Method to prevent from frequent interaction operations of network selection in wireless local area network

FIELD: mobile communications.

SUBSTANCE: each time when it is necessary to output information on available mobile telecommunication networks, it is required to determine if output of information on available mobile telecommunication networks is allowed on the basis of the number of information transmissions performed within certain period of time. If the transmission is allowed, information on available mobile telecommunication networks is transmitted and number of performed transmissions is registered; otherwise information transmission is stopped. When value of the period for decision making is changed, the record of transmission number is updated. If after stop of information transmission a request is received for information output, this request is left without answer or the information is transmitted after delay.

EFFECT: protection of Wireless Local Area Network (WLAN) against frequent interaction operations of network selection.

19 cl, 8 dwg

 

The subject of invention

The present invention relates to methods of network access, in particular to a method of preventing frequent communication activities for network selection in a wireless local area network (WLAN).

The level of technology

As a reflection of the users ' needs in an increasingly high-speed wireless access to the network, appeared WLAN, capable of providing high-speed wireless data access on a relatively small area. WLAN use a variety of methods, among which the most frequently used technical standard IEEE802.11b. This standard uses the 2.4-GHz frequency band with data rate up to 11 Mbit/s To other technical standards that use the same frequency range are IEEE802.11g and Btuetooth, where the data rate in the IEEE802.11g standard is up to 54 Mbit/s and There are other new standards, such as IEEE a and ETSI BRAN Hiperlan2 that use the 5 GHz frequency range with a speed transmission of up to 54 Mbit/s

Although there are various standards for wireless access, most of the WLAN used for transmission of data packets on the Internet Protocol (IP Protocol). Specific standard access WLAN adopted wireless IP network, typically transparent to the IP Protocol of the highest level. Such a network is typically configured with paragraphs the start of (PD (AR)) for the implementation of wireless user equipment (OP) WLAN and control devices network and connect it to implement IP transmission.

Along with the growth and development of WLAN, the focus of research shifted to the interaction of the access network WLAN (SD WLAN) with various mobile networks such as GSM, CDMA, WCDMA, TD-SCDMA and CDMA2000. In accordance with the requirements of the 3GPP standards, OP WLAN can be connected to the Internet or Intranet via SD WLAN, and can also be connected via SD WLAN to home or to the guest network of the 3GPP system. More specifically, in the implementation of local access OP WLAN connect to a home network 3GPP via SD WLAN, as shown in figure 2. When roaming it will be connected via DM to the guest WLAN 3GPP network. Some features guest network 3GPP connected to respective objects in the home network 3GPP, for example, the proxy server 3GPP authentication, authorization and accounting (AAA) on the guest network is connected to the AAA server in the 3GPP home network, a WLAN access gateway (SDB (WAG)in the guest network connected to the gateway packet data (SPD (PDG)in the home network, as shown in figure 1. 1 and 2 is a diagram representing a network architecture WLAN interacting with the system 3GPP, respectively, while roaming without it.

As shown in figure 1, the 3GPP system consists mainly of the home subscriber server (ASD (HSS)/ register home subscriber (RDA(HLR)), server, the 3GPP AAA proxy 3GPP AAA, SDB (WAG), SPD (PDG) gateway for communication with the charging system (SSST (CGw))/ NAK is building rating data (NTD (CCF)and the network billing system (FTAs (OCS)). OP WLAN, SD WLAN and all objects of the system 3GPP together constitute a network of interaction between 3GPP - WLAN, which can be considered a WLAN service system. Usually SD WLAN and 3GPP system are collectively referred to as network side or simply WLAN. In this service system server, the 3GPP AAA is responsible for authentication, authorization, and accounting OP WLAN, for collecting metering information sent from the SD WLAN, and for transmitting information to the charging system; SPPD (PDG) is responsible for the transmission of user data from the SD WLAN in 3GPP network or other packet data network; a rating system mainly receives and registers SMDR information on OP WLAN, while FTAs (OCS) administers the network on a periodic transmission network tariff information in the accounting system user costs, paying for network, and performs the appropriate statistical and control operations.

If no roaming OP WLAN want to get direct access to the Internet/Intranet, OP WLAN can access the Internet/Intranet via SD WLAN after DM will authenticate using the AAA-server. If OP WLAN wants to access the service domain switching packages (CP (PS)) of 3GPP system, it may optionally request to the home network 3GPP service scenario 3. Other the words, OP WLAN initiates a request for authorization of services for scenario 3 in the AAA server in the home network 3GPP, which performs authentication and authorization services for this request; upon successful authentication and authorization AAA-server sends OP WLAN message about permission and assigns to the OP WLAN appropriate SPD (PDG). After establishing a tunneling channel between OP WLAN and assigned SPPD (PDG) OP WLAN will be able to access domain switching packets KP (PS) 3GPP. Meanwhile, the offline charging system and CST (OCS) records SMDR information in accordance with the employment network equipment user WLAN. If roaming OP WLAN want to get direct access to the Internet/Intranet, it asks for access to the Internet/Intranet in the home 3GPP network via the guest network 3GPP. If OP WLAN wants to request a service for scenario 3 to gain access to the domain of CP (PS) system, 3GPP, OP WLAN should initiate the authorization process services in the home 3GPP network via the guest network 3GPP. Similarly executed authorization between OP WLAN and the AAA server in the home network 3GPP. After successful authorization, the AAA server assigns OP WLAN appropriate home SPPD (PDG). and in this case the OP WLAN accesses the service in the 3GPP domain of CP (PS) home network once installed tunnel to the personnel assigned SPPD (PDG) through SDB (WAG) guest network 3GPP.

