[go: up one dir, main page]

WO2008113284A1 - Procédé et dispositif de gestion d'utilisateurs, de mesure et de rapport dans un réseau restreint - Google Patents

Procédé et dispositif de gestion d'utilisateurs, de mesure et de rapport dans un réseau restreint Download PDF

Info

Publication number
WO2008113284A1
WO2008113284A1 PCT/CN2008/070456 CN2008070456W WO2008113284A1 WO 2008113284 A1 WO2008113284 A1 WO 2008113284A1 CN 2008070456 W CN2008070456 W CN 2008070456W WO 2008113284 A1 WO2008113284 A1 WO 2008113284A1
Authority
WO
WIPO (PCT)
Prior art keywords
user
terminal
network
cell
measurement
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Ceased
Application number
PCT/CN2008/070456
Other languages
English (en)
Chinese (zh)
Inventor
Yinghui Yu
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Huawei Technologies Co Ltd
Original Assignee
Huawei Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Huawei Technologies Co Ltd filed Critical Huawei Technologies Co Ltd
Publication of WO2008113284A1 publication Critical patent/WO2008113284A1/fr
Anticipated expiration legal-status Critical
Ceased legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W48/00Access restriction; Network selection; Access point selection
    • H04W48/02Access restriction performed under specific conditions
    • H04W48/04Access restriction performed under specific conditions based on user or terminal location or mobility data, e.g. moving direction, speed

