WO2015062105A1

WO2015062105A1 - Access method and device for wireless local area network

Info

Publication number: WO2015062105A1
Application number: PCT/CN2013/086503
Authority: WO
Inventors: 吴义壮
Original assignee: Huawei Technologies Co Ltd
Current assignee: Huawei Technologies Co Ltd
Priority date: 2013-11-04
Filing date: 2013-11-04
Publication date: 2015-05-07
Anticipated expiration: 2016-05-04
Also published as: CN104770007A; CN104770007B

Abstract

Provided are an access method and device for a wireless local area network. The method comprises: acquiring, by a user equipment (UE), first sensitive information about a wireless local area network (WLAN) from a network device of a mobile communication network, wherein the first sensitive information comprises related information for security authentication of the WLAN; and according to the first sensitive information, establishing, by the UE, a connection to an access point (AP) of the WLAN. Various embodiments of the present invention solve the problem that a UE cannot normally access a WLAN due to the fact that the related sensitive information about the WLAN is easily tampered with, realize the accurate accessing of the WLAN, and improve the access security of the WLAN.

Description

无线局域网的接入方法及装置 Wireless local area network access method and device

技术领域 Technical field

本发明实施例涉及通信技术，尤其涉及一种无线局域网的接入方法及装置。背景技术 The embodiments of the present invention relate to communication technologies, and in particular, to a method and an apparatus for accessing a wireless local area network. Background technique

随着智能手机和平板电脑的广泛普及，人们使用移动设备进行大量的数据业务使得网络的数据业务流量增长飞快，从而导致移动运营商的网络容量受限。而无线局域网（Wireless Local Area Networks, 简称 WLAN)是一种能够提供较高传输速率的无线接入技术，可以作为移动运营商广域无线网的有益补充。 With the widespread use of smartphones and tablets, the use of mobile devices for a large amount of data services has led to a rapid increase in data traffic for the network, resulting in limited network capacity for mobile operators. Wireless Local Area Networks (WLAN) is a wireless access technology that can provide higher transmission rates and can be used as a supplement to mobile operators' wide-area wireless networks.

现有技术常采用两种方式将 WLAN网络和移动通信网络结合在一起，以实现分流用户的数据业务，从而减轻运营商的网络负担。第一种是将 WLAN 网络作为独立的接入网集成到移动通信网络中，需要独立运营和维护 WLAN 网络，第二种是将 WLAN网络与移动通信网络聚合部署，即 WLAN接入点 (Access Point,简称 AP)与移动通信网络的接入网元合二为一，或者 WLAN AP单独部署但由 3GPP接入网的网元控制。 WLAN作为一种空口接入技术传输用户数据，这些用户数据和通过传统的移动通信网络空口传输的数据在移动通信网内聚合，实现节省运营商接入网空口资源，提高用户通过空口接入的速率和容量。 In the prior art, the WLAN network and the mobile communication network are often combined in two ways to implement the data service of the offloaded user, thereby reducing the network burden of the operator. The first is to integrate the WLAN network as a separate access network into the mobile communication network, and to operate and maintain the WLAN network independently. The second is to aggregate the WLAN network with the mobile communication network, that is, the WLAN access point (Access Point). The AP is combined with the access network element of the mobile communication network, or the WLAN AP is deployed separately but controlled by the network element of the 3GPP access network. WLAN is used as an air interface access technology to transmit user data. These user data and data transmitted through the air interface of the traditional mobile communication network are aggregated in the mobile communication network, thereby saving operators' access to the network air interface resources and improving user access through air interfaces. Rate and capacity.

在上述场景下，当 UE通过 WLAN接入网络时，首先通过接收到的信标 (beacon) 帧或者探测响应（probe response) 获取 WLAN网络的相关信息，如支持的认证方法、加密算法等能力信息，然后根据这些信息完成后续 UE 与 WLAN之间的网络建立。 In the above scenario, when the UE accesses the network through the WLAN, the UE first obtains related information of the WLAN network, such as a supported authentication method and an encryption algorithm, by using a received beacon frame or a probe response. Then, based on the information, the network establishment between the subsequent UE and the WLAN is completed.

但是，上述现有技术中， WLAN网络的相关信息，尤其是健壮安全网络 (Robust Security network,简称 RSN)信息元（Information Element,简称 IE)、认证类型（Authentication type) 等敏感信息均是以明文的方式传输给 UE的，攻击者能够对这些敏感信息进行篡改，从而导致 UE无法正常接入 WLAN网络，无法进行业务的传输。发明内容 However, in the above prior art, sensitive information such as a WLAN network, in particular, a Robust Security Network (RSN) information element (IE), an authentication type (Authentication Type), and the like are in plain text. The mode is transmitted to the UE, and the attacker can tamper with the sensitive information, so that the UE cannot access the WLAN network normally. Network, unable to transfer the business. Summary of the invention

本发明实施例提供一种无线局域网的接入方法及装置，能够使 UE获取到正确的 WLAN网络的相关信息，以实现 WLAN的正确接入。 The embodiment of the invention provides a method and a device for accessing a wireless local area network, which enables the UE to obtain the relevant information of the correct WLAN network, so as to achieve correct access of the WLAN.

本发明实施例第一方面提供一种无线局域网的接入方法，包括：用户设备 UE从移动通信网络的网络设备中获取无线局域网 WLAN网络的第一敏感信息；其中，所述第一敏感信息包括所述 WLAN网络进行安全认证的相关信息； A first aspect of the embodiments of the present invention provides a method for accessing a wireless local area network, including: the user equipment UE acquires first sensitive information of a wireless local area network WLAN network from a network device of the mobile communication network; wherein, the first sensitive information includes Information related to security authentication of the WLAN network;

所述 UE根据所述第一敏感信息与所述 WLAN网络的接入点 AP建立连接。 The UE establishes a connection with an access point AP of the WLAN network according to the first sensitive information.

结合第一方面，在第一方面的第一种可能的实施方式中，所述第一敏感信息还包括辅助所述 UE进行选网的相关信息。 With reference to the first aspect, in a first possible implementation manner of the first aspect, the first sensitive information further includes related information that assists the UE to perform network selection.

结合第一方面，在第一方面的第二种可能的实施方式中，所述网络设备为接入网络发现和选择功能 ANDSF; With reference to the first aspect, in a second possible implementation manner of the first aspect, the network device is an access network discovery and selection function ANDSF;

所述 UE从移动通信网络的网络设备中获取无线局域网 WLAN网络的第一敏感信息，包括： And acquiring, by the UE, the first sensitive information of the WLAN network of the wireless local area network from the network device of the mobile communication network, including:

所述 UE向所述 ANDSF发送接入网信息获取请求； Sending, by the UE, an access network information acquisition request to the ANDSF;

所述 UE接收所述 ANDSF返回的包括接入网信息列表的响应消息，其中，所述接入网信息列表中包含所述 WLAN网络的信息，所述 WLAN网络的信息中包括所述第一敏感信息。 Receiving, by the UE, a response message that includes an access network information list returned by the ANDSF, where the access network information list includes information of the WLAN network, where the information of the WLAN network includes the first sensitivity information.

结合第一方面，在第一方面的第三种可能的实施方式中，所述接入网信息获取请求还包括所述 UE的位置信息；相应地，所述接入网信息列表是所述 ANDSF根据所述 UE的位置信息确定的。 With reference to the first aspect, in a third possible implementation manner of the first aspect, the access network information acquisition request further includes location information of the UE; and correspondingly, the access network information list is the ANDSF Determined according to the location information of the UE.

结合第一方面，在第一方面的第四种可能的实施方式中，所述 UE从移动通信网络的网络设备中获取 WLAN网络的第一敏感信息，包括： With reference to the first aspect, in a fourth possible implementation manner of the first aspect, the acquiring, by the UE, the first sensitive information of the WLAN network from the network device of the mobile communication network includes:

所述 UE接收网络控制设备发送的无线资源控制 RRC连接重配置请求，所述 RRC连接重配置请求包括所述第一敏感信息。 Receiving, by the UE, a radio resource control RRC connection reconfiguration request sent by the network control device, where the RRC connection reconfiguration request includes the first sensitive information.

结合第一方面，在第一方面的第五种可能的实施方式中，所述 UE从移动通信网络的网络设备中获取 WLAN网络的第一敏感信息包括：所述 UE从移动通信网络的网络设备中获取多个 WLAN网络的第一敏感信息，以及用于判断各 WLAN网络优先级的信息； With reference to the first aspect, in a fifth possible implementation manner of the first aspect, the acquiring, by the UE, the first sensitive information of the WLAN network from the network device of the mobile communication network includes: Obtaining, by the UE, the first sensitive information of the multiple WLAN networks, and the information for determining the priority of each WLAN network, from the network device of the mobile communication network;

相应地，所述 UE根据所述第一敏感信息与所述 WLAN 网络的接入点 AP建立连接包括：所述 UE根据所述 WLAN网络优先级的信息选择所述第一敏感信息，与所述 WLAN网络的接入点 AP建立连接。 Correspondingly, the establishing, by the UE, the connection with the access point AP of the WLAN network according to the first sensitive information includes: the UE selecting the first sensitive information according to the information of the WLAN network priority, The access point AP of the WLAN network establishes a connection.

结合第一方面，在第一方面的第六种可能的实施方式中，所述 WLAN网络为具有 Hotspot2.0能力且达到必需的安全级别的 WLAN网络； With reference to the first aspect, in a sixth possible implementation manner of the first aspect, the WLAN network is a WLAN network that has Hotspot 2.0 capability and achieves a required security level;

所述所述 UE根据所述第一敏感信息与所述 WLAN网络的接入点 AP建立连接之前，还包括： Before the UE establishes a connection with the access point AP of the WLAN network according to the first sensitive information, the UE further includes:

所述 UE向所述 AP发送接入网络信息查询请求； Sending, by the UE, an access network information query request to the AP;

所述 UE接收所述 AP返回的包括所述 WLAN网络的状态信息的查询响应消息，并根据所述 WLAN网络的状态信息确定所述 WLAN网络可用。 Receiving, by the UE, a query response message including status information of the WLAN network returned by the AP, and determining, according to status information of the WLAN network, that the WLAN network is available.

结合第一方面，在第一方面的第七种可能的实施方式中，所述辅助所述 UE进行选网的相关信息为 Hotspot 2.0能力指示信息，所述 Hotspot 2.0能力指示信息用于指示所述 WLAN网络具有 Hotspot2.0能力且达到必需的安全级别。 With reference to the first aspect, in a seventh possible implementation manner of the first aspect, the related information that is used by the UE to perform network selection is Hotspot 2.0 capability indication information, where the Hotspot 2.0 capability indication information is used to indicate the The WLAN network has Hotspot 2.0 capabilities and achieves the required level of security.

结合第一方面，在第一方面的第八种可能的实施方式中，所述 UE 向所述 AP发送接入网络信息查询请求之前，还包括： With reference to the first aspect, in an eighth possible implementation manner of the foregoing aspect, before the sending, by the UE, the access network information query request to the AP, the method further includes:

所述 UE确定所述第一敏感信息中包括所述 Hotspot 2.0能力指示信息。结合第一方面，在第一方面的第九种可能的实施方式中，所述 UE根据所述第一敏感信息与所述 WLAN网络的接入点 AP建立连接之前包括：所述 UE从所述 WLAN网络中获取所述 WLAN网络的第二敏感信息，所述第二敏感信息包括所述 WLAN网络进行安全认证的相关信息； The UE determines that the first sensitive information includes the Hotspot 2.0 capability indication information. With reference to the first aspect, in a ninth possible implementation manner of the first aspect, before the UE establishes a connection with the access point AP of the WLAN network according to the first sensitive information, the UE includes: Obtaining second sensitive information of the WLAN network in the WLAN network, where the second sensitive information includes related information about the WLAN network performing security authentication;

所述 UE确定所述第一敏感信息与所述第二敏感信息一致。 The UE determines that the first sensitive information is consistent with the second sensitive information.

结合第一方面，在第一方面的第十种可能的实施方式中，所述 UE 从 With reference to the first aspect, in a tenth possible implementation manner of the first aspect, the UE

WLAN网络中获取所述 WLAN网络的第二敏感信息，包括： Acquiring the second sensitive information of the WLAN network in the WLAN network, including:

所述 UE从接收到的所述 WLAN网络的 AP返回的包括所述第二敏感信息的探测响应中获取所述第二敏感信息，所述探测响应是所述 UE 向所述 WLAN网络的 AP发送探测帧之后接收到的；或者， Obtaining, by the UE, the second sensitive information from the received probe response that is sent by the AP of the WLAN network that includes the second sensitive information, where the probe response is sent by the UE to an AP of the WLAN network. Received after the probe frame; or,

所述 UE从接收到的所述 WLAN网络的 AP发送的包括所述第二敏感信息的信标帧中获取所述第二敏感信息。 Transmitting, by the UE, the second sensitive signal from the received AP of the WLAN network The second sensitive information is obtained in a beacon frame of interest.

本发明实施例第二方面提供另一种无线局域网的接入方法，包括：接入网络发现和选择功能 ANDSF接收用户设备 UE发送的接入网信息获取请求； A second aspect of the embodiments of the present invention provides an access method for a wireless local area network, including: an access network discovery and selection function, an ANDSF receiving an access network information acquisition request sent by a user equipment UE;

所述 ANDSF向所述 UE发送包括接入网信息列表的响应消息，所述接入网信息列表中包含 WLAN网络的信息，所述 WLAN网络的信息中包括第一敏感信息；其中，所述第一敏感信息包括所述 WLAN网络进行安全认证的相关信息。 The ANDSF sends a response message including an access network information list to the UE, where the access network information list includes information of a WLAN network, where the information of the WLAN network includes first sensitive information; A sensitive information includes information related to security authentication of the WLAN network.

结合第二方面，在第二方面的第一种可能的实施方式中，所述第一敏感信息还包括辅助所述 UE进行选网的相关信息。 With reference to the second aspect, in a first possible implementation manner of the second aspect, the first sensitive information further includes related information that is used by the UE to perform network selection.

结合第二方面，在第二方面的第二种可能的实施方式中，所述接入网信息获取请求还包括所述 UE的位置信息，则所述 ANDSF向所述 UE发送包括接入网信息列表的响应消息之前，还包括： With reference to the second aspect, in a second possible implementation manner of the second aspect, the access network information acquisition request further includes location information of the UE, and the ANDSF sends the access network information to the UE Before the list of response messages, it also includes:

所述 ANDSF根据所述 UE的位置信息确定所述 UE周围可用的接入网信息。 The ANDSF determines access network information available around the UE according to the location information of the UE.

结合第二方面，在第二方面的第三种可能的实施方式中，所述接入网信息列表还包括用于判断 WLAN网络优先级的信息，以供所述 UE根据所述优先级的信息选择所述 WLAN网络。本发明实施例第三方面提供另一种无线局域网的接入方法，包括： With reference to the second aspect, in a third possible implementation manner of the second aspect, the access network information list further includes information for determining a WLAN network priority, for the information of the priority information of the UE Select the WLAN network. A third aspect of the embodiments of the present invention provides another method for accessing a wireless local area network, including:

网络控制设备确定使用无线局域网 WLAN网络； The network control device determines to use the wireless local area network WLAN network;

所述网络控制设备确定所述 UE可用的 WLAN网络； Determining, by the network control device, a WLAN network available to the UE;

所述网络控制设备向所述 UE发送包含所述 WLAN网络的第一敏感信息的无线资源控制 RRC连接重配置请求，所述 RRC连接重配置请求用于指示所述 UE根据所述第一敏感信息与所述 WLAN网络的接入点 AP建立连接；其中，所述第一敏感信息包括所述 WLAN网络进行安全认证的相关信息。 The network control device sends a radio resource control RRC connection reconfiguration request including the first sensitive information of the WLAN network to the UE, where the RRC connection reconfiguration request is used to indicate that the UE is based on the first sensitive information. Establishing a connection with the access point AP of the WLAN network; where the first sensitive information includes related information about the WLAN network for performing security authentication.

结合第三方面，在第三方面的第一种可能的实施方式中，所述第一敏感信息还包括辅助所述 UE进行选网的相关信息。 With reference to the third aspect, in a first possible implementation manner of the third aspect, the first sensitive information further includes related information that assists the UE to perform network selection.

结合第三方面，在第三方面的第二种可能的实施方式中，所述网络控制设备根据用户设备 UE的位置信息确定所述 UE可用的 WLAN网络。 With reference to the third aspect, in a second possible implementation manner of the third aspect, the network control device determines, according to the location information of the user equipment UE, the WLAN network that is available to the UE.

结合第三方面，在第三方面的第三种可能的实施方式中，所述网络控制设备确定使用无线局域网 WLAN网络，包括： With reference to the third aspect, in a third possible implementation manner of the third aspect, the network control The device determines to use a wireless LAN WLAN network, including:

所述网络控制设备根据当前网络策略和所述 UE 的能力信息确定使用 WLAN网络。 The network control device determines to use the WLAN network according to the current network policy and the capability information of the UE.

结合第三方面，在第三方面的第四种可能的实施方式中，所述 RRC连接重配置请求还包括用于判断 WLAN网络优先级的信息，以供所述 UE根据所述优先级的信息选择所述 WLAN网络。 With reference to the third aspect, in a fourth possible implementation manner of the third aspect, the RRC connection reconfiguration request further includes information for determining a WLAN network priority, for the UE to use the information according to the priority Select the WLAN network.

本发明实施例第四方面提供一种用户设备，包括： A fourth aspect of the embodiments of the present invention provides a user equipment, including:

获取模块，用于从移动通信网络的网络设备中获取无线局域网 WLAN网络的第一敏感信息；其中，所述第一敏感信息包括所述 WLAN网络进行安全认证的相关信息； And an acquiring module, configured to acquire first sensitive information of the WLAN network from the network device of the mobile communication network, where the first sensitive information includes related information about the WLAN network for performing security authentication;

处理模块，用于根据所述获取模块获取的所述第一敏感信息与所述 WLAN网络的接入点 AP建立连接。 And a processing module, configured to establish a connection with the access point AP of the WLAN network according to the first sensitive information acquired by the acquiring module.

