Nothing Special   »   [go: up one dir, main page]

WO2010130174A1 - Method for enabling local access control and corresponding communication system - Google Patents

Method for enabling local access control and corresponding communication system Download PDF

Info

Publication number
WO2010130174A1
WO2010130174A1 PCT/CN2010/071852 CN2010071852W WO2010130174A1 WO 2010130174 A1 WO2010130174 A1 WO 2010130174A1 CN 2010071852 W CN2010071852 W CN 2010071852W WO 2010130174 A1 WO2010130174 A1 WO 2010130174A1
Authority
WO
WIPO (PCT)
Prior art keywords
local access
access control
control information
network element
side network
Prior art date
Application number
PCT/CN2010/071852
Other languages
French (fr)
Chinese (zh)
Inventor
刘军
宗在峰
Original Assignee
中兴通讯股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 中兴通讯股份有限公司 filed Critical 中兴通讯股份有限公司
Publication of WO2010130174A1 publication Critical patent/WO2010130174A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/08Access security
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W84/00Network topologies
    • H04W84/02Hierarchically pre-organised networks, e.g. paging networks, cellular networks, WLAN [Wireless Local Area Network] or WLL [Wireless Local Loop]
    • H04W84/04Large scale networks; Deep hierarchical networks
    • H04W84/042Public Land Mobile systems, e.g. cellular systems
    • H04W84/045Public Land Mobile systems, e.g. cellular systems using private Base Stations, e.g. femto Base Stations, home Node B

