(19)
(11)EP 2 026 533 B1

(12)EUROPEAN PATENT SPECIFICATION

(45)Mention of the grant of the patent:
11.04.2012 Bulletin 2012/15

(21)Application number: 07721785.9

(22)Date of filing:  22.06.2007
(51)International Patent Classification (IPC): 
H04L 29/06(2006.01)
H04L 12/28(2006.01)
(86)International application number:
PCT/CN2007/070168
(87)International publication number:
WO 2008/000192 (03.01.2008 Gazette  2008/01)

(54)

NETWORK ACCESS METHOD OF TERMINALS, NETWORK ACCESS SYSTEM AND GATEWAY EQUIPMENT

ENDGERÄTE-NETZWERKZUGANGSVERFAHREN, NETZWERK-ZUGANGSSYSTEM UND GATEWAYVORRICHTUNG

PROCÉDÉ D'ACCÈS AU RÉSEAU DE TERMINAUX, SYSTÈME D'ACCÈS AU RÉSEAU ET ÉQUIPEMENT DE PASSERELLE


(84)Designated Contracting States:
AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IS IT LI LT LU LV MC MT NL PL PT RO SE SI SK TR

(30)Priority: 24.06.2006 CN 200610061340

(43)Date of publication of application:
18.02.2009 Bulletin 2009/08

(73)Proprietor: Huawei Technologies Co., Ltd.
Longgang District, Shenzhen Guangdong 518129 (CN)

(72)Inventors:
  • SHU, Guiming
    Shenzhen Guangdong 518129 (CN)
  • WANG, Shu
    Shenzhen Guangdong 518129 (CN)

(74)Representative: Thun, Clemens 
Mitscherlich & Partner Patent- und Rechtsanwälte Sonnenstrasse 33
80331 München
80331 München (DE)


(56)References cited: : 
WO-A1-02/056620
WO-A1-2006/000624
CN-A- 1 700 640
US-A1- 2003 210 678
US-B1- 6 957 060
WO-A1-2004/091165
WO-A1-2006/045706
US-A1- 2003 191 939
US-A1- 2004 219 905
  
  • SCHUBA M ET AL: "Internet ID - Flexible Re-use of Mobile Phone Authentication Security for Service Access" INTERNET CITATION 4 November 2004 (2004-11-04), XP002427242 Retrieved from the Internet: URL:http://www.ericsson.com/res/thecompany /docs/journal_conference_papers/service_la yer/internet_id_nordsec.pdf [retrieved on 2010-07-14]
  • "3rd Generation Partnership Project; Technical Specification Group Services and System Aspects; 3G security; Access security for IP-based services (Release 7)", 3GPP STANDARD; 3GPP TS 33.203, 3RD GENERATION PARTNERSHIP PROJECT (3GPP), MOBILE COMPETENCE CENTRE ; 650, ROUTE DES LUCIOLES ; F-06921 SOPHIA-ANTIPOLIS CEDEX ; FRANCE, no. V7.2.0, 1 June 2006 (2006-06-01), pages 1-65, XP050376624,
  
Note: Within nine months from the publication of the mention of the grant of the European patent, any person may give notice to the European Patent Office of opposition to the European patent granted. Notice of opposition shall be filed in a written reasoned statement. It shall not be deemed to have been filed until the opposition fee has been paid. (Art. 99(1) European Patent Convention).


Description

FIELD OF THE INVENTION



[0001] The present invention relates to communications technology, and more particularly to an access method of network terminals, an access system, and gateway equipment.

BACKGROUND OF THE INVENTION



[0002] With the popularity of network terminals, more and more families and enterprises now have multiple network terminals. As shown in FIG 1, through wired or wireless local area network (LAN) devices; network terminals of different forms and having different functions and characteristics are connected into a LAN, which is connected to a wide area network (WAN) through a digital gateway and communication devices. In this networking mode, each network terminal can access the WAN to implement the services such as webpage browsing and point-to-point communication.

[0003] An IP multimedia subsystem (IMS) is a subsystem of a multimedia service network, which is introduced by the 3GPP based on a packet bearer network and the trend of the convergence of the Internet and telecommunication networks. Considering the fixed to mobile convergence (FMC), subsystems of the multimedia service network, such as the IMS, are more frequently used to provide multimedia services to mobile terminals and fixed terminals.

[0004] The bearer of the IMS is an IP network. The IMS can provide a complete set of solutions to IP multimedia services, which satisfy the requirements for security, charging, roaming, and quality of service (QoS) of multimedia services. The prototype of the INS can be regarded as a platform for the IP multimedia services. In addition to the mobile network, the IMS is also applicable to the fixed network. The uniform structure provided by the IMS supports various IP-based services on the packet switched network and circuit switched network, which is irrespective of the access technology.

[0005] In the IMS, a network terminal, such as user equipment (UE), is configured with a universal mobile telecommunications system integrated circuit card (UICC) and/or an IMS subscriber identity module (ISIM). The LJICC and/or ISIM card or module store the information about the identity certification of service subscribers related to the authentication. When a subscriber registers with the IMS network, the subscriber sends a registration request carrying subscriber information related to the authentication. After the IMS determines that the subscriber is legal through the subscriber information related to the authentication, the IMS provides multimedia services to the subscriber. Thus, when the network terminal needs the multimedia services provided by a subsystem of the multimedia service network, such as the IMS domain, the network terminal must provide a function of access authentication to the subsystem domain of the multimedia service network. The gateway equipment of the prior art, for example, the gateway equipment in FIG. 1, only provides a function for network terminals to access the WAN, but does not provide the function of access authentication function to the IMS domain. Therefore, when the subscriber certification information to the IMS is not configured on a network terminal (for example, a fixed network terminal), the network terminal cannot pass the identity certification of the IMS, and thus cannot obtain the multimedia service provided by the IMS.

[0006] In the prior art, the gateway equipment supporting the UICC is provided, in which the subscriber certification information on a UE can be shared by plugging the UICC or ISIM card of the UE having the UICC and/or ISIM into the gateway equipment. However, the card should be plugged in and pulled out frequently in this solution, so it is inconvenient to use.
US 2003/210678A1 discloses a method and apparatus for connecting terminal equipment to a wireless network with a mobile terminal, wherein the mobile terminal has assigned proxy functions that control access of the terminal equipment to an internet protocol multimedia system in the wireless network. The proxy functions may include the mobile terminal providing identification signals from the terminal equipment to the wireless network and application signals between the terminal equipment and the wireless network, so as to act as an intermediary between the terminal equipment and the wireless network.

[0007] XP002427242, SCHUBA M ET AL: "Internet ID -Flexible Re-use of Mobile Phone Authentication Security for Service Access" discloses a principal trying to log in to a protected website (SP Server). The SP Server re-directs the authentication request to IDP server if the SP Server needs to authenticate the PC. The IDP server generates a random pattern and sends it to the PC and the mobile terminal simultaneously. If the principal confirms the match of the patterns on the PC and the mobile terminal, the authentication is successful and the SP Server grants the principal access to the protected website.

[0008] WO 02/056620A discloses that a telephone switchboard 12 can be logged into the mobile network with the data of a SIM in the mobile radio unit into the mobile network. The user can then make calls over the cordless telephone of the telephone switchboard via the mobile network or exchange data.

