CN102026102B - Access control method and system - Google Patents

Abstract

Translated fromChinese

本申请提供了一种封闭用户组小区的接入控制方法和系统。所述接入控制方法包括：源节点获取控制用户设备接入封闭用户组小区的接入控制权限；通过源节点控制用户设备接入封闭用户组小区。所述接入控制系统包括源节点和移动管理实体，其中，源节点包括使能模块、权限获取模块和接入控制模块，移动管理实体包括审核模块和权限转移模块。通过使源节点具有接入控制权限，由源节点来确定用户设备是否有权限接入封闭用户组小区，从而可以减轻移动管理实体的处理负荷。

The present application provides a closed subscriber group cell access control method and system. The access control method includes: the source node obtains the access control authority to control the user equipment to access the closed subscriber group cell; and the source node controls the user equipment to access the closed subscriber group cell. The access control system includes a source node and a mobility management entity, wherein the source node includes an enabling module, an authority acquisition module and an access control module, and the mobility management entity includes an audit module and an authority transfer module. By enabling the source node to have the access control authority, the source node determines whether the user equipment has the authority to access the closed subscriber group cell, thereby reducing the processing load of the mobility management entity.

Description

Translated fromChinese

接入控制方法和系统Access control method and system

技术领域technical field

本申请涉及无线通信领域，尤其涉及一种通过源节点控制用户设备接入封闭用户组小区的方法和系统。The present application relates to the field of wireless communication, and in particular to a method and system for controlling user equipment to access a closed subscriber group cell through a source node.

背景技术Background technique

在3G技术逐步进入商用的同时，业界开始了对4G技术的研究与开发工作。自2004年下半年起，第三代合作伙伴计划(3rd GenerationPartnership Project，简称3GPP)启动了长期演进(Long Term Evolution，简称LTE)项目。LTE系统由核心网和接入网两部分组成。核心网包括移动管理实体(Mobility Management Entity，简称MME)和服务网关(Serving Gateway，简称S-GW)。接入网由若干个节点组成，所述节点可包括运营商部署的演进型节点B(Evolution Node B，简称eNodeB)以及家庭演进型节点B(简称Home eNode B)组成。用户通过用户设备，例如手机、上网本等接入eNode B或者Home eNode B所覆盖的小区而获得eNode B或者Home eNode B所提供的服务。有些小区允许用户随意接入，这样的小区被称作公共小区。而有些小区只允许某些具有接入权限的用户接入，这些具有接入权限的用户构成一个封闭用户组(Closed Subscriber Group，简称CSG)，这样的小区则被称作封闭用户组小区(简称CSG小区)。因此，需要对试图接入CSG小区的用户加以判断和限制。While 3G technology is gradually entering commercial use, the industry has started research and development of 4G technology. Since the second half of 2004, the 3rd Generation Partnership Project (3rd Generation Partnership Project, 3GPP for short) has launched the Long Term Evolution (LTE for short) project. The LTE system consists of two parts, the core network and the access network. The core network includes a Mobility Management Entity (MME for short) and a Serving Gateway (S-GW for short). The access network is composed of several nodes, and the nodes may include an evolved node B (Evolution Node B, eNodeB for short) deployed by an operator and a home evolved Node B (Home eNode B for short). Users access the cells covered by eNode B or Home eNode B through user equipment, such as mobile phones and netbooks, to obtain services provided by eNode B or Home eNode B. Some cells allow users to access at will, and such cells are called public cells. Some cells only allow certain users with access rights to access, and these users with access rights form a Closed Subscriber Group (CSG for short), and such cells are called closed subscriber group cells (abbreviated as CSG). CSG cell). Therefore, it is necessary to judge and restrict users who try to access the CSG cell.