Definitions

  • the present invention relates to the field of wireless communications, and more particularly to a method and apparatus for managing, measuring, and over-restricting network users.
  • the restricted network may be a private network, or a network using a specific frequency layer according to a certain policy, or a network using a specific radio access technology (Radio Access Technology, hereinafter referred to as "RAT").
  • RAT Radio Access Technology
  • the private network may be a company, a mall, or a subnet covered by a family.
  • the difference between a restricted network and a public network is that a restricted network is not allowed to be hosted or accessed by all users, but only allows some users belonging to the network to camp or access. Since the users allowed to access a restricted network are subject to change, it is very important to manage the user access rights of the restricted network.
  • the user access rights of the restricted network are managed by operations similar to adding and deleting users on the public network. For example, if the private network A adds the user A that can be accessed, it needs to go to a specific management background, and perform corresponding operations on the private network A to increase the user. Similarly, if the private network A deletes the user A that can be accessed first. The user deletion operation is also required to be performed in a specific management background. When the user allowed to access the private network A changes, the corresponding addition and deletion operations are performed to implement the management of the user access authority of the private network A.
  • the main technical problem to be solved by the embodiments of the present invention is to provide a method and a device for managing, measuring, and reporting a restricted network user, so that a privileged user can directly manage user access rights of the restricted network.
  • an embodiment of the present invention provides a limited network user management method, which includes the following steps:
  • the restricted network receives an operation request from a terminal used by a user having user management authority, and the operation request carries an identifier of the operated user;
  • the restricted network notifies the terminal used by the operated user to update the access restriction identifier of the restricted network on the terminal according to the operation request.
  • An embodiment of the present invention further provides a network side device, including:
  • a receiving module configured to receive an operation request initiated by a terminal used by a user with user management authority to the restricted network, where the operation request carries an identifier of the operated user;
  • a notification module configured to notify the terminal used by the operated user to refresh an access restriction identifier of the restricted network on the terminal.
  • An embodiment of the present invention further provides a terminal device, including:
  • a sending module configured to send an operation request to the restricted network, where the operation request carries an identifier of the operated user, where the restricted network is a network that the terminal has permission to operate;
  • the second refreshing module is configured to refresh the access restriction identifier of the restricted network on the terminal according to the notification message sent by the restricted network.
  • the embodiment of the present invention further provides a method for measuring and reporting a terminal, including the following steps:: customizing cell measurement and/or measurement result reporting of the terminal according to the access restriction information; the terminal performs measurement on the cell according to the customized result. Reported.
  • An embodiment of the present invention further provides a terminal device, including: The measuring module is configured to perform measurement on the cell according to the customized cell measurement and/or the measurement result; and the reporting module is configured to report the information measured by the measurement module to the network side according to the customized cell measurement and/or the measurement result report .
  • An embodiment of the present invention further provides a network side device, including:
  • a customized module configured to customize a cell measurement and/or a measurement result report of the terminal according to the access restriction information
  • the sending module is configured to send a customized module customized result to the terminal.
  • the main effect of the embodiment of the present invention is that: the modification of the user right does not need to be performed in a specific management background, and the user access authority of the restricted network can be directly managed by the authorized user through the terminal, thereby User access rights management for restricted networks is more flexible.
  • FIG. 1 is a flowchart of a method for managing a restricted network user according to a first embodiment of the present invention
  • FIG. 2 is a flowchart of a method for managing a restricted network user according to a second embodiment of the present invention
  • FIG. 3 is a third embodiment of the present invention. Flow chart of terminal measurement and reporting methods
  • FIG. 4 is a structural diagram of a restricted network user management system according to a sixth embodiment of the present invention. detailed description
  • a first embodiment of the present invention relates to a method for managing a restricted network user.
  • management of a restricted network user is to increase management of a new user, and the restricted network may be a private network.
  • WLAN Local area network
  • Bluetooth short-distance communication network
  • This embodiment uses a restricted network as a private network as an example. The specific process is shown in Figure 1.
  • step 110 the terminal used by the user with the user management authority initiates an increase request to the private network, where the request carries the identifier of the added user, and the private network receives the request for increasing the user.
  • the authorized user in the private network first determines whether the user is allowed to access the private network, and if so, the authorized user uses the user.
  • the terminal initiates an increase in the user's request to the private network, and in the request
  • the request carries the identity of the user requesting the addition (such as the phone number used by the user).
  • the privileged user can be a user with the lowest privilege (that is, access rights), or a user with a higher administrative privilege, such as an administrator, a super administrator, and the like.
  • a privileged user of a private network can be one or more. In this embodiment, it is ensured by the authorized user whether the requested user is a user who can be allowed to access the private network, so as to ensure that the newly added user does not have an unsafe impact on the private network.
  • the core network (Core Net, referred to as "CN") performs legality authentication on the user who is requested to be added. If the authentication fails, the process proceeds to step 130. If the authentication is passed, the process proceeds to step 140. Specifically, after receiving the request of adding the user, the private network sends a request message to the CN, requesting that the user to be added (that is, the user who is requested to be added) perform legality authentication, and the message carries the user to be added. Identification (such as the phone number used by the user). The CN authenticates whether the user to be added is a legitimate user according to the identifier of the user carried in the message. If the authentication fails, that is, the user to be added is an illegal user, the process proceeds to step 130. If the authentication fails, If it is determined that the user to be added is a legitimate user, then step 140 is entered.