Definitions

  • the present invention relates to the field of communications technologies, and in particular, to a method and system for local access control.
  • the home base station (including: Home Node B (HNB) and Home eNode B (HeNB)) is a small, low-power base station deployed in indoor places such as homes and offices, and is mainly used to provide users with higher service rates. It also reduces the cost of using high-rate services while making up for the deficiencies of existing distributed cellular wireless communication systems.
  • the advantages of home base stations are affordability, convenience, low power output, plug and play, broadband access, and the use of single mode terminals.
  • the home base station can be applied in a 3 generation (3 Generation) or Long Term Evolution (LTE) mobile communication network.
  • a new network element that is, a home base station gateway, is introduced in the radio access network.
  • FIG. 1 is a 3G home base station network architecture diagram.
  • the 3G home base station is connected to the home base station gateway through a newly defined Iuh interface, and the home base station gateway provides IuPS and IuCs interfaces to the core network packet domain and the circuit domain.
  • the home base station gateway is mandatory to shield the impact on the terminal and the network side after the home base station is introduced.
  • the home base station gateway is optional.
  • the LTE home base station and the core network are connected in two ways.
  • One is that the home base station and the core network element are directly connected, as shown in FIG. 2, and the other is a home base station.
  • Connected through the home base station gateway and the core network element as shown in Figure 3.
  • the home base station gateway may not integrate the user plane function, and the user plane is directly established between the home base station and the core network user plane gateway, so that the user plane is flattened and the data transmission delay is reduced.
  • the Closed Subscriber Group (CSG) is a new concept proposed after the introduction of a home base station.
  • a family or a user inside an enterprise forms a closed user group, which is identified by a CSG ID.
  • Home base station serving users in this closed subscriber group Have the same CSG ID.
  • the user can access the home base station corresponding to multiple closed user groups, such as the user's office and home.
  • the concept of allowing a closed user group list to be introduced is therefore introduced.
  • This list is stored in the user's terminal and the user data server on the network side.
  • the home base station When the home base station is in the open mode, any user can access the home base station, and the home base station at this time is equivalent to the macro base station.
  • the home base station When the home base station is in the hybrid mode, any user is also allowed to access the use, but different levels are classified according to whether the user subscribes to the CSG.
  • the existing home base station supports the access of the mobile network, but the home base station does not currently support the function of locally accessing other IP devices of the home network and the function of Internet access, that is, the function of the terminal to access the home network and the Internet network through the home base station is not supported.
  • the macro cellular network scenario mainly refers to the shunting of internet data.
  • the technical problem to be solved by the present invention is to provide a method and system for implementing local access control, which implements a local access function through a home base station or a macro base station.
  • the local access includes accessing other IP devices or Internet networks of the local network through the home base station or the macro base station.
  • the present invention provides a local access control method, including: the core network sends the local access control information to the radio side network element, and the radio side network element performs local access control according to the local access control information.
  • the wireless side network element implements local access control.
  • the step of the core network transmitting the local access control information to the radio side network element includes: the user establishes a connection with the radio side network element by using the non-access stratum message; the radio side network element forwards the non-access stratum message to the core network The core network processes the non-access stratum message, and sends local access control information to the radio side network element.
  • the non-access stratum In the step of establishing a connection between the user and the wireless side network element by using the non-access stratum message, the non-access stratum The message also carries a local access identifier, indicating that the user wants to perform local access; and the core network processes the non-access stratum message, and the step of sending local access control information to the radio side network element includes: determining, by the core network, the user Whether the local access capability is available, and the local access control information is sent to the wireless side network element when the user has the local access capability, where the local access control information includes local access capability information, routing policy, and uplink of the user equipment.
  • the wireless side network element includes but is not limited to: a home base station, a macro base station, or another network element device between the terminal and the general packet radio service support node;
  • the core network sends the local access control information to the radio side network element:
  • the general packet radio service support node of the core network accesses the network application part through the radio access (RANAP) Transmitting the local access control information to the radio side network element; or, in a long term evolution (LTE) system, the local access control is sent by the mobility management entity of the core network by using an initial context setup request message Information is sent to the wireless side network element.
  • the local access control information includes local access capability information of the user equipment, or the local access control information includes local access capability information of the user equipment, and a routing policy and/or an uplink service flow template.
  • the present invention further provides a communication system, including a core network device and a wireless side network element, where: the core network device is configured to: send local access control information to a wireless side network element; and the wireless side network element setting And receiving local access control information sent by the core network device, and performing local access control according to the local access control information to support local access control of the wireless side network element.
  • the wireless side network element is further configured to: forward a non-access stratum message sent by the user to the network side;
  • the network side device is configured to send the local access control information to the radio side network element in the following manner: the core network device processes the non-access stratum message, and sends the local access control information to the radio side network element.
  • the non-access stratum message sent by the user carries the local access identifier, indicating that the user wants to perform local access; the core network device is configured to process the non-access stratum message in the following manner, and send local access control information to
  • the wireless side network element determines whether the user has the local access capability, and when the user has the local access capability, the local access control information is sent to the wireless side network element, where the local access control information includes the local access capability information of the user equipment. And the routing policy and the uplink service flow template; or, when the user does not have the local access capability, the local access control information is sent to the wireless side network element, where the local access control information includes only the local access capability information of the user equipment. .
  • the wireless side network element is a home base station, a macro base station, or another network element device between the terminal and the general packet radio service support node; and the system is a (3G) system, and the core network device is a general packet radio service.
  • the general packet radio service support node is configured to: deliver the local access control information to the radio side network element by using a radio access network application part (RANAP) message; or, the system is a long term evolution (LTE)
  • RANAP radio access network application part
  • LTE long term evolution
  • the system, the core network device is a mobility management entity, and the mobility management entity is configured to: send the local access control information to the wireless side network element by using an initial context setup request message.
  • the present invention further provides a radio side network element, which is configured to: receive local access control information delivered by a core network, and perform local access control according to the local access control information.
  • the wireless side network element is a home base station, a macro base station, or another network element device between the terminal and the general packet radio service support node; and the wireless side network element is further configured to:
  • the non-access stratum message is sent to the radio side network element, where the local access control information includes the local access capability information of the user equipment, or the local access control information includes the user equipment.
  • Local access capability information and, routing policies and/or upstream traffic flow templates.
  • the present invention further provides a core network device, which is configured to: send local access control information to a wireless side network element; thereby causing the wireless side network element to perform local according to the local access control information. Access control to support wireless side network element local access control.
  • the core network device is configured to send the local access control information to the wireless side network element in the following manner: the core network device receives the non-access stratum message sent by the user that is forwarded by the wireless side network element,
  • the core network device processes the non-access stratum message and sends local access control information to the radio side network element.
  • the non-access stratum message sent by the user carries the local access identifier, indicating that the user wants to access the local network.
  • the core network device is configured to process the non-access stratum message and send local access control information.
  • the wireless side network element determines whether the user has the local access capability, and when the user has the local access capability, the local access control information is sent to the wireless side network element, where the local access control information includes the local access capability of the user equipment.
  • the information, the routing policy, and the uplink service flow template; or the local access control information is sent to the wireless side network element when the user does not have the local access capability, where the local access control information includes only the local access capability information of the user equipment.
  • the core network device is a general packet radio service support node, and the general packet radio The service service support node is configured to send the local access control information to the radio side network element by using a radio access network application part (RANAP) message; or the core network device is a mobility management entity, the mobility management The entity is configured to deliver the local access control information to the wireless side network element by using an initial context setup request message.
  • RANAP radio access network application part
  • the network side sends the local access control information to the wireless side network element, and the wireless side network element performs local access control according to the local access control information, thereby implementing the function of local access through the wireless side network element.
  • FIG. 1 is an architecture diagram of a 3G home base station network
  • FIG. 2 is an architecture diagram of an LTE home base station directly connected to a core network
  • FIG. 3 is an architecture diagram of an LTE home base station accessing a core network through a home base station gateway
  • FIG. 5 is a flowchart of an implementation manner of controlling a local IP access by a 3G home base station according to the present invention
  • FIG. 6 is a flowchart of an embodiment of controlling an local IP access by an LTE home base station according to the present invention
  • 7 is a flow chart of an embodiment of a 3G home base station using a local access identifier according to the present invention
  • FIG. 8 is a flow chart of an embodiment of the LTE home base station using a local access identifier according to the present invention.
  • a method for implementing local access control of a wireless side network element is provided, so that the wireless side network element supports access to other IP devices or Internet networks of the local network, and local access must be approved by the network operator.
  • the normal attach process will be performed.
  • the path of the Internet network the third is to access the internal network through the wireless side network element, so that the wireless side network element needs to use the Network Address Translation (NAT) to branch the uplink data packet of the mobile user according to the destination address of the data packet. Make routing choices.
  • NAT Network Address Translation
  • the present invention provides a method for the wireless side network element to support local IP access, and completes the requirement of local access control without affecting the existing process. When the user is powered on, a normal attach process is performed.
  • the network side brings the local access control information (ie, local access control information) to the wireless side network element, where the network side is the core network, and the control information
  • the local access control information ie, local access control information
  • the wireless side network element There are three types, one is whether the user can perform local access, that is, the local access capability information, and the other is how the wireless side network element routes the destination address of the user equipment (User Equipment, UE), that is, the routing policy; Bind uplink traffic template (TFT).
  • the network side may carry the local access control information through a Radio Access Network Application Part (RANAP) message or an Initial Context Setup Request message or other message. Give the wireless side network element.
  • RANAP Radio Access Network Application Part
  • Initial Context Setup Request message or other message.
  • the wireless side network element can determine whether to allow the UE to use the local access function according to the local access capability information in the local access control information sent by the network side, and the function includes the wireless access from the wireless side network element to the Internet network or the local network internal access, and the wireless The side network element can also determine how to route the user's data stream according to the routing control information.
  • the wireless side network element uses the uplink TFT to perform bearer binding. The local access control information needs to be saved on the radio side network element, and the information cannot be deleted even after the signaling connection is released.
  • another local access control method is to carry a local access identifier in the attach request message, indicating that the user wants to perform local access (access to the local network or local access to the Internet network), the network side, that is, the core network. According to the contracting capability, it is determined whether the local access is allowed. If not allowed, the network side only sends the local access capability information of the user equipment to the wireless side network element, and does not deliver the routing policy and the uplink TFT to the wireless side network element; The network side sends relevant local access control information (including local access capability information, routing policy, and uplink TFT) to the wireless side network element.
  • relevant local access control information including local access capability information, routing policy, and uplink TFT
  • the wireless side network element includes but is not limited to: a home base station, a macro base station, or another network element device between the terminal and the general packet radio service support node.
  • a home base station a macro base station
  • the function of the home base station to locally access other IP devices of the home network can be realized.
  • the function of Internet access can also be applied to the macro cellular network scenario, mainly referring to the offloading of internet data. Since local access control problems exist in both the home base station and the macro cellular network, the same solution can be used.
  • This embodiment uses a home base station as an example for description. 5 is an implementation manner of controlling a local IP access by a 3G home base station, and the specific method is as follows: Step 501: Establish a radio resource control (Radio Resource Control) between the user and the home base station.
  • Radio Resource Control Radio Resource Control
  • Step 502 The user initiates a registration process by initializing a non-access stratum (NAS) message, and the type of the NAS message may be an attach request message, a location update message, a service request message, etc. The example is described.
  • Step 503 The home base station finds that there is no context identification information of the user, and sends a registration request message to the home base station gateway, where the registration request message carries the type of registration, the IMSI (International Mobile Subscriber Identity) identifier of the user, the terminal capability, and the home base station identifier. information.