目前，现有技术中通过核心网中的MME来控制用户设备接入CSG小区。MME可从目标CSG小区所属的eNode B或Home eNode B处获取允许接入该CSG小区的用户设备列表。由于MME负责维护用户设备标识与其有权限接入的CSG小区的关系映射表，因而根据该映射表即可获知某个用户设备有权限接入哪些CSG小区。MME将从目标CSG小区获取的允许接入该CSG小区的用户设备列表与自身维护的用户设备标识与CSG小区的关系映射表进行比对，即可确定某个用户设备是否有权限接入该CSG小区。At present, in the prior art, the MME in the core network is used to control the access of the user equipment to the CSG cell. The MME can obtain the list of user equipments allowed to access the CSG cell from the eNode B or Home eNode B to which the target CSG cell belongs. Since the MME is responsible for maintaining the relationship mapping table between the user equipment identifier and the CSG cells it is authorized to access, it can know which CSG cells a certain user equipment is authorized to access according to the mapping table. The MME compares the list of user equipments allowed to access the CSG cell obtained from the target CSG cell with the mapping table of the relationship between the user equipment identifier and the CSG cell maintained by itself, and then determines whether a certain user equipment is authorized to access the CSG district.

随着CSG用户数量的不断增大，MME执行CSG小区的接入控制的压力也随之增大。因此，在无线通信网络中选择MME之外的节点来实现CSG小区的接入控制成为亟待解决的问题。As the number of CSG users continues to increase, the pressure on the MME to perform access control of the CSG cell also increases. Therefore, selecting a node other than the MME in the wireless communication network to implement access control of the CSG cell becomes an urgent problem to be solved.

发明内容Contents of the invention

为了减轻MME执行CSG小区接入控制的负荷，本申请一方面提供了一种使源节点获取控制用户设备接入CSG小区的接入控制权限，通过所述源节点控制用户设备接入CSG小区的接入控制方法。In order to reduce the load of the MME performing CSG cell access control, on the one hand, this application provides a method for enabling the source node to obtain the access control authority to control the user equipment to access the CSG cell, and to control the user equipment to access the CSG cell through the source node. access control method.

本申请另一方面提供了一种CSG小区的接入控制系统。所述接入控制系统包括源节点和移动管理实体。所述源节点包括：使能模块，用于使所述源节点具有控制用户设备接入CSG小区的接入控制能力；权限获取模块，通过向所述移动管理实体发送请求而获取控制用户设备接入CSG小区的接入控制权限；接入控制模块，基于从移动管理实体处获取的接入控制权限控制用户设备接入CSG小区。所述移动管理实体包括审核模块和权限转移模块，所述审核模块对所述源节点的权限获取模块的请求进行审核，并将审核结果发送到权限转移模块，所述权限转移模块基于所述审核模块的审核结果向所述源节点的权限获取模块发送批准请求消息或拒绝请求消息。Another aspect of the present application provides a CSG cell access control system. The access control system includes a source node and a mobility management entity. The source node includes: an enabling module, configured to enable the source node to have an access control capability for controlling user equipment access to a CSG cell; a permission acquisition module, configured to obtain a request for controlling user equipment access to a CSG cell by sending a request to the mobility management entity. The access control authority for entering the CSG cell; the access control module controls the user equipment to access the CSG cell based on the access control authority obtained from the mobility management entity. The mobility management entity includes an audit module and an authority transfer module, the audit module audits the request of the authority acquisition module of the source node, and sends the audit result to the authority transfer module, and the authority transfer module is based on the audit The verification result of the module sends an approval request message or a rejection request message to the authority acquisition module of the source node.

本申请通过使源节点获取接入控制权限，由源节点来确定用户设备是否有权限接入CSG小区，从而可以减轻MME的处理负荷。In this application, the source node obtains the access control authority, and the source node determines whether the user equipment has the authority to access the CSG cell, thereby reducing the processing load of the MME.

