WO2009132536A1 - Method, system and equipment of policy authorization - Google Patents

Method, system and equipment of policy authorization Download PDF

Info

Publication number
WO2009132536A1
WO2009132536A1 PCT/CN2009/070867 CN2009070867W WO2009132536A1 WO 2009132536 A1 WO2009132536 A1 WO 2009132536A1 CN 2009070867 W CN2009070867 W CN 2009070867W WO 2009132536 A1 WO2009132536 A1 WO 2009132536A1
Authority
WO
WIPO (PCT)
Prior art keywords
policy
terminal
location information
entity
authorization
Prior art date
Application number
PCT/CN2009/070867
Other languages
French (fr)
Chinese (zh)
Inventor
何贤会
Original Assignee
华为技术有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 华为技术有限公司 filed Critical 华为技术有限公司
Publication of WO2009132536A1 publication Critical patent/WO2009132536A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general

Definitions

  • the present invention relates to the field of communications technologies, and in particular, to a policy authorization method, system, and device. Background technique
  • the architecture of the Worldwide Interoperability for Microwave Access (WiMAX Access) network mainly includes MS (Mobile Station), ASN (Access Service Network), and CSN (Connective Service Network). Connect the business network) three parts.
  • the ASN mainly includes a BS (Base Station) and an ASN-GW (Access Service Network Gateway);
  • the CSN mainly includes a PPS (Prepaid Server, a sub-pay server) and an AAA (Authentication Authorization Accounting). Authentication, authorization, and accounting) Logical entities such as servers.
  • the MS and the ASN are connected through the R1 interface.
  • the MS and the CSN are connected through the R2 interface.
  • the ASN and the CSN are connected through the R3 interface.
  • the ASNs are connected through the R4 interface.
  • the CSNs are connected through the R5 interface.
  • the BS in the ASN is connected. Connected to the ASN-GW through the R6 interface.
  • the PCC (Policy Control and Charging) framework is a policy control and charging control function framework applicable to various IP (Internet Protocol) connection access networks.
  • the PCC is used to complete resource admission control. Mainly for the characteristics of the mobile access network to achieve certain quality of service control and charging policy control, the main functions provided include: based on user-defined information to achieve policy control and service data flow-based charging control.
  • the PCC is located between the service control layer and the access or bearer layer, and shields the service control layer from the specific technology and topology information of the access or bearer layer.
  • policy control mainly refers to Gating Control and QoS Control
  • charging control refers to FBC (Flow Based Charging).
  • the PCC architecture is introduced in WiMAX, as shown in Figure 1.
  • a PDF Policy Distribution Function
  • PCEF Policy Enforcement point
  • PCRF Policy Charging Rule Function
  • A-PCEF Access Network PCEF
  • C-PCEF Core Network PCEF
  • the WiMAX network has an access network PCEF and an optional core network PCEF.
  • the access network A-PCEF functions in Anchor SFA (Anchor Service Flow Authorization, Anchor SFA), Accounting Client/Agent (accounting client). End/Proxy), Anchor DPF (Anchor Path Entity) implementation.
  • the prior art policy authorization entity cannot authorize different QoS policies (such as bandwidth, bit rate) and charging policies (credit rates) according to policies of different location domains or routing domains.
  • the embodiment of the invention provides a policy authorization method, system and device, so that the policy authorization entity can perform policy authorization according to the location information of the terminal.
  • the embodiment of the invention provides a policy authorization method, which includes the following steps:
  • the embodiment of the invention provides a policy authorization system, including:
  • the policy authorization entity is configured to acquire location information of the terminal, and generate a policy rule according to the location information of the terminal.
  • An embodiment of the present invention provides a policy authorization entity, including:
  • a terminal location information acquiring unit configured to acquire location information of the terminal
  • a rule generating unit configured to generate a policy rule according to the location information of the terminal.
  • the policy authorization entity obtains the location information of the terminal, and performs policy authorization according to the location information of the terminal to generate a policy rule, so that the fine authorization of the policy can be implemented.
  • FIG. 1 is a structural diagram of a WiMAX network in which a PCC is introduced in the prior art
  • FIG. 2 is a schematic diagram of a method 1 in an embodiment of the present invention.
  • FIG. 3 is a schematic diagram of a method 2 in an embodiment of the present invention.
  • FIG. 5 is a flowchart of a method for authorizing a policy in Embodiment 2 of the present invention.
  • FIG. 6 is a flowchart of a method for authorizing a policy in Embodiment 3 of the present invention.
  • FIG. 7 is a flowchart of a method for authorizing a policy in Embodiment 4 of the present invention.
  • Embodiment 8 is a flowchart of a method for authorizing a policy in Embodiment 6 of the present invention.
  • Embodiment 9 is a flowchart of a method for authorizing a policy in Embodiment 7 of the present invention.
  • FIG. 10 is a structural diagram of a policy authorization entity according to an embodiment of the present invention. detailed description
  • the embodiment of the invention provides a policy authorization method, which specifically includes:
  • the policy authorization entity may acquire the location information of the terminal, and generate a policy rule according to the location information of the terminal. In this way, fine-grained authorization of the policy can be achieved.
  • the policy authorization entity After the policy authorization entity generates the policy rule, the The policy rule is sent to the policy enforcement entity for policy enforcement.
  • Method 1 of the embodiment of the present invention includes the following steps:
  • Step 201 The policy enforcement entity sends a session establishment request or a session modification request to the policy authorization entity during the session establishment process, such as the IP-CAN session establishment process, where the session establishment request or the session modification request carries the location information of the terminal.
  • the location information of the terminal Such as the location domain information or routing domain information of the terminal.
  • the policy authorization entity performs policy authorization according to the location information of the terminal, and generates a policy rule, such as a QoS policy and/or a charging rate corresponding to the location information of the terminal, and other information (such as service information or User subscription information) performs policy authorization and generates policy rules.
  • a policy rule such as a QoS policy and/or a charging rate corresponding to the location information of the terminal, and other information (such as service information or User subscription information) performs policy authorization and generates policy rules.
  • Step 202 After the policy authorization entity generates the policy rule according to the location information of the terminal, the policy rule is sent to the policy execution entity for execution by using a session establishment response or a session modification response.
  • the policy enforcement entity may be a PCEF entity in a PCC system or an RCEF entity in a RACS (Resource and Admission Control Subsystem) system;
  • the policy authorization entity may be a PCC The PCRF entity in the system or the A-RACF entity in the RACS system;
  • the location information of the terminal includes not limited to: information of the current serving BS of the terminal, such as BS ID, or location domain information, or routing domain information, or FA (Foreign Agent, roaming agent) /HA (Home Agent, home agent) address, etc.
  • the policy enforcement entity sends the location information of the terminal to the policy authorization entity, and the policy authorization entity can perform policy authorization according to the location information of the terminal to generate a policy rule, so that the policy can be implemented.
  • the policy enforcement entity may carry the location information of the new terminal to the policy authorization entity.
  • Policy authorization The policy authorization entity performs policy authorization according to the new location information of the terminal, generates a new policy rule, and sends the new policy to the policy execution entity for execution through the session establishment response or the session modification response.
  • Step 301 The application function entity (AF) sends a service authorization request to the policy authorization entity, where the request carries location information and service information of the terminal.
  • AF application function entity
  • the terminal may send the location information to the application function entity AF, and after receiving the location information of the terminal, the AF sends a service 4 authorization request to the policy authorization entity.
  • the location information and service information of the terminal may be carried in the request.
  • the policy authorization entity may be a PCRF entity in a PCC system or a Service-based Policy Decision Function (SPDF) or an A-RACF entity in a RACS system.
  • SPDF Service-based Policy Decision Function
  • A-RACF A-RACF entity in a RACS system.
  • Step 302 The policy authorization entity performs policy authorization according to the location information of the terminal, generates a policy rule, and sends a session establishment request or a session modification request to the policy enforcement entity, and sends the policy rule to the policy execution entity.
  • the policy authorization entity may perform policy authorization according to the QoS policy and/or the charging rate corresponding to the location information (location domain or routing domain) of the terminal, and generate a policy rule. Further, when the policy 4 is authorized, You can refer to other information, such as business information or user subscription information, to perform policy authorization and generate policy rules.
  • Step 303 The policy enforcement entity receives the session establishment request or the session modification request, and returns a session establishment response or a session modification response to the policy authorization entity.
  • Step 304 The policy authorization entity returns a service authorization response to the application function entity.
  • the application function entity in the process of newly establishing a service or modifying a service, the application function entity sends the location information of the terminal to the policy authorization entity, and the policy authorization entity performs policy authorization according to the location information of the terminal, and generates a policy rule. , you can achieve fine-grained authorization of the policy.
  • the terminal may send new location information to the AF, where the AF will be The new location information is sent to the policy authorization entity to request the policy authorization entity to perform policy authorization, and a new policy rule is generated and sent to the policy execution entity for execution.
  • the embodiment of the foregoing method is applied to the PCC system as an example for detailed description, including the following steps:
  • Step 401 The terminal MS or the base station BS triggers establishment or bearer modification of the IP-CAN (IP access network) bearer, and sends an IP-CAN bearer setup request message or an IP-CAN bearer modification request message to the access network gateway GW.
  • IP-CAN IP access network
  • Step 402 The access network gateway GW receives the IP-CAN bearer setup request message or the IP-CAN bearer modification request message, and sends an IP-CAN session setup request message or an IP-CAN session modification request message to the PCRF/PDF.
  • the PCEF in the access network gateway GW may receive the IP-CAN 7 bearer setup request message or the IP-CAN ⁇ f bearer request message, and send the IP address to the PCRF/PDF.
  • the CAN session establishment request message or the IP-CAN session modification request message may carry the location information of the terminal, including but not limited to: BS ID, location domain information, routing domain information, FA address, or HA address.
  • Step 403 The PCRF/PDF performs policy authorization according to the location information of the terminal, and generates a policy rule, such as generating a PCC rule.
  • the PCRF/PDF performs policy authorization according to the location information of the terminal, and generates a policy rule, for example, may perform policy authorization according to the QoS and/or charging policy and the charging rate corresponding to the location information of the terminal.
  • Generate policy rules such as generating PCC rules.
  • the policy rule may include a QoS policy and a charging policy.
  • Step 404 The PCRF/PDF sends an IP-CAN session establishment response or an IP-CAN session modification response to the PCEF, where the response carries the policy rule, such as carrying the policy rule.
  • Step 405 The PCEF installs the policy rule, initiates an IP-CAN bearer setup process, or The IP-CAN bearers the modification process.
  • the GW after the terminal or the base station triggers the policy enforcement entity (GW) to establish or modify the IP-CAN bearer, the GW notifies the location authorization information of the terminal to the policy authorization entity (PCRF/PDF), so that the PCRF/PDF is based on the location information of the terminal. Perform policy authorization and generate policy rules so that fine authorization of policies can be implemented.
  • PCRF/PDF policy authorization entity
  • the application of the foregoing method in the PCC system is taken as an example. If the terminal cross-BS handover occurs, the PCEF initiates an IP-CAN modification process. As shown in FIG. 5, the following steps are included:
  • Step 501 The terminal is switched by the service BS to the target BS.
  • Step 502 The target BS sends a service flow modification request to the GW, and the step is optional.
  • Step 503 The PCEF in the GW receives the service flow modification request from the target BS or detects that the terminal is handed over to the target BS by the serving BS, and the PCEF sends an IP-CAN session modification request to the PCRF/PDF, where the request is The location information of the portable terminal.
  • Step 504 The PCRF/PDF receives the IP-CAN session modification request, performs policy authorization according to the location information of the terminal carried in the IP-CAN session modification request, and generates a policy rule, such as a PCC rule.
  • the policy authorization may be performed according to a policy (such as a QoS policy or a charging policy) of a location domain corresponding to the BS (that is, the target BS) where the terminal is currently located, such as a PCC rule.
  • a policy such as a QoS policy or a charging policy
  • Step 505 The PCRF/PDF sends an IP-CAN conference modification response message to the PCEF, where the message carries the generated policy rule, such as a PCC rule.
  • Step 506 The PCEF performs a service flow modification process according to the policy rule.
  • the PCEF updates the QoS and/or charging policy of the service flow according to the QoS policy information and/or the charging policy information carried in the policy rule, and initiates a service flow modification process to modify the service flow.
  • the PCEF initiates an IP-CAN modification process, and notifies the policy authorization entity (PCRF/PDF) of the location information of the terminal, so that the PCRF/PDF root Policy authorization is performed according to the location information of the terminal, and policy rules are generated, so that fine authorization of the policy can be implemented.
  • PCRF/PDF policy authorization entity