As shown in Figure 3, if the WLAN network interaction 3GPP - WLAN at the same time connected with a lot of guest 3GPP networks, in other words, with a number of operating networks of mobile communications (here the term "guest network 3GPP" refers to the guest terrestrial mobile networks for General use (GSMAP (VPLMN)), OP WLAN will have to choose the right GSMAP (VPLMN)to which you want to access after the OP WLAN will have access to the WLAN. For example, in China the SD WLAN can be simultaneously connected to two working GSMAP (VPLMN) - China Mobile and China Unicom. If the user network China Unicorn tries to gain access through the WLAN, the user must give the command SD WLAN for accessing the current GSMAP (VPLMN) China Unicom. Here's another example: if a French user moves to a WLAN in China and the home network of the French user has a roaming protocols with both China Mobile and China Unicom, in this case French you will have to choose GSMAP (VPLMN) for access after gaining access to the WLAN, which is connected with China Mobile, and China Unicom.

Diagram of the proposed network selection in another patent application, illustrated by steps 401˜408 in figure 4. When OP WLAN accesses networks 3GPP - WLAN via WLAN after OP WLAN has established a wireless connection with SD WLAN, done what is access authentication between OP WLAN and network. It should be clear that access authentication includes the entire process of authentication and authorization. In addition, the network will ask the OP user ID. After that, the OP sends a response message containing information about the network selection, SD WLAN, and the SD WLAN identifies the existing mobile communication network to which is going to access the OP, in accordance with this information about the network selection. If the information about the network selection can be identified, then the OP will be connected to the selected network for authentication of access and subsequent operations. If OP has no information about the network or if the network selection cannot be identified, i.e. the network has no direct connection with WLAN, the network sends to the OP WLAN information on existing mobile networks to tell the OP what the existing mobile communication network connected to the WLAN, and allow the OP to make a choice. Information about the network selection refers to information about the current mobile communication network to which the OP wants to access; this information can be recorded separately configurable in the field or in the field with the user ID specified in the format identifier of the network access IDS (NAI)).

When you need to give information about the existing mobile networks, if the user is eh again and again maliciously sends information about the network selection, which SD WLAN cannot be identified, the network will have to repeatedly pass on OP information on existing mobile networks. As the volume of information on existing mobile networks to select from OP large, continuous and repetitive transfer of such information causes unnecessary load on the network and leads to a state of the network is busy and even to interrupt normal service. Moreover, the user can very easily intentionally to attack the network with the help of this technique, as well as at this point the authentication OP is still not met, then such a malicious user, it is difficult to track and identify. To date no one has yet proposed a specific solution for this problem.

The invention

In view of the foregoing, the purpose of the present invention is to provide a method for protecting WLAN from frequent communication activities on the network selection that is guaranteed not to overload WLAN because of the mechanism of the network selection or damage from an attack from OP malicious user.

To achieve this goal the present invention is the following technical solution.

The way to protect the WLAN from frequent operations interaction to select a network, comprising the following steps:

a) after you establish a wireless connection between the OP WLAN and SD WLAN, OP WLAN poyle the information about the network selection SD WLAN in the interaction process with the goal of authentication access initiated by the network side or the OP WLAN;

b) the network side decides whether the received information about the network selection of the current mobile communication network to which is connected the SD WLAN; if belongs to, then OP WLAN sends a request for authentication of access to the existing mobile communication network identified by the information network selection.

If the received information about the network selection does not belong to the current mobile communication networks to which is connected the SD WLAN, the method further includes the following steps:

b) decide whether the provision of information on existing mobile networks depending on the number of transfers specified information within a certain period of time; if enabled then display the information on existing mobile networks to OP and register the number of transmission of this information; otherwise, cease transmission of information about the existing mobile networks, while the number of transmission information represents the number of implemented network transmission, or the number of failed authentication to the OP, or a combination of the above two numbers.

The claimed method further includes the following steps: pre-set the duration of the time window decision-making and the step of forwarding data for generation of information on de the existing mobile communication networks, moreover, the duration of the step of forwarding does not exceed the duration of the time window decision. The time window decision represents a time window decision network, or a time window of decision-OP, or a combination of both.

The claimed method further includes the following steps: pre-set maximum total number performed by the network transmission within the time window of a decision by the network and the number of transmissions during the step of forwarding, and the permissible number of transfers per step forward does not exceed the total number of the transmission network within the time window of a decision by the network; in this case, the number of transmission information on the stage) represents the number of transmission made by a network, and the decision at the step C) includes the following steps: determine whether the number of implemented network transmission total transmission network; if exceeds, the transfer of information about the existing mobile communication networks are not allowed; otherwise send information on existing mobile networks.

The claimed method further includes the following steps: pre-set maximum total number of transmissions for a single OP within a time window of decision-OP and the permissible number of transfers within the Sha is and forwarding moreover, the number of transmissions during the step of forwarding does not exceed the total number of transmissions for a single OP within a time window decision single OP; in this case, the number of transmission information on the stage) represents the number of failed authentication to the OP, and the decision at the step C) includes the following steps: first, determine whether there is a record of failed authentication according to the OP ID OP; if not exists then display the information on existing mobile networks; otherwise, determine whether exceeds the number of failed authentication to the OP the total number of renditions information on OD; if not exceeds, that provide information about the existing mobile communication networks; otherwise, the transmission of information about the existing mobile communication networks are not allowed.

The claimed method further includes the following steps: pre-set maximum total number performed by the network transmission within the time window of a decision by the network and the maximum number of transmissions per step forward, and the permissible number of transfers per step forward does not exceed the total number performed by the network transmission within the time window of a decision by the network; in addition, a pre-set maximum total number of gears single the Item within a time window of decision-OP and the permissible number of transfers during a step forward, moreover, the number of transmissions during the step of forwarding does not exceed the total number of transmissions to the OP within a time window of decision-OP; in this case, the number of transmission information on the stage) represents the number of transmission network and the number of incorrect identifications to the OP, and the decision at the step C) includes the following steps: first, determine whether the number of implemented network transmission total transmission network; if you exceed the transfer of information about the existing mobile communication networks are not allowed; otherwise, determine whether there is a record of failed identification for OP according to the ID, OD; if not exists then display the information on existing mobile networks; otherwise, determine whether exceeds the number of failed identification for OP full number of gears to the OP; if not exceeds, it is giving information about the existing mobile communication networks; otherwise, the transmission of information about the existing mobile communication networks are not allowed.