[0009] WO 2006/045706 A1 discloses a method and apparatus for facilitating access to IMS services by non-IMS enabled terminals, wherein a Residential Gateway performs the IMS registration on behalf of the non-IMS enabled terminals by using information obtained from a USIM application present at the Residential Gateway.

SUMMARY OF THE INVENTION



[0010] In an embodiment, the present invention is directed to an access system, an access method of network terminals, and gateway equipment, which enable network terminals without subscriber certification information for a service network system to obtain services provided by the service network system.

[0011] The technical solution according to an embodiment of the present invention is provided according to the appended independent claims 1, 5, and 9. Preferred embodiments are defined in the dependent claims.

BRIEF DESCRIPTION OF THE DRAWINGS



[0012] The present invention will become more fully understood from the detailed description given herein below for illustration only, and thus are not limitative of the present invention, and wherein:

[0013] FIG. 1 is a schematic diagram showing multiple network terminals accessing a WAN through gateway equipment in a family or enterprise according to the prior art;

[0014] FIG 2 is a basic structural diagram of an access system of network terminals according to an embodiment of the present invention;

[0015] FIG 3 is a flow chart of the process that a network terminal initiates a registration request to a service network system in the access system according to an embodiment of the present invention;

[0016] FIG 4 is a flow chart of the process that the digital gateway equipment performs the access certification to the service network system in the access system by the use of the obtained subscriber certification information according to an embodiment of the present invention;

[0017] FIG 5 is a flow chart of the process that an accessed network terminal initiates a service request to the service network system in the access system according to an embodiment of the present invention;

[0018] FIG 6 is a schematic structural diagram of a detailed implementation of the access system according to an embodiment of the present invention;

[0019] FIG. 7 is a flow chart of the process that a network terminal sends a registration request to the service network system in the access system of FIG 6;

[0020] FIG. 8 is a flow chart of the process that a network terminal registered with the service network system initiates a service request to the service network system in the access system of FIG. 6;

[0021] FIG. 9 is the schematic structural diagram of an access system according to another embodiment of the present invention;

[0022] FIG 10 is a flow chart of the access method for network terminals to access a service network system according to another embodiment of the present invention; and

[0023] FIG. 11 is a flow chart of the process that a network terminal registers and obtains service after the registration in the access system according to another embodiment of the present invention.

DETAILED DESCRIPTION OF THE EMBODIMENTS



[0024] To make the objectives, technical solutions, and advantages of the embodiments of the present invention more comprehensible, the present invention is illustrated below in detail with reference to the following embodiments.

[0025] The access system, access method of network terminals, and digital gateway equipment according to the embodiments of the present invention use a network terminal configured with subscriber certification information, so as to implement the access certification to a service network system of the network terminals not configured with the subscriber certification information. The service network system includes a multimedia service network subsystem, such as the IMS.

[0026] FIG 2 is a basic structural diagram of an access system according to an embodiment of the present invention. As shown in FIG 2, the access system according to an embodiment of the present invention includes a network terminal group 11, a digital gateway equipment 12, and a service network system 13. Network terminals in the network terminal group 11 are connected into a local area network (LAN) through connecting devices such as LAN devices, and the LAN is connected to the digital gateway equipment 12. The digital gateway equipment 12 receives access and/or service request sent by the network terminal in the network terminal group 11, and responds to the request. Thus, the network terminal completes the access certification to the service network system 13, and obtains the services provided by the service network system 13.

[0027] The network terminal group 11 at least includes a first network terminal 17 and a second network terminal 18. The first network terminal 17 is configured with the subscriber certification information to the service network system, for example, the first network terminal 17 is a mobile terminal supporting UMTS integrated circuit card (UICC) and/or IMS subscriber identity module (ISIM). The second network terminal 18 is not configured with the subscriber certification information to the service network system, for example, the second network terminal 18 is a fixed terminal not supporting the UICC and/or ISIM, such as a PC or television set-top box.

[0028] The digital gateway equipment 12 includes a gateway multimedia service proxy module 15 and a wide area network (WAN) access and management module 16. The gateway multimedia service proxy module 15 provides an access proxy to the service network system 13 for other network terminals connected to the module, especially the second network terminal 18, by the use of the subscriber certification information configured on the first network terminal 17. The WAN access and management module 16 is a functional module of the existing digital gateway equipment 12. The module is adapted to realize the access and management functions from the gateway to the WAN. The WAN access function of the gateway realizes the connection from a digital home network to a public network. Currently, many modes are available for realizing the access to the public network, such as the ADSL, Ethernet, TV cables, and power lines. The WAN management function of the gateway includes address resolution, packet forwarding, quality of service (QoS), DHCP, and firewall. The prior art has provided many solutions for WAN access and management functions, which are not the focus of the present invention, and will not be described in detail here.

[0029] The service network system 13 according to an embodiment of the present invention can be a multimedia service network subsystem, such as the IMS. The digital gateway equipment 12 can access the multimedia service network subsystem such as the IMS through a UICC authentication mode or a non-UICC authentication mode, for example, through client software. Thus, the digital gateway equipment 12 provides an access proxy function to the service network system for the network terminals connected to the digital gateway equipment, so that the network terminals connected to the digital gateway equipment share the subscriber certification information to the service network system and share the service capabilities, so as to obtain the services provided by the service network system. For a network terminal supporting the access authentication and certification function to the service network system, such as the first network terminal, optionally, the digital gateway equipment and system can provide only the access capability to a metropolitan area network (MAN) according to the configuration policies, and does not provide the access proxy function to the service network system. Thus, the network terminal can perform the access authentication and certification to the service network system as a subscriber itself.

[0030] FIG 3 shows the access system according to an embodiment of the present invention together with FIG 2. The process that the second network terminal 18 initiates the access request to the service network system and completes the access certification includes the following steps.

[0031] In Step 301, the second network terminal initiates an access request to the service network system to the digital gateway equipment.

[0032] In Step 302, the digital gateway equipment receives the initiated access request.

[0033] In Step 303, the digital gateway equipment obtains the subscriber certification information configured on the first network terminal from the first network terminal.

[0034] In the Step 303, exemplarily, the digital gateway equipment obtains the subscriber certification information from the first network terminal in real time, for example, obtains the subscriber certification information stored in the UICC and/or ISIM card or module from the network terminal supporting the UICC/ISIM. Exemplarily, the subscriber certification information can be, but not limited to, reported to the gateway equipment automatically upon the establishment of the connection between the first network terminal and the digital gateway equipment, or the gateway equipment actively queries the subscriber certification information configured on the connected first network terminal, and then the digital gateway equipment stores the information and updates it in real time. In the Step 303, the digital gateway equipment can obtain the service capability information about the first network terminal from the first network terminal in real time with the same method.

[0035] Exemplarily, when a plurality of network terminals is connected to the digital gateway equipment, the digital gateway equipment can obtain multiple pieces of subscriber certification information in this step. At this time, according to the service capability requirements in the initiated access request, the digital gateway equipment can select the subscriber certification information meeting the service capability requirements from the multiple pieces of subscriber certification information.

[0036] Optionally, in the Step 303, when the digital gateway equipment needs to obtain the subscriber certification information from the first network terminal, the digital gateway equipment must negotiate with the first network terminal, and can obtain the subscriber certification information only after the network terminal authorizes the digital gateway equipment to use the information.