  • the above method is applied to the PCC system as an example for detailed description. If the terminal cross-anchor DPF/FA handover occurs, the PCEF initiates an IP-CAN session modification process.
  • Step 601 If a terminal cross-anchor DPF/FA handover occurs, if the terminal is switched from the source ASNa to the target ASNb.
  • Step 602 The service flow authorization entity (and the anchor point DPF2/FA2 together) in the target ASNb sends a service flow modification request to the PCEF, for example, may send a service flow modification request, such as an RR-request message, to the PCEF. , this step is optional.
  • Step 603 the PCEF receives a service flow modification request from the service flow authorization entity in the target ASNb or detects that the anchor DPF/FA is switched from the source ASNa to the target ASNb, and the PCEF sends an IP-CAN session to the PCRF/PDF. Modify the request, the request may carry the location information of the terminal (such as FA address, HA address, etc.).
  • Step 604 The PCRF/PDF may perform policy authorization according to the location information of the terminal, and generate a policy rule, such as a PCC rule, to send an IP-CAN session modification response message to the PCEF, where the message carries a new policy rule.
  • a policy rule such as a PCC rule
  • the PCRF/PDF may authorize the generation of a policy rule according to a policy of a routing domain corresponding to the location information of the terminal, such as a QoS policy or a charging policy.
  • Step 605 The PCEF performs a service flow modification process according to the policy rule.
  • the target ASNb initiates the service flow modification, and the PCEF carries the location information of the terminal to request the PCRF to re-authorize, so that the PCRF/PDF performs policy authorization according to the location information of the terminal. , generate policy rules.
  • the AF sends the location information of the terminal to the policy 4 authorized entity in the service establishment request or the service modification request.
  • the method includes the following steps: Step 701: The terminal initiates service registration by using a high-level protocol, and sends location information (such as BS ID, routing domain information, FA address, or HA address) of the terminal to the AF.
  • location information such as BS ID, routing domain information, FA address, or HA address
  • Step 702 The AF sends a service authorization request to the PCRF/PDF, where the service 4 authorized request can carry the location information and the service information of the terminal.
  • Step 703 The PCRF/PDF performs policy authorization according to the location information of the terminal, and generates a policy rule, such as a PCC rule.
  • the PCRF/PDF may perform policy authorization according to a policy corresponding to the location information of the terminal. If the location information includes the BS ID, the policy corresponding to the location domain or the routing domain (such as a QoS policy or a charging policy) may be found according to the BS ID for policy authorization. Further, the policy authorization may be performed by referring to the service information and the subscription information of the terminal, and the policy rule is generated.
  • Step 704 The PCRF/PDF sends the policy rule, such as a PCC rule, to the PCEF, triggering an IP-CAN bearer setup or an IP-CAN bearer modification.
  • the policy rule such as a PCC rule
  • Step 705 The PCRF/PDF sends an authorization response to the AF sending service 4, and the authorized response of the service 4 may carry an indication of whether the authorization is successful.
  • Step 706 The PCEF performs a service flow modification process according to the policy rule, such as a PCC rule.
  • the AF sends the location information of the terminal to the policy authorization entity in the service establishment or modification request, so that the policy authorization entity performs policy authorization according to the location information of the terminal, and generates a policy rule.
  • the terminal will send new location information to the AF through a high layer protocol message, and the AF will send
  • the service re-authorization request triggers the application session modification to the PCRF/PDF, and the service re-authorization request carries the new location information.
  • the subsequent operation of the PCRF/PCEF is the same as that of the fourth embodiment.
  • the policy authorization entity may also obtain the location information of the terminal from the location server for policy authorization, such as in the IP-CAN session establishment process or the IP-CAN session modification process (terminal/BS trigger), the policy authorization entity.
  • the location information of the terminal can be obtained from the location server for policy granting Right. As shown in Figure 8, the following steps are included:
  • Step 801 The terminal MS or the base station BS triggers establishment of an IP-CAN bearer or modification of an IP-CAN bearer, and sends an IP-CAN bearer setup request or an IP-CAN bearer modification request to the access network gateway GW.
  • Step 802 The PCEF in the access network gateway GW receives the IP-CAN bearer setup request or the IP-CAN bearer modification request, and sends a session establishment request message or a session modification request message to the PCRF/PDF, such as an IP-CAN. Session establishment request message or IP-CAN session modification request message.
  • Step 803 The PCRF/PDF sends a message to the location server to request location information of the terminal, such as a location information request message.
  • Step 804 The location server returns a location information response to the PCRF/PDF, where the location information of the terminal is carried.
  • Step 805 The PCRF/PDF performs policy authorization according to the location information of the terminal, and generates a policy rule, such as a PCC rule.
  • the policy authorization may be performed according to the QoS and/or charging policy, the charging rate, and the like corresponding to the location information. Further, other information (such as terminal subscription information, service information, network configuration policy, etc.) may also be referred to. Policy authorization, generating policy rules, such as PCC rules.
  • Step 806 the PCRF/PDF sends an IP-CAN session establishment response or an IP-CAN session modification response to the PCEF, and carries the policy rule, such as a PCC rule.
  • Step 807 The PCEF installs the received policy rule, initiates an IP-CAN bearer setup process, or IP-CAN 7 carries a tampering process.
  • the policy authorization entity is in the IP-CAN session modification process, and the policy authorization entity (PCRF) can obtain the location information of the terminal from the location server, and perform policy authorization according to the location information to generate a policy rule.
  • PCRF policy authorization entity
  • the policy authorization entity acquires the location information of the terminal from the location server for policy authorization, the AF-triggered IP-CAN session establishment process or the IP-CAN session modification process, and the policy authorization entity acquires the location of the terminal from the location server. Information is authorized for policy. As shown in Figure 9, Includes the following steps:
  • Step 901 The terminal initiates service registration through a high-level protocol, and sends location information (such as BS ID, routing domain information, FA address, or HA address) of the terminal to the AF.
  • location information such as BS ID, routing domain information, FA address, or HA address
  • Step 902 The AF sends a service authorization request to the PCRF/PDF, and the service 4 carries the service information in the authorized request.
  • Step 903 The PCRF/PDF requests location information of the terminal from the location server, and acquires location information of the terminal from the location server.
  • Step 904 The PCRF/PDF performs policy authorization according to the location information of the terminal, and generates a policy rule, such as a PCC rule.
  • the PCRF/PDF may perform policy authorization according to a policy corresponding to the location information of the terminal. If the location information includes the BS ID, the policy corresponding to the location domain or the routing domain (such as a QoS policy or a charging policy) may be found according to the BS ID for policy authorization. Further, the policy authorization may be performed by referring to the service information and the subscription information of the terminal, and the policy rule is generated.
  • Step 905 The PCRF/PDF sends the policy rule, such as the PCC rule, to the PCEF, and triggers the IP-CAN bearer setup/IP-CAN bearer modification.
  • the policy rule such as the PCC rule
  • Step 906 The PCRF/PDF sends a service 4 to the AF to be authorized to respond, and the authorized response of the service 4 may carry an indication of whether the authorization is successful.
  • Step 907 The PCEF performs a service flow modification process according to the policy rule.
  • the IP-CAN session establishment or the IP-CAN session modification process triggered by the policy authorization entity AF obtains the location information of the terminal from the location server, performs policy authorization according to the location information, and generates a policy rule.
  • the access network gateway may send the location information of the terminal to the location server during the network access process or the IP address acquisition process, and the location server sends the terminal location information to the policy authorization entity for subsequent IP.
  • the location information is applied for policy authorization in the -CAN session establishment procedure or the IP-CAN session modification procedure (same as in the implementation examples 1 and 4).
  • the access network gateway can send the location information of the terminal to the location server.
  • the location server then sends the terminal location information to the policy authorization entity, the policy authorization entity applies the new location information for policy re-authorization, and initiates the IP-CAN session modification process (the same as the IP-CAN session modification procedure in the implementation examples 1 and 4) ).
  • the location server in the embodiment of the present invention may be a separate functional entity, or integrated in an entity such as an AAA server, a NASS (Network Attachment Subsystem), a User Information Server, or the like.
  • AAA AAA
  • NASS Network Attachment Subsystem
  • User Information Server User Information Server
  • the methods of the first to sixth embodiments of the present invention are equally applicable to the TISPAN/NGN RACS system, except that the function of the PCEF is replaced by the execution entity RCEF of the RACS system, and the function of the PCRF/PDF is replaced by the SPDF/A-RACF entity of the RACS system, and the flow and The steps are the same as the method.
  • WiMAX wireless personal area network
  • 3GPP 3GPP and 3GPP2.
  • the embodiment of the present invention provides a policy authorization system, where the system includes a policy authorization entity, which is used to acquire location information of the terminal, and generate a policy rule according to the location information of the terminal.
  • the system further includes a policy enforcement entity, configured to receive an IP-CAN bearer setup request message or an IP-CAN bearer modification request message, or receive a service flow modification request from the target network, or detect that the terminal is from the original network.
  • a policy enforcement entity configured to receive an IP-CAN bearer setup request message or an IP-CAN bearer modification request message, or receive a service flow modification request from the target network, or detect that the terminal is from the original network.
  • Switching to the target network sending a session establishment request message or a session modification request message to the policy authorization entity, where the message carries location information of the terminal;
  • the policy authorization entity is configured to receive a session from the policy enforcement entity Establishing a request message or a session modification request message, and acquiring location information of the terminal from the session establishment request message or the session modification request message.
  • system further includes an application function entity, configured to send a service authorization request to the service authorization entity, where the service authorization request carries location information of the terminal, and the policy authorization entity is configured to receive from the The service authorization request of the application function entity acquires location information of the terminal from the service authorization request.
  • application function entity configured to send a service authorization request to the service authorization entity, where the service authorization request carries location information of the terminal
  • the policy authorization entity is configured to receive from the The service authorization request of the application function entity acquires location information of the terminal from the service authorization request.
  • system further includes a location server, where the policy authorization entity is further configured to send a message to the location server to request location information of the terminal, and receive the location server from the location server. Location information of the terminal;
  • the location server is configured to receive a request from the policy authorization entity, and send location information of the terminal to the policy authorization entity.
  • the policy authorization entity is further configured to send the policy rule to the policy enforcement entity, where the policy enforcement entity is further configured to receive the A policy rule that enforces the policy rule.
  • the policy authorization entity obtains the location information of the terminal, and performs policy authorization according to the location information of the terminal to generate a policy rule, so that the fine authorization of the policy can be implemented.
  • the embodiment of the present invention provides a policy authorization entity 100, as shown in FIG. 10, including a terminal location information acquiring unit 110, which is configured to acquire location information of a terminal, and a rule generating unit 120, configured to acquire a cell according to the terminal location information.
  • the location information of the terminal acquired by 110 generates a policy rule.
  • the terminal location information acquiring unit 110 may include: a first acquiring subunit, configured to receive a session establishment request message or a session modification request message from a policy enforcement entity, from the session establishment request Acquiring the location information of the terminal in the message or the session modification request message; or the second obtaining subunit, configured to receive a service authorization request from the application function entity, and obtain location information of the terminal from the service authorization request Or a third obtaining subunit, configured to send a message to the location server to request location information of the terminal, and receive location information of the terminal from the location server.
  • the policy authorization entity 100 may further include a rule issuing entity.
  • the policy authorization entity obtains the location information of the terminal, and performs policy authorization according to the location information of the terminal to generate a policy rule, so that the fine authorization of the policy can be implemented.
  • the embodiment may be implemented by hardware, or may be implemented based on the software plus the necessary general hardware platform.
  • a person skilled in the art can understand that all or part of the steps of implementing the above embodiments can be completed by a program to instruct related hardware, and the program can be stored in a computer readable storage medium. , including the following steps: obtaining location information of the terminal;
  • the above mentioned storage medium may be a readable memory, a magnetic disk or an optical disk or the like.

