Nothing Special   »   [go: up one dir, main page]

WO2011116713A2 - Method, device and system for machine type communication (mtc) terminal communicating with network through gateway - Google Patents

Method, device and system for machine type communication (mtc) terminal communicating with network through gateway Download PDF

Info

Publication number
WO2011116713A2
WO2011116713A2 PCT/CN2011/073429 CN2011073429W WO2011116713A2 WO 2011116713 A2 WO2011116713 A2 WO 2011116713A2 CN 2011073429 W CN2011073429 W CN 2011073429W WO 2011116713 A2 WO2011116713 A2 WO 2011116713A2
Authority
WO
WIPO (PCT)
Prior art keywords
mtc
network
gateway
authentication
mtc terminal
Prior art date
Application number
PCT/CN2011/073429
Other languages
French (fr)
Chinese (zh)
Other versions
WO2011116713A3 (en
Inventor
郭雅莉
Original Assignee
华为技术有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 华为技术有限公司 filed Critical 华为技术有限公司
Priority to CN2011800005940A priority Critical patent/CN102204306A/en
Priority to PCT/CN2011/073429 priority patent/WO2011116713A2/en
Publication of WO2011116713A2 publication Critical patent/WO2011116713A2/en
Publication of WO2011116713A3 publication Critical patent/WO2011116713A3/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • H04W4/70Services for machine-to-machine communication [M2M] or machine type communication [MTC]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • H04W12/069Authentication using certificates or pre-shared keys