In the above scheme, the ID of the OP is the ID address of the Protocol control access to the transmission medium (UDPS (MAC)of this OP, or VAT (NAI) of this OP, or the account number of this OP, or the IP address of this OP.

The claimed method further includes the following steps: when each time window decision-making is moved one step forward forward the new number of the transmission data within a time window decision is updated and becomes equal to the number of transmission minus the allowable number of transmissions during a step forward.

In the above scheme, the maximum number of transmissions for the step of forwarding set as the ratio of the total allowed number of transmissions within a time window decision to the duration of the time window decision. The duration of the time window decision, the duration of the step of forwarding and number of gears within the time window of decision is determined in dependence on operating parameters of the system, the number of users on the network strategy and network management.

The claimed method further includes the following steps: specify one parameter, the time window decision and step forward; in this case, the method further includes the following steps: one option to set total allowable number of transmissions within a time window decision-making and the allowed number of transmissions during a step forward.

The claimed method further includes the following steps: after the termination of transfer register the received request information about the existing mobile communication networks, which should be transmitted after a delay, and respond to the request after a time delay.

On the stage at the network side sends to the OP information about all existing mobile communication networks, connected to the SD WLAN, or displays information about all existing mobile communication networks, having a connection with the SD WLAN and protocols roaming from a home network of this OP.

According to opened in the claimed invention to remedy WLAN from frequent communication activities on the network is selected, each time you request information about existing mobile communication networks, OP sent in the network, register ID, OP, for example, address UDPS (MAC)or IDS (NAI), or account number, or IP address of the OP, and determines sent if the OP request repeatedly during a certain period of time. If sent repeatedly, the network immediately stops responding or closes the connection. Thus, to prevent network overload due to frequent operations network selection OP WLAN and frequent activation of the procedure for issuing information about the existing mobile networks. In addition, to prevent attacks from OP malicious users that use this technique and, to some extent, reduce the network load. This increases the speed of the reaction network and the transmission rate.

Additionally, if for any WLAN undesirable to certain OP learned about terrestrial public mobile (NSMAP (PLMN)), connected directly to this WLAN and has no connection with this OP, the specified WLAN OTP the representatives of this OP list only those GSMAP (VPLMN), who are roaming with home land mobile network public use (DNSMAP (HPLMN)of this OP. But if OP simulates belonging to another DNSMAP (HPLMN), using different IDS (NA)I, then the corresponding GSMAP (VPLMN) will be identified by way of polling. In this case, in order to avoid the above problem, you can use the evaluation mechanism and limitations provided by the present invention.

Brief description of drawings

Figure 1 shows the diagram of the network architecture of interaction between WLAN and 3GPP system when roaming;

figure 2 presents the diagram of the network architecture of interaction between WLAN and 3GPP system without roaming;

figure 3 presents a diagram of the network architecture WLAN connected with many guest networks;

4 shows the block diagram of the interactive process of selecting hardware user's current mobile phone network to access according to the prior art;

figure 5 presents the block diagram of the interactive process of selecting hardware user's current mobile phone network to access according to the present invention;

figure 6 presents the block diagram of the interactive process of selecting hardware user's current mobile phone network to provide access in one implementation, the crust is asego invention;

figure 7 presents a block diagram of the interactive process of selecting hardware user's current mobile phone network to provide access in another implementation of the present invention;

on Fig presents the block diagram of the interactive process of selecting hardware user's current mobile phone network to access another implementation of the present invention.

The embodiments of the invention

As shown in Figure 3, the basic idea of the present invention to prevent frequent communication activities WLAN for network selection is the following: when required to give information about the existing mobile communication networks, each time you issue the specified first information depending on the number of communications made during a certain period of time is determined, resolved, or not giving information about existing mobile networks. If transfer is allowed, then perform the transfer of information about the existing mobile networks and the registration number of the executed transmission data; otherwise, data transmission is stopped. If there is a change period of the decision, then update the registration transmission. If after the termination of the transmission request received for delivery of the information, the leave request is unanswered or information passed after some delay. A particular variant of the process of implementation is presented in Figure 5 and consists of the following steps: steps 501˜506 is exactly the same as steps 401˜406 from the prior art.

In practice, if the information about the network selection does not belong to the current mobile communication network associated with the WLAN according to the evaluation in step 405, the network sends to the OP WLAN notification tone, and the OP WLAN performs the following operation depending on the signal notification. Here there are two modes of signal transmission of the notification sent from the network to the OP; in one mode, the notification signal directly provides information about the existing mobile communication networks, which want to transmit the network; in this case the OP WLAN or WLAN user can make a direct choice of this information; in another mode, the notification sound is used only to inform the OP that selected information about operating mobile networks invalid, and for submission to the OP command to load information; in this case, the OP can decide the direction in the network request information about existing mobile networks communication. The aim of the present invention is only the first mode, i.e. the mode when all networks send OP information on existing mobile networks in the form of a signal notification.

Steps 507˜510: make a decision relative activities is but whether transfer to OP information about the existing mobile networks. If the transfer is authorized, the transfer occurs on the OP information about the existing mobile networks and record the number of transmission information. When receiving information about the existing mobile network OP selects a network according to this information. If transfer is not allowed, then cease transmission of information about the existing mobile networks. If there is a change of the period of decision-making, it updates the record number of the transmission. If after the termination of the transmission request received for delivery of the information, they leave unanswered or is the transmission delay information. In the case of transfer delayed write the received request information about the existing mobile communication networks, which should be transmitted after a delay, respond to the request after a time delay and transmit information.