Abstract

A method, system and equipment of policy authorization are provided by the embodiments of the present invention. The method of policy authorization includes the following steps: acquiring terminal's location information; generating a policy rule according to the terminal's location information. In the embodiments of the present invention, the policy authorization entity acquires terminal's location information, and it can perform policy authorization and generate a policy rule according to the terminal's location information, in this way, an accurate authorization of a policy can be realized.

Description

一种策略授权方法、 系统及设备  Strategy authorization method, system and device
技术领域 Technical field
本发明涉及通信技术领域, 尤其涉及一种策略授权方法、 系统及设备。 背景技术  The present invention relates to the field of communications technologies, and in particular, to a policy authorization method, system, and device. Background technique
WiMAX ( Worldwide Interoperability for Microwave Access, 微波接入的全 球互操作性)网絡的结构主要包括 MS( Mobile Station,移动终端)、 ASN( Access Service Network, 业务接入网洛 )和 CSN ( Connectivity Service Network, 连 接业务网絡)三部分。其中, ASN主要包括 BS( Base Station,基站)和 ASN-GW ( Access Service Network Gateway, 接入业务网絡网关)等; CSN主要包括 PPS ( Prepaid Server, 子员付费服务器)和 AAA ( Authentication Authorization Accounting, 认证、 授权和计费)服务器等逻辑实体。 MS与 ASN之间通过 R1接口相连, MS与 CSN之间通过 R2接口相连, ASN与 CSN之间通过 R3 接口相连, ASN之间通过 R4接口相连, CSN之间通过 R5接口相连, ASN 中的 BS与 ASN-GW之间通过 R6接口相连。  The architecture of the Worldwide Interoperability for Microwave Access (WiMAX Access) network mainly includes MS (Mobile Station), ASN (Access Service Network), and CSN (Connective Service Network). Connect the business network) three parts. The ASN mainly includes a BS (Base Station) and an ASN-GW (Access Service Network Gateway); the CSN mainly includes a PPS (Prepaid Server, a sub-pay server) and an AAA (Authentication Authorization Accounting). Authentication, authorization, and accounting) Logical entities such as servers. The MS and the ASN are connected through the R1 interface. The MS and the CSN are connected through the R2 interface. The ASN and the CSN are connected through the R3 interface. The ASNs are connected through the R4 interface. The CSNs are connected through the R5 interface. The BS in the ASN is connected. Connected to the ASN-GW through the R6 interface.
PCC ( Policy Control and Charging, 策略控制和计费 )框架是一个适用于 各种 IP ( Internet Protocol, 网际协议 )连接接入网絡的策略控制和计费控制功 能框架, PCC 用于完成资源接纳控制, 主要针对移动接入网絡的特性实现一 定的服务质量控制和计费策略控制, 提供的主要功能包括: 基于用户的定制 信息实现策略控制及基于服务数据流的计费控制。 PCC位于业务控制层与接 入或承载层之间, 向业务控制层屏蔽接入或承载层的具体技术和拓朴信息。 其中, 策略控制主要是指门控( Gating Control )和 QoS控制 ( QoS Control ), 计费控制是指基于 FBC ( Flow Based Charging, 流的计费)。  The PCC (Policy Control and Charging) framework is a policy control and charging control function framework applicable to various IP (Internet Protocol) connection access networks. The PCC is used to complete resource admission control. Mainly for the characteristics of the mobile access network to achieve certain quality of service control and charging policy control, the main functions provided include: based on user-defined information to achieve policy control and service data flow-based charging control. The PCC is located between the service control layer and the access or bearer layer, and shields the service control layer from the specific technology and topology information of the access or bearer layer. Among them, policy control mainly refers to Gating Control and QoS Control, and charging control refers to FBC (Flow Based Charging).
为了解决业务的动态策略控制和授权, 在 WiMAX引入 PCC架构, 如图 1所示。  In order to solve the dynamic policy control and authorization of services, the PCC architecture is introduced in WiMAX, as shown in Figure 1.
为支持 WiMAX接入网中 A-PCEF的迁移, WiMAX PCC架构还引入了 PDF ( Policy Distribution Function, 策略分发实体)逻辑实体, 用于向 PCRF ( Policy Charging Rule Function, 策略计费规则功能实体)屏蔽 WiMAX网絡 中 PCC策略执行点 PCEF ( Policy Charging Enforcement Function, 策略计费执 行实体) 的移动性和向 A-PCEF (接入网 PCEF )和 C-PCEF (核心网 PCEF ) 分发 PCC规则。 WiMAX网絡存在接入网 PCEF和可选的核心网 PCEF,接入 网 A-PCEF的功能在 Anchor SFA ( Anchor Service Flow Authorization , Anchor SFA,锚定服务流授权)、 Accounting Client/Agent (计费客户端 /代理)、 Anchor DPF (锚地通路实体)实现。 To support the migration of A-PCEF in WiMAX access networks, the WiMAX PCC architecture has also been introduced. A PDF (Policy Distribution Function), which is used to mask the PCC policy enforcement point (PCEF) in the WiMAX network to the PCRF (Policy Charging Rule Function). Mobility and distribution of PCC rules to A-PCEF (Access Network PCEF) and C-PCEF (Core Network PCEF). The WiMAX network has an access network PCEF and an optional core network PCEF. The access network A-PCEF functions in Anchor SFA (Anchor Service Flow Authorization, Anchor SFA), Accounting Client/Agent (accounting client). End/Proxy), Anchor DPF (Anchor Path Entity) implementation.
在实现上述方案的过程中, 发明人发现现有技术中存在以下缺点: 随着上层业务的发展和 QoS/计费策略的精细授权, 需要按终端所在的位 置信息进行 QoS和计费策略的授权, 如根据不同的区域或路由域配置不同的 QoS 策略和计费费率。 然而, 现有技术中的策略授权实体不能根据不同位置 域或路由域的策略授权不同的 QoS策略(如带宽, 比特率)和计费策略(计 费费率)等。  In the process of implementing the foregoing solution, the inventor finds that the following disadvantages exist in the prior art: With the development of the upper layer service and the fine authorization of the QoS/accounting policy, the QoS and the charging policy authorization are required according to the location information of the terminal. , such as configuring different QoS policies and billing rates according to different regions or routing domains. However, the prior art policy authorization entity cannot authorize different QoS policies (such as bandwidth, bit rate) and charging policies (credit rates) according to policies of different location domains or routing domains.
发明内容 Summary of the invention
本发明实施例提供了一种策略授权方法、 系统及设备, 使得策略授权实 体能根据终端的位置信息进行策略授权。  The embodiment of the invention provides a policy authorization method, system and device, so that the policy authorization entity can perform policy authorization according to the location information of the terminal.
本发明实施例提供了一种策略授权方法, 包括以下步骤:  The embodiment of the invention provides a policy authorization method, which includes the following steps:
获取终端的位置信息;  Obtaining location information of the terminal;
根据所述终端的位置信息生成策略规则。  Generating a policy rule according to the location information of the terminal.
本发明实施例提供了一种策略授权系统, 包括:  The embodiment of the invention provides a policy authorization system, including:
策略授权实体, 用于获取终端的位置信息, 并根据所述终端的位置信息 生成策略规则。  The policy authorization entity is configured to acquire location information of the terminal, and generate a policy rule according to the location information of the terminal.
本发明实施例提供了一种策略授权实体, 包括:  An embodiment of the present invention provides a policy authorization entity, including:
终端位置信息获取单元, 用于获取终端的位置信息;  a terminal location information acquiring unit, configured to acquire location information of the terminal;
规则生成单元, 用于根据所述终端的位置信息生成策略规则。 本发明实施例中, 所述策略授权实体获取终端的位置信息, 可根据所述 终端的位置信息进行策略授权, 生成策略规则, 这样, 可以实现策略的精细 授权。 附图说明 And a rule generating unit, configured to generate a policy rule according to the location information of the terminal. In the embodiment of the present invention, the policy authorization entity obtains the location information of the terminal, and performs policy authorization according to the location information of the terminal to generate a policy rule, so that the fine authorization of the policy can be implemented. DRAWINGS
图 1是现有技术中引入了 PCC的 WiMAX网絡结构图;  1 is a structural diagram of a WiMAX network in which a PCC is introduced in the prior art;
图 2是本发明实施例中方法一示意图;  2 is a schematic diagram of a method 1 in an embodiment of the present invention;
图 3是本发明实施例中方法二示意图;  3 is a schematic diagram of a method 2 in an embodiment of the present invention;
图 4是本发明实施例一中策略授权方法流程图;  4 is a flowchart of a method for authorizing a policy in Embodiment 1 of the present invention;
图 5是本发明实施例二中策略授权方法流程图;  5 is a flowchart of a method for authorizing a policy in Embodiment 2 of the present invention;
图 6是本发明实施例三中策略授权方法流程图;  6 is a flowchart of a method for authorizing a policy in Embodiment 3 of the present invention;
图 7是本发明实施例四中策略授权方法流程图;  7 is a flowchart of a method for authorizing a policy in Embodiment 4 of the present invention;
图 8是本发明实施例六中策略授权方法流程图;  8 is a flowchart of a method for authorizing a policy in Embodiment 6 of the present invention;
图 9是本发明实施例七中策略授权方法流程图;  9 is a flowchart of a method for authorizing a policy in Embodiment 7 of the present invention;
图 10是本发明实施例提供的一种策略授权实体的结构图。 具体实施方式  FIG. 10 is a structural diagram of a policy authorization entity according to an embodiment of the present invention. detailed description
下面将结合本发明实施例中的附图, 对本发明实施例中的技术方案进行 清楚、 完整地描述, 显然, 所描述的实施例仅仅是本发明一部分实施例, 而 不是全部的实施例。 基于本发明中的实施例, 本领域普通技术人员在没有做 出创造性劳动前提下所获得的所有其他实施例 , 都属于本发明保护的范围。  The technical solutions in the embodiments of the present invention are clearly and completely described in the following with reference to the accompanying drawings in the embodiments of the present invention. It is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments obtained by a person of ordinary skill in the art based on the embodiments of the present invention without creative efforts are within the scope of the present invention.
本发明实施例提供一种策略授权方法, 具体包括:  The embodiment of the invention provides a policy authorization method, which specifically includes:
获取终端的位置信息;  Obtaining location information of the terminal;
根据所述终端的位置信息生成策略规则。  Generating a policy rule according to the location information of the terminal.