Definitions

  • the present invention relates to the field of communications technologies, and in particular, to a method, device, and system for an MTC terminal to communicate with a network through an MTC gateway.
  • Machine Type Communications refers to network communication between one or more network elements without human intervention, such as traffic control and management, remote meter reading, remote monitoring, mobile payment, Location tracking, medical monitoring and other applications.
  • the 3rd Generation Partnership Project (3GPP) has introduced the MTC Gateway (GW) device, which acts as a normal user equipment ( The user equipment (UE) accesses the 3GPP network, and the MTC terminal (Device) can access the 3GPP network through the MTC gateway.
  • GW MTC Gateway
  • the MTC terminal and the MTC gateway are connected by a non-3GPP IP access system (hereinafter referred to as a non-3GPP system), for example, a short distance such as Bluetooth or a Zigbee. Communication technology;
  • the MTC gateway is connected to the 3GPP access network through 3GPP air interface technology.
  • 3GPP 3rd Generation Partnership Project
  • a UE accesses a mobile network management entity (Mobile Management Entity, MME) and a serving gateway (Serving Gateway) through an evolved base station (eNodeB, eNB).
  • MME Mobile Management Entity
  • eNB evolved base station
  • S-GW Packet Data Network gateway
  • PDN gateway Packet Data Network gateway
  • a UE in a Wideband Code Division Multiple Access (WCDMA) communication system, a UE is connected to a Radio Network Controller (RNC) through a base station (NodeB) and then accesses a core network.
  • RNC Radio Network Controller
  • the Serving GPRS (General Packet Radio Service Support Node) of the General Packet Radio Service (SGSN) is connected to the Gateway GPRS Support Node (GGSN) of the General Packet Radio Service through the SGSN.
  • GGSN Gateway GPRS Support Node
  • MTC gateway device in the system so that the MTC terminal can access the network through the MTC gateway.
  • the technology is not limited to the above-mentioned WCDMA communication system and Long Term Evolution (LTE) communication system, and can be applied to other communication systems such as Worldwide Interoperability for Microwave Access (WiMAX) communication systems and the world.
  • WiMAX Worldwide Interoperability for Microwave Access
  • GSM Global System for Mobile communication
  • the MTC gateway accesses the carrier network as a common user equipment, and replaces the MTC terminal connected to it with the service server in the operator network, and the information sent by the MTC terminal carries the application layer service data of the MTC gateway. in the bag.
  • the MTC gateway communicates with the outside through the carrier network, but the MTC terminal connected to the MTC gateway is invisible. Therefore, as long as the MTC gateway successfully accesses the carrier network, any MTC terminal can access the carrier network through the MTC gateway to perform services, and the operator cannot control whether a specific MTC terminal is allowed to access the network, for example, one does not and the operator.
  • the contracted MTC terminal can also conduct services through the MTC gateway.
  • Embodiments of the present invention provide a method, device, and system for an MTC terminal to communicate with a network through an MTC gateway.
  • a method for an MTC terminal to communicate with a network through an MTC gateway including:
  • the MTC gateway accesses the network as a user equipment, and establishes a communication connection with a server for authentication and authentication in the network;
  • the MTC gateway authenticates the accessed MTC terminal with the server for authentication and authentication, and determines whether to establish a communication connection between the MTC terminal and the network according to the authentication result.
  • An MTC gateway including:
  • a user equipment module configured to access a network, and establish a communication connection with a server for authentication and authentication in the network
  • An authentication and authentication service module configured to perform authentication on the accessed MTC terminal by using the server for authentication and authentication;
  • a communication system comprising:
  • the method provided by the embodiment of the present invention uses the MTC gateway to cooperate with the server for authentication and authentication in the network to authenticate the accessed MTC terminal, and determines whether to establish a communication connection between the MTC terminal and the network according to the authentication result.
  • Program. the device in the network can identify the accessed MTC terminal through the authentication process, and further can determine whether to establish a communication connection between the MTC terminal and the network according to the authentication result, thereby controlling whether to allow a specific MTC terminal. Communicate with the network.
  • FIG. 1 is a schematic diagram of a network architecture of an existing 3GPP system
  • FIG. 2 is a schematic diagram of a network architecture of a conventional S AE communication system
  • FIG. 3 is a schematic diagram of a network architecture of a conventional WCDMA communication system
  • FIG. 4 is a flow chart of a method for an MTC terminal to communicate with a network through an MTC gateway according to an embodiment of the present invention
  • FIG. 5 is a schematic diagram of an example of an application scenario used in the method of the embodiment of the present invention.
  • FIG. 6 is a schematic diagram of another embodiment of a method according to an embodiment of the present invention.
  • FIG. 7 is a schematic diagram showing the logical structure of an MTC gateway according to an embodiment of the present invention.
  • FIG. 8 is a schematic diagram of a network architecture of a communication system according to an embodiment of the present invention.
  • the embodiment of the present invention provides a method for the MTC terminal to communicate with the network through the MTC gateway, and the MTC gateway cooperates with the server for authentication and authentication in the network to authenticate the accessed MTC terminal, and determines whether the MTC is based on the authentication result.
  • a technical solution for establishing a communication connection between a terminal and a network With the technical solution, the device in the network can identify the accessed MTC terminal through the authentication process, and can further determine whether to establish a communication connection between the MTC terminal and the network according to the authentication certificate, thereby controlling whether to allow a specific MTC terminal. Communicate with the network.
  • Embodiments of the present invention also provide a corresponding MTC gateway and communication system. The details are described below separately. Referring to FIG. 4, an embodiment of the present invention provides a method for a device type communication MTC terminal to communicate with a network through an MTC gateway, including:
  • the MTC gateway accesses the network as a user equipment, and establishes a communication connection with a server used for authentication and authentication in the network.
  • the network may be a 3GPP network, such as a PDN network
  • the carrier network needs to include a server for authentication authentication, such as an authentication, authorization, and accounting server (Authentication Authorization Accounting, AAA), and Home Subscriber Server (HSS), to facilitate authentication and authentication of the MTC terminal.
  • AAA authentication, authorization, and accounting server
  • HSS Home Subscriber Server
  • the communication system needs to include a control module that is not a 3GPP air interface technology, so that the MTC gateway can be connected to the MTC terminal through a non-3GPP air interface technology such as Bluetooth or a pico bee; on the network side, the MTC gateway can pass the 3GPP air interface technology and operation.
  • the business network is connected.
  • the non-3GPP air interface technology is not limited to Bluetooth or pico bee technology, and any non-3GPP air interface access technology can be used.
  • the MTC gateway cooperates with the server for authentication and authentication to authenticate the accessed MTC terminal, and determines whether to establish a communication connection between the MTC terminal and the network according to the authentication result.
  • One end of the MTC gateway is connected to the MTC terminal, and the other end is connected to a server for authentication authentication of the MTC terminal, such as HSS/AAA.
  • the MTC gateway is specifically configured to parse and encapsulate the authentication authentication request message sent by the MTC terminal to the server in the authentication and authentication process, and then forward the authentication authentication response message sent by the server to the MTC terminal. Therefore, the MTC gateway can obtain the authentication result from the received authentication authentication response message, and determine whether to establish a communication connection between the MTC terminal and the network according to the authentication result.
  • the MTC gateway cooperates with the server for authentication and authentication to authenticate the accessed MTC terminal, and specifically: the Internet Key Exchange (IKE) protocol is used to authenticate the accessed MTC terminal; Or use the Extensible Authentication Protocol (EAP) to authenticate the accessed MTC terminal.
  • IKE Internet Key Exchange
  • EAP Extensible Authentication Protocol
  • control module of the non-3GPP air interface technology has an authentication and authentication function for the terminal, in one implementation manner, The control module of the non-3GPP air interface technology is integrated in the MTC gateway, so that the MTC gateway can directly use the control module to authenticate the accessed MTC terminal with the server for authentication and authentication.
  • the MTC gateway After receiving the authentication and authentication response message that is sent by the server and carrying the authentication and authentication result, the MTC gateway parses the authentication and authentication response message, and obtains the authentication result, that is, whether the communication between the MTC terminal and the network is established according to the authentication result. connection. If the authentication is passed, a communication connection is established between the MTC terminal and the network; otherwise, the MTC terminal is denied access to the carrier network.
  • the step of establishing a communication connection between the MTC terminal and the network may be: connecting the MTC terminal with a gateway in the carrier network, establishing a communication connection between the MTC terminal and the gateway, for example, in the carrier network. In the case of a PDN network, a communication connection is established between the MTC terminal and the PDN gateway.
  • establishing a communication connection between the MTC terminal and the PDN gateway may take various manners.
  • a tunneling technique can be used to establish a communication connection between the MTC terminal and the PDN gateway for data exchange.
  • a tunnel establishment technique based on Proxy mobile IP (Internet Protocol), PMIP may be employed. The specific steps may be: establishing a data tunnel from the MTC gateway to the PDN gateway, and establishing a data tunnel from the MTC gateway to the MTC terminal, where the two tunnels are connected at the MTC gateway, so that the MTC terminal and the PDN gateway can perform data through the data tunnel. exchange.
  • the MTC gateway After the MTC gateway establishes the data tunnel of the MTC gateway to the PDN gateway and the MTC gateway to the MTC terminal, the MTC gateway also needs to receive the IP address of the PDN address space allocated by the PDN gateway for the MTC terminal, and send the IP address to the MTC terminal.
  • the IP address is an IP address that the MTC terminal should use in the PDN network, and is used by the MTC terminal in the upper application layer communication.
  • NAT Net Address
  • the MTC gateway can locally establish a NAT forwarding item for data forwarding, so that the MTC gateway can exchange data between the MTC terminal and the PDN gateway through the NAT forwarding item.
  • the MTC gateway After the MTC gateway establishes a network address translation NAT forwarding item for data forwarding, it also needs to allocate an IP address belonging to the MTC gateway address space to the MTC terminal, and send the IP address to the MTC terminal. Not for the PDN network, so the MTC gateway can assign any available IP address to the MTC terminal. This IP address will be used by the MTC terminal in the upper application layer communication.
  • the server used for authentication and authentication in the MTC gateway cooperation network authenticates the accessed MTC terminal, and the MTC terminal is visible to the network, and the device in the network can identify through the authentication process.
  • the MTC gateway needs to have the function of authenticating the authentication client, and can cooperate with the server for authentication and authentication to authenticate the MTC terminal to realize the visibility of the MTC terminal to the operator network; and also has the control capability, and can determine whether the authentication result is based on the authentication result.
  • a communication connection is established between the MTC terminal and the network.
  • the device in the network can identify the accessed MTC terminal through the authentication process, and further can determine whether to establish a communication connection between the MTC terminal and the network according to the authentication result, so as to control whether a specific The MTC terminal communicates with the network. On the basis of being able to identify the MTC terminal, it is also possible to charge a specific MTC terminal.
  • the method provided by the embodiment of the present invention is further described below in conjunction with a specific application scenario. Referring to FIG.
  • the carrier network is a PDN network
  • the PDN network includes a PDN gateway, and a server HSS/AAA for authentication
  • the user side includes an MTC terminal, and a non-3GPP system
  • the MTC terminal can pass
  • the MTC gateway is connected to the PDN network.
  • the MTC gateway has an IKEv2-based authentication function, and the MTC gateway also has a UE module for accessing the network.
  • the method of the present invention implemented in this application scenario includes:
  • the built-in UE module first completes the network access process. This process enables the MTC gateway to gain access to the network.
  • the MTC terminal After the MTC terminal is started, first search for the available non-3GPP systems around, and complete the process of accessing the non-3GPP system. The non-3GPP system will assign a local IP address to the MTC terminal. At this point, the MTC terminal has the IP access capability at this time.
  • the MTC terminal initiates an IKEv2-based authentication process, and the MTC gateway cooperates with the PDN network.
  • the HSS/AAA completes the authentication authentication of the MTC terminal by the HSS/AAA.
  • the MTC gateway determines, according to the authentication result, whether to establish a PDN to the PDN network for the MTC terminal.
  • the data tunnel of the gateway implements establishing a communication connection between the MTC terminal and the network.
  • the PDN gateway establishes a data tunnel to the PDN gateway for the MTC terminal based on the PMIP tunnel establishment procedure.
  • the MTC gateway After the data tunnel is established, the MTC gateway returns the IP address that should be used in the PDN network to the MTC terminal.
  • the IP address is assigned by the PDN gateway and will be used by the MTC terminal for upper layer application layer communication.
  • the MTC gateway can cooperate with the HSS/AAA to authenticate the MTC terminal, and determine whether to establish a data tunnel to the PDN gateway for the MTC terminal according to the authentication result. Therefore, the device in the network can identify the accessed MTC terminal through the authentication process, and can further determine whether to establish a communication connection between the MTC terminal and the network according to the authentication result, thereby controlling whether to allow a specific MTC terminal to communicate with the network.
  • the MTC gateway can use NAT technology to establish a communication connection between the MTC terminal and the network to implement data exchange. Therefore, the MTC gateway device does not need to support the PMIP function, which will greatly reduce the implementation complexity.
  • the method of the present invention implemented in this application scenario includes:
  • the MTC gateway After the MTC gateway is started, its built-in UE module first completes the network access process. This process enables the MTC gateway to gain access to the network.
  • the MTC terminal After the MTC terminal is started, first search for the available non-3GPP systems around, and complete the process of accessing the non-3GPP system.
  • the non-3GPP system will assign a local IP address to the MTC terminal.
  • the MTC terminal has the IP access capability at this time.
  • the MTC terminal initiates an IKEv2-based authentication process, and the MTC gateway cooperates with the HSS/AAA in the PDN network to complete the authentication and authentication of the MTC device by the HSS/AAA.
  • the MTC gateway determines, according to the authentication result, whether a NAT forwarding entry for data forwarding is established for the MTC terminal, so as to establish a communication connection between the MTC terminal and the network.
  • the PDN gateway will establish a NAT forwarding entry, and the NAT ⁇ 3 ⁇ 4 is a port technology. Therefore, an IPSec tunnel to the MTC terminal will correspond to a port that leads to the PDN network, and the identifier of the IPSec tunnel. The character can be used to identify the MTC terminal. Thereby, data exchange between the data on the IPSec tunnel of the MTC terminal and the PDN network is implemented. 306. After the NAT forwarding item is established, the MTC gateway allocates an IP address to the MTC terminal and sends the IP address to the MTC terminal.
  • the IP address is only used by the MTC terminal on the non-3GPP network, and not for the PDN network. Therefore the MTC gateway can assign any available IP address to the MTC terminal. This IP address will be used by the MTC interrupt for upper layer application layer communication.
  • the MTC gateway can cooperate with the HSS/AAA to authenticate the MTC terminal, and determine whether to establish a NAT forwarding entry for the MTC terminal according to the authentication result. Therefore, the device in the network can identify the accessed MTC terminal through the authentication process, and can further determine whether to establish a communication connection between the MTC terminal and the network according to the authentication result, thereby controlling whether to allow a specific MTC terminal to communicate with the network.
  • an embodiment of the present invention provides an MTC gateway, including: a user equipment module 701, configured to access a network, and establish a communication connection with a server for authentication and authentication in a network;
  • the authentication service module 702 is configured to perform authentication on the accessed MTC terminal by using a server for authentication and authentication;
  • the communication connection establishing module 703 is configured to determine whether to establish a communication connection between the MTC terminal and the network according to the authentication result.
  • the carrier network may be a packet data network PDN
  • the PDN includes a PDN gateway
  • the communication connection establishing module 703 may include: a first establishing module 703a;
  • the first establishing module 703a is configured to establish a data tunnel from the MTC gateway to the PDN gateway and the MTC gateway to the MTC terminal, so that the MTC terminal and the PDN gateway can exchange data through the data tunnel.
  • the communication connection establishing module 703 may further include: a second establishing module 703b, and a second establishing module 703b, configured to establish a network address translation NAT forwarding item for data forwarding, so that the MTC gateway can pass the NAT The forwarding item exchanges data between the MTC terminal and the PDN gateway.
  • the MTC gateway of the embodiment of the present invention can cooperate with the server for authentication and authentication in the network to authenticate the accessed MTC terminal, and determine whether it is in the MTC terminal and the network according to the authentication result.
  • the communication connection is established; thus, the device in the network can identify the accessed MTC terminal through the authentication process, and further can determine whether to establish a communication connection between the MTC terminal and the network according to the authentication result, thereby controlling whether a specific MTC is allowed.
  • the terminal communicates with the network.
  • an embodiment of the present invention further provides a communication system, including:
  • the MTC gateway 700 provided by the foregoing embodiment, the MTC terminal 600 connected to the MTC gateway 700 through the non-3GPP air interface technology, and the network connected to the MTC gateway 700 through the 3GPP control interface technology, the network includes authentication authentication.
  • the device in the network can identify the accessed MTC terminal through the authentication process, and further can determine whether to establish a communication connection between the MTC terminal and the network according to the authentication certificate, thereby controlling whether to allow specific
  • the MTC terminal communicates with the network.
  • a person skilled in the art may understand that all or part of the steps of the foregoing embodiments may be implemented by a program to instruct related hardware.
  • the program may be stored in a computer readable storage medium, and the storage medium may include: Read only memory, random access memory, disk or optical disk, etc.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Mobile Radio Communication Systems (AREA)
  • Telephonic Communication Services (AREA)