附图说明Description of drawings

图1示出了本申请第一实施方案中的接入控制方法流程图；Fig. 1 shows the flowchart of the access control method in the first embodiment of the present application;

图2示出了本申请第二实施方案中的接入控制方法流程图；Fig. 2 shows the flow chart of the access control method in the second embodiment of the present application;

图3示出了本申请第三实施方案中的接入控制方法流程图；Fig. 3 shows the flowchart of the access control method in the third embodiment of the present application;

图4示出了本申请的接入控制系统的示意性框图。Fig. 4 shows a schematic block diagram of the access control system of the present application.

具体实施方式Detailed ways

在本申请中，在用户设备接入目标CSG小区之前为该用户设备提供服务的节点称作源节点，该源节点可以是eNode B或者Home eNodeB，该源节点所覆盖的小区可以是公共小区或CSG小区。下面将参照图1-3详细描述根据本申请的通过源节点控制用户设备接入CSG小区的接入控制方法。In this application, the node that provides services for the user equipment before the user equipment accesses the target CSG cell is called a source node, the source node may be eNode B or Home eNodeB, and the cell covered by the source node may be a public cell or CSG cell. The access control method for controlling user equipment access to a CSG cell through a source node according to the present application will be described in detail below with reference to FIGS. 1-3 .

在图1所示的根据本申请的第一实施方案的接入控制方法中，在步骤101，源节点获取控制用户设备接入CSG小区的权限(简称接入控制权限)；然后，通过所述源节点控制用户设备接入封闭用户组小区(步骤102)。In the access control method according to the first embodiment of the present application shown in FIG. 1, instep 101, the source node obtains the authority (abbreviated as access control authority) to control the user equipment to access the CSG cell; then, through the The source node controls the user equipment to access the CSG cell (step 102).

如图2所示，在根据本申请的第二实施方案中，可通过以下方式使所述源节点获取所述接入控制权限。首先，将所述源节点配置为具有控制用户设备接入目标CSG小区的能力(简称接入控制能力，步骤201)。例如，通过网管系统启动源节点中用于执行接入控制所需的软件和硬件配置。所述源节点在具备了所述接入控制能力之后，可以请求MME将接入控制权限转移到自身(步骤202)。所述MME在接收到所述源节点的请求之后对其进行审核，并在审核通过后将所述接入控制权限由自身转移到所述源节点(步骤203)。所述源节点在获得了所述接入控制权限之后控制用户设备接入CSG小区(步骤204)，此后MME则不再对用户设备执行CSG小区的接入控制。如果在步骤203中所述源节点的请求未通过MME的审核，则MME自身仍保持所述接入控制权限，并向所述源节点发送拒绝请求消息。As shown in Fig. 2, in the second implementation solution according to the present application, the source node may obtain the access control authority in the following manner. First, the source node is configured to have the ability to control user equipment to access the target CSG cell (abbreviated as access control capability, step 201). For example, the network management system starts the software and hardware configuration required for performing access control in the source node. After the source node possesses the access control capability, it may request the MME to transfer the access control authority to itself (step 202). After receiving the request from the source node, the MME reviews it, and transfers the access control authority from itself to the source node after the review is passed (step 203). After the source node obtains the access control authority, it controls the user equipment to access the CSG cell (step 204), after which the MME does not perform CSG cell access control on the user equipment. If instep 203 the request of the source node does not pass the review of the MME, the MME itself still maintains the access control authority, and sends a reject request message to the source node.

根据一个实施例，所述MME对所述源节点的请求进行审核可包括判断所述源节点是否是运营商可信任的节点。如前所述，LTE系统中可包括运营商部署的eNode B和Home eNode B。这时，所述运营商可信任的节点例如可以是运营商部署的eNode B。由于运营商对其部署的eNode B具有完全掌控能力，因而能够确保执行接入控制的安全性。所述MME可根据所述源节点的标识来判断其是否是运营商部署的eNode B。若所述源节点是运营商部署的eNode B，则MME将所述接入控制权限转移到所述源节点；否则向所述源节点发送拒绝请求消息。According to an embodiment, the MME checking the request of the source node may include judging whether the source node is a node trusted by the operator. As mentioned above, the LTE system can include eNode B and Home eNode B deployed by operators. At this time, the operator-trusted node may be, for example, an eNode B deployed by the operator. Since the operator has full control over the eNode B it deploys, it can ensure the security of performing access control. The MME may determine whether the source node is an eNode B deployed by an operator according to the identifier of the source node. If the source node is an eNode B deployed by the operator, the MME transfers the access control authority to the source node; otherwise, it sends a reject request message to the source node.

