CN101167332A - VPN proxy management object - Google Patents
VPN proxy management object Download PDFInfo
- Publication number
- CN101167332A CN101167332A CNA200680013954XA CN200680013954A CN101167332A CN 101167332 A CN101167332 A CN 101167332A CN A200680013954X A CNA200680013954X A CN A200680013954XA CN 200680013954 A CN200680013954 A CN 200680013954A CN 101167332 A CN101167332 A CN 101167332A
- Authority
- CN
- China
- Prior art keywords
- management object
- application
- connectivity
- equipment
- proxy
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000004891 communication Methods 0.000 claims abstract description 27
- 238000000034 method Methods 0.000 claims description 23
- 230000006870 function Effects 0.000 claims description 17
- 230000015654 memory Effects 0.000 claims description 8
- 238000013475 authorization Methods 0.000 claims description 6
- 238000004590 computer program Methods 0.000 claims description 4
- 230000008859 change Effects 0.000 claims description 3
- 239000003795 chemical substances by application Substances 0.000 description 6
- 238000010586 diagram Methods 0.000 description 5
- 230000008569 process Effects 0.000 description 5
- 230000008520 organization Effects 0.000 description 4
- 230000005641 tunneling Effects 0.000 description 4
- 230000009471 action Effects 0.000 description 3
- CKRLIWFOVCLXTP-UHFFFAOYSA-N 4-phenyl-1-propyl-3,6-dihydro-2h-pyridine Chemical compound C1N(CCC)CCC(C=2C=CC=CC=2)=C1 CKRLIWFOVCLXTP-UHFFFAOYSA-N 0.000 description 2
- 230000008901 benefit Effects 0.000 description 2
- 230000005540 biological transmission Effects 0.000 description 2
- 230000007935 neutral effect Effects 0.000 description 2
- 239000013307 optical fiber Substances 0.000 description 2
- 230000000694 effects Effects 0.000 description 1
- 230000005611 electricity Effects 0.000 description 1
- 230000002349 favourable effect Effects 0.000 description 1
- 238000009434 installation Methods 0.000 description 1
- 238000010295 mobile communication Methods 0.000 description 1
- 230000004044 response Effects 0.000 description 1
- 230000003068 static effect Effects 0.000 description 1
- 230000001360 synchronised effect Effects 0.000 description 1
Images
Landscapes
- Mobile Radio Communication Systems (AREA)
Abstract
Current specifications/proposals use client provisioning or device management for provisioning bearer-specific configuration and application-specific configuration of communication devices. A proxy management object (MO) can, for example, set up tunnels according to particular protocols between application MOs and a generic connectivity MO. A communication device's application configuration can then refer to such a proxy MO, and the proxy MO can refer to the connectivity MO. This enables addition of functionality like virtual private network and wireless local area network functionality without affecting the connectivity MO or the different application MOs.
Description
Background
Open Mobile Alliance (OMA) has been developed the standard that is used for communication equipment equipment control (DM), and the 1.1.2 version of these standards and 1.2 editions agreements that defined the configuration, data and the setting that are used for managing communication devices.OMA standard and other information can obtain from http://www.openmobilealliance.org.
Viewpoint from different DM management organization, DM relates to the management of equipment disposition and other management objects (MO) of equipment, and include but not limited to: the initial configuration information in the equipment is set, the follow-up renewal of permanent message in the equipment, retrieval is from the management information of equipment, and incident that treatment facility generated and alarm.Use such DM, the third party can represent end user's configuration of communications device.Third party such as Virtual network operator, service provider and department of corporate information management can remotely be provided with parameter, searches terminal fault, and installation or update software.
In the communication equipment such as the web browser, be applied in the setting that has among the different MO separately, the information entities of the different sizes that these MO normally can be handled by management activities.For example, can write MO according to SyncML, this SyncML is based on the SGML standard of the device description framework of the transmission binding of presentation protocol, synchronous protocol and DM agreement, these agreements of XML and DM.
For instance, communication equipment can use connectedness (connectivity) MO of the setting that is independent of application to be connected to network, for example the wireless application protocol (wap) network.The connective MO that is used for this network will provide connectivity, and this connectivity relates to required parameter and the device of access WAP infrastructure, comprises the network carrying, agreement, Network Access Point (NAP) address and agent address.Connective MO is in " DM Connectivity ManagementObjects (DM connectivity managed object) ", http://www.openmobilealliance.org/ftp/Public_documents/TP/Perma nent_documents/OMA-WID_0123-ConnectivitiyMO-V1_0-2005100 4-A.zip, OMA was described in (on October 7th, 2005).