Abstract

The present invention discloses a method for a Machine Type Communication (MTC) terminal accessing a network through an MTC gateway, the method includes that: the MTC gateway accesses the network as a user equipment, establishes a communication connection with a server used for authentication authorization in the network, cooperates with the server used for authentication authorization to authenticate the accessed MTC terminal, and according to the authentication result determines whether to establish the communication connection between the MTC terminal and the network. The embodiments of the present invention also disclose the corresponding MTC gateway and communication system. By using the technical solutions of the embodiments of the present invention, equipments in the network can identify the accessed MTC terminal through the authentication process, then according to the authentication result determine whether to establish the communication connection between the MTC terminal and the network, thus can control whether the special MTC terminal is allowed to communicate with the network.

Description

MTC终端通过网关与网络通信的方法、 设备及系统 技术械  Method, device and system for communication between MTC terminal and network through gateway
本发明涉及通信技术领域, 具体涉及一种 MTC终端通过 MTC网关与网 络通信的方法、 设备及系统。  The present invention relates to the field of communications technologies, and in particular, to a method, device, and system for an MTC terminal to communicate with a network through an MTC gateway.
背景技术 Background technique
机器类型通讯 ( Machine Type Communications, MTC )指的是一个或者多 个网元之间在不需要人为参与的情况下进行的网络通讯, 如交通控制与管理、 远程抄表、 远程监控、 移动支付、 定位跟踪、 医疗监护等应用。  Machine Type Communications (MTC) refers to network communication between one or more network elements without human intervention, such as traffic control and management, remote meter reading, remote monitoring, mobile payment, Location tracking, medical monitoring and other applications.
MTC 的广泛应用使无线通信终端的数量迅速增加, 为此, 第三代合作伙 伴计划( 3rd Generation Partnership Project, 3 GPP )引入了 MTC网关( Gateway, GW )设备, MTC 网关作为一个普通用户设备 ( User Equipment, UE )接入 3GPP网络, 则 MTC终端 ( Device ) 可以通过 MTC网关接入 3GPP网络。 如 图 1所示, MTC终端与 MTC网关之间通过非 3GPP空口技术的接入( Non 3GPP IP Access ) 系统 (以下简称为非 3GPP 系统)相连, 例如采用蓝牙, 微微蜂 ( Zigbee )等短距离通信技术; MTC网关与 3GPP接入网之间则通过 3GPP空 口技术相连。 下面举例说明。  The widespread use of MTC has led to a rapid increase in the number of wireless communication terminals. To this end, the 3rd Generation Partnership Project (3GPP) has introduced the MTC Gateway (GW) device, which acts as a normal user equipment ( The user equipment (UE) accesses the 3GPP network, and the MTC terminal (Device) can access the 3GPP network through the MTC gateway. As shown in FIG. 1, the MTC terminal and the MTC gateway are connected by a non-3GPP IP access system (hereinafter referred to as a non-3GPP system), for example, a short distance such as Bluetooth or a Zigbee. Communication technology; The MTC gateway is connected to the 3GPP access network through 3GPP air interface technology. The following is an example.
请参考图 2 , 系统架构演进( System Architecture Evolution , SAE )通信系 统中, UE通过演进基站( eNodeB , eNB )接入核心网的移动管理实体( Mobile Management Entity, MME ) 以及服务网关 ( Serving Gateway, S-GW ), 并经 过 S-GW连接到分组数据网 (Packet Data Network, PDN ) 的网关 ( P-GW )。  Referring to FIG. 2, in a System Architecture Evolution (SAE) communication system, a UE accesses a mobile network management entity (Mobile Management Entity, MME) and a serving gateway (Serving Gateway) through an evolved base station (eNodeB, eNB). S-GW), and connected to the Packet Data Network (PDN) gateway (P-GW) via the S-GW.
请参考图 3 , 宽带码分多址接入 ( Wideband Code Division Multiple Access ,WCDMA )通信系统中, UE经过基站( NodeB )连接到无线网络控制 器( Radio Network Controller, RNC )再接入核心网的通用分组无线业务的服 务节点( SGSN, Serving GPRS ( General Packet Radio Service ) Support Node ), 并通过 SGSN连接到通用分組无线业务的网关节点 (GGSN, Gateway GPRS Support Node )。  Referring to FIG. 3, in a Wideband Code Division Multiple Access (WCDMA) communication system, a UE is connected to a Radio Network Controller (RNC) through a base station (NodeB) and then accesses a core network. The Serving GPRS (General Packet Radio Service Support Node) of the General Packet Radio Service (SGSN) is connected to the Gateway GPRS Support Node (GGSN) of the General Packet Radio Service through the SGSN.
在系统中引入 MTC网关设备,使 MTC终端可以通过 MTC网关接入网络 的技术并不局限于上述的 WCDMA 通信系统和长期演进 ( Long Term Evolution , LTE )通信系统 , 还可以应用于其它通信系统如全球互联微波接入 ( Worldwide Interoperability for Microwave Access , WiMAX )通信系统和全球 移动通信系统 ( Global System for Mobile communication, GSM ), 此处不再一 一列举。 Introducing an MTC gateway device in the system so that the MTC terminal can access the network through the MTC gateway. The technology is not limited to the above-mentioned WCDMA communication system and Long Term Evolution (LTE) communication system, and can be applied to other communication systems such as Worldwide Interoperability for Microwave Access (WiMAX) communication systems and the world. Global System for Mobile communication (GSM), which is not listed here.
在上述的应用中, MTC网关作为一个普通用户设备 UE接入运营商网络, 代替与其相连的 MTC终端与运营商网络中的业务服务器交互, MTC终端发送 的信息携带在 MTC网关的应用层业务数据包中。 对于运营商网络而言, 能看 到 MTC网关通过运营商网络与外部通信, 但是, 与 MTC网关相连的 MTC终 端则是不可见的。 从而, 只要 MTC网关成功接入运营商网络, 任何 MTC终 端都可以通过该 MTC网关接入运营商网络进行业务, 运营商无法控制是否允 许特定的 MTC终端接入网络, 例如, 一个没有和运营商签约的 MTC终端也 可以通过 MTC网关进行业务。  In the above application, the MTC gateway accesses the carrier network as a common user equipment, and replaces the MTC terminal connected to it with the service server in the operator network, and the information sent by the MTC terminal carries the application layer service data of the MTC gateway. in the bag. For the carrier network, it can be seen that the MTC gateway communicates with the outside through the carrier network, but the MTC terminal connected to the MTC gateway is invisible. Therefore, as long as the MTC gateway successfully accesses the carrier network, any MTC terminal can access the carrier network through the MTC gateway to perform services, and the operator cannot control whether a specific MTC terminal is allowed to access the network, for example, one does not and the operator. The contracted MTC terminal can also conduct services through the MTC gateway.
发明内容 Summary of the invention
本发明实施例提供一种 MTC终端通过 MTC网关与网络通信的方法、 设备 及系统。  Embodiments of the present invention provide a method, device, and system for an MTC terminal to communicate with a network through an MTC gateway.
一种 MTC终端通过 MTC网关与网络通信的方法, 包括:  A method for an MTC terminal to communicate with a network through an MTC gateway, including:
MTC网关作为用户设备接入网络, 与网络中用于认证鉴权的服务器建立 通信连接;  The MTC gateway accesses the network as a user equipment, and establishes a communication connection with a server for authentication and authentication in the network;
MTC网关配合所述用于认证鉴权的服务器对接入的 MTC终端进行认证, 根据认证结果决定是否在所述 MTC终端和网络之间建立通信连接。  The MTC gateway authenticates the accessed MTC terminal with the server for authentication and authentication, and determines whether to establish a communication connection between the MTC terminal and the network according to the authentication result.
一种 MTC网关, 包括:  An MTC gateway, including:
用户设备模块, 用于接入网絡, 与网络中用于认证鉴权的服务器建立通信 连接;  a user equipment module, configured to access a network, and establish a communication connection with a server for authentication and authentication in the network;
认证鉴权服务模块, 用于配合所述用于认证鉴权的服务器对接入的 MTC 终端进行认证;  An authentication and authentication service module, configured to perform authentication on the accessed MTC terminal by using the server for authentication and authentication;
通信连接建立模块, 用于根据认证结果决定是否在所述 MTC终端和网络 之间建立通信连接。 一种通信系统, 包括: And a communication connection establishing module, configured to determine, according to the authentication result, whether a communication connection is established between the MTC terminal and the network. A communication system comprising:
上述的 MTC网关, 与所述 MTC网关通过非第三代合作伙伴计划 3GPP的空 中接口技术相连的 MTC终端, 以及与所述 MTC网关通过 3GPP的控制接口技术 相连的网络, 所述网络包括用于认证鉴权的服务器。  The above-mentioned MTC gateway, an MTC terminal connected to the MTC gateway through an air interface technology of a non-3rd Generation Partnership Project 3GPP, and a network connected to the MTC gateway through a 3GPP control interface technology, the network includes Authentication authentication server.