[0037] In Step 304, the digital gateway equipment performs the access certification to the service network system by the use of the obtained subscriber certification information, and provides the access proxy to the service network system for the second network terminal initiating the access request.

[0038] Exemplarily, when the digital gateway equipment provides the access proxy to the service network system, for example, the IMS, for the second network terminal, the operations of the UICC and/or ISIM card or module are needed, e.g. encryption of some data. At this time, the gateway equipment sends the data to be processed during the certification of the service network system, for example, the IMS network, to the equipment having the UICC and/or ISIM card or module, and requests relevant processing. After the terminal completes processing the data, the processed data is sent to the gateway equipment, so that the gateway completes the certification to the IMS network.

[0039] Referring to FIGs. 3 and 4, the process that the digital gateway equipment performs the access certification to the service network system by the use of the obtained subscriber certification information includes the following steps.

[0040] In Step 401, the digital gateway equipment initiates an access request to the service network system based on the obtained subscriber certification information.

[0041] In Step 402, the service network system returns a non-authorized response to the digital gateway equipment.

[0042] In Step 403, after receiving the non-authorized response returned by the service network system, the digital gateway equipment sends the non-authorized response to the second network terminal initiating the access request, and establishes a communication channel complying with the IPsec security association (SA) standards between the digital gateway equipment and the service network system.

[0043] In Step 404, the second network terminal initiating the access request receives the non-authorized response, and resends an access request to the service network system.

[0044] In Step 405, the digital gateway equipment receives the access request resent by the network terminal, and sends the resent access request to the service network system through the established communication channel complying with the IPsec SA standards.

[0045] In Step 406, according to the authentication subscriber information configured on the service network system and the subscriber certification information contained in the access request sent by the digital gateway equipment through the IPsec communication channel, the service network system determines that the digital gateway equipment is a legal subscriber, and sends the information indicating that the access request is successful to the digital gateway equipment.

[0046] In Step 407, the digital gateway equipment receives the message indicating that the access request is successful, and sends the received message indicating that the access request is successful to the network terminal sending the access request. Thus, the access certification of the network terminal initiating the access request to the service network system is completed.

[0047] After the second network terminal in the network terminal group uses the previous or other existing methods to access the service network system, if the second network terminal needs to obtain the service provided by the service network system, such as the multimedia service provided by the IMS, the second network terminal must further send a service request to the service network system. FIG 5 shows the process that the second network terminal that has accessed the service network system and needs to obtain the service provided by the service network system initiates a service request to the service network system for obtaining the service provided by the service network system in the access system according to an embodiment of the present invention. The process includes the following steps.

[0048] In Step 501, the accessed network terminal initiates a service request to the service network system.

[0049] In Step 502, the digital gateway equipment receives the service request, and determines whether the service capability of the accessed network terminal initiating the service request can meet the service capability requirements for the service request; if the service capability of the accessed network terminal initiating the service request can meet the service capability requirements for the service request, the process proceeds to Step 507; otherwise, the process proceeds to Step 503.

[0050] In Step 503, the digital gateway equipment sends a request demanding the network terminal initiating the service request to reregister, and the process proceeds to Step 504;

[0051] In Step 504, the accessed network terminal receives the request for re-registration, and initiates the re-registration request to the digital gateway equipment;

[0052] In Step 505, the digital gateway equipment receives the re-registration request, and performs the registration for the subscriber satisfying the service capability requirements in the first network terminal connected to the digital gateway equipment according to the service capability requirements in the re-registration request;

[0053] In Step 506, after the registration is completed, the network terminal initiates a service request again, and the service network system processes the service request, and provides service to the UE initiating the service request according to the existing service request processing process. The process ends.

[0054] In Step 507, the digital gateway equipment initiates a service request to the service network system, and the service network system processes the service request, and provides service to the UE initiating the service request according to the existing service request processing process. The process ends.

[0055] Here, Steps 507-509 of FIG 5 are not only applicable to the situation that the accessed second network terminal initiates the service request to the service network system, but also applicable to the situation that the accessed first network terminal initiates the service request to the service network system. The difference between the two situations is that in Step 505, after receiving the re-registration request, according to the service capability requirements in the re-registration request, the digital gateway equipment performs the registration for the subscribers meeting the service capability requirements in the network terminals connected to the digital gateway and configured with the subscriber registration information to the service network system, other than the first network initiating the service request.

[0056] FIG. 6 is a schematic structural diagram of a detailed implementation of the access system according to an embodiment of the present invention. As shown in FIG 6, in the detailed implementation, the gateway multimedia service processing module 15 includes a subscriber certification information obtaining module 151 and a gateway multimedia service proxy module 152. The subscriber certification information obtaining module 151 is adapted to obtain the subscriber certification information in the first network terminal 17 in real time, and obtain the service capability information when the service capability information is required. The gateway multimedia service proxy module 152 is adapted to provide an access proxy to the service network system for the second network terminal 18 according to the subscriber certification information obtained by the subscriber certification information obtaining module 151, so as to complete the access certification to the service network system for the second network terminal 18.

[0057] The subscriber certification information obtaining module can obtain the subscriber certification information and/or the service capability supported by the subscriber with the following two methods.

[0058] 1. After the network terminal is connected to the digital gateway equipment, the network terminal automatically reports the subscriber certification information and/or the supported service capabilities to the digital gateway equipment, and the digital gateway equipment obtains and stores the information, and updates it in real time.

[0059] 2. The digital gateway equipment actively queries the subscriber certification information and/or the supported service capabilities of the network terminal 17, so as to obtain and store the subscriber certification information and/or the service capabilities in real time, and update the information in real time.

[0060] Exemplarily, the gateway multimedia service processing module 15 further includes a service capability query and decision-making module 153, which realizes the following functions.

[0061] The service capability query and decision-making module 153 responds to the request for querying the subscriber certification information and/or service capabilities sent by the gateway multimedia service proxy module 152, sends the query request to the subscriber certification information obtaining module 151, and returns the query results obtained by the subscriber certification information obtaining module 151 to the gateway multimedia service proxy module 152;

[0062] The service capability query and decision-making module 153 further selects among multiple pieces of subscriber certification information according to preset standards based on the service request requirements in the current access request, for example, selects the subscriber certification information meeting the current service capability requirements, and provides the selected subscriber certification information to the gateway multimedia service proxy module 152.

[0063] Exemplarily, in order to complete the access certification of the second network terminal 18 to the service network system, the gateway multimedia service processing module 15 further includes, but not limited to, a registration request receiving module, a subscriber information query request sending module, an access request initiating module, a non-authorized response receiving and channel establishing module, a re-access request receiving and sending module, an access request success determining module, a service request receiving module, and a service capability determining module.

[0064] The registration request receiving module is adapted to receive a registration request to the service network system, for example, to the multimedia service network system such as the IMS initiated by the second network terminal 18;

[0065] The subscriber information query request sending module is adapted to send a subscriber information query request to the service capability query and decision-making module based on the service capability request information of a network terminal.

[0066] The access request initiating module is adapted to initiate a registration request to a service network subsystem after receiving the subscriber information selected by the service capability query and decision-making module.