  • IMSI International Mobile Subscriber Identity
  • Step 504 If the home base station gateway learns that the access control needs to be completed according to the user's terminal capability, perform access control according to the actual usage mode of the user base station accessed by the user and the corresponding relationship between the user IMSI and the home base station, and perform the steps. 505. If the home base station gateway knows that the access control needs to be completed in the core network according to the terminal capability of the user, then the home base station gateway defaults to the access control permission, and step 506 is executed to instruct the core network to perform the access control judgment. Step 505: If the home base station gateway access control is successful, replying to the registration accept message to the home base station, performing step 506; if the home base station gateway access control fails, replying to the registration reject message, the subsequent process is not completed.
  • Step 506 The home base station forwards the NAS message (the attach request message in this embodiment) to the home base station gateway, and the home base station gateway forwards the message to the core network.
  • Step 507 The core network processes the NAS message. In this embodiment, the process of performing authentication, bearer establishment, and the like is performed, if the General Packet Radio Service (GPRS) service support node (SGSN) is locally localized. Without the context identification information of the UE, the subscription data of the UE needs to be obtained from the Home Subscriber Server (HSS). Step 508, the attach request is accepted, and the SGSN passes the subscription data and the local configuration policy.
  • GPRS General Packet Radio Service
  • HSS Home Subscriber Server
  • the routing policy of the UE is used to carry the local access control information to the home base station by using the RANAP message, and the home base station needs to save the local access control information carried in the RAN AP message.
  • the attach accept message is carried in the RANAP message.
  • the local access control information includes one or more of a local access capability (ie, UE local IP access capability) of the UE, a routing policy, and an uplink TFT.
  • the home base station performs local access control based on the saved local access control information. Specifically, the home base station determines whether to allow the UE to use the local access function according to the local access capability, and the function includes accessing from the home base station outlet or the home network, and the home base station may also determine how to route the user data stream according to the routing control information.
  • the home base station uses the uplink TFT for bearer binding.
  • the method for obtaining the local access control information by the macro base station is similar to this embodiment, and no steps are performed.
  • FIG. 6 is an implementation manner of controlling local IP access by an LTE home base station, and the specific method is as follows: Step 601: Establish an RRC (Radio Resource Control) connection between the user and the home base station. Step 602: The user initiates an initialization of a NAS (Non-Access Stratum) message, and the type of the NAS message may be an attach request message, a location update message, or a service request message. In this embodiment, an attach request message is used as an example for description.
  • RRC Radio Resource Control
  • Step 603 The NAS message forwarded by the home base station (attach request message in this embodiment) is sent to the home base station gateway, and the home base station gateway forwards the NAS message to the core network.
  • Step 604 the core network processes the NAS message. In this embodiment, the process of performing authentication, bearer establishment, and the like is required. If the Mobility Management Entity (MME) does not have the context identifier information of the UE locally, the HSS needs to be obtained from the HSS. Request the contract data of the UE.
  • Step 605 The attach request is accepted, and the MME generates a routing policy of the UE by using the subscription data and the local configuration policy, and brings the local access control information to the home base station by using an Initial Context Setup Request message.
  • MME Mobility Management Entity
  • the home base station needs to save the local access control information carried in the message.
  • the attach accept message is carried in the initial context setup request message.
  • the local access control information includes one or more of a local access capability, a routing policy, and an uplink TFT of the UE.
  • Step 606 the RRC connection reconfiguration process.
  • Step 607 The home base station sends an initial context setup response to the MME.
  • Step 608 The home base station sends an Attach Complete message to the MME.
  • the method for the macro base station to acquire local access control information is similar to this embodiment.
  • the method for obtaining the local access control information is similar to this embodiment.
  • Step 7 is an implementation manner of using a local access identifier by a 3G home base station, and specifically includes: Step 701: Establish an RRC (Radio Resource Control) connection between the user and the home base station.
  • the type of the NAS message may be an attach request message, a location update message, a service request message, and the like. In this embodiment, an attach request message is taken as an example for description.
  • Step 703 The home base station finds that there is no context identification information of the user, and sends a registration request message to the home base station gateway, where the message carries information such as the type of registration, the IMSI identity of the user, the terminal capability, and the identity of the home base station.
  • Step 704 If the home base station gateway learns that the access control needs to be completed according to the terminal capability of the user, perform access control according to the actual usage mode of the user base station accessed by the user and the corresponding relationship between the user IMSI and the home base station, and perform the steps. 705.
  • step 706 is executed to instruct the core network to perform the access control determination.
  • Step 705 If the home base station gateway access control is successful, replying to the registration accept message to the home base station, performing step 706; if the home base station gateway access control fails, replying to the registration reject message, the subsequent process is not completed.
  • Step 706 The home base station forwards the NAS message (attach request message in this embodiment) To the home base station gateway, the home base station gateway forwards the message to the core network.
  • Step 707 The core network processes the NAS message.
  • the process of performing authentication, bearer establishment, and the like is performed. If the SGSN does not have the context identifier information of the UE locally, the contract data of the UE needs to be obtained from the HSS. Step 708, the attach request is accepted, and the network side determines whether the user has the local access capability. If the user does not have the local access capability, the network side sends the local access control information to the home base station through the RANAP message, where the local access control information includes only the user.
  • the local access capability information of the device does not include other local access control information (such as the routing policy and the uplink TFT).
  • the SGSN If the user has the local access capability, the SGSN generates the routing policy of the UE through the subscription data and the local configuration policy, and localizes through the RANAP message.
  • the access control information is provided to the home base station, where the local access control information includes the local access capability of the UE, the routing policy, and the uplink TFT.
  • the home base station needs to save the local access control information carried in the message.
  • the attach accept message is carried in the RANAP message.
  • the method for obtaining the local access control information by the macro base station is similar to this embodiment, and steps 703 to 705 are not performed. If there are other network element devices between the terminal and the general packet radio service support node, the method for obtaining the local access control information is similar to this embodiment, and step 703 705 is not performed.
  • Step 801 Establish a radio resource control (RRC) connection between a user and a home base station.
  • Step 802 The user initiates a non-access stratum (NAS) message, where the message carries a local access identifier, indicating that the user wants to access the local network.
  • the type of the NAS message may be an attach request message, a location update message, or a service request message. In this embodiment, an attach request message is taken as an example for description.
  • Step 803 The NAS message forwarded by the home base station (attach request message in this embodiment) is sent to the home base station gateway, and the home base station gateway forwards the message to the core network.
  • Step 804 The core network processes the NAS message. In this embodiment, the process of performing authentication, bearer establishment, and the like is performed. If the MME does not have the context identifier information of the UE, the contract data of the UE needs to be obtained from the HSS. Step 805, the attach request is accepted, and the network side determines whether the user has the local access capability. If the user does not have the local access capability, the network side sends the local access control information to the home base station through the Initial Context Setup Request message, where the local access control information is included. Only the local access capability information of the UE is included, and other local access control information (such as the routing policy and the uplink TFT) is not included.
  • the MME does not have the context identifier information of the UE
  • the contract data of the UE needs to be obtained from the HSS.
  • Step 805 the attach request is accepted, and the network side determines whether the user has the local access capability. If the user does not have the local access capability, the network side sends the local access control information
  • the MME If the user has the local access capability, the MME generates the routing policy of the UE through the subscription data and the local configuration policy, through the Initial Context.
  • the setup request message carries the local access control information to the home base station, where the local access control information includes the local access capability information, the routing policy, and the uplink TFT of the UE.
  • the home base station needs to save the local access control information carried in the message.
  • the attach accept message is carried in the Initial Context Setup Request message.
  • Step 806 the RRC connection reconfiguration process.
  • Step 807 The home base station sends an initial context setup response to the MME.
  • Step 808 The home base station sends an Attach complete to the MME.
  • the method for the macro base station to acquire local access control information is similar to this embodiment.
  • FIG. 6 and FIG. 8 are diagrams illustrating a process in which a home base station connects to a home base station through a home base station gateway and a core network, and when the home base station is directly connected to the core network, the network side sends local access control information to the home base station, and FIG. 6 and FIG. 8 is similar and will not be described here.
  • the present invention also provides a communication system including a core network device and a wireless side network element, where:
  • the core network device is configured to: send the local access control information to the wireless side network element; and the wireless side network element is set to: receive the local access control information sent by the core network device, and perform local access control according to the local access control information.
  • the radio network element is further configured to: forward the non-access stratum message sent by the user to the core network device, where the core network device is configured to send the local access control information to the radio side network element as follows: The access layer message is sent and the local access control information is sent to the wireless side network element.
  • the non-access stratum message sent by the user carries the local access identifier, indicating that the user wants to perform local access.
  • the core network device is configured to process the non-access stratum message in the following manner, and send the local access control information to the radio side network element: determine whether the user has the local access capability, and send the local access control information when the user has the local access capability.
  • the local access control information includes the local access capability information, the routing policy, and the uplink service flow template of the user equipment; or when the user does not have the local access capability, the local access control information is sent to the wireless side network.
  • the local access control information includes only the local access capability information of the user equipment.
  • the wireless side network element is a home base station, a macro base station, or another network element device between the terminal and the general packet radio service support node;
  • the communication system is a (3G) system
  • the core network device is a general packet radio service support node, and the general packet radio service support node is configured to: deliver the local access control by using a radio access network application part (RANAP) message
  • RANAP radio access network application part
  • the information is sent to the wireless side network element
  • the communication system is a long term evolution (LTE) system
  • the core network device is a mobility management entity, and the mobility management entity is configured to: deliver local access control information to the wireless side by using an initial context setup request message.
  • Network element is a 3G system
  • the core network device is a general packet radio service support node, and the general packet radio service support node is configured to: deliver the local access control by using a radio access network application part (RANAP) message
  • RANAP radio access network application part
  • LTE long term evolution
  • the core network device is a mobility management entity, and the mobility management entity is configured to: deliver local access control information to the wireless side by using an initial context setup request message.
  • the present invention further provides a wireless side network element, which is configured to: receive local access control information delivered by the core network, and perform local access control according to local access control information.
  • the wireless side network element is further configured to: forward the non-access stratum message sent by the user to the core network, so that the core network processes the non-access stratum message and sends the local access control information to the radio side network element;
  • the local access control information includes local access capability information of the user equipment, or the local access control information includes local access capability information of the user equipment, and a routing policy and/or an uplink service flow template.
  • the wireless side network element is a home base station, a macro base station, or other network element device between the terminal and the general packet radio service support node.
  • the present invention further provides a core network device, which is configured to: send local access control information to a wireless side network element; thereby enabling a wireless side network element to perform local access control according to local access control information to support wireless Local network element local access control.
  • the core network device is configured to send the local access control information to the wireless side network element in the following manner: the core network device receives the non-access stratum message sent by the user that is forwarded by the radio side network element, and the core network device processes the The non-access stratum message, and the local access control information is sent to the radio side network element.
  • the non-access stratum message sent by the user carries the local access identifier, indicating that the user wants to access the local network.
  • the core network device is configured to process the non-access stratum message in the following manner, and send local access control information to the radio side network. If the user has the local access capability, the local access control information is sent to the wireless side network element, where the local access control information includes the local access capability information, routing policy, and uplink of the user equipment. If the user does not have the local access capability, the local access control information is sent to the wireless side network element, where the local access control information includes only the local access capability information of the user equipment.
  • the core network device is a general packet radio service support node, and the general packet radio service support node is configured to send local access control information to the radio side network element through a radio access network application part (RANAP) message; or, the core network device
  • RANAP radio access network application part
  • the mobility management entity is set to pass the initial up and down The text establishment request message sends the local access control information to the radio side network element.
  • the present invention sends local access control information to the wireless side network element by the network side, and the wireless side network element performs local access control according to the local access control information, thereby realizing access to the local network or the Internet network through the wireless side network element.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