  • the legitimacy of the user includes two aspects, on the one hand, whether the user's joining will have an insecure impact on the private network, as mentioned in step 110, on the other hand, whether the user to join is able to access the public network. Therefore, in this step 120, the user to be authenticated is authenticated by the CN, which further ensures the legitimacy of the user to be joined, thereby making the management of the private network more accurate.
  • step 130 the CN returns the result of the authentication failure to the private network, and the private network returns a message requesting the failure to the authorized user who initiated the request, and carries the reason for the failure in the message, that is, the public network authentication fails.
  • step 140 the identifier of the user to be added by the CN is converted into a user identifier that can be identified by the private network, and the user identifier is sent to the private network.
  • the private network saves the user identifier of the user to be added from the CN, and sends the access restriction identifier of the private network to the terminal used by the user to be added through the paging message, or The access restriction identifier of the private network is sent to the terminal used by the user to be added by other downlink signaling methods. Since the user identifier of the user to be added from the CN is an identifier that the private network can recognize, if the newly added user passes the terminal used to the private If the network initiates an access request, the private network can recognize that the user is a user with access rights according to the saved user identifier, so as to perform correct processing.
  • the terminal that receives the access restriction identifier of the private network saves the access restriction identifier in the terminal, so that the user who uses the terminal, that is, the user to be added, can learn that the user has the authority. Access to the private network.
  • the user to be added returns a response command to the private network through the terminal used, and the private network considers that the operation of the newly added user is successful, and returns a message of successful request to the terminal of the authorized user who initiated the request.
  • the terminal information for initiating the user request is saved in the CN as an example. Therefore, the private network needs to request the CN to perform legality authentication and number for the user to be added. Conversion. If the terminal user who initiates the user request is an end user that only supports the private network, the end user is authenticated by the private network and the number is converted.
  • the management of the user access rights of the private network may involve the user management database of the private network, and the network side (ie, the private network and/or the core network) may have a user management database of the private network. Therefore, the network side also needs to update the user database according to the operation request initiated by the authorized user.
  • the user management database of the private network is available on the network side
  • the user having access rights may also send a query request to the network side, where the identifier or name of the private network to be queried is carried, and the network side checks the rights of the user. If the user's authority is legal, the corresponding query result is fed back.
  • the user access authority does not need to be operated in a specific management background, and the user access authority of the restricted network can be directly managed by the authorized user through the terminal, thereby User access rights management of network-limited networks is more flexible.
  • the second embodiment of the present invention relates to a method for managing a restricted network user.
  • the management of the restricted network user is to delete the management of the user, and the restricted network may be a private network or a distance communication network.
  • the present embodiment is described by taking a limited network as a private network as an example. The specific process is shown in FIG. 2 .
  • the terminal used by the authorized user initiates a request to delete the user to the private network, where the request carries the identifier of the deleted user, and the private network receives the request to delete the user.
  • the user requested to delete may be another user allowed to access the private network, or the user itself who initiated the request. For example, User 1, User 2, and User 3 are all allowed to access the private network A. If User 1 wants to delete the access rights of User 2, User 1 initiates the deletion of User 2 to Private Network A through the terminal used. The request, carrying the identity of User 2 in the request.
  • the private network determines whether the user requested to be deleted is the only user of the private network. For example, in the above case, the user 1 initiates a request to delete the user 2 to the private network A through the terminal used, and then the private network A can determine that the user 2 requested to be deleted is not the only user of the private network, the user Both 1 and User 2 are users of this private network. If only user 1 can access private network A, and user 1 initiates a request to delete user 1 to private network A through the terminal used, private network A will determine that user 1 requested to delete is the only user of the private network. . If the user requested to delete is not the only user of the private network, then step 230 is entered, otherwise, step 250 is entered.
  • the private network deletes the identifier of the user that is requested to be deleted, and sends the access restriction identifier of the private network to the terminal used by the deleted user by using a paging message, or may also pass other downlink signaling.
  • the method sends the access restriction identifier of the private network to the terminal used by the deleted user.
  • the private network A deletes the identifier of the user 2 saved in the private network according to the identifier of the user 2 carried in the request. If the user database of the private network A is stored on the network side, the network side also needs to delete the data related to the user 2 in the user database. And, the access restriction identifier of the private network A is sent to the terminal used by the deleted user 2 by a paging message or other downlink signaling manner.
  • step 230 the process proceeds to step 240, where the terminal that receives the access restriction identifier of the private network deletes the access restriction identifier in the terminal, and returns a response to the private network.
  • the terminal used by the user 2 after receiving the access restriction identifier of the private network A, deletes the access restriction identifier of the private network A in the terminal, so that the deleted user 2 can learn This user no longer has access to private network A.
  • the terminal used by the user 2 returns a response message to the private network A.
  • step 250 the private network notifies that the terminal sending the delete user request will delete the unique user of the private network, requesting confirmation of the operation of deleting the unique user. That is, if the user 1 initiates a request to delete the user 1 to the private network A through the terminal used, the private network A determines that the user 1 is the local The only user of the private network, then, in this step, the private network A notifies the user 1 that the unique user of the private network A will be deleted, requesting confirmation of the deletion operation. After that, the process proceeds to step 260.
  • the terminal that sends the delete user request confirms the request for the delete operation after receiving the notification. If the user requested to delete is the only user of the private network, the user who is requested to delete is the user who initiated the request. Therefore, after confirming to continue the deletion operation, the user deletes the terminal used by the user.
  • the access restriction identifier of the private network For the above case, after receiving the notification of the private network A, the user 1 confirms the request for the deletion operation. If the user 1 confirms to continue the deletion operation, the user 1 deletes the connection of the private network A in the terminal used by the user. Enter the limit ID.