[0067] The non-authorized response receiving and channel establishing module is adapted to receive a non-authorized response and feedback the response to the network terminal, such as UE sending the registration request when the service network subsystem returns the non-authorized response, and establish a communication channel complying with the IPsec SA standards between the digital gateway equipment and the service network system. The IPsec is a series of open IP security standards formulated by the IETF based on the IP network (including the Intranet, Extranet, and Internet), and the IPsec aims to provide secure communication connections between Internet communication nodes. The IPsec SA establishes the communication connections complying with the security standards of the IPsec SA, and the subsequent information exchange uses the established communication modes complying with the security standards.

[0068] The re-access request receiving and sending module is adapted to receive an access request initiated again by the network terminal initiating the access request but receiving the non-authorized response, and send the access request initiated again to the service network system through the communication channel established by the communication channel establishing module.

[0069] The access request success determining module is adapted to send the access request success information to the digital gateway equipment, when the digital gateway equipment is determined as a legal subscriber, according to the authentication subscriber information configured on the service network system and the subscriber certification information contained in the access request sent through the IPsec communication channel by the digital gateway equipment.

[0070] The service request receiving module is adapted to receive the service request sent by a registered network terminal, such as UE.

[0071] The service capability determining module is adapted to send a service capability requirements query request to the service capability query and decision-making module based on the service capability requirements of a network terminal, and determine whether the service capability of a registered subscriber meets the requirements for the current service request capability after receiving the information indicating that the requirements for the current service request capability are met sent by the service capability query and decision-making module. If yes, the service capability determining module initiates a service request to the service network subsystem; otherwise, the service capability determining module sends a re-registration request to the network terminal, such as UE sending the service request, so that the digital gateway equipment selects a subscriber satisfying the service capability requirements of the current service request again.

[0072] In the access system of the detailed implementation, exemplarily, multiple network terminals can be connected into a LAN through LAN devices, and the LAN is connected to the service network system through the digital gateway equipment. The network terminals can be connected to the LAN devices directly or through access points (APs) to form the LAN. The LAN formed by the network terminals and the LAN devices is connected to the service network system, for example the multimedia service network subsystem such as the IP multimedia subsystem (IMS), through the digital gateway equipment and communication devices.

[0073] FIG 7 shows the process that the second network terminal 18 sends a registration request to the service network system 13 in the access system of FIG. 6. Here, the multimedia service network subsystem is taken as an example. The process includes the following steps.

[0074] In Step 701, the second network terminal, such as UE initiates a registration request with the service network system to the digital gateway equipment.

[0075] In Step 702, the digital gateway equipment uses the gateway multimedia service proxy module to receive the registration request with the service network subsystem domain sent by the second network terminal, such as UE, and sends a subscriber information query request to the service capability query and decision-making module based on the service capability request information of the network terminal.

[0076] In Steps 703-706, the service capability query and decision-making module sends a subscriber information request to the subscriber certification information obtaining module, obtains the subscriber certification information in the first network terminal 17 currently connected to the digital gateway equipment, for example, in the network terminals (UEs) supporting the UICC and/or ISIM through the subscriber certification information obtaining module, and selects among the subscribers based on the service capability requirements in the current registration request.

[0077] In Steps 707-708, the service capability query and decision-making module provides the information about the selected subscribers to the gateway multimedia service proxy module, and the gateway multimedia service proxy module initiates a registration request based on the information about the selected subscribers.

[0078] In Steps 709-711, the service network system, for example, the IMS returns a non-authorized response to the gateway multimedia service proxy module, and after receiving the non-authorized response, the gateway multimedia service proxy module establishes a communication channel complying with IPsec SA standards, and feeds back the non-authorized response to the second network terminal, such as UE sending the registration request.

[0079] In Steps 712-713, after receiving the non-authorized response, the second network terminal, such as UE sending the registration request initiates a registration request to the multimedia service proxy module again, and the gateway multimedia service proxy module sends the registration request to the service network subsystem through the established communication channel.

[0080] In Steps 714-715, the service network subsystem returns a registration request success message to the gateway multimedia service proxy module, and the gateway multimedia service proxy module sends the returned registration request success message to the network terminal initiating the registration request, so as to complete the registration.

[0081] FIG 8 shows the process that the network terminal that needs to obtain the service provided by the service network system and has registered with the service network system initiates a service request to the service network system. The process includes the following steps.

[0082] In Steps 801-802, the registered network terminal initiates a service request to the gateway multimedia service proxy module, and the gateway multimedia service proxy module sends a service capability requirements query request to the service capability query and decision-making module based on the service capability requirements of the network terminal.

[0083] In Step 803, the service capability query and decision-making module checks whether the service capability of the registered network terminal initiating the service request satisfies the requirements of the service request, and notifies the gateway multimedia service proxy module. If the service capability of the registered network terminal satisfies the capability requirements of the current service request, the process proceeds to Step 804; otherwise, the process proceeds to Step 805.

[0084] In Step 804, the gateway multimedia service proxy module further sends a service request to the service network system, and the service network system processes the service request, and further provides service to the UE initiating the service request according to the existing process for processing the service request, and the process ends.

[0085] In Step 805, the gateway multimedia service proxy module sends a re-registration request to the registered network terminal, such as UE sending the service request.

[0086] In Steps 806-807, the network terminal UE sends the re-registration request, and the service capability query and decision-making module performs the registration for the subscriber meeting the service capability requirements. After the registration, the network terminal UE initiates a service request again, and the service network system processes the service request, and further provides service to the UE initiating the service request according to the existing process for processing the service request, and the process ends. Details of the registration are similar to the registration process of FIG 7, and will not be described again here.

[0087] FIG 9 is a schematic diagram of the basic structure of an access system according to another embodiment of the present invention. As shown in FIG 9, the access system of network terminals according to another embodiment includes a network terminal group 71, a digital gateway equipment 72, and a service network system 13, for example a multimedia service network subsystem such as the IMS. Exemplarily, the network terminals in the network terminal group 71 are connected into a LAN, and the LAN is then connected to the digital gateway equipment 72. The network terminal group 71 includes at least a third network terminal 77 and the second network terminal 18. The third network terminal 77 is connected to the digital gateway equipment, and the subscriber certification information to the service network system and a terminal multimedia service proxy module 771 are configured on the third network terminal 77. The second network terminal 18 is connected to the digital gateway equipment, and the subscriber certification information is not configured on the second network terminal 18. The terminal multimedia service proxy module 771 provides the access proxy to the service network system 13 for the second network terminal 18 by the use of the subscriber certification information configured on the third network terminal 77. The third network terminal 77 having the access proxy function to the service network system can access the service network system in a UICC authentication or non-UICC authentication mode. The digital gateway equipment 72 includes a request forwarding module 75 adapted to forward the access and/or service requests initiated by the second network terminal 18 to the third network terminal 77, and includes a WAN access and management module 16 (the functions of this module are the same as those previously described, and will not be described again here). Exemplarily, in this embodiment, in addition to the request forwarding, WAN access and management functions, the digital gateway equipment 72 also provides, but not limited to, a function of MAN access to the third network terminal 77, that is, a bridging function, which is an existing function of the digital gateway equipment, and thus will not be described again here. The third network terminal 77 can access the service network system through the MAN access function provided by the digital gateway equipment 72, and completes the message and service flow exchange with the service network system.

