. According to the AID or the identifier used by the terminal user for access authentication, it is determined which next-hop border gateway or home ILR should be sent to the corresponding message.
  • the target ASR needs to allocate a new RID to the terminal, and simultaneously update the AID of the terminal saved in the ILR.
  • the -RID correspondence includes the following steps:
  • Step 501-502 After the terminal switches from the source ASR to the target ASR, the target ASR allocates a new RID to the terminal.
  • Step 503 The target ASR sends an update message to the visited ILR, and carries the AID of the terminal and the newly allocated RID, and preferably also carries the identifier used by the terminal for access authentication, because the target ASR is also located in the network of the visited carrier.
  • Step 503 is the same principle as step 409.
  • Step 504 In the same step 410, the visited ILR determines that the terminal user is not the home operator, and after determining the home operator of the user, sends a message to the home ILR of the terminal, and carries the mapping relationship of the AID-RID;
  • Steps 505-506 Same as steps 411-412.
  • FIG. 6 shows a second embodiment of the present invention, and it is still assumed that the terminal accesses the network at the visited operator. That is, the current service ASR of the terminal is located at the visited operator.
  • Step 601 The communication peer end (CN) of the terminal sends a data packet to the terminal, and the destination IP address of the data packet is set to the AID of the terminal, and the data packet first reaches the service ASR (CN-ASR) of the CN;
  • CN-ASR service ASR
  • Step 602 When the CN-ASR cannot find the location information of the terminal locally, query the location information of the terminal to the ILR in the carrier domain where the CN-ASR is located, and query the AID of the message carrying terminal; assume that the carrier where the CN-ASR is located Not the home operator of the terminal.
  • Step 603 It is assumed that the ILR in the carrier domain where the CN-ASR is located cannot locally query the RID information of the terminal, and as described in step 410, the ILR can determine that the AID does not belong to the present according to the AID and the pre-configured information. The operator, and the operator that can determine the AID belongs to; Step 604: The foregoing ILR sends a request to the home ILR of the terminal, and carries the AID of the terminal to request the RID information of the terminal;
  • Step 605 After the local ILR queries the RID information of the terminal according to the AID, the ILR returns a response message in the carrier domain where the CN-ASR is located, and carries the AID-RID information of the terminal.
  • Step 606 After receiving the response message, the ILR in the carrier domain where the CN-ASR is located carries the terminal RID information in the response message and returns it to the CN-ASR.
  • Step 607 The CN-ASR sends the foregoing data packet according to the location information of the terminal.
  • the operator where the CN-ASR is located may be the visited operator of the terminal.
  • the visited ILR can save the AID-RID relationship of the terminal, and the CN-ASR can directly query the related information in the visited ILR; otherwise, the method of the above step of Embodiment 2 is required. , to the relevant information related to the ILR query.
  • the operator in which the CN-ASR is located may also be different from the visited carrier where the terminal is currently located. In this case, the location information of the terminal needs to be queried according to the method in the foregoing embodiment.
  • FIG. 7 shows a third embodiment of the present invention. It is still assumed that the terminal accesses the network at the visited operator, that is, the current service ASR of the terminal is located at the visited operator. When the terminal exits the network, you need to clear the terminal.
  • the location information of the terminal that is stored in the ILR includes the following steps.
  • Step 701 The current service ASR of the terminal receives an indication that the terminal retires or releases the IP address.
  • Step 703 After receiving the above message, the visited ILR first deletes the AID-RID mapping relationship of the terminal locally, and according to the method of step 410, the visited ILR can determine that the local domain is the visited domain of the terminal (ie, the visited place). And determining the home domain of the terminal, the visited ILR sending a message to the home ILR of the terminal, for deleting the location information of the terminal, carrying the AID of the terminal, and preferably carrying the identifier of the terminal for access authentication;
  • Step 704 The home ILR deletes the locally saved related information, and returns a response message to the visited -ILR.
  • Step 705 Visit - ILR returns a response message to the above ASR.
  • the IIS described in this embodiment can be deployed on an Authentication, Authorization and Accounting (AAA) server, and a Home Location Register (referred to as a Home Location Register).
  • AAA Authentication, Authorization and Accounting
  • HLR Home Location Register
  • HSS Home Subscriber Server
  • these network elements can be used to directly replace the "identity information server” in the above embodiments. For example, replacing the "home identity information server” with the "home authentication authentication accounting server” and the "visit authentication authentication accounting server” with the "visiting location authentication information server” is the same.
  • the visited place - IIS and the IIS can interact with each other through the AAA protocol, including the RADIUS (Remote Authentication Dial In User Service) protocol and the Diameter protocol.
  • RADIUS Remote Authentication Dial In User Service
  • the visited IIS uses the Access-Request message defined by the RADIUS protocol, and the carrying terminal is used to access the authentication identifier to request the AID information in the terminal from the home IIS.
  • the home IIS uses the Access-Accept message to answer the visited IIS, and carries The AID of the terminal. If there is no corresponding record in the home IIS (for example, the terminal user does not sign the AID), then the home IIS can visit the IIS. Returns an Access-Reject message. At this time, the ASR of the visited place will preferably reject the terminal access.
  • the visited IIS can also use the AA-Request defined by the Diameter protocol to request the AID information of the terminal from the home IIS, and carry the identifier used by the terminal for access authentication; the home IIS uses the AA-Answer to answer the visited IIS, and carries the AID information of the terminal. Or carry an error indication (for example, the end user does not sign the AID). If the visited IIS receives the AA-Answer message carrying the error indication, the ASR preferably rejects the terminal access to the network.
  • the ILR in this embodiment can also be deployed on the AAA server, the HLR, or the HSS, that is, the ILR functions as a functional module of the network elements, or the network elements themselves have the ILR.
  • these network elements can be used to directly replace the "identity location register" in the above embodiments. For example, replacing the "home identity location register” with the "home authentication location accounting register” and the “visit authentication authority accounting server” with the "home authentication authentication accounting server", the principle is the same.
  • the visited ILR and the home ILR can also interact through the AAA protocol, including the RADIUS protocol and the Diameter protocol.
  • the visited ILR uses the Accounting-Request message defined by the RADIUS protocol, carries the AID and RID information of the terminal, and updates the RID information of the terminal to the home ILR.
  • you can use the Accounting-Request[start] that is, the type of the request is start
  • the subsequent update for example, the terminal switches the ASR, the new ASR assigns a new terminal
  • the visited ILR sends an Accounting-Request[stop] to the home ILR.
  • the home ILR receives the Accounting-Request message of type stop, the RID information of the terminal is deleted.
  • the ILR uses the Accounting-Response [start], Accounting-Response [interim], and Accounting-Response [stop] responses to the visited ILR.
  • the ILR of the carrier domain where the CN-ASR is located queries the terminal's home ILR for the RID of the terminal, the ILR can query the home ILR by using the newly defined message in the RADIUS protocol.
  • the visited ILR can also use the Accounting-Request message defined by the Diameter protocol to carry the AID and RID information of the terminal, and update the RID information of the terminal to the home ILR; accordingly, the home ILR responds to the visited ILR by using the Accounting-Answer.
  • the visited ILR can use the Disconnect-Peer-Request or Abort-Session-Request message to carry the AID of the terminal.
  • the home ILR Indicates that the home ILR deletes the RID information of the terminal; correspondingly belongs to the ILR using the Disconnect-Peer- Answer or Abort-Session- Answer to answer the ILR noirI port implementation 1” column 2, when the CN-ASR is located in the carrier domain
  • the ILR queries the terminal's home ILR for the RID of the terminal, the ILR can query the home-ILR using the newly defined message in the Diameter protocol.
  • FIG. 8 is a fourth embodiment of the present embodiment, and specifically applies the content of the present embodiment to an LTE (Long Term Evolution) network.
  • LTE Long Term Evolution
  • a terminal is first connected to an S-GW (Serving Gateway) through a wireless connection, and then connected to a P-GW (Packet Data Network Gateway) through an S-GW.
  • P-GW Packet Data Network Gateway
  • the P-GW has the ASR function described above, and is referred to as P-GW (ASR).
  • the network is divided into the visited operator of the terminal (operator B in the figure) and the home carrier (operator A in the figure), assuming that the terminal is currently connected in the network of the operator of the visited place, and the network is allocated for the terminal.
  • the P-GW (ASR) is also located in the visited operator domain.
  • the P-GW (ASR) interfaces with the ILR in the visited operator domain (i.e., the visited ILR above) and the IIS in the visited carrier domain (i.e., the visited IIS above).
  • the interfaces described herein may be directly connected or indirectly connected through an intermediate border gateway or the like.
  • Embodiments 1 to 3 of the present embodiment are all applicable to the LTE network described herein, and only need to replace the ASR of the previous embodiment with the P-GW (ASR) described herein, and the source ASR,
  • the target ASR is replaced by the source P-GW (ASR) and the target P-GW (ASR).
  • both the ILR and IIS can be located on the AAA server connected to the P-GW (ASR) (eg, connected to the P-GW (ASR) via the SGi interface). The principle is the same and will not be described again.
  • the LTE network further includes an MME (Mobility Management Entity), which functions to save the mobility context of the terminal.
  • MME Mobility Management Entity
  • IIS ILR
  • ILR Mobility Management Entity
  • the above IIS, ILR may also be located on the MME, or the MME itself has IIS and / or ILR functions.
  • the MME located in the visited domain is the visited MME
  • the MME located at the home is the home MME.
  • An indirect or direct interface is established between the visited MME and the home MME.
  • Fig. 9 is a fifth embodiment of the present embodiment, and specifically the content of the present embodiment is applied to a GPRS (General Packet Radio Service) network.
  • the terminal first connects to the SGSN (Serving GPRS Support Node) wirelessly, and then connects to the GGSN (Gateway GPRS Support Node, Gateway General Packet Radio Service Support Node) through the SGSN.
  • the GGSN has the ASR function described above, and is denoted as GGSN (ASR).
  • the network is divided into the visited operator of the terminal (the operator B in the figure) and the home carrier (the operator A in the figure), and the terminal is currently connected to the operator of the visited place.
  • the GGSN (ASR) allocated by the network for the terminal is also located in the visited operator domain.
  • the GGSN (ASR) interfaces with the ILR in the visited carrier domain (ie, the visited ILR above) and the IIS in the visited carrier domain (ie, the visited IIS above).
  • the interfaces described herein may be directly connected or indirectly connected through an intermediate border gateway or the like.
  • Embodiments 1 to 3 of the present invention can be applied to the GPRS network described herein, and only need to replace the ASR of the previous embodiment with the GGSN (ASR) described herein, and replace the source ASR and the target ASR with The source GGSN (ASR) and the target GGSN (ASR) can be used.
  • both the ILR and IIS can be located on the AAA server connected to the GGSN (ASR) (eg, connected to the GGSN (ASR) via the Gi interface). The principle is the same and will not be described again.
  • the GPRS network also includes an HLR or HSS, which is used to store information such as subscriptions of end users.
  • HLR or HSS which is used to store information such as subscriptions of end users.
  • IIS and ILR can also be located on the HLR/HSS.
  • the HLR/HSS in the visited domain is the visited-HLR/HSS
  • the HLR/HSS located in the visited domain is the attribution-HLR/HSS.
  • FIG. 10 is a sixth embodiment of the present embodiment, specifically applying the content of the present embodiment to a fixed network
  • BRAS Broadband Remote Access Server
  • DSLAM Digital Subscriber Line Access Multiplexer
  • the fixed network is generally managed in a sub-area, such as area A and area B as shown in FIG.
  • the home area of the terminal is area A, and it is assumed that the terminal is currently connected in its visited area (ie, area B).
  • the area A and the area B are the same as the carrier A and the operator B mentioned above, so that the figure 10 can also be regarded as a roaming scene.
  • the BRAS Assuming that the BRAS currently connected to the terminal is also located in the visited area, the BRAS (ASR) has an interface with the ILR of the visited area (i.e., the visited ILR above) and the IIS in the visited area (ie, the visited IIS above).
  • the visited ILR has an interface with the ILR in the home zone of the terminal (i.e., the above-mentioned home ILR), and there is also an interface between the visited IIS and the IIS in the home zone of the terminal (ie, the home IIS above).
  • the interfaces described herein may be directly connected or indirectly connected through an intermediate border gateway or the like.
  • Embodiments 1 to 3 of the present invention can be applied to the fixed network described herein, and only need to replace the ASR of the previous embodiment with the BRAS (ASR) described herein, and replace the source ASR and the target ASR with The source BRAS (ASR) and the target BRAS (ASR) are sufficient. Also, as mentioned above, both the ILR and IIS can be located on the AAA server connected to the BRAS (ASR). The principle is the same and will not be repeated.
  • the embodiment further provides an identity information server, including: a data storage unit, an information interaction unit, and an information query unit, where:
  • the data storage unit is set to initially save the AID of the terminal in the network where the network is located;
  • the information interaction unit is configured to establish an interconnection between the IISs
  • the information querying unit is configured to query the AID of the terminal to the home IIS of the terminal through the information interaction unit when the terminal accesses the AID of the terminal, and receives the AID of the terminal returned by the home IIS of the terminal. .
  • the data storage unit is further configured to initially save the identifier used by the terminal for access authentication, and the terminal
  • the AID is associated with an identifier used by the terminal to access the authentication
  • the information querying unit is configured to: when receiving the identifier of the terminal used by the visited service ASR for access authentication, knowing that the visited service ASR is to query the AID of the terminal, and using the received terminal for access authentication
  • the home IIS sent to the terminal is identified to query the AID of the terminal through the information interaction unit, and receives the AID returned by the home IIS of the terminal and queried according to the identifier used by the terminal for access authentication.
  • the information querying unit is further configured to determine whether the terminal belongs to the local network according to the identifier used by the terminal for access authentication before querying the AID of the terminal to the home IIS of the terminal, and determine the home IIS of the terminal when the terminal does not belong to the local network. To query the AID of the terminal to the home IIS.
  • the information querying unit is further configured to: after receiving the identifier sent by the terminal sent by the other identity information server for access authentication, query the corresponding AID from the data storage unit according to the identifier used by the terminal for access authentication, and The queried AID is returned to the corresponding identity information server.
  • the embodiment further provides an identity location register, including: an information interaction unit, a data storage unit, and an information update unit, where:
  • the information interaction unit is configured to establish an interconnection between the ILRs in the network
  • the data storage unit is configured to receive and save the AID and RID of the terminal sent by the visited service ASR of the terminal when the terminal roams access, and the AID is obtained by the visited service ASR from the visited IIS; the RID is inquired by the visited service ASR. After the AID, assign to the terminal;
  • the information updating unit is configured to send the AID and the RID of the terminal to the home ILR of the terminal through the information interaction unit, so that the home ILR saves the correspondence between the AID and the RID of the terminal.
  • the information update unit is further configured to determine whether the terminal belongs to the local network according to the AID of the terminal and the pre-configured information before transmitting the AID and the RID of the terminal to the home ILR of the terminal, and if not, determine the home network of the terminal;
  • the destination service ASR sends the AID and the RID to send the AID and the RID to determine whether the terminal belongs to the local network. If not, the home network of the terminal is determined.
  • the data storage unit is further configured to: after the terminal switches the ASR, receive the RID that the target ASR switched by the terminal is reassigned to the terminal;
  • the information updating unit is further configured to update the RID reassigned by the target ASR to the terminal to the home ILR of the terminal after the terminal does not belong to the local network and determine the home network of the terminal.
  • the information update unit is further configured to send the AID of the terminal to the home ILR of the terminal when the terminal retires or releases the IP address, and notifies the home ILR to delete the RID of the terminal.
  • modules or steps of the present invention can be implemented by a general-purpose computing device, which can be concentrated on a single computing device or distributed over a network composed of multiple computing devices. Alternatively, they may be implemented by program code executable by the computing device so that they may be stored in the storage device by the computing device, or they may be separately fabricated into individual integrated circuit modules, or Multiple modules or steps are made into a single integrated circuit module. Thus, the invention is not limited to any particular combination of hardware and software.
  • the present invention saves the AID of the terminal by setting the identity information server, and connects the identity information servers to each other for interaction of the AID of the terminal, so that in the method based on identity location separation, when the terminal When roaming occurs, the AID of the terminal can be obtained, so that the terminal can access the visited network.