结合第四方面，在第四方面的第一种可能的实施方式中，所述第一敏感信息还包括辅助所述用户设备进行选网的相关信息。 With reference to the fourth aspect, in a first possible implementation manner of the fourth aspect, the first sensitive information further includes information related to the user equipment to perform network selection.

结合第四方面，在第四方面的第二种可能的实施方式中，所述网络设备为接入网络发现和选择功能 ANDSF; With reference to the fourth aspect, in a second possible implementation manner of the fourth aspect, the network device is an access network discovery and selection function ANDSF;

所述获取模块从移动通信网络的网络设备中获取无线局域网 WLAN 网络的第一敏感信息，包括： The acquiring module acquires the first sensitive information of the WLAN network of the wireless local area network from the network device of the mobile communication network, and includes:

所述获取模块向所述 ANDSF发送接入网信息获取请求； The obtaining module sends an access network information acquisition request to the ANDSF;

所述获取模块接收所述 ANDSF返回的包括接入网信息列表的响应消息，其中，所述接入网信息列表中包含所述 WLAN网络的信息，所述 WLAN网络的信息中包括所述第一敏感信息。 The acquiring module receives a response message that is included in the ANDSF and includes an access network information list, where the access network information list includes information of the WLAN network, and the information of the WLAN network includes the first Sensitive information.

结合第四方面，在第四方面的第三种可能的实施方式中，所述接入网信息获取请求还包括所述用户设备的位置信息；相应地，所述接入网信息列表是所述 ANDSF根据所述用户设备的位置信息确定的。 With reference to the fourth aspect, in a third possible implementation manner of the fourth aspect, the access network information acquisition request further includes location information of the user equipment; correspondingly, the access network information list is The ANDSF is determined according to the location information of the user equipment.

结合第四方面，在第四方面的第四种可能的实施方式中，所述获取模块具体用于，接收网络控制设备发送的无线资源控制 RRC连接重配置请求，所述 RRC连接重配置请求包括所述第一敏感信息。 With reference to the fourth aspect, in a fourth possible implementation manner of the fourth aspect, the acquiring module is specifically configured to: receive, by the network control device, a radio resource control RRC connection reconfiguration request, where the RRC connection reconfiguration request includes The first sensitive information.

结合第四方面，在第四方面的第五种可能的实施方式中，所述获取模块具体用于，从移动通信网络的网络设备中获取多个 WLAN网络的第一敏感信息，以及用于判断各 WLAN网络优先级的信息； With reference to the fourth aspect, in a fifth possible implementation manner of the fourth aspect, the acquiring module is specifically configured to acquire, by using a network device of a mobile communication network, a first sensitive information of multiple WLAN networks Information, and information used to determine the priority of each WLAN network;

相应地，所述处理模块具体用于，根据所述 WLAN网络优先级的信息选择所述第一敏感信息，与所述 WLAN网络的接入点 AP建立连接。 Correspondingly, the processing module is configured to: select the first sensitive information according to the information about the WLAN network priority, and establish a connection with the access point AP of the WLAN network.

结合第四方面，在第四方面的第六种可能的实施方式中，所述 WLAN网络为具有 Hotspot2.0能力且达到必需的安全级别的 WLAN网络； With reference to the fourth aspect, in a sixth possible implementation manner of the fourth aspect, the WLAN network is a WLAN network that has Hotspot 2.0 capability and achieves a required security level;

所述用户设备还包括： The user equipment further includes:

第一发送模块，用于在所述处理模块据所述第一敏感信息与所述 WLAN 网络的接入点 AP建立连接之前，向所述 AP发送接入网络信息查询请求；所述获取模块还用于，接收所述 AP返回的包括所述 WLAN网络的状态信息的查询响应消息； a first sending module, configured to send an access network information query request to the AP before the processing module establishes a connection with the access point AP of the WLAN network according to the first sensitive information; the acquiring module further And configured to receive, by the AP, a query response message that includes status information of the WLAN network;

所述处理模块还用于，在所述获取模块接收到所述查询响应消息后，根据所述 WLAN网络的状态信息确定所述 WLAN网络可用。 The processing module is further configured to: after the obtaining module receives the query response message, determine, according to the state information of the WLAN network, that the WLAN network is available.

结合第四方面，在第四方面的第七种可能的实施方式中，所述辅助所述用户设备进行选网的相关信息为 Hotspot 2.0能力指示信息，所述 Hotspot 2.0 能力指示信息用于指示所述 WLAN网络具有 Hotspot2.0能力且达到必需的安全级别。 With reference to the fourth aspect, in a seventh possible implementation manner of the fourth aspect, the related information that is used by the user equipment to perform network selection is Hotspot 2.0 capability indication information, where the Hotspot 2.0 capability indication information is used to indicate The WLAN network has Hotspot 2.0 capabilities and achieves the necessary level of security.

结合第四方面，在第四方面的第八种可能的实施方式中，所述处理模块还用于，在所述第一发送模块向所述 AP发送接入网络信息查询请求之前，确定所述第一敏感信息中包括所述 Hotspot 2.0能力指示信息。 With reference to the fourth aspect, in an eighth possible implementation manner of the fourth aspect, the processing module is further configured to: before the first sending module sends an access network information query request to the AP, The Hotspot 2.0 capability indication information is included in the first sensitive information.

结合第四方面，在第四方面的第九种可能的实施方式中，所述获取模块还用于，在所述处理模块根据所述第一敏感信息与所述 WLAN网络的接入点 AP建立连接之前，从所述 WLAN网络中获取所述 WLAN网络的第二敏感信息，所述第二敏感信息包括所述 WLAN网络进行安全认证的相关信息； With reference to the fourth aspect, in a ninth possible implementation manner of the fourth aspect, the acquiring module is further configured to: establish, by the processing module, the access point AP of the WLAN network according to the first sensitive information Before the connection, the second sensitive information of the WLAN network is obtained from the WLAN network, where the second sensitive information includes related information about the WLAN network for performing security authentication;

所述处理模块还用于，根据所述第一敏感信息与所述 WLAN网络的接入点 AP建立连接之前，确定所述第一敏感信息与所述第二敏感信息一致。 The processing module is further configured to determine that the first sensitive information is consistent with the second sensitive information before establishing the connection with the access point AP of the WLAN network according to the first sensitive information.

结合第四方面，在第四方面的第十种可能的实施方式中，所述获取模块从所述 WLAN网络中获取所述 WLAN网络的第二敏感信息，具体包括：从接收到的所述 WLAN网络的 AP返回的包括所述第二敏感信息的探测响应中获取所述第二敏感信息，所述探测响应是所述用户设备向所述 WLAN 网络的 AP发送探测帧之后接收到的；或者，从接收到的所述 WLAN网络的 AP发送的包括所述第二敏感信息的信标帧中获取所述第二敏感信息。 With reference to the fourth aspect, in a tenth possible implementation manner of the fourth aspect, the acquiring, by the acquiring module, the second sensitive information of the WLAN network, includes: receiving the WLAN from the WLAN The second sensitive information is obtained by the probe response of the second AP that is returned by the AP, and the probe response is received by the user equipment after sending the probe frame to the AP of the WLAN network; or And acquiring the second sensitive information from a received beacon frame that includes the second sensitive information sent by an AP of the WLAN network.

本发明实施例第五方面提供一种 ANDSF, 包括： A fifth aspect of the embodiments of the present invention provides an ANDSF, including:

接收模块，用于接收用户设备 UE发送的接入网信息获取请求；第二发送模块，用于向所述 UE发送包括接入网信息列表的响应消息，所述接入网信息列表中包含 WLAN网络的信息，所述 WLAN网络的信息中包括第一敏感信息；其中，所述第一敏感信息包括所述 WLAN 网络进行安全认证的相关信息。 a receiving module, configured to receive an access network information acquisition request sent by the user equipment UE, where the second sending module is configured to send, to the UE, a response message that includes an access network information list, where the access network information list includes a WLAN The information of the network, where the information of the WLAN network includes the first sensitive information, where the first sensitive information includes related information for performing security authentication on the WLAN network.

结合第五方面，在第五方面的第一种可能的实施方式中，所述第一敏感信息还包括辅助所述 UE进行选网的相关信息。 With reference to the fifth aspect, in a first possible implementation manner of the fifth aspect, the first sensitive information further includes related information that assists the UE to perform network selection.

结合第五方面，在第五方面的第二种可能的实施方式中，所述接入网信息获取请求还包括所述 UE的位置信息；所述 ANDSF还包括： With reference to the fifth aspect, in a second possible implementation manner of the fifth aspect, the access network information acquisition request further includes location information of the UE, and the ANDSF further includes:

第一确定模块，用于在所述第二发送模块向所述 UE发送包括接入网信息列表的响应消息之前，根据所述 UE的位置信息确定所述 UE周围可用的接入网信息。 And a first determining module, configured to determine, according to the location information of the UE, the access network information available around the UE, before the second sending module sends the response message including the access network information list to the UE.

结合第五方面，在第五方面的第三种可能的实施方式中，所述接入网信息列表还包括用于判断 WLAN网络优先级的信息，以供所述 UE根据所述优先级的信息选择所述 WLAN网络。本发明实施例第六方面提供一种网络控制设备，包括： With reference to the fifth aspect, in a third possible implementation manner of the fifth aspect, the access network information list further includes information for determining a WLAN network priority, for the UE to use the priority information. Select the WLAN network. A sixth aspect of the embodiments of the present invention provides a network control device, including:

第二确定模块，用于确定使用无线局域网 WLAN网络； a second determining module, configured to determine to use a wireless local area network (WLAN);

第三确定模块，用于确定所述 UE可用的 WLAN网络； a third determining module, configured to determine a WLAN network available to the UE;

第三发送模块，用于向所述 UE发送包含所述 WLAN网络的第一敏感信息的无线资源控制 RRC连接重配置请求，所述 RRC连接重配置请求用于指示所述 UE根据所述第一敏感信息与所述 WLAN网络的接入点 AP建立连接；其中，所述第一敏感信息包括所述 WLAN网络进行安全认证的相关信息。 a third sending module, configured to send, to the UE, a radio resource control RRC connection reconfiguration request that includes first sensitive information of the WLAN network, where the RRC connection reconfiguration request is used to indicate that the UE is according to the first The sensitive information is connected to the access point AP of the WLAN network, where the first sensitive information includes related information about the WLAN network for performing security authentication.

结合第六方面，在第六方面的第一种可能的实施方式中，所述第一敏感信息还包括辅助所述 UE进行选网的相关信息。 In conjunction with the sixth aspect, in a first possible implementation manner of the sixth aspect, the first sensitive information further includes related information that is used by the UE to perform network selection.

结合第六方面，在第六方面的第二种可能的实施方式中，所述第三确定模块具体用于根据用户设备 UE的位置信息确定所述 UE可用的 WLAN网络。 With reference to the sixth aspect, in a second possible implementation manner of the sixth aspect, the third determining module is specifically configured to determine, according to location information of the user equipment UE, a WLAN network that is available to the UE.

结合第六方面，在第六方面的第三种可能的实施方式中，所述第二确定模块具体用于，根据当前网络策略和所述 UE的能力信息确定使用 WLAN网络。 With reference to the sixth aspect, in a third possible implementation manner of the sixth aspect, the second determining The module is specifically configured to determine to use the WLAN network according to the current network policy and the capability information of the UE.

结合第六方面，在第六方面的第四种可能的实施方式中，所述 RRC连接重配置请求还包括用于判断 WLAN网络优先级的信息，以供所述 UE根据所述优先级的信息选择所述 WLAN网络。 With reference to the sixth aspect, in a fourth possible implementation manner of the sixth aspect, the RRC connection reconfiguration request further includes information for determining a WLAN network priority, for the UE to use the information according to the priority Select the WLAN network.

本发明实施例第七方面提供另一种用户设备，包括： A seventh aspect of the embodiments of the present invention provides another user equipment, including:

接收器，用于从移动通信网络的网络设备中获取无线局域网 WLAN网络的第一敏感信息；其中，所述第一敏感信息包括所述 WLAN网络进行安全认证的相关信息； a receiver, configured to acquire first sensitive information of a wireless local area network (WLAN) WLAN network from a network device of the mobile communication network; wherein the first sensitive information includes related information of the WLAN network for performing security authentication;

处理器，用于根据所述接收器获取的所述第一敏感信息与所述 WLAN网络的接入点 AP建立连接。 And a processor, configured to establish a connection with the access point AP of the WLAN network according to the first sensitive information acquired by the receiver.

结合第七方面，在第七方面的第一种可能的实施方式中，所述第一敏感信息还包括辅助所述 UE进行选网的相关信息。 With reference to the seventh aspect, in a first possible implementation manner of the seventh aspect, the first sensitive information further includes related information that assists the UE to perform network selection.

结合第七方面，在第七方面的第二种可能的实施方式中，所述网络设备为接入网络发现和选择功能 ANDSF; With reference to the seventh aspect, in a second possible implementation manner of the seventh aspect, the network device is an access network discovery and selection function ANDSF;

所述接收器从移动通信网络的网络设备中获取无线局域网 WLAN 网络的第一敏感信息，包括： The receiver acquires the first sensitive information of the WLAN network from the network device of the mobile communication network, including:

所述接收器向所述 ANDSF发送接入网信息获取请求； The receiver sends an access network information acquisition request to the ANDSF;

所述接收器接收所述 ANDSF返回的包括接入网信息列表的响应消息，其中，所述接入网信息列表中包含所述 WLAN网络的信息，所述 WLAN网络的信息中包括所述第一敏感信息。 Receiving, by the receiver, a response message that includes an access network information list returned by the ANDSF, where the access network information list includes information of the WLAN network, where the information of the WLAN network includes the first Sensitive information.

结合第七方面，在第七方面的第三种可能的实施方式中，所述接入网信息获取请求还包括所述用户设备的位置信息；相应地，所述接入网信息列表是所述 ANDSF根据所述用户设备的位置信息确定的。 With reference to the seventh aspect, in a third possible implementation manner of the seventh aspect, the access network information acquisition request further includes location information of the user equipment; correspondingly, the access network information list is The ANDSF is determined according to the location information of the user equipment.

结合第七方面，在第七方面的第四种可能的实施方式中，所述接收器具体用于，接收网络控制设备发送的无线资源控制 RRC连接重配置请求，所述 RRC连接重配置请求包括所述第一敏感信息。 With reference to the seventh aspect, in a fourth possible implementation manner of the seventh aspect, the receiver is configured to: receive, by the network control device, a radio resource control RRC connection reconfiguration request, where the RRC connection reconfiguration request includes The first sensitive information.

结合第七方面，在第七方面的第五种可能的实施方式中，所述接收器具体用于，从移动通信网络的网络设备中获取多个 WLAN 网络的第一敏感信息，以及用于判断各 WLAN网络优先级的信息；相应地，所述处理器具体用于，根据所述 WLAN网络优先级的信息选择所述第一敏感信息，与所述 WLAN网络的接入点 AP建立连接。 With reference to the seventh aspect, in a fifth possible implementation manner of the seventh aspect, the receiver is configured to acquire, by using a network device of a mobile communication network, first sensitive information of multiple WLAN networks, and for determining Information on the priority of each WLAN network; Correspondingly, the processor is specifically configured to: select the first sensitive information according to the information about the WLAN network priority, and establish a connection with the access point AP of the WLAN network.

结合第七方面，在第七方面的第六种可能的实施方式中，所述 WLAN网络为具有 Hotspot2.0能力且达到必需的安全级别的 WLAN网络； With reference to the seventh aspect, in a sixth possible implementation manner of the seventh aspect, the WLAN network is a WLAN network that has Hotspot 2.0 capability and achieves a required security level;

所述用户设备还包括： The user equipment further includes:

发送器，用于在所述处理器根据所述第一敏感信息与所述 WLAN网络的接入点 AP建立连接之前，向所述 AP发送接入网络信息查询请求； a transmitter, configured to send an access network information query request to the AP before the processor establishes a connection with the access point AP of the WLAN network according to the first sensitive information;

所述接收器还用于，接收所述 AP返回的包括所述 WLAN网络的状态信息的查询响应消息； The receiver is further configured to receive, by the AP, a query response message that includes status information of the WLAN network;

所述处理器还用于，在所述接收器接收到所述查询响应消息后，根据所述 WLAN网络的状态信息确定所述 WLAN网络可用。 The processor is further configured to: after the receiver receives the query response message, determine, according to status information of the WLAN network, that the WLAN network is available.

结合第七方面，在第七方面的第七种可能的实施方式中，所述辅助所述用户设备进行选网的相关信息为 Hotspot 2.0能力指示信息，所述 Hotspot 2.0 能力指示信息用于指示所述 WLAN网络具有 Hotspot2.0能力且达到必需的安全级别。 With reference to the seventh aspect, in a seventh possible implementation manner of the seventh aspect, the related information that is used by the user equipment to perform network selection is Hotspot 2.0 capability indication information, where the Hotspot 2.0 capability indication information is used to indicate The WLAN network has Hotspot 2.0 capabilities and achieves the necessary level of security.

结合第七方面，在第七方面的第八种可能的实施方式中，所述处理器还用于，在所述发送器向所述 AP发送接入网络信息查询请求之前，确定所述第一敏感信息中包括所述 Hotspot 2.0能力指示信息。 With reference to the seventh aspect, in an eighth possible implementation manner of the seventh aspect, the processor is further configured to: before the sending, by the sender, an access network information query request to the AP, determining the first The Hotspot 2.0 capability indication information is included in the sensitive information.