NAP is the physical interface point between wireless network and the fixed network, and can be remote access server (ras), SMS service center (SMSC), unstructured supplementary service data center (USSDC) or the like, it has address (for example telephone number) and access bearer.
The WAP agency is the end points that is used for wireless transmission protocol (WTP), WSP (WSP) and Wireless Transport Layer Security (WTLS) agreement, is again the agency that can visit the WAP content.The WAP agency can have such function, for example WSP (WSP) agency or wireless phone applications (WTA) agency's function.Physical agents is the particular address with agent functionality, and for example Internet Protocol (IP) address adds agency's the port of addressable IP and the port that Short Message Entity (SME) address adds the agency of addressable SMS.A logical proxy is to share one group of physical agents of identical WSP and WTLS context (shared session identification value space).
According to the OMA standard, connective MO can be by specifying the management that can be disclosed and be handled as one group of DM object pattern (schema) of target by the DM server wireless data connectivity by the DM client.This object pattern has three parts: the top level management object that carrying is neutral; One group of parameter specific to carrying; And be used to disclose subtree specific to the parameter of manufacturer.Use the connectivity parameters of client supply (CP) guiding can carry out addressing and management by the DM server subsequently, this DM server can use standardized DM to wrap to add new agency and NAP.Supply is such process, by this process client (for example WAP client in this equipment) is configured, and has both covered aerial (OTA) supply usually, covers other supplies that for example block by subscriber identification module (SIM) again.
Describe as Fig. 1, DM management organization 102 sends request to DM server 104, so that the parameter of the data connectivity in one or more equipment to be provided.The notice that DM server 104 is initiated to communication equipment 106 send servers, and equipment 106 is set up and the session of DM server 104, and the Set For Current (comprising any expansion specific to equipment) of this equipment is inquired about in this session.DM server 104 sends the SM order of adjusting equipment disposition, to meet the demand that DM management organization 102 is set up.Equipment 106 and DM server 104 finish their managing conversation, and this equipment can use the connectivity parameters of configuration to visit network data services.DM management organization or DM server can also be gone up the storage connectivity parameters at " smart card " etc., thereby when these parameters of devices consume, this equipment will use these parameters.
Up to date, representative communication equipment in the communication system or subscriber equipment (UE) (for example mobile phone) virtual support private network (VPN) not also.Along with increasing UE becomes comprehensive mobile phone and computing equipment, for example PDA(Personal Digital Assistant) and other " smart phone ", such function is becoming and is becoming more and more important.This specification and motion do not comprise how being connected to network by for example vpn tunneling.
Summary
This specification/motion uses CP or DM to provide specific to the configuration of carrying with specific to the configuration of using being used to.Present patent application has been described a kind of MO that can for example set up vpn tunneling.It is can be with reference to such " VPN agency " MO that the application of communication equipment is disposed at, and VPN acts on behalf of MO with reference to connective MO.This allows to add the function such as the VPN function, and does not influence connective MO or different application MO.
A kind of method of apparatus for operating communication is provided according to an aspect of the present invention.This method may further comprise the steps: provide at least one to use MO; Provide and use the connective MO that MO can communicate by it; And between application MO and connective MO, on function, arrange and act on behalf of MO.This is acted on behalf of MO and is convenient at least one and uses MO and communicate by connective MO.
According to a further aspect in the invention, provide device in a kind of communication equipment.This device comprises: can be configured to carry out the programmable processor according to the MO instruction; At least one uses MO; Use the connective MO that MO can communicate by it; And using the MO that acts on behalf of that on function, arranges between MO and the connective MO.This is acted on behalf of MO and is convenient at least one and uses MO and communicate by connective MO.
According to a further aspect in the invention, provide a kind of computer-readable medium, this computer-readable medium comprises the computer program that is used for apparatus for operating communication.This computer program is implemented following steps: at least one application management object is provided; The connectivity managed object that provides application management object to communicate by it; And between application management object and connectivity managed object, on function, arrange proxy management object.This proxy management object is convenient at least one application management object and is communicated by connectivity managed object.
The accompanying drawing summary
Read this specification in conjunction with the drawings and will be understood that feature of the present invention, advantage and purpose, in the accompanying drawings:
Fig. 1 is the block diagram that explanation is used for the supply of communication equipment;
Fig. 2 has described the relation between application management object, VPN proxy management object and the connectivity managed object;
Fig. 3 illustrates the layout of VPN proxy management object;
Fig. 4 is the block diagram of communication system;
Fig. 5 is the block diagram of communication equipment; And
Fig. 6 is the flow chart of the method for apparatus for operating communication.