A method for enabling local access control is provided by the present invention; it includes: a core network sends local access control information down to a network element on the wireless side, and according to said local access control information, the network element on the wireless side performs local access control, so that the network element on the wireless side enables the local access control function. Correspondingly, a telecommunication system, a wireless side network element and a core network device are also provided by the present invention. Adopting the technical scheme of the present invention enables a wireless side network element to access a local network or Internet network.

Description

一种实现本地访问控制的方法及相应的通信系统  Method for realizing local access control and corresponding communication system
技术领域 本发明涉及通信技术领域, 尤其涉及一种本地访问控制的方法及系统。 The present invention relates to the field of communications technologies, and in particular, to a method and system for local access control.
背景技术 Background technique
家用基站 (包括: Home Node B ( HNB )和 Home eNode B ( HeNB ) ) 是一种小型、 低功率的基站, 部署在家庭及办公室等室内场所, 主要作用是 为了给用户提供更高的业务速率并降低使用高速率服务所需要的费用, 同时 弥补已有分布式蜂窝无线通信系统覆盖的不足。 家用基站的优点是实惠、 便 捷、 低功率输出、 即插即用、 宽带接入以及使用单模终端等。 家用基站可以应用在第三代( 3 Generation, 3G )或者长期演进( Long Term Evolution, LTE )移动通信网络中。 为了便于对家用基站进行管理, 在无线 接入网引入了一个新网元, 即家用基站网关。 家用基站网关主要执行的功能 为: 验证家用基站的安全性, 处理家用基站的注册, 对家用基站进行运行维 护管理, 根据运营商要求配置和控制家用基站, 负责交换核心网和家用基站 的数据。 图 1是 3G家用基站网络架构图, 3G家用基站通过新定义的 Iuh接 口连接至家用基站网关, 家用基站网关提供到核心网分组域和电路域的 IuPS 和 IuCs接口。 对于 3G网络, 家用基站网关是必选部署, 用来屏蔽引入家用 基站后对终端和网络侧的影响。 对于 LTE网络, 家用基站网关是可选部署, 因此 LTE家用基站和核心网连接有两种方式,一种是家用基站和核心网网元 直接相连, 如图 2所示, 另一种是家用基站通过家用基站网关和核心网网元 相连, 如图 3所示。 对于图 3所示引入家用基站网关的场景, 家用基站网关 可以不集成用户面功能, 家用基站和核心网用户面网关间直接建立用户面, 这样可以使用户面扁平化, 数据传输时延减小, 如图 4所示。 闭合用户组(Closed Subscriber Group, CSG )是引入家用基站后提出的 新概念。 通常一个家庭或者一个企业内部的用户组成一个闭合用户组, 这个 闭合用户组用 CSG ID进行标识。 为这个闭合用户组内用户服务的家用基站 具有相同的 CSG ID。用户通过与运营商签约可以接入到多个闭合用户组所对 应的家用基站, 例如用户的办公场所和家庭等。 因此引入了允许闭合用户组 列表的概念。 这个列表保存在用户的终端和网络侧的用户数据服务器中。 家 用基站的使用模式分为三种: 闭合模式、 混合模式和开放模式。 当家用基站 是闭合模式的时候,只有该家用基站所属 CSG的签约用户可以接入该家用基 站并享受该家用基站提供的业务。 当家用基站是开放模式的时候, 任何用户 都可以接入该家用基站, 此时的家用基站等同于宏基站使用。 当家用基站是 混合模式的时候, 同样允许任何用户接入使用, 但是要根据用户是否签约 CSG的信息区分不同的级别。 现有家用基站支持移动网络的接入, 但是家用基站目前还不支持本地访 问家用网络其他 IP设备的功能及 Internet访问的功能, 即不支持终端通过家 用基站访问家用网络及 Internet 网络的功能。 此外, 宏蜂窝网络场景下同样 存在本地访问控制问题。 其中, 宏蜂窝网络场景主要指进行 internet数据的 分流。 The home base station (including: Home Node B (HNB) and Home eNode B (HeNB)) is a small, low-power base station deployed in indoor places such as homes and offices, and is mainly used to provide users with higher service rates. It also reduces the cost of using high-rate services while making up for the deficiencies of existing distributed cellular wireless communication systems. The advantages of home base stations are affordability, convenience, low power output, plug and play, broadband access, and the use of single mode terminals. The home base station can be applied in a 3 generation (3 Generation) or Long Term Evolution (LTE) mobile communication network. In order to facilitate the management of the home base station, a new network element, that is, a home base station gateway, is introduced in the radio access network. The functions performed by the home base station gateway are as follows: verifying the security of the home base station, handling the registration of the home base station, performing operation and maintenance management on the home base station, configuring and controlling the home base station according to the operator's requirements, and exchanging data of the core network and the home base station. Figure 1 is a 3G home base station network architecture diagram. The 3G home base station is connected to the home base station gateway through a newly defined Iuh interface, and the home base station gateway provides IuPS and IuCs interfaces to the core network packet domain and the circuit domain. For a 3G network, the home base station gateway is mandatory to shield the impact on the terminal and the network side after the home base station is introduced. For the LTE network, the home base station gateway is optional. Therefore, the LTE home base station and the core network are connected in two ways. One is that the home base station and the core network element are directly connected, as shown in FIG. 2, and the other is a home base station. Connected through the home base station gateway and the core network element, as shown in Figure 3. In the scenario of the home base station gateway shown in FIG. 3, the home base station gateway may not integrate the user plane function, and the user plane is directly established between the home base station and the core network user plane gateway, so that the user plane is flattened and the data transmission delay is reduced. , As shown in Figure 4. The Closed Subscriber Group (CSG) is a new concept proposed after the introduction of a home base station. Usually a family or a user inside an enterprise forms a closed user group, which is identified by a CSG ID. Home base station serving users in this closed subscriber group Have the same CSG ID. By signing with the operator, the user can access the home base station corresponding to multiple closed user groups, such as the user's office and home. The concept of allowing a closed user group list to be introduced is therefore introduced. This list is stored in the user's terminal and the user data server on the network side. There are three usage modes for home base stations: closed mode, mixed mode, and open mode. When the home base station is in the closed mode, only the subscriber of the CSG to which the home base station belongs can access the home base station and enjoy the service provided by the home base station. When the home base station is in the open mode, any user can access the home base station, and the home base station at this time is equivalent to the macro base station. When the home base station is in the hybrid mode, any user is also allowed to access the use, but different levels are classified according to whether the user subscribes to the CSG. The existing home base station supports the access of the mobile network, but the home base station does not currently support the function of locally accessing other IP devices of the home network and the function of Internet access, that is, the function of the terminal to access the home network and the Internet network through the home base station is not supported. In addition, there are also local access control issues in the macro cellular network scenario. Among them, the macro cellular network scenario mainly refers to the shunting of internet data.
发明内容 本发明要解决的技术问题是提供一种实现本地访问控制的方法及系统, 实现通过家用基站或者宏基站进行本地访问的功能。 其中本地访问包括通过 家用基站或者宏基站访问本地网络的其它 IP设备或者 Internet网络。 为了解决上述问题, 本发明提供了一种实现本地访问控制方法, 包括: 核心网将本地访问控制信息下发给无线侧网元, 无线侧网元根据所述本地访 问控制信息进行本地访问控制, 从而使无线侧网元实现本地访问控制。 SUMMARY OF THE INVENTION The technical problem to be solved by the present invention is to provide a method and system for implementing local access control, which implements a local access function through a home base station or a macro base station. The local access includes accessing other IP devices or Internet networks of the local network through the home base station or the macro base station. In order to solve the above problem, the present invention provides a local access control method, including: the core network sends the local access control information to the radio side network element, and the radio side network element performs local access control according to the local access control information. Thereby, the wireless side network element implements local access control.
核心网将本地访问控制信息下发给无线侧网元的步骤包括: 用户通过非接入层消息与无线侧网元建立连接; 所述无线侧网元转发所述非接入层消息给核心网; 所述核心网处理该非接入层消息,下发本地访问控制信息给无线侧网元。 用户通过非接入层消息与无线侧网元建立连接的步骤中, 所述非接入层 消息中还携带本地访问标识, 表明用户希望进行本地访问; 以及 核心网处理所述非接入层消息, 下发本地访问控制信息给所述无线侧网 元的步骤包括: 所述核心网判断用户是否具备本地访问能力, 在用户具备本 地访问能力时, 下发本地访问控制信息给所述无线侧网元, 其中, 所述本地 访问控制信息中包括用户设备的本地访问能力信息、 路由策略和上行业务流 模板; 或者, 在用户不具备本地访问能力时, 下发本地访问控制信息给所述 无线侧网元, 其中, 所述本地访问控制信息中只包括用户设备的本地访问能 力信息。 无线侧网元包括但不限于: 家用基站、 宏基站或者终端与通用分组无线 业务服务支持节点间的其它网元设备; The step of the core network transmitting the local access control information to the radio side network element includes: the user establishes a connection with the radio side network element by using the non-access stratum message; the radio side network element forwards the non-access stratum message to the core network The core network processes the non-access stratum message, and sends local access control information to the radio side network element. In the step of establishing a connection between the user and the wireless side network element by using the non-access stratum message, the non-access stratum The message also carries a local access identifier, indicating that the user wants to perform local access; and the core network processes the non-access stratum message, and the step of sending local access control information to the radio side network element includes: determining, by the core network, the user Whether the local access capability is available, and the local access control information is sent to the wireless side network element when the user has the local access capability, where the local access control information includes local access capability information, routing policy, and uplink of the user equipment. The service flow template; or, when the user does not have the local access capability, the local access control information is sent to the wireless side network element, where the local access control information includes only the local access capability information of the user equipment. The wireless side network element includes but is not limited to: a home base station, a macro base station, or another network element device between the terminal and the general packet radio service support node;
核心网将本地访问控制信息下发给无线侧网元的步骤中: 在第三代(3G ) 系统中, 由所述核心网的通用分组无线业务服务支持节 点通过无线接入网络应用部分( RANAP )消息下发所述本地访问控制信息给 无线侧网元; 或者, 在长期演进(LTE ) 系统中, 由所述核心网的移动性管理实体通过初始 上下文建立请求消息下发所述本地访问控制信息给无线侧网元。 所述本地访问控制信息中包括用户设备的本地访问能力信息, 或者 所述本地访问控制信息中包括, 用户设备的本地访问能力信息, 和, 路 由策略和 /或上行业务流模板。  The core network sends the local access control information to the radio side network element: In the third generation (3G) system, the general packet radio service support node of the core network accesses the network application part through the radio access (RANAP) Transmitting the local access control information to the radio side network element; or, in a long term evolution (LTE) system, the local access control is sent by the mobility management entity of the core network by using an initial context setup request message Information is sent to the wireless side network element. The local access control information includes local access capability information of the user equipment, or the local access control information includes local access capability information of the user equipment, and a routing policy and/or an uplink service flow template.
本发明还提供一种通信系统, 包括核心网设备和无线侧网元, 其中: 所述核心网设备设置为: 将本地访问控制信息下发给无线侧网元; 以及 所述无线侧网元设置为:接收所述核心网设备发送的本地访问控制信息, 根据所述本地访问控制信息进行本地访问控制, 以支持无线侧网元的本地访问控制。 所述无线侧网元还设置为: 转发用户发送的非接入层消息给网络侧; 所述网络侧设备是设置为按如下方式将本地访问控制信息下发给无线侧 网元: 所述核心网设备处理所述非接入层消息, 下发本地访问控制信息给无 线侧网元。 所述用户发送的非接入层消息中携带本地访问标识, 表明用户希望进行 本地访问; 所述核心网设备是设置为按如下方式处理所述非接入层消息, 下发本地 访问控制信息给无线侧网元: 判断用户是否具备本地访问能力, 在用户具备 本地访问能力时, 下发本地访问控制信息给无线侧网元, 其中, 所述本地访 问控制信息中包括用户设备的本地访问能力信息、 路由策略和上行业务流模 板; 或者, 在用户不具备本地访问能力时, 下发本地访问控制信息给无线侧 网元,其中,所述本地访问控制信息中只包括用户设备的本地访问能力信息。 所述无线侧网元为家用基站、 宏基站或者终端与通用分组无线业务服务 支持节点间的其它网元设备; 以及 所述系统为 (3G ) 系统, 所述核心网设备为通用分组无线业务服务支持 节点, 所述通用分组无线业务服务支持节点设置为: 通过无线接入网络应用 部分(RANAP ) 消息下发所述本地访问控制信息给无线侧网元; 或者, 所述系统为长期演进(LTE )系统, 所述核心网设备为移动性管理实体, 所述移动性管理实体设置为: 通过初始上下文建立请求消息下发所述本地访 问控制信息给无线侧网元。 The present invention further provides a communication system, including a core network device and a wireless side network element, where: the core network device is configured to: send local access control information to a wireless side network element; and the wireless side network element setting And receiving local access control information sent by the core network device, and performing local access control according to the local access control information to support local access control of the wireless side network element. The wireless side network element is further configured to: forward a non-access stratum message sent by the user to the network side; The network side device is configured to send the local access control information to the radio side network element in the following manner: the core network device processes the non-access stratum message, and sends the local access control information to the radio side network element. The non-access stratum message sent by the user carries the local access identifier, indicating that the user wants to perform local access; the core network device is configured to process the non-access stratum message in the following manner, and send local access control information to The wireless side network element: determines whether the user has the local access capability, and when the user has the local access capability, the local access control information is sent to the wireless side network element, where the local access control information includes the local access capability information of the user equipment. And the routing policy and the uplink service flow template; or, when the user does not have the local access capability, the local access control information is sent to the wireless side network element, where the local access control information includes only the local access capability information of the user equipment. . The wireless side network element is a home base station, a macro base station, or another network element device between the terminal and the general packet radio service support node; and the system is a (3G) system, and the core network device is a general packet radio service. Supporting the node, the general packet radio service support node is configured to: deliver the local access control information to the radio side network element by using a radio access network application part (RANAP) message; or, the system is a long term evolution (LTE) The system, the core network device is a mobility management entity, and the mobility management entity is configured to: send the local access control information to the wireless side network element by using an initial context setup request message.