结合第七方面，在第七方面的第九种可能的实施方式中，所述接收器还用于，在所述处理器根据所述第一敏感信息与所述 WLAN网络的接入点 AP 建立连接之前，从所述 WLAN网络中获取所述 WLAN网络的第二敏感信息，所述第二敏感信息包括所述 WLAN网络进行安全认证的相关信息； With reference to the seventh aspect, in a ninth possible implementation manner of the seventh aspect, the receiver is further configured to: establish, by the processor, the access point AP of the WLAN network according to the first sensitive information Before the connection, the second sensitive information of the WLAN network is obtained from the WLAN network, where the second sensitive information includes related information about the WLAN network for performing security authentication;

所述处理器还用于，根据所述第一敏感信息与所述 WLAN网络的接入点 AP建立连接之前，确定所述第一敏感信息与所述第二敏感信息一致。 The processor is further configured to determine that the first sensitive information is consistent with the second sensitive information before establishing the connection with the access point AP of the WLAN network according to the first sensitive information.

结合第七方面，在第七方面的第十种可能的实施方式中，所述接收器从所述 WLAN网络中获取所述 WLAN网络的第二敏感信息，具体包括： With reference to the seventh aspect, in a tenth possible implementation manner of the seventh aspect, the acquiring, by the receiver, the second sensitive information of the WLAN network from the WLAN network, specifically:

从接收到的所述 WLAN网络的 AP返回的包括所述第二敏感信息的探测响应中获取所述第二敏感信息，所述探测响应是所述用户设备向所述 WLAN 网络的 AP发送探测帧之后接收到的；或者， Obtaining the second sensitive information from the detected probe response that is sent by the AP of the WLAN network that includes the second sensitive information, where the detecting response is that the user equipment sends a sounding frame to the AP of the WLAN network. Received later; or,

从接收到的所述 WLAN网络的 AP发送的包括所述第二敏感信息的信标帧中获取所述第二敏感信息。 a beacon including the second sensitive information sent from an AP of the WLAN network received The second sensitive information is obtained in a frame.

本发明实施例第八方面提供另一种 ANDSF, 包括： An eighth aspect of the embodiment of the present invention provides another ANDSF, including:

接收器，用于接收用户设备 UE发送的接入网信息获取请求； a receiver, configured to receive an access network information acquisition request sent by the user equipment UE;

发送器，用于向所述 UE发送包括接入网信息列表的响应消息，所述接入网信息列表中包含 WLAN网络的信息，所述 WLAN网络的信息中包括第一敏感信息；其中，所述第一敏感信息包括所述 WLAN网络进行安全认证的相关信息。 a transmitter, configured to send, to the UE, a response message that includes an access network information list, where the access network information list includes information of a WLAN network, where the information of the WLAN network includes first sensitive information; The first sensitive information includes related information that the WLAN network performs security authentication.

结合第八方面，在第八方面的第一种可能的实施方式中，所述第一敏感信息还包括辅助所述 UE进行选网的相关信息。 In conjunction with the eighth aspect, in a first possible implementation manner of the eighth aspect, the first sensitive information further includes related information that assists the UE to perform network selection.

结合第八方面，在第八方面的第二种可能的实施方式中，所述接入网信息获取请求还包括所述 UE的位置信息；所述 ANDSF还包括： With reference to the eighth aspect, in a second possible implementation manner of the eighth aspect, the access network information acquisition request further includes location information of the UE, and the ANDSF further includes:

处理器，用于在所述发送器向所述 UE发送包括接入网信息列表的响应消息之前，根据所述 UE的位置信息确定所述 UE周围可用的接入网信息。 And a processor, configured to determine, according to location information of the UE, access network information that is available around the UE, before the transmitter sends a response message that includes an access network information list to the UE.

结合第八方面，在第八方面的第三种可能的实施方式中，所述接入网信息列表还包括用于判断 WLAN网络优先级的信息，以供所述 UE根据所述优先级的信息选择所述 WLAN网络。 With reference to the eighth aspect, in a third possible implementation manner of the eighth aspect, the access network information list further includes information for determining a WLAN network priority, for the UE to use the information according to the priority Select the WLAN network.

本发明实施例第九方面提供另一种网络控制设备，包括： A ninth aspect of the embodiment of the present invention provides another network control device, including:

处理器，用于确定使用无线局域网 WLAN网络，并确定所述 UE可用的 WLAN网络； a processor, configured to determine a WLAN network using a wireless local area network, and determine a WLAN network available to the UE;

发送器，用于向所述 UE发送包含所述 WLAN网络的第一敏感信息的无线资源控制 RRC连接重配置请求，所述 RRC连接重配置请求用于指示所述 UE根据所述第一敏感信息与所述 WLAN网络的接入点 AP建立连接；其中，所述第一敏感信息包括所述 WLAN网络进行安全认证的相关信息。 a transmitter, configured to send, to the UE, a radio resource control RRC connection reconfiguration request that includes first sensitive information of the WLAN network, where the RRC connection reconfiguration request is used to indicate that the UE is configured according to the first sensitive information Establishing a connection with the access point AP of the WLAN network; where the first sensitive information includes related information about the WLAN network for performing security authentication.

结合第九方面，在第九方面的第一种可能的实施方式中，所述第一敏感信息还包括辅助所述 UE进行选网的相关信息。 In conjunction with the ninth aspect, in a first possible implementation manner of the ninth aspect, the first sensitive information further includes information related to the UE performing network selection.

结合第九方面，在第九方面的第二种可能的实施方式中，所述处理器还用于，根据用户设备 UE的位置信息确定所述 UE可用的 WLAN网络。 With reference to the ninth aspect, in a second possible implementation manner of the ninth aspect, the processor is further configured to determine, according to location information of the user equipment UE, a WLAN network that is available to the UE.

结合第九方面，在第九方面的第三种可能的实施方式中，所述处理器具体用于，根据当前网络策略和所述 UE的能力信息确定使用 WLAN网络。 In conjunction with the ninth aspect, in a third possible implementation of the ninth aspect, the processor is configured to determine to use the WLAN network according to the current network policy and the capability information of the UE.

结合第九方面，在第九方面的第四种可能的实施方式中，所述 RRC连接重配置请求还包括用于判断 WLAN网络优先级的信息，以供所述 UE根据所述优先级的信息选择所述 WLAN网络。 With reference to the ninth aspect, in a fourth possible implementation manner of the ninth aspect, the RRC connection The reconfiguration request further includes information for determining a WLAN network priority for the UE to select the WLAN network according to the priority information.

本发明实施例提供的无线局域网的接入方法及装置，解决了由于 WLAN 网络的相关敏感信息容易被篡改而导致 UE无法正常接入 WLAN 网络的问题，实现了 WLAN网络的准确接入，提高了 WLAN网络接入的安全性。附图说明 The method and device for accessing a wireless local area network provided by the embodiments of the present invention solve the problem that the related information of the WLAN network is easily falsified, and the UE cannot access the WLAN network normally, thereby realizing accurate access of the WLAN network and improving the access. Security of WLAN network access. DRAWINGS

为了更清楚地说明本发明实施例或现有技术中的技术方案，下面将对实施例或现有技术描述中所需要使用的附图作一简单地介绍，显而易见地，下面描述中的附图是本发明的一些实施例，对于本领域普通技术人员来讲，在不付出创造性劳动性的前提下，还可以根据这些附图获得其他的附图。 In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, a brief description of the drawings used in the embodiments or the prior art description will be briefly described below. Obviously, the drawings in the following description It is a certain embodiment of the present invention, and other drawings can be obtained from those skilled in the art without any inventive labor.

图 1为本发明一实施例无线局域网的接入方法的流程图； 1 is a flowchart of a method for accessing a wireless local area network according to an embodiment of the present invention;

图 2为本发明另一实施例无线局域网的接入方法的流程图； 2 is a flowchart of a method for accessing a wireless local area network according to another embodiment of the present invention;

图 3为本发明再一实施例无线局域网的接入方法的流程图； 3 is a flowchart of a method for accessing a wireless local area network according to still another embodiment of the present invention;

图 4为本发明又一实施例无线局域网的接入方法的流程图； 4 is a flowchart of a method for accessing a wireless local area network according to still another embodiment of the present invention;

图 5为本发明又一实施例无线局域网的接入方法的流程图； FIG. 5 is a flowchart of a method for accessing a wireless local area network according to still another embodiment of the present invention; FIG.

图 6为本发明又一实施例无线局域网的接入方法的信令流程图；图 7为本发明又一实施例无线局域网的接入方法的信令流程图；图 8为本发明一用户设备实施例的结构示意图； FIG. 6 is a signaling flowchart of a method for accessing a wireless local area network according to still another embodiment of the present invention; FIG. 7 is a signaling flowchart of a method for accessing a wireless local area network according to still another embodiment of the present invention; FIG. 8 is a user equipment of the present invention; Schematic diagram of the structure of the embodiment;

图 9为本发明一接入网络发现和选择功能设备实施例的结构示意图图 10为本发明一网络控制设备实施例结构示意图； 9 is a schematic structural diagram of an embodiment of an access network discovery and selection function device according to the present invention; FIG. 10 is a schematic structural diagram of an embodiment of a network control device according to the present invention;

图 11为本发明另一用户设备实施例结构示意图； 11 is a schematic structural diagram of another embodiment of a user equipment according to the present invention;

图 12为本发明另一接入网络发现和选择功能设备实施例结构示意图；图 13为本发明另一网络控制设备实施例结构示意图。具体实施方式 FIG. 12 is a schematic structural diagram of another embodiment of an access network discovery and selection function device according to the present invention; FIG. 13 is a schematic structural diagram of another network control device according to an embodiment of the present invention. detailed description

为使本发明实施例的目的、技术方案和优点更加清楚，下面将结合本发明实施例中的附图，对本发明实施例中的技术方案进行清楚、完整地描述，显然，所描述的实施例是本发明一部分实施例，而不是全部的实施例。基于本发明中的实施例，本领域普通技术人员在没有作出创造性劳动前提下所获得的所有其他实施例，都属于本发明保护的范围。 The technical solutions in the embodiments of the present invention are clearly and completely described in the following with reference to the accompanying drawings in the embodiments of the present invention. It is a partial embodiment of the invention, and not all of the embodiments. Based on the embodiments of the present invention, those of ordinary skill in the art obtain the following without creative efforts. All other embodiments obtained are within the scope of the invention.

图 1为本发明一实施例无线局域网的接入方法的流程图，该方法适用于利用 WLAN分流移动通信网络的业务时的网络接入，同时该方法可应用于移动通信网络与 WLAN聚合部署的情况，也可应用于移动通信网络与 WLAN 独立部署的情况。如图 1所示，该方法包括： 1 is a flowchart of a method for accessing a wireless local area network according to an embodiment of the present invention. The method is applicable to network access when a service of a mobile communication network is offloaded by using a WLAN, and the method is applicable to a mobile communication network and a WLAN aggregation deployment. The situation can also be applied to the case where the mobile communication network is deployed independently with the WLAN. As shown in Figure 1, the method includes:

S101、 UE从移动通信网络的网络设备中获取 WLAN网络的第一敏感信息；其中，所述第一敏感信息包括所述 WLAN网络进行安全认证的相关信息。 S101. The UE acquires first sensitive information of the WLAN network from a network device of the mobile communication network, where the first sensitive information includes related information that the WLAN network performs security authentication.

其中，上述移动通信网络的网络设备可以为：基站（如： eNodeB ) ，无线网络控制器（Radio Network Controller, 简称 RNC) ，或者，接入网发现和选择功會 ^ (Access Network Discovery Support Functions, 简称 ANDSF) 。该 ANDSF可以是独立的 ANDSF服务器，或者是集成在其它设备上的功能模块，在此不作限定。 The network device of the foregoing mobile communication network may be: a base station (eg, eNodeB), a radio network controller (Radio Network Controller, or RNC for short), or an access network discovery support function (Access Network Discovery Support Functions, Referred to as ANDSF). The ANDSF may be a separate ANDSF server, or a function module integrated on other devices, which is not limited herein.

首先， UE先确定需要使用 WLAN网络进行移动通信网络的业务分流，该过程可以由运营商下发的网络策略确定，也可由 UE根据本地策略自行判断确定，此处不做任何限制，针对本发明，重点主要在于 UE在确定使用 WLAN 进行业务分流后如何准确接入 WLAN。 First, the UE first determines that the WLAN network needs to be used for the service offloading of the mobile communication network, and the process may be determined by the network policy delivered by the operator, or may be determined by the UE according to the local policy, and the present invention is not limited thereto. The key is mainly how the UE can accurately access the WLAN after determining the use of the WLAN for service offloading.

本步骤中，可以按照两种场景进行： In this step, you can follow two scenarios:

方式一、 UE先判断是否使用 WLAN网络，在确定使用 WLAN网络进行业务分流后，从移动通信网络的网络设备中获取该 WLAN的第一敏感信息。 Manner 1: The UE first determines whether to use the WLAN network, and after determining to use the WLAN network for service offloading, obtains the first sensitive information of the WLAN from the network device of the mobile communication network.

方式二、 UE先获取接入网信息，然后再判断是否使用 WLAN网络，在确定使用 WLAN网络进行业务分流后，直接从接入网信息中查询该 WLAN 网络的第一敏感信息。 In the second mode, the UE first obtains the access network information, and then determines whether to use the WLAN network. After determining to use the WLAN network for service offloading, the UE directly queries the first sensitive information of the WLAN network from the access network information.

以方式一为例进行说明，在确定 UE需要使用 WLAN进行如数据业务分流后， UE从移动通信网络的网络设备中获取 WLAN网络的标识和对应的第一敏感信息，该第一敏感信息为 UE与 WLAN网络建立网络连接的关键接入参数信息，可以包括 WLAN网络进行安全认证的相关信息，这些信息如果被篡改， UE将无法接入 WLAN网络或被错误引导。 The mode 1 is used as an example. After determining that the UE needs to perform the offloading of the data service by using the WLAN, the UE obtains the identifier of the WLAN network and the corresponding first sensitive information from the network device of the mobile communication network, where the first sensitive information is the UE. The key access parameter information for establishing a network connection with the WLAN network may include information related to the WLAN network for performing security authentication. If the information is tampered with, the UE may not be able to access the WLAN network or be misdirected.

其中，该移动通信网络为第三代合作伙伴计划（The 3rd Generation Partnership Project,简称 3GPP)网络，如全球移动通讯系统（Global System of Mobilecommunication,简称 GSM)网络、通用移动通信系统（Universal Mobile Telecommunications System , 简称 UMTS ) 网络和长期演进 ( Long Term Evolution, 简称 LTE) 网络。 The mobile communication network is a 3rd Generation Partnership Project (3GPP) network, such as a Global System of Mobile Communication (GSM) network, a universal mobile communication system (Universal Mobile) Telecommunications System (UMTS) network and Long Term Evolution (LTE) network.

优选地， WLAN网络进行安全认证的相关信息可以包括 WLAN网络的 RSN IE禾口 /或认证类型 Authentication type。 Preferably, the information related to the security authentication of the WLAN network may include an RSN IE and/or an authentication type of the WLAN network.

进一步，若移动通信网络与 WLAN网络独立部署，则 UE从移动通信网络的网络设备中获取 WLAN网络的第一敏感信息可以按照如下流程进行：该 UE向 ANDSF发送接入网信息获取请求； Further, if the mobile communication network is deployed independently of the WLAN network, the UE may obtain the first sensitive information of the WLAN network from the network device of the mobile communication network according to the following process: the UE sends an access network information acquisition request to the ANDSF;

该 UE接收该 ANDSF返回的包括接入网信息列表的响应消息，其中，所述接入网信息列表中包含所述 WLAN网络的信息，所述 WLAN网络的信息中包括所述第一敏感信息。 The UE receives the response message of the access network information list returned by the ANDSF, where the access network information list includes the information of the WLAN network, and the information of the WLAN network includes the first sensitive information.

进一步的，该接入网信息获取请求还包括该 UE的位置信息；则该接入网信息列表是该 ANDSF根据该 UE的位置信息确定的。 Further, the access network information acquisition request further includes location information of the UE; and the access network information list is determined by the ANDSF according to the location information of the UE.

若移动通信网络与 WLAN聚合部署，则 UE从移动通信网络的网络设备中获取 WLAN网络的第一敏感信息可以按照如下流程进行： If the mobile communication network is deployed in a WLAN aggregation manner, the UE may obtain the first sensitive information of the WLAN network from the network device of the mobile communication network according to the following process:

该 UE接收网络控制设备发送的 RRC连接重配置请求，该 RRC连接重配置请求包括 WLAN网络的第一敏感信息。 The UE receives an RRC connection reconfiguration request sent by the network control device, where the RRC connection reconfiguration request includes the first sensitive information of the WLAN network.

S102、所述 UE根据所述第一敏感信息与所述 WLAN网络的接入点 AP 建立连接。 S102. The UE establishes a connection with an access point AP of the WLAN network according to the first sensitive information.

具体地，该 UE在获取到该 WLAN网络的第一敏感信息后，可以根据如下不同方式与 WLAN网络建立连接。 Specifically, after acquiring the first sensitive information of the WLAN network, the UE may establish a connection with the WLAN network according to different manners.

第一种方式：该 UE根据从移动通信网络的网络设备中获取的该 WLAN 网络的第一敏感信息直接与该 WLAN网络的 AP建立连接。具体地，该 UE 在向 WLAN网络的 AP发起探测请求并接收返回的探测响应之后，或，侦听该 WLAN网络的 AP广播的 beacon帧之后，该 UE直接根据该 WLAN网络的第一敏感信息与该 WLAN网络的 AP建立连接，即该 UE不再进行敏感信息对比，提高了与 WLAN网络建立连接的效率。 The first mode: the UE directly establishes a connection with the AP of the WLAN network according to the first sensitive information of the WLAN network acquired from the network device of the mobile communication network. Specifically, after the UE initiates a probe request to the AP of the WLAN network and receives the returned probe response, or after listening to the beacon frame broadcast by the AP of the WLAN network, the UE directly according to the first sensitive information of the WLAN network. The AP of the WLAN network establishes a connection, that is, the UE does not perform sensitive information comparison, and improves the efficiency of establishing a connection with the WLAN network.