根据另一个实施例，所述MME对所述源节点的请求进行审核可包括：首先判断所述源节点是否是运营商可信任的节点，若是，则进一步确定是否有必要将所述接入控制权限从自身转移到源节点。例如，MME可根据自身当前的负荷水平来确定是否有必要转移所述接入控制权限。通常，可在MME自身当前的负荷水平较高时进行接入控制权限转移；当然，在MME当前的负荷水平较低的情况下，MME也可以审核通过所述源节点的请求，而将所述接入控制权限从自身转移到源节点。According to another embodiment, the MME reviewing the source node's request may include: first judging whether the source node is a trusted node of the operator, and if so, further determining whether it is necessary to set the access control Permissions are transferred from itself to the source node. For example, the MME may determine whether it is necessary to transfer the access control authority according to its current load level. Generally, the transfer of access control rights can be performed when the current load level of the MME itself is high; of course, when the current load level of the MME is low, the MME can also review the request of the source node, and transfer the The access control authority is transferred from itself to the source node.

作为图2所示方法的一种可选方案，图3示出了根据本申请的第三实施方案的接入控制方法，其中可通过以下方式使源节点获取所述接入控制权限。首先，通过网管系统将所述源节点配置为具有控制所述用户设备接入CSG小区的接入控制能力(步骤301)；然后，网管系统将接入控制权限赋予所述源节点(步骤302)；之后，网管系统通知MME所述源节点具有所述接入控制权限(步骤303)，以避免MME重复操作。As an alternative to the method shown in FIG. 2 , FIG. 3 shows an access control method according to a third embodiment of the present application, wherein the source node may obtain the access control authority in the following manner. First, the source node is configured by the network management system to have the access control capability to control the user equipment to access the CSG cell (step 301); then, the network management system grants the access control authority to the source node (step 302) ; Afterwards, the network management system notifies the MME that the source node has the access control authority (step 303), so as to avoid repeated operations by the MME.

在以上参照图1至图3描述的接入控制方法中，在所述源节点获得了所述接入控制权限之后，当用户设备试图接入某个CSG小区时，所述源节点对该用户设备执行接入控制。In the access control method described above with reference to Figures 1 to 3, after the source node obtains the access control authority, when the user equipment attempts to access a CSG cell, the source node The device performs access control.

根据预定的测量触发条件，用户设备会发起对当前小区的邻近小区的测量，并将测量结果形成测量报告发送给源节点。所述测量报告中例如可包含以下信息：用户设备的标识、邻近小区的标识、邻近小区的信号强度信息等。According to a predetermined measurement trigger condition, the user equipment will initiate the measurement of the neighboring cells of the current cell, and form a measurement report of the measurement result and send it to the source node. The measurement report may include, for example, the following information: identifiers of user equipment, identifiers of neighboring cells, signal strength information of neighboring cells, and the like.

所述源节点可根据各邻近小区的标识从其所属的eNode B或Home eNode B中获取各邻近小区的接入模式信息。通常，某个小区的接入模式可以为封闭模式(即仅允许授权用户接入)、混合模式(即允许非授权用户接入，但可使用的服务受限)或开放模式(即允许任何用户接入，且服务不受限)。若某个邻近小区的接入模式为封闭模式，则可确定该小区为CSG小区。The source node can obtain the access mode information of each adjacent cell from the eNode B or Home eNode B to which it belongs according to the identifier of each adjacent cell. Generally, the access mode of a certain cell can be closed mode (that is, only authorized users are allowed to access), mixed mode (that is, unauthorized users are allowed to access, but the available services are limited) or open mode (that is, any user is allowed to access with unlimited service). If the access mode of a certain neighboring cell is the closed mode, it can be determined that the cell is a CSG cell.