为了解决上述问题, 本发明还提供了一种无线侧网元, 其设置为: 接收核心网下发的本地访问控制信息, 以及 根据所述本地访问控制信息进行本地访问控制。 所述无线侧网元为家用基站、 宏基站或者终端与通用分组无线业务服务 支持节点间的其它网元设备; 以及 所述无线侧网元还设置为: In order to solve the above problem, the present invention further provides a radio side network element, which is configured to: receive local access control information delivered by a core network, and perform local access control according to the local access control information. The wireless side network element is a home base station, a macro base station, or another network element device between the terminal and the general packet radio service support node; and the wireless side network element is further configured to:
向所述核心网转发由用户发送的非接入层消息, 以使所述核心网处理所 述非接入层消息并下发本地访问控制信息给无线侧网元; 其中, 所述本地访问控制信息中包括用户设备的本地访问能力信息, 或者 所述本地访问控制信息中包括, 用户设备的本地访问能力信息, 和, 路 由策略和 /或上行业务流模板。 Forwarding a non-access stratum message sent by the user to the core network, so that the core network processing office The non-access stratum message is sent to the radio side network element, where the local access control information includes the local access capability information of the user equipment, or the local access control information includes the user equipment. Local access capability information, and, routing policies and/or upstream traffic flow templates.
为了解决上述问题, 本发明还提供了一种核心网设备, 其设置为: 将本地访问控制信息下发给无线侧网元; 从而使所述无线侧网元根据所述本地访问控制信息进行本地访问控制, 以支持无线侧网元本地访问控制。 所述核心网设备是设置为按如下方式将本地访问控制信息下发给无线侧 网元: 所述核心网设备接收所述无线侧网元转发的由用户发送的非接入层消 息, In order to solve the above problem, the present invention further provides a core network device, which is configured to: send local access control information to a wireless side network element; thereby causing the wireless side network element to perform local according to the local access control information. Access control to support wireless side network element local access control. The core network device is configured to send the local access control information to the wireless side network element in the following manner: the core network device receives the non-access stratum message sent by the user that is forwarded by the wireless side network element,
所述核心网设备处理所述非接入层消息, 以及 下发本地访问控制信息给无线侧网元。 所述用户发送的非接入层消息中携带本地访问标识, 表明用户希望接入 本地网络; 所述核心网设备是设置为按如下方式处理所述非接入层消息, 下发本地 访问控制信息给无线侧网元: 判断用户是否具备本地访问能力, 在用户具备本地访问能力时, 下发本地访问控制信息给无线侧网元, 其 中, 所述本地访问控制信息中包括用户设备的本地访问能力信息、 路由策略 和上行业务流模板; 或者 在用户不具备本地访问能力时, 下发本地访问控制信息给无线侧网元, 其中, 所述本地访问控制信息中只包括用户设备的本地访问能力信息。 所述核心网设备为通用分组无线业务服务支持节点, 所述通用分组无线 业务服务支持节点是设置为通过无线接入网络应用部分(RANAP )消息下发 所述本地访问控制信息给无线侧网元; 或者, 所述核心网设备为移动性管理实体, 所述移动性管理实体是设置为通过 初始上下文建立请求消息下发所述本地访问控制信息给无线侧网元。 The core network device processes the non-access stratum message and sends local access control information to the radio side network element. The non-access stratum message sent by the user carries the local access identifier, indicating that the user wants to access the local network. The core network device is configured to process the non-access stratum message and send local access control information. The wireless side network element: determines whether the user has the local access capability, and when the user has the local access capability, the local access control information is sent to the wireless side network element, where the local access control information includes the local access capability of the user equipment. The information, the routing policy, and the uplink service flow template; or the local access control information is sent to the wireless side network element when the user does not have the local access capability, where the local access control information includes only the local access capability information of the user equipment. . The core network device is a general packet radio service support node, and the general packet radio The service service support node is configured to send the local access control information to the radio side network element by using a radio access network application part (RANAP) message; or the core network device is a mobility management entity, the mobility management The entity is configured to deliver the local access control information to the wireless side network element by using an initial context setup request message.
本发明所述方案, 网络侧下发本地访问控制信息给无线侧网元, 无线侧 网元根据该本地访问控制信息进行本地访问控制, 从而实现了通过无线侧网 元进行本地访问的功能。 In the solution of the present invention, the network side sends the local access control information to the wireless side network element, and the wireless side network element performs local access control according to the local access control information, thereby implementing the function of local access through the wireless side network element.
附图概述 图 1是 3G家用基站网络的架构图; 图 2是 LTE家用基站直连核心网的架构图; 图 3是 LTE家用基站通过家用基站网关接入核心网的架构图; 图 4是 LTE家用基站用户面扁平化接入核心网的架构图; 图 5是本发明 3G家用基站控制本地 IP访问的实施方式流程图; 图 6是本发明 LTE家用基站控制本地 IP访问的实施方式流程图; 图 7是本发明 3G家用基站使用本地访问标识的实施方式流程图; 图 8是本发明 LTE家用基站使用本地访问标识的实施方式流程图。 1 is an architecture diagram of a 3G home base station network; FIG. 2 is an architecture diagram of an LTE home base station directly connected to a core network; FIG. 3 is an architecture diagram of an LTE home base station accessing a core network through a home base station gateway; FIG. 5 is a flowchart of an implementation manner of controlling a local IP access by a 3G home base station according to the present invention; FIG. 6 is a flowchart of an embodiment of controlling an local IP access by an LTE home base station according to the present invention; 7 is a flow chart of an embodiment of a 3G home base station using a local access identifier according to the present invention; and FIG. 8 is a flow chart of an embodiment of the LTE home base station using a local access identifier according to the present invention.
本发明的较佳实施方式 为使本发明的目的、 技术方案和优点更加清楚, 以下结合附图对本发明 作进一步地详细描述。 本发明中, 提供实现无线侧网元本地访问控制的方法, 使得无线侧网元 支持到本地网络其他 IP设备或者 Internet网络的访问,且本地访问必须得到 网络运营商的许可。 当用户开机后会进行常规的附着过程, 此时在同一个分 组数据网 (Packet Data Network, PDN )连接上会有三种用户面数据的实际 路径, 一是常规的通过核心网出口的路径, 二是通过无线侧网元直接出口至The present invention will be further described in detail below with reference to the accompanying drawings. In the present invention, a method for implementing local access control of a wireless side network element is provided, so that the wireless side network element supports access to other IP devices or Internet networks of the local network, and local access must be approved by the network operator. When the user boots up, the normal attach process will be performed. At this time, there will be three kinds of user plane data on the same Packet Data Network (PDN) connection. Path, one is the normal path through the core network exit, and the other is directly exported to the wireless side network element to
Internet网络的路径,三是通过无线侧网元访问内部网络, 这样无线侧网元需 使用网络地址转换( Network Address Translation, NAT )对移动用户的上行 数据包进行分捡, 根据数据包的目的地址进行路由的选择。 为了支持通过无线侧网元进行本地访问, 本发明提出一种无线侧网元支 持本地 IP访问的方法, 在不影响现有流程的基础上完成本地访问控制的需 求。 当用户开机后会进行常规的附着过程, 在鉴权过程中, 网络侧将本地访 问相关的控制信息 (即本地访问控制信息) 带给无线侧网元, 其中, 网络侧 即核心网, 控制信息包括三类, 一是用户能否进行本地访问, 即本地访问能 力信息, 二是无线侧网元如何针对用户设备 ( User Equipment , UE ) 的目的 地址进行路由, 即路由策略; 三是用于承载绑定的上行业务流模板(Traffic Flow Template , TFT ) 。 当用户接入鉴权成功后, 网络侧可以通过无线接入 网络应用部分 ( Radio Access Network Application Part, RANAP )消息或初始 上下文建立请求 (Initial Context Setup Request ) 消息或其他消息来携带本地 访问控制信息给无线侧网元。 此后无线侧网元可以根据网络侧下发的本地访 问控制信息中的本地访问能力信息判断是否让 UE使用本地访问功能, 该功 能包括从无线侧网元出口至 Internet 网络或本地网络内部访问, 无线侧网元 也可以根据路由控制信息来判断如何路由用户的数据流。 无线侧网元用上行 TFT来进行承载捆绑。 该本地访问控制信息需要在无线侧网元上保存, 即使 在信令连接释放以后也不能删除该信息。 此外, 另一个本地访问的控制方式是在附着请求 ( Attach request ) 消息 中携带本地访问标识, 表明用户希望本次进行本地访问 (接入本地网络或者 本地访问 Internet 网络) , 网络侧, 即核心网, 根据其签约能力判断是否允 许本地访问, 如果不被允许, 则网络侧只下发用户设备的本地访问能力信息 给无线侧网元, 不下发路由策略和上行 TFT给无线侧网元; 如果允许, 网络 侧下发相关的本地访问控制信息 (包括本地访问能力信息、 路由策略和上行 TFT )给无线侧网元。 其中, 无线侧网元包括但不限于: 家用基站、 宏基站或者终端与通用分 组无线业务服务支持节点间的其它网元设备。 通过上述方案,可以实现家用基站本地访问家用网络其他 IP设备的功能 及 Internet访问的功能, 还可以应用于宏蜂窝网络场景, 主要指进行 internet 数据的分流。 由于家用基站和宏蜂窝网络两种场景下均存在本地访问控制问 题, 可以釆用相同方案解决。 本实施例以家用基站为例进行说明。 图 5是 3G家用基站控制本地 IP访问的的实施方式, 具体方法如下: 步骤 501 ,用户和家用基站间建立无线资源控制( Radio Resource Control,The path of the Internet network, the third is to access the internal network through the wireless side network element, so that the wireless side network element needs to use the Network Address Translation (NAT) to branch the uplink data packet of the mobile user according to the destination address of the data packet. Make routing choices. In order to support local access through the wireless side network element, the present invention provides a method for the wireless side network element to support local IP access, and completes the requirement of local access control without affecting the existing process. When the user is powered on, a normal attach process is performed. In the authentication process, the network side brings the local access control information (ie, local access control information) to the wireless side network element, where the network side is the core network, and the control information There are three types, one is whether the user can perform local access, that is, the local access capability information, and the other is how the wireless side network element routes the destination address of the user equipment (User Equipment, UE), that is, the routing policy; Bind uplink traffic template (TFT). After the user access authentication succeeds, the network side may carry the local access control information through a Radio Access Network Application Part (RANAP) message or an Initial Context Setup Request message or other message. Give the wireless side network element. After that, the wireless side network element can determine whether to allow the UE to use the local access function according to the local access capability information in the local access control information sent by the network side, and the function includes the wireless access from the wireless side network element to the Internet network or the local network internal access, and the wireless The side network element can also determine how to route the user's data stream according to the routing control information. The wireless side network element uses the uplink TFT to perform bearer binding. The local access control information needs to be saved on the radio side network element, and the information cannot be deleted even after the signaling connection is released. In addition, another local access control method is to carry a local access identifier in the attach request message, indicating that the user wants to perform local access (access to the local network or local access to the Internet network), the network side, that is, the core network. According to the contracting capability, it is determined whether the local access is allowed. If not allowed, the network side only sends the local access capability information of the user equipment to the wireless side network element, and does not deliver the routing policy and the uplink TFT to the wireless side network element; The network side sends relevant local access control information (including local access capability information, routing policy, and uplink TFT) to the wireless side network element. The wireless side network element includes but is not limited to: a home base station, a macro base station, or another network element device between the terminal and the general packet radio service support node. Through the above solution, the function of the home base station to locally access other IP devices of the home network can be realized. And the function of Internet access can also be applied to the macro cellular network scenario, mainly referring to the offloading of internet data. Since local access control problems exist in both the home base station and the macro cellular network, the same solution can be used. This embodiment uses a home base station as an example for description. 5 is an implementation manner of controlling a local IP access by a 3G home base station, and the specific method is as follows: Step 501: Establish a radio resource control (Radio Resource Control) between the user and the home base station.