本发明实施例中, 可以是策略授权实体获取终端的位置信息, 并根据所 述终端的位置信息生成策略规则。 这样, 可以实现策略的精细授权。  In the embodiment of the present invention, the policy authorization entity may acquire the location information of the terminal, and generate a policy rule according to the location information of the terminal. In this way, fine-grained authorization of the policy can be achieved.
进一步, 本发明实施例中, 策略授权实体生成所述策略规则后, 可将所 述策略规则发送给策略执行实体进行策略执行。 Further, in the embodiment of the present invention, after the policy authorization entity generates the policy rule, the The policy rule is sent to the policy enforcement entity for policy enforcement.
本发明实施例方法一, 如图 2所示, 包括以下步骤:  Method 1 of the embodiment of the present invention, as shown in FIG. 2, includes the following steps:
步骤 201 ,策略执行实体在会话建立过程中,如 IP-CAN会话建立过程中, 向策略授权实体发送会话建立请求或会话修改请求, 所述会话建立请求或会 话修改请求中携带终端的位置信息, 如终端的位置域信息或路由域信息。 所 述策略授权实体根据所述终端的位置信息进行策略授权, 生成策略规则, 如 可以是根据所述终端的位置信息对应的 QoS策略和 /或及计费费率以及其他信 息 (如业务信息或用户签约信息)进行策略授权, 生成策略规则。  Step 201: The policy enforcement entity sends a session establishment request or a session modification request to the policy authorization entity during the session establishment process, such as the IP-CAN session establishment process, where the session establishment request or the session modification request carries the location information of the terminal. Such as the location domain information or routing domain information of the terminal. The policy authorization entity performs policy authorization according to the location information of the terminal, and generates a policy rule, such as a QoS policy and/or a charging rate corresponding to the location information of the terminal, and other information (such as service information or User subscription information) performs policy authorization and generates policy rules.
步骤 202, 所述策略授权实体根据所述终端的位置信息生成策略规则后, 通过会话建立响应或会话修改响应将所述策略规则下发给所述策略执行实体 执行。  Step 202: After the policy authorization entity generates the policy rule according to the location information of the terminal, the policy rule is sent to the policy execution entity for execution by using a session establishment response or a session modification response.
本发明实施例中, 所述策略执行实体可以是 PCC系统中的 PCEF实体或 RACS (Resource and Admission Control Subsystem, 资源和接纳控制子系统系 统) 系统中的 RCEF实体; 所述策略授权实体可以是 PCC系统中的 PCRF实 体或 RACS系统中的 A-RACF实体; 所述终端的位置信息包括不限于: 终端 当前服务 BS的信息,如 BS ID,或位置域信息,或路由域信息、或 FA( Foreign Agent, 漫游代理) /HA ( Home Agent, 家乡代理)地址等。  In the embodiment of the present invention, the policy enforcement entity may be a PCEF entity in a PCC system or an RCEF entity in a RACS (Resource and Admission Control Subsystem) system; the policy authorization entity may be a PCC The PCRF entity in the system or the A-RACF entity in the RACS system; the location information of the terminal includes not limited to: information of the current serving BS of the terminal, such as BS ID, or location domain information, or routing domain information, or FA (Foreign Agent, roaming agent) /HA (Home Agent, home agent) address, etc.
本发明实施例中, 策略执行实体将终端的位置信息发送给策略授权实体, 策略授权实体可根据所述终端的位置信息进行策略授权, 生成策略规则, 这 样, 可以实现策略的精细 4受权。  In the embodiment of the present invention, the policy enforcement entity sends the location information of the terminal to the policy authorization entity, and the policy authorization entity can perform policy authorization according to the location information of the terminal to generate a policy rule, so that the policy can be implemented.
进一步的, 本发明实施例中, 若终端的位置发生变化, 如终端进行跨 BS 切换、 FA切换或 HA切换等, 所述策略执行实体可携带新的终端的位置信息 给所述策略授权实体请求策略授权。 所述策略授权实体根据所述终端新的位 置信息进行策略授权, 生成新的策略规则, 通过会话建立响应或会话修改响 应将新的策略下发给策略执行实体执行。  Further, in the embodiment of the present invention, if the location of the terminal changes, such as the cross-BS handover, the FA handover, or the HA handover, the policy enforcement entity may carry the location information of the new terminal to the policy authorization entity. Policy authorization. The policy authorization entity performs policy authorization according to the new location information of the terminal, generates a new policy rule, and sends the new policy to the policy execution entity for execution through the session establishment response or the session modification response.
本发明实施例方法二, 如图 3所示, 包括以下步骤: 步骤 301 , 应用功能实体 AF ( Application Function )向策略授权实体发送 业务授权请求, 该请求中携带所述终端的位置信息和业务信息。 Method 2 of the embodiment of the present invention, as shown in FIG. 3, includes the following steps: Step 301: The application function entity (AF) sends a service authorization request to the policy authorization entity, where the request carries location information and service information of the terminal.
本发明实施例中, 若终端需要建立业务, 则所述终端可以将其位置信息 发送给应用功能实体 AF, 所述 AF收到终端的位置信息后, 向策略授权实体 发送业务 4受权请求, 所述请求中可以携带所述终端的位置信息和业务信息。  In the embodiment of the present invention, if the terminal needs to establish a service, the terminal may send the location information to the application function entity AF, and after receiving the location information of the terminal, the AF sends a service 4 authorization request to the policy authorization entity. The location information and service information of the terminal may be carried in the request.
本发明实施例中, 所述策略授权实体可以为 PCC系统中的 PCRF实体或 RACS 系统中的基于业务的策略决策功能实体 SPDF ( Service-based Policy Decision Function )或 A-RACF实体。  In the embodiment of the present invention, the policy authorization entity may be a PCRF entity in a PCC system or a Service-based Policy Decision Function (SPDF) or an A-RACF entity in a RACS system.
步骤 302, 所述策略授权实体根据所述终端的位置信息进行策略授权, 生 成策略规则, 向策略执行实体发送会话建立请求或会话修改请求, 将所述策 略规则发送给策略执行实体。  Step 302: The policy authorization entity performs policy authorization according to the location information of the terminal, generates a policy rule, and sends a session establishment request or a session modification request to the policy enforcement entity, and sends the policy rule to the policy execution entity.
所述策略授权实体可以是根据所述终端的位置信息 (位置域或路由域) 对应的 QoS策略和 /或计费费率进行策略授权, 生成策略规则, 进一步的, 在 进行策略 4受权时还可以参考其他信息, 如业务信息或用户签约信息, 来进行 策略授权, 生成策略规则。  The policy authorization entity may perform policy authorization according to the QoS policy and/or the charging rate corresponding to the location information (location domain or routing domain) of the terminal, and generate a policy rule. Further, when the policy 4 is authorized, You can refer to other information, such as business information or user subscription information, to perform policy authorization and generate policy rules.
步骤 303, 所述策略执行实体接收所述会话建立请求或会话修改请求, 向 所述策略授权实体返回会话建立响应或会话修改响应。  Step 303: The policy enforcement entity receives the session establishment request or the session modification request, and returns a session establishment response or a session modification response to the policy authorization entity.
步骤 304, 所述策略授权实体向所述应用功能实体返回业务授权响应。 本发明实施例中, 在新建立业务或修改业务的过程中, 应用功能实体将 终端的位置信息发送给策略授权实体, 策略授权实体根据所述终端的位置信 息进行策略授权, 生成策略规则, 这样, 可以实现策略的精细授权。  Step 304: The policy authorization entity returns a service authorization response to the application function entity. In the embodiment of the present invention, in the process of newly establishing a service or modifying a service, the application function entity sends the location information of the terminal to the policy authorization entity, and the policy authorization entity performs policy authorization according to the location information of the terminal, and generates a policy rule. , you can achieve fine-grained authorization of the policy.
进一步的, 本发明实施例中, 若终端的位置发生变化, 如终端进行跨 BS 切换、 FA切换或 HA切换等, 所述终端可将新的位置信息发送给所述 AF, 所述 AF将所述新的位置信息下发给所述策略授权实体请求所述策略授权实 体进行策略授权, 生成新的策略规则下发给策略执行实体执行。  Further, in the embodiment of the present invention, if the location of the terminal changes, for example, the terminal performs cross-BS handover, FA handover, or HA handover, the terminal may send new location information to the AF, where the AF will be The new location information is sent to the policy authorization entity to request the policy authorization entity to perform policy authorization, and a new policy rule is generated and sent to the policy execution entity for execution.
下面分别以在 PCC 系统和电信与 Internet 融合业务和协议组织 TISPAN ( Telecommunications and Internet converged Services and Protocols for Advanced Networking ) RACS系统中应用上述方法实施例为例进行详细说明。 The following are organized in the PCC system and telecom and Internet convergence services and protocols. The method of applying the above method in the RACS system is described in detail as an example.
如图 4所示,是以在 PCC系统中应用上述方法实施例为例进行详细说明, 包括以下步骤:  As shown in FIG. 4, the embodiment of the foregoing method is applied to the PCC system as an example for detailed description, including the following steps:
步骤 401 , 终端 MS或基站 BS触发 IP-CAN ( IP接入网 )承载的建立或 承载修改,向接入网网关 GW发送 IP-CAN承载建立请求消息或 IP-CAN承载 修改请求消息。  Step 401: The terminal MS or the base station BS triggers establishment or bearer modification of the IP-CAN (IP access network) bearer, and sends an IP-CAN bearer setup request message or an IP-CAN bearer modification request message to the access network gateway GW.
步骤 402, 所述接入网网关 GW接收所述 IP-CAN承载建立请求消息或 IP-CAN承载修改请求消息, 发送 IP-CAN会话建立请求消息或 IP-CAN会话 修改请求消息给 PCRF/PDF。  Step 402: The access network gateway GW receives the IP-CAN bearer setup request message or the IP-CAN bearer modification request message, and sends an IP-CAN session setup request message or an IP-CAN session modification request message to the PCRF/PDF.