  • the private network deletes the identity of the user requested to delete after receiving the confirmation message.
  • the private network A deletes the identifier of the user 1 saved in the private network A after receiving the confirmation message of the deletion operation by the user 1. If the user database of the private network A is stored on the network side, the network side also needs to delete the data related to the user 1 in the user database.
  • the deletion of user rights does not need to be managed by a specific management background, and the user access rights of the private network can be directly managed by the authorized user, thereby making the restricted network User access rights management is more flexible.
  • the private network since the private network receives the request for deleting the unique user of the private network, the user requesting the request needs to confirm the operation request, so as to avoid the misoperation, so that no user has the right to access the private network. Therefore, the private network can no longer be managed by the authorized user, thereby further ensuring the management accuracy of the authorized user to the private network.
  • a third embodiment of the present invention relates to a terminal measurement and a " ⁇ " method.
  • the terminal customizes the cell measurement and/or measurement result reporting of the terminal according to the access restriction information, and customizes according to the customization.
  • the result is measured and reported to the cell, where the access restriction information includes access restriction information of the restricted network, capability limitation information of the terminal (such as support for special networks, radio access technologies or frequency layers, etc.), Set the access restriction information in the terminal.
  • the specific process is shown in Figure 3.
  • the terminal customizes the information reported by the cell and/or the measurement result of the terminal according to the access restriction information. For example, the terminal prohibits measurement on a cell that does not have access rights according to the access restriction information; or, the terminal includes a cell that does not have access authority in the measured cell according to the access restriction information, but prohibits the The measurement result of the cell is reported to the network side; or, the terminal measures and reports the cell that does not have the access authority according to the access restriction information, but the measurement result is The identifier of the cell in which the terminal does not have access rights is set to a specific identifier, indicating that the terminal cannot access the cell normally; or, the cell that does not have access rights is measured and reported, but the measurement result does not have access. The measurement result of the privileged cell is placed in the lower priority reporting queue; or, the cell that does not have the access authority is measured and reported, but in the measurement result, the measurement result of the cell that does not have the access authority is added to a negative Offset amount.
  • the terminal measures and reports the cell according to the customized result.
  • the terminal carries some measurement information (such as measurement results on RACH) in some uplink signaling.
  • the terminal is idle or active, and the measurement is to be performed, the cell is measured according to the customized result, and the measurement result is reported to the network side.
  • the network side sends an indication to the terminal to measure the neighboring cell.
  • the terminal measures the cell according to the customized result, and reports the measurement result to the network side.
  • the terminal checks whether a cell with a restricted network exists in the cell to be measured, and if so, continues to determine whether the terminal has the right to access the cell of the restricted network. If yes, the cell of the restricted network is measured. If not, the cell of the restricted network is not measured according to the customized result; or, although the cell of the restricted network is measured, the reported measurement is performed.
  • the result of the measurement is not included in the result; or the cell of the restricted network is measured and reported, but the measurement result indicates that the terminal does not have the right to access the cell (for example, the identity of the cell is set to Or, the cell that does not have access rights is measured and reported, but in the measurement result, the measurement result of the cell that does not have the access permission is placed in the reporting queue with a lower priority; or, the measurement is not reported.
  • a cell with access rights, but in the measurement result, a negative offset is added to the measurement result of the cell that does not have access rights.
  • the terminal it is also possible for the terminal to measure and report a cell with no good signal quality indicated by the network side.
  • the restricted network may be a private network, or a network using a specific frequency layer, such as a network providing a RAT of a special service, and the terminal may determine whether the terminal has the terminal by determining whether the terminal supports the special service. Access to this restricted network.
  • the terminal can avoid the pair by reducing the measurement range.
  • the cell with the access permission initiates unnecessary measurement.
  • the measurement result reported in the report does not include the measurement result of the cell that does not have the access permission, or the measurement and reporting of the cell that does not have the access permission, but
  • the measurement result indicates that the terminal does not have the right to access the cell, or measures and reports the cell that does not have the access right, but in the measurement result, the measurement result of the cell that does not have the access authority is placed at a lower priority.
  • the reporting queue the cell that does not have access rights is measured and reported, but in the measurement result, a negative offset is added to the measurement result of the cell that does not have the access authority.
  • a fourth embodiment of the present invention relates to a terminal measurement and method, and the present embodiment is substantially the same as the third embodiment, and the difference is that, in the third embodiment, the terminal is the cell of the terminal according to the access restriction information.
  • the information reported by the measurement and/or the measurement result is customized.
  • the network side performs customization on the cell measurement and/or the measurement result reported by the terminal according to the access restriction information.
  • the terminal reports the access restriction information or partial access restriction information of the terminal in an exchange process such as an attach process or a tracking domain (TA) update and the network side.
  • an exchange process such as an attach process or a tracking domain (TA) update
  • the network side customizes the information of the cell measurement and/or the measurement result reported by the terminal according to the access restriction information of the terminal, and sends the customized result to the terminal during the process of interacting with the terminal, such as an attach process or a TA update. terminal.
  • the terminal uses uplink signaling (including access layer AS, non-access stratum NAS signaling, L1/L2 (layer 1/layer 2) control signaling) or other means to connect the terminal.
  • uplink signaling including access layer AS, non-access stratum NAS signaling, L1/L2 (layer 1/layer 2) control signaling) or other means to connect the terminal.
  • the incoming restriction information or part of the access restriction information is reported to the network side.