对于接入模式为封闭模式的CSG小区，所述源节点可进一步从该CSG小区所属的eNode B或Home eNode B获取允许接入该CSG小区的用户设备列表。同时，所述源节点可从MME获取用户设备标识与其有权限接入的CSG小区的关系映射表。之后，所述源节点通过将上述两表进行比对，即可确定用户设备是否有权限接入该CSG小区。For a CSG cell whose access mode is closed mode, the source node may further obtain a list of user equipments allowed to access the CSG cell from the eNodeB or Home eNodeB to which the CSG cell belongs. At the same time, the source node may obtain from the MME a relationship mapping table between user equipment identifiers and CSG cells that they are authorized to access. Afterwards, the source node can determine whether the user equipment has the right to access the CSG cell by comparing the above two tables.

若确定该用户设备有权限接入该CSG小区，则启动从源节点所覆盖的小区向目标CSG小区的切换过程。由于该切换过程可按照本领域技术人员公知的方式进行，因而在此省略对该切换过程的详细描述。If it is determined that the user equipment has the right to access the CSG cell, a handover process from the cell covered by the source node to the target CSG cell is started. Since the handover process can be performed in a manner known to those skilled in the art, a detailed description of the handover process is omitted here.

在本申请中，通过使源节点具有接入控制权限，由源节点来确定用户设备是否有权限接入CSG小区，从而可减轻MME的处理负荷。另外，用户在由源节点所覆盖的小区切换到目标CSG小区时，可以通过eNode B与eNode B之间或者eNode B与Home eNode B之间的接口直接切换而无需经由核心网，从而节省了切换时延。In this application, by enabling the source node to have the access control authority, the source node determines whether the user equipment has the authority to access the CSG cell, thereby reducing the processing load of the MME. In addition, when the user is handed over from the cell covered by the source node to the target CSG cell, he can directly handover through the interface between eNode B and eNode B or between eNode B and Home eNode B without going through the core network, thus saving handover delay.

本申请还提供了一种CSG小区的接入控制系统。如图4所示，接入控制系统400包括源节点401和移动管理实体(MME)402。The present application also provides a CSG cell access control system. As shown in FIG. 4 , anaccess control system 400 includes asource node 401 and a mobility management entity (MME) 402 .

源节点401包括使能模块4011、权限获取模块4012和接入控制模块4013。使能模块4011用于使所述源节点具有控制用户设备接入CSG小区的接入控制能力。例如，使能模块4011可包括使能开关，通过网管系统开启该使能开关则可启动源节点401中用于执行接入控制所需的软件和硬件，从而使得源节点401具有控制用户设备接入CSG小区的控制能力。权限获取模块4012通过向MME 402发送请求而获取控制用户设备接入CSG小区的接入控制权限。接入控制模块4013基于从MME 402处获取的接入控制权限控制用户设备接入CSG小区。Thesource node 401 includes an enablingmodule 4011 , apermission obtaining module 4012 and anaccess control module 4013 . The enablingmodule 4011 is configured to enable the source node to have the access control capability of controlling the user equipment to access the CSG cell. For example, the enablingmodule 4011 may include an enabling switch, and if the enabling switch is turned on by the network management system, the software and hardware required for performing access control in thesource node 401 can be started, so that thesource node 401 has the ability to control user equipment access. The ability to control incoming CSG cells. Theauthority acquisition module 4012 acquires the access control authority to control the user equipment to access the CSG cell by sending a request to theMME 402. Theaccess control module 4013 controls the user equipment to access the CSG cell based on the access control authority obtained from theMME 402.