本发明实施例中, 可以是所述接入网网关 GW 中的 PCEF 接收所述 IP-CAN 7 载建立请求消息或 IP-CAN ^f 载爹改请求消息 , 向所述 PCRF/PDF 发送 IP-CAN会话建立请求消息或 IP-CAN会话修改请求消息,该消息中可携 带终端的位置信息, 包括不限于: BS ID、 位置域信息、 路由域信息、 FA地 址或 HA地址等。  In the embodiment of the present invention, the PCEF in the access network gateway GW may receive the IP-CAN 7 bearer setup request message or the IP-CAN ^f bearer request message, and send the IP address to the PCRF/PDF. The CAN session establishment request message or the IP-CAN session modification request message may carry the location information of the terminal, including but not limited to: BS ID, location domain information, routing domain information, FA address, or HA address.
步骤 403 , 所述 PCRF/PDF根据终端的位置信息进行策略授权, 生成策略 规则, 如生成 PCC规则。  Step 403: The PCRF/PDF performs policy authorization according to the location information of the terminal, and generates a policy rule, such as generating a PCC rule.
本发明实施例中, 所述 PCRF/PDF根据终端的位置信息进行策略授权, 生成策略规则, 如可以是根据终端的位置信息对应的 QoS和 /或计费策略、 计 费费率进行策略授权, 生成策略规则, 如生成 PCC规则, 进一步的, 还可以 参考其他信息 (如终端签约信息、 业务信息, 网絡配置策略等) 来进行策略 授权, 生成策略规则, 如生成 PCC规则。 本发明实施例中, 所述的策略规则 可包括 QoS策略和计费策略。  In the embodiment of the present invention, the PCRF/PDF performs policy authorization according to the location information of the terminal, and generates a policy rule, for example, may perform policy authorization according to the QoS and/or charging policy and the charging rate corresponding to the location information of the terminal. Generate policy rules, such as generating PCC rules. Further, you can refer to other information (such as terminal subscription information, service information, network configuration policy, etc.) to perform policy authorization and generate policy rules, such as generating PCC rules. In the embodiment of the present invention, the policy rule may include a QoS policy and a charging policy.
步骤 404, PCRF/PDF向所述 PCEF发送 IP-CAN会话建立响应或 IP-CAN 会话修改响应, 所述响应中携带所述的策略规则, 如携带所述策略规则。  Step 404: The PCRF/PDF sends an IP-CAN session establishment response or an IP-CAN session modification response to the PCEF, where the response carries the policy rule, such as carrying the policy rule.
步骤 405, 所述 PCEF安装所述策略规则, 发起 IP-CAN承载建立过程或 IP-CAN承载修改过程。 Step 405: The PCEF installs the policy rule, initiates an IP-CAN bearer setup process, or The IP-CAN bearers the modification process.
本发明实施实例中, 终端或基站触发策略执行实体(GW ) 建立或修改 IP-CAN承载后, GW将终端的位置信息通知策略授权实体( PCRF/PDF ), 使 PCRF/PDF根据终端的位置信息进行策略授权, 生成策略规则, 这样, 可以实 现策略的精细授权。  In the embodiment of the present invention, after the terminal or the base station triggers the policy enforcement entity (GW) to establish or modify the IP-CAN bearer, the GW notifies the location authorization information of the terminal to the policy authorization entity (PCRF/PDF), so that the PCRF/PDF is based on the location information of the terminal. Perform policy authorization and generate policy rules so that fine authorization of policies can be implemented.
本发明实施例二中, 以在 PCC系统中应用上述方法为例进行说明, 若终 端发生跨 BS切换, 则 PCEF发起 IP-CAN修改过程, 如图 5所示, 包括以下 步骤:  In the second embodiment of the present invention, the application of the foregoing method in the PCC system is taken as an example. If the terminal cross-BS handover occurs, the PCEF initiates an IP-CAN modification process. As shown in FIG. 5, the following steps are included:
步骤 501 , 终端由服务 BS切换到目标 BS。  Step 501: The terminal is switched by the service BS to the target BS.
步骤 502, 目标 BS向 GW发送服务流修改请求, 该步骤可选。  Step 502: The target BS sends a service flow modification request to the GW, and the step is optional.
步骤 503 , GW中的 PCEF收到来自所述目标 BS的服务流修改请求或检 测到终端由服务 BS切换到目标 BS, 所述 PCEF向 PCRF/PDF发送 IP-CAN 会话修改请求, 所述请求中可携带终端的位置信息。  Step 503: The PCEF in the GW receives the service flow modification request from the target BS or detects that the terminal is handed over to the target BS by the serving BS, and the PCEF sends an IP-CAN session modification request to the PCRF/PDF, where the request is The location information of the portable terminal.
步骤 504, 所述 PCRF/PDF接收所述 IP-CAN会话修改请求, 根据所述 IP-CAN会话修改请求中携带的终端的位置信息进行策略授权, 生成策略规 则, 如 PCC规则。  Step 504: The PCRF/PDF receives the IP-CAN session modification request, performs policy authorization according to the location information of the terminal carried in the IP-CAN session modification request, and generates a policy rule, such as a PCC rule.
如可以是根据终端当前所在 BS (即目标 BS )对应的位置域的策略(如 QoS策略或计费策略)进行策略授权, 生成策略规则, 如 PCC规则。  For example, the policy authorization may be performed according to a policy (such as a QoS policy or a charging policy) of a location domain corresponding to the BS (that is, the target BS) where the terminal is currently located, such as a PCC rule.
步骤 505 , 所述 PCRF/PDF向 PCEF发送 IP-CAN会议修改响应消息 , 该 消息中携带所述生成的策略规则, 如 PCC规则。  Step 505: The PCRF/PDF sends an IP-CAN conference modification response message to the PCEF, where the message carries the generated policy rule, such as a PCC rule.
步骤 506, 所述 PCEF根据所述策略规则进行服务流修改过程。  Step 506: The PCEF performs a service flow modification process according to the policy rule.
所述 PCEF根据所述策略规则里携带的 QoS 策略信息和 /或计费策略信 息, 对服务流的 QoS和 /或计费策略进行更新, 并发起服务流的修改过程对服 务流进行修改。  The PCEF updates the QoS and/or charging policy of the service flow according to the QoS policy information and/or the charging policy information carried in the policy rule, and initiates a service flow modification process to modify the service flow.
本发明实施例中, 若终端发生跨 BS切换, 所述 PCEF发起 IP-CAN修改 过程, 将终端的位置信息通知策略授权实体(PCRF/PDF ), 使 PCRF/PDF根 据终端的位置信息进行策略授权, 生成策略规则, 这样, 可以实现策略的精 细授权。 In the embodiment of the present invention, if the terminal cross-BS handover occurs, the PCEF initiates an IP-CAN modification process, and notifies the policy authorization entity (PCRF/PDF) of the location information of the terminal, so that the PCRF/PDF root Policy authorization is performed according to the location information of the terminal, and policy rules are generated, so that fine authorization of the policy can be implemented.
本发明实施例三中, 以在 PCC系统中应用上述方法为例进行详细说明, 若终端发生跨锚点 DPF/FA切换, 则 PCEF发起 IP-CAN会话修改过程。  In the third embodiment of the present invention, the above method is applied to the PCC system as an example for detailed description. If the terminal cross-anchor DPF/FA handover occurs, the PCEF initiates an IP-CAN session modification process.
若发生跨 Anchor DPF/FA切换, 目标 ASN发起服务流修改, PCEF携带 目标锚点 DPF/FA地址请求 PCRF重新 4受权。 如图 6所示, 包括以下步骤: 步骤 601 , 若终端发生跨锚点 DPF/FA切换, 如终端由源 ASNa切换到目 标 ASNb。  If a cross-Anchor DPF/FA handover occurs, the target ASN initiates service flow modification, and the PCEF carries the target anchor DPF/FA address request PCRF to re-authorize. As shown in FIG. 6, the method includes the following steps: Step 601: If a terminal cross-anchor DPF/FA handover occurs, if the terminal is switched from the source ASNa to the target ASNb.
步骤 602, 则所述目标 ASNb中的服务流授权实体 (和锚点 DPF2/FA2在 一起)向 PCEF发送服务流修改请求, 如可以是向所述 PCEF发送服务流修改 请求, 如 RR-request消息, 该步骤可选。  Step 602: The service flow authorization entity (and the anchor point DPF2/FA2 together) in the target ASNb sends a service flow modification request to the PCEF, for example, may send a service flow modification request, such as an RR-request message, to the PCEF. , this step is optional.
步骤 603,所述 PCEF收到来自所述目标 ASNb中服务流授权实体的服务 流修改请求或检测到锚点 DPF/FA由源 ASNa切换到目标 ASNb, 则 PCEF向 PCRF/PDF发送 IP-CAN会话修改请求,该请求中可以携带终端的位置信息(如 FA地址, HA地址等)。  Step 603, the PCEF receives a service flow modification request from the service flow authorization entity in the target ASNb or detects that the anchor DPF/FA is switched from the source ASNa to the target ASNb, and the PCEF sends an IP-CAN session to the PCRF/PDF. Modify the request, the request may carry the location information of the terminal (such as FA address, HA address, etc.).
步骤 604, 所述 PCRF/PDF可根据所述终端的位置信息进行策略授权,生 成策略规则, 如 PCC规则, 向所述 PCEF发送 IP-CAN会话修改响应消息, 该消息中携带新的策略规则。  Step 604: The PCRF/PDF may perform policy authorization according to the location information of the terminal, and generate a policy rule, such as a PCC rule, to send an IP-CAN session modification response message to the PCEF, where the message carries a new policy rule.
本发明实施例中, 所述 PCRF/PDF可根据所述终端的位置信息对应的路 由域的策略, 如 QoS策略或计费策略等, 授权生成策略规则。  In the embodiment of the present invention, the PCRF/PDF may authorize the generation of a policy rule according to a policy of a routing domain corresponding to the location information of the terminal, such as a QoS policy or a charging policy.
步骤 605, 所述 PCEF根据所述策略规则进行服务流修改过程。  Step 605: The PCEF performs a service flow modification process according to the policy rule.
本发明实施例中,若发生跨锚点 DPF/FA切换, 目标 ASNb发起服务流修 改,所述 PCEF携带终端的位置信息请求 PCRF重新授权,使 PCRF/PDF根据 所述终端的位置信息进行策略授权, 生成策略规则。  In the embodiment of the present invention, if the cross-anchor DPF/FA handover occurs, the target ASNb initiates the service flow modification, and the PCEF carries the location information of the terminal to request the PCRF to re-authorize, so that the PCRF/PDF performs policy authorization according to the location information of the terminal. , generate policy rules.
本发明实施例四中, AF在业务建立请求或业务修改请求中将终端的位置 信息下发到策略 4受权实体, 如图 7所示, 包括以下步骤: 步骤 701 ,终端通过高层协议发起业务注册,将终端的位置信息(如 BS ID, 路由域信息, FA地址或 HA地址等 )发送给 AF。 In the fourth embodiment of the present invention, the AF sends the location information of the terminal to the policy 4 authorized entity in the service establishment request or the service modification request. As shown in FIG. 7, the method includes the following steps: Step 701: The terminal initiates service registration by using a high-level protocol, and sends location information (such as BS ID, routing domain information, FA address, or HA address) of the terminal to the AF.
步骤 702, 所述 AF向 PCRF/ PDF发送业务授权请求, 所述业务 4受权请 求中可携带所述终端的位置信息和业务信息。  Step 702: The AF sends a service authorization request to the PCRF/PDF, where the service 4 authorized request can carry the location information and the service information of the terminal.