In step 507 assess whether the transfer of information about the existing mobile networks, depending on the number of completed transmission of information within a certain period of time. The number of transmission information may include the number of implemented network transmission, or the number of failed authentication to the OP, i.e. the number of transmission OP, or the number of implemented network transmission and the number of unsatisfactory is different identity to the OP. When there is a record number of failed authentication to the OP, then write the ID of the OP. In addition, information on existing mobile networks, transmitted by the network on the OP for network selection, keep in a special recording device information in the network, which typically contains the following parameters: the name of the network bandwidth of the network, quality of service (QoS (QoS), frequency range, bandwidth, services, scenarios WLAN, which may be provided, the rate of accrual of payment, type of service, etc. When the network transmits information about the existing mobile networks associated with the WLAN, it transmits information on all current mobile network, United with SD WLAN, or transmits only information about guest network that has a roaming agreement with your home network, the specified OP. If the guest network is not, then the network may transmit information or to inform the user that agreements on roaming no.

For the above diagram there are three approaches to the cessation of transmission of information.

The first approach is to pre-setting the time window decision network and its duration, as well as in setting a maximum total number of transmissions within a time window decision. If the number is performed for the transmission of information has exceeded this total number, the data transmission is stopped. For example, given a time window decision network 20 minutes and the total number of transmissions during these 20 minutes - 500. If the information will pass 500 times in less than 20 minutes and the number of the next transmission will be 501, the data transmission will stop. Of course, in the next 20 minutes the record is updated, and the decision will be made again. Here are pre-defined time window decision dynamically, i.e. the initial time window decision may be set to any and the time window is moved in the process step forward by an amount not exceeding its duration. In addition, set the allowable number of transmissions per step forward, not exceeding the total number of transmissions for the network. For example, take as a starting point, a fixed point in time and ask the duration of the step of forwarding the time window decision 1 minute; then will be determined by a 20-minute time window for a decision from the 1st to the 21st minute, starting from the base point and the new 20-minute time window for a decision from the 2nd to the 22nd minute, starting from the base point. Updating a record number of transmissions in a time window decision is subtract the allowed number of transmissions per step forward from the already completed transmission. The maximum number of transmissions for step perusal and set as the ratio of the total number of transmissions for the network for the duration of the time window decision network; in this case, at each subsequent step of forwarding the number of already executed transmission is reduced by this ratio. For a particular case, the allowable number of transmissions per step forward is 500 times/20 minutes, that is, 25 times per minute. Then every minute the number of already executed transmission is reduced by 25, and if the original number has completed transmission of information is less than 25, the number of directly set equal to 0. This scheme determine the permissible number of transfers per step forward for the duration of the time window decision-making and a maximum total number of transfers in this window can also be used to implement intelligent configuration and management of network congestion, during which the duration of the time window decision-making and the step of forwarding defined operating parameters of the system, the number of users on the network strategy and network management.

Another approach is that pre-set time window decision by the user equipment and the duration of this window and specify a valid network number of gears of information on existing mobile networks each OP within a time window decision. Also ask the step of forwarding the time window decision and allowed number of transmissions per step forward, and the permissible number of transfers per step is recylce does not exceed the number of transmissions within a time window decision. Each time record the identity of the recipient OP, which provide information about the existing mobile networks, and this identifier may be a VAT (NAI), address UDPS (MAC), an account number or IP address for this OP. Based on this ID appreciate the OP, than the number performed for this OP transmission of information about the existing mobile networks pre-defined number. If this number is exceeded, the transmission of information ceased. For example, the time window decision pre-set to 20 minutes, and the information given to each OP a maximum of 20 times within every 20 minutes; in this case, the information will no longer be transmitted, if the information was passed on OP 20 times in less than 5 minutes. It is obvious that within the next 20 minutes, the record will be updated, and an evaluation will be performed again. In the case of controlling the number of transmissions for each user, the answers to the OP, constantly requesting the issuance of information, control by changing the step forward and the allowed number of transmissions per step forward. For example, the step of forwarding a time window of decision-OP set to 5 minutes, and the maximum number of transmissions for the step of forwarding is 5 or 3, in this case at the beginning of the next 20 minutes, i.e. from 5-th to 25-th minute, the record update. In the specific example, when the 5-th minute of the 20 registered transmission in 5 minute recorded the number of transmissions is reduced by 5 or 3, i.e. the user equipment is allowed 5 attempts or 3 attempts.

The maximum duration of the step of forwarding may be equal to the duration of the time window decision, i.e. to 20 minutes; then at the beginning of each subsequent time window decision the number of the transmission can be reset, if the permissible number of transfers per step forward is also equal to 20. Number of gears for the step of forwarding can also be set arbitrarily, for example, equal to 8; then record the number of transmissions within the next 20 minutes can only be reduced by 8. Thus, if OP uses (for example, if the OP would provide information) more than 8 attempts within the first 20 minutes, i.e. from the 1st to the 20th minute, for example, 15 attempts, the permitted number of gears in the next 20 minutes (21 on the 40th minute) is less than 20, i.e. the 20(15-8)=13 times.

Here can be set to different values the total number of transmissions for each OP, or for all OP can be set to the same number of gears; the time window decision is still dynamic. In addition, from the access controller (KD) can be obtained address UDPS (MAC) OP.

The third approach consists in the following: pre-set time window decision network, the time window decision OP and duration of both time Windows, and at the same time specify the total number of transmissions for a temporary on the but the decision by the network and the total number of transmissions per time window decision OP. First, assess whether the number of implemented network transmission the total number of transmissions for the network. If exceeds, the data output stop; otherwise, ID OD determine whether there is a record of the number of transmissions to the OP. If the entry does not exist, perform the direct transmission of information; otherwise, perform another assessment of whether the number of failed identification for OP full number of gears. If exceeds, the data output stop; otherwise, display the information. Here the time window decision still dynamically.

In the three described approaches, the time window decision network and the time window of decision-OP can be different time Windows of the decision, with different duration and different steps forward, also set with different number of gears and different value pack for the respective steps forward. Or the time window decision network may coincide with a time window of decision OP. The duration of the time window decision and step forward can be set to the same or different. In practice, the time window decision and step forward can be combined and set one parameter, for example, tact decision. In this case, the step of forwarding always RA is Yong duration of the time window decision, that simplifies the implementation and configuration parameters. Similarly, if the permissible number of transfers per step forward and allowed number of transmissions per time window decision set are equal, then these two parameters can also be combined into one, for example, the allowable number of transmissions per cycle decision-making. Thus, if four parameters are combined in two parameters, the decision on granting information will be simplified and represents the decision whether to provide the information on the OP, on the basis of the permissible number of transfers per cycle. It is obvious that even at Association time window decision and step forward in one parameter allowed number of transmissions per step forward and allowed number of transmissions per time window decision can be set separately, and in such circumstances the maximum number of transmissions for a step forward use to update the record number of gears, while the number of transmissions per time window decision is used as the basic allowable number of transmissions per cycle decision-making.