[0088] FIG 10 shows the basic process that the second network terminal 18 initiates the access request to the service network system in the access system according to another embodiment of the present invention. Referring to FIGs. 9 and 10, the process includes the following steps.

[0089] In Step 1001, the second network terminal initiates an access request to the service network system to the digital gateway equipment.

[0090] In Step 1002, the digital gateway equipment receives the access request initiated by the second network terminal, and sends the access request to the third network terminal.

[0091] In Step 1003, the third network terminal receives the access request sent by the digital gateway equipment, and performs the access certification to the service network system by the use of the subscriber certification information configured on the third network terminal, so as to provide an access proxy to the service network system to the second network terminal sending the access request.

[0092] In the Step 1003, the third network terminal providing the access proxy to the service network system for the second network terminal sending the access request mainly involves the following processes. The third network terminal initiates the access request to the service network system by the use of the subscriber certification information configured on it to replace the second network terminal, so as to perform the message exchange during the access certification with the service network system, and forwards the relevant messages to the second network terminal until the access certification to the service network system of the second network terminal completes.

[0093] FIG 11 shows the process that the second network terminal initiates the registration with the service network system, and obtains the service provided by the service network system after the registration in the access system according to another embodiment of the present invention. Referring to FIGs. 9 and 11, the process includes the following steps. Here, exemplarily, the third network terminal accesses the service network system through the MAN access function provided by the digital gateway equipment, and completes the message and service flow exchange with the service network system through the digital gateway equipment.

[0094] In Step 1101, the second network terminal UE initiates an access request to the service network system, and the digital gateway equipment sends the access request to the third network terminal, for example, the UE that supports the UICC and/or ISIM.

[0095] In Step 1102, the third network terminal uses the terminal multimedia service processing module configured on it to receive the forwarded registration request, and sends a registration request to the service network system based on the subscriber certification information configured on the third network terminal.

[0096] In Steps 1103-1105, after the third network terminal uses the terminal multimedia service processing module to receive the non-authorized response returned by the service network system, a communication channel complying with the IPsec SA standards is established between the digital gateway equipment and the service network system, and the non-authorized response is sent to the second network terminal UE initiating the registration request through the digital gateway equipment.

[0097] In Step 1106, after receiving the non-authorized response, the second network terminal UE initiating the access request sends a registration request to the service network system again, and the registration request is forwarded to the third network terminal through the digital gateway equipment.

[0098] In Steps 1107-1109, the terminal multimedia service processing module sends the registration request to the service network system through the established IPsec communication channel, and when the service network system determines that the third network terminal is a legal subscriber according to the authentication subscriber information configured on it and the subscriber certification information contained in the registration request sent by the terminal multimedia service processing module through the IPsec communication channel, the service network system sends a registration request success message to the third network terminal. The third network terminal receives the registration request success message, and forwards the message to the second network terminal UE to complete the registration with the service network system.

[0099] After the network terminals are registered with the service network system through the previous methods of the present invention or other methods of the prior art, if the network terminals need further to obtain the service provided by the service network system, they must further send the service request. Steps 1110-1115 describe the process that the network terminals registered with the service network system obtain the service provided by the service network system in the access system according to another embodiment of the present invention.

[0100] In Steps 1110-1111, a registered network terminal initiates a service request to the digital gateway equipment, which forwards the service request to the terminal multimedia service proxy module, and the terminal multimedia service proxy module sends the service request to the service network system.

[0101] In Steps 1112-1115, after receiving a response to the service request returned by the service network system, the terminal multimedia service proxy module sends the response to the service request to the registered UE initiating the service request, and establishes a service connection between the third network terminal and the service network system to send the service flow to the UE initiating the service request.

[0102] It should be noted that in an embodiment, the connecting device serving as the media for the message and service flow exchange between the second and third network terminals is not limited to the digital gateway equipment; instead, the connecting device can be other equipment having similar connecting and forwarding functions, such as the switch equipment. Exemplarily, when the connecting device is the switch equipment, the messages and services between the second and third network terminals can be forwarded by the switch equipment, and the third network terminal can still access the service network system through the MAN access function provided by the digital gateway equipment, but the present invention is not limited to this.

[0103] In view of the foregoing, it is intended that the present invention cover modifications and variations of this invention provided that they fall within the scope of the following claims.


Claims

1. A method for network terminals to access a service network system, comprising:

receiving, by a digital gateway equipment ,an access request to the service network system initiated by a second network terminal, wherein the second network terminal is not configured with subscriber certification information to the service network system; and

selecting, by the digital gateway equipment, subscriber certification information to the service network system meeting service capability requirements in the received access request from more than one piece of subscriber certification information to the service network system when the digital gateway equipment obtains more than one piece of subscriber certification information to the service network system from a plurality of first network terminals, wherein the first network terminals connected to the digital gateway equipment.

providing, by the digital gateway equipment, an access proxy to the service network system for the second network terminal initiating the access request by using the selected subscriber certification information to the service network system configured on the first network terminal,

performing, by the digital gateway equipment, access certification to the service network system by the use of the selected subscriber certification information to the service network system configured on the first network terminal, wherein

the digital gateway equipment performs the access certification to the service network system by the use of the selected subscriber certification information, comprises:

the digital gateway equipment initiates an access request to the service network system based on the selected subscriber certification information,

the digital gateway equipment establishes a communication channel complying with the IPsec security association (SA) standards between the digital gateway equipment and the service network system after receiving the non-authorized response returned by the service network system,

the digital gateway equipment receives an access request resent by the network terminal, and sends the resent access request to the service network system through the established communication channel complying with the IPsec SA standards.


 
2. The method according to claim 1, wherein after the digital gateway equipment receives the access request, the digital gateway equipment further obtains the subscriber certification information to the service network system from the first network terminal.
 
3. The method according to claim 2, wherein the obtaining, by the digital gateway equipment, the subscriber certification information to the service network system further comprises:

reporting, by the first network terminal, the subscriber certification information to the service network system on the first network terminal to the digital gateway equipment; or

querying and storing, by the digital gateway equipment, the subscriber certification information to the service network system configured on the first network terminal.


 
4. The method according to claim 1,2 or 3, , wherein after the second network terminal initiating the access request completes the access certification by the use of the access proxy function provided by the digital gateway equipment, the method further comprises:

receiving, by the digital gateway equipment, a service request to the service network system initiated by the accessed network terminal;

determining, by the digital gateway equipment, whether a service capability of the accessed subscriber initiating the service request meets service capability requirements of the service request; wherein if yes, the digital gateway equipment sends the service request to the service network system; otherwise, the digital gateway equipment requests the second network terminal initiating the service request to reregister, and performs registration for a subscriber meeting the service capability requirements according to the service capability requirements in a re-registration request sent by the second network terminal and the subscriber certification information to the service network system configured on the first network terminal.