第二种方式：在 S102之前，该 UE还从 WLAN网络中获取该 WLAN网络的第二敏感信息，所述第二敏感信息包括所述 WLAN网络进行安全认证的相关信息；则 S102可以按照如下流程进行： The second mode: before the S102, the UE further acquires the second sensitive information of the WLAN network from the WLAN network, where the second sensitive information includes related information about the WLAN network for performing security authentication; get on:

该 UE判断从移动通信网络的网络设备中获取的该 WLAN网络的第一敏感信息与从 WLAN中获取的该 WLAN网络的第二敏感信息是否一致，若一致，则该 UE与该 WLAN网络的 AP建立连接。 The UE determines the first sensitivity of the WLAN network acquired from the network device of the mobile communication network Whether the sensing information is consistent with the second sensitive information of the WLAN network obtained from the WLAN, if the information is consistent, the UE establishes a connection with the AP of the WLAN network.

其中，该第二敏感信息与该第一敏感信息所包括的内容是一致的，其区别主要在于，该第一敏感信息是 UE从移动通信网络中获取的，而该第二敏感信息是 UE从 WLAN中获取的。优选地， WLAN网络进行安全认证的相关信息可以包括 WLAN网络的 RSN IE和 /或认证类型 Authentication type。 The second sensitive information is consistent with the content included in the first sensitive information, and the difference is mainly that the first sensitive information is obtained by the UE from the mobile communication network, and the second sensitive information is the UE Obtained in the WLAN. Preferably, the information related to the security authentication of the WLAN network may include an RSN IE of the WLAN network and/or an authentication type Authentication type.

进一步，该 UE从 WLAN网络中获取该 WLAN AP的第二敏感信息，可以通过如下方式实施： Further, the UE obtains the second sensitive information of the WLAN AP from the WLAN network, and may be implemented as follows:

该 UE从接收到的该 WLAN网络的 AP返回的包括该第二敏感信息的探测响应中获取该第二敏感信息，该探测响应是该 UE向该 WLAN网络的 AP 发送探测帧之后接收到的；或者， Obtaining, by the UE, the second sensitive information, that is, the probe response that is sent by the AP of the WLAN network that is sent by the AP, and the probe response is sent by the UE after sending the probe frame to the AP of the WLAN network; Or,

该 UE从接收到的该 WLAN 网络的 AP发送的包括该第二敏感信息的 Beacon帧中获取该第二敏感信息。 The UE acquires the second sensitive information from the received Beacon frame that is sent by the AP of the WLAN network and includes the second sensitive information.

本实施例，在确定 UE使用 WLAN对移动通信网络进行业务分流后， UE 从移动通信网络的网络设备中获取 WLAN网络的第一敏感信息，根据该第一敏感信息直接向 WLAN发起连接，或者将该第一敏感信息与从 WLAN网络中获取的 WLAN网络的第二敏感信息进行对比，若一致，则与 WLAN网络的 AP建立连接。通过该方法，解决了由于 WLAN网络的相关敏感信息容易被篡改而导致 UE无法正常接入 WLAN网络的问题，实现了 WLAN网络的准确接入，提高了 WLAN网络接入的安全性。 In this embodiment, after determining that the UE uses the WLAN to perform service offloading to the mobile communication network, the UE obtains the first sensitive information of the WLAN network from the network device of the mobile communication network, and directly initiates a connection to the WLAN according to the first sensitive information, or The first sensitive information is compared with the second sensitive information of the WLAN network acquired from the WLAN network. If they are consistent, the AP establishes a connection with the AP of the WLAN network. The method solves the problem that the UE cannot access the WLAN network due to the tampering of the sensitive information of the WLAN network, thereby realizing the accurate access of the WLAN network and improving the security of the WLAN network access.

图 2为本发明另一实施例无线局域网的接入方法的流程图，本实施例在上述实施例的基础上， S101可以包括：该 UE从移动通信网络的网络设备中获取可用的 WLAN网络的第一敏感信息，以及用于判断该各 WLAN网络优先级的信息。则相应地， S102可以包括：该 UE根据 WLAN网络优先级的信息选择所述第一敏感信息，与所选择的 WLAN的 AP建立连接。如图 2所示，该方法可以按照如下流程进行： 2 is a flowchart of a method for accessing a wireless local area network according to another embodiment of the present invention. On the basis of the foregoing embodiment, the S101 may include: the UE acquiring an available WLAN network from a network device of a mobile communication network. First sensitive information, and information for determining the priority of each WLAN network. Correspondingly, the S102 may include: the UE selecting the first sensitive information according to the information of the WLAN network priority, and establishing a connection with the AP of the selected WLAN. As shown in Figure 2, the method can be performed as follows:

S201、 UE从移动通信网络的网络设备中获取多个 WLAN网络的第一敏感信息，以及用于判断各 WLAN网络优先级的信息。 S201. The UE acquires first sensitivity information of the multiple WLAN networks and information for determining priorities of the WLAN networks from the network device of the mobile communication network.

具体地，无论是移动通信网络与 WLAN独立部署还是聚合部署， UE从移动通信网络获得的可以连接的 WLAN网络可能有多个，此时 UE对准备接入的 WLAN网络的选取需要通过这些用于判断 WLAN网络优先级的信息进行判断，此时，移动通信网络向 UE发送这些 WLAN网络的第一敏感信息的同时将这些用于判断 WLAN网络优先级的信息也发送给 UE。 Specifically, whether the mobile communication network is deployed independently or in the WLAN, the UE may obtain multiple WLAN networks that can be connected from the mobile communication network, and the UE is ready to connect. The selection of the incoming WLAN network needs to be judged by using the information for determining the priority of the WLAN network. At this time, the mobile communication network sends the first sensitive information of the WLAN network to the UE and uses these to determine the priority of the WLAN network. Information is also sent to the UE.

S202、 UE根据所述 WLAN网络优先级的信息选择所述第一敏感信息，与所述 WLAN网络的接入点 AP建立连接。 S202. The UE selects the first sensitive information according to the information about the WLAN network priority, and establishes a connection with the access point AP of the WLAN network.

其中， UE根据所选择的 WLAN网络的第一敏感信息与 WLAN网络建立连接，即可以 UE是直接根据所选择的 WLAN网络的第一敏感信息与 WLAN 网络建立连接，也可以是 UE通过将第一敏感信息与第二敏感信息进行对比，并在获知一致后与 WLAN网络建立连接；若信息不一致，则选取一个优先级低的 WLAN网络再重新进行上述流程。 The UE establishes a connection with the WLAN network according to the first sensitive information of the selected WLAN network, that is, the UE may directly establish a connection with the WLAN network according to the first sensitive information of the selected WLAN network, or may be the first The sensitive information is compared with the second sensitive information, and the connection is established with the WLAN network after the knowledge is consistent; if the information is inconsistent, the WLAN network with a lower priority is selected and the above process is restarted.

本实施例， UE根据移动通信网络发送的用于判断该可用的 WLAN网络优先级的信息进行逐一选取可用的 WLAN网络，确保 UE可以接入优先级高的 WLAN网络。 In this embodiment, the UE selects an available WLAN network one by one according to the information sent by the mobile communication network for determining the available WLAN network priority, and ensures that the UE can access the WLAN network with high priority.

在上述各实施例的基础上，该第一敏感信息还可以包括辅助所述 UE进行选网的相关信息。其中，所述的辅助所述 UE进行选网的相关信息可以为 Hotspot 2.0能力指示信息，则 UE在采用第一敏感信息与第二敏感信息对比的方式来确定是否与该 WLAN网路的 AP建立连接时，该第二敏感信息中也可以包括 Hotspot 2.0能力指示信息。 Based on the foregoing embodiments, the first sensitive information may further include related information that assists the UE to select a network. The information about the assisting the UE to perform the network selection may be the Hotspot 2.0 capability indication information, and the UE determines whether to establish the AP with the WLAN network by comparing the first sensitive information with the second sensitive information. When connected, the second sensitive information may also include Hotspot 2.0 capability indication information.

Hotspot 2.0能力指示信息用于指示设备具有 Hotspot2.0能力且达到必需的安全级别。在 WLAN网络为具有 Hotspot2.0能力且达到必需的安全级别的 WLAN网络的情况下，则该 UE根据所述第一敏感信息与所述 WLAN网络的接入点 AP建立连接之前还可以包括： UE向 AP发送接入网络信息查询请求，并接收所述 AP返回的包括所述 WLAN网络的状态信息的查询响应消息，并根据所述 WLAN网络的状态信息确定所述 WLAN网络可用。 The Hotspot 2.0 Capability Indication message is used to indicate that the device has Hotspot 2.0 capabilities and meets the required security level. In the case that the WLAN network is a WLAN network that has the Hotspot 2.0 capability and the required security level, the UE may further include: the UE before establishing the connection with the access point AP of the WLAN network according to the first sensitive information. And sending an access network information query request to the AP, and receiving an inquiry response message that is returned by the AP, including the status information of the WLAN network, and determining, according to the status information of the WLAN network, that the WLAN network is available.

具体地，该第一敏感信息中还包括 Hotspot 2.0能力指示信息，即在移动通信网络下发 WLAN网络的第一敏感信息时，若该 WLAN网络为 Hotspot 2.0 WLAN网络，则该 WLAN网络的第一敏感信息中会包括用于标识该 WLAN 网络为 Hotspot 2.0 WLAN网络的 Hotspot 2.0能力指示信息。其中，该 UE需要是具有 Hotspot 2.0能力的 UE。 Specifically, the first sensitive information further includes Hotspot 2.0 capability indication information, that is, when the mobile communication network sends the first sensitive information of the WLAN network, if the WLAN network is a Hotspot 2.0 WLAN network, the first of the WLAN network The sensitive information may include Hotspot 2.0 capability indication information for identifying the WLAN network as a Hotspot 2.0 WLAN network. The UE needs to be a Hotspot 2.0 capable UE.

进一步，由于 UE接收到的第一敏感信息中，并不是所有的第一敏感信息中均包括该 Hotspot 2.0能力指示信息，则该 UE向该第一敏感信息中包含该 Hotspot 2.0能力指示信息的 Hotspot 2.0 WLAN网络的 AP发送接入网信息查询请求之前，还需要判断该第一敏感信息中是否包括该 Hotspot 2.0能力指示信息，即该 UE判断该第一敏感信息中是否包括该 Hotspot 2.0能力指示信息，以确定是否向包含该 Hotspot 2.0能力指示信息的 Hotspot 2.0 WLAN网络的 AP发送接入网络信息查询请求。 Further, not all of the first sensitive information is received in the first sensitive information received by the UE. The information includes the Hotspot 2.0 capability indication information, and the UE needs to determine the first before sending the access network information query request to the AP of the Hotspot 2.0 WLAN network that includes the Hotspot 2.0 capability indication information in the first sensitive information. Whether the Hotspot 2.0 capability indication information is included in the sensitive information, that is, the UE determines whether the Hotspot 2.0 capability indication information is included in the first sensitive information to determine whether to send to the AP of the Hotspot 2.0 WLAN network that includes the Hotspot 2.0 capability indication information. Access network information query request.

另夕卜，该状态信息可以为反映该 Hotspot 2.0 WLAN网络的负载情况的信息，但不限于此。对于判断该 Hotspot 2.0 WLAN网络是否满足作为可用的 WLAN网络的条件，也可以是根据实际设置的规则进行判断，判断规则不局限于负载情况。 In addition, the status information may be information reflecting the load condition of the Hotspot 2.0 WLAN network, but is not limited thereto. For judging whether the Hotspot 2.0 WLAN network satisfies the conditions of the available WLAN network, it may also be determined according to the actually set rules, and the judgment rule is not limited to the load situation.

图 3为本发明再一实施例无线局域网的接入方法的流程图，该方法适用于移动通信网络与 WLAN独立部署的情况，可以由 ANDSF实施，该 ANDSF 的功能是为 3GPP接入网或非 3GPP接入网的 UE提供有关网络连接的接入信息，其目的是协助 UE发现在其附近的接入网络，并提供接入的优先次序和管理这些网络的连接规则。其中，该非 3GPP接入网包括如全球微波接入互操作性 (Worldwide Interoperability for Microwave Access, 简称 WiMAX) 网络、 WLAN网络和 CDMA2000。如图 3所示，该方法可以按照如下流程进行： FIG. 3 is a flowchart of a method for accessing a wireless local area network according to still another embodiment of the present invention. The method is applicable to a case where a mobile communication network and a WLAN are independently deployed, and may be implemented by an ANDSF, and the function of the ANDSF is a 3GPP access network or a non- The UE of the 3GPP access network provides access information about the network connection, the purpose of which is to assist the UE to discover the access network in its vicinity, and to provide priority for access and to manage the connection rules of these networks. The non-3GPP access network includes, for example, a Worldwide Interoperability for Microwave Access (WiMAX) network, a WLAN network, and CDMA2000. As shown in Figure 3, the method can be performed as follows:

5301、 ANDSF接收用户设备 UE发送的接入网信息获取请求。 S301. The ANDSF receives an access network information acquisition request sent by the user equipment UE.

其中，该 ANDSF可以为实体装置，独立设置于移动通信网络中，也可以依附在各类移动通信网络的网络设备中，即该 ANDSF泛指所有可以实现该接入网络发现和选择功能的装置。 The ANDSF may be a physical device, and may be independently installed in a mobile communication network, or may be attached to network devices of various types of mobile communication networks, that is, the ANDSF refers to all devices that can implement the access network discovery and selection function.

5302、 ANDSF向所述 UE发送包括接入网信息列表的响应消息，所述接入网信息列表中包含 WLAN网络的信息，所述 WLAN网络的信息中包括第一敏感信息；其中，所述第一敏感信息包括所述 WLAN网络进行安全认证的相关信息。 5302. The ANDSF sends, to the UE, a response message that includes an access network information list, where the access network information list includes information of a WLAN network, where the information of the WLAN network includes first sensitive information. A sensitive information includes information related to security authentication of the WLAN network.

具体地，该 ANDSF可以将网络支持的所有接入网信息列表发送给 UE, UE 可以根据自身的发现能力从该接入网信息列表中选取自己可以发现的接入网并建立连接。 Specifically, the ANDSF may send all the access network information lists supported by the network to the UE, and the UE may select an access network that can be discovered from the access network information list according to its own discovery capability and establish a connection.

优选地，该接入网信息获取请求还包括该 UE的位置信息，贝 lj该 ANDSF 向该 UE发送包括接入网信息列表的响应消息之前，还包括：该 ANDSF根据该 UE的位置信息确定该 UE周围可用的接入网信息。 Preferably, the access network information acquisition request further includes location information of the UE, and before the ANDSF sends the response message including the access network information list to the UE, the method further includes: the ANDSF root The access network information available around the UE is determined according to the location information of the UE.

具体地， ANDSF在接收到 UE发送的接入网信息获取请求后，根据该接入网信息获取请求中携带的该 UE的位置信息，从本地存储的接入网信息中查找该 UE周围可以接入的接入网信息，该接入网信息包括周围可用的接入网类型，如 WLAN和 WiMAX, 以及该接入网类型的优先级信息，该优先级可以由运营商设置。例如，在某一特定区域内，运营商优先选择采用 WLAN 作为移动通信网络的业务分流网络，则在该特定区域内， WLAN的优先级将高于 WiMAX等其他非 3GPP接入网，即由运营商设置的优先级信息会指导该 UE优先选择 WLAN网络进行接入。该 ANDSF确定该 UE周围的接入网信息后，向该 UE返回一响应消息，同时将这些接入网信息的列表携带在该响应消息中发送给该 UE。当该列表中存在 WLAN网络的信息时，该 WLAN 网络的信息中包括 WLAN AP的第一敏感信息，同时包含 WLAN的标识信息。 Specifically, after receiving the access network information acquisition request sent by the UE, the ANDSF searches for the location information of the UE that is carried in the access network information acquisition request, and searches for the surrounding area of the UE from the locally stored access network information. Incoming access network information, the access network information includes surrounding access network types, such as WLAN and WiMAX, and priority information of the access network type, which may be set by the operator. For example, in a certain area, the operator prefers to use the WLAN as the service offload network of the mobile communication network, in which the priority of the WLAN will be higher than other non-3GPP access networks such as WiMAX, that is, by the operation. The priority information set by the quotient guides the UE to preferentially select the WLAN network for access. After determining the access network information around the UE, the ANDSF returns a response message to the UE, and carries the list of the access network information in the response message and sends the response message to the UE. When the information of the WLAN network exists in the list, the information of the WLAN network includes the first sensitive information of the WLAN AP, and includes the identification information of the WLAN.

可选地， WLAN网络进行安全认证的相关信息可以包括 WLAN网络的 RSN IE和 /或认证类型 Authentication type。第一敏感信息还包括辅助所述 UE 进行选网的相关信息，例如 Hot_Spot 2.0能力指示信息，以上仅为举例，并不局限于此。 Optionally, the related information of the WLAN network for performing the security authentication may include an RSN IE of the WLAN network and/or an authentication type Authentication type. The first sensitive information further includes information related to the selection of the network, such as Hot _S pot 2.0 capability indication information, which is merely an example and is not limited thereto.

进一步，该接入网信息列表还可以包括用于判断所述可用的 WLAN网络优先级的信息，以供该 UE根据该用于判断该可用的 WLAN网络优先级的信息从可用的 WLAN网络中选取建立连接的 WLAN网络。 Further, the access network information list may further include information for determining the available WLAN network priority, so that the UE selects the available WLAN network according to the information used to determine the available WLAN network priority. Establish a connected WLAN network.

本实施例，为了实现 UE准确接入 WLAN网络，将 WLAN网络的敏感信息通过某种安全的方式设置于 ANDSF中，在 UE向 ANDSF获取接入网信息时， ANDSF将这些敏感信息一起发送给该 UE, 由于移动通信网络有完善的安全机制， UE从 ANDSF中获取的 WLAN网络的敏感信息是可靠的，从而有效地保证了 UE接入 WLAN网络的准确性。 In this embodiment, in order to implement the UE to accurately access the WLAN network, the sensitive information of the WLAN network is set in the ANDSF in a certain security manner. When the UE acquires the access network information from the ANDSF, the ANDSF sends the sensitive information together. UE, because the mobile communication network has a complete security mechanism, the sensitive information of the WLAN network obtained by the UE from the ANDSF is reliable, thereby effectively ensuring the accuracy of the UE accessing the WLAN network.