本发明实施例提供的方法, 采用由 MTC网关配合网絡中用于认证鉴权的 服务器对接入的 MTC终端进行认证, 根据认证结果决定是否在所述 MTC终 端和网络之间建立通信连接的技术方案。 釆用该技术方案, 网络中的设备能够 通过认证过程识别接入的 MTC终端, 进而能够根据认证结果决定是否在所述 MTC终端和网络之间建立通信连接,从而可以控制是否允许特定的 MTC终端 与网絡进行通信。  The method provided by the embodiment of the present invention uses the MTC gateway to cooperate with the server for authentication and authentication in the network to authenticate the accessed MTC terminal, and determines whether to establish a communication connection between the MTC terminal and the network according to the authentication result. Program. With the technical solution, the device in the network can identify the accessed MTC terminal through the authentication process, and further can determine whether to establish a communication connection between the MTC terminal and the network according to the authentication result, thereby controlling whether to allow a specific MTC terminal. Communicate with the network.
附图说明 DRAWINGS
图 1是现有的 3GPP系统的网络架构示意图;  1 is a schematic diagram of a network architecture of an existing 3GPP system;
图 2是现有的 S AE通信系统的网络架构示意图;  2 is a schematic diagram of a network architecture of a conventional S AE communication system;
图 3是现有的 WCDMA通信系统的网络架构示意图;  3 is a schematic diagram of a network architecture of a conventional WCDMA communication system;
图 4是本发明实施例的 MTC终端通过 MTC网关与网络通信的方法的流程 图;  4 is a flow chart of a method for an MTC terminal to communicate with a network through an MTC gateway according to an embodiment of the present invention;
图 5是本发明实施例的方法用于一个应用场景例的示意图;  FIG. 5 is a schematic diagram of an example of an application scenario used in the method of the embodiment of the present invention; FIG.
图 6是本发明实施例的方法用于另一个应用场景例的示意图;  FIG. 6 is a schematic diagram of another embodiment of a method according to an embodiment of the present invention;
图 7是本发明实施例的 MTC网关的逻辑结构示意图;  7 is a schematic diagram showing the logical structure of an MTC gateway according to an embodiment of the present invention;
图 8是本发明实施例的通信系统的网絡架构示意图。  FIG. 8 is a schematic diagram of a network architecture of a communication system according to an embodiment of the present invention.
具体实施方式 detailed description
本发明实施例提供一种 MTC终端通过 MTC网关与网络通信的方法, 采用 由 MTC网关配合网络中用于认证鉴权的服务器对接入的 MTC终端进行认证, 根据认证结果决定是否在所述 MTC终端和网络之间建立通信连接的技术方 案。 采用该技术方案, 网络中的设备能够通过认证过程识别接入的 MTC终端, 进而能够根据认证结杲决定是否在所述 MTC终端和网络之间建立通信连接, 从而可以控制是否允许特定的 MTC终端与网络进行通信。 本发明实施例还提 供相应的 MTC网关及通信系统。 以下分别进行详细说明。 请参考图 4,本发明实施例提供一种机器类型通讯 MTC终端通过 MTC网关 与网络通信的方法, 包括: The embodiment of the present invention provides a method for the MTC terminal to communicate with the network through the MTC gateway, and the MTC gateway cooperates with the server for authentication and authentication in the network to authenticate the accessed MTC terminal, and determines whether the MTC is based on the authentication result. A technical solution for establishing a communication connection between a terminal and a network. With the technical solution, the device in the network can identify the accessed MTC terminal through the authentication process, and can further determine whether to establish a communication connection between the MTC terminal and the network according to the authentication certificate, thereby controlling whether to allow a specific MTC terminal. Communicate with the network. Embodiments of the present invention also provide a corresponding MTC gateway and communication system. The details are described below separately. Referring to FIG. 4, an embodiment of the present invention provides a method for a device type communication MTC terminal to communicate with a network through an MTC gateway, including:
101、 MTC网关作为用户设备接入网络, 与网络中用于认证鉴权的服务器 建立通信连接。  101. The MTC gateway accesses the network as a user equipment, and establishes a communication connection with a server used for authentication and authentication in the network.
应用本发明方法的通信系统中, 所说的网络可以是 3GPP网络, 例如 PDN 网络, 该运营商网络中需要包括用于认证鉴权的服务器, 例如认证、授权和计 费服务器(Authentication Authorization Accounting, AAA ), 以及归属用户服 务器( Home Subscriber Server, HSS ), 以便于对 MTC终端进行认证鉴权。 在 用户侧, 通信系统需要包括非 3GPP空口技术的控制模块, 以便 MTC网关可以 通过非 3GPP空口技术例如蓝牙或微微蜂等与 MTC终端相连; 在网络侧, MTC 网关则可以通过 3GPP空口技术与运营商网络相连。 需要说明的是, 所说的非 3GPP空口技术并不限于蓝牙或微微蜂技术, 任何非 3GPP的空口接入技术都可 以被使用。  In the communication system to which the method of the present invention is applied, the network may be a 3GPP network, such as a PDN network, and the carrier network needs to include a server for authentication authentication, such as an authentication, authorization, and accounting server (Authentication Authorization Accounting, AAA), and Home Subscriber Server (HSS), to facilitate authentication and authentication of the MTC terminal. On the user side, the communication system needs to include a control module that is not a 3GPP air interface technology, so that the MTC gateway can be connected to the MTC terminal through a non-3GPP air interface technology such as Bluetooth or a pico bee; on the network side, the MTC gateway can pass the 3GPP air interface technology and operation. The business network is connected. It should be noted that the non-3GPP air interface technology is not limited to Bluetooth or pico bee technology, and any non-3GPP air interface access technology can be used.
102、 MTC网关配合所述用于认证鉴权的服务器对接入的 MTC终端进行认 证, 根据认证结果决定是否在所述 MTC终端和网络之间建立通信连接。  102. The MTC gateway cooperates with the server for authentication and authentication to authenticate the accessed MTC terminal, and determines whether to establish a communication connection between the MTC terminal and the network according to the authentication result.
MTC网关的一端连接 MTC终端, 另一端连接用于 MTC终端的认证鉴权的 服务器, 例如 HSS/AAA。 MTC网关具体用于在认证鉴权过程中将 MTC终端发 送的认证鉴权请求消息解析并封装后转发给服务器,将服务器发送的认证鉴权 响应消息解析并封装后转发给 MTC终端。 从而, MTC网关可以从收到的认证 鉴权响应消息中获知认证结果, 根据认证结果决定是否在所述 MTC终端和网 络之间建立通信连接。  One end of the MTC gateway is connected to the MTC terminal, and the other end is connected to a server for authentication authentication of the MTC terminal, such as HSS/AAA. The MTC gateway is specifically configured to parse and encapsulate the authentication authentication request message sent by the MTC terminal to the server in the authentication and authentication process, and then forward the authentication authentication response message sent by the server to the MTC terminal. Therefore, the MTC gateway can obtain the authentication result from the received authentication authentication response message, and determine whether to establish a communication connection between the MTC terminal and the network according to the authentication result.
其中, 所说的 MTC网关配合用于认证鉴权的服务器对接入的 MTC终端进 行认证具体可以是: 釆用因特网密钥交换( Internet Key Exchange, IKE )协议 对接入的 MTC终端进行认证;或者釆用扩展认证协议( Extensible Authentication Protocol, EAP )对接入的 MTC终端进行认证。 如果釆用 IKE协议, 例如 IKEv2 进行认证鉴权, 则 MTC网关需要具备基于 IKEv2的认证鉴权功能; 如果采用 EAP进行认证鉴权, MTC网关需要具备基于 EAP的认证鉴权功能。由于非 3GPP 空口技术的控制模块具有对于终端的认证鉴权功能, 一种实施方式中, 可以将 非 3GPP空口技术的控制模块集成在 MTC网关中, 使 MTC网关可以直接利用该 控制模块配合用于认证鉴权的服务器对接入的 MTC终端进行认证。 The MTC gateway cooperates with the server for authentication and authentication to authenticate the accessed MTC terminal, and specifically: the Internet Key Exchange (IKE) protocol is used to authenticate the accessed MTC terminal; Or use the Extensible Authentication Protocol (EAP) to authenticate the accessed MTC terminal. If the IKE protocol is used, for example, IKEv2 performs authentication and authentication, the MTC gateway needs to have the IKEv2-based authentication and authentication function. If EAP is used for authentication and authentication, the MTC gateway needs to have the EAP-based authentication and authentication function. Since the control module of the non-3GPP air interface technology has an authentication and authentication function for the terminal, in one implementation manner, The control module of the non-3GPP air interface technology is integrated in the MTC gateway, so that the MTC gateway can directly use the control module to authenticate the accessed MTC terminal with the server for authentication and authentication.
MTC网关收到服务器返回的携带认证鉴权结果的认证鉴权响应消息后, 解析该认证鉴权响应消息, 获取认证结果, 即可以根据认证结果决定是否在所 述 MTC终端和网络之间建立通信连接。 若认证通过, 在所述 MTC终端和网络 之间建立通信连接; 否则, 拒绝将 MTC终端接入运营商网络。 其中, 在所述 MTC终端和网络之间建立通信连接的步骤具体可以是: 将 MTC终端与运营商 网络中的网关连接, 在 MTC终端和网关之间建立通信连接, 例如, 在运营商 网络为 PDN网络时, 在 MTC终端和 PDN网关之间建立通信连接。  After receiving the authentication and authentication response message that is sent by the server and carrying the authentication and authentication result, the MTC gateway parses the authentication and authentication response message, and obtains the authentication result, that is, whether the communication between the MTC terminal and the network is established according to the authentication result. connection. If the authentication is passed, a communication connection is established between the MTC terminal and the network; otherwise, the MTC terminal is denied access to the carrier network. The step of establishing a communication connection between the MTC terminal and the network may be: connecting the MTC terminal with a gateway in the carrier network, establishing a communication connection between the MTC terminal and the gateway, for example, in the carrier network. In the case of a PDN network, a communication connection is established between the MTC terminal and the PDN gateway.