Depending on the network bandwidth, you can select and use to help protect your network from various attacks one of the described three approaches to stop issuing information. As for ID, OD, then use the address UDPS (MAC) is better than VAT (NAI).

Figure 6-8 shows three exemplary embodiment corresponding to the above three approaches to stop issuing information. As shown in steps 607-609, an end of data output figure 6 is the achievement of a number of completed transmission of the total number of transmissions for the network. As shown in steps 707-711, the issuance or termination of delivery of the information depends on the joint assessment of whether there is a record of failures of the second identification ID OD and larger than the number of failed authentication to the OP the total number of transmissions for this OP. As shown in steps 807-811, the issuance or termination of delivery of the information depends on the joint assessment of whether the number of completed transmission of information, the total number of transmissions for the network. is there a record of failed identification for ID, OD and reached whether the number of incorrect identifications of the total number of transmissions to the OP, and the number of failed authentication in step 809 represents the number of completed transmission of information to the OP. Steps 601˜606 and 610 figure 6, steps 701˜706 and 712 7 and steps 801˜806 and 812 on Fig similar, respectively, to steps 501˜506 and 510 in figure 5.

In the present invention resumes transmission occurs at the beginning of the next measure after cessation of transmission occurred, if the number of transmissions within a time window of decision-making has reached a predetermined total number of transmissions. For example, suppose that as the time window decision-making, and the step of forwarding is set to 20 minutes, and the total number of transmissions is set to 50 for every 20 minutes; if the information was issued 50 times within the first 10 minutes, then in the next 10 minutes the information is not given, and the data output resume at the beginning of the next 20 minutes after updating the record.

Based on the above ideas, with multiple malicious user attempts to access the network using identifitsiruemosti IDS (NAI), when the same VAT (NAO)carrying non-identifiable information network selection repeatedly finds himself within a certain period of time, unsolicited provision of information on existing mobile networks cease using the scheme presented in the claimed invention. Thus, prevent the OP repeatedly to activate the procedure for issuing information about the existing mobile communication networks using the same IDS (NAI), unidentifiable network.

With regard to network congestion, prevent it by controlling the total number of transmissions by the network information about the existing mobile communication networks within a certain period of time. Thus, although it may affect the speed of standard user access, the network will not experience congestion due to operations of network selection.

In the case where a malicious user repeatedly tries to accelerate the delivery of information using VAT (NAI) an authorized user, so that the legitimate user can not the usual way to get issued information for network selection, recognition you can use the address UDPS (MAC). Because there is a registration of the user who failed to authenticate, or chose unidentifiable network or that the network has given the information about the existing mobile communication networks, the answer will not be sent if the user identified by the same address UDPS (MAC), triggers the selection of unidentifiable network, i.e. again or repeatedly sends unidentifiable network IDS (NAI); thereby prevent the user to attack the network, constantly changing IDS (NAI).

In short, the invention prevents various malicious attacks on the network or overloading. However, the above implementations of the claimed invention are only the preferred options, not limit its patent protection.

1. The way to prevent frequent communication activities for network selection in a wireless local area network (WLAN), containing the following steps:

a) after you establish a wireless connection between the user equipment (OP) WLAN and network access (DM) WLAN, OP WLAN sends information about the network selection SD WLAN in the interaction process with the goal of authentication access initiated by the network side or the OP WLAN;

b) the network side decides whether the received information about the network selection of the current mobile communication network to which is connected the SD WLAN, if belongs to, then OP WLAN sends a request for authentication of access to the existing mobile communication network identified by the information network selection,

trichosis fact, what if the received information about the network selection does not belong to the current mobile communication networks to which is connected the SD WLAN, the method further comprises the following steps:

b) decide whether the provision of information on existing mobile networks, depending on the number of transfers specified information within a certain period of time, if allowed, give information on existing mobile networks to OP and register the number of transmission of this information, otherwise, cease transmission of information about the existing mobile networks.

2. The method according to claim 1, characterized in that it further includes the following steps: pre-set the duration of the time window decision-making and the step of forwarding data for generation of information on existing mobile networks, and the duration of the step of forwarding does not exceed the duration of the time window decision.

3. The method according to claim 2, characterized in that the duration of the time window decision and step forward set in dependence on operating parameters of the system, the number of users on the network strategy and network management.

4. The method according to claim 2, characterized in that the time window decision represents a time window decision network, or time window decision the OP recombinatio two of these Windows.

5. The method according to claim 4, characterized in that it further includes the following steps: pre-set maximum total number performed by the network transmission within the time window of a decision by the network and the number of transmissions during the step of forwarding, and the permissible number of transfers per step forward does not exceed the total number of the transmission network within a time window decision.

6. The method according to claim 5, characterized in that the number of transmission information on the stage) represents the number of transmission made by a network, the decision at the step C) includes the following steps: determine whether the number of implemented network transmission total transmission network, if exceeds, the transmission of information about the existing mobile communication networks are not allowed, otherwise send information on existing mobile networks.

7. The method according to claim 4, characterized in that it further includes the following steps: pre-set maximum total number of transmissions for a single OP within a time window of decision-OP and the permissible number of transfers during a step forward, and the permissible number of transfers during the step of forwarding does not exceed the total number of transmissions to the OP within the time window of decision OP.