图 4为本发明又一实施例无线局域网的接入方法的流程图，该方法适用于移动通信网络与 WLAN聚合部署的情况，可以由移动通信网络的网络控制设备来实施，本实施例以移动通信网络为 LTE为例进行说明，即此时该网络控制设备为演进型基站（Evolved Node B，简称 eNB ) 。如图 4所示，该方法可以包括： S401、网络控制设备确定使用 WLAN网络。 FIG. 4 is a flowchart of a method for accessing a wireless local area network according to still another embodiment of the present invention. The method is applicable to a mobile communication network and a WLAN aggregation deployment, and may be implemented by a network control device of a mobile communication network. The communication network is LTE as an example. In this case, the network control device is an evolved base station (Evolved Node B, eNB for short). As shown in FIG. 4, the method may include: S401. The network control device determines to use the WLAN network.

由于 LTE网络与 WLAN网络聚合部署， eNB侧存储有周围非 3GPP接入网的相关信息。 eNB可以根据当前网络策略、 UE的能力信息等信息来确定是否使用 WLAN网络进行业务分流。 eNB可以根据实际情况选择使用 WLAN 网络进行业务分流，如某个 UE全部业务使用 WLAN网络进行分流，或根据 UE的业务类型确定其中的部分类型业务采用 WLAN网络进行分流，但选取方式不限，此处仅为举例说明。优选地，该网络控制设备根据当前网络策略和 UE的能力信息确定使用无线局域网 WLAN网络。 Due to the aggregation deployment of the LTE network and the WLAN network, the eNB side stores related information of the surrounding non-3GPP access network. The eNB may determine whether to use the WLAN network for service offload according to information such as the current network policy and the capability information of the UE. The eNB may choose to use the WLAN network to perform traffic offloading according to the actual situation. For example, all the services of a certain UE use the WLAN network for offloading, or determine that some types of services are used for offloading according to the service type of the UE, but the selection manner is not limited. It is only an example. Preferably, the network control device determines to use the wireless local area network (WLAN) WLAN network according to the current network policy and the capability information of the UE.

其中，当前网络策略例如可以为：当 eNB的业务负荷超过某一门限值后，引导小区内的 UE通过 WLAN网络进行数据业务分流。 For example, the current network policy may be: when the service load of the eNB exceeds a certain threshold, the UE in the guiding cell performs data service offloading through the WLAN network.

可选地，若该移动通信网络为 GSM网络，则该网络控制设备为基站控制器（Base Station Controller, 简称 BSC) ；若该移动通信网络为 UMTS网络，则该网络控制设备为无线网络控制器（Radio Network Controller,简称 RNC)；若该移动通信网络为 LTE网络，则该网络控制设备为 eNB。 Optionally, if the mobile communication network is a GSM network, the network control device is a Base Station Controller (BSC); if the mobile communication network is a UMTS network, the network control device is a wireless network controller. (Radio Network Controller, RNC for short); if the mobile communication network is an LTE network, the network control device is an eNB.

进一步，本步骤还可以按照如下流程进行： Further, this step can also be performed as follows:

该网络控制设备接收移动管理实体（Mobility Management Entity, 简称 MME) 发送的数据无线承载（Data Radio Bearer, 简称 DRB ) 建立请求，该 DRB建立请求是该 MME根据当前网络策略和 /或 UE的业务判断确定的；该网络控制设备根据该 DRB建立请求判断确定使用 WLAN网络。 The network control device receives a Data Radio Bearer (DRB) establishment request sent by a Mobility Management Entity (MME), where the DRB establishment request is determined by the MME according to a current network policy and/or a service of the UE. Determining; the network control device determines to use the WLAN network according to the DRB establishment request judgment.

S402、网络控制设备确定该 UE可用的 WLAN网络。 S402. The network control device determines a WLAN network available to the UE.

具体地，该 eNB在确定使用业务分流后，可以根据该 UE的位置信息确定可以接入的 WLAN网络。 Specifically, after determining that the service offload is used, the eNB may determine the WLAN network that can be accessed according to the location information of the UE.

S403、网络控制设备向该 UE发送包含该 WLAN网络的第一敏感信息的 RRC连接重配置请求，所述 RRC连接重配置请求用于指示所述 UE根据所述第一敏感信息与所述 WLAN网络的接入点 AP建立连接；其中，所述第一敏感信息包括所述 WLAN网络进行安全认证的相关信息。 S403. The network control device sends, to the UE, an RRC connection reconfiguration request that includes first sensitive information of the WLAN network, where the RRC connection reconfiguration request is used to indicate that the UE is based on the first sensitive information and the WLAN network. The access point AP establishes a connection; wherein, the first sensitive information includes related information that the WLAN network performs security authentication.

具体地，该 eNB将该 UE可以接入的 WLAN网络的相关信息携带在无线资源控制（Radio Resource Control, 简称 RRC) 连接重配置请求中，下发给该 UE。其中，该 WLAN AP的相关信息包括该 WLAN AP的第一敏感信息和标识信息。该 UE可以根据该第一敏感信息与该 WLAN网络建立连接。可选地， WLAN网络进行安全认证的相关信息可以包括 WLAN网络的 RSN IE和 /或认证类型 Authentication type。第一敏感信息还包括辅助所述 UE 进行选网的相关信息，例如 Hotspot 2.0能力指示信息，以上仅为举例，并不局限于此。 Specifically, the eNB carries the information about the WLAN network that the UE can access in the Radio Resource Control (RRC) connection reconfiguration request, and sends the information to the UE. The related information of the WLAN AP includes first sensitive information and identification information of the WLAN AP. The UE can establish a connection with the WLAN network according to the first sensitive information. Optionally, the related information of the WLAN network for performing the security authentication may include an RSN IE of the WLAN network and/or an authentication type Authentication type. The first sensitive information further includes related information for assisting the UE to perform network selection, such as Hotspot 2.0 capability indication information, which is merely an example and is not limited thereto.

可选地，若网络控制设备确定该 UE所在位置可用的 WLAN网络为多个，此时，该 RRC连接重配置请求还包括用于判断 WLAN网络优先级的信息，以供该 UE根据该优先级信息从可用的 WLAN网络中选取建立连接的 WLAN 网络。 Optionally, if the network control device determines that the WLAN network available at the location of the UE is multiple, the RRC connection reconfiguration request further includes information for determining a WLAN network priority, for the UE to use the priority. The information is selected from the available WLAN networks to establish a connected WLAN network.

本实施例，为了实现 UE准确接入 WLAN网络，移动通信网络的网络控制设备通过某种安全的方式获取 WLAN网络的第一敏感信息，由网络控制设备根据网络策略下发给确定使用业务分流的 UE,由于移动通信网络有完善的安全机制， UE得到的 WLAN网络的敏感信息是可靠的，从而有效地保证了 UE接入 WLAN网路的准确性。 In this embodiment, in order to implement the UE to accurately access the WLAN network, the network control device of the mobile communication network obtains the first sensitive information of the WLAN network in a certain security manner, and the network control device sends the service to the service to be used according to the network policy. The UE, because the mobile communication network has a complete security mechanism, the sensitive information of the WLAN network obtained by the UE is reliable, thereby effectively ensuring the accuracy of the UE accessing the WLAN network.

图 5为本发明又一实施例无线局域网的接入方法的流程图，该方法适用于支持 Hotspot 2.0类型的 WLAN,该方法同时适用于移动通信网络与 WLAN 聚合部署或独立部署的情况，可以由 Hotspot 2.0 WLAN AP实施，如图 5所示，该方法可以按照如下流程进行： FIG. 5 is a flowchart of a method for accessing a wireless local area network according to still another embodiment of the present invention. The method is applicable to a WLAN supporting a Hotspot 2.0 type. The method is applicable to both a mobile communication network and a WLAN aggregation deployment or independent deployment. The Hotspot 2.0 WLAN AP implementation, as shown in Figure 5, can be performed as follows:

5501、 Hotspot 2.0 WLAN AP接收 UE发送的接入网络查询请求。 5501. The Hotspot 2.0 WLAN AP receives an access network query request sent by the UE.

5502、 Hotspot 2.0 WLAN AP向该 UE发送包括该 Hotspot 2.0 WLAN网络的状态信息的接入网信息查询响应消息，该 Hotspot 2.0 WLAN网络的状态信息是该 Hotspot 2.0 WLAN AP从 ANQP服务器中获取的。 5502. The Hotspot 2.0 WLAN AP sends an access network information query response message including status information of the Hotspot 2.0 WLAN network to the UE, where the Hotspot 2.0 WLAN network status information is obtained by the Hotspot 2.0 WLAN AP from the ANQP server.

具体地，在 UE确定 WLAN AP为 Hotspot 2.0 WLAN AP时， UE向该 Hotspot 2.0 WLAN AP发送接入网查询请求，该 Hotspot 2.0 WLAN AP接收该状态信息获取请求后，向接入网查询协议（Access network query protocol, 简称 ANQP) 服务器转发该状态信息获取请求， ANQP服务器接收该接入网查询请求后向该 Hotspot 2.0 WLAN AP发送该 Hotspot 2.0 WLAN AP的状态信息，该状态信息包括但不限于该 Hotspot 2.0 WLAN AP的负载信息、连接能力等用于判断是否选择该网络以及一些用于判断网络优先级的信息。之后，该 Hotspot 2.0 WLAN AP将从 ANQP服务器获取到的所在 Hotspot 2.0 WLAN 网络的状态信息发送给 UE, 供 UE根据该状态信息确定是否将该 Hotspot 2.0 WLAN网络作为可用的 WLAN网络。例如，若该状态信息表明该 Hotspot 2.0 WLAN网络当前负载饱和，处于繁忙状态，则 UE将不把该 Hotspot 2.0 WLAN 网络列入可用的 WLAN网络。 Specifically, when the UE determines that the WLAN AP is a Hotspot 2.0 WLAN AP, the UE sends an access network query request to the Hotspot 2.0 WLAN AP, and the Hotspot 2.0 WLAN AP receives the status information acquisition request, and then queries the access network to the access protocol. The network query protocol (ANQP) forwards the status information acquisition request, and the ANQP server sends the status information of the Hotspot 2.0 WLAN AP to the Hotspot 2.0 WLAN AP after receiving the access network query request, and the status information includes but is not limited to the Hotspot 2.0 WLAN AP load information, connection capability, etc. are used to determine whether to select the network and some information used to determine the network priority. After that, the Hotspot 2.0 WLAN AP sends the status information of the Hotspot 2.0 WLAN network that is obtained from the ANQP server to the UE, and the UE determines, according to the status information, whether to set the Hotspot 2.0. The WLAN network acts as an available WLAN network. For example, if the status information indicates that the Hotspot 2.0 WLAN network is currently loaded and busy, the UE will not include the Hotspot 2.0 WLAN network in the available WLAN network.

可选地，若该 Hotspot 2.0 WLAN AP 与该 ANQP服务器聚合，则该 Hotspot 2.0 WLAN网络的状态信息是该 Hotspot 2.0 WLAN AP从本地存储的信息中获取的。 SP，若将 ANQP服务器的功能放置在该 Hotspot 2.0 WLAN AP上，即 ANQP服务器和该 Hotspot 2.0 WLAN AP合一，此时该 Hotspot 2.0 WLAN AP在接收到 UE发送的接入网络查询请求后，直接在本地 ANDSF模块存储的相关信息中获取该 Hotspot 2.0 WLAN网络的状态信息，将该状态信息携带在接入网信息查询响应消息中发送给 UE。 Optionally, if the Hotspot 2.0 WLAN AP is aggregated with the ANQP server, the status information of the Hotspot 2.0 WLAN network is obtained by the Hotspot 2.0 WLAN AP from locally stored information. SP, if the function of the ANQP server is placed on the Hotspot 2.0 WLAN AP, that is, the ANQP server and the Hotspot 2.0 WLAN AP are combined, the Hotspot 2.0 WLAN AP receives the access network query request sent by the UE directly. The status information of the Hotspot 2.0 WLAN network is obtained in the related information stored in the local ANDSF module, and the status information is carried in the access network information query response message and sent to the UE.

本实施例，移动通信网络的网络控制设备将反映 WLAN AP为 Hotspot 2.0 WLAN AP的标识信息即 Hotspot 2.0能力指示信息作为第一敏感信息的一部分下发给 UE, 使 UE向该 Hotspot 2.0 WLAN AP发送接入网查询请求，以确定该 Hotspot 2.0 WLAN网络的状态是否适合作为可用的 WLAN网络，实现了对 Hotspot 2.0 WLAN网络的兼容。 In this embodiment, the network control device of the mobile communication network sends the Hotspot 2.0 capability indication information indicating that the WLAN AP is the Hotspot 2.0 WLAN AP, as part of the first sensitive information, to the UE, and sends the UE to the Hotspot 2.0 WLAN AP. The access network queries the request to determine whether the state of the Hotspot 2.0 WLAN network is suitable as an available WLAN network, enabling compatibility with the Hotspot 2.0 WLAN network.

以下从不同的场景对上述方法进行举例说明。 The above method is exemplified from different scenarios.

场景一，移动通信网络与 WLAN独立部署（以移动通信网络为 LTE网络为例说明）。 Scenario 1, the mobile communication network and the WLAN are deployed independently (taking the mobile communication network as an example for the LTE network).

图 6为本发明又一实施例无线局域网的接入方法的信令流程图，如图 6 所示，该方法可以按照如下流程进行： FIG. 6 is a signaling flowchart of a method for accessing a wireless local area network according to still another embodiment of the present invention. As shown in FIG. 6, the method may be performed according to the following process:

5601、 UE接入 LTE网络。 5601. The UE accesses an LTE network.

首先，该 UE首先附着到 LTE网络，即该 UE先接入 LTE网络，与分组数据网络网关（Packet Data Network Gateway, 简称 PGW) 交互。 First, the UE first attaches to the LTE network, that is, the UE first accesses the LTE network and interacts with a Packet Data Network Gateway (PGW).

5602、该 UE根据运营商策略确定使用非 3GPP接入网进行业务分流。具体地，该运营商策略可以为如异系统的移动性策略等，同时，该运营商策略可以为 LTE网络的 ANDSF下发给 UE的，也可以是 UE本地存储有的本地策略，此处不做任何限制。 S602. The UE determines to use a non-3GPP access network to perform service offload according to an operator policy. Specifically, the operator policy may be a mobility policy of a different system, etc., and the carrier policy may be sent to the UE by the ANDSF of the LTE network, or may be a local policy locally stored by the UE. Make any restrictions.

5603、该 UE向 ANDSF发送接入网信息请求。 S603. The UE sends an access network information request to the ANDSF.

其中，该接入网信息请求消息中可选地包括该 UE的位置信息。 The access network information request message optionally includes location information of the UE.

S604、该 ANDSF根据该 UE的位置信息确定该 UE周围可用的接入网络。其中，该 UE周围可用的接入网络例如为 WLAN或 WiMAX。当请求消息中不包含 UE的位置信息时， ANDSF将返回所有可用的接入网信息。 S604. The ANDSF determines, according to the location information of the UE, an access network available around the UE. The access network available around the UE is, for example, WLAN or WiMAX. When the location information of the UE is not included in the request message, the ANDSF will return all available access network information.

5605、该 ANDSF向该 UE发送接入网响应消息。 S605: The ANDSF sends an access network response message to the UE.

其中，该响应消息中携带接入网信息列表，该接入网信息列表中可以包括可用的接入网类型、接入网标识和公用陆地移动通信网（Public Land Mobile Network)身份等信息，还可以包括用于判断接入网优先级的信息。同时，若该接入网信息列表中包括 WLAN网络的信息，则该信息中包括 WLAN网络的第一敏感信息。由于本发明主要针对 WLAN的准确接入的设计，则此处不考虑接入网信息列表中不包括 WLAN网络的信息的情况。 The response message carries an access network information list, where the access network information list may include information such as an available access network type, an access network identifier, and a public land mobile network identity. Information for determining the priority of the access network may be included. Meanwhile, if the access network information list includes information of the WLAN network, the information includes the first sensitive information of the WLAN network. Since the present invention is mainly directed to the design of accurate access of a WLAN, the case where the information of the WLAN network is not included in the access network information list is not considered here.

5606、该 UE 根据该响应消息中的接入网信息列表确定所要接入的 WLAN网络。 S606. The UE determines, according to the access network information list in the response message, the WLAN network to be accessed.

其中，根据该接入网信息列表中的接入网类型及接入网优先级信息确定所要接入的接入网类型，如 WiMAX或 WLAN。基于本发明，该 UE根据接入网优先级信息确定使用 WLAN网络进行业务分流，将该接入网信息列表中的 WLAN网络作为可用的 WLAN网络。 The type of the access network to be accessed, such as WiMAX or WLAN, is determined according to the access network type and the access network priority information in the access network information list. Based on the present invention, the UE determines to use the WLAN network for service offload according to the access network priority information, and uses the WLAN network in the access network information list as an available WLAN network.

进一步地，该接入网信息列表中还可以包括用于判断所述可用的 WLAN 网络优先级的信息，该 UE可以根据该用于判断所述可用的 WLAN网络优先级的信息选取优先级最高的一个 WLAN网络作为待连接的 WLAN网络。 Further, the access network information list may further include information for determining the available WLAN network priority, and the UE may select the highest priority according to the information used to determine the available WLAN network priority. A WLAN network acts as a WLAN network to be connected.

S607、该 UE向 WLAN网络的 AP发送探测请求。 S607. The UE sends a probe request to an AP of the WLAN network.

其中，该 WLAN网络为之前确定的待连接的 WLAN网络。 The WLAN network is a previously determined WLAN network to be connected.