Landscapes

  • Engineering & Computer Science (AREA)
  • Databases & Information Systems (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

A method for obtaining an access identifier (AID) of a terminal comprises: setting an identity information server (IIS) in a network, initially storing an AID of a terminal in the network in the IIS, and establishing a mutual connection between IISs; when the terminal accesses from a visited network in a roaming manner, and when a visited IIS queries the AID of the terminal from a visited service access service router (ASR) of the terminal, querying the AID of the terminal from a home IIS of the terminal; and the visited IIS receiving the AID of the terminal that is returned by the home IIS of the terminal. According to the method, the AID of the terminal can be obtained when the terminal roams, so that the terminal can access the visited network.

Description

一种获取终端的接入标识的方法及身份信息服务器  Method for obtaining access identifier of terminal and identity information server

技术领域 Technical field

本发明涉及移动通信领域, 尤其涉及一种获取终端的接入标识的方法及 身份信息服务器。 背景技术  The present invention relates to the field of mobile communications, and in particular, to a method for acquiring an access identifier of a terminal and an identity information server. Background technique

众所周知, 在 IP互联网中, 终端要访问 IP互联网, 就必须从网络申请 一个有效的 IP地址。 该 IP地址具有双重属性, 既表示用户的身份又表示用 户所处的网络拓朴位置。 当用户在某拓朴位置 (比如在某接入网关下)获得 了一个 IP地址后, 该 IP地址只能在该拓朴位置使用 (如, 只能在一个接入 网关管辖的范围内使用) 。 这对于固定终端固然没有问题, 但是对于移动终 端, 当终端从一个接入网关管辖的范围移动到另一个接入网关管辖的范围以 后, 上述的 IP地址会变成一个无效的地址。 此时, 终端必须重新从新的拓朴 位置获取一个新的 IP地址。 这样就无法保证基于 IP的上层业务的连续性, 例如终端用户正在打 IP电话, 则该通话会断掉。  As we all know, in the IP Internet, if a terminal wants to access the IP Internet, it must apply for a valid IP address from the network. The IP address has a dual attribute that represents both the identity of the user and the location of the network topology in which the user is located. When a user obtains an IP address in a topology (for example, under an access gateway), the IP address can only be used in the topology (for example, it can only be used within the scope of one access gateway) . This is certainly not a problem for fixed terminals, but for mobile terminals, the above IP address becomes an invalid address after the terminal moves from the scope of one access gateway to another. At this point, the terminal must re-acquire a new IP address from the new topology. In this way, the continuity of the IP-based upper layer service cannot be guaranteed. For example, if the end user is making an IP call, the call will be broken.

为了解决该问题,业界提出了一系列解决方案,比如基于移动 IP ( Mobile IP ) 的技术、 基于 GTP的技术。 但是这些技术都存在一些普遍公认的问题, 如存在路由迂回、 单点故障等问题。 其中, 路由迂回一方面会导致浪费运营 商的传输承载资源, 不利于节约成本; 另一方面增加了 MN (移动终端)与 CN (通信对端)收发 IP数据包的时延, 不利于改善用户的业务体验; 再一 方面是增大了终端的 IP包在网络上传递时遭遇网络拥塞的可能性,造成终端 业务受阻甚至不能实现(如, 语音、 视频、 在线游戏等实时业务) 。  To solve this problem, the industry has proposed a series of solutions, such as mobile IP (Mobile IP)-based technology, GTP-based technology. However, these technologies have some generally recognized problems, such as routing roundabouts, single points of failure, and so on. On the one hand, routing detours will waste the carrier's transmission bearer resources, which is not conducive to cost saving. On the other hand, it increases the delay of sending and receiving IP data packets between MN (mobile terminal) and CN (communication peer), which is not conducive to improving users. The service experience; on the other hand, it increases the possibility that the terminal's IP packet encounters network congestion when it is transmitted on the network, causing the terminal service to be blocked or even impossible to implement (for example, real-time services such as voice, video, online games, etc.).

目前, 业界开始研究基于身份位置分离的方法, 该方法的目的是在解决 终端跨接入网关后必须重新分配 IP地址的同时解决路由迂回问题。参考图 1 , 该方法的网络逻辑结构主要包括接入服务路由器( Access Service Router, 简 称 ASR )和身份位置寄存器(Identity Location Register, 简称 ILR )等。 ASR 连接其下的接入网, 主要负责用户终端的接入; ILR主要保存终端的 "身份- 位置" 对应关系。 在该方法中, 需要为终端用户配置一个固定的接入标识 ( Access Identity, 简称 AID ) , 用于标识用户的身份, AID保存在 ILR中。 当用户终端接入到网络中时, ASR到 ILR中查询获取该终端的 AID , 并发送 给该终端。 At present, the industry begins to study the method based on identity location separation. The purpose of this method is to solve the routing detour problem while resolving the IP address after the terminal crosses the access gateway. Referring to FIG. 1, the network logical structure of the method mainly includes an Access Service Router (ASR) and an Identity Location Register (ILR). The ASR is connected to the access network under it, and is mainly responsible for accessing the user terminal; the ILR mainly stores the "identity-location" correspondence of the terminal. In this method, a fixed access identifier needs to be configured for the end user. (Access Identity, AID for short), used to identify the identity of the user. The AID is stored in the ILR. When the user terminal accesses the network, the ASR queries the ILR to obtain the AID of the terminal, and sends the AID to the terminal.

在实际部署的网络中, 往往存在多个运营商, 且这些运营商之间会有漫 游协议, 即运营商 B允许运营商 A的终端通过自己的网络接入, 并给该终端 提供相应的网络服务。在上述的基于身份位置分离的方法里,终端用户的 AID 保存在该用户的归属运营商的 ILR中。 如图 2所示的例子, 用户终端 A是运 营商 A的签约用户 (即, 运营商 A是终端 A的归属运营商), 此时, 该用户 的 AID存储在身份位置寄存器 A ( ILR-A ) 中。 当终端漫游到运营商 B (即, 拜访地运营商) , 通过接入服务路由器 B ( ASR-B )接入时, ASR-B无法获 取到该终端的 AID。 因为运营商 B的 ILR-B中没有该用户的记录, 即没有该 用户的 AID信息。 因此, 在上述的基于身份位置分离的方法中, 当终端发生 漫游时, 即使其归属运营商与当前的拜访地运营商之间有漫游协议, 终端也 因无法获取到该终端用户的 AID而无法入网。  In an actual deployed network, there are often multiple carriers, and there are roaming agreements between these carriers. That is, Carrier B allows the terminals of Carrier A to access through their own networks and provide corresponding networks to the terminals. service. In the above method based on identity location separation, the AID of the end user is stored in the ILR of the home operator of the user. As shown in the example of FIG. 2, the user terminal A is the subscriber of the operator A (ie, the operator A is the home operator of the terminal A), and at this time, the user's AID is stored in the identity location register A (IRR-A). ). When the terminal roams to the carrier B (ie, the visited carrier) and accesses through the access service router B (ASR-B), the ASR-B cannot obtain the AID of the terminal. Because there is no record of the user in the ILR-B of the operator B, there is no AID information of the user. Therefore, in the foregoing method based on identity location separation, when a terminal roams, even if there is a roaming agreement between the home operator and the current visited operator, the terminal cannot obtain the AID of the terminal user. Network access.

发明内容 Summary of the invention

本发明提供一种获取终端的接入标识的方法及身份信息服务器, 能够在 终端漫游情况下获取到终端的接入标识。  The invention provides a method for acquiring an access identifier of a terminal and an identity information server, which can obtain an access identifier of the terminal in the case that the terminal roams.

为解决上述技术问题, 本发明实施方式提供一种获取终端的接入标识的 方法, 包括:  To solve the above technical problem, an embodiment of the present invention provides a method for acquiring an access identifier of a terminal, including:

在网络中设置身份信息服务器 (IIS),在 IIS中初始保存所述网络中的终端 的接入标识 (AID), 并建立各 IIS之间的相互连接;  Setting up an identity information server (IIS) in the network, initially storing an access identifier (AID) of the terminal in the network in IIS, and establishing interconnections between the IISs;

在终端从拜访地网络漫游接入时, 拜访地 IIS在终端的拜访地服务接入 服务路由器 (ASR)查询终端的 AID时, 向终端的归属 IIS查询终端的 AID; 以 及  When the terminal roams from the visited network, the visited IIS queries the terminal's home IIS for the terminal's AID when the terminal's visited service access service router (ASR) queries the terminal's AID; and

所述拜访地 IIS接收所述终端的归属 IIS返回的终端的 AID。 该方法还包括:  The visited IIS receives the AID of the terminal returned by the home IIS of the terminal. The method also includes:

在 IIS中初始保存终端用于接入鉴权的标识, 并将终端的 AID与终端用 于接入鉴权的标识相关联; Initially save the identifier used by the terminal for access authentication in IIS, and use the terminal's AID and terminal. Associated with the identity of the access authentication;

拜访地 IIS向终端的归属 IIS查询终端的 AID的步骤包括: 所述拜访地 IIS在接收到所述拜访地服务 ASR发送的终端用于接入鉴权的标识时, 获知 所述拜访地服务 ASR查询所述终端的 AID; 以及  The step of the visited IIS querying the AID of the terminal to the home IIS of the terminal includes: the visited IIS is informed of the visited service ASR when receiving the identifier used by the terminal sent by the visited service ASR to access the authentication Querying the AID of the terminal;

所述拜访地 IIS将接收到的终端用于接入鉴权的标识发送给所述终端的 归属 IIS, 查询所述终端的 AID;  The visited IIS sends the received identifier of the terminal for access authentication to the home IIS of the terminal, and queries the AID of the terminal;

所述拜访地 IIS接收所述终端的归属 IIS返回的终端的 AID的步骤包括: 所述拜访地 IIS接收所述终端的归属 IIS返回的根据所述终端用于接入鉴权的 标识查询到的 AID。 该方法还包括: 所述拜访地 IIS在向所述终端的归属 IIS查询所述终端的 The step of the visited IIS receiving the AID of the terminal returned by the home IIS of the terminal includes: the visited IIS receiving the identifier returned by the home IIS of the terminal according to the identifier used by the terminal for access authentication AID. The method further includes: the visited IIS querying the terminal IIS to the terminal

AID前, 根据所述终端用于接入鉴权的标识判断所述终端是否归属于本地网 络,在终端不归属于本地网络时,确定所述终端的归属 IIS, 以向所述归属 ns 查询所述终端的 AID。 Before the AID, determining, according to the identifier used by the terminal for access authentication, whether the terminal belongs to the local network, and determining, when the terminal does not belong to the local network, determining the home IIS of the terminal, to query the home ns The AID of the terminal.

各 IIS之间直接相连, 或通过一个或多个边界网关相连;  Each IIS is directly connected to each other or connected through one or more border gateways;

当所述 IIS通过所述一个或者多个边界网关相连时, 所述 IIS之间的边界 网关根据终端用于接入鉴权的标识完成 IIS之间的交互。  When the IIS is connected through the one or more border gateways, the border gateway between the IISs completes the interaction between the IISs according to the identifier used by the terminal for access authentication.

各 IIS之间基于远程认证拨号接入用户服务( RADIUS )消息或 Diameter 消息进行交互。  Each IIS interacts based on a Remote Authentication Dial-In User Service (RADIUS) message or a Diameter message.

在长期演进 (LTE)网络中, 将分组数据网络网关 (P-GW)作为 ASR; 将 IIS 部署在与 P-GW连接的认证、授权和计费 (AAA)服务器上,并将网络中的 AAA 服务器相互连接;或者,将 IIS部署在与 P-GW连接的移动性管理实体 (MME) 上, 并将网络中的 MME相互连接; 或者,  In a Long Term Evolution (LTE) network, a Packet Data Network Gateway (P-GW) is used as an ASR; IIS is deployed on an Authentication, Authorization, and Accounting (AAA) server connected to the P-GW, and AAA in the network The servers are connected to each other; or IIS is deployed on a mobility management entity (MME) connected to the P-GW, and the MMEs in the network are connected to each other; or

在第三代移动通信 (3G)网络中, 将网关通用分组无线服务支持节点 (GGSN)作为 ASR; 将 IIS部署在与 GGSN连接的 AAA服务器上, 并将网络 中的 AAA服务器相互连接; 或者, 将 IIS部署在与 GGSN连接的归属位置寄 存器 (HLR)上, 并将网络中的 HLR相互连接; 或者, 将 IIS部署在与 GGSN 连接的归属签约服务器 (HSS)上, 并将网络中的 HSS相互连接; 或者,  In the third generation mobile communication (3G) network, the gateway general packet radio service support node (GGSN) is used as the ASR; the IIS is deployed on the AAA server connected to the GGSN, and the AAA servers in the network are connected to each other; or Deploy IIS on the home location register (HLR) connected to the GGSN, and connect the HLRs in the network to each other; or deploy IIS on the home subscription server (HSS) connected to the GGSN, and connect the HSSs in the network to each other. Connect; or,

在固定网络中, 将宽带远程接入服务器 (BRAS)作为 ASR, 将 IIS部署在 与 BRAS连接的 AAA服务器上, 并将网络中的 AAA服务器相互连接。 本发明实施方式还提供一种保存终端的接入标识的方法, 包括: 建立网络中各身份位置寄存器 (ILR)之间的相互连接; In a fixed network, the Broadband Remote Access Server (BRAS) is used as the ASR, and IIS is deployed in Connect to the BRAS on the AAA server and connect the AAA servers in the network to each other. An embodiment of the present invention further provides a method for saving an access identifier of a terminal, including: establishing an interconnection between each identity location register (ILR) in the network;

在终端从拜访地网络漫游接入时, 拜访地 ILR接收终端的拜访地服务接 入服务路由器 (ASR )发送的所述终端的接入标识 (AID)和路由标识 (RID), 其中所述 AID 由所述拜访地服务 ASR从拜访地身份信息服务器 (IIS)查询得 到; 所述 RID由所述拜访地服务 ASR在查询到所述 AID后, 为所述终端分 配; 以及  When the terminal roams from the visited network, the visited ILR receives the access identifier (AID) and the route identifier (RID) of the terminal sent by the visited service access service router (ASR) of the terminal, where the AID Querying from the visited location information server (IIS) by the visited service ASR; the RID is allocated by the visited service ASR to the terminal after querying the AID;

所述拜访地 ILR将所述终端的 AID和 RID发送给所述终端的归属 ILR, 以使所述归属 ILR保存所述终端的 AID与 RID的对应关系。 该方法还包括:所述拜访地 ILR在将所述终端的 AID和 RID发送给终端 的归属 ILR前, 根据终端的 AID和预先配置的信息判断终端是否归属于本地 网络,如果不属于,确定所述终端的归属网络;或者根据所述拜访地服务 ASR 在发送 AID和 RID的同时发送的终端用于接入鉴权的标识判断终端是否归属 于本地网络, 如果不属于, 确定所述终端的归属网络。  The visited ILR sends the AID and the RID of the terminal to the home ILR of the terminal, so that the home ILR saves the correspondence between the AID and the RID of the terminal. The method further includes: before the AID and the RID of the terminal are sent to the home ILR of the terminal, determining, according to the AID of the terminal and the pre-configured information, whether the terminal belongs to the local network, and if not, determining the location Determining whether the terminal belongs to the local network, if not, according to the identity of the terminal, or determining whether the terminal belongs to the local network according to the identifier of the terminal that is sent by the ASR and the RID. The internet.