8. The method according to claim 7, about the tives such as those the number of transmission information on the stage) represents the number of failed authentication to the OP, the decision at the step C) includes the following steps: first, determine whether there is a record of failed authentication according to the OP ID OP, if does not exist, then provide information about the existing mobile communication networks, otherwise, determine whether exceeds the number of failed authentication to the OP the total number of renditions information on the OP, if not exceeds, that provide information about the existing mobile communication networks; otherwise, the transmission of information about the existing mobile networks do not allow.

9. The method according to claim 4, characterized in that it further includes the following steps: pre-set maximum total number performed by the network transmission within the time window of a decision by the network and the maximum number of transmissions per step forward, and the permissible number of transfers per step forward does not exceed the total number performed by the network transmission within the time window of a decision by the network, in addition, a pre-set maximum total number of gears single OP within a time window of decision-OP and the permissible number of transfers during a step forward, and the permissible number of transfers during the step of forwarding does not exceed the stage is valid the total number of transmissions to the OP within the time window decision.

10. The method according to claim 9, characterized in that the number of transmission information on the stage) represents the number of transmission network and the number of incorrect identifications to the OP, the decision at the step C) includes the following steps: first, determine whether the number of implemented network transmission total transmission network, if exceeds, the transmission of information about the existing mobile communication networks are not allowed, otherwise, determine whether there is a record of failed authentication according to the OP ID OP, if does not exist, then provide information about the existing mobile communication networks, otherwise determine whether exceeds the number of failed identification for OP full number of gears to the OP, if not exceeds, that provide information about existing mobile communication networks, otherwise the transmission of information about the existing mobile communication networks are not allowed.

11. The method of claim 8 or 10, characterized in that the identifier OP is the ID address of the Protocol control access to the transmission medium (UDPS (MAC)of this OP, or the identifier of the network access IDS (NAI)of this OP, or the account number of this OP, or the IP address of this OP.

12. The method according to claim 6, or 8, or 10, characterized in that the method further includes the following steps: when each temporary OK what about the decision moves one step forward forward the new number of the transmission data within a time window decision update and set equal to the number of transmission minus the allowable number of transmissions during a step forward.

13. The method according to claim 5, or 7, or 9, characterized in that the permissible number of transfers per step forward set as the ratio of the total allowed number of transmissions within a time window decision to the duration of the time window decision.

14. The method according to claim 5, or 7, or 10, characterized in that the number of transmissions within a time window decision set in dependence on operating parameters of the system, the number of users on the network strategy and network management.

15. The method according to claim 5, or 7, or 9, characterized in that it further includes the following steps: the time window decision and step forward to ask a single parameter.

16. The method according to item 15, characterized in that it further includes the following steps: total allowable number of transmissions within a time window decision and allowed number of transmissions during the step of forwarding specify a single parameter.

17. The method according to claim 1, characterized in that it further includes the following steps: after the termination of transfer register the received request information about the existing mobile communication networks, which must be passed after the backside of the LCD, and to answer the request after a time delay.

18. The method according to claim 1, characterized in that in stage C) the network side sends to the OP information about all existing mobile networks connected to the SD WLAN.

19. The method according to claim 1, characterized in that in stage C) the network side displays information about all existing mobile communication networks, having a connection with the SD WLAN and protocols roaming from a home network of this OP.



 

Same patents:

FIELD: radio engineering, in particular, method for transferring service of client stations in a hybrid wireless network according to standards IEEE 802.16e OFDMA, IEEE 802.11b and CDMA 2000 1xEV-DO; possible use, for example, in a hybrid wireless network compliant with standards IEEE 802.16e OFDMA, IEEE 802.11b and CDMA 2000 1xEV-DO.

SUBSTANCE: technical effect is achieved due to minimization of maximal load on a sector in each subset of the set of all sectors of a hybrid wireless network during selection of new set of servicing sectors, and also due to transfer of service of client stations only to those sectors, where service quality requirements are fulfilled for all client streams of these client stations.

EFFECT: increased efficiency of hybrid wireless network compliant with IEEE 802.16e OFDMA, IEEE 802.11b and CDMA 2000 1xEV-DO standards during transfer of service of client stations between sectors of a hybrid wireless network, while fulfilling service quality requirements for all service streams of all client stations of a hybrid wireless network.

1 cl, 11 dwg

FIELD: mobile communications engineering.

SUBSTANCE: invention claims a method for controlling speed of transmission of level 2 control information, which includes stages, at which mobile station is notified using radio network controller about first match of level 2 control information transmission data block size and ratio of transmission powers between extended dedicated physical data channel and dedicated physical control channel relatively to level 2 control information; ratio of level 2 control information transmission powers is set at mobile station, where aforementioned information is supposed to be transmitted on basis of aforementioned match; and from the mobile station, level 2 control information is transmitted using determined ratio of transmission powers.

EFFECT: increased efficiency of transmission in a mobile communications system.

9 cl, 15 dwg

FIELD: methods and devices for finding a route for routing a call from source node (SN) to destination node (DN) through communication network.

SUBSTANCE: in accordance to the invention, source node (SN) generates a random number and, depending on generated random number, at least one route between source node (SN) and destination node (DN) is going to be selected from source node (SN).

EFFECT: ensured search for shortest route through the network from source node (SN) to destination node (DN) through communication network with consideration of certain limitations, for example, on minimal width of band, maximal delay.

2 cl, 2 dwg

FIELD: network access technologies.

SUBSTANCE: invention describes an interaction method for fast selection of optimal mobile communication network by user equipment for access to wireless local network; firstly, during setup of connection to access station of wireless local network by user equipment the wireless local network makes a decision, whether information about identifier of access station of wireless local network exists in stored information about identifiers; if "yes", then network selection information, corresponding to stored wireless local network identifier, will be dispatched to access station of wireless local network; in the opposite case, a mobile communications network configured in advance and having highest priority is considered to be information about selection of network; access station of wireless local network identifies the mobile communication network to access in accordance with network selection information, contained in authentication request, and connects user equipment of wireless local network to selected network to perform authentication. The method includes selection of mobile communication network for fast access by user equipment of wireless local network, when user equipment of wireless local network conducts access from wireless local network which is connected to a set of mobile communications networks.