  • the network side customizes the information of the cell measurement and/or measurement result reported by the terminal according to the access restriction information of the terminal, and adopts downlink signaling (including access layer AS, non-access stratum NAS signaling, L1/L2). (layer 1 / layer 2) control signaling) or other means to deliver customized results to the terminal.
  • the terminal then measures the cell according to the received customized result, and reports the measurement result to the network side.
  • the result of the customization that is, the information reported by the cell measurement and/or the measurement result of the terminal may be that the measurement is not performed on the cell that does not have the access right; or the cell that does not have the access permission is included in the measured cell, but the cell is not allowed.
  • the measurement result of the cell to the network side; or measuring and reporting the cell that does not have the access right, but indicating in the measurement result that the terminal does not have the access right cell (if the cell identity is set to specific In the measurement result, the measurement result of the cell that does not have the access authority is placed in the reporting queue with the lower priority; Alternatively, the cell that does not have access rights is measured and reported, but in the measurement result, a negative offset is added to the measurement result of the cell that does not have the access authority.
  • the terminal access restriction information and/or the network side customization result may be transmitted between the network nodes, and when the terminal access restriction information and/or network side customization When the result changes, the terminal and/or the network side will initiate an information update to notify the other party.
  • a fifth embodiment of the present invention relates to a terminal measurement and an uplink method.
  • the present embodiment is substantially the same as the fourth embodiment.
  • the network side separately measures and/or measures the cell of each terminal.
  • the information reported by the measurement result is customized.
  • the network side customizes the policy of reporting the cell measurement and/or the measurement result of the terminal according to the access restriction information category, where the policy includes various types of access restriction information.
  • the information of the cell measurement and/or the measurement result is reported, and the customized result is sent to the terminal, and the terminal selects the information corresponding to the cell measurement and/or the measurement result according to the access restriction information category to which the terminal belongs, according to the selected cell.
  • the information reported by the measurement and/or measurement results is measured and reported to the cell.
  • the network side classifies the limiting factors of the restricted network according to the category of access restrictions (such as no access, or no service).
  • the information reported for the cell measurement and/or measurement results of each type of access restriction category is customized. For example, for the access restriction information of the private network without access, the measurement is prohibited for the cell; for the case where the service is not supported by using the specific frequency layer or the RAT, the cell that does not have the access permission is measured and reported, but In the measurement result, it is indicated that the terminal does not have the access right of the cell.
  • the network side sends the information reported by the two customized cell measurement and/or measurement results and the corresponding access restriction information category as a policy, and sends the information to the terminal by means of broadcast or downlink signaling.
  • the terminal After receiving the policy including the information reported by the two cell measurements and/or the measurement result, the terminal selects the corresponding cell measurement and/or the information reported by the measurement result according to the access restriction information of the cell, and according to the selected cell measurement and / or the information reported by the measurement result is measured on the cell, and the measurement result is reported to the network side.
  • the network side can customize the terminal separately, or can customize a policy, including the information of the cell measurement and/or the measurement result corresponding to the access restriction information, and the terminal according to the access restriction to which the terminal belongs.
  • the selection of categories of information makes the embodiments of the present invention more flexible.
  • a sixth embodiment of the present invention relates to a restricted network subscriber management system, as shown in FIG. 4, including a network side device and a terminal device.
  • the network side device includes: a receiving module, configured to receive an operation request initiated by the terminal used by the user with the user management authority to the restricted network, where the operation request carries the identifier of the operated user; And refreshing the user identifier according to the operation request received by the receiving module; and the notification module, configured to notify the terminal used by the operated user to refresh the access restriction identifier of the restricted network on the terminal.
  • the modification of the user rights does not require the management of the user in a specific management background, and the user access rights of the restricted network can be directly managed by the authorized user, thereby enabling the user access rights management of the restricted network. More flexible.
  • the first refresh module refreshes the user identifier by saving the identifier of the user that is requested to be added in the restricted network, and the notification module notifies the terminal used by the added user to save.
  • the access restriction identifier of the restricted network notifying the terminal to refresh the access restriction identifier of the restricted network on the terminal;
  • the first refresh module deletes the requested in the restricted network Deleting the identifier of the user, refreshing the user identifier, the notification module notifying the terminal used by the deleted user to delete the access restriction identifier of the restricted network, and notifying the terminal to refresh the access restriction identifier of the restricted network on the terminal .
  • the notification module may send the access restriction identifier of the restricted network to the terminal used by the user who is requested to add or delete by using a paging message or other means.
  • the restricted network can be a private network, or a network using a specific frequency layer or a network using a specific RAT (such as a short-distance communication network such as WLAN or Bluetooth technology).
  • the first refresh module includes:
  • a saving unit configured to save an identifier of a user requested to be added in the restricted network when the operation request is to increase a user's request
  • And deleting the unit when the operation request is to delete the user's request, for deleting the identifier of the user requested to delete in the restricted network.
  • the network side device may further include: an authentication module, configured to perform legality authentication on the user that is requested to be added before the first refresh module refreshes the user identifier according to the received operation request (for example, to the network) The side initiates the legality authentication of the user, and the first refreshing module refreshes the user identifier after the authentication is passed; and the database update module is configured to: after the first refreshing module refreshes the user identifier according to the received operation request, according to the operation Request to update the user database of the restricted network.
  • an authentication module configured to perform legality authentication on the user that is requested to be added before the first refresh module refreshes the user identifier according to the received operation request (for example, to the network) The side initiates the legality authentication of the user, and the first refreshing module refreshes the user identifier after the authentication is passed