步骤 703, 所述 PCRF/PDF根据所述终端的位置信息进行策略授权,生成 策略规则, 如 PCC规则。  Step 703: The PCRF/PDF performs policy authorization according to the location information of the terminal, and generates a policy rule, such as a PCC rule.
本发明实施例中, 所述 PCRF/PDF可根据所述终端的位置信息对应的策 略进行策略授权。如若位置信息中包括 BS ID, 则可根据 BS ID找到对应位置 域或路由域的策略(如 QoS策略或计费策略)进行策略授权。 进一步的, 还 可以参照业务信息和终端的签约信息等进行策略授权, 生成策略规则。  In the embodiment of the present invention, the PCRF/PDF may perform policy authorization according to a policy corresponding to the location information of the terminal. If the location information includes the BS ID, the policy corresponding to the location domain or the routing domain (such as a QoS policy or a charging policy) may be found according to the BS ID for policy authorization. Further, the policy authorization may be performed by referring to the service information and the subscription information of the terminal, and the policy rule is generated.
步骤 704,所述 PCRF/PDF将所述策略规则,如 PCC规则,下发给 PCEF, 触发 IP-CAN承载建立或 IP-CAN承载修改。  Step 704: The PCRF/PDF sends the policy rule, such as a PCC rule, to the PCEF, triggering an IP-CAN bearer setup or an IP-CAN bearer modification.
步骤 705 , 所述 PCRF/PDF向所述 AF发送业务 4受权响应, 所述业务 4受权 响应中可以携带是否授权成功的指示。  Step 705: The PCRF/PDF sends an authorization response to the AF sending service 4, and the authorized response of the service 4 may carry an indication of whether the authorization is successful.
步骤 706, PCEF根据所述策略规则,如 PCC规则,进行服务流修改过程。 本发明实施例中, AF在业务建立或修改请求中将终端的位置信息下发到 策略授权实体, 使策略授权实体根据终端的位置信息进行策略授权, 生成策 略规则。  Step 706: The PCEF performs a service flow modification process according to the policy rule, such as a PCC rule. In the embodiment of the present invention, the AF sends the location information of the terminal to the policy authorization entity in the service establishment or modification request, so that the policy authorization entity performs policy authorization according to the location information of the terminal, and generates a policy rule.
本发明实施例五中, 若终端的位置信息发生变化, 如跨 BS 切换, 锚点 DPF/FA迁移, 路由域变化等, 终端将通过高层协议消息将新的位置信息发送 给 AF, AF将发送业务重授权请求到 PCRF/PDF触发应用会话修改, 所述业 务重授权请求中携带新的位置信息。 其中, PCRF/PCEF后续的操作与实施例 四相同。  In the fifth embodiment of the present invention, if the location information of the terminal changes, such as handover across a BS, migration of an anchor point DPF/FA, change of a routing domain, etc., the terminal will send new location information to the AF through a high layer protocol message, and the AF will send The service re-authorization request triggers the application session modification to the PCRF/PDF, and the service re-authorization request carries the new location information. The subsequent operation of the PCRF/PCEF is the same as that of the fourth embodiment.
本发明实施例六中, 策略授权实体还可从位置服务器获取终端的位置信 息进行策略授权, 如在 IP-CAN会话建立过程或 IP-CAN会话修改过程(终端 /BS触发)中, 策略授权实体可从位置服务器获取终端的位置信息进行策略授 权。 如图 8所示, 包括以下步骤: In the sixth embodiment of the present invention, the policy authorization entity may also obtain the location information of the terminal from the location server for policy authorization, such as in the IP-CAN session establishment process or the IP-CAN session modification process (terminal/BS trigger), the policy authorization entity. The location information of the terminal can be obtained from the location server for policy granting Right. As shown in Figure 8, the following steps are included:
步骤 801 , 终端 MS或基站 BS触发 IP-CAN承载的建立或 IP-CAN承载 的修改,向接入网网关 GW发送 IP-CAN承载建立请求或 IP-CAN承载修改请 求。  Step 801: The terminal MS or the base station BS triggers establishment of an IP-CAN bearer or modification of an IP-CAN bearer, and sends an IP-CAN bearer setup request or an IP-CAN bearer modification request to the access network gateway GW.
步骤 802,接入网网关 GW中的 PCEF收到所述 IP-CAN承载建立请求或 IP-CAN承载修改请求, 向 PCRF/PDF发送会话建立请求消息或会话修改请求 消息, 如可以是 IP-CAN会话建立请求消息或 IP-CAN会话修改请求消息。  Step 802: The PCEF in the access network gateway GW receives the IP-CAN bearer setup request or the IP-CAN bearer modification request, and sends a session establishment request message or a session modification request message to the PCRF/PDF, such as an IP-CAN. Session establishment request message or IP-CAN session modification request message.
步骤 803, PCRF/PDF向位置服务器发送消息请求获取终端的位置信息, 如可以是位置信息请求消息。  Step 803: The PCRF/PDF sends a message to the location server to request location information of the terminal, such as a location information request message.
步骤 804, 所述位置服务器向 PCRF/PDF返回位置信息响应, 其中携带终 端的位置信息。  Step 804: The location server returns a location information response to the PCRF/PDF, where the location information of the terminal is carried.
步骤 805, PCRF/PDF根据终端的位置信息进行策略授权,生成策略规则, 如 PCC规则。  Step 805: The PCRF/PDF performs policy authorization according to the location information of the terminal, and generates a policy rule, such as a PCC rule.
如可以是根据该位置信息对应的 QoS和 /或计费策略、计费费率等来进行 策略授权; 进一步的, 还可以参考其他信息 (如终端签约信息、 业务信息, 网絡配置策略等)进行策略授权, 生成策略规则, 如 PCC规则。  For example, the policy authorization may be performed according to the QoS and/or charging policy, the charging rate, and the like corresponding to the location information. Further, other information (such as terminal subscription information, service information, network configuration policy, etc.) may also be referred to. Policy authorization, generating policy rules, such as PCC rules.
步骤 806, PCRF/PDF向 PCEF发送 IP-CAN会话建立响应或 IP-CAN会 话修改响应, 携带所述策略规则, 如 PCC规则。  Step 806, the PCRF/PDF sends an IP-CAN session establishment response or an IP-CAN session modification response to the PCEF, and carries the policy rule, such as a PCC rule.
步骤 807, PCEF安装收到的所述策略规则, 发起 IP-CAN承载建立过程 或 IP-CAN 7 载爹改过程。  Step 807: The PCEF installs the received policy rule, initiates an IP-CAN bearer setup process, or IP-CAN 7 carries a tampering process.
本实施例中, 策略授权实体在在 IP-CAN会话修改过程, 策略授权实体 ( PCRF ) 可以从位置服务器获取终端的位置信息, 并根据所述位置信息进行 策略授权, 生成策略规则。  In this embodiment, the policy authorization entity is in the IP-CAN session modification process, and the policy authorization entity (PCRF) can obtain the location information of the terminal from the location server, and perform policy authorization according to the location information to generate a policy rule.
本发明实施例七中, 策略授权实体从位置服务器获取终端的位置信息进 行策略授权, AF触发的 IP-CAN会话建立过程或 IP-CAN会话修改过程中, 策 略授权实体从位置服务器获取终端的位置信息进行策略授权。 见图 9所示, 包括以下步骤: In the seventh embodiment of the present invention, the policy authorization entity acquires the location information of the terminal from the location server for policy authorization, the AF-triggered IP-CAN session establishment process or the IP-CAN session modification process, and the policy authorization entity acquires the location of the terminal from the location server. Information is authorized for policy. As shown in Figure 9, Includes the following steps:
步骤 901,终端通过高层协议发起业务注册,将终端的位置信息(如 BS ID, 路由域信息, FA地址或 HA地址等 )发送给 AF。  Step 901: The terminal initiates service registration through a high-level protocol, and sends location information (such as BS ID, routing domain information, FA address, or HA address) of the terminal to the AF.
步骤 902, AF向 PCRF/PDF发送业务授权请求, 所述业务 4受权请求中携 带业务信息。  Step 902: The AF sends a service authorization request to the PCRF/PDF, and the service 4 carries the service information in the authorized request.
步骤 903 , PCRF/PDF向位置服务器请求终端的位置信息, 并从所述位置 服务器获取终端的位置信息。  Step 903: The PCRF/PDF requests location information of the terminal from the location server, and acquires location information of the terminal from the location server.
步骤 904, 所述 PCRF/PDF根据所述终端的位置信息进行策略授权,生成 策略规则, 如 PCC规则。  Step 904: The PCRF/PDF performs policy authorization according to the location information of the terminal, and generates a policy rule, such as a PCC rule.
本发明实施例中, 所述 PCRF/PDF可根据所述终端的位置信息对应的策 略进行策略授权。如若位置信息中包括 BS ID, 则可根据 BS ID找到对应位置 域或路由域的策略(如 QoS策略或计费策略)进行策略授权。 进一步的, 还 可以参照业务信息和终端的签约信息等进行策略授权, 生成策略规则。  In the embodiment of the present invention, the PCRF/PDF may perform policy authorization according to a policy corresponding to the location information of the terminal. If the location information includes the BS ID, the policy corresponding to the location domain or the routing domain (such as a QoS policy or a charging policy) may be found according to the BS ID for policy authorization. Further, the policy authorization may be performed by referring to the service information and the subscription information of the terminal, and the policy rule is generated.
步骤 905, PCRF/PDF将所述策略规则, 如 PCC规则, 下发给 PCEF, 触 发 IP-CAN承载建立 /IP-CAN承载修改。  Step 905: The PCRF/PDF sends the policy rule, such as the PCC rule, to the PCEF, and triggers the IP-CAN bearer setup/IP-CAN bearer modification.
步骤 906, PCRF/PDF向所述 AF发送业务 4受权响应, 所述业务 4受权响应 中可携带是否授权成功的指示。  Step 906: The PCRF/PDF sends a service 4 to the AF to be authorized to respond, and the authorized response of the service 4 may carry an indication of whether the authorization is successful.
步骤 907, PCEF根据所述策略规则进行服务流修改过程。  Step 907: The PCEF performs a service flow modification process according to the policy rule.
本发明实施例七中 ,策略授权实体 AF触发的 IP-CAN会话建立或 IP-CAN 会话修改过程中, 从位置服务器获取终端的位置信息, 根据所述位置信息进 行策略授权, 生成策略规则。  In the seventh embodiment of the present invention, the IP-CAN session establishment or the IP-CAN session modification process triggered by the policy authorization entity AF obtains the location information of the terminal from the location server, performs policy authorization according to the location information, and generates a policy rule.