S608、该 WLAN网络的 AP向该 UE发送探测响应。 S608. The AP of the WLAN network sends a probe response to the UE.

其中，该探测响应中包括该 WLAN网络的 AP的第二敏感信息。 The probe response includes second sensitive information of the AP of the WLAN network.

具体地，本步骤中， UE从 WLAN网络中获取该 WLAN网络的信息，所述信息中包含 WLAN网络的第二敏感信息。该 UE根据该第一敏感信息和第二敏感信息与该 WLAN网络的 AP进行关联。即该 UE需要将该 WLAN网络的第一敏感信息与第二敏感信息对比，确定一致后与该 WLAN网络的 AP建立关联。 Specifically, in this step, the UE acquires the information of the WLAN network from the WLAN network, where the information includes the second sensitive information of the WLAN network. The UE associates with the AP of the WLAN network according to the first sensitive information and the second sensitive information. That is, the UE needs to compare the first sensitive information of the WLAN network with the second sensitive information, and after determining the consistency, establish an association with the AP of the WLAN network.

可选地，该 UE也可以不进行敏感信息对比，直接根据该第一敏感信息与该 WLAN网络的 AP建立网络连接。进一步， S607和 S608可以采用如下步骤替代：该 UE侦听 Beacon帧来获取该第二敏感信息。 Optionally, the UE may also establish a network connection with the AP of the WLAN network according to the first sensitive information without performing sensitive information comparison. Further, S607 and S608 may be replaced by the following steps: The UE listens to the Beacon frame to obtain the second sensitive information.

5609、该 UE判断从 ANDSF中获取到的该 WLAN网络的第一敏感信息和从 WLAN网络中获取到的该 WLAN网络的第二敏感信息的一致性。 S609: The UE determines consistency of the first sensitive information of the WLAN network acquired from the ANDSF and the second sensitive information of the WLAN network obtained from the WLAN network.

其中，若第一敏感信息和第二敏感信息不一致，则从接入网信息列表中再选择次高级的一个 WLAN网络重新进行步骤 S607; 若一致则执行 S610。 If the first sensitive information and the second sensitive information are inconsistent, then the next advanced WLAN network is selected from the access network information list to perform step S607; if yes, S610 is performed.

5610、该 UE与该 WLAN网络建立网络连接。 5610. The UE establishes a network connection with the WLAN network.

场景二，移动通信网络与 WLAN聚合部署（以移动通信网络为 LTE网络为例说明）。 Scenario 2: Mobile communication network and WLAN aggregation deployment (taking the mobile communication network as an LTE network as an example).

图 7为本发明又一实施例无线局域网的接入方法的信令流程图，如图 6 所示，该方法可以按照如下流程进行： FIG. 7 is a signaling flowchart of a method for accessing a wireless local area network according to still another embodiment of the present invention. As shown in FIG. 6, the method may be performed according to the following process:

S701、 UE接入 LTE网络。 S701. The UE accesses an LTE network.

首先，该 UE首先附着到 LTE网络，即该 UE先接入 LTE网络，与 MME 交互。 First, the UE first attaches to the LTE network, that is, the UE first accesses the LTE network and interacts with the MME.

S702、 MME向 eNB发送 DRB建立请求。 S702. The MME sends a DRB establishment request to the eNB.

其中， MME根据网络策略和 /或业务实际需求确定该 eNB当前需要建立新的 DRB。 The MME determines that the eNB needs to establish a new DRB according to the network policy and/or actual service requirements.

S703、 eNB根据 UE的业务类型、能力信息和自身的负载情况确定该 UE 使用 WLAN来进行业务分流。 S703. The eNB determines, according to the service type, the capability information, and the load condition of the UE, that the UE uses the WLAN to perform service offloading.

其中，该 eNB根据该 UE的能力信息判断该 UE是否为具有 WLAN能力的 UE,并根据接收到的 DRB建立请求去判断是否需要使用 WLAN进行业务分流。 The eNB determines whether the UE is a WLAN-capable UE according to the capability information of the UE, and determines whether the WLAN needs to be used for service offloading according to the received DRB establishment request.

可选地， S701和 S702并非必须，该 eNB也可以根据自身策略直接确定哪些 UE需要使用 WLAN进行业务分流。 Optionally, S701 and S702 are not required, and the eNB may directly determine, according to its own policy, which UEs need to use WLAN for service offloading.

S704、该 eNB向该 UE发送 RRC连接重配置请求。 S704. The eNB sends an RRC connection reconfiguration request to the UE.

其中，在确定 UE具备 WLAN能力和确定 UE使用 WLAN进行业务分流后，该 RRC连接重配置请求中包括 WLAN网络第一敏感信息和该 WLAN网络的 AP的标识信息。 The RRC connection reconfiguration request includes the first sensitive information of the WLAN network and the identifier information of the AP of the WLAN network, after determining that the UE has the WLAN capability and determining that the UE uses the WLAN to perform service offloading.

进一步，该 RRC连接重配置请求中还可以包括用于判断 WLAN网络优先级的信息，当 UE周围有多个可用的 WLAN网络时，该 UE可以根据该用于判断可用的 WLAN网络优先级的信息选取优先级最高的一个 WLAN网络作为待连接的 WLAN网络，并向该 WLAN网络的 AP发送探测请求。 Further, the RRC connection reconfiguration request may further include information for determining a WLAN network priority. When there are multiple available WLAN networks around the UE, the UE may use the UE according to the usage. The WLAN network with the highest priority is selected as the WLAN network with the highest priority, and the probe request is sent to the AP of the WLAN network.

5705、 UE向该 WLAN网络的 AP发送探测请求。 S705: The UE sends a probe request to the AP of the WLAN network.

其中， UE接收到该 RRC连接重配置请求后，确定待连接的 WLAN网络后向该 WLAN网路的 AP发送探测请求。 After receiving the RRC connection reconfiguration request, the UE determines the WLAN network to be connected, and sends a probe request to the AP of the WLAN network.

5706、该 WLAN网络的 AP向该 UE发送探测响应。 5706. The AP of the WLAN network sends a probe response to the UE.

其中，该探测响应中包括该 WLAN网络的第二敏感信息。 The probe response includes second sensitive information of the WLAN network.

进一步， S705和 S706可以采用如下步骤替代：该 UE侦听 Beacon帧来获取该第二敏感信息。 Further, S705 and S706 may be replaced by the following steps: The UE listens to the Beacon frame to obtain the second sensitive information.

S707、该 UE判断从该 eNB中获取到的该 WLAN网络的第一敏感信息和从该 WLAN网络中获取到的该 WLAN网络的第二敏感信息的一致性。 S707. The UE determines consistency of the first sensitive information of the WLAN network acquired from the eNB and the second sensitive information of the WLAN network obtained from the WLAN network.

其中，若第一敏感信息和第二敏感信息不一致，则从该 RRC连接重配置请求中包括的多个 WLAN网络中再选择一个 WLAN网络重新进行步骤 S705；若一致则执行 S708。 If the first sensitive information and the second sensitive information are inconsistent, then selecting one WLAN network from the plurality of WLAN networks included in the RRC connection reconfiguration request to perform step S705; if yes, executing S708.

可选地，该 UE也可以不进行 S707步骤，直接根据该第一敏感信息和该 Optionally, the UE may also perform the step S707, directly according to the first sensitive information and the

WLAN网络的 AP建立关联，完成网络连接。 The APs of the WLAN network establish associations and complete network connections.

S708、该 UE与该 WLAN网络建立网络连接。 S708. The UE establishes a network connection with the WLAN network.

图 8为本发明一用户设备实施例的结构示意图，如图 8所示，该 UE包括：获取模块 81和处理模块 82，其中，获取模块 81用于从移动通信网络的网络设备中获取无线局域网 WLAN网络的第一敏感信息；其中，所述第一敏感信息包括所述 WLAN网络进行安全认证的相关信息；处理模块 82用于根据获取模块 81获取的所述第一敏感信息与所述 WLAN网络的接入点 AP建立连接。 FIG. 8 is a schematic structural diagram of an embodiment of a user equipment according to the present invention. As shown in FIG. 8, the UE includes: an obtaining module 81 and a processing module 82, where the obtaining module 81 is configured to obtain a wireless local area network from a network device of a mobile communication network. The first sensitive information of the WLAN network, where the first sensitive information includes related information for performing security authentication on the WLAN network, and the processing module 82 is configured to use the first sensitive information acquired by the obtaining module 81 and the WLAN network. The access point AP establishes a connection.

可选地， WLAN网络进行安全认证的相关信息可以包括 WLAN网络的 RSN IE和 /或认证类型，但不局限于此。 Optionally, the information related to the security authentication of the WLAN network may include, but is not limited to, an RSN IE and/or an authentication type of the WLAN network.

可选地，所述第一敏感信息还包括辅助所述 UE进行选网的相关信息。可选地，所述网络设备为接入网络发现和选择功能 ANDSF。相应地，获取模块 81从移动通信网络的网络设备中获取无线局域网 WLAN网络的第一敏感信息，包括获取模块 81 向 ANDSF发送接入网信息获取请求，并接收 ANDSF返回的包括接入网信息列表的响应消息，其中，所述接入网信息列表中包含所述 WLAN网络的信息，所述 WLAN网络的信息中包括所述第一敏感信息。进一步地，所述接入网信息获取请求还包括用户设备的位置信息。相应地，所述接入网信息列表是 ANDSF根据用户设备的位置信息确定的。在上述实施例中，获取模块 81具体用于，接收网络控制设备发送的无线资源控制 RRC连接重配置请求，所述 RRC连接重配置请求包括所述第一敏感信息。 Optionally, the first sensitive information further includes related information that assists the UE to perform network selection. Optionally, the network device is an access network discovery and selection function ANDSF. Correspondingly, the obtaining module 81 acquires the first sensitive information of the WLAN network from the network device of the mobile communication network, and the acquiring module 81 sends an access network information obtaining request to the ANDSF, and receives the list of the access network information returned by the ANDSF. Response message, wherein the access network information list The information of the WLAN network is included, and the information of the WLAN network includes the first sensitive information. Further, the access network information acquisition request further includes location information of the user equipment. Correspondingly, the access network information list is determined by the ANDSF according to the location information of the user equipment. In the above embodiment, the obtaining module 81 is specifically configured to: receive, by the network control device, a radio resource control RRC connection reconfiguration request, where the RRC connection reconfiguration request includes the first sensitive information.

在上述实施例中，获取模块 81还用于从移动通信网络的网络设备中获取多个 WLAN网络的第一敏感信息，以及用于判断各 WLAN网络优先级的信息；相应地，处理模块 82具体用于，根据所述 WLAN网络优先级的信息选择所述第一敏感信息，与所述 WLAN网络的接入点 AP建立连接。 In the foregoing embodiment, the obtaining module 81 is further configured to acquire, from the network device of the mobile communication network, first sensitive information of the multiple WLAN networks, and information for determining priorities of the WLAN networks; correspondingly, the processing module 82 is specifically And for selecting, according to the information about the priority of the WLAN network, the first sensitive information, and establishing a connection with an access point AP of the WLAN network.

在上述实施例中，所述 WLAN网络为具有 Hotspot2.0能力且达到必需的安全级别的 WLAN网络；相应地，该用户设备还包括第一发送模块 83，用于在处理模块 82据所述第一敏感信息与所述 WLAN网络的接入点 AP建立连接之前，向所述 AP发送接入网络信息查询请求。相应地，获取模块 81 还用于，接收所述 AP返回的包括所述 WLAN网络的状态信息的查询响应消息；处理模块 82还用于在获取模块 81接收到所述查询响应消息后，根据所述 WLAN网络的状态信息确定所述 WLAN网络可用。 In the above embodiment, the WLAN network is a WLAN network having the Hotspot 2.0 capability and the required security level; correspondingly, the user equipment further includes a first sending module 83, and the processing module 82 is configured to Before the sensitive information establishes a connection with the access point AP of the WLAN network, the access network information query request is sent to the AP. Correspondingly, the obtaining module 81 is further configured to: receive, by the AP, a query response message that includes the status information of the WLAN network; the processing module 82 is further configured to: after the obtaining module 81 receives the query response message, The status information of the WLAN network determines that the WLAN network is available.

在上述实施例中，所述辅助所述 UE进行选网的相关信息可以为 Hotspot 2.0能力指示信息，但不局限于此。所述 Hotspot 2.0能力指示信息用于指示所述 WLAN 网络具有 Hotspot2.0能力且达到必需的安全级别。处理模块 82还用于在第一发送模块 83向所述 AP发送接入网络信息查询请求之前，确定所述第一敏感信息中包括所述 Hotspot 2.0能力指示信息。 In the foregoing embodiment, the information related to the selection of the network by the UE may be Hotspot 2.0 capability indication information, but is not limited thereto. The Hotspot 2.0 capability indication information is used to indicate that the WLAN network has Hotspot 2.0 capability and achieves a required security level. The processing module 82 is further configured to: before the first sending module 83 sends an access network information query request to the AP, determine that the first sensitive information includes the Hotspot 2.0 capability indication information.

在上述实施例中，获取模块 81还用于在处理模块 82根据所述第一敏感信息与所述 WLAN网络的接入点 AP建立连接之前，从所述 WLAN网络中获取所述 WLAN网络的第二敏感信息，所述第二敏感信息包括所述 WLAN 网络进行安全认证的相关信息。相应地，处理模块 82还用于根据所述第一敏感信息与所述 WLAN网络的接入点 AP建立连接之前，确定所述第一敏感信息与所述第二敏感信息一致。进一步地，获取模块 81从所述 WLAN网络中获取所述 WLAN网络的第二敏感信息，具体包括从接收到的所述 WLAN网络的 AP返回的包括所述第二敏感信息的探测响应中获取所述第二敏感信息，所述探测响应是所述用户设备向所述 WLAN网络的 AP发送探测帧之后接收到的；或者，从接收到的所述 WLAN网络的 AP发送的包括所述第二敏感信息的信标帧中获取所述第二敏感信息。本实施例提供的用户设备，具体可以上述各方法实施例照中的处理流程，其功能详见上述方法实施例，此处不再赘述。 In the above embodiment, the obtaining module 81 is further configured to: before the processing module 82 establishes a connection with the access point AP of the WLAN network according to the first sensitive information, acquire the first part of the WLAN network from the WLAN network. The second sensitive information includes information about security authentication performed by the WLAN network. Correspondingly, the processing module 82 is further configured to determine that the first sensitive information is consistent with the second sensitive information before establishing the connection with the access point AP of the WLAN network according to the first sensitive information. Further, the acquiring module 81 acquires the second sensitive information of the WLAN network from the WLAN network, and specifically includes: acquiring, by using the detected response that includes the second sensitive information that is returned by the AP of the WLAN network The second sensitive information, The probe response is received after the user equipment sends a sounding frame to the AP of the WLAN network; or, from the received beacon frame that is sent by the AP of the WLAN network, including the second sensitive information. Obtaining the second sensitive information. For the user equipment provided in this embodiment, the processing procedure in the foregoing method embodiments may be specifically described. For the function, refer to the foregoing method embodiment, and details are not described herein again.

本实施例提供的用户设备，解决了由于 WLAN网络的相关敏感信息容易被篡改而导致 UE无法正常接入 WLAN网络的问题，实现了 WLAN网络的准确接入，提高了 WLAN网络接入的安全性。 The user equipment provided in this embodiment solves the problem that the UE cannot access the WLAN network due to the tampering of the sensitive information of the WLAN network, thereby achieving accurate access of the WLAN network and improving the security of the WLAN network access. .

图 9为本发明一接入网络发现和选择功能设备实施例的结构示意图，如图 9所示，该 ANDSF可以包括接收模块 91和第二发送模块 92，其中，接收模块 91用于接收用户设备 UE发送的接入网信息获取请求；第二发送模块 92 用于向所述 UE发送包括接入网信息列表的响应消息，所述接入网信息列表中包含 WLAN网络的信息，所述 WLAN网络的信息中包括第一敏感信息；其中，所述第一敏感信息包括所述 WLAN网络进行安全认证的相关信息。 FIG. 9 is a schematic structural diagram of an embodiment of an access network discovery and selection function device according to the present invention. As shown in FIG. 9, the ANDSF may include a receiving module 91 and a second sending module 92, where the receiving module 91 is configured to receive user equipment. The access network information acquisition request sent by the UE; the second sending module 92 is configured to send, to the UE, a response message including an access network information list, where the access network information list includes information of a WLAN network, where the WLAN network The first sensitive information is included in the information, and the first sensitive information includes related information that the WLAN network performs security authentication.

可选地，所述第一敏感信息还包括辅助所述 UE进行选网的相关信息，例如 Hot_Spot2.0能力指示信息，但不局限于此。 Optionally, the first sensitive information further includes related information, such as Hot _S pot 2.0 capability indication information, for assisting the UE to perform network selection, but is not limited thereto.

可选地，所述接入网信息获取请求还包括所述 UE 的位置信息；所述 Optionally, the access network information obtaining request further includes location information of the UE;

ANDSF还包括：第一确定模块 93，用于在第二发送模块 92向所述 UE发送包括接入网信息列表的响应消息之前，根据所述 UE的位置信息确定所述 UE 周围可用的接入网信息。 The ANDSF further includes: a first determining module 93, configured to determine, according to the location information of the UE, the available access around the UE, before the second sending module 92 sends the response message including the access network information list to the UE Web information.

在上述实施例中，所述接入网信息列表还包括用于判断 WLAN网络优先级的信息，以供所述 UE根据所述优先级的信息选择所述 WLAN网络。 In the above embodiment, the access network information list further includes information for determining a WLAN network priority, so that the UE selects the WLAN network according to the priority information.

本实施例提供的 ANDSF, 具体可以上述各方法实施例照中的处理流程，其功能详见上述方法实施例，此处不再赘述。 The ANDSF provided in this embodiment may be specifically the processing procedure in the foregoing method embodiments. For details, refer to the foregoing method embodiments, and details are not described herein again.