各 ILR之间直接相连, 或通过一个或多个边界网关相连;  Each ILR is directly connected to each other or connected through one or more border gateways;

当所述 ILR通过所述一个或者多个边界网关相连时, 所述 ILR之间的边 界网关根据终端的 AID或终端用于接入鉴权的标识完成 ILR之间的交互。 该方法还包括:  When the ILR is connected by the one or more border gateways, the border gateway between the ILRs completes the interaction between the ILRs according to the AID of the terminal or the identifier used by the terminal for access authentication. The method also includes:

所述拜访地 ILR在所述终端切换 ASR后, 接收终端切换到的目标 ASR 为终端重新分配的 RID; 以及  After the terminal switches the ASR, the visited ILR receives the RID reassigned by the target ASR to which the terminal is handed over;

所述拜访地 ILR在所述终端不属于本地网络并确定终端的归属网络后, 将目标 ASR为终端重新分配的 RID更新到终端的归属 ILR。 该方法还包括:  After the terminal does not belong to the local network and determines the home network of the terminal, the visited ILR updates the RID re-allocated by the target ASR to the terminal to the home ILR of the terminal. The method also includes:

在所述终端的通信对端 (CN)向所述终端发送数据报文时, 所述 CN所在 网络中的 ILR在所述 CN的服务 ASR查询所述终端的位置信息时, 若判断本 地未保存有所述终端的 AID-RID的对应关系 ,则将所述终端的 AID发送给所 述终端的归属 ILR, 以查询所述终端的 RID; 以及 When the communication peer (CN) of the terminal sends a data packet to the terminal, the ILR in the network where the CN is located is used to determine the location information of the terminal when the service ASR of the CN queries the location information of the terminal. If the AID-RID correspondence of the terminal is not saved, the AID of the terminal is sent to the home ILR of the terminal to query the RID of the terminal;

所述 CN所在网络中的 ILR接收所述终端的归属 ILR根据所接收的 AID 在本地查询并返回的所述终端的 RID。 该方法还包括: 所述拜访地 ILR在所述终端退网或释放 IP地址时, 将所 述终端的 AID发送给所述终端的归属 ILR, 通知所述归属 ILR删除所述终端 的 RID。  The ILR in the network where the CN is located receives the RID of the terminal that the home ILR of the terminal queries and returns locally according to the received AID. The method further includes: when the terminal retires or releases the IP address, the visited ILR sends the AID of the terminal to the home ILR of the terminal, and notifies the home ILR to delete the RID of the terminal.

各 ILR之间基于远程认证拨号接入用户服务(RADIUS)消息或 Diameter 消息进行交互。  Each ILR interacts based on a Remote Authentication Dial-In User Service (RADIUS) message or a Diameter message.

在长期演进 (LTE)网络中,将分组数据网络网关 (P-GW)作为 ASR,将 ILR 部署在与 P-GW连接的认证、授权和计费 (AAA)服务器上,并将网络中的 AAA 服务器相互连接;或者,将 ILR部署在与 P-GW连接的移动性管理实体 (MME) 上, 并将网络中的 MME相互连接; 或者,  In a Long Term Evolution (LTE) network, a Packet Data Network Gateway (P-GW) is used as an ASR, and an ILR is deployed on an Authentication, Authorization, and Accounting (AAA) server connected to the P-GW, and AAA in the network. The servers are connected to each other; or the ILRs are deployed on a mobility management entity (MME) connected to the P-GW, and the MMEs in the network are connected to each other; or

在第三代移动通信 (3G)网络中, 将网关通用分组无线服务支持节点 (GGSN)作为 ASR, 将 ILR部署在与 GGSN连接的 AAA服务器上, 并将网络 中的 AAA服务器相互连接; 或者, 将 ILR部署在与 GGSN连接的归属位置 寄存器 (HLR)上,并将网络中的 HLR相互连接;或者,将 ILR部署在与 GGSN 连接的归属签约服务器 (HSS)上, 并将网络中的 HSS相互连接; 或者,  In the third generation mobile communication (3G) network, the gateway general packet radio service support node (GGSN) is used as the ASR, the ILR is deployed on the AAA server connected to the GGSN, and the AAA servers in the network are connected to each other; or The ILR is deployed on the home location register (HLR) connected to the GGSN, and the HLRs in the network are connected to each other; or the ILR is deployed on a home subscription server (HSS) connected to the GGSN, and the HSSs in the network are mutually connected. Connect; or,

在固定网络中, 将宽带远程接入服务器 (BRAS)作为 ASR, 将 ILR部署在 与 BRAS连接的 AAA服务器上, 并将网络中的 AAA服务器相互连接。 本发明实施方式还提供一种身份信息服务器, 包括: 数据存储单元、 信 息交互单元和信息查询单元, 其中:  In the fixed network, the Broadband Remote Access Server (BRAS) is used as the ASR, the ILR is deployed on the AAA server connected to the BRAS, and the AAA servers in the network are connected to each other. An embodiment of the present invention further provides an identity information server, including: a data storage unit, an information interaction unit, and an information query unit, where:

所述数据存储单元设置成初始保存所在网络中的终端的接入标识 (AID); 所述信息交互单元设置成建立各身份信息服务器 (IIS)之间的相互连接; 所述信息查询单元设置成在终端漫游接入时, 在终端的拜访地服务接入 服务路由器 (ASR)查询终端的 AID时, 通过所述信息交互单元向终端的归属 IIS查询终端的 AID , 并接收所述终端的归属 IIS返回的终端的 AID。 所述数据存储单元还设置成初始保存终端用于接入鉴权的标识, 并将终 端的 AID与终端用于接入鉴权的标识相关联; The data storage unit is configured to initially save an access identifier (AID) of a terminal in a network; the information interaction unit is configured to establish an interconnection between each identity information server (IIS); the information query unit is configured to When the terminal is roaming access, when the visited service access router (ASR) of the terminal queries the AID of the terminal, the information interaction unit searches the home IIS of the terminal for the AID of the terminal, and receives the home IIS of the terminal. The AID of the returned terminal. The data storage unit is further configured to initially save the identifier used by the terminal for access authentication, and associate the AID of the terminal with the identifier used by the terminal for access authentication;

所述信息查询单元是设置成通过如下方式查询并接收所述终端的 AID: 在接收到所述拜访地服务 ASR发送的终端用于接入鉴权的标识时,获知所述 拜访地服务 ASR要查询所述终端的 AID,将接收到的终端用于接入鉴权的标 识发送给所述终端的归属 IIS, 以通过所述信息交互单元向终端的归属 IIS查 询所述终端的 AID,并接收所述终端的归属 IIS返回的根据所述终端用于接入 鉴权的标识查询到的 AID。  The information querying unit is configured to query and receive the AID of the terminal by: when receiving the identifier used by the terminal sent by the visited service ASR to access the authentication, it is known that the visited service ASR is to be Querying the AID of the terminal, and sending the received identifier of the terminal for access authentication to the home IIS of the terminal, by using the information interaction unit to query the home IIS of the terminal for the AID of the terminal, and receiving The AID returned by the home IIS of the terminal according to the identifier used by the terminal for access authentication.

所述信息查询单元还设置成在向所述终端的归属 IIS 查询所述终端的 AID前, 根据所述终端用于接入鉴权的标识判断所述终端是否归属于本地网 络,在终端不归属于本地网络时,确定所述终端的归属 IIS, 以向所述归属 ns 查询所述终端的 AID。  The information querying unit is further configured to determine, according to the identifier used by the terminal for access authentication, whether the terminal belongs to the local network before the home IIS of the terminal queries the AID of the terminal, and the terminal does not belong to the terminal. At the local network, the home IIS of the terminal is determined to query the home ns for the AID of the terminal.

所述信息查询单元还设置成在接收到其他身份信息服务器发送的终端用 于接入鉴权的标识后, 根据接收到的终端用于接入鉴权的标识从所述数据存 储单元查询对应的 AID, 并将查询到的 AID返回给相应的身份信息服务器。 本发明实施方式还提供一种身份位置寄存器, 包括信息交互单元、 数据 存储单元和信息更新单元, 其中:  The information querying unit is further configured to, after receiving the identifier sent by the terminal sent by the other identity information server for access authentication, query the corresponding data from the data storage unit according to the identifier used by the terminal for access authentication. AID, and return the queried AID to the corresponding identity information server. An embodiment of the present invention further provides an identity location register, including an information interaction unit, a data storage unit, and an information update unit, where:

所述信息交互单元设置成建立网络中各身份位置寄存器 (ILR)之间的相 互连接;  The information interaction unit is configured to establish an interconnection between respective identity location registers (ILRs) in the network;

所述数据存储单元设置成在终端漫游接入时, 接收并保存终端的拜访地 服务接入服务路由器 ASR发送的所述终端的接入标识 (AID)和路由标识 (RID), 所述 AID由所述拜访地服务 ASR从拜访地身份信息服务器 (IIS)查询 得到; 所述 RID由所述拜访地服务 ASR在查询到所述 AID后, 为所述终端 分配;  The data storage unit is configured to receive and save an access identifier (AID) and a route identifier (RID) of the terminal sent by the visited service access service router ASR of the terminal when the terminal roams access, where the AID is The visited service ASR is queried from the visited identity information server (IIS); the RID is allocated by the visited service ASR to the terminal after querying the AID;

所述信息更新单元设置成通过所述信息交互单元将所述终端的 AID和 The information updating unit is configured to pass the AID of the terminal by the information interaction unit

RID发送给所述终端的归属 ILR, 以使所述归属 ILR保存所述终端的 AID与 RID的对应关系。 The RID is sent to the home ILR of the terminal, so that the home ILR saves the correspondence between the AID and the RID of the terminal.

所述信息更新单元还设置成在将所述终端的 AID和 RID发送给终端的归 属 ILR前,根据终端的 AID和预先配置的信息判断终端是否归属于本地网络, 如果不属于, 确定所述终端的归属网络; 或者根据所述拜访地服务 ASR在发 送 AID和 RID的同时发送的终端用于接入鉴权的标识判断终端是否归属于本 地网络, 如果不属于, 确定所述终端的归属网络。 The information updating unit is further configured to send the AID and the RID of the terminal to the terminal Before the ILR, determine whether the terminal belongs to the local network according to the AID of the terminal and the pre-configured information, and if not, determine the home network of the terminal; or send the AID and the RID according to the visited service ASR. The identifier used by the terminal for access authentication determines whether the terminal belongs to the local network. If not, determines the home network of the terminal.

所述数据存储单元还设置成在所述终端切换 ASR后,接收终端切换到的 目标 ASR为终端重新分配的 RID;  The data storage unit is further configured to: after the terminal switches the ASR, receive the RID that the target ASR switched by the terminal is reassigned by the terminal;

所述信息更新单元还设置成在所述终端不属于本地网络并确定终端的归 属网络后, 将目标 ASR为终端重新分配的 RID更新到终端的归属 ILR。  The information updating unit is further configured to update the RID reassigned by the target ASR to the terminal to the home ILR of the terminal after the terminal does not belong to the local network and determine the home network of the terminal.

所述信息更新单元还设置成在所述终端退网或释放 IP地址时,将所述终 端的 AID发送给所述终端的归属 ILR, 通知所述归属 ILR删除所述终端的 RID。  The information update unit is further configured to send the AID of the terminal to the home ILR of the terminal when the terminal retires or releases the IP address, and notify the home ILR to delete the RID of the terminal.

综上所述, 本发明通过设置身份信息服务器保存终端的 AID, 并将身份 信息服务器相互连接, 以便进行终端的 AID的交互, 从而使得在基于身份位 置分离的方法中, 当终端发生漫游时, 能够获取到终端的 AID, 使终端能够 接入到拜访地网络中。 附图概述 In summary, the present invention saves the AID of the terminal by setting the identity information server, and connects the identity information servers to each other for interaction of the AID of the terminal, so that in the method based on the identity location separation, when the terminal roams, The AID of the terminal can be obtained, so that the terminal can access the visited network. BRIEF abstract

图 1为相关技术中的身份位置分离网络的架构图;  1 is an architectural diagram of an identity location separation network in the related art;

图 2为相关技术中终端在身份位置分离网络中漫游的示意图;  2 is a schematic diagram of a terminal roaming in an identity location separated network in the related art;

图 3为本发明的获取终端的接入标识的系统的架构图;  3 is an architectural diagram of a system for acquiring an access identifier of a terminal according to the present invention;

图 4为本发明的获取终端的接入标识的方法的实施例 1的流程图; 图 5为本发明的获取终端的接入标识的方法在终端切换时的流程图; 图 6为本发明的获取终端的接入标识的方法的实施例 2的流程图; 图 7为本发明的获取终端的接入标识的方法的实施例 3的流程图; 图 8为本发明的方法应用于 LTE网络时的示意图;  4 is a flowchart of Embodiment 1 of a method for acquiring an access identifier of a terminal according to the present invention; FIG. 5 is a flowchart of a method for acquiring an access identifier of a terminal in a terminal handover manner according to the present invention; FIG. 7 is a flowchart of Embodiment 3 of a method for obtaining an access identifier of a terminal according to the present invention; FIG. 8 is a flowchart of a method for acquiring an access identifier of a terminal according to the present invention; Schematic diagram

图 9为本发明的方法应用于 3G网络时的示意图; 图 10为本发明的方法应用于固定网络时的示意图; 9 is a schematic diagram of a method of the present invention applied to a 3G network; 10 is a schematic diagram of a method of the present invention applied to a fixed network;

图 11为本发明的身份信息服务器的架构图;  11 is an architectural diagram of an identity information server of the present invention;

图 12为本发明的身份位置寄存器的架构图。  Figure 12 is a block diagram of the identity location register of the present invention.