 
5. A gateway equipment, comprising:

a gateway multimedia service processing module, adapted to receive an access request to a service network system initiated by a second network terminal, select subscriber certification information to the service network system meeting service capability requirements in the received access request from more than one piece of subscriber certification information to the service network system when the digital gateway equipment obtains more than one piece of subscriber certification information to the service network system from a plurality of first network terminals, provide an access proxy to the service network system for the second network terminal initiating the access request by the use of the selected subscriber certification information to the service network system configured on the first network terminal, and perform access certification to the service network system by the use of the selected subscriber certification information to the service network system configured on the first network terminal,; wherein performs the access certification to the service network system by the use of the selected subscriber certification information, comprises:initiates an access request to the service network system based on the selected subscriber certification information,establishes a communication channel complying with the IPsec security association (SA) standards between the digital gateway equipment and the service network system after receiving the non-authorized response returned by the service network system,receives an access request resent by the second network terminal, and sends the resent access request to the service network system through the established communication channel complying with the IPsec SA standards.

wherein the first network terminal and the second network terminal are connected to the gateway equipment, and the second network terminal is not configured with the subscriber certification information to the service network system.


 
6. The gateway equipment according to claim 5, wherein the gateway multimedia service processing module comprises:

a subscriber certification information obtaining module, adapted to obtain the subscriber certification information to the service network system from the first network terminal;

a gateway multimedia service proxy module, adapted to complete access certification to the service network system by the use of the subscriber certification information to the service network system obtained by the subscriber certification information obtaining module.


 
7. The gateway equipment according to claim 6, wherein the gateway multimedia service processing module further comprises:

a service capability query and decision-making module, adapted to respond to a subscriber query request sent by the multimedia service proxy module, and obtain the subscriber certification information to the service network system in the first network terminal by the use of the subscriber certification information obtaining module.


 
8. The gateway equipment according to any one of claims 5-7, wherein
the gateway multimedia service processing module further comprises:

a service request processing module, adapted to receive a service request to the service network system initiated by the second network terminal that needs to obtain service provided by the service network system and has accessed the service network system;

a service capability determining module, adapted to determine whether a service capability of the accessed subscriber initiating the service request meets service capability requirements of the service request; wherein if yes, the service request processing module sends the service request to the service network system; otherwise, the service request processing module sends a re-registration request to the network terminal initiating the service request;

a subscriber selecting module, adapted to perform registration for a subscriber meeting the service capability requirements according to the service capability requirements in the re-registration request and the subscriber certification information to the service network system configured on the first network terminal after receiving the re-registration request initiated by the second network terminal.


 
9. An access system, comprising a gateway equipment according to any one of claims 5-8.
 


Ansprüche

1. Verfahren für Netzendgeräte, um auf ein Dienstnetzsystem zuzugreifen, das Folgendes umfasst:

Empfangen, durch eine digitale Gateway-Ausrüstung, einer durch ein zweites Netzendgerät eingeleiteten Zugriffsanforderung für das Dienstnetzsystem, wobei das zweite Netzendgerät nicht mit den Teilnehmerzertifizierungsinformationen für das Dienstnetzsystem konfiguriert ist; und

Auswählen, durch die digitale Gateway-Ausrüstung, der Teilnehmerzertifizierungsinformationen für das Dienstnetzsystem, die den Dienstfähigkeitsanforderungen in der empfangenen Zugriffsanforderung entsprechen,

aus mehr als einem Stück der Teilnehmerzertifizierungsinformationen für das Dienstnetzsystem, wenn die digitale Gateway-Ausrüstung mehr als ein Stück der Teilnehmerzertifizierungsinformationen für das Dienstnetzsystem von mehreren ersten Netzendgeräten erhält, wobei die ersten Netzendgeräte mit der digitalen Gateway-Ausrüstung verbunden sind,

Bereitstellen, durch die digitale Gateway-Ausrüstung, eines Zugriffs-Proxy für das Dienstnetzsystem für das zweite Netzendgerät, das die Zugriffsanforderung einleitet,

unter Verwendung der ausgewählten Teilnehmerzertifizierungsinformationen für das Dienstnetzsystem, die in dem ersten Netzendgerät konfiguriert sind, Ausführen, durch die digitale Gateway-Ausrüstung, der Zugriffszertifizierung für das Dienstnetzsystem unter Verwendung der ausgewählten Teilnehmerzertifizierungsinformationen für das Dienstnetzsystem, die in dem ersten Netzendgerät konfiguriert sind, wobei

die digitale Gateway-Ausrüstung die Zugriffszertifizierung für das Dienstnetzsystem unter Verwendung der ausgewählten Teilnehmerzertifizierungsinformationen ausführt, was Folgendes umfasst:

die digitale Gateway-Ausrüstung leitet eine Zugriffsanforderung für das Dienstnetzsystem basierend auf den ausgewählten Teilnehmerzertifizierungsinformationen ein,

die digitale Gateway-Ausrüstung stellt einen Kommunikationskanal, der den Standards der IPsec-Sicherheitsvereinigung (SA) entspricht, zwischen der digitalen Gateway-Ausrüstung und dem Dienstnetzsystem nach dem Empfangen der durch das Dienstnetzsystem zurückgeschickten nicht autorisierten Antwort her,

die digitale Gateway-Ausrüstung empfängt eine durch das Netzendgerät erneut gesendete Zugriffsanforderung und sendet die erneut gesendete Zugriffsanforderung durch den hergestellten Kommunikationskanal, der den IPsec-SA-Standards entspricht, an das Dienstnetzsystem.


 
2. Verfahren nach Anspruch 1, wobei die digitale Gateway-Ausrüstung, nachdem die digitale Gateway-Ausrüstung die Zugriffsanforderung empfangen hat, ferner die Teilnehmerzertifizierungsinformationen für das Dienstnetzsystem von dem ersten Netzendgerät erhält.
 
3. Verfahren nach Anspruch 2, wobei das Erhalten, durch die digitale Gateway-Ausrüstung, der Teilnehmerzertifizierungsinformationen für das Dienstnetzsystem ferner Folgendes umfasst:

Melden, durch das erste Netzendgerät, der Teilnehmerzertifizierungsinformationen für das Dienstnetzsystem in dem ersten Netzendgerät der digitalen Gateway-Ausrüstung; oder

Abfragen und Speichern, durch die digitale Gateway-Ausrüstung, der Teilnehmerzertifizierungsinformationen für das Dienstnetzsystem, die in dem ersten Netzendgerät konfiguriert sind.


 
4. Verfahren nach Anspruch 1, 2 oder 3, wobei das Verfahren, nachdem das zweite Netzendgerät, das die Zugriffsanforderung einleitet, die Zugriffszertifizierung unter Verwendung der durch die digitale Gateway-Ausrüstung bereitgestellten Zugriffs-Proxy-Funktion abschließt, ferner Folgendes umfasst:

Empfangen, durch die digitale Gateway-Ausrüstung, einer durch das zugreifende Netzendgerät eingeleiteten Dienstanforderung für das Dienstnetzsystem;

Bestimmen, durch die digitale Gateway-Ausrüstung, ob die Dienstfähigkeit des zugreifenden Teilnehmers, der die Dienstanforderung einleitet, den Dienstfähigkeitsanforderungen der Dienstanforderung entspricht; wobei, wenn ja, die digitale Gateway-Ausrüstung die Dienstanforderung an das Dienstnetzsystem sendet; wobei andernfalls die digitale Gateway-Ausrüstung das zweite Netzendgerät, das die Dienstanforderung einleitet, auffordert, sich erneut zu registrieren, und die Registrierung für einen Teilnehmer, der den Dienstfähigkeitsanforderungen entspricht, in Übereinstimmung mit den Dienstfähigkeitsanforderungen in einer durch das zweite Netzendgerät gesendeten Anforderung für die erneute Registrierung und den Teilnehmerzertifizierungsinformationen für das Dienstnetzsystem, die in dem ersten Netzendgerät konfiguriert sind, ausführt.