EFFECT: increased efficiency.

24 cl, 7 dwg

FIELD: system and method for distributed receipt with selection of multicast content.

SUBSTANCE: invention is realized in a network which has several cells, which may communicate with one or several terminals, such as user equipment. Terminals are made with possible selection of certain cell or cells with which they wish to communicate. At least some cells which transmit multicast content also transmit cell information relatively to one or several cells which transmit one and the same multicast content. Terminal selects one of the cells, which transmit multicast content, on basis of that information.

EFFECT: increased efficiency.

3 cl, 3 dwg

FIELD: wireless communications.

SUBSTANCE: in accordance to the invention, systems and methods include wireless information exchange, where module or communication device is configured to select first and second pairs of terminals, where the first pair of terminals has first transmitting terminal and first receiving terminal, and second pair of terminals has second transmitting terminal and second receiving terminal; planning of first signal transmission from first transmitting terminal to intermediate terminal, where first transmission of signal is meant for first transmitting signal; planning, simultaneously with first signal transmission, of second signal transmission from second transmitting signal to second receiving terminal; and planning of power level for each one of first and second signal transmissions, which matches the target quality parameter for each one of intermediate terminal and second receiving terminal.

EFFECT: reliable and efficient algorithm of planning of signal transmission and power level of such transmission.

4 cl, 7 dwg

FIELD: technology for providing real time communication between a phone and Internet network users.

SUBSTANCE: the method for setting up communication line between first terminal having dedicated routed address, working in first network, and second terminal, working in second network, wherein each terminal is identified by means of an alias address, to which one of the set of routed addresses may be assigned, includes the following: the request for setting up a connection from first terminal includes address of function for ensuring inter-network interaction, through which calls are routed from first network for second network, connection setup request is routed to function for ensuring inter-network interaction, first terminal also communicates the alias address for second network terminal to the function for ensuring inter-network interaction, the routed address, assigned to alias address, is determined through function for ensuring inter-network interaction, and communication line is set up between first and second terminals through routed address.

EFFECT: the mobile terminal does not "dial" the address of electronic mail client, but instead requests a setup of common phone call (voice or video) with the function for ensuring inter-network interaction (IWF).

2 cl, 5 dwg

FIELD: data transmission networks.

SUBSTANCE: in accordance to the invention, value of header or a mark mentioned in given document as identifier of source station (SSID), is added to the header of encapsulated packet, for example, by adding SSID as a mark to the bottom stack of marks of multi-protocol commutation based on mark (MPLS). SSID includes unique identifier, which identifies the network boundary router of provider who is the source of the packet (PE). In certain variants of realization the IP-address of outgoing PE may be used as SSID for that PE. The PE which receives given packet, may then link the MAC-address of Ethernet source for received TLS traffic, for example, to outgoing PE. When an SSID of outgoing PE is available, receiving PE may determine, which commutation route of mark (LSP) should be used for sending Ethernet traffic to station with determined MAC-address.

EFFECT: reduction of marks in the address of the source station.

3 cl, 4 dwg

FIELD: communications engineering, possible use in mobile communications system.

SUBSTANCE: in accordance to the method, which includes user equipment and radio communication network controller, where the systems provides the multimedia broadcasting/multi-address service, the radio communication network controller measures the receipt confirmation delay for the primary cell, where the user equipment is positioned, and receipt confirmation delay for each neighboring cell, adjacent to primary cell. The radio communication network controller transmits multimedia broadcasting/multi-address data at one and the same time of transmission, considering receipt confirmation delay for primary cell and adjacent cells, so that user equipment may receive requested multimedia broadcasting/multi-address data. User equipment receives multimedia broadcasting/multi-address data, transmitted from appropriate cells, at one and the same time of transmission and performs soft aggregation of received multimedia broadcasting/multi-address data.

EFFECT: transmission of multimedia data to multiple users through wireless communication network.

3 cl, 6 dwg

FIELD: engineering of systems for signaling embedded data, and also for formatting and processing data streams with embedded data.

SUBSTANCE: method is claimed for providing a signal which represents main data, where main data include embedded data, while main data is provided with descriptor of main data for signaling content, included in main data, where the method contains stages: descriptor is generated for embedded data for signaling content included in embedded data, the descriptor of embedded data is provided outside the main data and the descriptor of main data.

EFFECT: increased efficiency of successful signaling about embedded data.

8 cl, 3 dwg

FIELD: optical communications.

SUBSTANCE: first, administrative information of subnet device, made by manufacturer, who is not SDH devices manufacturer, included in base net, in given area of structure of frame of synchronous transfer mode (STM-N), and then said structure of frame STM-N is sent to base net device, connected to noted subnet, with following transfer of frame structure through said base net into device of destination subnet. Using this method, administrative information of SDH devices of multiple manufacturers can be conveyed while using code-independent transfer mode through SDH devices of certain manufacturer.

EFFECT: higher reliability.

8 cl, 4 dwg, 1 tbl

FIELD: mobile communications.

SUBSTANCE: radio network controller determines maximal delay time and sends data to assembly B and user equipment. Assembly B receives maximal delay time and sends data to client equipment; repeatedly sends data and at the same time sets maximal delay time for detecting query from client equipment for repeated data transfer; prevents repeated data transfer after detecting second query from client equipment for repeated data transfer, being a result of incorrect receipt of repeatedly sent data, after passing of maximal delay time. Client equipment receives maximal delay time; transfers a query to assembly B for repeated data transfer and at the same time sets maximal delay time, if there is an error in data received from assembly B; awaits repeatedly sent data only during maximal delay time.

EFFECT: prevented cases of unnecessary repeated transfer.

6 cl, 6 dwg

FIELD: radio communications.