本发明的较佳实施方式 Preferred embodiment of the invention

与有关的身份位置分离技术所不同的是, 在本实施方式中, 使用专门的 身份信息服务器(Identity Information Server, 在本文中简称为 IIS )来保存终 端用户的 AID。如图 3所示,运营商 A建有自己的身份信息服务器 A( IIS-A ) , 同时运营商 B也建有自己的 IIS-B。 优选 IIS同时记录终端用户用于接入鉴权 的标识和该用户的 AID, 并将两者关联起来。 终端用户用于接入鉴权的标识 一般包括国际移动用户识别码( International Mobile Subscriber Identity , 简称 IMSI ) , 网络接入标识 ( Network Access Identifier, NAI )等。 为了支持终端 用户的漫游接入, 需要在拜访地运营商的 IIS (拜访地 IIS )和归属运营商的 IIS (归属 IIS )之间增加信令接口 (如图 3所示), 该接口的主要功能是用于 在拜访地 IIS和归属 IIS之间传递终端用户的接入标识( AID ) 。  Different from the related identity location separation technology, in the present embodiment, a dedicated identity information server (Identity Information Server, hereinafter referred to as IIS) is used to save the AID of the terminal user. As shown in Figure 3, Carrier A has its own Identity Server A (IIS-A), and Carrier B has its own IIS-B. Preferably, IIS records both the identity used by the end user for access authentication and the AID of the user, and associates the two. The identifier used by the terminal user for access authentication generally includes an International Mobile Subscriber Identity (IMSI), a Network Access Identifier (NAI), and the like. In order to support the roaming access of the end user, a signaling interface (shown in Figure 3) needs to be added between the visited operator's IIS (visited IIS) and the home operator's IIS (home IIS). The function is to pass the end user's access identifier (AID) between the visited IIS and the home IIS.

值得说明的是,拜访地运营商的 IIS可以与归属运营商的 IIS之间建立直 接相连的接口, 也可以通过一个或者多个边界网关间接建立接口。 即, 拜访 地运营商以及归属运营商的 IIS与上述的边界网关分别建立接口, 两个 IIS之 间的交互通过该边界网关的中转来完成。 边界网关的一般作用是保护双方运 营商的数据安全以及不受攻击。 值得说明的是, 这里的边界网关一般可被称 为边界 IIS ( Border IIS, 简称 B-IIS ) 、 关口 IIS ( Gateway IIS , 简称 G-IIS ) 或者代理 IIS ( Proxy IIS , 简称 P-IIS ) 。  It is worth noting that the IIS of the visited operator can establish a directly connected interface with the IMS of the home carrier, or can indirectly establish an interface through one or more border gateways. That is, the visited operator and the home operator's IIS establish an interface with the above-mentioned border gateways, and the interaction between the two IISs is completed by the transit of the border gateway. The general role of the border gateway is to protect the data security of both operators and to be free from attacks. It is worth noting that the border gateway here can be generally referred to as Border IIS (B-IIS), Gateway IIS (G-IIS) or Proxy IIS (P-IIS).

为了支持终端的归属运营商也能掌握终端的位置信息, 优选的, 在拜访 地运营商的 ILR (拜访地 ILR )和归属运营商的 ILR (归属 ILR )之间增加信 令接口。 同样地, 拜访地运营商的 ILR可以与归属运营商的 ILR之间建立直 接相连的接口, 也可以通过一个或者多个边界网关间接建立接口。 相应地, 边界网关一般可被称为边界身份位置寄存器(Border ILR, 简称 B-ILR ) 、 关 口身份位置寄存器 (Gateway ILR, 简称 G-ILR )或者代理身份位置寄存器 ( Proxy ILR, 简称 P-ILR ) 。 如图 3所示, 运营商 B为终端 A的拜访地运营商, 运营商 A为终端 A 的归属运营商。 运营商 A的 IIS-A与运营商 B的 IIS-B之间建立接口。 若终 端 A从运营商 B漫游接入,则通过接入服务路由器 B ( ASR-B )接入。 ASR-B 向 IIS-B请求该终端的 AID, 此时 IIS-B即可以通过上述的接口从 IIS-A中获 取到终端 A的 AID, 并发送给终端。 这样, 可以解决上述的终端在漫游地运 营商无法接入的问题。 In order to support the home operator of the terminal, the location information of the terminal can also be grasped. Preferably, a signaling interface is added between the visited operator's ILR (visited ILR) and the home operator's ILR (home ILR). Similarly, the ILR of the visited operator can establish a directly connected interface with the home operator's ILR, or can indirectly establish an interface through one or more border gateways. Correspondingly, the border gateway can be generally referred to as Border ILR (B-ILR for short), Gateway ILR (G-ILR for short) or Proxy ILR (P-ILR for short). ). As shown in FIG. 3, the operator B is the visited operator of the terminal A, and the operator A is the home carrier of the terminal A. An interface is established between IIS-A of carrier A and IIS-B of carrier B. If terminal A roams access from carrier B, it accesses through access service router B (ASR-B). ASR-B requests the AID of the terminal from IIS-B. At this time, IIS-B can obtain the AID of terminal A from IIS-A through the above interface, and send it to the terminal. In this way, the problem that the terminal cannot be accessed by the roaming operator can be solved.

实施例 1 : Example 1

图 4所示为本实施方式的第一实施例, 是终端接入到网络中, 从网络获 取该终端的接入标识(AID ) 的过程, 具体包括以下步骤:  FIG. 4 shows a first embodiment of the present embodiment, which is a process in which a terminal accesses a network and obtains an access identifier (AID) of the terminal from the network, and specifically includes the following steps:

步骤 401 : 终端漫游到拜访地运营商, 并接入到拜访地运营商的网络, 附着到其接入服务路由器(ASR )上,此时,该 ASR为该终端的服务 ASR (即 拜访地服务 ASR ) ;  Step 401: The terminal roams to the visited operator, and accesses the network of the visited operator, and attaches to the access service router (ASR). At this time, the ASR is the service ASR of the terminal (ie, the visited service) ASR ) ;

一般来说, 服务 ASR在本步骤中获取到终端用于接入鉴权的标识, 例如 上述的 IMSI、 NAI或者用户名 (User Name )等。 基于上述的用户名, 网络 首先对该终端用户进行接入鉴权, 在接入鉴权通过以后再执行后续的流程。  Generally, the service ASR obtains the identifier used by the terminal for access authentication in this step, such as the above-mentioned IMSI, NAI, or User Name. Based on the user name mentioned above, the network first performs access authentication on the terminal user, and then performs subsequent processes after the access authentication is passed.

步骤 402: 上述的 ASR (位于拜访地运营商) 向拜访地身份信息服务器 ( IIS )查询该终端用户的 AID, 携带上述获得的终端用于接入鉴权的标识; 步骤 403: 拜访地 IIS收到上述请求以后, 首选判断该用户是否归属于本 地网络;  Step 402: The ASR (located at the visited operator) queries the visited identity information server (IIS) for the AID of the terminal user, and carries the identifier of the obtained terminal for access authentication; Step 403: Visiting the IIS After the above request, it is preferred to determine whether the user belongs to the local network;

拜访地 IIS根据上述终端用于接入鉴权的标识(即, 使用该终端的用户 的用于接入鉴权的标识, 以下均表达为终端用于接入鉴权的标识)可以做出 判断。 在本实施方式中, 由于假定用户当前接入的是拜访地运营商, 所以此 时拜访地 IIS还需要进一步确定该终端用户的归属运营商 ,一般根据终端用于 接入鉴权的标识,拜访地 IIS即可确定该终端的归属运营商。优选的,依赖于 配置信息, 拜访地 IIS还可以确定该终端的归属 IIS。  The visited IIS can make a judgment according to the identifier used by the terminal for access authentication (that is, the identifier used by the user of the terminal for access authentication, and the following is expressed as the identifier used by the terminal for access authentication). . In this embodiment, since it is assumed that the user is currently accessing the visited operator, the visited IIS needs to further determine the home operator of the terminal user, and generally visits according to the identifier used by the terminal for access authentication. IIS can determine the home operator of the terminal. Preferably, depending on the configuration information, the visited IIS can also determine the home IIS of the terminal.

步骤 404: 拜访地 IIS向终端用户的归属 IIS (位于终端用户的归属运营 商)发送消息, 查询该终端的 AID, 消息中携带终端用于接入鉴权的标识; 步骤 405: 归属地 IIS收到上述请求之后, 优选首先校验请求消息来源于 合法的请求方, 然后依据上述终端用于接入鉴权的标识在本地查询对应的Step 404: The visited IIS sends a message to the home IIS (located in the home operator of the terminal user) of the terminal user, and queries the AID of the terminal, where the message carries the identifier used by the terminal to access the authentication; Step 405: After receiving the foregoing request, the home IIS preferably first verifies that the request message is from a legal requester, and then locally queries the corresponding identifier according to the identifier used by the terminal for access authentication.

AID, 并向拜访地 IIS返回应答消息, 携带该 AID; AID, and return a response message to the visited IIS, carrying the AID;

步骤 406: 拜访地 IIS向 ASR返回查询到的 AID;  Step 406: Visiting IIS returns the queried AID to the ASR;

步骤 407: ASR将上述 AID发送给终端, 作为终端的身份标识配置在终 端本地;  Step 407: The ASR sends the foregoing AID to the terminal, and the identity of the terminal is configured locally at the terminal.

后续终端将该 AID作为自己的 IP地址用于与外界的通信。  The subsequent terminal uses the AID as its own IP address for communication with the outside world.

步骤 408: 在获得到终端的 AID以后, 上述 ASR还要为终端分配路由标 识( Routing Identifier, 简称 RID, 又可称为位置标识) ;  Step 408: After obtaining the AID of the terminal, the ASR further allocates a route identifier (RID, also referred to as a location identifier) to the terminal.

步骤 409: ASR (此 ASR为拜访地运营商的 ASR )将终端的 RID更新到 拜访地运营商的 ILR (拜访地 ILR ) , 携带终端用户的 AID以及上述分配的 RID, 同时优选还可以携带上述终端用于接入鉴权的标识;  Step 409: The ASR (the ASR is the ASR of the visited operator) updates the RID of the terminal to the ILR (visited ILR) of the visited operator, carries the AID of the terminal user, and the allocated RID, and preferably carries the above The identifier used by the terminal to access the authentication;

步骤 410: 拜访地 ILR将终端的 AID-RID对应关系保存在本地, 向该终 端的归属 ILR发送消息, 携带上述 AID-RID的对应关系;  Step 410: The visited ILR saves the AID-RID correspondence of the terminal locally, and sends a message to the home ILR of the terminal, and carries the corresponding relationship of the AID-RID;

优选地, 拜访地 ILR能判断该 AID对应的终端不是归属于本运营商。 拜 访地 ILR可以根据 AID以及预先配置的信息判断出该 AID不属于本运营商, 以及能判断出该 AID所归属的运营商; 或者, 拜访地 ILR根据步骤 409中优 选携带的终端用于接入鉴权的标识判断出对应的 AID不属于本运营商, 以及 能判断出该 AID所归属的运营商。  Preferably, the visited ILR can determine that the terminal corresponding to the AID is not attributable to the operator. The visited ILR can determine, according to the AID and the pre-configured information, that the AID does not belong to the operator, and can determine the operator to which the AID belongs; or, the visited ILR is used for access according to the terminal that is preferably carried in step 409. The identifier of the authentication determines that the corresponding AID does not belong to the carrier, and can determine the operator to which the AID belongs.

步骤 411 : 归属 ILR获取到上述信息以后, 将该终端的 AID-RID的对应 关系保存在本地;  Step 411: After the home ILR obtains the foregoing information, the corresponding relationship of the AID-RID of the terminal is saved locally;

此时, 终端的归属运营商也能获知该终端当前的位置信息。 归属 ILR向 拜访地 ILR返回应答消息。  At this time, the home operator of the terminal can also obtain the current location information of the terminal. The home ILR returns a response message to the visited ILR.

步骤 412: 拜访地 ILR向 ASR返回应答消息。  Step 412: The visited ILR returns a response message to the ASR.

值得说明的是, 在步骤 410 中, 拜访地 ILR也可以不记录该终端的 It should be noted that, in step 410, the visited ILR may also not record the terminal.

AID-RID对应关系, 而直接将终端的 AID-RID发送给终端用户的归属 ILR , 仅由该归属 ILR保存终端的 AID-RID对应关系。 The AID-RID corresponds to the relationship, and the AID-RID of the terminal is directly sent to the home ILR of the terminal user, and only the home ILR stores the AID-RID correspondence of the terminal.

通过本发明上述实施例的方法, 可以解决现有技术的问题。 当终端漫游 时, 通过拜访地运营商的 ASR接入到网络以后, 也能获取到自己的 AID, 并 使用该 AID作为自己的源地址与外界通信。 The problems of the prior art can be solved by the method of the above embodiment of the present invention. When the terminal roams When the ASR of the visited carrier accesses the network, it can also obtain its own AID and use the AID as its own source address to communicate with the outside world.

值得说明的是, 在本实施方式的描述中, 拜访地 IIS与归属 IIS之间是直 接交互的。 如上文所述, 拜访地 IIS与归属 IIS之间可以通过一个或多个边界 网关(如上述的 B-IIS, G-IIS或 P-IIS )相互通信, 此时边界网关也可以根据 上述的终端用于接入鉴权的标识来确定应当将相应的消息发送到哪一个下一 跳边界网关或归属 IIS (如步骤 403所述的方法)。 同理, 拜访地 ILR与归属 ILR之间也可以通过一个或多个边界网关(如上述的 B-ILR, P-ILR, G-ILR ) 互通, 该边界网关可以依照步骤 410所述的方法, 根据 AID或者上述的终端 用户用于接入鉴权的标识来判断应当将相应的消息发送到哪一个下一跳边界 网关或归属 ILR。  It should be noted that in the description of the present embodiment, the visited IIS and the home IIS are directly interacted with each other. As mentioned above, the visited IIS and the home IIS can communicate with each other through one or more border gateways (such as B-IIS, G-IIS or P-IIS mentioned above), and the border gateway can also be based on the above terminal. The identity used for access authentication determines which next hop border gateway or home IIS should be sent the corresponding message (as described in step 403). Similarly, the visited ILR and the home ILR may also be interworked through one or more border gateways (such as B-ILR, P-ILR, G-ILR), and the border gateway may follow the method described in step 410. According to the AID or the identifier used by the terminal user for access authentication, it is determined which next-hop border gateway or home ILR should be sent to the corresponding message.

如图 5所示, 当终端在拜访地运营商切换了当前的 ASR时, 即从源 ASR 切换到目标 ASR, 目标 ASR需要为该终端分配新的 RID, 同时更新 ILR中保 存的该终端的 AID-RID对应关系, 具体包含以下步骤: As shown in FIG. 5, when the terminal switches the current ASR, that is, the source ASR is switched to the target ASR, the target ASR needs to allocate a new RID to the terminal, and simultaneously update the AID of the terminal saved in the ILR. The -RID correspondence includes the following steps:

步骤 501-502: 终端从源 ASR切换到目标 ASR以后, 目标 ASR为终端 分配新的 RID;  Step 501-502: After the terminal switches from the source ASR to the target ASR, the target ASR allocates a new RID to the terminal.