RRC )连接。 步骤 502, 用户通过初始化非接入层(Non access stratum, NAS ) 消息 触发注册过程, 该 NAS消息的类型可以为附着请求消息、位置更新消息、 业 务请求消息等, 本实施例以附着请求消息为例进行描述。 步骤 503 , 家用基站发现没有用户的上下文标识信息, 向家用基站网关 发送注册请求消息, 注册请求消息中携带注册的类型、 用户的 IMSI (国际移 动用户识别码)标识、 终端能力以及家用基站标识等信息。 步骤 504 , 如果家用基站网关根据用户的终端能力得知接入控制需要在 自身完成, 则根据用户所接入家用基站的实际使用方式及用户 IMSI和家用 基站的对应关系进行接入控制, 执行步骤 505; 如果家用基站网关根据用户 的终端能力得知接入控制需要在核心网完成, 那么家用基站网关默认接入控 制允许, 执行步骤 506, 指示核心网进行接入控制判断。 步骤 505 , 如果家用基站网关接入控制成功, 则回复注册接受消息给家 用基站, 执行步骤 506; 如果家用基站网关接入控制失败, 回复注册拒绝消 息, 不再完成后续过程。 步骤 506, 家用基站转发 NAS消息(本实施例中为附着请求消息 )到家 用基站网关, 由家用基站网关将该消息转发到核心网。 步骤 507 , 核心网处理该 NAS消息, 本实施例中, 需要执行鉴权, 承载 建立等流程, 如果通用分组无线业务 (General Package Radio Service, GPRS) 服务支持节点 ( Serving GPRS Support Node, SGSN )本地没有该 UE的上下 文标识信息, 还需要从归属用户服务器 (Home Subscriber Server, HSS ) 索 取该 UE的签约数据。 步骤 508, 附着请求被接受, SGSN通过签约数据及本地配置策略, 生 成 UE的路由策略, 通过 RANAP消息将本地访问控制信息带给家用基站, 家用基站需保存所述 RAN AP消息中携带的本地访问控制信息。 附着接受消息承载在 RANAP消息中。 RRC) connection. Step 502: The user initiates a registration process by initializing a non-access stratum (NAS) message, and the type of the NAS message may be an attach request message, a location update message, a service request message, etc. The example is described. Step 503: The home base station finds that there is no context identification information of the user, and sends a registration request message to the home base station gateway, where the registration request message carries the type of registration, the IMSI (International Mobile Subscriber Identity) identifier of the user, the terminal capability, and the home base station identifier. information. Step 504: If the home base station gateway learns that the access control needs to be completed according to the user's terminal capability, perform access control according to the actual usage mode of the user base station accessed by the user and the corresponding relationship between the user IMSI and the home base station, and perform the steps. 505. If the home base station gateway knows that the access control needs to be completed in the core network according to the terminal capability of the user, then the home base station gateway defaults to the access control permission, and step 506 is executed to instruct the core network to perform the access control judgment. Step 505: If the home base station gateway access control is successful, replying to the registration accept message to the home base station, performing step 506; if the home base station gateway access control fails, replying to the registration reject message, the subsequent process is not completed. Step 506: The home base station forwards the NAS message (the attach request message in this embodiment) to the home base station gateway, and the home base station gateway forwards the message to the core network. Step 507: The core network processes the NAS message. In this embodiment, the process of performing authentication, bearer establishment, and the like is performed, if the General Packet Radio Service (GPRS) service support node (SGSN) is locally localized. Without the context identification information of the UE, the subscription data of the UE needs to be obtained from the Home Subscriber Server (HSS). Step 508, the attach request is accepted, and the SGSN passes the subscription data and the local configuration policy. The routing policy of the UE is used to carry the local access control information to the home base station by using the RANAP message, and the home base station needs to save the local access control information carried in the RAN AP message. The attach accept message is carried in the RANAP message.
所述本地访问控制信息中包含 UE的本地访问能力 (即 UE本地 IP访问 能力) , 路由策略及上行 TFT中的一种或多种。 家用基站根据保存的本地访问控制信息进行本地访问控制。 具体包括, 家用基站根据本地访问能力判断是否让 UE使用本地访问功能, 该功能包括 从家用基站出口或家用网络内部访问, 家用基站也可以根据路由控制信息来 判断如何路由用户的数据流。 家用基站用上行 TFT来进行承载捆绑。 宏基站获取本地访问控制信息的方法与本实施例类似, 不执行步骤 The local access control information includes one or more of a local access capability (ie, UE local IP access capability) of the UE, a routing policy, and an uplink TFT. The home base station performs local access control based on the saved local access control information. Specifically, the home base station determines whether to allow the UE to use the local access function according to the local access capability, and the function includes accessing from the home base station outlet or the home network, and the home base station may also determine how to route the user data stream according to the routing control information. The home base station uses the uplink TFT for bearer binding. The method for obtaining the local access control information by the macro base station is similar to this embodiment, and no steps are performed.
503 505。 如果终端与通用分组无线业务服务支持节点间存在其它网元设备, 那么 获取本地访问控制信息的方法与本实施例类似, 不执行步骤 503 505。 图 6是 LTE家用基站控制本地 IP访问的实施方式, 具体方法如下: 步骤 601 , 用户和家用基站间建立 RRC (无线资源控制 )连接。 步骤 602, 用户发起初始化 NAS (非接入层)消息, 该 NAS消息的类型 可以为附着请求消息、 位置更新消息或业务请求消息等, 本实施例中以附着 请求消息为例进行描述。 503 505. If there are other network element devices between the terminal and the general packet radio service support node, the method for obtaining the local access control information is similar to this embodiment, and step 503 505 is not performed. FIG. 6 is an implementation manner of controlling local IP access by an LTE home base station, and the specific method is as follows: Step 601: Establish an RRC (Radio Resource Control) connection between the user and the home base station. Step 602: The user initiates an initialization of a NAS (Non-Access Stratum) message, and the type of the NAS message may be an attach request message, a location update message, or a service request message. In this embodiment, an attach request message is used as an example for description.
步骤 603 ,家用基站转发的 NAS消息(本实施例中为 attach request消息) 到家用基站网关, 由家用基站网关将该 NAS消息转发到核心网。 步骤 604, 核心网处理该 NAS消息, 本实施例中, 需要执行鉴权, 承载 建立等流程, 如果移动性管理实体 ( Mobility Management Entity, MME )本 地没有该 UE的上下文标识信息, 还需要从 HSS索取该 UE的签约数据。 步骤 605, 附着请求被接受, MME通过签约数据及本地配置策略, 生成 UE的路由策略, 通过初始上下文建立请求( Initial Context Setup Request )消 息将本地访问控制信息带给家用基站。 家用基站需要保存该消息中携带的本 地访问控制信息。 附着接受消息承载在初始上下文建立请求消息中。 所述本地访问控制信息中包含 UE的本地访问能力,路由策略及上行 TFT 中的一种或多种。 步骤 606, RRC连接重配置过程。 步骤 607, 家用基站发送初始上下文建立响应给 MME。 步骤 608, 家用基站发送附着完成(Attach complete ) 消息给 MME。 宏基站获取本地访问控制信息的方法与本实施例类似。 Step 603: The NAS message forwarded by the home base station (attach request message in this embodiment) is sent to the home base station gateway, and the home base station gateway forwards the NAS message to the core network. Step 604, the core network processes the NAS message. In this embodiment, the process of performing authentication, bearer establishment, and the like is required. If the Mobility Management Entity (MME) does not have the context identifier information of the UE locally, the HSS needs to be obtained from the HSS. Request the contract data of the UE. Step 605: The attach request is accepted, and the MME generates a routing policy of the UE by using the subscription data and the local configuration policy, and brings the local access control information to the home base station by using an Initial Context Setup Request message. The home base station needs to save the local access control information carried in the message. The attach accept message is carried in the initial context setup request message. The local access control information includes one or more of a local access capability, a routing policy, and an uplink TFT of the UE. Step 606, the RRC connection reconfiguration process. Step 607: The home base station sends an initial context setup response to the MME. Step 608: The home base station sends an Attach Complete message to the MME. The method for the macro base station to acquire local access control information is similar to this embodiment.
如果终端与通用分组无线业务服务支持节点间存在其它网元设备, 那么 获取本地访问控制信息的方法与本实施例类似。  If there are other network element devices between the terminal and the general packet radio service support node, the method for obtaining the local access control information is similar to this embodiment.
图 7是 3G家用基站使用本地访问标识的实施方式, 具体包括: 步骤 701 , 用户和家用基站间建立 RRC (无线资源控制 )连接。 步骤 702, 用户通过初始化 NAS (非接入层 ) 消息触发注册过程, 消息 中携带本地访问标识, 表明用户希望接入本地网络。 该 NAS消息的类型可以为附着请求消息、位置更新消息、业务请求消息 等, 本实施例中以附着请求消息为例进行描述。 步骤 703 , 家用基站发现没有用户的上下文标识信息, 向家用基站网关 发送注册请求消息, 消息中携带注册的类型、 用户的 IMSI标识、 终端能力 以及家用基站标识等信息。 步骤 704, 如果家用基站网关根据用户的终端能力得知接入控制需要在 自身完成, 则根据用户所接入家用基站的实际使用方式及用户 IMSI和家用 基站的对应关系进行接入控制, 执行步骤 705; 如果家用基站网关根据用户 终端能力得知接入控制需要在核心网完成, 那么家用基站网关默认接入控制 允许, 执行步骤 706, 指示核心网进行接入控制判断。 步骤 705 , 如果家用基站网关接入控制成功, 则回复注册接受消息给家 用基站, 执行步骤 706; 如果家用基站网关接入控制失败, 回复注册拒绝消 息, 不再完成后续过程。 步骤 706, 家用基站转发 NAS消息 (本实施例中为 attach request消息) 到家用基站网关, 由家用基站网关将该消息转发到核心网。 步骤 707, 核心网处理 NAS消息, 本实施例中, 需要执行鉴权, 承载建 立等流程, 如果 SGSN本地没有该 UE的上下文标识信息, 还需要从 HSS索 取该 UE的签约数据。 步骤 708, 附着请求被接受, 网络侧判断用户是否具备本地访问能力, 如果用户不具备本地访问能力, 网络侧通过 RANAP消息将本地访问控制信 息带给家用基站, 该本地访问控制信息中只包括用户设备的本地访问能力信 息, 不包括其他本地访问控制信息 (如路由策略和上行 TFT ) ; 如果用户具 备本地访问能力, SGSN通过签约数据及本地配置策略, 生成 UE的路由策 略, 通过 RANAP消息将本地访问控制信息带给家用基站, 该本地访问控制 信息中包括 UE的本地访问能力、 路由策略和上行 TFT。 家用基站需要保存 该消息中携带的本地访问控制信息。 附着接受消息承载在 RANAP消息中。 宏基站获取本地访问控制信息的方法与本实施例类似, 不执行 703~705 步。 如果终端与通用分组无线业务服务支持节点间存在其它网元设备, 那么 获取本地访问控制信息的方法与本实施例类似, 不执行 703 705步。 图 8是 LTE家用基站使用本地访问标识的实施方式, 具体包括: 步骤 801 , 用户和家用基站间建立无线资源控制 (RRC )连接。 步骤 802, 用户发起初始化非接入层 (NAS ) 消息, 消息中携带本地访 问标识, 表明用户希望接入本地网络。 该 NAS消息的类型可以为附着请求消息、位置更新消息或业务请求消息 等, 本实施例中以附着请求消息为例进行描述。 步骤 803 ,家用基站转发的 NAS消息(本实施例中为 attach request消息) 到家用基站网关, 由家用基站网关将该消息转发到核心网。 步骤 804, 核心网处理该 NAS消息, 本实施例中, 需要执行鉴权, 承载 建立等流程, 如果 MME本地没有该 UE的上下文标识信息, 还需要从 HSS 索取该 UE的签约数据。 步骤 805 , 附着请求被接受, 网络侧判断用户是否具备本地访问能力, 如果用户不具备本地访问能力, 网络侧通过 Initial Context Setup Request 消 息将本地访问控制信息带给家用基站, 该本地访问控制信息中只包括 UE的 本地访问能力信息,不包括其他本地访问控制信息(如路由策略和上行 TFT ); 如果用户具备本地访问能力, MME通过签约数据及本地配置策略, 生成 UE 的路由策略, 通过 Initial Context Setup Request 消息将本地访问控制信息带 给家用基站, 该本地访问控制信息中包括 UE的本地访问能力信息、 路由策 略和上行 TFT。 家用基站需要保存该消息中携带的本地访问控制信息。 附着接受消息承载在 Initial Context Setup Request消息中。 步骤 806, RRC连接重配置过程。 步骤 807 , 家用基站发送初始上下文建立响应给 MME。 步骤 808 , 家用基站发送 Attach complete 给 MME。 宏基站获取本地访问控制信息的方法与本实施例类似。 7 is an implementation manner of using a local access identifier by a 3G home base station, and specifically includes: Step 701: Establish an RRC (Radio Resource Control) connection between the user and the home base station. Step 702: The user initiates a registration process by initializing a NAS (non-access stratum) message, where the message carries a local access identifier, indicating that the user wants to access the local network. The type of the NAS message may be an attach request message, a location update message, a service request message, and the like. In this embodiment, an attach request message is taken as an example for description. Step 703: The home base station finds that there is no context identification information of the user, and sends a registration request message to the home base station gateway, where the message carries information such as the type of registration, the IMSI identity of the user, the terminal capability, and the identity of the home base station. Step 704: If the home base station gateway learns that the access control needs to be completed according to the terminal capability of the user, perform access control according to the actual usage mode of the user base station accessed by the user and the corresponding relationship between the user IMSI and the home base station, and perform the steps. 