 
5. Gateway-Ausrüstung, die Folgendes umfasst:

ein Gateway-Multimedia-Dienstverarbeitungsmodul, das ausgelegt ist, eine durch ein zweites Netzendgerät eingeleitete Zugriffsanforderung für ein Dienstnetzsystem zu empfangen, die Teilnehmerzertifizierungsinformationen für das Dienstnetzsystem,

die den Dienstfähigkeitsanforderungen in der empfangenen Zugriffsanforderung entsprechen, aus mehr als einem Stück der Teilnehmerzertifizierungsinformationen für das Dienstnetzsystem auszuwählen, wenn die digitale Gateway-Ausrüstung mehr als ein Stück der Teilnehmerzertifizierungsinformationen für das Dienstnetzsystem von mehreren ersten Netzendgeräten erhält, einen Zugriffs-Proxy für das Dienstnetzsystem für das zweite Netzendgerät, das die Zugriffsanforderung einleitet,

unter Verwendung der ausgewählten Teilnehmerzertifizierungsinformationen für das Dienstnetzsystem, die in dem ersten Netzendgerät konfiguriert sind, bereitzustellen und die Zugriffszertifizierung für das Dienstnetzsystem unter Verwendung der ausgewählten Teilnehmerzertifizierungsinformationen für das Dienstnetzsystem, die in dem ersten Netzendgerät konfiguriert sind, auszuführen; wobei das Ausführen der Zugriffszertifizierung für das Dienstnetzsystem unter Verwendung der ausgewählten Teilnehmerzertifizierungsinformationen Folgendes umfasst: Einleiten einer Zugriffsanforderung für das Dienstnetzsystem basierend auf den ausgewählten Teilnehmerzertifizierungsinformationen, Herstellen eines Kommunikationskanals,

der den Standards der IPsec-Sicherheitsvereinigung (SA) entspricht, zwischen der digitalen Gateway-Ausrüstung und dem Dienstnetzsystem nach dem Empfangen der durch das Dienstnetzsystem zurückgeschickten nicht autorisierten Antwort,

Empfangen einer durch das zweite Netzendgerät erneut gesendeten Zugriffsanforderung und Senden der erneut gesendeten Zugriffsanforderung durch den hergestellten Kommunikationskanal, der den IPsec-SA-Standards entspricht, an das Dienstnetzsystem,

wobei das erste Netzendgerät und das zweite Netzendgerät mit der Gateway-Ausrüstung verbunden sind und das zweite Netzendgerät nicht mit den Teilnehmerzertifizierungsinformationen für das Dienstnetzsystem konfiguriert ist.


 
6. Gateway-Ausrüstung nach Anspruch 5, wobei das Gateway-Multimedia-Dienstverarbeitungsmodul Folgendes umfasst:

ein Teilnehmerzertifizierungsinformations-Erhaltemodul, das ausgelegt ist, die Teilnehmerzertifizierungsinformationen für das Dienstnetzsystem von dem ersten Netzendgerät zu erhalten;

ein Gateway-Multimedia-Dienst-Proxy-Modul, das ausgelegt ist, die Zugriffszertifizierung für das Dienstnetzsystem unter Verwendung der durch das Teilnehmerzertifizierungsinformations-Erhaltemodul erhaltenen Teilnehmerzertifizierungsinformationen für das Dienstnetzsystem abzuschließen.


 
7. Gateway-Ausrüstung nach Anspruch 6, wobei das Gateway-Multimedia-Dienstverarbeitungsmodul ferner Folgendes umfasst:

ein Dienstfähigkeitsabfrage- und Entscheidungstreffmodul, das ausgelegt ist, auf eine durch das Multimedia-Dienst-Proxy-Modul gesendete Teilnehmerabfrageanforderung zu antworten und die Teilnehmerzertifizierungsinformationen für das Dienstnetzsystem in dem ersten Netzendgerät unter Verwendung des Teilnehmerzertifizierungsinformations-Erhaltemoduls zu erhalten.


 
8. Gateway-Ausrüstung nach einem der Ansprüche 5-7, wobei
das Gateway-Multimedia-Dienstverarbeitungsmodul ferner Folgendes umfasst:

ein Dienstanforderungs-Verarbeitungsmodul, das ausgelegt ist, eine Dienstanforderung für das Dienstnetzsystem, die durch das zweite Netzendgerät eingeleitet wird, das den durch das Dienstnetzsystem bereitgestellten Dienst erhalten muss und auf das Dienstnetzsystem zugegriffen hat, zu empfangen;

ein Dienstfähigkeits-Bestimmungsmodul, das ausgelegt ist, zu bestimmen, ob eine Dienstfähigkeit des zugreifenden Teilnehmers, der die Dienstanforderung einleitet,

den Dienstfähigkeitsanforderungen der Dienstanforderung entspricht; wobei, wenn ja, das Dienstanforderungs-Verarbeitungsmodul die Dienstanforderung an das Dienstnetzsystem sendet; wobei andernfalls das Dienstanforderungs-Verarbeitungsmodul eine Anforderung für die erneute Registrierung an das die Dienstanforderung einleitende Netzendgerät sendet;

ein Teilnehmerauswahlmodul, das ausgelegt ist, die Registrierung für einen Teilnehmer, der die Dienstfähigkeitsanforderungen erfüllt, in Übereinstimmung mit den Dienstfähigkeitsanforderungen in der Anforderung für die erneute Registrierung und den Teilnehmerzertifizierungsinformationen für das Dienstnetzsystem, die in dem ersten Netzendgerät konfiguriert sind, nach dem Empfangen der durch das zweite Netzendgerät eingeleiteten Anforderung für die erneute Registrierung auszuführen.


 
9. Zugriffssystem, das eine Gateway-Ausrüstung nach einem der Ansprüche 5-8 umfasst.
 


Revendications

1. Procédé permettant à des terminaux de réseau d'accéder à un système de réseau de services, comprenant :

la réception, par un équipement de passerelle numérique, d'une requête d'accès au système de réseau de services lancée par un second terminal de réseau, le second terminal de réseau n'étant pas configuré avec des informations de certification d'abonné auprès du système de réseau de services ; et

la sélection, par l'équipement de passerelle numérique, d'informations de certification d'abonné auprès du système de réseau de services satisfaisant des exigences de capabilité de service dans la requête d'accès reçue parmi plus d'une information de certification d'abonné auprès du système de réseau de services quand l'équipement de passerelle numérique obtient plus d'une information de certification d'abonné auprès du système de réseau de services depuis une pluralité de premiers terminaux de réseau, les premiers terminaux de réseau étant connectés à l'équipement de passerelle numérique ;

la fourniture, par l'équipement de passerelle numérique, d'un mandataire d'accès au système de réseau de services pour le second terminal de réseau qui lance la requête d'accès en utilisant les informations de certification d'abonné sélectionnées auprès du système de réseau de services configurées sur le premier terminal de réseau ;

l'exécution, par l'équipement de passerelle numérique, d'une certification d'accès auprès du système de réseau de services en utilisant les informations de certification d'abonné sélectionnées auprès du système de réseau de services configurées sur le premier terminal de réseau, dans lequel

l'exécution par l'équipement de passerelle numérique de la certification d'accès auprès du système de réseau de services en utilisant les informations de certification d'abonné sélectionnées comprend :

le lancement par l'équipement de passerelle numérique d'une requête d'accès auprès du système de réseau de services en fonction des informations de certification d'abonné sélectionnées ;

l'établissement par l'équipement de passerelle numérique d'un canal de communication conforme aux normes d'association de sécurité IPsec (SA) entre l'équipement de passerelle numérique et le système de réseau de services après avoir reçu la réponse non autorisée renvoyée par le système de réseau de services ;

la réception par l'équipement de passerelle numérique d'une requête d'accès renvoyée par le terminal de réseau, et l'envoi par l'équipement de passerelle numérique de la requête d'accès renvoyée au système de réseau de services par le biais du canal de communication établi conforme aux normes SA IPsec.