其中, 在所述 MTC终端和 PDN网关之间建立通信连接可以采用多种方式。 在一个实施例中, 可以利用隧道技术在 MTC终端和 PDN网关之间建立通 信连接, 以实现数据交换。 例如, 可以采用基于移动 IP代理 (Proxy mobile IP ( Internet Protocol ), PMIP ) 的隧道建立技术。 具体的步骤可以是, 建立 MTC 网关到 PDN网关的数据隧道, 以及建立 MTC网关到 MTC终端的数据隧道, 两 个隧道在 MTC网关处接通, 以便 MTC终端和 PDN网关能够通过该数据隧道进 行数据交换。  Wherein, establishing a communication connection between the MTC terminal and the PDN gateway may take various manners. In one embodiment, a tunneling technique can be used to establish a communication connection between the MTC terminal and the PDN gateway for data exchange. For example, a tunnel establishment technique based on Proxy mobile IP (Internet Protocol), PMIP may be employed. The specific steps may be: establishing a data tunnel from the MTC gateway to the PDN gateway, and establishing a data tunnel from the MTC gateway to the MTC terminal, where the two tunnels are connected at the MTC gateway, so that the MTC terminal and the PDN gateway can perform data through the data tunnel. exchange.
其中, MTC网关在建立 MTC网关到 PDN网关以及 MTC网关到 MTC终端的 数据隧道之后,还需要接收 PDN网关为 MTC终端分配的属于 PDN地址空间的 IP 地址,并将该 IP地址发送给 MTC终端。该 IP地址是 MTC终端在 PDN网络内应该 使用的 IP地址, 用于被 MTC终端使用在上层的应用层通信中。  After the MTC gateway establishes the data tunnel of the MTC gateway to the PDN gateway and the MTC gateway to the MTC terminal, the MTC gateway also needs to receive the IP address of the PDN address space allocated by the PDN gateway for the MTC terminal, and send the IP address to the MTC terminal. The IP address is an IP address that the MTC terminal should use in the PDN network, and is used by the MTC terminal in the upper application layer communication.
在另一个实施例中, 可以利用网络地址转换( Net Work Address , NAT ) 技术在 MTC终端和 PDN网关之间建立通信连接,, 以实现数据交换。 NAT属于  In another embodiment, a Net Address (NAT) technology can be used to establish a communication connection between the MTC terminal and the PDN gateway for data exchange. NAT belongs to
MTC网关可以在本地建立用于数据转发的 NAT转发项, 以便 MTC网关能够通 过 NAT转发项在 MTC终端和 PDN网关间进行数据交换。 The MTC gateway can locally establish a NAT forwarding item for data forwarding, so that the MTC gateway can exchange data between the MTC terminal and the PDN gateway through the NAT forwarding item.
其中, MTC网关在建立用于数据转发的网络地址转换 NAT转发项之后,还 需要为 MTC终端分配属于 MTC网关地址空间的 IP地址, 并将该 IP地址发送给 而不用于 PDN网络, 因此 MTC网关可以分配任何可用的 IP地址给 MTC终端。 该 IP地址将被 MTC终端用于上层的应用层通信中。 After the MTC gateway establishes a network address translation NAT forwarding item for data forwarding, it also needs to allocate an IP address belonging to the MTC gateway address space to the MTC terminal, and send the IP address to the MTC terminal. Not for the PDN network, so the MTC gateway can assign any available IP address to the MTC terminal. This IP address will be used by the MTC terminal in the upper application layer communication.
本发明实施例提供的方法, 在控制平面由 MTC网关配合网絡中用于认证 鉴权的服务器对接入的 MTC终端进行认证实现了 MTC终端对网络的可见, 网 络中的设备能够通过认证过程识别接入的 MTC终端;在数据平面通过 NAT或者 隧道方法实现了在所述 MTC终端和网络之间建立通信连接。 其中, MTC网关 要具备认证鉴权客户端的功能, 能够配合用于认证鉴权的服务器对 MTC终端 进行认证以实现 MTC终端对运营商网络的可见; 还要具备控制能力, 能够根 据认证结果决定是否在所述 MTC终端和网络之间建立通信连接。  The method provided by the embodiment of the present invention, the server used for authentication and authentication in the MTC gateway cooperation network authenticates the accessed MTC terminal, and the MTC terminal is visible to the network, and the device in the network can identify through the authentication process. Accessing the MTC terminal; establishing a communication connection between the MTC terminal and the network through a NAT or tunneling method in the data plane. The MTC gateway needs to have the function of authenticating the authentication client, and can cooperate with the server for authentication and authentication to authenticate the MTC terminal to realize the visibility of the MTC terminal to the operator network; and also has the control capability, and can determine whether the authentication result is based on the authentication result. A communication connection is established between the MTC terminal and the network.
采用本发明实施例的技术方案,网络中的设备能够通过认证过程识别接入 的 MTC终端, 进而能够根据认证结果决定是否在所述 MTC终端和网络之间建 立通信连接, 从而可以控制是否允许特定的 MTC终端与网络进行通信。 在能 够识别 MTC终端的基础上, 还能够实现对特定 MTC终端进行计费。 下面结合具体的应用场景对本发明实施例提供的方法做进一步描述。 请参考图 5, 在一个应用场景中, 运营商网络为 PDN网络, 该 PDN网絡包 括 PDN网关,和用于认证的服务器 HSS/AAA;用户侧包括 MTC终端,和非 3GPP 系统; MTC终端可以通过 MTC网关与 PDN网络相连。 MTC网关具备基于 IKEv2 的认证功能, 该 MTC网关还内置有用于接入网络的 UE模块。 本应用场景中实 施的本发明方法包括:  With the technical solution of the embodiment of the present invention, the device in the network can identify the accessed MTC terminal through the authentication process, and further can determine whether to establish a communication connection between the MTC terminal and the network according to the authentication result, so as to control whether a specific The MTC terminal communicates with the network. On the basis of being able to identify the MTC terminal, it is also possible to charge a specific MTC terminal. The method provided by the embodiment of the present invention is further described below in conjunction with a specific application scenario. Referring to FIG. 5, in an application scenario, the carrier network is a PDN network, the PDN network includes a PDN gateway, and a server HSS/AAA for authentication; the user side includes an MTC terminal, and a non-3GPP system; the MTC terminal can pass The MTC gateway is connected to the PDN network. The MTC gateway has an IKEv2-based authentication function, and the MTC gateway also has a UE module for accessing the network. The method of the present invention implemented in this application scenario includes:
201、 当 MTC网关启动以后, 其内置的 UE模块首先完成网络的接入过程。 此过程使 MTC网关能够获取网络的接入能力。  201. After the MTC gateway is started, the built-in UE module first completes the network access process. This process enables the MTC gateway to gain access to the network.
202、 MTC终端启动以后, 首先搜索周围的可使用的非 3GPP系统, 完成接 入非 3GPP系统的流程。 非 3GPP系统会给该 MTC终端分配本地 IP地址。 至此, MTC终端此时已经具备了 IP的接入能力。  202. After the MTC terminal is started, first search for the available non-3GPP systems around, and complete the process of accessing the non-3GPP system. The non-3GPP system will assign a local IP address to the MTC terminal. At this point, the MTC terminal has the IP access capability at this time.
203、 MTC终端发起基于 IKEv2的认证流程, MTC网关配合 PDN网络中的 203. The MTC terminal initiates an IKEv2-based authentication process, and the MTC gateway cooperates with the PDN network.
HSS/AAA完成 HSS/AAA对该 MTC终端的认证鉴权。 The HSS/AAA completes the authentication authentication of the MTC terminal by the HSS/AAA.
204、 MTC网关根据认证结果决定是否为 MTC终端建立到 PDN网络中 PDN 网关的数据隧道, 实现在所述 MTC终端和网络之间建立通信连接。 204. The MTC gateway determines, according to the authentication result, whether to establish a PDN to the PDN network for the MTC terminal. The data tunnel of the gateway implements establishing a communication connection between the MTC terminal and the network.
205、如果该 MTC终端通过认证, PDN网关将基于 PMIP的隧道建立流程为 MTC终端建立通向 PDN网关的数据隧道。  205. If the MTC terminal passes the authentication, the PDN gateway establishes a data tunnel to the PDN gateway for the MTC terminal based on the PMIP tunnel establishment procedure.
206、 在数据隧道建立后, MTC网关向 MTC终端返回其在 PDN网络内应该 使用的 IP地址。 该 IP地址是由 PDN网关分配的, 将被 MTC终端用于上层的应用 层通信。  206. After the data tunnel is established, the MTC gateway returns the IP address that should be used in the PDN network to the MTC terminal. The IP address is assigned by the PDN gateway and will be used by the MTC terminal for upper layer application layer communication.
本应用场景例中, MTC网关能够配合 HSS/AAA对 MTC终端进行认证, 并 根据认证结果决定是否为此 MTC终端建立到 PDN网关的数据隧道。 从而, 网 络中的设备能够通过认证过程识别接入的 MTC终端, 进而能够根据认证结果 决定是否在 MTC终端和网络之间建立通信连接, 从而可以控制是否允许特定 的 MTC终端与网络进行通信。 请参考图 6, 在另一个应用场景中, MTC网关可以利用 NAT技术在 MTC终 端和网络之间建立通信连接, 以实现数据交换。 从而, MTC网关设备不需要 支持 PMIP功能, 将大大节省实现的复杂度。 本应用场景中实施的本发明方法 包括:  In this application scenario, the MTC gateway can cooperate with the HSS/AAA to authenticate the MTC terminal, and determine whether to establish a data tunnel to the PDN gateway for the MTC terminal according to the authentication result. Therefore, the device in the network can identify the accessed MTC terminal through the authentication process, and can further determine whether to establish a communication connection between the MTC terminal and the network according to the authentication result, thereby controlling whether to allow a specific MTC terminal to communicate with the network. Please refer to Figure 6. In another application scenario, the MTC gateway can use NAT technology to establish a communication connection between the MTC terminal and the network to implement data exchange. Therefore, the MTC gateway device does not need to support the PMIP function, which will greatly reduce the implementation complexity. The method of the present invention implemented in this application scenario includes:
301、 当 MTC网关启动以后, 其内置的 UE模块首先完成网络的接入过程。 此过程使 MTC网关能够获取网络的接入能力。  301. After the MTC gateway is started, its built-in UE module first completes the network access process. This process enables the MTC gateway to gain access to the network.
302、 MTC终端启动以后, 首先搜索周围的可使用的非 3GPP系统, 完成接 入非 3GPP系统的流程。 非 3GPP系统会给该 MTC终端分配本地 IP地址。 至此, MTC终端此时已经具备了 IP的接入能力。  302. After the MTC terminal is started, first search for the available non-3GPP systems around, and complete the process of accessing the non-3GPP system. The non-3GPP system will assign a local IP address to the MTC terminal. At this point, the MTC terminal has the IP access capability at this time.
303、 MTC终端发起基于 IKEv2的认证流程, MTC网关配合 PDN网络中的 HSS/AAA完成 HSS/AAA对该 MTC设备的认证鉴权。  303. The MTC terminal initiates an IKEv2-based authentication process, and the MTC gateway cooperates with the HSS/AAA in the PDN network to complete the authentication and authentication of the MTC device by the HSS/AAA.
304、 MTC网关根据认证结果决定是否为 MTC终端建立用于数据转发的 NAT转发项, 实现在所述 MTC终端和网络之间建立通信连接。  304. The MTC gateway determines, according to the authentication result, whether a NAT forwarding entry for data forwarding is established for the MTC terminal, so as to establish a communication connection between the MTC terminal and the network.
305、 如果该 MTC终端通过认证, PDN网关将建立 NAT转发项, NAT^¾ 于端口的技术, 于是, 一个通向 MTC终端的 IPSec隧道将和通向 PDN网络的一 个端口对应, IPSec隧道的标识符可被用来标识 MTC终端。 从而实现 MTC终端 的 IPSec隧道上的数据和 PDN网络之间的数据交换。 306、 在 NAT转发项建立后, MTC网关会向 MTC终端分配 IP地址并将该 IP 地址发送给 MTC终端。 但由于 NAT的使用, 该 IP地址仅供 MTC终端在非 3GPP 网络使用, 而不用于 PDN网络。 因此 MTC网关可以分配任何可用的 IP地址给 MTC终端。 该 IP地址将被 MTC中断用于上层的应用层通信。 305. If the MTC terminal passes the authentication, the PDN gateway will establish a NAT forwarding entry, and the NAT^3⁄4 is a port technology. Therefore, an IPSec tunnel to the MTC terminal will correspond to a port that leads to the PDN network, and the identifier of the IPSec tunnel. The character can be used to identify the MTC terminal. Thereby, data exchange between the data on the IPSec tunnel of the MTC terminal and the PDN network is implemented. 306. After the NAT forwarding item is established, the MTC gateway allocates an IP address to the MTC terminal and sends the IP address to the MTC terminal. However, due to the use of NAT, the IP address is only used by the MTC terminal on the non-3GPP network, and not for the PDN network. Therefore the MTC gateway can assign any available IP address to the MTC terminal. This IP address will be used by the MTC interrupt for upper layer application layer communication.
本应用场景例中, MTC网关能够配合 HSS/AAA对 MTC终端进行认证, 并 根据认证结果决定是否为此 MTC终端建立 NAT转发项。从而, 网络中的设备能 够通过认证过程识别接入的 MTC终端, 进而能够根据认证结果决定是否在 MTC终端和网络之间建立通信连接, 从而可以控制是否允许特定的 MTC终端 与网络进行通信。 请参考图 7, 本发明实施例提供一种 MTC网关, 包括: 用户设备模块 701, 用于接入网络, 与网络中用于认证鉴权的服务器建立 通信连接;  In this application scenario, the MTC gateway can cooperate with the HSS/AAA to authenticate the MTC terminal, and determine whether to establish a NAT forwarding entry for the MTC terminal according to the authentication result. Therefore, the device in the network can identify the accessed MTC terminal through the authentication process, and can further determine whether to establish a communication connection between the MTC terminal and the network according to the authentication result, thereby controlling whether to allow a specific MTC terminal to communicate with the network. Referring to FIG. 7, an embodiment of the present invention provides an MTC gateway, including: a user equipment module 701, configured to access a network, and establish a communication connection with a server for authentication and authentication in a network;
认证服务模块 702, 用于配合用于认证鉴权的服务器对接入的 MTC终端进 行认证;  The authentication service module 702 is configured to perform authentication on the accessed MTC terminal by using a server for authentication and authentication;
通信连接建立模块 703, 用于根据认证结果决定是否在所述 MTC终端和网 络之间建立通信连接。  The communication connection establishing module 703 is configured to determine whether to establish a communication connection between the MTC terminal and the network according to the authentication result.
一个实施例中, 运营商网络可以为分组数据网络 PDN, 该 PDN包括 PDN 网关, 该通信连接建立模块 703可以包括: 第一建立模块 703a;  In one embodiment, the carrier network may be a packet data network PDN, the PDN includes a PDN gateway, and the communication connection establishing module 703 may include: a first establishing module 703a;
第一建立模块 703a,用于若认证通过,建立 MTC网关到 PDN网关以及 MTC 网关到 MTC终端的数据隧道, 以便 MTC终端和 PDN网关能够通过数据隧道进 行数据交换。  The first establishing module 703a is configured to establish a data tunnel from the MTC gateway to the PDN gateway and the MTC gateway to the MTC terminal, so that the MTC terminal and the PDN gateway can exchange data through the data tunnel.
进一步的, 该通信连接建立模块 703还可以包括: 第二建立模块 703b; 第二建立模块 703b, 用于若认证通过, 建立用于数据转发的网络地址转换 NAT转发项, 以便 MTC网关能够通过 NAT转发项在 MTC终端和 PDN网关间进 行数据交换。  Further, the communication connection establishing module 703 may further include: a second establishing module 703b, and a second establishing module 703b, configured to establish a network address translation NAT forwarding item for data forwarding, so that the MTC gateway can pass the NAT The forwarding item exchanges data between the MTC terminal and the PDN gateway.
本发明实施例的 MTC网关, 能够配合网络中用于认证鉴权的服务器对接 入的 MTC终端进行认证, 并根据认证结果决定是否在所述 MTC终端和网络之 间建立通信连接; 从而, 网络中的设备能够通过认证过程识别接入的 MTC终 端 , 进而能够根据认证结果决定是否在所述 MTC终端和网络之间建立通信连 接, 从而可以控制是否允许特定的 MTC终端与网絡进行通信。 请参考图 8, 本发明实施例还提供一种通信系统, 包括: The MTC gateway of the embodiment of the present invention can cooperate with the server for authentication and authentication in the network to authenticate the accessed MTC terminal, and determine whether it is in the MTC terminal and the network according to the authentication result. The communication connection is established; thus, the device in the network can identify the accessed MTC terminal through the authentication process, and further can determine whether to establish a communication connection between the MTC terminal and the network according to the authentication result, thereby controlling whether a specific MTC is allowed. The terminal communicates with the network. Referring to FIG. 8, an embodiment of the present invention further provides a communication system, including:
如上述实施例提供的 MTC网关 700, 与 MTC网关 700通过非 3GPP的空中接 口技术相连的 MTC终端 600, 以及与 MTC网关 700通过 3GPP的控制接口技术相 连的网络, 该网络包括用于认证鉴权的服务器 500;  The MTC gateway 700 provided by the foregoing embodiment, the MTC terminal 600 connected to the MTC gateway 700 through the non-3GPP air interface technology, and the network connected to the MTC gateway 700 through the 3GPP control interface technology, the network includes authentication authentication. Server 500;
本发明实施例的通信系统, 网络中的设备能够通过认证过程识别接入的 MTC终端 , 进而能够根据认证结杲决定是否在所述 MTC终端和网络之间建立 通信连接, 从而可以控制是否允许特定的 MTC终端与网络进行通信。 本领域的技术人员可以理解上述实施例的各种方法中的全部或部分步驟 是可以通过程序来指令相关的硬件来完成,该程序可以存储于一计算机可读存 储介质中,存储介质可以包括: 只读存储器、 随机存取存储器、磁盘或光盘等。  In the communication system of the embodiment of the present invention, the device in the network can identify the accessed MTC terminal through the authentication process, and further can determine whether to establish a communication connection between the MTC terminal and the network according to the authentication certificate, thereby controlling whether to allow specific The MTC terminal communicates with the network. A person skilled in the art may understand that all or part of the steps of the foregoing embodiments may be implemented by a program to instruct related hardware. The program may be stored in a computer readable storage medium, and the storage medium may include: Read only memory, random access memory, disk or optical disk, etc.
以上对本发明实施例提供的 MTC终端通过 MTC网关接入网络的方法以 及相应的 MTC网关及通信系统进行了详细介绍, 本文中应用了具体个例对本 发明的原理及实施方式进行了阐述,以上实施例的说明只是用于帮助理解本发 明的方法及其核心思想, 不应理解为对本发明的限制。  The method for accessing the network by the MTC gateway and the corresponding MTC gateway and the communication system are described in detail in the above embodiments of the present invention. The principles and implementation manners of the present invention are described in the specific examples. The illustrations are only intended to aid in understanding the method of the invention and its core idea, and should not be construed as limiting the invention.