  • the database update module is configured to: after the first refreshing module refreshes the user identifier according to the received operation request, according to the operation Request to update the user database of the restricted network.
  • the terminal device includes: a sending module, configured to send an operation request to the restricted network, where the operation request carries an identifier of the operated user, where the restricted network is a network that the terminal has the authority to perform the operation And a second refreshing module, configured to refresh the access restriction identifier of the restricted network on the terminal according to the notification message sent by the restricted network.
  • the operation request sent by the sending module is to increase the user's request, or delete the user's request; the second refreshing module saves or deletes the restricted network access on the local terminal according to the notification message sent by the restricted network. Restrict the identity and refresh the access restriction identifier of the restricted network.
  • a seventh embodiment of the present invention relates to a terminal device, including: a measurement module, configured to perform measurement on a cell according to a customized cell measurement and/or measurement result; and a reporting module, configured to perform cell measurement and/or measurement according to a customized As a result, the information measured by the measurement module is reported to the network side.
  • the terminal device may further include: a customization module, configured to customize a cell measurement and/or a measurement result report of the terminal according to the access restriction information, where the measurement module and the reporting module measure and report the cell according to the customized result of the customized module.
  • the terminal device further includes: a receiving module, configured to receive a cell measurement and/or a measurement result report to the terminal customized by the network side, where the measurement module and the reporting module perform the cell according to the customized result received by the receiving module. Measurement and reporting.
  • the access restriction information includes access restriction information of the restricted network, capability limitation information of the terminal (such as support restrictions for a special network, a radio access technology or a frequency layer, and the like), and an access restriction set in the terminal. information.
  • the customized result may be information reported by the cell measurement and/or measurement result of the terminal, such as prohibiting measurement on a cell that does not have access rights; or, the measured cell includes a cell that does not have access rights, but prohibiting the The measurement result of the cell is reported to the network side; or, the cell that does not have the access right is measured and reported, but the measurement result indicates that the terminal does not have the right to access the cell; or, the measurement and reporting does not have the access right a cell, but in the measurement result, the measurement result of the cell that does not have the access right is placed in the reporting queue with a lower priority; or, the cell that does not have the access authority is measured and reported, but in the measurement result, A measurement of the cell that does not have access rights adds a negative offset.
  • the customized result may
  • the cell measurement and the measurement result are reported according to the customized result, so that the terminal can reduce the measurement behavior, avoid unnecessary measurement on the cell that does not have the access right, and avoid the network side switching the terminal when performing the handover.
  • An eighth embodiment of the present invention relates to a network side device, including: a customization module, configured to customize a cell measurement and/or a measurement result report of a terminal according to the access restriction information; and a sending module, configured to send the Customized results for custom modules.
  • the access restriction information includes access restriction information of the restricted network, capability limitation information of the terminal (such as support restrictions for a special network, a radio access technology or a frequency layer, and the like), and an access restriction set in the terminal. information.
  • the customized result may be information reported by the cell measurement and/or measurement result of the terminal, such as prohibiting measurement on a cell that does not have access rights; or, the measured cell includes a cell that does not have access rights, but prohibiting the
  • the measurement result of the cell is reported to the network side; or, the cell that does not have the access right is measured and reported, but the measurement result indicates that the terminal does not have the right to access the cell; or, the measurement and reporting does not have the access right a cell, but in the measurement result, the measurement result of the cell that does not have the access right is placed in the reporting queue with a lower priority; or, the cell that does not have the access authority is measured and reported, but in the measurement result, A measurement of the cell that does not have access rights adds a negative offset.
  • the customized result may also be a policy, which includes information about cell measurement and/or measurement result corresponding to each type of access restriction information.
  • the terminal can reduce the measurement behavior, avoid unnecessary measurement on the cell that does not have access rights, and prevent the network side from switching to the cell in which the terminal does not have access rights when performing handover.
  • the access restriction information of the terminal and/or the customized result of the customization module are transmitted to other network side devices.
  • the restricted network receives an operation request from a terminal used by a user having a user management right, and the operation request carries an identifier of the operated user, and notifies the operated user.
  • the terminal used refreshes the access restriction identifier of the restricted network on the terminal.
  • the modification of the user rights does not need to be performed in a specific management background, and the user access rights of the restricted network can be directly managed by the authorized user through the terminal, thereby making the user access rights management of the restricted network more flexible.
  • the operation request initiated to the restricted network may be an increase of the user's request, or a request to delete the user, so that the authorized user can manage the access rights of the restricted network user more comprehensively and completely.
  • the restricted network first authenticates the user who is requested to increase the network through the network side, and further ensures the legality of the newly added user. Before deleting the only user with permission to access, First, the terminal that initiated the deletion operation request is confirmed, effectively preventing the user from misoperation, and ensuring the accuracy of the management of the restricted network by the authorized user.
  • the terminal performs measurement and measurement of the cell according to the information reported by the customized cell measurement and/or measurement result, or the policy including the information of the cell measurement and/or the measurement result corresponding to the access restriction information.
  • the reporting of the result can reduce the measurement behavior, avoid unnecessary measurement on the cell that does not have access rights, and prevent the network side from switching to the cell in which the terminal does not have access rights when performing handover.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