步骤 503: 由于目标 ASR也位于拜访地运营商的网络, 则目标 ASR向拜 访地 ILR发送更新消息, 携带终端的 AID以及新分配的 RID, 同时优选还携 带终端用于接入鉴权的标识;  Step 503: The target ASR sends an update message to the visited ILR, and carries the AID of the terminal and the newly allocated RID, and preferably also carries the identifier used by the terminal for access authentication, because the target ASR is also located in the network of the visited carrier.

步骤 503与步骤 409是相同的原理。  Step 503 is the same principle as step 409.

步骤 504:同步骤 410,拜访地 ILR判断该终端用户不是归属于本运营商 , 同时在确定该用户的归属运营商以后, 向该终端的归属 ILR发送消息, 携带 上述 AID-RID的映射关系;  Step 504: In the same step 410, the visited ILR determines that the terminal user is not the home operator, and after determining the home operator of the user, sends a message to the home ILR of the terminal, and carries the mapping relationship of the AID-RID;

步骤 505-506: 同步骤 411-412。  Steps 505-506: Same as steps 411-412.

实施例 2: Example 2:

图 6所示为本发明第二实施例,仍然假定终端在拜访地运营商接入网络, 即终端当前的服务 ASR位于拜访地运营商。 FIG. 6 shows a second embodiment of the present invention, and it is still assumed that the terminal accesses the network at the visited operator. That is, the current service ASR of the terminal is located at the visited operator.

步骤 601 : 终端的通信对端(Correspondent Node, 简称 CN )向终端发送 数据报文, 数据报文的目的 IP地址设置为终端的 AID, 数据报文首先到达 CN的服务 ASR ( CN-ASR ) ;  Step 601: The communication peer end (CN) of the terminal sends a data packet to the terminal, and the destination IP address of the data packet is set to the AID of the terminal, and the data packet first reaches the service ASR (CN-ASR) of the CN;

步骤 602: 当 CN-ASR在本地查找不到终端的位置信息时, 向 CN-ASR 所在的运营商域内的 ILR查询终端的位置信息, 查询消息携带终端的 AID; 假定 CN-ASR所在的运营商不是终端的归属运营商。  Step 602: When the CN-ASR cannot find the location information of the terminal locally, query the location information of the terminal to the ILR in the carrier domain where the CN-ASR is located, and query the AID of the message carrying terminal; assume that the carrier where the CN-ASR is located Not the home operator of the terminal.

步骤 603: 假定 CN-ASR所在的运营商域内的 ILR在本地查询不到该终 端的 RID信息, 则如步骤 410所述, 该 ILR可以根据 AID以及预先配置的信 息能判断出该 AID不属于本运营商, 以及能判断出该 AID所归属的运营商; 步骤 604: 上述的 ILR向终端的归属 ILR发送请求, 携带终端的 AID, 以请求该终端的 RID信息;  Step 603: It is assumed that the ILR in the carrier domain where the CN-ASR is located cannot locally query the RID information of the terminal, and as described in step 410, the ILR can determine that the AID does not belong to the present according to the AID and the pre-configured information. The operator, and the operator that can determine the AID belongs to; Step 604: The foregoing ILR sends a request to the home ILR of the terminal, and carries the AID of the terminal to request the RID information of the terminal;

步骤 605: 归属 ILR在本地依据 AID查询到终端的 RID信息以后, 向上 述 CN-ASR所在的运营商域内的 ILR返回应答消息,携带终端的 AID-RID信 息;  Step 605: After the local ILR queries the RID information of the terminal according to the AID, the ILR returns a response message in the carrier domain where the CN-ASR is located, and carries the AID-RID information of the terminal.

步骤 606: CN-ASR所在的运营商域内的 ILR收到上述应答消息以后, 将终端 RID信息携带在应答消息中返回给 CN-ASR;  Step 606: After receiving the response message, the ILR in the carrier domain where the CN-ASR is located carries the terminal RID information in the response message and returns it to the CN-ASR.

步骤 607: CN-ASR依据终端的位置信息发送上述数据报文。  Step 607: The CN-ASR sends the foregoing data packet according to the location information of the terminal.

值得说明的是, CN-ASR所在的运营商可能是终端当前所在的拜访地运 营商。 此时, 如实施例 1所述, 拜访地 ILR可以保存终端的 AID-RID关系, 则 CN-ASR直接可以在拜访地 ILR查询到相关的信息; 否则, 就要如实施例 2上述步骤的方法, 到归属 ILR查询相关的信息。 CN-ASR所在的运营商也 可以不同于终端当前所在的拜访地运营商, 此时需要依照上述实施例的方法 来查询终端的位置信息。  It is worth noting that the operator where the CN-ASR is located may be the visited operator of the terminal. At this time, as described in Embodiment 1, the visited ILR can save the AID-RID relationship of the terminal, and the CN-ASR can directly query the related information in the visited ILR; otherwise, the method of the above step of Embodiment 2 is required. , to the relevant information related to the ILR query. The operator in which the CN-ASR is located may also be different from the visited carrier where the terminal is currently located. In this case, the location information of the terminal needs to be queried according to the method in the foregoing embodiment.

实施例 3: Example 3:

图 7所示为本发明第三实施例,仍然假定终端在拜访地运营商接入网络, 即终端当前的服务 ASR位于拜访地运营商。 当终端退网时, 需要清除终端的 归属 ILR中保存的该终端的位置信息, 具体包含以下步骤。 FIG. 7 shows a third embodiment of the present invention. It is still assumed that the terminal accesses the network at the visited operator, that is, the current service ASR of the terminal is located at the visited operator. When the terminal exits the network, you need to clear the terminal. The location information of the terminal that is stored in the ILR includes the following steps.

步骤 701 :终端当前的服务 ASR接收到终端退网或者释放 IP地址的指示; 步骤 702: 上述 ASR向本域内 (即终端的拜访地运营商域) 的 ILR (拜 访地 ILR )发送消息, 以删除该终端的位置信息, 其中携带终端的 AID, 以 及优选还携带终端用于接入鉴权的标识;  Step 701: The current service ASR of the terminal receives an indication that the terminal retires or releases the IP address. Step 702: The ASR sends a message to the ILR (visited ILR) in the local domain (that is, the visited operator domain of the terminal) to delete The location information of the terminal, where the AID of the carrying terminal, and preferably the identifier of the terminal for access authentication;

步骤 703 : 收到上述消息以后, 拜访地 ILR首先在本地删除该终端的 AID-RID映射关系, 同时, 依照步骤 410的方法, 拜访地 ILR能够确定本域 是终端的拜访域(即拜访地) , 并能确定终端的归属域, 拜访地 ILR向终端 的归属 ILR发送消息, 用于删除该终端的位置信息, 携带该终端的 AID, 以 及优选还携带上述终端用于接入鉴权的标识;  Step 703: After receiving the above message, the visited ILR first deletes the AID-RID mapping relationship of the terminal locally, and according to the method of step 410, the visited ILR can determine that the local domain is the visited domain of the terminal (ie, the visited place). And determining the home domain of the terminal, the visited ILR sending a message to the home ILR of the terminal, for deleting the location information of the terminal, carrying the AID of the terminal, and preferably carrying the identifier of the terminal for access authentication;

步骤 704: 归属 ILR删除本地保存的相关信息, 并向拜访 -ILR返回应答 消息。  Step 704: The home ILR deletes the locally saved related information, and returns a response message to the visited -ILR.

步骤 705: 拜访 -ILR向上述的 ASR返回应答消息。  Step 705: Visit - ILR returns a response message to the above ASR.

值得说明的是, 在实际的网络部署中, 本实施方式所述的 IIS 可以部署 在认证、授权和计费 ( Authentication, Authorization and Accounting,简称 AAA ) 服务器上、 归属位置寄存器(Home Location Register, 简称 HLR )上或者归 属签约服务器(Home Subscriber Server, 简称 HSS ) , 即 IIS作为这些网元的 一个功能模块, 或者这些网元本身具有 IIS的功能。 这样, 可以用这些网元直 接替换上述各实施例中的 "身份信息服务器" 。 例如, 用 "归属鉴权认证计 费服务器" 替换 "归属身份信息服务器" 、 "拜访地鉴权授权计费服务器" 替换 "拜访地身份信息服务器" 等, 其原理均相同。 此时, 拜访地 -IIS 和归 属递 -IIS之间可以通过 AAA协议交互, 包括 RADIUS ( Remote Authentication Dial In User Service , 远程认证拨号接入用户服务 )协议以及 Diameter协议。 It is worth noting that in the actual network deployment, the IIS described in this embodiment can be deployed on an Authentication, Authorization and Accounting (AAA) server, and a Home Location Register (referred to as a Home Location Register). HLR) or Home Subscriber Server (HSS), that is, IIS as a functional module of these network elements, or these network elements themselves have the function of IIS. Thus, these network elements can be used to directly replace the "identity information server" in the above embodiments. For example, replacing the "home identity information server" with the "home authentication authentication accounting server" and the "visit authentication authentication accounting server" with the "visiting location authentication information server" is the same. At this time, the visited place - IIS and the IIS can interact with each other through the AAA protocol, including the RADIUS (Remote Authentication Dial In User Service) protocol and the Diameter protocol.

例如, 拜访地 IIS使用 RADIUS协议定义的 Access-Request消息, 携带 终端用于接入鉴权标识向归属 IIS请求终端中的 AID信息, 相应地, 归属 IIS 使用 Access-Accept消息应答拜访地 IIS,携带终端的 AID。若归属 IIS中也没 有相应的记录(如, 终端用户没有签约 AID ) , 则归属 IIS可以向拜访地 IIS 返回 Access-Reject消息。 此时, 拜访地的 ASR将优选拒绝终端接入。 拜访地 IIS也可以使用 Diameter协议定义的 AA-Request向归属 IIS请求终端的 AID 信息, 携带终端用于接入鉴权的标识; 归属 IIS使用 AA-Answer应答拜访地 IIS,携带终端的 AID信息,或者携带错误指示(如,终端用户没有签约 AID )。 若拜访地 IIS收到携带错误指示的 AA-Answer消息,则 ASR优选拒绝终端入 网。 For example, the visited IIS uses the Access-Request message defined by the RADIUS protocol, and the carrying terminal is used to access the authentication identifier to request the AID information in the terminal from the home IIS. Accordingly, the home IIS uses the Access-Accept message to answer the visited IIS, and carries The AID of the terminal. If there is no corresponding record in the home IIS (for example, the terminal user does not sign the AID), then the home IIS can visit the IIS. Returns an Access-Reject message. At this time, the ASR of the visited place will preferably reject the terminal access. The visited IIS can also use the AA-Request defined by the Diameter protocol to request the AID information of the terminal from the home IIS, and carry the identifier used by the terminal for access authentication; the home IIS uses the AA-Answer to answer the visited IIS, and carries the AID information of the terminal. Or carry an error indication (for example, the end user does not sign the AID). If the visited IIS receives the AA-Answer message carrying the error indication, the ASR preferably rejects the terminal access to the network.

同样道理, 在实际的网络部署中, 本实施方式所述的 ILR也可以部署在 AAA服务器上、 HLR上或者 HSS上, 即 ILR作为这些网元的一个功能模块, 或者这些网元本身具有 ILR的功能。 这样, 可以用这些网元直接替换上述各 实施例中的 "身份位置寄存器" 。 例如, 用 "归属鉴权认证计费服务器" 替 换 "归属身份位置寄存器" 、 "拜访地鉴权授权计费服务器" 替换 "拜访地 身份位置寄存器" 等, 其原理均相同。 此时, 拜访地 ILR和归属 ILR之间也 可以通过 AAA协议交互, 包括 RADIUS协议以及 Diameter协议。 By the same token, in the actual network deployment, the ILR in this embodiment can also be deployed on the AAA server, the HLR, or the HSS, that is, the ILR functions as a functional module of the network elements, or the network elements themselves have the ILR. Features. Thus, these network elements can be used to directly replace the "identity location register" in the above embodiments. For example, replacing the "home identity location register" with the "home authentication location accounting register" and the "visit authentication authority accounting server" with the "home authentication authentication accounting server", the principle is the same. At this time, the visited ILR and the home ILR can also interact through the AAA protocol, including the RADIUS protocol and the Diameter protocol.

例如, 拜访地 ILR使用 RADIUS协议定义的 Accounting-Request消息, 携带终端的 AID和 RID信息, 向归属 ILR更新终端的 RID信息。 在初次更 新时, 可以使用 Accounting-Request[start] (即, 表明这个请求的类型是 start ) 向归属 ILR更新上述信息; 后续再做更新 (如, 终端切换了 ASR, 新 ASR 为终端分配了新的 RID以后) 时, 使用 Accounting-Request[interim]; 在删除 终端的位置信息时, 拜访地 ILR向归属 ILR发送 Accounting-Request[stop]。 当归属 ILR收到类型为 stop的 Accounting-Request消息时, 删除终端的 RID 信 息 。 相 应 的 , 归 属 ILR 使 用 Accounting-Response [start] 、 Accounting-Response [interim]、 Accounting-Response[stop]应答拜访地 ILR。 如 实施例 2所述, 当 CN-ASR所在运营商域的 ILR向终端的归属 ILR查询终端 的 RID时,该 ILR可以使用在 RADIUS协议中新定义的消息向归属 ILR查询。  For example, the visited ILR uses the Accounting-Request message defined by the RADIUS protocol, carries the AID and RID information of the terminal, and updates the RID information of the terminal to the home ILR. In the initial update, you can use the Accounting-Request[start] (that is, the type of the request is start) to update the above information to the home ILR; the subsequent update (for example, the terminal switches the ASR, the new ASR assigns a new terminal) When the RID is later, use Accounting-Request[interim]; When the location information of the terminal is deleted, the visited ILR sends an Accounting-Request[stop] to the home ILR. When the home ILR receives the Accounting-Request message of type stop, the RID information of the terminal is deleted. Correspondingly, the ILR uses the Accounting-Response [start], Accounting-Response [interim], and Accounting-Response [stop] responses to the visited ILR. As described in the second embodiment, when the ILR of the carrier domain where the CN-ASR is located queries the terminal's home ILR for the RID of the terminal, the ILR can query the home ILR by using the newly defined message in the RADIUS protocol.