705. If the home base station gateway needs to know that the access control needs to be completed in the core network according to the user terminal capability, then the home base station gateway defaults to the access control permission, and step 706 is executed to instruct the core network to perform the access control determination. Step 705: If the home base station gateway access control is successful, replying to the registration accept message to the home base station, performing step 706; if the home base station gateway access control fails, replying to the registration reject message, the subsequent process is not completed. Step 706: The home base station forwards the NAS message (attach request message in this embodiment) To the home base station gateway, the home base station gateway forwards the message to the core network. Step 707: The core network processes the NAS message. In this embodiment, the process of performing authentication, bearer establishment, and the like is performed. If the SGSN does not have the context identifier information of the UE locally, the contract data of the UE needs to be obtained from the HSS. Step 708, the attach request is accepted, and the network side determines whether the user has the local access capability. If the user does not have the local access capability, the network side sends the local access control information to the home base station through the RANAP message, where the local access control information includes only the user. The local access capability information of the device does not include other local access control information (such as the routing policy and the uplink TFT). If the user has the local access capability, the SGSN generates the routing policy of the UE through the subscription data and the local configuration policy, and localizes through the RANAP message. The access control information is provided to the home base station, where the local access control information includes the local access capability of the UE, the routing policy, and the uplink TFT. The home base station needs to save the local access control information carried in the message. The attach accept message is carried in the RANAP message. The method for obtaining the local access control information by the macro base station is similar to this embodiment, and steps 703 to 705 are not performed. If there are other network element devices between the terminal and the general packet radio service support node, the method for obtaining the local access control information is similar to this embodiment, and step 703 705 is not performed. 8 is an embodiment of an LTE home base station using a local access identifier, and specifically includes: Step 801: Establish a radio resource control (RRC) connection between a user and a home base station. Step 802: The user initiates a non-access stratum (NAS) message, where the message carries a local access identifier, indicating that the user wants to access the local network. The type of the NAS message may be an attach request message, a location update message, or a service request message. In this embodiment, an attach request message is taken as an example for description. Step 803: The NAS message forwarded by the home base station (attach request message in this embodiment) is sent to the home base station gateway, and the home base station gateway forwards the message to the core network. Step 804: The core network processes the NAS message. In this embodiment, the process of performing authentication, bearer establishment, and the like is performed. If the MME does not have the context identifier information of the UE, the contract data of the UE needs to be obtained from the HSS. Step 805, the attach request is accepted, and the network side determines whether the user has the local access capability. If the user does not have the local access capability, the network side sends the local access control information to the home base station through the Initial Context Setup Request message, where the local access control information is included. Only the local access capability information of the UE is included, and other local access control information (such as the routing policy and the uplink TFT) is not included. If the user has the local access capability, the MME generates the routing policy of the UE through the subscription data and the local configuration policy, through the Initial Context. The setup request message carries the local access control information to the home base station, where the local access control information includes the local access capability information, the routing policy, and the uplink TFT of the UE. The home base station needs to save the local access control information carried in the message. The attach accept message is carried in the Initial Context Setup Request message. Step 806, the RRC connection reconfiguration process. Step 807: The home base station sends an initial context setup response to the MME. Step 808: The home base station sends an Attach complete to the MME. The method for the macro base station to acquire local access control information is similar to this embodiment.
如果终端与通用分组无线业务服务支持节点间存在其它网元设备, 那么 获取本地访问控制信息的方法与本实施例类似。 图 6, 图 8中, 以家用基站通过家用基站网关和核心网相连进行说明, 在家用基站可能和核心网直接相连时, 网络侧下发本地访问控制信息给家用 基站的流程和图 6、 图 8类似, 此处不再赘述。  If there are other network element devices between the terminal and the general packet radio service support node, the method for obtaining the local access control information is similar to this embodiment. FIG. 6 and FIG. 8 are diagrams illustrating a process in which a home base station connects to a home base station through a home base station gateway and a core network, and when the home base station is directly connected to the core network, the network side sends local access control information to the home base station, and FIG. 6 and FIG. 8 is similar and will not be described here.
相应的, 本发明还提供了一种通信系统, 其包括核心网设备和无线侧网 元, 其中: Correspondingly, the present invention also provides a communication system including a core network device and a wireless side network element, where:
核心网设备设置为: 将本地访问控制信息下发给无线侧网元; 以及 无线侧网元设置为: 接收核心网设备发送的本地访问控制信息, 根据本 地访问控制信息进行本地访问控制。 无线侧网元还设置为: 向核心网设备转发由用户发送的非接入层消息, 核心网设备是设置为按如下方式将本地访问控制信息下发给无线侧网 元: 核心网设备处理非接入层消息并下发本地访问控制信息给无线侧网元。 用户发送的非接入层消息中携带本地访问标识, 表明用户希望进行本地 访问; The core network device is configured to: send the local access control information to the wireless side network element; and the wireless side network element is set to: receive the local access control information sent by the core network device, and perform local access control according to the local access control information. The radio network element is further configured to: forward the non-access stratum message sent by the user to the core network device, where the core network device is configured to send the local access control information to the radio side network element as follows: The access layer message is sent and the local access control information is sent to the wireless side network element. The non-access stratum message sent by the user carries the local access identifier, indicating that the user wants to perform local access.
核心网设备是设置为按如下方式处理非接入层消息, 下发本地访问控制 信息给无线侧网元: 判断用户是否具备本地访问能力, 在用户具备本地访问能力时, 下发本地访问控制信息给无线侧网元, 其 中, 本地访问控制信息中包括用户设备的本地访问能力信息、 路由策略和上 行业务流模板; 或者 在用户不具备本地访问能力时, 下发本地访问控制信息给无线侧网元, 其中, 本地访问控制信息中只包括用户设备的本地访问能力信息。 无线侧网元为家用基站、 宏基站或者终端与通用分组无线业务服务支持 节点间的其它网元设备; 以及  The core network device is configured to process the non-access stratum message in the following manner, and send the local access control information to the radio side network element: determine whether the user has the local access capability, and send the local access control information when the user has the local access capability. For the wireless side network element, the local access control information includes the local access capability information, the routing policy, and the uplink service flow template of the user equipment; or when the user does not have the local access capability, the local access control information is sent to the wireless side network. The local access control information includes only the local access capability information of the user equipment. The wireless side network element is a home base station, a macro base station, or another network element device between the terminal and the general packet radio service support node;
所述通信系统为 (3G ) 系统, 核心网设备为通用分组无线业务服务支持 节点, 通用分组无线业务服务支持节点设置为: 通过无线接入网络应用部分 ( RANAP ) 消息下发所述本地访问控制信息给无线侧网元; 或者, 通信系统为长期演进(LTE ) 系统, 核心网设备为移动性管理实体, 移 动性管理实体设置为: 通过初始上下文建立请求消息下发本地访问控制信息 给无线侧网元。  The communication system is a (3G) system, and the core network device is a general packet radio service support node, and the general packet radio service support node is configured to: deliver the local access control by using a radio access network application part (RANAP) message The information is sent to the wireless side network element; or, the communication system is a long term evolution (LTE) system, and the core network device is a mobility management entity, and the mobility management entity is configured to: deliver local access control information to the wireless side by using an initial context setup request message. Network element.
相应的, 本发明还提供了一种无线侧网元, 其设置为: 接收核心网下发的本地访问控制信息, 以及 根据本地访问控制信息进行本地访问控制。 Correspondingly, the present invention further provides a wireless side network element, which is configured to: receive local access control information delivered by the core network, and perform local access control according to local access control information.
无线侧网元还设置为: 向核心网转发由用户发送的非接入层消息, 以使核心网处理非接入层消 息并下发本地访问控制信息给无线侧网元; 其中,  The wireless side network element is further configured to: forward the non-access stratum message sent by the user to the core network, so that the core network processes the non-access stratum message and sends the local access control information to the radio side network element;
本地访问控制信息中包括用户设备的本地访问能力信息, 或者 本地访问控制信息中包括, 用户设备的本地访问能力信息, 和, 路由策 略和 /或上行业务流模板; 无线侧网元为家用基站、 宏基站或者终端与通用分组无线业务服务支持 节点间的其它网元设备。 The local access control information includes local access capability information of the user equipment, or the local access control information includes local access capability information of the user equipment, and a routing policy and/or an uplink service flow template. The wireless side network element is a home base station, a macro base station, or other network element device between the terminal and the general packet radio service support node.
相应地, 本发明还提供了一种核心网设备, 其设置为: 将本地访问控制信息下发给无线侧网元; 从而使无线侧网元根据本地访问控制信息进行本地访问控制, 以支持无 线侧网元本地访问控制。 所述核心网设备是设置为按如下方式将本地访问控制信息下发给无线侧 网元: 核心网设备接收无线侧网元转发的由用户发送的非接入层消息, 核心网设备处理所述非接入层消息, 以及 下发本地访问控制信息给无线侧网元。 用户发送的非接入层消息中携带本地访问标识, 表明用户希望接入本地 网络; 核心网设备是设置为按如下方式处理所述非接入层消息, 下发本地访问 控制信息给无线侧网元: 判断用户是否具备本地访问能力, 在用户具备本地访问能力时, 下发本地访问控制信息给无线侧网元, 其 中, 本地访问控制信息中包括用户设备的本地访问能力信息、 路由策略和上 行业务流模板; 或者 在用户不具备本地访问能力时, 下发本地访问控制信息给无线侧网元, 其中, 本地访问控制信息中只包括用户设备的本地访问能力信息。 核心网设备为通用分组无线业务服务支持节点, 通用分组无线业务服务 支持节点是设置为通过无线接入网络应用部分(RANAP )消息下发本地访问 控制信息给无线侧网元; 或者, 核心网设备为移动性管理实体, 移动性管理实体是设置为通过初始上下 文建立请求消息下发所述本地访问控制信息给无线侧网元。 Correspondingly, the present invention further provides a core network device, which is configured to: send local access control information to a wireless side network element; thereby enabling a wireless side network element to perform local access control according to local access control information to support wireless Local network element local access control. The core network device is configured to send the local access control information to the wireless side network element in the following manner: the core network device receives the non-access stratum message sent by the user that is forwarded by the radio side network element, and the core network device processes the The non-access stratum message, and the local access control information is sent to the radio side network element. The non-access stratum message sent by the user carries the local access identifier, indicating that the user wants to access the local network. The core network device is configured to process the non-access stratum message in the following manner, and send local access control information to the radio side network. If the user has the local access capability, the local access control information is sent to the wireless side network element, where the local access control information includes the local access capability information, routing policy, and uplink of the user equipment. If the user does not have the local access capability, the local access control information is sent to the wireless side network element, where the local access control information includes only the local access capability information of the user equipment. The core network device is a general packet radio service support node, and the general packet radio service support node is configured to send local access control information to the radio side network element through a radio access network application part (RANAP) message; or, the core network device For the mobility management entity, the mobility management entity is set to pass the initial up and down The text establishment request message sends the local access control information to the radio side network element.
工业实用性 本发明由网络侧下发本地访问控制信息给无线侧网元, 无线侧网元根据 该本地访问控制信息进行本地访问控制, 实现了通过无线侧网元进行本地网 络或者 Internet网络的访问。 Industrial Applicability The present invention sends local access control information to the wireless side network element by the network side, and the wireless side network element performs local access control according to the local access control information, thereby realizing access to the local network or the Internet network through the wireless side network element. .