本实施例提供的 ANDSF, 解决了由于 WLAN网络的相关敏感信息容易被篡改而导致 UE无法正常接入 WLAN网络的问题，实现了 WLAN网络的准确接入，提高了 WLAN网络接入的安全性。图 10为本发明一网络控制设备实施例结构示意图，如图 10所示，该网络控制设备可以包括第二确定模块 101、第三确定模块 102和第三发送模块 103，其中，第二确定模块 101用于确定使用无线局域网 WLAN网络；第三确定模块 102用于确定所述 UE可用的 WLAN网络；第三发送模块 103用于向所述 UE发送包含所述 WLAN网络的第一敏感信息的无线资源控制 RRC 连接重配置请求，所述 RRC连接重配置请求用于指示所述 UE根据所述第一敏感信息与所述 WLAN网络的接入点 AP建立连接；其中，所述第一敏感信息包括所述 WLAN网络进行安全认证的相关信息。 The ANDSF provided in this embodiment solves the problem that the UE cannot access the WLAN network due to the fact that the relevant sensitive information of the WLAN network is easily falsified, thereby realizing accurate access of the WLAN network and improving the security of the WLAN network access. 10 is a schematic structural diagram of an embodiment of a network control device according to the present invention. As shown in FIG. 10, the network control device may include a second determining module 101, a third determining module 102, and a third sending module 103, where the second determining module The third determining module 102 is configured to determine a WLAN network that is available to the UE, and the third sending module 103 is configured to send, to the UE, the wireless information that includes the first sensitive information of the WLAN network. The RRC connection reconfiguration request is used to indicate that the UE establishes a connection with the access point AP of the WLAN network according to the first sensitive information, where the first sensitive information includes The WLAN network performs related information about security authentication.

可选地，所述第一敏感信息还包括辅助所述 UE进行选网的相关信息，例如 Hotspot2.0能力指示信息，但不局限于此。在上述实施例中，第二确定模块 102具体用于，根据当前网络策略和所述 UE的能力信息确定使用 WLAN 网络。 Optionally, the first sensitive information further includes related information, such as Hotspot 2.0 capability indication information, for assisting the UE to perform network selection, but is not limited thereto. In the above embodiment, the second determining module 102 is specifically configured to determine to use the WLAN network according to the current network policy and the capability information of the UE.

在上述实施例中，第三确定模块 102具体可以用于根据用户设备 UE的位置信息确定所述 UE可用的 WLAN网络。 In the foregoing embodiment, the third determining module 102 is specifically configured to determine, according to location information of the user equipment UE, a WLAN network that is available to the UE.

在上述实施例中，所述 RRC连接重配置请求还包括用于判断 WLAN网络优先级的信息，以供所述 UE根据所述优先级的信息选择所述 WLAN网络。 In the above embodiment, the RRC connection reconfiguration request further includes information for determining a WLAN network priority, so that the UE selects the WLAN network according to the priority information.

本实施例提供的网络控制设备，具体可以上述各方法实施例照中的处理流程，其功能详见上述方法实施例，此处不再赘述。 For the network control device provided by this embodiment, the processing procedure in the foregoing method embodiments may be specifically described. For the function, refer to the foregoing method embodiment, and details are not described herein again.

本实施例提供的网络控制设备，解决了由于 WLAN网络的相关敏感信息容易被篡改而导致 UE无法正常接入 WLAN网络的问题，实现了 WLAN网络的准确接入，提高了 WLAN网络接入的安全性。 The network control device provided in this embodiment solves the problem that the UE cannot access the WLAN network due to the tampering of the sensitive information of the WLAN network, thereby achieving accurate access of the WLAN network and improving the security of the WLAN network. Sex.

图 11为本发明另一用户设备实施例结构示意图，如图 11所示，该 UE 可以包括接收器 111和处理器 112，其中，接收器 111用于从移动通信网络的网络设备中获取无线局域网 WLAN网络的第一敏感信息；其中，所述第一敏感信息包括所述 WLAN网络进行安全认证的相关信息；处理器 112用于根据接收器 111获取的所述第一敏感信息与所述 WLAN网络的接入点 AP建立连接。 FIG. 11 is a schematic structural diagram of another embodiment of a user equipment according to the present invention. As shown in FIG. 11, the UE may include a receiver 111 and a processor 112, where the receiver 111 is configured to acquire a wireless local area network from a network device of the mobile communication network. The first sensitive information of the WLAN network, where the first sensitive information includes related information for performing security authentication on the WLAN network, and the processor 112 is configured to use the first sensitive information acquired by the receiver 111 and the WLAN network. The access point AP establishes a connection.

可选地， WLAN网络进行安全认证的相关信息可以包括 WLAN网络的 RSN IE和 /或认证类型，但不局限于此。 Optionally, the information related to the WLAN network for performing the security authentication may include the WLAN network. RSN IE and/or authentication type, but not limited to this.

可选地，所述网络设备为接入网络发现和选择功能 ANDSF。进一步地，接收器 111从移动通信网络的网络设备中获取无线局域网 WLAN网络的第一敏感信息，包括：接收器 111 向所述 ANDSF发送接入网信息获取请求，并接收所述 ANDSF返回的包括接入网信息列表的响应消息，其中，所述接入网信息列表中包含所述 WLAN网络的信息，所述 WLAN网络的信息中包括所述第一敏感信息。 Optionally, the network device is an access network discovery and selection function ANDSF. Further, the receiver 111 acquires the first sensitive information of the wireless local area network WLAN network from the network device of the mobile communication network, and the method includes: the receiver 111 sends an access network information acquisition request to the ANDSF, and receives the returned by the ANDSF, including a response message of the access network information list, where the access network information list includes information of the WLAN network, and the information of the WLAN network includes the first sensitive information.

再进一步地，所述的接入网信息获取请求还包括所述用户设备的位置信息；相应地，所述接入网信息列表是所述 ANDSF根据所述用户设备的位置信息确定的。 Further, the access network information acquisition request further includes location information of the user equipment; correspondingly, the access network information list is determined by the ANDSF according to location information of the user equipment.

可选地，接收器 111具体用于，接收网络控制设备发送的无线资源控制 RRC连接重配置请求，所述 RRC连接重配置请求包括所述第一敏感信息。 Optionally, the receiver 111 is specifically configured to: receive, by the network control device, a radio resource control RRC connection reconfiguration request, where the RRC connection reconfiguration request includes the first sensitive information.

可选地，接收器 111具体用于，从移动通信网络的网络设备中获取多个 Optionally, the receiver 111 is specifically configured to acquire multiple devices from a network device of the mobile communication network.

WLAN网络的第一敏感信息，以及用于判断各 WLAN网络优先级的信息。相应地，处理器 112具体用于，根据所述 WLAN网络优先级的信息选择所述第一敏感信息，与所述 WLAN网络的接入点 AP建立连接。 The first sensitive information of the WLAN network and the information used to determine the priority of each WLAN network. Correspondingly, the processor 112 is specifically configured to: select the first sensitive information according to the information of the WLAN network priority, and establish a connection with the access point AP of the WLAN network.

可选地，所述 WLAN网络为具有 Hotspot2.0能力且达到必需的安全级别的 WLAN网络。所述用户设备还包括发送器 113，用于在处理器 112根据所述第一敏感信息与所述 WLAN网络的接入点 AP建立连接之前，向所述 AP 发送接入网络信息查询请求。相应地，接收器 111还用于，接收所述 AP返回的包括所述 WLAN网络的状态信息的查询响应消息；处理器 112还用于，在所述接收器接收到所述查询响应消息后，根据所述 WLAN网络的状态信息确定所述 WLAN网络可用。 Optionally, the WLAN network is a WLAN network with Hotspot 2.0 capability and the required security level. The user equipment further includes a transmitter 113, configured to send an access network information query request to the AP before the processor 112 establishes a connection with the access point AP of the WLAN network according to the first sensitive information. Correspondingly, the receiver 111 is further configured to: receive, by the AP, a query response message that includes status information of the WLAN network, where the processor 112 is further configured to: after the receiver receives the query response message, Determining that the WLAN network is available according to status information of the WLAN network.

可选地，所述辅助所述用户设备进行选网的相关信息为 Hotspot 2.0能力指示信息，所述 Hotspot 2.0 能力指示信息用于指示所述 WLAN 网络具有 Hotspot2.0能力且达到必需的安全级别。 Optionally, the information related to the user equipment for performing network selection is Hotspot 2.0 capability indication information, where the Hotspot 2.0 capability indication information is used to indicate that the WLAN network has Hotspot 2.0 capability and reaches a required security level.

可选地，处理器 112还用于，在发送器 113向所述 AP发送接入网络信息查询请求之前，确定所述第一敏感信息中包括 Hotspot 2.0能力指示信息。可选地，接收器 111还用于，在处理器 112根据所述第一敏感信息与所述 WLAN网络的接入点 AP建立连接之前，从所述 WLAN网络中获取所述 WLAN网络的第二敏感信息，所述第二敏感信息包括所述 WLAN网络进行安全认证的相关信息。相应地，处理器 112还用于，根据所述第一敏感信息与所述 WLAN网络的接入点 AP建立连接之前，确定所述第一敏感信息与所述第二敏感信息一致。 Optionally, the processor 112 is further configured to: before the transmitter 113 sends an access network information query request to the AP, determine that the first sensitive information includes Hotspot 2.0 capability indication information. Optionally, the receiver 111 is further configured to: acquire, after the processor 112 establishes a connection with the access point AP of the WLAN network according to the first sensitive information, obtain a second of the WLAN network from the WLAN network. Sensitive information, the second sensitive information includes related information that the WLAN network performs security authentication. Correspondingly, the processor 112 is further configured to determine that the first sensitive information is consistent with the second sensitive information before establishing the connection with the access point AP of the WLAN network according to the first sensitive information.

可选地，接收器 111从所述 WLAN网络中获取所述 WLAN网络的第二敏感信息，具体包括： Optionally, the receiver 111 obtains the second sensitive information of the WLAN network from the WLAN network, specifically:

从接收到的所述 WLAN网络的 AP发送的包括所述第二敏感信息的信标帧中获取所述第二敏感信息。 And acquiring the second sensitive information from a received beacon frame that includes the second sensitive information sent by an AP of the WLAN network.

本实施例提供的用户设备，具体可以上述各方法实施例照中的处理流程，其功能详见上述方法实施例，此处不再赘述。 For the user equipment provided in this embodiment, the processing procedure in the foregoing method embodiments may be specifically described. For the function, refer to the foregoing method embodiment, and details are not described herein again.

图 12为本发明另一接入网络发现和选择功能设备实施例结构示意图，如图 12所示，该 ANDSF可以包括接收器 121和发送器 122，其中，接收器 121用于接收用户设备 UE发送的接入网信息获取请求；发送器 122用于向所述 UE 发送包括接入网信息列表的响应消息，所述接入网信息列表中包含 WLAN网络的信息，所述 WLAN网络的信息中包括第一敏感信息；其中，所述第一敏感信息包括所述 WLAN网络进行安全认证的相关信息。 FIG. 12 is a schematic structural diagram of another embodiment of an access network discovery and selection function device according to the present invention. As shown in FIG. 12, the ANDSF may include a receiver 121 and a transmitter 122, where the receiver 121 is configured to receive a user equipment UE. The access network information acquisition request is used by the transmitter 122 to send a response message including the access network information list to the UE, where the access network information list includes information of the WLAN network, and the information of the WLAN network includes The first sensitive information includes: the first sensitive information includes related information that the WLAN network performs security authentication.

可选地， WLAN网络进行安全认证的相关信息可以包括 WLAN网络的 Optionally, the information related to the WLAN network for performing the security authentication may include the WLAN network.

RSN IE和 /或认证类型，但不局限于此。 RSN IE and / or authentication type, but not limited to this.

可选地，所述接入网信息获取请求还包括所述 UE的位置信息。则 ANDSF 还包括：处理器 123用于在发送器 122向所述 UE发送包括接入网信息列表的响应消息之前，根据所述 UE的位置信息确定 UE周围可用的接入网信息。可选地，所述接入网信息列表还包括用于判断 WLAN 网络优先级的信息，以供所述 UE根据所述优先级的信息选择所述 WLAN网络。 Optionally, the access network information obtaining request further includes location information of the UE. The ANDSF further includes: the processor 123, configured to send, by the transmitter 122, the access network information list to the UE Before the response message, the access network information available around the UE is determined according to the location information of the UE. Optionally, the access network information list further includes information for determining a WLAN network priority, where the UE selects the WLAN network according to the priority information.

本实施例提供的 ANDSF, 解决了由于 WLAN网络的相关敏感信息容易被篡改而导致 UE无法正常接入 WLAN网络的问题，实现了 WLAN网络的准确接入，提高了 WLAN网络接入的安全性。 The ANDSF provided in this embodiment solves the problem that the UE cannot access the WLAN network due to the fact that the relevant sensitive information of the WLAN network is easily falsified, thereby realizing the accurate access of the WLAN network and improving the security of the WLAN network access.

图 13为本发明另一网络控制设备实施例结构示意图，如图 13所示，该网络控制设备可以包括处理器 131和发送器 132，其中，处理器 131用于确定使用无线局域网 WLAN网络，并确定所述 UE可用的 WLAN网络；发送器 132用于向所述 UE发送包含所述 WLAN网络的第一敏感信息的无线资源控制 RRC连接重配置请求，所述 RRC连接重配置请求用于指示所述 UE根据所述第一敏感信息与所述 WLAN网络的接入点 AP建立连接；其中，所述第一敏感信息包括所述 WLAN网络进行安全认证的相关信息。 FIG. 13 is a schematic structural diagram of another embodiment of a network control device according to the present invention. As shown in FIG. 13, the network control device may include a processor 131 and a transmitter 132, where the processor 131 is configured to determine a WLAN network using a wireless local area network, and Determining a WLAN network available to the UE; the transmitter 132 is configured to send, to the UE, a radio resource control RRC connection reconfiguration request that includes first sensitive information of the WLAN network, where the RRC connection reconfiguration request is used to indicate The UE establishes a connection with the access point AP of the WLAN network according to the first sensitive information, where the first sensitive information includes related information of the WLAN network for performing security authentication.

可选地，处理器 131具体可以根据用户设备 UE的位置信息确定所述 UE 可用的 WLAN网络。 Optionally, the processor 131 may determine, according to location information of the user equipment UE, a WLAN network that is available to the UE.

可选地，处理器 131具体用于，根据当前网络策略和所述 UE的能力信息确定使用 WLAN网络。 Optionally, the processor 131 is specifically configured to determine to use the WLAN network according to the current network policy and the capability information of the UE.

可选地，所述 RRC连接重配置请求还包括用于判断 WLAN网络优先级的信息，以供所述 UE根据所述优先级的信息选择所述 WLAN网络。 Optionally, the RRC connection reconfiguration request further includes information for determining a WLAN network priority, so that the UE selects the WLAN network according to the information of the priority.

本实施例提供的网络控制设备，解决了由于 WLAN网络的相关敏感信息容易被篡改而导致 UE无法正常接入 WLAN网络的问题，实现了 WLAN网络的准确接入，提高了 WLAN网络接入的安全性。在本发明所提供的几个实施例中，应该理解到，所揭露的装置和方法，可以通过其它的方式实现。例如，以上所描述的装置实施例仅仅是示意性的，例如，所述单元的划分，仅仅为一种逻辑功能划分，实际实现时可以有另外的划分方式，例如多个单元或组件可以结合或者可以集成到另一个系统，或一些特征可以忽略，或不执行。另一点，所显示或讨论的相互之间的耦合或直接耦合或通信连接可以是通过一些接口，装置或单元的间接耦合或通信连接，可以是电性，机械或其它的形式。 The network control device provided in this embodiment solves the problem that the UE cannot access the WLAN network due to the tampering of the sensitive information of the WLAN network, thereby achieving accurate access of the WLAN network and improving the security of the WLAN network. Sex. In the several embodiments provided by the present invention, it should be understood that the disclosed apparatus and method may be implemented in other manners. For example, the device embodiments described above are merely illustrative. For example, the division of the unit is only a logical function division. In actual implementation, there may be another division manner, for example, multiple units or components may be combined or Can be integrated into another system, or some features can be ignored, or not executed. In addition, the mutual coupling or direct coupling or communication connection shown or discussed may be an indirect coupling or communication connection through some interface, device or unit, and may be in an electrical, mechanical or other form.

所述作为分离部件说明的单元可以是或者也可以不是物理上分开的，作为单元显示的部件可以是或者也可以不是物理单元，即可以位于一个地方，或者也可以分布到多个网络单元上。可以根据实际的需要选择其中的部分或者全部单元来实现本实施例方案的目的。 The units described as separate components may or may not be physically separate, and the components displayed as units may or may not be physical units, that is, may be located in one place, or may be distributed to multiple network units. Some or all of the units may be selected according to actual needs to achieve the objectives of the solution of the embodiment.

另外，在本发明各个实施例中的各功能单元可以集成在一个处理单元中，也可以是各个单元单独物理存在，也可以两个或两个以上单元集成在一个单元中。上述集成的单元既可以采用硬件的形式实现，也可以采用硬件加软件功能单元的形式实现。 In addition, each functional unit in each embodiment of the present invention may be integrated into one processing unit, or each unit may exist physically separately, or two or more units may be integrated into one unit. The above integrated unit can be implemented in the form of hardware or in the form of hardware plus software functional units.

上述以软件功能单元的形式实现的集成的单元，可以存储在一个计算机可读取存储介质中。上述软件功能单元存储在一个存储介质中，包括若干指令用以使得一台计算机设备（可以是个人计算机，服务器，或者网络设备等) 或处理器（processor) 执行本发明各个实施例所述方法的部分步骤。而前述的存储介质包括： U盘、移动硬盘、只读存储器（Read-Only Memory, ROM )、随机存取存储器（Random Access Memory, RAM) 、磁碟或者光盘等各种可以存储程序代码的介质。 The above-described integrated unit implemented in the form of a software functional unit can be stored in a computer readable storage medium. The software functional unit is stored in a storage medium and includes instructions for causing a computer device (which may be a personal computer, a server, or a network device, etc.) or a processor to perform the method of various embodiments of the present invention. Part of the steps. The foregoing storage medium includes: a U disk, a mobile hard disk, a read-only memory (ROM), a random access memory (RAM), a magnetic disk, or an optical disk, and the like, which can store program code. .