Claims

权 利 要 求 Rights request
1、 一种机器类型通讯 MTC终端通过 MTC网关与网络通信的的方法, 其特 征在于, 包括:  1. A machine type communication method in which an MTC terminal communicates with a network through an MTC gateway, and the features thereof include:
MTC网关作为用户设备接入网络, 与网络中用于认证鉴权的服务器建立 通信连接;  The MTC gateway accesses the network as a user equipment, and establishes a communication connection with a server for authentication and authentication in the network;
MTC网关配合所述用于认证鉴权的服务器对接入的 MTC终端进行认证, 根据认证结果决定是否在所述 MTC终端和网絡之间建立通信连接。  The MTC gateway authenticates the accessed MTC terminal with the server for authentication and authentication, and determines whether to establish a communication connection between the MTC terminal and the network according to the authentication result.
2、 根据权利要求 1所述的方法, 其特征在于:  2. The method of claim 1 wherein:
所述网络为分组数据网絡 PDN , 所述 PDN包括 PDN网关;  The network is a packet data network PDN, and the PDN includes a PDN gateway;
所述根据认证结果决定是否在所述 MTC终端和网络之间建立通信连接包 括:  Determining whether to establish a communication connection between the MTC terminal and the network according to the authentication result includes:
若认证通过, 建立 MTC网关到 PDN网关以及 MTC网关到 MTC终端的数据 隧道, 以便所述 MTC终端和所述 PDN网关能够通过所述数据隧道进行数据交 换。  If the authentication is passed, the data tunnel of the MTC gateway to the PDN gateway and the MTC gateway to the MTC terminal is established, so that the MTC terminal and the PDN gateway can perform data exchange through the data tunnel.
3、 根据权利要求 2所述的方法, 其特征在于, 所述建立 MTC网关到 PDN 网关以及 MTC网关到 MTC终端的数据隧道之后还包括:  The method according to claim 2, wherein after the establishing the MTC gateway to the PDN gateway and the data tunnel of the MTC gateway to the MTC terminal, the method further includes:
接收所述 PDN网关为所述 MTC终端分配的属于 PDN地址空间的 IP地址; 将所述 IP地址发送给所述 MTC终端。  Receiving an IP address belonging to the PDN address space allocated by the PDN gateway to the MTC terminal; and sending the IP address to the MTC terminal.
4、 根据权利要求 1所述的方法, 其特征在于:  4. The method of claim 1 wherein:
所述运营商网络为分組数据网络 PDN, 所述 PDN包括 PDN网关; 所述根据认证结果决定是否在所述 MTC终端和网络之间建立通信连接包 括:  The operator network is a packet data network PDN, and the PDN includes a PDN gateway; and determining, according to the authentication result, whether to establish a communication connection between the MTC terminal and the network includes:
若认证通过, 建立用于数据转发的网络地址转换 NAT转发项, 以便所述 MTC网关能够通过所述 NAT转发项在所述 MTC终端和所述 PDN网关间进行数 据交换。  If the authentication is passed, a network address translation NAT forwarding entry for data forwarding is established, so that the MTC gateway can perform data exchange between the MTC terminal and the PDN gateway by using the NAT forwarding item.
5、 根据权利要求 4所述的方法, 其特征在于, 所述建立用于数据转发的网 络地址转换 NAT转发项之后还包括:  The method according to claim 4, wherein the establishing a network address translation NAT forwarding item for data forwarding further comprises:
为所述 MTC终端分配属于 MTC网关地址空间的 IP地址; 将所述 IP地址发送给所述 MTC终端。 Allocating an IP address belonging to the MTC gateway address space to the MTC terminal; Sending the IP address to the MTC terminal.
6、 根据权利要求 1至 5中任一项所述的方法, 其特征在于, 所述 MTC网关 配合所述用于认证鉴权的服务器对接入的 MTC终端进行认证包括:  The method according to any one of claims 1 to 5, wherein the MTC gateway cooperates with the server for authentication and authentication to authenticate the accessed MTC terminal, including:
所述 MTC网关配合所述用于认证鉴权的服务器, 采用因特网密钥交换 IKE 协议或者扩展认证协议 EAP对接入的 MTC终端进行认证。  The MTC gateway cooperates with the server for authentication and authentication, and uses the Internet Key Exchange IKE protocol or the extended authentication protocol EAP to authenticate the accessed MTC terminal.
7、 一种机器类型通讯 MTC网关, 其特征在于, 包括:  7. A machine type communication MTC gateway, characterized in that it comprises:
用户设备模块, 用于接入网络, 与网络中用于认证鉴权的服务器建立通信 连接;  a user equipment module, configured to access a network, and establish a communication connection with a server for authentication and authentication in the network;
认证鉴权服务模块, 用于配合所述用于认证鉴权的服务器对接入的 MTC 终端进行认证;  An authentication and authentication service module, configured to perform authentication on the accessed MTC terminal by using the server for authentication and authentication;
通信连接建立模块, 用于根据认证结果决定是否在所述 MTC终端和网络 之间建立通信连接。  And a communication connection establishing module, configured to determine, according to the authentication result, whether a communication connection is established between the MTC terminal and the network.
8、 根据权利要求 7所述的 MTC网关, 其特征在于:  8. The MTC gateway according to claim 7, wherein:
所述运营商网络为分组数据网络 PDN , 所述 PDN包括 PDN网关, 所述通信 连接建立模块包括: 第一建立模块;  The carrier network is a packet data network PDN, and the PDN includes a PDN gateway, and the communication connection establishing module includes: a first establishing module;
所述第一建立模块,用于若认证通过,建立 MTC网关到 PDN网关以及 MTC 网关到 MTC终端的数据隧道, 以便所述 MTC终端和所述 PDN网关能够通过所 述数据隧道进行数据交换。  The first establishing module is configured to establish a data tunnel of the MTC gateway to the PDN gateway and the MTC gateway to the MTC terminal, so that the MTC terminal and the PDN gateway can exchange data through the data tunnel.
9、 根据权利要求 7所述的 MTC网关, 其特征在于:  9. The MTC gateway according to claim 7, wherein:
所述运营商网络为分组数据网络 PDN, 所述 PDN包括 PDN网关, 所述通信 连接建立模块包括: 第二建立模块;  The carrier network is a packet data network PDN, the PDN includes a PDN gateway, and the communication connection establishing module includes: a second establishing module;
所述第二建立模块, 用于若认证通过, 建立用于数据转发的网络地址转换 NAT转发项, 以便所述 MTC网关能够通过所述 NAT转发项在所述 MTC终端和 所述 PDN网关间进行数据交换。  The second establishing module is configured to establish, after the authentication is passed, a network address translation NAT forwarding item for data forwarding, so that the MTC gateway can perform the between the MTC terminal and the PDN gateway by using the NAT forwarding item. Data exchange.
10、 一种通信系统, 其特征在于, 包括:  10. A communication system, comprising:
如权利要求 7至 9中任一项所述的 MTC网关, 与所述 MTC网关通过非 第三代合作伙伴计划 3GPP 的空中接口技术相连的 MTC 终端, 以及与所述 MTC 网关通过 3GPP的控制接口技术相连的网络, 所述网络包括用于认证鉴 权的服务器。 The MTC gateway according to any one of claims 7 to 9, an MTC terminal connected to the MTC gateway through an air interface technology other than the 3rd Generation Partnership Project 3GPP, and a control interface through the 3GPP with the MTC gateway a technology-connected network, the network including authentication Right server.
PCT/CN2011/073429 2011-04-28 2011-04-28 Method, device and system for machine type communication (mtc) terminal communicating with network through gateway WO2011116713A2 (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CN2011800005940A CN102204306A (en) 2011-04-28 2011-04-28 Method, device and system for machine type communication (mtc) terminal communicating with network through gateway
PCT/CN2011/073429 WO2011116713A2 (en) 2011-04-28 2011-04-28 Method, device and system for machine type communication (mtc) terminal communicating with network through gateway