L'invention concerne un procédé et un dispositif permettant de gérer des utilisateurs, de mesurer et d'effectuer des compte-rendus dans un réseau limité, ce qui permet à un utilisateur qui a l'autorité de gérer directement l'autorisation d'accès des utilisateurs dans le réseau limité, cette invention concernant le domaine de la communication sans fil. Dans cette invention, le réseau limité reçoit une demande de manipulation déclenchée par le terminal utilisé par l'utilisateur qui a l'autorité de gestion d'utilisateurs pour ajouter ou supprimer des utilisateurs; l'identifiant de l'utilisateur manipulé est mentionné dans la demande de manipulation; le réseau limité notifie au terminal utilisé par l'utilisateur manipulé qu'un identifiant limitant l'accès du réseau limité du terminal devrait être sauvegardé ou supprimé. Avant que le réseau limité ajoute l'utilisateur qui a l'autorité d'accès, la validité de l'utilisateur à ajouter est également nécessaire pour être authentifiée; avant que le réseau limité supprime le seul utilisateur qui a l'autorité d'accès, le terminal ayant déclenché la demande d'annulation peut être d'abord confirmé de manière à éviter une opération incorrecte.
PCT/CN2008/070456 2007-03-20 2008-03-10 Procédé et dispositif de gestion d'utilisateurs, de mesure et de rapport dans un réseau restreint Ceased WO2008113284A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CNA2007100892973A CN101272298A (zh) 2007-03-20 2007-03-20 受限网络用户管理、测量和上报的方法及设备
CN200710089297.3 2007-03-20