Claims

权 利 要 求 书 Claim
1、 一种实现本地访问控制方法, 其包括: 1. A method for implementing local access control, comprising:
核心网将本地访问控制信息下发给无线侧网元, 所述无线侧网元根据所 述本地访问控制信息进行本地访问控制。  The core network sends the local access control information to the wireless side network element, and the wireless side network element performs local access control according to the local access control information.
2、 如权利要求 1所述的方法, 其中, 核心网将本地访问控制信息下发给 无线侧网元的步骤包括: 用户通过非接入层消息与无线侧网元建立连接; 所述无线侧网元转发所述非接入层消息给核心网; 所述核心网处理所述非接入层消息, 下发本地访问控制信息给所述无线 侧网元。 The method of claim 1, wherein the step of the core network transmitting the local access control information to the radio side network element comprises: the user establishing a connection with the radio side network element by using the non-access stratum message; The network element forwards the non-access stratum message to the core network; the core network processes the non-access stratum message, and sends local access control information to the radio side network element.
3、 如权利要求 2所述的方法, 其中, 用户通过非接入层消息与无线侧网元建立连接的步骤中, 所述非接入层 消息中携带本地访问标识, 表明用户希望进行本地访问; 以及 The method of claim 2, wherein, in the step of establishing a connection between the non-access stratum message and the radio side network element, the non-access stratum message carries the local access identifier, indicating that the user wants to perform local access. ; as well as
核心网处理所述非接入层消息, 下发本地访问控制信息给所述无线侧网 元的步骤包括: 所述核心网判断用户是否具备本地访问能力, 在用户具备本地访问能力时, 下发本地访问控制信息给所述无线侧网元, 其中, 所述本地访问控制信息中包括用户设备的本地访问能力信息、 路由策 略和上行业务流模板; 或者, 在用户不具备本地访问能力时, 下发本地访问控制信息给所述无线侧网 元, 其中, 所述本地访问控制信息中只包括用户设备的本地访问能力信息。  The step of the core network processing the non-access stratum message, and the sending the local access control information to the radio side network element includes: the core network determining whether the user has the local access capability, and delivering the local access capability when the user has the local access capability Local access control information is sent to the radio side network element, where the local access control information includes local access capability information, a routing policy, and an uplink service flow template of the user equipment; or, when the user does not have local access capability, Sending local access control information to the radio side network element, where the local access control information includes only local access capability information of the user equipment.
4、 如权利要求 2所述的方法, 其中, 所述无线侧网元为家用基站、 宏基站或者终端与通用分组无线业务服务 支持节点间的其它网元设备; The method of claim 2, wherein the wireless side network element is a home base station, a macro base station, or another network element device between the terminal and the general packet radio service support node;
核心网将本地访问控制信息下发给无线侧网元的步骤中: 在第三代(3G ) 系统中, 由所述核心网的通用分组无线业务服务支持节点通过无线接入网络 应用部分(RANAP ) 消息下发所述本地访问控制信息给无线侧网元; 或者 在长期演进(LTE )系统中, 由所述核心网的移动性管理实体通过初始上 下文建立请求消息下发所述本地访问控制信息给无线侧网元。 The core network sends the local access control information to the wireless side network element in the following steps: In the third generation (3G) In the system, the general packet radio service support node of the core network sends the local access control information to the radio side network element through a radio access network application part (RANAP) message; or in a long term evolution (LTE) system. And transmitting, by the mobility management entity of the core network, the local access control information to the wireless side network element by using an initial context setup request message.
5、 如权利要求 1、 2或 4所述的方法, 其中, 所述本地访问控制信息中包括用户设备的本地访问能力信息, 或者 所述本地访问控制信息中包括用户设备的本地访问能力信息, 和, 路由 策略和 /或上行业务流模板。 The method of claim 1, 2 or 4, wherein the local access control information includes local access capability information of the user equipment, or the local access control information includes local access capability information of the user equipment, And, routing policy and/or upstream traffic flow template.
6、 一种通信系统, 其包括核心网设备和无线侧网元, 其中: 所述核心网设备设置为: 将本地访问控制信息下发给无线侧网元; 以及 所述无线侧网元设置为: 接收所述核心网设备发送的本地访问控制信息, 根据所述本地访问控制信息进行本地访问控制。 A communication system, comprising: a core network device and a wireless side network element, wherein: the core network device is configured to: send local access control information to a wireless side network element; and the wireless side network element is set to And receiving local access control information sent by the core network device, and performing local access control according to the local access control information.
7、 如权利要求 6所述的通信系统, 其中, 所述无线侧网元还设置为: 向所述核心网设备转发由用户发送的非接入 层消息; 以及 所述核心网设备是设置为按如下方式将本地访问控制信息下发给无线侧 网元: 所述核心网设备处理所述非接入层消息并下发本地访问控制信息给无 线侧网元。 The communication system according to claim 6, wherein the wireless side network element is further configured to: forward a non-access stratum message sent by a user to the core network device; and the core network device is set to The local access control information is sent to the radio side network element in the following manner: The core network device processes the non-access stratum message and sends the local access control information to the radio side network element.
8、 如权利要求 7所述的通信系统, 其中, 所述用户发送的非接入层消息中携带本地访问标识, 表明用户希望进行 本地访问; 以及 所述核心网设备是设置为按如下方式处理所述非接入层消息, 下发本地 访问控制信息给无线侧网元: 判断用户是否具备本地访问能力, 在用户具备本地访问能力时, 下发本地访问控制信息给无线侧网元, 其 中, 所述本地访问控制信息中包括用户设备的本地访问能力信息、 路由策略 和上行业务流模板; 或者 在用户不具备本地访问能力时, 下发本地访问控制信息给无线侧网元, 其中, 所述本地访问控制信息中只包括用户设备的本地访问能力信息。 8. The communication system according to claim 7, wherein the non-access stratum message sent by the user carries a local access identifier, indicating that the user wishes to perform local access; and the core network device is configured to be processed as follows: The non-access stratum message, the local access control information is sent to the radio side network element: determining whether the user has the local access capability, and when the user has the local access capability, the local access control information is sent to the radio side network element, where The local access control information includes local access capability information, a routing policy, and an uplink service flow template of the user equipment; or When the user does not have the local access capability, the local access control information is sent to the wireless side network element, where the local access control information includes only the local access capability information of the user equipment.
9、 如权利要求 7所述的通信系统, 其中, 所述无线侧网元为家用基站、 宏基站或者终端与通用分组无线业务服务 支持节点间的其它网元设备; 以及 所述通信系统为 (3G ) 系统, 所述核心网设备为通用分组无线业务服务 支持节点, 所述通用分组无线业务服务支持节点设置为: 通过无线接入网络 应用部分(RANAP ) 消息下发所述本地访问控制信息给无线侧网元; 或者, 所述通信系统为长期演进(LTE )系统, 所述核心网设备为移动性管理实 体, 所述移动性管理实体设置为: 通过初始上下文建立请求消息下发所述本 地访问控制信息给无线侧网元。 The communication system according to claim 7, wherein the wireless side network element is a home base station, a macro base station, or another network element device between the terminal and the general packet radio service support node; and the communication system is ( 3G) system, the core network device is a general packet radio service support node, and the general packet radio service support node is configured to: deliver the local access control information to the radio access network application part (RANAP) message to The wireless side network element; or the communication system is a Long Term Evolution (LTE) system, the core network device is a mobility management entity, and the mobility management entity is configured to: deliver the local device by using an initial context setup request message Access control information to the wireless side network element.
10、 一种无线侧网元, 其设置为: 接收核心网下发的本地访问控制信息, 以及 根据所述本地访问控制信息进行本地访问控制。 A radio side network element, configured to: receive local access control information sent by a core network, and perform local access control according to the local access control information.
11、 如权利要求 10所述的无线侧网元, 其中, 所述无线侧网元为家用基站、 宏基站或者终端与通用分组无线业务服务 支持节点间的其它网元设备; 以及 The radio side network element according to claim 10, wherein the radio side network element is a home base station, a macro base station, or another network element device between the terminal and the general packet radio service support node;
所述无线侧网元还设置为: 向所述核心网转发由用户发送的非接入层消息, 以使所述核心网处理所 述非接入层消息并下发本地访问控制信息给无线侧网元; 其中, 所述本地访问控制信息中包括用户设备的本地访问能力信息, 或者 所述本地访问控制信息中包括, 用户设备的本地访问能力信息, 和, 路 由策略和 /或上行业务流模板。  The radio side network element is further configured to: forward the non-access stratum message sent by the user to the core network, so that the core network processes the non-access stratum message and sends local access control information to the radio side The local access control information includes the local access capability information of the user equipment, or the local access control information includes the local access capability information of the user equipment, and the routing policy and/or the uplink service flow template. .
12、 一种核心网设备, 其设置为: 将本地访问控制信息下发给无线侧网元, 从而使所述无线侧网元根据所述本地访问控制信息进行本地访问控制 , 以支持无线侧网元本地访问控制。 12. A core network device, configured to: send local access control information to a wireless side network element, Therefore, the wireless side network element performs local access control according to the local access control information to support wireless side network element local access control.
13、 如权利要求 12所述的核心网设备, 其中, 所述核心网设备是设置为 按如下方式将本地访问控制信息下发给无线侧网元: 所述核心网设备接收所述无线侧网元转发的由用户发送的非接入层消 息, The core network device according to claim 12, wherein the core network device is configured to send local access control information to the wireless side network element in the following manner: the core network device receives the wireless side network Non-access stratum message sent by the user forwarded by the meta,
所述核心网设备处理所述非接入层消息, 以及 下发本地访问控制信息给无线侧网元。  The core network device processes the non-access stratum message and sends local access control information to the radio side network element.
14、 如权利要求 13所述的核心网设备, 其中, 所述用户发送的非接入层消息中携带本地访问标识, 表明用户希望接入 本地网络; 以及 所述核心网设备是设置为按如下方式处理所述非接入层消息, 下发本地 访问控制信息给无线侧网元: 判断用户是否具备本地访问能力, 在用户具备本地访问能力时, 下发本地访问控制信息给无线侧网元, 其 中, 所述本地访问控制信息中包括用户设备的本地访问能力信息、 路由策略 和上行业务流模板; 或者 在用户不具备本地访问能力时, 下发本地访问控制信息给无线侧网元, 其中, 所述本地访问控制信息中只包括用户设备的本地访问能力信息。 The core network device according to claim 13, wherein the non-access stratum message sent by the user carries a local access identifier, indicating that the user wants to access the local network; and the core network device is set as follows: The method is configured to process the non-access stratum message, and send the local access control information to the radio side network element: determine whether the user has the local access capability, and send the local access control information to the radio side network element when the user has the local access capability. The local access control information includes the local access capability information, the routing policy, and the uplink service flow template of the user equipment; or the local access control information is sent to the wireless side network element when the user does not have the local access capability, where The local access control information includes only local access capability information of the user equipment.
15、 如权利要求 14所述的核心网设备, 其中, 所述核心网设备为通用分组无线业务服务支持节点, 所述通用分组无线 业务服务支持节点是设置为通过无线接入网络应用部分(RANAP ) 消息下发 所述本地访问控制信息给无线侧网元; 或者, 所述核心网设备为移动性管理实体, 所述移动性管理实体是设置为通过 初始上下文建立请求消息下发所述本地访问控制信息给无线侧网元。 The core network device according to claim 14, wherein the core network device is a general packet radio service support node, and the general packet radio service support node is configured to pass a radio access network application part (RANAP) The message is sent by the local access control information to the radio side network element; or the core network device is a mobility management entity, and the mobility management entity is configured to deliver the local access by using an initial context setup request message. Control information to the wireless side network element.
PCT/CN2010/071852 2009-05-13 2010-04-16 Method for enabling local access control and corresponding communication system WO2010130174A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN200910142919.3 2009-05-13
CN200910142919A CN101730187A (en) 2009-05-13 2009-05-13 Method and system for realizing local access control of home base station

Publications (1)

Publication Number Publication Date
WO2010130174A1 true WO2010130174A1 (en) 2010-11-18

Family

ID=42450187

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2010/071852 WO2010130174A1 (en) 2009-05-13 2010-04-16 Method for enabling local access control and corresponding communication system

Country Status (2)

Country Link
CN (1) CN101730187A (en)
WO (1) WO2010130174A1 (en)

Families Citing this family (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20120002637A1 (en) * 2010-06-18 2012-01-05 Interdigital Patent Holdings, Inc. Method and apparatus for supporting home node-b mobility
CN102300194B (en) * 2010-06-22 2015-08-12 中兴通讯股份有限公司 A kind of method and device, system transmitting diffluent information
CN102387490B (en) * 2010-09-03 2015-08-12 中兴通讯股份有限公司 A kind of method and system inquiring about local gateway
CN102711283A (en) * 2011-03-28 2012-10-03 中兴通讯股份有限公司 Method and device for processing local access connectivity
CN102223685B (en) * 2011-06-08 2013-06-12 中国人民解放军国防科学技术大学 Admission control method in multi-hop wireless network
CN102843664B (en) * 2011-06-21 2017-03-15 中兴通讯股份有限公司 The processing method of user's local IP access business, device and system
CN102857936B (en) * 2011-06-27 2017-03-15 中兴通讯股份有限公司 The processing method and processing device of local IP access connection in handoff procedure
CN109905904B (en) 2012-06-29 2022-05-03 北京三星通信技术研究有限公司 Access control method
CN102791044B (en) * 2012-07-27 2014-12-24 上海顶竹通讯技术有限公司 Interconnecting device between private-network switch and mobile core network and interconnecting method
CN103312693B (en) * 2013-05-08 2017-04-19 华迪计算机集团有限公司 Video and audio access control gateway equipment
CN108738104B (en) * 2017-04-19 2021-11-19 华为技术有限公司 Method, device, system and storage medium for establishing local network connection
WO2018192355A1 (en) * 2017-04-19 2018-10-25 华为技术有限公司 Method, terminal, and network device for establishing local network connection

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101321383A (en) * 2007-06-05 2008-12-10 华为技术有限公司 Communication system and method, household base station gateway and home subscriber server
CN101400071A (en) * 2007-09-29 2009-04-01 北京三星通信技术研究有限公司 Method for configuring MME
CN101400106A (en) * 2007-09-27 2009-04-01 华为技术有限公司 Method for household base station access control
WO2009043002A2 (en) * 2007-09-28 2009-04-02 Interdigital Patent Holdings, Inc. Method and apparatus for supporting home node b services

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101321383A (en) * 2007-06-05 2008-12-10 华为技术有限公司 Communication system and method, household base station gateway and home subscriber server
CN101400106A (en) * 2007-09-27 2009-04-01 华为技术有限公司 Method for household base station access control
WO2009043002A2 (en) * 2007-09-28 2009-04-02 Interdigital Patent Holdings, Inc. Method and apparatus for supporting home node b services
CN101400071A (en) * 2007-09-29 2009-04-01 北京三星通信技术研究有限公司 Method for configuring MME

Also Published As

Publication number Publication date
CN101730187A (en) 2010-06-09

Similar Documents

Publication Publication Date Title
WO2010130174A1 (en) Method for enabling local access control and corresponding communication system
KR101481421B1 (en) Method and apparatus for managing white list information for user equipment in mobile telecommunication system
US8724509B2 (en) Mobile communication method, mobile communication system, and corresponding apparatus
JP6096246B2 (en) Packet data network gateway selection method
WO2017092501A1 (en) Method and system for network certification
WO2011026392A1 (en) Method and system for acquiring route strategies
WO2012062183A1 (en) Method and system for controlling service quality and charging policy of data flow
WO2012116623A1 (en) Mobile communication system and networking method
CN102056141B (en) System and method for realizing local access
WO2010133107A1 (en) Method and system for home node b gateway forwarding messages to home node b
JP2013511869A (en) IP subnet address assignment within a local network that contains multiple devices and is connected to the Internet
CN103200534B (en) A kind of method of trunking communication, Apparatus and system
WO2013004121A1 (en) Method and device for processing local gateway information
KR101727557B1 (en) Method and apparatus for supporting local breakout service in wireless communication system
CN102457931B (en) A kind of data route control method and system
WO2011017979A1 (en) Resource management method and device in a communication system supporting the ip shunting
CN101998367B (en) Management method for local network protocol access connection and mobility management entities
WO2011097989A1 (en) Optimization method for local access paging and apparatus thereof
WO2014067371A1 (en) Cluster service implementation method, system, and network element
EP2482597A1 (en) Home base station access method, home base station system and home base station access point
WO2012126319A1 (en) Method and system for handing off local access service
KR20130009836A (en) A wireless telecommunications network, and a method of authenticating a message
WO2011038609A1 (en) Method and device for sending local connection information
WO2011035521A1 (en) Method for sharing of femto access point and femto access point system
WO2011003310A1 (en) Method, apparatus and system for implementing access control determination by core network

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 10774515

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 10774515

Country of ref document: EP

Kind code of ref document: A1