拜访地 ILR也可以使用 Diameter协议定义的 Accounting-Request消息, 携带终端的 AID和 RID信息, 向归属 ILR更新终端的 RID信息; 相应地, 归属 ILR使用 Accounting- Answer应答拜访地 ILR。 拜访地 ILR可以使用 Disconnect-Peer-Request或者 Abort-Session-Request等消息,携带终端的 AID, 指示归属 ILR 删除该终端的 RID 信息; 相应地归属 ILR 使用 Disconnect-Peer- Answer或者 Abort-Session- Answer应答拜访地 ILR„ ^口实施 1 "列 2所述, 当 CN-ASR所在运营商域的 ILR向终端的归属 ILR查询终端的 RID 时, 该 ILR可以使用在 Diameter协议中新定义的消息向归属 -ILR查询。 实施例 4: The visited ILR can also use the Accounting-Request message defined by the Diameter protocol to carry the AID and RID information of the terminal, and update the RID information of the terminal to the home ILR; accordingly, the home ILR responds to the visited ILR by using the Accounting-Answer. The visited ILR can use the Disconnect-Peer-Request or Abort-Session-Request message to carry the AID of the terminal. Indicates that the home ILR deletes the RID information of the terminal; correspondingly belongs to the ILR using the Disconnect-Peer- Answer or Abort-Session- Answer to answer the ILR „I port implementation 1” column 2, when the CN-ASR is located in the carrier domain When the ILR queries the terminal's home ILR for the RID of the terminal, the ILR can query the home-ILR using the newly defined message in the Diameter protocol. Example 4:

图 8是本实施方式的第四实施例, 具体将本实施方式的内容应用在 LTE ( Long Term Evolution ) 网络中。 在 LTE网络中, 终端首先通过无线连接到 S-GW( Serving Gateway,服务网关),再通过 S-GW连接到 P-GW( Packet Data Network Gateway, 分组数据网络网关)。 这里 P-GW即具有上文描述的 ASR 功能, 记作 P-GW ( ASR ) 。  FIG. 8 is a fourth embodiment of the present embodiment, and specifically applies the content of the present embodiment to an LTE (Long Term Evolution) network. In an LTE network, a terminal is first connected to an S-GW (Serving Gateway) through a wireless connection, and then connected to a P-GW (Packet Data Network Gateway) through an S-GW. Here, the P-GW has the ASR function described above, and is referred to as P-GW (ASR).

网络分为终端的拜访地运营商 (图中的运营商 B )和归属运营商 (图中 的运营商 A ) , 假定终端当前连接在其拜访地运营商的网络中, 并且网络为 终端分配的 P-GW ( ASR )也位于拜访地运营商域内。 P-GW ( ASR )与拜访 地运营商域内的 ILR (即上文的拜访地 ILR )以及拜访地运营商域内的 IIS (即 上文的拜访地 IIS )都有接口。同时拜访地 ILR与终端的归属运营商域内的 ILR (即上文的归属 ILR )之间有接口,拜访地 IIS与终端的归属运营商域内的 IIS (即上文的归属 IIS )之间也有接口。 如上文所述, 这里所述的接口可以是直 接连接的, 也可以通过中间的边界网关等间接连接。  The network is divided into the visited operator of the terminal (operator B in the figure) and the home carrier (operator A in the figure), assuming that the terminal is currently connected in the network of the operator of the visited place, and the network is allocated for the terminal. The P-GW (ASR) is also located in the visited operator domain. The P-GW (ASR) interfaces with the ILR in the visited operator domain (i.e., the visited ILR above) and the IIS in the visited carrier domain (i.e., the visited IIS above). At the same time, there is an interface between the visited ILR and the ILR (ie, the above-mentioned home ILR) in the home carrier domain of the terminal, and there is also an interface between the visited IIS and the IIS in the home carrier domain of the terminal (ie, the home IIS above). . As described above, the interfaces described herein may be directly connected or indirectly connected through an intermediate border gateway or the like.

本实施方式的上述实施例 1~3所述的方法均可以应用于这里描述的 LTE 网络, 仅需要将之前实施例的 ASR替换为这里所述的 P-GW ( ASR ) , 以及 将源 ASR、 目标 ASR替换为源 P-GW ( ASR ) 、 目标 P-GW ( ASR ) 即可。 同样, 如上文所述, ILR、 IIS都可以位于与 P-GW ( ASR )连接的 AAA服务 器上(如, 通过 SGi接口与 P-GW ( ASR )相连接) 。 其原理一致, 不再赘 述。  The methods described in the foregoing Embodiments 1 to 3 of the present embodiment are all applicable to the LTE network described herein, and only need to replace the ASR of the previous embodiment with the P-GW (ASR) described herein, and the source ASR, The target ASR is replaced by the source P-GW (ASR) and the target P-GW (ASR). Similarly, as mentioned above, both the ILR and IIS can be located on the AAA server connected to the P-GW (ASR) (eg, connected to the P-GW (ASR) via the SGi interface). The principle is the same and will not be described again.

另外, LTE网络中还包含有 MME ( Mobility Management Entity , 移动性 管理实体) , 其作用为保存终端的移动性上下文。 此时, 上述的 IIS、 ILR也 可以位于 MME上, 或者说 MME本身具有 IIS和\或 ILR功能。 此时, 位于 拜访域的 MME即为拜访地 MME, 而位于归属于的 MME即为归属 MME, 且拜访地 MME和归属 MME之间建有间接或者直接的接口。 In addition, the LTE network further includes an MME (Mobility Management Entity), which functions to save the mobility context of the terminal. At this time, the above IIS, ILR may also be located on the MME, or the MME itself has IIS and / or ILR functions. At this time, the MME located in the visited domain is the visited MME, and the MME located at the home is the home MME. An indirect or direct interface is established between the visited MME and the home MME.

实施例 5: Example 5

图 9是本实施方式的第五实施例,具体将本实施方式的内容应用在 GPRS ( General Packet Radio Service, 通用分组无线服务 ) 网络中。 在 GPRS网络 中, 终端首先通过无线连接到 SGSN ( Serving GPRS Support Node ) , 再通过 SGSN连接到 GGSN ( Gateway GPRS Support Node, 网关通用分组无线服务 支持节点 )。 这里 GGSN即具有上文描述的 ASR功能, 记作 GGSN ( ASR )。  Fig. 9 is a fifth embodiment of the present embodiment, and specifically the content of the present embodiment is applied to a GPRS (General Packet Radio Service) network. In the GPRS network, the terminal first connects to the SGSN (Serving GPRS Support Node) wirelessly, and then connects to the GGSN (Gateway GPRS Support Node, Gateway General Packet Radio Service Support Node) through the SGSN. Here, the GGSN has the ASR function described above, and is denoted as GGSN (ASR).

同实施例四的原理, 网络分为终端的拜访地运营商 (图中的运营商 B ) 和归属运营商 (图中的运营商 A ) , ^^定终端当前连接在其拜访地运营商的 网络中, 并且网络为终端分配的 GGSN ( ASR )也位于拜访地运营商域内。 GGSN ( ASR )与拜访地运营商域内的 ILR (即上文的拜访地 ILR ) 以及拜访 地运营商域内的 IIS (即上文的拜访地 IIS )都有接口。 同时拜访地 ILR与终 端的归属运营商域内的 ILR (即上文的归属 ILR )之间有接口, 拜访地 IIS与 终端的归属运营商域内的 IIS (即上文的归属 IIS )之间也有接口。 如上文所 述, 这里所述的接口可以是直接连接的, 也可以通过中间的边界网关等间接 连接。  With the principle of the fourth embodiment, the network is divided into the visited operator of the terminal (the operator B in the figure) and the home carrier (the operator A in the figure), and the terminal is currently connected to the operator of the visited place. In the network, and the GGSN (ASR) allocated by the network for the terminal is also located in the visited operator domain. The GGSN (ASR) interfaces with the ILR in the visited carrier domain (ie, the visited ILR above) and the IIS in the visited carrier domain (ie, the visited IIS above). At the same time, there is an interface between the visited ILR and the ILR in the home carrier domain of the terminal (ie, the home ILR above), and there is also an interface between the visited IIS and the IIS in the home carrier domain of the terminal (ie, the home IIS above). . As described above, the interfaces described herein may be directly connected or indirectly connected through an intermediate border gateway or the like.

本发明上述实施例 1~3所述的方法均可以应用于这里描述的 GPRS网络, 仅需要将之前实施例的 ASR替换为这里所述的 GGSN ( ASR ) , 以及将源 ASR、 目标 ASR替换为源 GGSN ( ASR )、 目标 GGSN ( ASR )即可。 同样, 如上文所述, ILR、 IIS都可以位于与 GGSN( ASR )连接的 AAA服务器上(如, 通过 Gi接口与 GGSN ( ASR )相连接) 。 其原理一致, 不再赘述。  The methods described in the foregoing Embodiments 1 to 3 of the present invention can be applied to the GPRS network described herein, and only need to replace the ASR of the previous embodiment with the GGSN (ASR) described herein, and replace the source ASR and the target ASR with The source GGSN (ASR) and the target GGSN (ASR) can be used. Similarly, as mentioned above, both the ILR and IIS can be located on the AAA server connected to the GGSN (ASR) (eg, connected to the GGSN (ASR) via the Gi interface). The principle is the same and will not be described again.

另外, GPRS网络中还包含有 HLR或者 HSS, 其作用是保存终端用户的 签约等信息。 此时, 如上文所述 IIS、 ILR也可以位于 HLR/HSS上, 位于拜 访域的 HLR/HSS即为拜访地 -HLR/HSS,而位于归属于的 HLR/HSS即为归属 -HLR/HSS„  In addition, the GPRS network also includes an HLR or HSS, which is used to store information such as subscriptions of end users. At this time, as mentioned above, IIS and ILR can also be located on the HLR/HSS. The HLR/HSS in the visited domain is the visited-HLR/HSS, and the HLR/HSS located in the visited domain is the attribution-HLR/HSS.

实施例 6: 图 10是本实施方式的第六实施例,具体将本实施方式的内容应用在固网Example 6 FIG. 10 is a sixth embodiment of the present embodiment, specifically applying the content of the present embodiment to a fixed network

(如 xDSL )中。在固网中,终端通过用户线( Subscriber Line )和 DSLAM( Digital Subscriber Line Access Multiplexer )连接到 BRAS ( Broadband Remote Access Server, 宽带远程接入服务器) 。 这里 BRAS即具有上文描述的 ASR功能, 记作 BRAS ( ASR ) 。 (such as xDSL). In the fixed network, the terminal is connected to the BRAS (Broadband Remote Access Server) through the Subscriber Line and the DSLAM (Digital Subscriber Line Access Multiplexer). Here BRAS has the ASR function described above, which is denoted as BRAS (ASR).

固网一般分区域管理,例如图 10所示的区域 A和区域 B。其中终端的归 属区域为区域 A, 假定终端当前连接在其拜访地区域中 (即区域 B ) 。 值得 说明的是, 这里的区域 A和区域 B类同于上述的运营商 A和运营商 B, 所以 图 10所示也可以看作是漫游场景。假定终端当前连接的 BRAS也位于拜访地 区域内, BRAS ( ASR )与拜访地区域的 ILR (即上文的拜访地 ILR ) 以及拜 访区域内的 IIS (即上文的拜访地 IIS )都有接口。 同时拜访地 ILR与终端的 归属区域内的 ILR (即上文的归属 ILR )之间有接口, 拜访地 IIS与终端的归 属区域内的 IIS (即上文的归属 IIS )之间也有接口。 如上文所述, 这里所述 的接口可以是直接连接的, 也可以通过中间的边界网关等间接连接。  The fixed network is generally managed in a sub-area, such as area A and area B as shown in FIG. The home area of the terminal is area A, and it is assumed that the terminal is currently connected in its visited area (ie, area B). It should be noted that the area A and the area B are the same as the carrier A and the operator B mentioned above, so that the figure 10 can also be regarded as a roaming scene. Assuming that the BRAS currently connected to the terminal is also located in the visited area, the BRAS (ASR) has an interface with the ILR of the visited area (i.e., the visited ILR above) and the IIS in the visited area (ie, the visited IIS above). At the same time, the visited ILR has an interface with the ILR in the home zone of the terminal (i.e., the above-mentioned home ILR), and there is also an interface between the visited IIS and the IIS in the home zone of the terminal (ie, the home IIS above). As described above, the interfaces described herein may be directly connected or indirectly connected through an intermediate border gateway or the like.

本发明上述实施例 1~3所述的方法均可以应用于这里描述的固网, 仅需 要将之前实施例的 ASR替换为这里所述的 BRAS ( ASR ) , 以及将源 ASR、 目标 ASR替换为源 BRAS ( ASR ) 、 目标 BRAS ( ASR ) 即可。 同样, 如上 文所述, ILR、 IIS都可以位于与 BRAS ( ASR )连接的 AAA服务器上。 其原 理一致, 不再赘述。  The methods described in the foregoing Embodiments 1 to 3 of the present invention can be applied to the fixed network described herein, and only need to replace the ASR of the previous embodiment with the BRAS (ASR) described herein, and replace the source ASR and the target ASR with The source BRAS (ASR) and the target BRAS (ASR) are sufficient. Also, as mentioned above, both the ILR and IIS can be located on the AAA server connected to the BRAS (ASR). The principle is the same and will not be repeated.

如图 11所示, 本实施方式还提供了一种身份信息服务器, 包括: 数据存 储单元、 信息交互单元和信息查询单元, 其中: As shown in FIG. 11, the embodiment further provides an identity information server, including: a data storage unit, an information interaction unit, and an information query unit, where:

数据存储单元设置成初始保存所在网络中的终端的 AID;  The data storage unit is set to initially save the AID of the terminal in the network where the network is located;

信息交互单元设置成建立各 IIS之间的相互连接;  The information interaction unit is configured to establish an interconnection between the IISs;

信息查询单元设置成在终端漫游接入时,在终端的拜访地服务 ASR查询 终端的 AID时, 通过信息交互单元向终端的归属 IIS查询终端的 AID, 并接 收终端的归属 IIS返回的终端的 AID。  The information querying unit is configured to query the AID of the terminal to the home IIS of the terminal through the information interaction unit when the terminal accesses the AID of the terminal, and receives the AID of the terminal returned by the home IIS of the terminal. .

数据存储单元还设置成初始保存终端用于接入鉴权的标识, 并将终端的 AID与终端用于接入鉴权的标识相关联; The data storage unit is further configured to initially save the identifier used by the terminal for access authentication, and the terminal The AID is associated with an identifier used by the terminal to access the authentication;

信息查询单元是设置成:在接收到拜访地服务 ASR发送的终端用于接入 鉴权的标识时, 获知拜访地服务 ASR要查询终端的 AID , 将接收到的终端用 于接入鉴权的标识发送给终端的归属 IIS, 以通过信息交互单元查询终端的 AID, 并接收终端的归属 IIS返回的根据终端用于接入鉴权的标识查询到的 AID。  The information querying unit is configured to: when receiving the identifier of the terminal used by the visited service ASR for access authentication, knowing that the visited service ASR is to query the AID of the terminal, and using the received terminal for access authentication The home IIS sent to the terminal is identified to query the AID of the terminal through the information interaction unit, and receives the AID returned by the home IIS of the terminal and queried according to the identifier used by the terminal for access authentication.

信息查询单元还设置成在向终端的归属 IIS查询终端的 AID前, 根据终 端用于接入鉴权的标识判断终端是否归属于本地网络, 在终端不归属于本地 网络时, 确定终端的归属 IIS, 以向归属 IIS查询终端的 AID。  The information querying unit is further configured to determine whether the terminal belongs to the local network according to the identifier used by the terminal for access authentication before querying the AID of the terminal to the home IIS of the terminal, and determine the home IIS of the terminal when the terminal does not belong to the local network. To query the AID of the terminal to the home IIS.