MME 402包括审核模块4021和权限转移模块4022。审核模块4021对权限获取模块4012的请求进行审核，并将审核结果发送到权限转移模块4021。权限转移模块4021基于审核模块4021的审核结果向权限获取模块4012发送批准请求消息或拒绝请求消息。可以理解，若源节点的权限获取模块4012收到MME的权限转移模块4021的批准请求消息，则表示对用户设备接入CSG小区的控制权限从MME转移到源节点，MME不再执行接入控制。若源节点的权限获取模块4012收到MME的权限转移模块4021的拒绝请求消息，则表示MME自身仍保持接入控制权限。MME 402 includesaudit module 4021 andauthority transfer module 4022. Theaudit module 4021 audits the request of theauthority acquisition module 4012 and sends the audit result to theauthority transfer module 4021 . Theauthority transfer module 4021 sends an approval request message or a rejection request message to theauthority acquisition module 4012 based on the audit result of theaudit module 4021 . It can be understood that if theauthority acquisition module 4012 of the source node receives the approval request message from theauthority transfer module 4021 of the MME, it means that the control authority for the user equipment to access the CSG cell is transferred from the MME to the source node, and the MME no longer performs access control. . If theauthority acquisition module 4012 of the source node receives the rejection request message from theauthority transfer module 4021 of the MME, it means that the MME itself still maintains the access control authority.

根据一个实施例，审核模块4021可包括判断模块，用于判断源节点401是否是运营商可信任的节点。所述判断模块例如可根据源节点401的标识来判断源节点401是否是运营商可信任的节点。所述审核结果例如可以以1位二进制代码来表示。若所述判断模块确定源节点401是运营商可信任的节点，则将审核结果置为1，并将该结果发送到权限转移模块4022。权限转移模块4022基于该审核结果而向权限获取模块4012发送批准请求消息。若所述判断模块确定源节点401不是运营商可信任的节点，则将审核结果置为0，并将该结果发送到权限转移模块4022。权限转移模块4022基于该审核结果而向权限获取模块4012发送拒绝请求消息。According to an embodiment, thereview module 4021 may include a judging module for judging whether thesource node 401 is a node trusted by the operator. The judging module can judge whether thesource node 401 is a node trusted by the operator, for example, according to the identifier of thesource node 401 . The audit result can be represented by, for example, a 1-digit binary code. If the judging module determines that thesource node 401 is a node trusted by the operator, it sets the audit result to 1, and sends the result to theauthority transfer module 4022 . Theauthority transfer module 4022 sends an approval request message to theauthority acquisition module 4012 based on the review result. If the judging module determines that thesource node 401 is not a node trusted by the operator, then the audit result is set to 0, and the result is sent to theauthority transfer module 4022 . Theauthority transfer module 4022 sends a rejection request message to theauthority acquisition module 4012 based on the review result.

作为一种选择，所述判断模块也可首先根据源节点401的标识来判断源节点401是否是运营商可信任的节点，若是，则进一步根据MME当前的负荷水平确定是否有必要将所述接入控制权限转移到源节点401。若所述判断模块确定源节点401是运营商可信任的节点且有必要将所述接入控制权限转移到源节点401，则将审核结果置为1，并将该结果发送到权限转移模块4022。权限转移模块4022基于该审核结果而向权限获取模块4012发送批准请求消息。若所述判断模块确定源节点401不是运营商可信任的节点，则将审核结果置为0，并将该结果发送到权限转移模块4022。权限转移模块4022基于该审核结果而向权限获取模块4012发送拒绝请求消息。As an option, the judging module may also first judge whether thesource node 401 is a trusted node of the operator according to the identifier of thesource node 401, and if so, further determine whether it is necessary to transfer theconnected node 401 according to the current MME load level. The access control authority is transferred to thesource node 401. If the judgment module determines that thesource node 401 is a trusted node of the operator and it is necessary to transfer the access control authority to thesource node 401, then set the audit result to 1, and send the result to theauthority transfer module 4022 . Theauthority transfer module 4022 sends an approval request message to theauthority acquisition module 4012 based on the review result. If the judging module determines that thesource node 401 is not a node trusted by the operator, then the audit result is set to 0, and the result is sent to theauthority transfer module 4022 . Theauthority transfer module 4022 sends a rejection request message to theauthority acquisition module 4012 based on the review result.