本发明实施例八中, 终端在入网过程中或 IP地址获取过程中, 接入网网 关可以将终端的位置信息发送给位置服务器, 位置服务器再将终端位置信息 发送给策略授权实体,供后续 IP-CAN会话建立过程或 IP-CAN会话修改过程 (与实施实例 1和 4相同) 中应用该位置信息进行策略授权。  In the eighth embodiment of the present invention, the access network gateway may send the location information of the terminal to the location server during the network access process or the IP address acquisition process, and the location server sends the terminal location information to the policy authorization entity for subsequent IP. The location information is applied for policy authorization in the -CAN session establishment procedure or the IP-CAN session modification procedure (same as in the implementation examples 1 and 4).
若终端的位置信息发生变化, 如跨 BS切换, Anchor DPF/FA迁移, 路由 域变化, 接入网网关可以将终端的位置信息发送给位置服务器。 位置服务器 再将终端位置信息发送给策略授权实体, 策略授权实体应用新的位置信息进 行策略重授权,并发起 IP-CAN会话修改过程(与实施实例 1和 4中的 IP-CAN 会话修改步骤相同)。 If the location information of the terminal changes, such as cross-BS handover, Anchor DPF/FA migration, routing The domain change, the access network gateway can send the location information of the terminal to the location server. The location server then sends the terminal location information to the policy authorization entity, the policy authorization entity applies the new location information for policy re-authorization, and initiates the IP-CAN session modification process (the same as the IP-CAN session modification procedure in the implementation examples 1 and 4) ).
本发明实施例中的位置服务器可以是单独的功能实体,或集成在 AAA服 务器、 NASS (网絡附着子系统)、 用户信息服务器等实体中。  The location server in the embodiment of the present invention may be a separate functional entity, or integrated in an entity such as an AAA server, a NASS (Network Attachment Subsystem), a User Information Server, or the like.
本发明实施实例一至六的方法对 TISPAN/NGN RACS系统同样适用, 只 是 PCEF的功能由 RACS系统的执行实体 RCEF取代, PCRF/PDF的功能由 RACS系统的 SPDF/A-RACF实体取代, 其流程和步骤和方法一样。  The methods of the first to sixth embodiments of the present invention are equally applicable to the TISPAN/NGN RACS system, except that the function of the PCEF is replaced by the execution entity RCEF of the RACS system, and the function of the PCRF/PDF is replaced by the SPDF/A-RACF entity of the RACS system, and the flow and The steps are the same as the method.
上述实施例以 WiMAX 系统为例进行了说明, 本发明实施例并不限于 WiMAX系统 , 还可以应用到 3GPP、 3GPP2等其他系统中。  The above embodiment is described by taking a WiMAX system as an example. The embodiment of the present invention is not limited to the WiMAX system, and may be applied to other systems such as 3GPP and 3GPP2.
本发明实施例提供了一种策略授权系统, 所述系统包括策略授权实体, 用于获取终端的位置信息, 根据所述终端的位置信息生成策略规则。  The embodiment of the present invention provides a policy authorization system, where the system includes a policy authorization entity, which is used to acquire location information of the terminal, and generate a policy rule according to the location information of the terminal.
进一步的, 所述系统还包括策略执行实体,用于接收 IP-CAN承载建立请 求消息或 IP-CAN承载修改请求消息、或接收到来自目标网絡的服务流修改请 求、 或检测到终端由原网絡切换到目标网絡, 向所述策略授权实体发送会话 建立请求消息或会话修改请求消息, 所述消息中携带有终端的位置信息; 所 述策略授权实体, 用于接收来自所述策略执行实体的会话建立请求消息或会 话修改请求消息, 从所述会话建立请求消息或会话修改请求消息中获取所述 终端的位置信息。  Further, the system further includes a policy enforcement entity, configured to receive an IP-CAN bearer setup request message or an IP-CAN bearer modification request message, or receive a service flow modification request from the target network, or detect that the terminal is from the original network. Switching to the target network, sending a session establishment request message or a session modification request message to the policy authorization entity, where the message carries location information of the terminal; the policy authorization entity is configured to receive a session from the policy enforcement entity Establishing a request message or a session modification request message, and acquiring location information of the terminal from the session establishment request message or the session modification request message.
进一步的, 所述系统还包括应用功能实体, 用于向所述业务授权实体发 送业务授权请求, 所述业务授权请求中携带有所述终端的位置信息; 所述策 略授权实体, 用于接收来自所述应用功能实体的业务授权请求, 从所述业务 授权请求中获取所述终端的位置信息。  Further, the system further includes an application function entity, configured to send a service authorization request to the service authorization entity, where the service authorization request carries location information of the terminal, and the policy authorization entity is configured to receive from the The service authorization request of the application function entity acquires location information of the terminal from the service authorization request.
进一步的, 所述系统还包括位置服务器, 所述策略授权实体还用于向所 述位置服务器发送消息请求获取终端的位置信息, 接收来自所述位置服务器 的终端的位置信息; Further, the system further includes a location server, where the policy authorization entity is further configured to send a message to the location server to request location information of the terminal, and receive the location server from the location server. Location information of the terminal;
所述位置服务器, 用于接收来自所述策略授权实体的请求, 将终端的位 置信息发送给所述策略授权实体。  The location server is configured to receive a request from the policy authorization entity, and send location information of the terminal to the policy authorization entity.
进一步的, 本发明实施例中, 所述策略授权实体, 还用于将所述策略规 则发送给所述策略执行实体; 所述策略执行实体, 还用于接收来自所述策略 授权实体的所述策略规则, 执行所述策略规则。  Further, in the embodiment of the present invention, the policy authorization entity is further configured to send the policy rule to the policy enforcement entity, where the policy enforcement entity is further configured to receive the A policy rule that enforces the policy rule.
本发明实施例中, 所述策略授权实体获取终端的位置信息, 可根据所述 终端的位置信息进行策略授权, 生成策略规则, 这样, 可以实现策略的精细 授权。  In the embodiment of the present invention, the policy authorization entity obtains the location information of the terminal, and performs policy authorization according to the location information of the terminal to generate a policy rule, so that the fine authorization of the policy can be implemented.
本发明实施例提供了一种策略授权实体 100, 如图 10所示, 包括终端位 置信息获取单元 110, 用于获取终端的位置信息; 规则生成单元 120, 用于根 据所述终端位置信息获取单元 110获取的终端的位置信息生成策略规则。  The embodiment of the present invention provides a policy authorization entity 100, as shown in FIG. 10, including a terminal location information acquiring unit 110, which is configured to acquire location information of a terminal, and a rule generating unit 120, configured to acquire a cell according to the terminal location information. The location information of the terminal acquired by 110 generates a policy rule.
进一步的, 本发明实施例中, 所述终端位置信息获取单元 110可以包括: 第一获取子单元, 用于接收来自策略执行实体的会话建立请求消息或会话修 改请求消息, 从所述会话建立请求消息或会话修改请求消息中获取所述终端 的位置信息; 或第二获取子单元, 用于接收来自所述应用功能实体的业务授 权请求, 从所述业务授权请求中获取所述终端的位置信息; 或第三获取子单 元, 用于向位置服务器发送消息请求获取终端的位置信息, 接收来自所述位 置服务器的终端的位置信息。  Further, in the embodiment of the present invention, the terminal location information acquiring unit 110 may include: a first acquiring subunit, configured to receive a session establishment request message or a session modification request message from a policy enforcement entity, from the session establishment request Acquiring the location information of the terminal in the message or the session modification request message; or the second obtaining subunit, configured to receive a service authorization request from the application function entity, and obtain location information of the terminal from the service authorization request Or a third obtaining subunit, configured to send a message to the location server to request location information of the terminal, and receive location information of the terminal from the location server.
进一步的, 本发明实施例中, 所述策略授权实体 100还可以包括规则发 行实体。  Further, in the embodiment of the present invention, the policy authorization entity 100 may further include a rule issuing entity.
本发明实施例中, 所述策略授权实体获取终端的位置信息, 可根据所述 终端的位置信息进行策略授权, 生成策略规则, 这样, 可以实现策略的精细 授权。  In the embodiment of the present invention, the policy authorization entity obtains the location information of the terminal, and performs policy authorization according to the location information of the terminal to generate a policy rule, so that the fine authorization of the policy can be implemented.
通过以上的实施方式的描述, 本领域的技术人员可以清楚地了解到本发 明实施例可以通过硬件实现, 也可以可借助软件加必要的通用硬件平台的方 式来实现基于这样的理解。 本领域普通技术人员可以理解实现上述实施例方 法中的全部或部分步骤是可以通过程序来指令相关的硬件完成, 所述的程序 可以存储于一种计算机可读存储介质中, 该程序在执行时, 包括如下步骤: 获取终端的位置信息; Through the description of the above embodiments, those skilled in the art can clearly understand the present invention. The embodiment may be implemented by hardware, or may be implemented based on the software plus the necessary general hardware platform. A person skilled in the art can understand that all or part of the steps of implementing the above embodiments can be completed by a program to instruct related hardware, and the program can be stored in a computer readable storage medium. , including the following steps: obtaining location information of the terminal;
根据所述终端的位置信息生成策略规则。  Generating a policy rule according to the location information of the terminal.
上述提到的存储介质可以是可读存储器, 磁盘或光盘等。  The above mentioned storage medium may be a readable memory, a magnetic disk or an optical disk or the like.
以上所述, 仅为本发明较佳的具体实施方式, 但本发明的保护范围并不 局限于此, 任何熟悉本技术领域的技术人员在本发明揭露的技术范围内, 可 轻易想到的变化或替换, 都应涵盖在本发明的保护范围之内。 因此, 本发明 的保护范围应该以权利要求的保护范围为准。  The above is only a preferred embodiment of the present invention, but the scope of the present invention is not limited thereto, and any person skilled in the art can easily think of changes or within the technical scope disclosed by the present invention. Alternatives are intended to be covered by the scope of the present invention. Therefore, the scope of protection of the present invention should be determined by the scope of the claims.