信息查询单元还设置成在接收到其他身份信息服务器发送的终端用于接 入鉴权的标识后, 根据接收到的终端用于接入鉴权的标识从数据存储单元查 询对应的 AID, 并将查询到的 AID返回给相应的身份信息服务器。  The information querying unit is further configured to: after receiving the identifier sent by the terminal sent by the other identity information server for access authentication, query the corresponding AID from the data storage unit according to the identifier used by the terminal for access authentication, and The queried AID is returned to the corresponding identity information server.

如图 12所示, 本实施方式还提供了一种身份位置寄存器, 包括: 信息交 互单元、 数据存储单元和信息更新单元, 其中: As shown in FIG. 12, the embodiment further provides an identity location register, including: an information interaction unit, a data storage unit, and an information update unit, where:

信息交互单元设置成建立网络中各 ILR之间的相互连接;  The information interaction unit is configured to establish an interconnection between the ILRs in the network;

数据存储单元设置成在终端漫游接入时, 接收并保存终端的拜访地服务 ASR发送的终端的 AID和 RID, AID由拜访地服务 ASR从拜访地 IIS查询得 到; RID由拜访地服务 ASR在查询到 AID后, 为终端分配;  The data storage unit is configured to receive and save the AID and RID of the terminal sent by the visited service ASR of the terminal when the terminal roams access, and the AID is obtained by the visited service ASR from the visited IIS; the RID is inquired by the visited service ASR. After the AID, assign to the terminal;

信息更新单元设置成通过信息交互单元将终端的 AID和 RID发送给终端 的归属 ILR , 以使归属 ILR保存终端的 AID与 RID的对应关系。  The information updating unit is configured to send the AID and the RID of the terminal to the home ILR of the terminal through the information interaction unit, so that the home ILR saves the correspondence between the AID and the RID of the terminal.

信息更新单元还设置成在将终端的 AID和 RID发送给终端的归属 ILR 前, 根据终端的 AID和预先配置的信息判断终端是否归属于本地网络, 如果 不属于,确定终端的归属网络; 或者根据拜访地服务 ASR在发送 AID和 RID 的同时发送的终端用于接入鉴权的标识判断终端是否归属于本地网络, 如果 不属于, 确定终端的归属网络。  The information update unit is further configured to determine whether the terminal belongs to the local network according to the AID of the terminal and the pre-configured information before transmitting the AID and the RID of the terminal to the home ILR of the terminal, and if not, determine the home network of the terminal; The destination service ASR sends the AID and the RID to send the AID and the RID to determine whether the terminal belongs to the local network. If not, the home network of the terminal is determined.

数据存储单元还设置成在终端切换 ASR后,接收终端切换到的目标 ASR 为终端重新分配的 RID; 信息更新单元还设置成在终端不属于本地网络并确定终端的归属网络 后, 将目标 ASR为终端重新分配的 RID更新到终端的归属 ILR。 The data storage unit is further configured to: after the terminal switches the ASR, receive the RID that the target ASR switched by the terminal is reassigned to the terminal; The information updating unit is further configured to update the RID reassigned by the target ASR to the terminal to the home ILR of the terminal after the terminal does not belong to the local network and determine the home network of the terminal.

信息更新单元还设置成在终端退网或释放 IP地址时,将终端的 AID发送 给终端的归属 ILR , 通知归属 ILR删除终端的 RID。  The information update unit is further configured to send the AID of the terminal to the home ILR of the terminal when the terminal retires or releases the IP address, and notifies the home ILR to delete the RID of the terminal.

显然, 本领域的技术人员应该明白, 上述的本发明的各模块或各步骤可 以用通用的计算装置来实现, 它们可以集中在单个的计算装置上, 或者分布 在多个计算装置所组成的网络上, 可选地, 它们可以用计算装置可执行的程 序代码来实现, 从而可以将它们存储在存储装置中由计算装置来执行, 或者 将它们分别制作成各个集成电路模块, 或者将它们中的多个模块或步骤制作 成单个集成电路模块来实现。 这样, 本发明不限制于任何特定的硬件和软件 结合。 Obviously, those skilled in the art should understand that the above modules or steps of the present invention can be implemented by a general-purpose computing device, which can be concentrated on a single computing device or distributed over a network composed of multiple computing devices. Alternatively, they may be implemented by program code executable by the computing device so that they may be stored in the storage device by the computing device, or they may be separately fabricated into individual integrated circuit modules, or Multiple modules or steps are made into a single integrated circuit module. Thus, the invention is not limited to any particular combination of hardware and software.

以上该仅为本发明的优选实施例而已, 并不用于限制本发明, 对于本领 域的技术人员来说, 本发明可以有各种更改和变化。 凡在本发明的精神和原 则之内, 所作的任何修改、 等同替换、 改进等, 均应包含在本发明的保护范 围之内。  The above is only a preferred embodiment of the present invention, and is not intended to limit the present invention, and various modifications and changes can be made to the present invention. Any modifications, equivalent substitutions, improvements, etc. made within the spirit and principles of the present invention are intended to be included within the scope of the present invention.

工业实用性 与相关技术相比, 本发明通过设置身份信息服务器保存终端的 AID, 并 将身份信息服务器相互连接, 以便进行终端的 AID的交互, 从而使得在基于 身份位置分离的方法中, 当终端发生漫游时, 能够获取到终端的 AID, 使终 端能够接入到拜访地网络中。 Industrial Applicability Compared with the related art, the present invention saves the AID of the terminal by setting the identity information server, and connects the identity information servers to each other for interaction of the AID of the terminal, so that in the method based on identity location separation, when the terminal When roaming occurs, the AID of the terminal can be obtained, so that the terminal can access the visited network.