本领域技术人员可以清楚地了解到，为描述的方便和简洁，仅以上述各功能模块的划分进行举例说明，实际应用中，可以根据需要而将上述功能分配由不同的功能模块完成，即将装置的内部结构划分成不同的功能模块，以完成以上描述的全部或者部分功能。上述描述的装置的具体工作过程，可以参考前述方法实施例中的对应过程，在此不再赘述。 A person skilled in the art can clearly understand that for the convenience and brevity of the description, only the division of each functional module described above is exemplified. In practical applications, the above function assignment can be completed by different functional modules as needed, that is, the device is installed. The internal structure is divided into different functional modules to perform all or part of the functions described above. For the specific working process of the device described above, refer to the corresponding process in the foregoing method embodiment, and details are not described herein again.

最后应说明的是：以上各实施例仅用以说明本发明的技术方案，而非对其限制；尽管参照前述各实施例对本发明进行了详细的说明，本领域的普通技术人员应当理解：其依然可以对前述各实施例所记载的技术方案进行修改，或者对其中部分或者全部技术特征进行等同替换；而这些修改或者替换，并不使相应技术方案的本质脱离本发明各实施例技术方案的范围。 Finally, it should be noted that the above embodiments are only for explaining the technical solutions of the present invention, and are not intended to be limiting thereof; although the present invention has been described in detail with reference to the foregoing embodiments, those skilled in the art will understand that The technical solutions described in the foregoing embodiments can still be modified. Equivalent to some or all of the technical features, and the modifications or substitutions do not depart from the scope of the technical solutions of the embodiments of the present invention.

Claims

claims

1. A wireless local area network access method, characterized by including:

The user equipment UE obtains the first sensitive information of the wireless local area network WLAN network from the network equipment of the mobile communication network; wherein the first sensitive information includes relevant information for security authentication of the WLAN network;

The UE establishes a connection with the access point AP of the WLAN network based on the first sensitive information.

2. The method according to claim 1, wherein the first sensitive information also includes relevant information that assists the UE in selecting a network.

3. The method according to claim 1 or 2, characterized in that the network device is an access network discovery and selection function ANDSF;

The UE obtains the first sensitive information of the wireless local area network WLAN network from the network equipment of the mobile communication network, including:

The UE sends an access network information acquisition request to the ANDSF;

The UE receives a response message including an access network information list returned by the ANDSF, where the access network information list includes information about the WLAN network, and the information about the WLAN network includes the first sensitive information.

4. The method according to claim 3, characterized in that, the access network information acquisition request further includes the location information of the UE; accordingly, the access network information list is the ANDSF according to the UE The location information is determined.

5. The method according to claim 1 or 2, characterized in that the UE obtains the first sensitive information of the WLAN network from the network device of the mobile communication network, including:

The UE receives a radio resource control RRC connection reconfiguration request sent by a network control device, and the RRC connection reconfiguration request includes the first sensitive information.

6. The method according to any one of claims 1 to 5, characterized in that, the UE obtaining the first sensitive information of the WLAN network from the network device of the mobile communication network includes:

The UE obtains the first sensitive information of multiple WLAN networks from the network equipment of the mobile communication network, and the information used to determine the priority of each WLAN network;

Correspondingly, the UE establishing a connection with the access point AP of the WLAN network based on the first sensitive information includes: the UE selecting the first based on the WLAN network priority information. Sensitive information, establishing a connection with the access point AP of the WLAN network.

7. The method according to any one of claims 2 to 6, characterized in that the WLAN network is a WLAN network that has Hotspot2.0 capabilities and reaches a necessary security level;

Before the UE establishes a connection with the access point AP of the WLAN network based on the first sensitive information, the method further includes:

The UE sends an access network information query request to the AP;

The UE receives the query response message including the status information of the WLAN network returned by the AP, and determines that the WLAN network is available according to the status information of the WLAN network.

8. The method according to claim 7, wherein the relevant information assisting the UE in selecting a network is Hotspot 2.0 capability indication information, and the Hotspot 2.0 capability indication information is used to indicate that the WLAN network has Hotspot2 .0 capabilities and meet the required security level.

9. The method according to claim 8, characterized in that, before the UE sends the access network information query request to the AP, it further includes:

The UE determines that the first sensitive information includes the Hotspot 2.0 capability indication information.

10. The method according to any one of claims 1 to 9, characterized in that, before the UE establishes a connection with the access point AP of the WLAN network based on the first sensitive information, it includes:

The UE obtains second sensitive information of the WLAN network from the WLAN network, and the second sensitive information includes information related to security authentication of the WLAN network;

The UE determines that the first sensitive information is consistent with the second sensitive information.

11. The method according to claim 10, wherein the UE obtains the second sensitive information of the WLAN network from the WLAN network, including:

The UE obtains the second sensitive information from the received detection response including the second sensitive information returned by the AP of the WLAN network, and the detection response is sent by the UE to the AP of the WLAN network received after the probe frame; or,

The UE obtains the second sensitive information from the received beacon frame including the second sensitive information sent by the AP of the WLAN network.

12. A wireless local area network access method, characterized by including:

Access network discovery and selection function ANDSF receives the access network information acquisition request sent by the user equipment UE;

The ANDSF sends a response message including an access network information list to the UE, and the access The network information list includes information about the WLAN network, and the information about the WLAN network includes first sensitive information; wherein the first sensitive information includes information related to security authentication of the WLAN network.

13. The method according to claim 12, wherein the first sensitive information also includes relevant information that assists the UE in selecting a network.

14. The method according to claim 12 or 13, wherein the access network information acquisition request further includes the location information of the UE, then the ANDSF sends the access network information list to the UE. Before responding to the message, also include:

The ANDSF determines available access network information around the UE based on the location information of the UE.

15. The method according to claim 12 or 13 or 14, characterized in that the access network information list also includes information for judging WLAN network priority, so that the UE can determine the priority based on the priority information. Select the WLAN network.

16. A wireless local area network access method, characterized by including:

The network control device determines to use the wireless LAN WLAN network;

The network control device determines the WLAN network available to the UE;

The network control device sends a radio resource control RRC connection reconfiguration request containing the first sensitive information of the WLAN network to the UE, and the RRC connection reconfiguration request is used to instruct the UE to perform the radio resource control according to the first sensitive information. Establish a connection with the access point AP of the WLAN network; wherein the first sensitive information includes information related to security authentication of the WLAN network.

17. The method according to claim 16, wherein the first sensitive information also includes relevant information that assists the UE in selecting a network.

18. The method according to claim 16 or 17, characterized in that the network control device determines the WLAN network available to the UE including:

The network control device determines the location information available to the user equipment UE based on the location information of the user equipment UE.

WLAN network.

19. The method according to claim 16 or 17 or 18, characterized in that the network control device determines to use a wireless local area network WLAN network, including:

The network control device determines to use the WLAN network according to the current network policy and the capability information of the UE.

20. The method according to any one of claims 16 to 19, characterized in that the RRC connection reconfiguration request also includes information used to determine the WLAN network priority, so that the UE can determine the WLAN network priority based on the priority information. Select the WLAN network.

21. A user equipment, characterized by: including:

An acquisition module, configured to acquire the first sensitive information of the wireless local area network WLAN network from the network equipment of the mobile communication network; wherein the first sensitive information includes relevant information for security authentication of the WLAN network;

A processing module, configured to establish a connection with the access point AP of the WLAN network according to the first sensitive information obtained by the acquisition module.

22. The user equipment according to claim 21, wherein the first sensitive information also includes relevant information that assists the user equipment in selecting a network.

23. The user equipment according to claim 21 or 22, characterized in that the network device is an access network discovery and selection function ANDSF;

The acquisition module acquires the first sensitive information of the wireless local area network WLAN network from the network equipment of the mobile communication network, including:

The acquisition module sends an access network information acquisition request to the ANDSF;

The acquisition module receives a response message including an access network information list returned by the ANDSF, where the access network information list includes the information of the WLAN network, and the information of the WLAN network includes the first Sensitive information.

24. The user equipment according to claim 23, characterized in that, the access network information acquisition request further includes location information of the user equipment; accordingly, the access network information list is obtained by the ANDSF according to the The location information of the user equipment is determined.

25. The user equipment according to any one of claims 21 to 24, characterized in that the acquisition module is specifically configured to receive a radio resource control RRC connection reconfiguration request sent by a network control device, and the RRC connection reconfiguration request including the first sensitive information.

26. The user equipment according to any one of claims 21 to 25, characterized in that the acquisition module is specifically configured to acquire the first sensitive information of multiple WLAN networks from the network equipment of the mobile communication network, and is configured to Information to determine the priority of each WLAN network;

Correspondingly, the processing module is specifically configured to select the first sensitive information according to the WLAN network priority information, and establish a connection with the access point AP of the WLAN network.

27. The user equipment according to any one of claims 22 to 26, characterized in that the WLAN network is a WLAN network with Hotspot2.0 capability and reaching a necessary security level;

The user equipment also includes:

A first sending module, configured to send an access network information query request to the AP before the processing module establishes a connection with the access point AP of the WLAN network based on the first sensitive information;

The acquisition module is also configured to receive a query response message returned by the AP including the status information of the WLAN network;

The processing module is also configured to, after the acquisition module receives the query response message, determine that the WLAN network is available according to the status information of the WLAN network.

28. The user equipment according to claim 27, wherein the relevant information assisting the user equipment in selecting a network is Hotspot 2.0 capability indication information, and the Hotspot 2.0 capability indication information is used to indicate the WLAN network It has Hotspot2.0 capabilities and reaches the required security level.

29. The user equipment according to claim 28, characterized in that, the processing module is further configured to, before the first sending module sends an access network information query request to the AP, determine that the first sensitive The information includes the Hotspot 2.0 capability indication information.

30. The user equipment according to any one of claims 21 to 29, characterized in that, the obtaining module is further configured to: in the processing module, according to the first sensitive information and the access point AP of the WLAN network Before establishing the connection, obtain second sensitive information of the WLAN network from the WLAN network, where the second sensitive information includes information related to security authentication of the WLAN network;

The processing module is further configured to determine that the first sensitive information is consistent with the second sensitive information before establishing a connection between the first sensitive information and the access point AP of the WLAN network.

31. The user equipment according to claim 30, wherein the acquisition module acquires the second sensitive information of the WLAN network from the WLAN network, specifically including:

The second sensitive information is obtained from a received detection response including the second sensitive information returned by the AP of the WLAN network, where the detection response is sent by the user equipment to the WLAN Received after the network AP sends a probe frame; or,

The second sensitive information is obtained from the received beacon frame including the second sensitive information sent by the AP of the WLAN network.

32. An ANDSF, characterized by including:

A receiving module, configured to receive an access network information acquisition request sent by the user equipment UE; a second sending module, configured to send a response message including an access network information list to the UE, where the access network information list includes WLAN Network information, the WLAN network information includes first sensitive information; wherein, the first sensitive information includes information related to security authentication of the WLAN network.

33. The ANDSF according to claim 32, wherein the first sensitive information also includes relevant information that assists the UE in selecting a network.

34. The ANDSF according to claim 32 or 33, wherein the access network information acquisition request further includes the location information of the UE; the ANDSF further includes:

The first determining module is configured to determine the available access network information around the UE based on the location information of the UE before the second sending module sends a response message including an access network information list to the UE.

35. The ANDSF according to claim 32 or 33 or 34, characterized in that the access network information list further includes information for judging WLAN network priority, so that the UE can determine the priority based on the priority information. Select the WLAN network.

36. A network control device, characterized by including:

The second determination module is used to determine the use of a wireless local area network WLAN network;

The third determination module is used to determine the WLAN network available to the UE;

A third sending module, configured to send a radio resource control RRC connection reconfiguration request containing the first sensitive information of the WLAN network to the UE, where the RRC connection reconfiguration request is used to instruct the UE according to the first The sensitive information establishes a connection with the access point AP of the WLAN network; wherein the first sensitive information includes information related to security authentication of the WLAN network.

37. The network control device according to claim 36, wherein the first sensitive information also includes relevant information that assists the UE in selecting a network.

38. The network control device according to claim 36 or 37, characterized in that the third determination module is specifically configured to determine the available information of the user equipment UE according to the location information of the user equipment UE. WLAN network.

39. The network control device according to claim 36 or 37, characterized in that the second determination module is specifically configured to determine to use the WLAN network according to the current network policy and the capability information of the UE.

40. The network control device according to any one of claims 36 to 39, characterized in that:

The RRC connection reconfiguration request also includes information used to determine the priority of the WLAN network, so that the UE can select the WLAN network based on the priority information.

41. A user equipment, characterized by: including:

A receiver configured to obtain the first sensitive information of the wireless local area network WLAN network from the network equipment of the mobile communication network; wherein the first sensitive information includes relevant information for security authentication of the WLAN network;

A processor, configured to establish a connection with the access point AP of the WLAN network according to the first sensitive information obtained by the receiver.

42. The user equipment according to claim 41, characterized in that the first sensitive information also includes relevant information that assists the UE in selecting a network.

43. The user equipment according to claim 41 or 42, characterized in that the network device is an access network discovery and selection function ANDSF;

The receiver obtains the first sensitive information of the wireless local area network WLAN network from the network equipment of the mobile communication network, including:

The receiver sends an access network information acquisition request to the ANDSF;

The receiver receives a response message including an access network information list returned by the ANDSF, where the access network information list includes the information of the WLAN network, and the information of the WLAN network includes the first Sensitive information.

44. The user equipment according to claim 43, characterized in that, the access network information acquisition request further includes location information of the user equipment; accordingly, the access network information list is obtained by the ANDSF according to the The location information of the user equipment is determined.

45. The user equipment according to claim 43 or 44, characterized in that the receiver is specifically configured to receive a radio resource control RRC connection reconfiguration request sent by a network control device, and the RRC connection reconfiguration request includes the Describe the first sensitive information.

46. The user equipment according to any one of claims 41 to 45, characterized in that: the receiving The device is specifically used to obtain the first sensitive information of multiple WLAN networks from the network equipment of the mobile communication network, and the information used to determine the priority of each WLAN network;

Correspondingly, the processor is specifically configured to select the first sensitive information according to the WLAN network priority information, and establish a connection with the access point AP of the WLAN network.

47. The user equipment according to any one of claims 42 to 46, characterized in that the WLAN network is a WLAN network with Hotspot2.0 capability and reaching a necessary security level;

The user equipment also includes:

A sender configured to send an access network information query request to the AP before the processor establishes a connection with the access point AP of the WLAN network based on the first sensitive information;

The receiver is further configured to receive a query response message returned by the AP including the status information of the WLAN network;

The processor is further configured to, after the receiver receives the query response message, determine that the WLAN network is available according to the status information of the WLAN network.

48. The user equipment according to claim 47, wherein the relevant information assisting the user equipment in selecting a network is Hotspot 2.0 capability indication information, and the Hotspot 2.0 capability indication information is used to indicate the WLAN network It has Hotspot2.0 capabilities and reaches the required security level.

49. The user equipment according to claim 48, characterized in that the processor is further configured to, before the sender sends an access network information query request to the AP, determine that the first sensitive information Includes Hotspot 2.0 capability indication information.

50. The user equipment according to any one of claims 41 to 49, characterized in that the receiver is further configured to: when the processor determines the first sensitive information and the access point AP of the WLAN network Before establishing the connection, obtain second sensitive information of the WLAN network from the WLAN network, where the second sensitive information includes relevant information for security authentication of the WLAN network;

The processor is also configured to: based on the first sensitive information and the access point of the WLAN network

Before establishing a connection, the AP determines that the first sensitive information is consistent with the second sensitive information.

51. The user equipment according to claim 50, wherein the receiver obtains the second sensitive information of the WLAN network from the WLAN network, specifically including:

52. An ANDSF, characterized by including:

A receiver, configured to receive an access network information acquisition request sent by the user equipment UE;

A transmitter configured to send a response message including an access network information list to the UE, where the access network information list includes WLAN network information, and the WLAN network information includes first sensitive information; wherein, The first sensitive information includes information related to security authentication of the WLAN network.

53. The ANDSF according to claim 52, wherein the first sensitive information also includes relevant information that assists the UE in selecting a network.

54. The ANDSF according to claim 52 or 53, wherein the access network information acquisition request further includes the location information of the UE; the ANDSF further includes:

A processor, configured to determine available access network information around the UE based on the location information of the UE before the sender sends a response message including an access network information list to the UE.

55. The ANDSF according to claim 52 or 53 or 54, characterized in that the access network information list further includes information for judging WLAN network priority, so that the UE can determine the priority based on the priority information. Select the WLAN network.

56. A network control device, characterized by including:

Processor, used to determine the use of a wireless local area network WLAN network, and determine the UE available

WLAN network;

A transmitter configured to send a radio resource control RRC connection reconfiguration request containing first sensitive information of the WLAN network to the UE, where the RRC connection reconfiguration request is used to instruct the UE to perform the radio resource control according to the first sensitive information. Establish a connection with the access point AP of the WLAN network; wherein the first sensitive information includes information related to security authentication of the WLAN network.

57. The network control device according to claim 56, wherein the first sensitive information also includes relevant information that assists the UE in selecting a network.

58. The network control device according to claim 56 or 57, characterized in that the processor is further configured to determine the WLAN network available to the user equipment UE according to the location information of the user equipment UE.

59. The network control device according to claim 56 or 57 or 58, characterized in that: The processor is specifically configured to determine to use the WLAN network according to the current network policy and the capability information of the UE.

60. The network control device according to any one of claims 56 to 59, characterized in that the RRC connection reconfiguration request also includes information used to determine the WLAN network priority, so that the UE can determine the WLAN network priority according to the priority. information to select the WLAN network.