Publications (1)

Publication Number Publication Date
WO2008113284A1 true WO2008113284A1 (fr) 2008-09-25

Family

ID=39765391

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2008/070456 Ceased WO2008113284A1 (fr) 2007-03-20 2008-03-10 Procédé et dispositif de gestion d'utilisateurs, de mesure et de rapport dans un réseau restreint

Country Status (2)

Country Link
CN (1) CN101272298A (fr)
WO (1) WO2008113284A1 (fr)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102196474A (zh) * 2010-03-05 2011-09-21 中兴通讯股份有限公司 检测封闭签约用户组小区对用户设备干扰的方法及系统

Families Citing this family (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101330722B (zh) 2007-06-18 2012-10-17 华为技术有限公司 一种小区接入控制方法以及用户设备
CN101754323B (zh) * 2008-12-15 2012-05-23 华为技术有限公司 一种测量结果上报的方法及装置
CN101784087A (zh) * 2009-01-16 2010-07-21 华为技术有限公司 一种测量报告上报的方法、设备及系统
WO2013091233A1 (fr) * 2011-12-23 2013-06-27 华为技术有限公司 Procédé et dispositif de transmission d'informations
FR3031272A1 (fr) * 2014-12-24 2016-07-01 Orange Procede d'obtention de droits mis en oeuvre par un objet communicant
WO2018157484A1 (fr) * 2017-03-01 2018-09-07 华为技术有限公司 Terminal et procédé de configuration de réseau
CN111757366A (zh) * 2019-03-27 2020-10-09 电信科学技术研究院有限公司 一种频点配置方法、测量方法、网络设备及终端

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20050198262A1 (en) * 2004-01-14 2005-09-08 Jon Barry Method and system for measuring remote-access VPN quality of service
US20060252377A1 (en) * 2005-05-04 2006-11-09 Samsung Electronics Co., Ltd. Method and apparatus for reporting inter-frequency measurement using RACH message in a mobile communication system
US20060259958A1 (en) * 2005-05-16 2006-11-16 Cisco Technology, Inc. Method and system using presence information to manage network access
CN1913713A (zh) * 2006-07-28 2007-02-14 华为技术有限公司 公共数据网接入方法及系统

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20050198262A1 (en) * 2004-01-14 2005-09-08 Jon Barry Method and system for measuring remote-access VPN quality of service
US20060252377A1 (en) * 2005-05-04 2006-11-09 Samsung Electronics Co., Ltd. Method and apparatus for reporting inter-frequency measurement using RACH message in a mobile communication system
US20060259958A1 (en) * 2005-05-16 2006-11-16 Cisco Technology, Inc. Method and system using presence information to manage network access
CN1913713A (zh) * 2006-07-28 2007-02-14 华为技术有限公司 公共数据网接入方法及系统

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102196474A (zh) * 2010-03-05 2011-09-21 中兴通讯股份有限公司 检测封闭签约用户组小区对用户设备干扰的方法及系统
CN102196474B (zh) * 2010-03-05 2016-05-25 中兴通讯股份有限公司 检测封闭签约用户组小区对用户设备干扰的方法及系统

Also Published As

Publication number Publication date
CN101272298A (zh) 2008-09-24

Similar Documents

Publication Publication Date Title
CN101669327B (zh) 一种进行接入控制的方法以及装置
JP6901009B2 (ja) ネットワークスライス選択のためのプライバシー考慮
JP4864094B2 (ja) 通信制御システム
WO2008113284A1 (fr) Procédé et dispositif de gestion d'utilisateurs, de mesure et de rapport dans un réseau restreint
WO2023011630A1 (fr) Procédé et appareil de vérification d'autorisation
CN102111766B (zh) 网络接入方法、装置及系统
WO2020151600A1 (fr) Système, procédé, et dispositif de transmission de données
CN109219965A (zh) 一种通信方法及相关装置
JP5892353B2 (ja) 通信システム
TW200908767A (en) Security procedure and apparatus for handover in a 3GPP long term evolution system
WO2019157909A1 (fr) Procédé et appareil de communication
EP3061226A1 (fr) Authentification par des pairs
JP2020536408A (ja) 無線通信システムにおけるアクセスストラタムセキュリティ
KR20220024922A (ko) 네트워크 슬라이싱을 위한 인가 방법
WO2017120746A1 (fr) Procédé pour gérer des droits d'accès à un réseau et dispositif associé
WO2011127684A1 (fr) Procédé et système de transmission pour un flux continu de données d'accès ip local (lipa)
US7813717B2 (en) Authentication of mobile stations
CN101330704B (zh) 网络管理控制的实现方法及装置
JP2011139113A (ja) ユーザ装置とH(e)NBとの接続方法、ユーザ装置の認証方法、移動体通信システム、H(e)NB及びコア・ネットワーク
JP2015517750A (ja) モバイル端末のハンドオーバを実行する方法及びシステム、並びに無線セルラ通信ネットワークにおいて用いるように意図されたモバイル端末
CN101884237B (zh) 在移动通信系统中用于测量家庭小区的方法
WO2008113278A1 (fr) Procédé destiné à un terminal mesurant une cellule de reseau à accès restreint et dispositif associé
CN113055342B (zh) 一种信息处理方法及通信装置
WO2011147156A1 (fr) Procédé et système permettant de restreindre un accès à une zone spécifique
WO2014194742A1 (fr) Procédé de sélection pour algorithme de sécurité d'interface radio dans un système de communication sans fil et mme

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 08715192

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 08715192

Country of ref document: EP

Kind code of ref document: A1