Claims

权 利 要 求 书 Claim
1、 一种策略 4受权方法, 其特征在于, 包括以下步骤: 1. A strategy 4 authorized method, characterized in that it comprises the following steps:
获取终端的位置信息;  Obtaining location information of the terminal;
根据所述终端的位置信息生成策略规则。  Generating a policy rule according to the location information of the terminal.
2、 根据权利要求 1所述策略授权方法, 其特征在于, 所述获取终端的位置 信息具体包括:  2. The policy authorization method according to claim 1, wherein the acquiring location information of the terminal specifically includes:
从策略执行实体上, 或者从应用功能实体上, 或者从位置服务器上获取终 端的位置信息。  The location information of the terminal is obtained from the policy enforcement entity, or from the application function entity, or from the location server.
3、 如权利要求 2所述策略授权方法, 其特征在于, 所述从策略执行实体上 获取终端的位置信息具体包括:  The method for authorizing the policy according to claim 2, wherein the obtaining the location information of the terminal from the policy enforcement entity specifically includes:
接收来自策略执行实体的会话建立请求消息或会话修改请求消息, 所述消 息中携带有终端的位置信息;  Receiving a session establishment request message or a session modification request message from the policy enforcement entity, where the message carries the location information of the terminal;
策略授权实体从所述会话建立请求消息或会话修改请求消息中获取所述终 端的位置信息。  The policy authorization entity obtains the location information of the terminal from the session establishment request message or the session modification request message.
4、 如权利要求 3所述策略授权方法, 其特征在于, 所述接收来自策略执行 实体的会话建立请求消息或会话修改请求消息之前还包括:  The policy authorization method according to claim 3, wherein the receiving the session establishment request message or the session modification request message from the policy execution entity further includes:
所述策略执行实体接收 IP-CAN承载建立请求消息或 IP-CAN承载修改请求 消息、 或接收来自目标网絡的服务流修改请求、 或检测到终端由原网絡切换到 目标网絡。  The policy enforcement entity receives the IP-CAN Bearer Setup Request message or the IP-CAN Bearer Modification Request message, or receives a service flow modification request from the target network, or detects that the terminal is handed over from the original network to the target network.
5、 如权利要求 2所述策略授权方法, 其特征在于, 所述从应用功能实体上 获取终端的位置信息具体包括:  The method for authorizing the policy according to claim 2, wherein the obtaining the location information of the terminal from the application function entity specifically includes:
接收来自应用功能实体的业务授权请求, 所述业务授权请求中携带有所述 终端的位置信息;  Receiving a service authorization request from an application function entity, where the service authorization request carries location information of the terminal;
策略授权实体从所述业务授权请求中获取所述终端的位置信息。  The policy authorization entity obtains location information of the terminal from the service authorization request.
6、 如权利要求 2所述策略授权方法, 其特征在于, 所述从位置服务器上获 取终端的位置信息具体包括: 6. The policy authorization method according to claim 2, wherein said obtaining from said location server The location information of the terminal specifically includes:
策略授权实体向位置服务器发送消息请求获取终端的位置信息;  The policy authorization entity sends a message to the location server to request location information of the terminal;
所述策略授权实体接收来自所述位置服务器的终端的位置信息。  The policy authorization entity receives location information of a terminal from the location server.
7、 如权利要求 6所述策略授权方法, 其特征在于, 所述策略授权实体向位 置服务器发送消息之前包括:  The policy authorization method according to claim 6, wherein the policy authorization entity sends a message to the location server before:
策略授权实体接收来自策略执行实体的会话建立请求消息或会话修改请求 消息、 或接收来自应用功能实体的业务授权请求。  The policy authorization entity receives a session establishment request message or a session modification request message from the policy enforcement entity, or receives a service authorization request from the application function entity.
8、 如权利要求 1 - 7中所述任一策略授权方法, 其特征在于, 还包括:  8. The policy authorization method according to any one of claims 1-7, further comprising:
9、 一种策略 4受权系统, 其特征在于, 包括: 9. A strategy 4 authorized system, characterized in that it comprises:
策略授权实体, 用于获取终端的位置信息, 根据所述终端的位置信息生成 策略规则。  The policy authorization entity is configured to acquire location information of the terminal, and generate a policy rule according to the location information of the terminal.
10、 如权利要求 9所述的策略授权系统, 其特征在于, 所述系统还包括: 策略执行实体,用于接收 IP-CAN承载建立请求消息或 IP-CAN承载修改请 求消息、 或接收到来自目标网絡的服务流修改请求、 或检测到终端由原网絡切 换到目标网絡, 向所述策略授权实体发送会话建立请求消息或会话修改请求消 息, 所述消息中携带有终端的位置信息;  The policy authorization system according to claim 9, wherein the system further comprises: a policy enforcement entity, configured to receive an IP-CAN bearer setup request message or an IP-CAN bearer modification request message, or receive the The service flow modification request of the target network, or detecting that the terminal is handed over from the original network to the target network, and sending a session establishment request message or a session modification request message to the policy authorization entity, where the message carries the location information of the terminal;
所述策略授权实体, 用于接收来自所述策略执行实体的会话建立请求消息 或会话修改请求消息, 从所述会话建立请求消息或会话修改请求消息中获取所 述终端的位置信息。  The policy authorization entity is configured to receive a session establishment request message or a session modification request message from the policy enforcement entity, and obtain location information of the terminal from the session establishment request message or the session modification request message.
11、 如权利要求 9所述的策略授权系统, 其特征在于, 所述系统还包括: 应用功能实体, 用于向所述业务授权实体发送业务授权请求, 所述业务授 权请求中携带有所述终端的位置信息;  The policy authorization system according to claim 9, wherein the system further comprises: an application function entity, configured to send a service authorization request to the service authorization entity, where the service authorization request carries the Location information of the terminal;
所述策略授权实体, 用于接收来自所述应用功能实体的业务授权请求, 从 所述业务授权请求中获取所述终端的位置信息。  The policy authorization entity is configured to receive a service authorization request from the application function entity, and obtain location information of the terminal from the service authorization request.
12、 如权利要求 9所述的策略授权系统, 其特征在于, 所述系统还包括位 置服务器; 12. The policy authorization system of claim 9, wherein the system further comprises a bit Set the server;
所述策略授权实体, 用于向所述位置服务器发送消息请求获取终端的位置 信息, 接收来自所述位置服务器的终端的位置信息;  The policy authorization entity is configured to send a message requesting to the location server to acquire location information of the terminal, and receive location information of the terminal from the location server;
所述位置服务器, 用于接收来自所述策略授权实体的请求, 将终端的位置 信息发送给所述策略授权实体。  The location server is configured to receive a request from the policy authorization entity, and send location information of the terminal to the policy authorization entity.
13、 如权利要求 9 - 12所述任一策略授权系统, 其特征在于, 所述策略执行实体, 还用于接收来自所述策略授权实体的所述策略规则, 执行所述策略规则。  13. The policy authorization system according to any one of claims 9-12, wherein the policy enforcement entity is further configured to receive the policy rule from the policy authorization entity, and execute the policy rule.
14、 一种策略授权实体, 其特征在于, 包括:  14. A policy authorization entity, characterized by comprising:
终端位置信息获取单元, 用于获取终端的位置信息;  a terminal location information acquiring unit, configured to acquire location information of the terminal;
规则生成单元, 用于根据所述终端位置信息获取单元获取的终端的位置信 息生成策略规则。  And a rule generating unit, configured to generate a policy rule according to the location information of the terminal acquired by the terminal location information acquiring unit.
15、 如权利要求 14所述策略授权实体, 其特征在于, 所述终端位置信息获 取单元包括如下任一子单元:  The policy authorization entity according to claim 14, wherein the terminal location information obtaining unit comprises any one of the following subunits:
第一获取子单元, 用于接收来自策略执行实体的会话建立请求消息或会话 修改请求消息, 从所述会话建立请求消息或会话修改请求消息中获取所述终端 的位置信息; 或  a first obtaining subunit, configured to receive a session establishment request message or a session modification request message from the policy enforcement entity, and obtain location information of the terminal from the session establishment request message or the session modification request message; or
第二获取子单元, 用于接收来自所述应用功能实体的业务授权请求, 从所 述业务授权请求中获取所述终端的位置信息; 或  a second obtaining subunit, configured to receive a service authorization request from the application function entity, and obtain location information of the terminal from the service authorization request; or
第三获取子单元, 用于向位置服务器发送消息请求获取终端的位置信息, 接收来自所述位置服务器的终端的位置信息。  And a third obtaining subunit, configured to send a message to the location server to request location information of the terminal, and receive location information of the terminal from the location server.
16、 如权利要求 14所述策略授权实体, 其特征在于, 还包括: 执行实体。  16. The policy authorization entity of claim 14, further comprising: an execution entity.
PCT/CN2009/070867 2008-04-28 2009-03-18 Method, system and equipment of policy authorization WO2009132536A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN200810094053.9 2008-04-28
CNA2008100940539A CN101572854A (en) 2008-04-28 2008-04-28 Method, system and equipment for strategy authorization

Publications (1)

Publication Number Publication Date
WO2009132536A1 true WO2009132536A1 (en) 2009-11-05

Family

ID=41232061

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2009/070867 WO2009132536A1 (en) 2008-04-28 2009-03-18 Method, system and equipment of policy authorization

Country Status (2)

Country Link
CN (1) CN101572854A (en)
WO (1) WO2009132536A1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112019562A (en) * 2020-09-10 2020-12-01 北京双洲科技有限公司 Method and system for joint confirmation of mobile service user state

Families Citing this family (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102238518B (en) * 2010-05-04 2015-06-10 中兴通讯股份有限公司 Method and system for obtaining position information of home base station
CN104301124B (en) * 2010-05-25 2018-08-14 华为技术有限公司 Implementation method, system and the relevant device of strategy and charging control
EP2547049B1 (en) * 2010-05-25 2018-09-19 Huawei Technologies Co., Ltd. Method, system and corresponding apparatus for implementing policy and charging control
CN102457938B (en) * 2010-10-18 2016-03-30 中兴通讯股份有限公司 The method and system of terminal access restriction
CN102480718B (en) * 2010-11-29 2015-04-01 中兴通讯股份有限公司 Method for supporting sponsored data connectivity at roaming scene and system thereof
US20160249255A1 (en) * 2015-02-25 2016-08-25 Alcatel-Lucent Usa Inc. Network support for differential charging for data usage in licensed and unlicensed frequency bands
CN108632055B (en) * 2017-03-17 2020-10-09 华为技术有限公司 Network control method and device and communication system

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20060014547A1 (en) * 2004-07-13 2006-01-19 Sbc Knowledge Ventures, L.P. System and method for location based policy management
CN101001401A (en) * 2006-01-10 2007-07-18 华为技术有限公司 Mobile communication system and method for using access network application function service
CN101272274A (en) * 2007-07-24 2008-09-24 华为技术有限公司 Method, device and system for implementing policy and charging control

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20060014547A1 (en) * 2004-07-13 2006-01-19 Sbc Knowledge Ventures, L.P. System and method for location based policy management
CN101001401A (en) * 2006-01-10 2007-07-18 华为技术有限公司 Mobile communication system and method for using access network application function service
CN101272274A (en) * 2007-07-24 2008-09-24 华为技术有限公司 Method, device and system for implementing policy and charging control

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
"Policy and charging control architecture", 3GPP, TS 23.203 V7.6.0, 31 March 2008 (2008-03-31) *

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112019562A (en) * 2020-09-10 2020-12-01 北京双洲科技有限公司 Method and system for joint confirmation of mobile service user state

Also Published As

Publication number Publication date
CN101572854A (en) 2009-11-04

Similar Documents

Publication Publication Date Title
CN101483847B (en) Method, apparatus and system for implementing policy control
JP5269985B2 (en) Online charging architecture in LTE / EPC communication networks
WO2009132536A1 (en) Method, system and equipment of policy authorization
US8369288B2 (en) Method and apparatus for bearer processing
RU2513711C2 (en) Service event trigger
WO2007143940A1 (en) A policy and charging control method, system and equipment when the user is roaming
US20120069763A1 (en) Method and Apparatus for Negotiation Control of Quality of Service Parameters
WO2008101392A1 (en) Method for transmitting qos during handover between systems and network system and destination network thereof
EP1701489A1 (en) Method and apparatus for managing packet data links in a packet data switched network
WO2008134985A1 (en) Method, system and device for making security control
WO2008128454A1 (en) Method and apparatus for policy and charging control
WO2008083630A1 (en) Method, system and device for policy and rules decision
WO2007137522A1 (en) A policy and charging control method, system and device in roaming scenarios
WO2013064004A1 (en) Method and system for updating quality of service
WO2006017985A1 (en) A method of implementing the service treatment by the functional entity in the service control layer
WO2009052749A1 (en) Method, net element apparatus and network system for establishing the ethernet connection
WO2007112657A1 (en) Deciding method and system for service information in mobile communication system
WO2013044730A1 (en) Quality of service updating method and system for policy and charging rules
WO2011022893A1 (en) Interaction method and apparatus between resource and admission control systems
WO2010108367A1 (en) Traffic switch method, traffic information control method, corresponding equipment and system
WO2012083779A1 (en) Policy control method and device
WO2011018020A1 (en) Method and system for controlling load balance of pcrf, and redirect dra
WO2013135213A1 (en) Tdf session process method and pcrf
WO2012129992A1 (en) Sponsored data connectivity processing method, and policy and charging rules function
WO2010118673A1 (en) Method, system and device for processing policy and charging control

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 09737647

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 09737647

Country of ref document: EP

Kind code of ref document: A1