Claims

权 利 要 求 书 claims 1、 一种获取终端的接入标识的方法, 包括: 1. A method of obtaining the access identification of a terminal, including: 在网络中设置身份信息服务器 (IIS),在 IIS中初始保存所述网络中的终端 的接入标识 (AID), 并建立各 IIS之间的相互连接; Set up an identity information server (IIS) in the network, initially save the access identification (AID) of the terminal in the network in the IIS, and establish mutual connections between the IISs; 在终端从拜访地网络漫游接入时, 拜访地 IIS在终端的拜访地服务接入 服务路由器 (ASR)查询终端的 AID时, 向终端的归属 IIS查询终端的 AID; 以 及 When the terminal roams and accesses from the visited network, the visited IIS queries the terminal's home IIS for the terminal's AID when querying the terminal's visited service access service router (ASR); and 所述拜访地 IIS接收所述终端的归属 IIS返回的终端的 AID。 The visited IIS receives the AID of the terminal returned by the home IIS of the terminal. 2、 如权利要求 1所述的方法, 还包括: 2. The method of claim 1, further comprising: 在 IIS中初始保存终端用于接入鉴权的标识, 并将终端的 AID与终端用 于接入鉴权的标识相关联; Initially save the terminal's identification used for access authentication in IIS, and associate the terminal's AID with the terminal's identification used for access authentication; 拜访地 IIS向终端的归属 IIS查询终端的 AID的步骤包括: 所述拜访地 IIS在接收到所述拜访地服务 ASR发送的终端用于接入鉴权的标识时, 获知 所述拜访地服务 ASR查询所述终端的 AID; 以及 The step of the visited IIS querying the terminal's home IIS for the terminal's AID includes: The visited IIS learns the visited service ASR when receiving the terminal's identification used for access authentication sent by the visited service ASR. Query the AID of the terminal; and 所述拜访地 IIS将接收到的终端用于接入鉴权的标识发送给所述终端的 归属 IIS, 查询所述终端的 AID; The visited IIS sends the received identification of the terminal used for access authentication to the home IIS of the terminal, and queries the terminal's AID; 所述拜访地 IIS接收所述终端的归属 IIS返回的终端的 AID的步骤包括: 所述拜访地 IIS接收所述终端的归属 IIS返回的根据所述终端用于接入鉴权的 标识查询到的 AID。 The step of the visited IIS receiving the AID of the terminal returned by the home IIS of the terminal includes: the visited IIS receiving the AID returned by the home IIS of the terminal and queried based on the identifier of the terminal used for access authentication. AID. 3、 如权利要求 2所述的方法, 还包括: 3. The method of claim 2, further comprising: 所述拜访地 IIS在向所述终端的归属 IIS查询所述终端的 AID前,根据所 述终端用于接入鉴权的标识判断所述终端是否归属于本地网络, 在终端不归 属于本地网络时, 确定所述终端的归属 IIS, 以向所述归属 IIS查询所述终端 的 AID。 Before querying the terminal's home IIS for the terminal's AID, the visited IIS determines whether the terminal belongs to the local network based on the terminal's identification used for access authentication. If the terminal does not belong to the local network At this time, determine the home IIS of the terminal, so as to query the home IIS for the AID of the terminal. 4、 如权利要求 1所述的方法, 其中, 4. The method of claim 1, wherein, 各 IIS之间直接相连, 或通过一个或多个边界网关相连; 当所述 IIS通过所述一个或者多个边界网关相连时, 所述 IIS之间的边界 网关根据终端用于接入鉴权的标识完成 IIS之间的交互。 Each IIS is connected directly or through one or more border gateways; When the IISs are connected through the one or more border gateways, the border gateways between the IISs complete the interaction between the IISs according to the identifier used by the terminal for access authentication. 5、 如权利要求 1所述的方法, 其中, 5. The method of claim 1, wherein, 各 IIS之间基于远程认证拨号接入用户服务( RADIUS )消息或 Diameter 消息进行交互。 Each IIS interacts with each other based on Remote Authentication Dial-in Access User Service (RADIUS) messages or Diameter messages. 6、 如权利要求 1所述的方法, 其中, 6. The method of claim 1, wherein, 在长期演进 (LTE)网络中, 将分组数据网络网关 (P-GW)作为 ASR; 将 IIS 部署在与 P-GW连接的认证、授权和计费 (AAA)服务器上,并将网络中的 AAA 服务器相互连接;或者,将 IIS部署在与 P-GW连接的移动性管理实体 (MME) 上, 并将网络中的 MME相互连接; 或者, In the Long Term Evolution (LTE) network, use the Packet Data Network Gateway (P-GW) as the ASR; deploy IIS on the Authentication, Authorization and Accounting (AAA) server connected to the P-GW, and set the AAA in the network Servers are connected to each other; or, IIS is deployed on the mobility management entity (MME) connected to the P-GW, and the MMEs in the network are connected to each other; or, 在第三代移动通信 (3G)网络中, 将网关通用分组无线服务支持节点 (GGSN)作为 ASR; 将 IIS部署在与 GGSN连接的 AAA服务器上, 并将网络 中的 AAA服务器相互连接; 或者, 将 IIS部署在与 GGSN连接的归属位置寄 存器 (HLR)上, 并将网络中的 HLR相互连接; 或者, 将 IIS部署在与 GGSN 连接的归属签约服务器 (HSS)上, 并将网络中的 HSS相互连接; 或者, In the third generation mobile communication (3G) network, use the Gateway General Packet Radio Service Support Node (GGSN) as the ASR; deploy IIS on the AAA server connected to the GGSN, and connect the AAA servers in the network to each other; or, Deploy IIS on the home location register (HLR) connected to the GGSN, and connect the HLRs in the network to each other; or, deploy IIS on the home subscription server (HSS) connected to the GGSN, and connect the HSSs in the network to each other. connection; or, 在固定网络中, 将宽带远程接入服务器 (BRAS)作为 ASR, 将 IIS部署在 与 BRAS连接的 AAA服务器上, 并将网络中的 AAA服务器相互连接。 In a fixed network, use the Broadband Remote Access Server (BRAS) as the ASR, deploy IIS on the AAA server connected to the BRAS, and connect the AAA servers in the network to each other. 7、 一种保存终端的接入标识的方法, 包括: 7. A method of saving the access identification of a terminal, including: 建立网络中各身份位置寄存器 (ILR)之间的相互连接; Establish interconnections between identity location registers (ILRs) in the network; 在终端从拜访地网络漫游接入时, 拜访地 ILR接收终端的拜访地服务接 入服务路由器 ( ASR )发送的所述终端的接入标识 (AID)和路由标识 (RID) , 其中所述 AID 由所述拜访地服务 ASR从拜访地身份信息服务器 (IIS)查询得 到; 所述 RID由所述拜访地服务 ASR在查询到所述 AID后, 为所述终端分 配; 以及 When the terminal roams and accesses from the visited network, the visited ILR receives the terminal's access identifier (AID) and routing identifier (RID) sent by the terminal's visited access service router (ASR), where the AID The visited service ASR queries and obtains it from the visited identity information server (IIS); the RID is assigned to the terminal by the visited service ASR after querying the AID; and 所述拜访地 ILR将所述终端的 AID和 RID发送给所述终端的归属 ILR, 以使所述归属 ILR保存所述终端的 AID与 RID的对应关系。 The visited ILR sends the terminal's AID and RID to the terminal's home ILR, so that the home ILR saves the corresponding relationship between the terminal's AID and RID. 8、 如权利要求 7所述的方法, 还包括: 8. The method of claim 7, further comprising: 所述拜访地 ILR在将所述终端的 AID和 RID发送给终端的归属 ILR前, 根据终端的 AID和预先配置的信息判断终端是否归属于本地网络, 如果不属 于,确定所述终端的归属网络; 或者根据所述拜访地服务 ASR在发送 AID和 RID 的同时发送的终端用于接入鉴权的标识判断终端是否归属于本地网络, 如果不属于, 确定所述终端的归属网络。 Before sending the terminal's AID and RID to the terminal's home ILR, the visited ILR determines whether the terminal belongs to the local network based on the terminal's AID and preconfigured information. If not, determines the terminal's home network. ; Or determine whether the terminal belongs to the local network based on the identification of the terminal used for access authentication sent by the visited service ASR while sending the AID and RID. If not, determine the home network of the terminal. 9、 如权利要求 7所述的方法, 其中, 9. The method of claim 7, wherein, 各 ILR之间直接相连, 或通过一个或多个边界网关相连; Each ILR is connected directly or through one or more border gateways; 当所述 ILR通过所述一个或者多个边界网关相连时, 所述 ILR之间的边 界网关根据终端的 AID或终端用于接入鉴权的标识完成 ILR之间的交互。 When the ILRs are connected through the one or more border gateways, the border gateways between the ILRs complete the interaction between the ILRs based on the AID of the terminal or the identification used by the terminal for access authentication. 10、 如权利要求 7所述的方法, 还包括: 10. The method of claim 7, further comprising: 所述拜访地 ILR在所述终端切换 ASR后, 接收终端切换到的目标 ASR 为终端重新分配的 RID; 以及 After the terminal switches the ASR, the visited ILR receives the RID reassigned by the terminal to the target ASR to which the terminal switches; and 所述拜访地 ILR在所述终端不属于本地网络并确定终端的归属网络后, 将目标 ASR为终端重新分配的 RID更新到终端的归属 ILR。 After the terminal does not belong to the local network and determines the home network of the terminal, the visited ILR updates the RID reassigned by the target ASR to the terminal's home ILR. 11、 如权利要求 7所述的方法, 还包括: 11. The method of claim 7, further comprising: 在所述终端的通信对端 (CN)向所述终端发送数据报文时, 所述 CN所在 网络中的 ILR在所述 CN的服务 ASR查询所述终端的位置信息时, 若判断本 地未保存有所述终端的 AID-RID的对应关系,则将所述终端的 AID发送给所 述终端的归属 ILR, 以查询所述终端的 RID; 以及 When the communication counterpart (CN) of the terminal sends a data message to the terminal, the ILR in the network where the CN is located queries the location information of the terminal in the serving ASR of the CN. If it is determined that the location information is not saved locally. If there is a corresponding relationship between the AID-RID of the terminal, the AID of the terminal is sent to the home ILR of the terminal to query the RID of the terminal; and 所述 CN所在网络中的 ILR接收所述终端的归属 ILR根据所接收的 AID 在本地查询并返回的所述终端的 RID。 The ILR in the network where the CN is located receives the RID of the terminal that is locally queried and returned by the terminal's home ILR based on the received AID. 12、 如权利要求 7所述的方法, 还包括: 12. The method of claim 7, further comprising: 所述拜访地 ILR在所述终端退网或释放 IP地址时, 将所述终端的 AID 发送给所述终端的归属 ILR, 通知所述归属 ILR删除所述终端的 RID。 When the terminal logs off the network or releases the IP address, the visited ILR sends the terminal's AID to the terminal's home ILR, and notifies the home ILR to delete the terminal's RID. 13、 如权利要求 7所述的方法, 其中, 各 ILR之间基于远程认证拨号接入用户服务(RADIUS)消息或 Diameter 消息进行交互。 13. The method of claim 7, wherein, The ILRs interact with each other based on Remote Authentication Dial-in Access User Service (RADIUS) messages or Diameter messages. 14、 如权利要求 7所述的方法, 其中, 14. The method of claim 7, wherein, 在长期演进 (LTE)网络中,将分组数据网络网关 (P-GW)作为 ASR,将 ILR 部署在与 P-GW连接的认证、授权和计费 (AAA)服务器上,并将网络中的 AAA 服务器相互连接;或者,将 ILR部署在与 P-GW连接的移动性管理实体 (MME) 上, 并将网络中的 MME相互连接; 或者, In the Long Term Evolution (LTE) network, the packet data network gateway (P-GW) is used as the ASR, the ILR is deployed on the authentication, authorization and accounting (AAA) server connected to the P-GW, and the AAA in the network is The servers are connected to each other; or, the ILR is deployed on the mobility management entity (MME) connected to the P-GW, and the MMEs in the network are connected to each other; or, 在第三代移动通信 (3G)网络中, 将网关通用分组无线服务支持节点 (GGSN)作为 ASR, 将 ILR部署在与 GGSN连接的 AAA服务器上, 并将网络 中的 AAA服务器相互连接; 或者, 将 ILR部署在与 GGSN连接的归属位置 寄存器 (HLR)上,并将网络中的 HLR相互连接;或者,将 ILR部署在与 GGSN 连接的归属签约服务器 (HSS)上, 并将网络中的 HSS相互连接; 或者, In the third generation mobile communication (3G) network, use the Gateway General Packet Radio Service Support Node (GGSN) as the ASR, deploy the ILR on the AAA server connected to the GGSN, and connect the AAA servers in the network to each other; or, Deploy the ILR on the home location register (HLR) connected to the GGSN, and connect the HLRs in the network to each other; alternatively, deploy the ILR on the home subscription server (HSS) connected to the GGSN, and connect the HSSs in the network to each other. connection; or, 在固定网络中, 将宽带远程接入服务器 (BRAS)作为 ASR, 将 ILR部署在 与 BRAS连接的 AAA服务器上, 并将网络中的 AAA服务器相互连接。 In the fixed network, the Broadband Remote Access Server (BRAS) is used as the ASR, the ILR is deployed on the AAA server connected to the BRAS, and the AAA servers in the network are connected to each other. 15、 一种身份信息服务器, 包括: 数据存储单元、 信息交互单元和信息 查询单元, 其中: 15. An identity information server, including: a data storage unit, an information interaction unit and an information query unit, wherein: 所述数据存储单元设置成初始保存所在网络中的终端的接入标识 (AID); 所述信息交互单元设置成建立各身份信息服务器 (IIS)之间的相互连接; 所述信息查询单元设置成在终端漫游接入时, 在终端的拜访地服务接入 服务路由器 (ASR)查询终端的 AID时, 通过所述信息交互单元向终端的归属 IIS查询终端的 AID , 并接收所述终端的归属 IIS返回的终端的 AID。 The data storage unit is configured to initially store the access identification (AID) of the terminal in the network; the information interaction unit is configured to establish mutual connections between identity information servers (IIS); the information query unit is configured to When the terminal roams and accesses, when the visited service access service router (ASR) of the terminal queries the terminal's AID, the information exchange unit queries the terminal's home IIS for the terminal's AID, and receives the terminal's home IIS. The AID of the returned terminal. 16、 如权利要求 15所述的身份信息服务器, 其中, 16. The identity information server as claimed in claim 15, wherein, 所述数据存储单元还设置成初始保存终端用于接入鉴权的标识, 并将终 端的 AID与终端用于接入鉴权的标识相关联; The data storage unit is also configured to initially save the identification used by the terminal for access authentication, and associate the AID of the terminal with the identification used by the terminal for access authentication; 所述信息查询单元是设置成通过如下方式查询并接收所述终端的 AID: 在接收到所述拜访地服务 ASR发送的终端用于接入鉴权的标识时,获知所述 拜访地服务 ASR要查询所述终端的 AID,将接收到的终端用于接入鉴权的标 识发送给所述终端的归属 IIS, 以通过所述信息交互单元向终端的归属 IIS查 询所述终端的 AID,并接收所述终端的归属 IIS返回的根据所述终端用于接入 鉴权的标识查询到的 AID。 The information query unit is configured to query and receive the AID of the terminal in the following manner: when receiving the identification of the terminal used for access authentication sent by the visited service ASR, learn that the visited service ASR requires Query the AID of the terminal and use the received terminal's tag for access authentication. The identification is sent to the home IIS of the terminal, so as to query the terminal's home IIS through the information exchange unit for the terminal's AID, and receive the AID returned by the terminal's home IIS according to the terminal for access authentication. Identifies the AID queried. 17、 如权利要求 16所述的身份信息服务器, 其中, 17. The identity information server as claimed in claim 16, wherein, 所述信息查询单元还设置成在向所述终端的归属 IIS 查询所述终端的 The information query unit is also configured to query the terminal's home IIS for the terminal's AID前, 根据所述终端用于接入鉴权的标识判断所述终端是否归属于本地网 络,在终端不归属于本地网络时,确定所述终端的归属 IIS, 以向所述归属 ns 查询所述终端的 AID。 Before AID, determine whether the terminal belongs to the local network based on the identification used by the terminal for access authentication. When the terminal does not belong to the local network, determine the home IIS of the terminal to query the home ns. AID of the terminal. 18、 如权利要求 16所述的身份信息服务器, 其中, 18. The identity information server as claimed in claim 16, wherein, 所述信息查询单元还设置成在接收到其他身份信息服务器发送的终端用 于接入鉴权的标识后, 根据接收到的终端用于接入鉴权的标识从所述数据存 储单元查询对应的 AID, 并将查询到的 AID返回给相应的身份信息服务器。 The information query unit is also configured to, after receiving the identification of the terminal used for access authentication sent by other identity information servers, query the corresponding information from the data storage unit according to the received identification of the terminal used for access authentication. AID, and returns the queried AID to the corresponding identity information server. 19、 一种身份位置寄存器, 包括信息交互单元、 数据存储单元和信息更 新单元, 其中: 19. An identity location register, including an information interaction unit, a data storage unit and an information update unit, wherein: 所述信息交互单元设置成建立网络中各身份位置寄存器 (ILR)之间的相 互连接; The information interaction unit is configured to establish interconnections between identity location registers (ILRs) in the network; 所述数据存储单元设置成在终端漫游接入时, 接收并保存终端的拜访地 服务接入服务路由器 ASR发送的所述终端的接入标识 (AID)和路由标识 (RID), 所述 AID由所述拜访地服务 ASR从拜访地身份信息服务器 (IIS)查询 得到; 所述 RID由所述拜访地服务 ASR在查询到所述 AID后, 为所述终端 分配; The data storage unit is configured to receive and store the terminal's access identification (AID) and routing identification (RID) sent by the terminal's visited service access service router ASR when the terminal roams and accesses, and the AID is composed of The visited service ASR is obtained by querying the visited identity information server (IIS); the RID is assigned to the terminal by the visited service ASR after querying the AID; 所述信息更新单元设置成通过所述信息交互单元将所述终端的 AID和 RID发送给所述终端的归属 ILR, 以使所述归属 ILR保存所述终端的 AID与 RID的对应关系。 The information update unit is configured to send the AID and RID of the terminal to the home ILR of the terminal through the information interaction unit, so that the home ILR saves the corresponding relationship between the AID and RID of the terminal. 20、 如权利要求 19所述的身份位置寄存器, 其中, 20. The identity location register as claimed in claim 19, wherein, 所述信息更新单元还设置成在将所述终端的 AID和 RID发送给终端的归 属 ILR前,根据终端的 AID和预先配置的信息判断终端是否归属于本地网络, 如果不属于, 确定所述终端的归属网络; 或者根据所述拜访地服务 ASR在发 送 AID和 RID的同时发送的终端用于接入鉴权的标识判断终端是否归属于本 地网络, 如果不属于, 确定所述终端的归属网络。 The information update unit is also configured to determine whether the terminal belongs to the local network based on the terminal's AID and preconfigured information before sending the terminal's AID and RID to the terminal's home ILR. If it does not belong, determine the home network of the terminal; or determine whether the terminal belongs to the local network based on the identification of the terminal sent by the visited service ASR when sending the AID and RID while sending the AID and RID. If it does not belong, determine whether the terminal belongs to the local network. Determine the home network of the terminal. 21、 如权利要求 19所述的身份位置寄存器, 其中, 21. The identity location register as claimed in claim 19, wherein, 所述数据存储单元还设置成在所述终端切换 ASR后,接收终端切换到的 目标 ASR为终端重新分配的 RID; The data storage unit is also configured to receive the target ASR that the terminal switches to after the terminal switches the ASR, which is the RID reassigned by the terminal; 所述信息更新单元还设置成在所述终端不属于本地网络并确定终端的归 属网络后, 将目标 ASR为终端重新分配的 RID更新到终端的归属 ILR。 The information update unit is also configured to update the RID reassigned by the target ASR to the terminal's home ILR after the terminal does not belong to the local network and the terminal's home network is determined. 22、 如权利要求 19所述的身份位置寄存器, 其中, 22. The identity location register as claimed in claim 19, wherein, 所述信息更新单元还设置成在所述终端退网或释放 IP地址时,将所述终 端的 AID发送给所述终端的归属 ILR, 通知所述归属 ILR删除所述终端的 RID。 The information update unit is also configured to send the AID of the terminal to the home ILR of the terminal when the terminal logs off the network or releases the IP address, and notifies the home ILR to delete the RID of the terminal.
PCT/CN2013/079257 2012-08-24 2013-07-12 Method and identity information server for obtaining access identifier of terminal Ceased WO2013178138A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201210305447.0 2012-08-24
CN201210305447.0A CN103634776B (en) 2012-08-24 2012-08-24 A kind of method and identity information server of the access mark obtaining terminal

Publications (1)

Publication Number Publication Date
WO2013178138A1 true WO2013178138A1 (en) 2013-12-05

Family

ID=49672463

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2013/079257 Ceased WO2013178138A1 (en) 2012-08-24 2013-07-12 Method and identity information server for obtaining access identifier of terminal

Country Status (2)

Country Link
CN (1) CN103634776B (en)
WO (1) WO2013178138A1 (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109067788B (en) 2018-09-21 2020-06-09 新华三技术有限公司 Access authentication method and device
CN118590842A (en) * 2023-03-03 2024-09-03 华为技术有限公司 Charging method and system

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1925691A (en) * 2006-09-30 2007-03-07 华为技术有限公司 Method and system for realizing international nomadism call
CN102045692A (en) * 2009-10-26 2011-05-04 中兴通讯股份有限公司 Communication network realized by network architecture based on separation of control surfaces and media surface
CN102546847A (en) * 2010-12-30 2012-07-04 中兴通讯股份有限公司 Information processing method, domain name server and access router

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102026164A (en) * 2009-09-17 2011-04-20 中兴通讯股份有限公司 Method and system for acquiring ID (Identity) of terminal user
CN102036215B (en) * 2009-09-25 2013-05-08 中兴通讯股份有限公司 Method and system for implementing internetwork roaming and query and network attachment method and system

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1925691A (en) * 2006-09-30 2007-03-07 华为技术有限公司 Method and system for realizing international nomadism call
CN102045692A (en) * 2009-10-26 2011-05-04 中兴通讯股份有限公司 Communication network realized by network architecture based on separation of control surfaces and media surface
CN102546847A (en) * 2010-12-30 2012-07-04 中兴通讯股份有限公司 Information processing method, domain name server and access router

Also Published As

Publication number Publication date
CN103634776B (en) 2019-01-04
CN103634776A (en) 2014-03-12

Similar Documents

Publication Publication Date Title
US9143483B2 (en) Method for anonymous communication, method for registration, method and system for transmitting and receiving information
US8667182B2 (en) User locating system, method and server in packet-based network
WO2011050678A1 (en) Communication network implemented based on control-plane-and-medium-plane-splitting network architecture
CN102036215B (en) Method and system for implementing internetwork roaming and query and network attachment method and system
WO2012130085A1 (en) Method and device for establishing connection with network management system, and communication system
WO2013071819A1 (en) Method, network element and ue achieving identifier and location separation and interface identifier allocation
WO2009082979A1 (en) A method for allocating network addresses, network and network node thereof
WO2009046666A1 (en) Addressing method of policy decision function entity, network element and network system
WO2011085618A1 (en) Method for terminal switching and corresponding communication network
CN103796281A (en) Management method, device and system for packet-data network type
WO2011050724A1 (en) System for implementing mobile communication based on wideband code division multiple access (wcdma) core network and user equipment access method
CN102571999A (en) Method and system for data transmission and access gateway
WO2007051407A1 (en) Evolved mobile communication system and a terminal register method thereof
US8705471B2 (en) Method and system for implementing ID/locator mapping
WO2011032417A1 (en) Method and system for initiating forwarding of communicaiton, information and data message and for routing configuration
WO2011044807A1 (en) Method for registration and communication of anonymous communication and transceiver system for data message
WO2011120365A1 (en) Method and system for establishing connection between multi-homed terminals
WO2011120276A1 (en) Method and system for establishing connection between terminals
WO2011032478A1 (en) Method, device and terminal for obtaining terminal identifier
CN102056236B (en) Communication network implemented based on Wimax network structure and terminal access method
WO2013178138A1 (en) Method and identity information server for obtaining access identifier of terminal
WO2012103755A1 (en) Method and system for obtaining a terminal id
WO2012088828A1 (en) Method, system and access gateway router for table maintenance
CN102056287B (en) Method and system for realizing identity and location separation based on network
WO2011026355A1 (en) Method for a node accessing a home agent, home agent cluster system and service router

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 13798063

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 13798063

Country of ref document: EP

Kind code of ref document: A1