以上参照附图对本申请的示例性的实施方案进行了描述。本领域技术人员应该理解，上述实施方案仅仅是为了说明的目的而所举的示例，而不是用来进行限制。凡在本申请的教导和权利要求保护范围下所作的任何修改、等同替换等，均应包含在本申请要求保护的范围内。The exemplary embodiments of the present application are described above with reference to the accompanying drawings. Those skilled in the art should understand that the above-mentioned embodiments are only examples for the purpose of illustration, rather than limitation. Any modification, equivalent replacement, etc. made under the teaching of the present application and the protection scope of the claims shall be included in the protection scope of the present application.

Claims (8)

1. a connection control method for closed user group cell, comprising:

Source node is configured to have the access control ability of controlling subscriber equipment access into closed subscriber group cell;

Described source node request mobile management entity is transferred to self by access control authority;

Described mobile management entity is examined the request of described source node, audit by after described access control authority is transferred to described source node;

Described source node obtains from eNode B or Home eNode B under contiguous closed user group cell the user device list that allows this vicinity closed user group cell of access, and obtains customer equipment identification and described subscriber equipment from mobile management entity and have the relation mapping table of the closed user group cell that authority accesses;

Described source node is by described user device list and described relation mapping table are compared, to determine whether subscriber equipment has authority to access this vicinity closed user group cell,

If so, described source node starts the community that covers from the described source node handoff procedure to this vicinity closed user group cell.

2. method according to claim 1, wherein, is configured to have access control ability by described source node and comprises: start in described source node for carrying out the required software and hardware configuration of access control by network management system.

3. method according to claim 1, wherein, described mobile management entity is examined and is comprised the request of described source node: judge whether described source node is operator's node trusty.

4. method according to claim 1, wherein, described mobile management entity is examined and is comprised the request of described source node:

Judge that whether described source node is operator's node trusty, if so, further determines whether to be necessary described access control authority is transferred to described source node according to the current load level of described mobile management entity.

5. according to the method described in claim 3 or 4, wherein, described mobile management entity judges according to the mark of described source node whether described source node is operator's node trusty.

6. an access control system for closed user group cell, comprises source node and mobile management entity, wherein:

Described source node comprises:

Enable module, for making described source node have the access control ability of controlling subscriber equipment access into closed subscriber group cell;

Authority acquiring module, obtains by sending request to described mobile management entity the access control authority of controlling subscriber equipment access into closed subscriber group cell;

Access control module, access control control of authority subscriber equipment access into closed subscriber group cell based on obtaining from mobile management entity, wherein, access control module obtains from eNode B or Home eNode B under contiguous closed user group cell the user device list that allows this vicinity closed user group cell of access, and obtain customer equipment identification and described subscriber equipment from mobile management entity and have the relation mapping table of the closed user group cell of authority access, by described user device list and described relation mapping table are compared, to determine whether subscriber equipment has authority to access this vicinity closed user group cell, if, start the community that covers from the described source node handoff procedure to this vicinity closed user group cell,

Described mobile management entity comprises:

Auditing module and authority shift module, the request of the authority acquiring module of described auditing module to described source node is examined, and auditing result is sent to authority shift module, the auditing result of described authority shift module based on described auditing module sends to the authority acquiring module of described source node ratify a motion message or refusal request message.

7. system as claimed in claim 6, wherein, described auditing module comprises judge module, for judging whether described source node is operator's node trusty.

8. system as claimed in claim 6, wherein, described auditing module comprises judge module, be used for judging whether described source node is operator's node trusty, if so, further determine whether to be necessary described access control authority is transferred to described source node according to the current load level of described mobile management entity.

Images