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/CN2011/073429 WO2011116713A2 (en) 2011-04-28 2011-04-28 Method, device and system for machine type communication (mtc) terminal communicating with network through gateway

Publications (2)

Publication Number Publication Date
WO2011116713A2 true WO2011116713A2 (en) 2011-09-29
WO2011116713A3 WO2011116713A3 (en) 2012-03-22

Family

ID=44662841

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2011/073429 WO2011116713A2 (en) 2011-04-28 2011-04-28 Method, device and system for machine type communication (mtc) terminal communicating with network through gateway

Country Status (2)

Country Link
CN (1) CN102204306A (en)
WO (1) WO2011116713A2 (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102694879A (en) * 2012-05-21 2012-09-26 中国联合网络通信集团有限公司 Method, device and system for service identification
WO2019209184A1 (en) * 2018-04-27 2019-10-31 Skylab Networks Pte. Ltd. System and method for establishing secure communication

Families Citing this family (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103428664B (en) 2012-05-15 2016-12-28 华为技术有限公司 A kind of method of network integration, equipment and communication system
US8953592B2 (en) * 2012-09-28 2015-02-10 Juniper Networks, Inc. Network address translation for application of subscriber-aware services
WO2014047923A1 (en) * 2012-09-29 2014-04-03 华为技术有限公司 Method and device for accessing network
CN103781114A (en) * 2012-10-24 2014-05-07 中兴通讯股份有限公司 Network access method, device and system
JP6165483B2 (en) * 2013-03-27 2017-07-19 株式会社Nttドコモ COMMUNICATION SYSTEM, RELAY DEVICE, AND COMMUNICATION METHOD
CN104780536B (en) * 2015-04-03 2019-06-11 宇龙计算机通信科技(深圳)有限公司 A kind of authentication method and terminal of internet of things equipment
CN105975783B (en) * 2016-05-12 2018-06-12 宁波大学 Medical monitoring system based on mobile near-field communication
CN110366179A (en) * 2018-04-09 2019-10-22 中兴通讯股份有限公司 A kind of authentication method, equipment and computer readable storage medium
CN116567625A (en) * 2022-01-27 2023-08-08 维沃移动通信有限公司 Equipment authentication method, device, terminal and network function

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101351019A (en) * 2007-07-20 2009-01-21 华为技术有限公司 Access gateway, terminal as well as method and system for establishing data connection
CN101588580A (en) * 2009-06-30 2009-11-25 华为技术有限公司 User access control method, home base station gateway and system

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101351019A (en) * 2007-07-20 2009-01-21 华为技术有限公司 Access gateway, terminal as well as method and system for establishing data connection
CN101588580A (en) * 2009-06-30 2009-11-25 华为技术有限公司 User access control method, home base station gateway and system

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102694879A (en) * 2012-05-21 2012-09-26 中国联合网络通信集团有限公司 Method, device and system for service identification
CN102694879B (en) * 2012-05-21 2016-06-08 中国联合网络通信集团有限公司 Business recognition method, equipment and system
WO2019209184A1 (en) * 2018-04-27 2019-10-31 Skylab Networks Pte. Ltd. System and method for establishing secure communication

Also Published As

Publication number Publication date
CN102204306A (en) 2011-09-28
WO2011116713A3 (en) 2012-03-22

Similar Documents

Publication Publication Date Title
US20210321257A1 (en) Unified authentication for integrated small cell and wi-fi networks
US20190069182A1 (en) Systems and Methods for Accessing a Network
US10021566B2 (en) Non-mobile authentication for mobile network gateway connectivity
US10841302B2 (en) Method and apparatus for authenticating UE between heterogeneous networks in wireless communication system
WO2011116713A2 (en) Method, device and system for machine type communication (mtc) terminal communicating with network through gateway
US9549317B2 (en) Methods and apparatuses to provide secure communication between an untrusted wireless access network and a trusted controlled network
TWI713614B (en) Methods and apparatus for wireless communication using a security model to support multiple connectivity and service contexts
CN102388639B (en) Method and device for accessing mobile network and user device
CN102893669B (en) The method of access to mobile network, Apparatus and system
WO2013082984A1 (en) Method for attaching e-utran and mobility management entity
JP5982690B2 (en) Network convergence method, device, and communication system
WO2007087608A2 (en) System, method, and interface for segregation of a session controller and a security gateway
WO2020123158A1 (en) Secondary authentication for wwan vpn
EP3697119A1 (en) Authentication method and device
JP6861285B2 (en) Methods and devices for parameter exchange during emergency access
WO2014047923A1 (en) Method and device for accessing network
CN102870485B (en) Control method, the Apparatus and system of subscriber equipment access network
WO2014121613A1 (en) Method and corresponding device for acquiring location information
WO2014032542A1 (en) Method and system for setting up multiple connections

Legal Events

Date Code Title Description
WWE Wipo information: entry into national phase

Ref document number: 201180000594.0

Country of ref document: CN

121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 11758823

Country of ref document: EP

Kind code of ref document: A2

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 11758823

Country of ref document: EP

Kind code of ref document: A2