移动互联网-相关支撑技术 苏锐丹
移动互联网-相关支撑技术 苏锐丹
■不追求能够保持session正常通信(no0 session persistency ■强调能够无论何时何地便捷地使用互联网 与应用服务 ■当用户移动时,怎么方便地实现“网络接 入认证”?怎么方便地访问应用? 口自己的管理域中,网络接入与应用系统,用户 注册有自己的ID ▣离开自己的管理域呢?
◼ 不追求能够保持session正常通信(no session persistency) ◼ 强调能够无论何时何地便捷地使用互联网 与应用服务 ◼ 当用户移动时,怎么方便地实现“网络接 入认证”?怎么方便地访问应用? 自己的管理域中,网络接入与应用系统,用户 注册有自己的ID 离开自己的管理域呢?
■网络 口园区网,交换式以太网与WLAN 口网络接入认证 ■应用 口应用系统,用户身份管理 ▣Applications“in the cloud
◼ 网络 园区网,交换式以太网与WLAN 网络接入认证 ◼ 应用 应用系统,用户身份管理 Applications “in the cloud
AAA Authentication Which persons or devices can gain access to the network Authorization What they are allowed to do on the network ■Accounting 口计费 口审计
AAA ◼ Authentication Which persons or devices can gain access to the network ◼ Authorization What they are allowed to do on the network ◼ Accounting 计费 审计
认证与授权 Digital identity The digital representation of users or devices, number or name 口不同的域,不同的应用,采用不同的identity ■在认证基础上做授权 ■AAA servers 口集中管理用户(subscribers),授权,计费
认证与授权 ◼ Digital identity The digital representation of users or devices, number or name 不同的域,不同的应用,采用不同的identity ◼ 在认证基础上做授权 ◼ AAA servers 集中管理用户(subscribers),授权,计费
LTE认证与授权 目前应用广泛的LTE,提供“roaming with other cellular or noncellular network" ■LTE ▣Radio network Fixed network,core EPC (Evolved Packet Core)
LTE 认证与授权 ◼ 目前应用广泛的LTE,提供“roaming with other cellular or noncellular network” ◼ LTE Radio network Fixed network, core EPC (Evolved Packet Core)
LTE Architecture ■UE:mobile device eNodeB:wireless access point MME HSS Internet Serving PDN UE eNodeB GW GW
LTE Architecture ◼ UE: mobile device ◼ eNodeB: wireless access point
MME(Mobile Management Entity): authenticating users with HSS assigning temporary identifiers to the terminals Roaming authorization Serving GW:route packets to and from other 3GPP networks Packet Data Network GW:routing with non-3GPP networks Home Subscriber Server(HSS):subscriber data,authentication and authz,location
◼ MME(Mobile Management Entity): authenticating users with HSS assigning temporary identifiers to the terminals Roaming authorization ◼ Serving GW: route packets to and from other 3GPP networks ◼ Packet Data Network GW: routing with non-3GPP networks ◼ Home Subscriber Server(HSS):subscriber data, authentication and authz, location
Identifiers Identify user,user subscription,device IMSI (International Mobile Subscriber Identity):ITU E212,15 digits(country code,network operator code,subscriber identity),stored in SIM card TMSI(Temporary Mobile Subscriber Identity)
Identifiers ◼ Identify user, user subscription, device ◼ IMSI (International Mobile Subscriber Identity): ITU E212, 15 digits (country code, network operator code, subscriber identity), stored in SIM card ◼ TMSI (Temporary Mobile Subscriber Identity)
MSISDN (Mobile Subscriber ISDN Number):the phone number ■ IMEI (International Mobile Equipment Identity):mobile device Authentication and Key Agreement protocol (RFC3310) ▣Challenge-response ▣共享密钥:存储在SIM卡与HSS中
◼ MSISDN (Mobile Subscriber ISDN Number): the phone number ◼ IMEI (International Mobile Equipment Identity): mobile device ◼ Authentication and Key Agreement protocol (RFC3310) Challenge-response 共享密钥:存储在SIM卡与HSS中