 
2. Procédé selon la revendication 1, dans lequel après la réception par l'équipement de passerelle numérique de la requête d'accès, l'équipement de passerelle numérique obtient en outre les informations de certification d'abonné auprès du système de réseau de services depuis le premier terminal de réseau.
 
3. Procédé selon la revendication 2, dans lequel l'obtention, par l'équipement de passerelle numérique, des informations de certification d'abonné auprès du système de réseau de services comprend en outre :

la communication, par le premier terminal de réseau, des informations de certification d'abonné auprès du système de réseau de services sur le premier terminal de réseau à l'équipement de passerelle numérique ; ou

l'interrogation et la mémorisation, par l'équipement de passerelle numérique, des informations de certification d'abonné auprès du système de réseau de services configurées sur le premier terminal de réseau.


 
4. Procédé selon la revendication 1, 2 ou 3, comprenant en outre, après que le second terminal de réseau lançant la requête d'accès a terminé la certification d'accès en utilisant la fonction de mandataire d'accès fournie par l'équipement de passerelle numérique :

la réception, par l'équipement de passerelle numérique, d'une requête de service auprès du système de réseau de services lancée par le terminal de réseau sollicité ;

la détermination, par l'équipement de passerelle numérique, qu'une capabilité de service de l'abonné sollicité lançant la requête de service satisfait ou non les exigences de capabilité de service de la requête de service, et dans l'affirmative,

l'envoi par l'équipement de passerelle numérique de la requête de service au système de réseau de services ; dans la négative, la demande par l'équipement de passerelle numérique au second terminal de réseau lançant la requête de service de se réenregistrer, et l'exécution par l'équipement de passerelle numérique d'un enregistrement d'un abonné satisfaisant les exigences de capabilité de service en fonction des exigences de capabilité de service dans une requête de réenregistrement envoyée par le second terminal de réseau et des informations de certification d'abonné auprès du système de réseau de services configurées sur le premier terminal de réseau.


 
5. Equipement de passerelle, comprenant :

un module de traitement de service multimédia passerelle, adapté pour recevoir une requête d'accès auprès d'un système de réseau de services lancée par un second terminal de réseau, sélectionner des informations de certification d'abonné auprès du système de réseau de services satisfaisant des exigences de capabilité de service dans la requête d'accès reçue parmi plus d'une information de certification d'abonné auprès du système de réseau de services quand l'équipement de passerelle numérique obtient plus d'une information de certification d'abonné auprès du système de réseau de services depuis une pluralité de premiers terminaux de réseau, fournir un mandataire d'accès au système de réseau de services pour le second terminal de réseau lançant la requête d'accès en utilisant les informations de certification d'abonné sélectionnées auprès du système de réseau de services configurées sur le premier terminal de réseau, et exécuter une certification d'accès auprès du système de réseau de services en utilisant les informations de certification d'abonné sélectionnées auprès du système de réseau de services configurées sur le premier terminal de réseau, dans lequel l'exécution de la certification d'accès auprès du système de réseau de services en utilisant les informations de certification d'abonné sélectionnées comprend : le lancement d'une requête d'accès auprès du système de réseau de services en fonction des informations de certification d'abonné sélectionnées, l'établissement d'un canal de communication conforme aux normes d'association de sécurité IPsec (SA) entre l'équipement de passerelle numérique et le système de réseau de services après avoir reçu la réponse non autorisée renvoyée par le système de réseau de services, la réception d'une requête d'accès renvoyée par le second terminal de réseau, et l'envoi de la requête d'accès renvoyée au système de réseau de services par le biais du canal de communication établi conforme aux normes SA IPsec,

dans lequel le premier terminal de réseau et le second terminal de réseau sont connectés à l'équipement de passerelle, et le second terminal de réseau n'est pas configuré avec les informations de certification d'abonné auprès du système de réseau de services.


 
6. Equipement de passerelle selon la revendication 5, dans lequel le module de traitement de service multimédia de passerelle comprend :

un module d'obtention d'informations de certification d'abonné, adapté pour obtenir les informations de certification d'abonné auprès du système de réseau de services depuis le premier terminal de réseau ;

un module de mandataire de service multimédia de passerelle, adapté pour terminer la certification d'accès auprès du système de réseau de service en utilisant les informations de certification d'abonné auprès du système de réseau de service obtenues par le module d'obtention d'informations de certification d'abonné.


 
7. Equipement de passerelle selon la revendication 6, dans lequel le module de traitement de service multimédia de passerelle comprend en outre :

un module d'interrogation de capabilité de service et de prise de décision, adapté pour répondre à une requête d'interrogation d'abonné envoyée par le module mandataire de service multimédia, et obtenir les informations de certification d'abonné auprès du système de réseau de services dans le premier terminal de réseau au moyen du module d'obtention d'informations de certification d'abonné.


 
8. Equipement de passerelle selon l'une quelconque des revendications 5 à 7, dans lequel
le module de traitement de service multimédia de passerelle comprend en outre :

un module de traitement de requête de service, adapté pour recevoir une requête de service auprès du système de réseau de services lancée par le second terminal de réseau qui nécessite un service fourni par le système de réseau de services et a sollicité le système de réseau de services ;

un module de détermination de capabilité de service, adapté pour déterminer qu'une capabilité de service de l'abonné sollicité lançant la requête de service satisfait ou non les exigences de capabilité de service de la requête de service, et dans l'affirmative, le module de traitement de requête de service envoie la requête de service au système de réseau de services ; dans la négative, le module de traitement de requête de service envoie une requête de réenregistrement au terminal de réseau lançant la requête de service ;

un module de sélection d'abonné, adapté pour exécuter l'enregistrement d'un abonné satisfaisant les exigences de capabilité de service en fonction des exigences de capabilité de service dans la requête de réenregistrement et des informations de certification d'abonné auprès du système de réseau de services configurées sur le premier terminal de réseau après avoir reçu la requête de réenregistrement lancée par le second terminal de réseau.


 
9. Système d'accès, comprenant un équipement de passerelle selon l'une quelconque des revendications 5 à 8.
 




Drawing
































Cited references

REFERENCES CITED IN THE DESCRIPTION



This list of references cited by the applicant is for the reader's convenience only. It does not form part of the European patent document. Even though great care has been taken in compiling the references, errors or omissions cannot be excluded and the EPO disclaims all liability in this regard.

Patent documents cited in the description