SUBSTANCE: radio network controller sends value of power deviation for controlling power of transfer of high-speed dedicated physical control channel of ascending communication line, when user equipment enters service transfer zone, in cell communication system, containing radio network controller, assembly B, connected to said controller and user equipment, being in one of at least two cell nodes, occupied by assembly B. assembly B sends data to user equipment via high-speed jointly used channel of descending communication line and user equipment transfers data, notifying about data receipt state, to assembly B along ascending communication line. Controller sends to user equipment a value of deviation of power to determine transmission power adjustment for ascending communication line, if it is determined, that user equipment is within limits of service transfer zone. Controller sends to assembly B value of power deviation, to allow assembly B to determine threshold value for data determining, noting data receipt state, dependently on power deviation.

EFFECT: high-speed data delivery to user equipment.

5 cl, 31 dwg, 4 tbl

FIELD: telephone communication systems combined with other electronic systems.

SUBSTANCE: proposed telephone communication system that can be used for voice communications between subscribers of local telephone networks by means of public computer networks has telephone set, local telephone communication line, interface unit, analog-to-digital converter, signal distributor, voice identification device, voice-frequency dialing identification device, pulse dialing signal detector, identified number transmission device, coder, compressor, computer, public computer network, decompressor, decoder, voice recovery device (voice synthesizer), called number information converter, voice and called signal transfer queuing device, and digital-to-analog converter.

EFFECT: enhanced quality of servicing subscriber using public computer network; enlarged functional capabilities of system.

1 cl, 1 dwg

FIELD: data package transmission in mobile communication lines.

SUBSTANCE: device for controlling data package transmission in mobile communication line, which has base receiving-transmitting system (RTS) provided with buffer for storing data packages to be transmitted to mobile station, has base station controller (BSC) for comparing size of RTS buffer with number of non-transmitted data packages after data packages are received from common use data transmission commutated circuit (CUDTCC). Non-transmitted packages have to be packages which have been transmitted from BSC to RTS but still haven't been transmitted from BSC to RTS. Transmission of data packages is performed if size of buffer exceeds number of non-transmitted data packages.

EFFECT: prevention of overflow of internal buffer of base receiving-transmitting system; prevention of efficiency decrease caused by next cycle of data package transmission.

19 cl, 15 dwg

FIELD: telecommunications; construction of burst-switching distributed communication systems (networks).

SUBSTANCE: proposed burst-switching distributed communication system meeting all advanced requirements to data transmission and designed for use in megapolises and in densely populated regions (cities) has junction stations disposed at locations of most densely crowded subscriber terminals; each junction station is connected to at least four adjacent junction stations via fiber-optic lines forming network architecture in the form of reference grid; each junction station has transceiving junction point connected to fiber-optic lines and to channel-forming junction point; the latter is connected to direction switching junction point, information service switching junction point, and trunk-communication switching junction point, subscriber communication junction point being connected to these junction points and via subscriber lines, to subscriber terminals; direction switching junction point similar in design to information service switching junction point and to automatic trunk communication switching junction point has transit junction point connected to channel-forming junction point and to subscriber junction point; direction comparison unit connected to channel-forming junction point, subscriber junction point, and direction address memory unit; and also control unit connected to transit junction point, direction address memory unit, and comparison unit; junction stations disposed near mobile communications base stations have their channel-forming junction points connected by means of fiber-optic line to mobile communications base station; junction stations residing near trunk exchanges have their channel-forming junction points connected by means of fiber-optic lines to trunk exchanges, and junction stations disposed near information service rendering junction points have their channel-forming points connected by means of fiber-optic line to information service rendering junction point; junction stations residing near telephone exchanges have their channel-forming junction points connected via fiber-optic lines to telephone exchange; channel-forming junction point has at least three channel-forming units and transceiving junction point has at least three transceiving units, each being connected through at least four fiber-optic communication lines to junction stations adjacent with respect to reference grid.

EFFECT: enhanced effectiveness and reduced cost of broadband communication system due to its minimized proximity of subscriber terminals.

3 cl, 3 dwg

FIELD: communications engineering.

SUBSTANCE: proposed device and method are used for voice frame/ data frame transmission in mobile communication system supporting ALL-IP network.Mobile phone sends heading information using synchronization frame and then separately transfers voice frame only; communication center B detects heading information in synchronization frame received, memorizes detected heading information, and upon receiving voice frame adds heading information to voice frame and transfers voice frame with added headings to base network.

EFFECT: provision for preventing addition of headings to traffics in mobile communication line.

39 cl, 7 dwg

FIELD: transmission of information in the form of files over data transfer networks or in the form of data files stored in physically transportable data storage means.

SUBSTANCE: information in the form of data files is classified using unique data classification key for each data file; data-file transfer priority protocols are generated around priority matrix that has items formed by combinations of chosen criteria values specified for transmission. Each classified data file is assigned at least one priority protocol chosen among protocols generated around classification key for data file. This protocol specifies conditions chosen for data file transmission. Communication channels are chosen for transmission basing on priority protocol assigned to data file, information access being given in one of three modes.

EFFECT: enhanced effectiveness of access and use by terminal information user.

24 cl, 4 dwg, 5 tbl

FIELD: data transfer networks, in particular Ethernet-based.

SUBSTANCE: device is made in form of multiple individually programmed single-port communication modules for access to common distributor bus 10, while each single-port communication module has: programmed micro-controller 1, made as access control block for transmitting environment Ethernet (MAC), containing processor with short command list (RISC CPU), and logic device 5 for distribution of data frames, including processing in real time scale and transmission to addresses frame destination ports of Ethernet data, received on said one-port communication module, transfer process is serial and is performed in save-and-send mode.

EFFECT: higher data distribution flexibility control.

2 cl, 7 dwg

FIELD: data transfer networks, in particular Ethernet-based.

SUBSTANCE: device is made in form of multiple individually programmed single-port communication modules for access to common distributor bus 10, while each single-port communication module has: programmed micro-controller 1, made as access control block for transmitting environment Ethernet (MAC), containing processor with short command list (RISC CPU), and logic device 5 for distribution of data frames, including processing in real time scale and transmission to addresses frame destination ports of Ethernet data, received on said one-port communication module, transfer process is serial and is performed in save-and-send mode.

EFFECT: higher data distribution flexibility control.

2 cl, 7 dwg

Up!