Describe in detail
As described in present patent application, add between the application MO in communication equipment and the connective MO Add and act on behalf of MO, it is convenient to use and communicates by connective MO. Usually, act on behalf of MO just In the various types of network agents of configuration, and be carrying neutral but can comprise the particular agent class The parameter of type special use. For instance, the MO of agency described below can be by connective MO Use MO and set up vpn tunneling.
At the beginning, utilize any essential configuration to come connective MO in the configuration UE, to be used for Be established to the network connectivty of carrier network by common CP process or DM process. Lift Example, these arrange can comprise how obtaining IP connectivity. Resident difference in the communication equipment Application has MO separately, and these MO only comprise the corresponding configuration of different application, their examples As comprising web-browsing device, email reader, NEWSERADER etc.
A plurality of application MO202-1, the 202-2 that Fig. 2 has described to arrange in communication equipment 106 ..., 202-N, VPN act on behalf of the relation between MO204 and the connective MO206.For instance, VPN acts on behalf of MO makes application might use point-to-point tunnel protocol (pptp) or Level 2 Tunnel Protocol (L2TP) tunnel, so that by the service in the connective MO206 arrival network 208.The preferably independent MO of configuration 204 described here, it is independent of connective MO and uses MO.
Will recognize that on principle, the configuration 204 such as the VPN configuration can provide according to conspicuous other modes of those skilled in the art at least.For example, can be easily according to constructing this MO of agency as the OMA standard of independent MO standard.Fig. 3 illustrates that VPN acts on behalf of the basic layout of MO204, comprising recognition node ID, encryption node Secret and authorization method types node Auth Type.Exemplary authorization method types is the challenge handshake authentication protocol (MSCHAP) of password or packet authentication protocol (PAP), challenge handshake authentication protocol (CHAP) and Microsoft's version.
MO204 is acted on behalf of in utilization, might add the function such as the VPN function and does not influence connective MO and different application MO.This is important, does not comprise any configuration information specific to carrying because use configuration.
It also is favourable acting on behalf of MO204 and be user-friendly because the user do not need for the connectedness setting vexatious.Up to now, UE does not also support the VPN connectedness, but along with the growth of UE function, so user friendlyly becomes valuable day by day.
Another advantage is that such MO204 that acts on behalf of can be dynamic, thereby making to add for new application is provided with, and for example VPN is provided with, and might be existing application configuration VPN setting in their life cycle.For example, equipment can change its employed and connectedness each application, can think such as the use of web browser and select connectivity profile.In this case, can change the setting of application, so that select different vpn tunnelings to use.By this way, the link of using between MO, VPN MO and the connective MO is dynamic, and the content of VPN MO is static basically.As mentioned above, the VPN configuration can comprise the required configuration that is used to set up PPTP and L2TP Tunnel.
Connectivity profile can be configured and changes by many different actors (actor), comprising enterprise, operator, end user or the like.UE can also implement automatically different application to be mapped to different VPN agencies and the logic on the connectedness.One or more profiles can be stored in the memory of UE, and wherein profile is the group of one or more settings, and can select profile by call being provided with of respective sets once more from memory.
Fig. 4 is the block diagram that can use the communication system with the UE that acts on behalf of MO described in the application.Will be understood that, this UE can also be connected to the network such as the internet by the wireless local internetworking (WLAN) such as IEEE802.11, WiMAX (IEEE802.16) etc., and except square frame shown in Figure 4, UE can also use the 3GPP interworking WLAN.UE106 communicates by letter with network 208, this network 208 generally includes the wireless access network (RAN) 404 such as the GSM/EDGE network, and comprise core-network entities, it comprises Serving GPRS Support Node (SGSN) 406, Gateway GPRS Support Node (GGSN) 408 and attaching position register (HLR) 410.GGSN308 and other networks such as internet and public switched telephone network and other entities such as WAP infrastructure 412 communicate.RAN404 generally includes one or more base stations (BS) and base station controller or Node B and radio network controller (RNC), and these all are conventional.RNC controls various radio network functions, for example comprises that RAB is set up, the diversity switching between the BS etc.More generally, each RNC goes to by suitable BS guiding and from the calling of UE, these BS communicate with one another by down link (being that the base station is to travelling carriage or forward) and up link (being mobile to base station or reverse) channel.Each BS serves a geographic area that is divided into one or more sub-districts, and is coupled to its corresponding RNC by dedicated telephone line, optical fiber link, microwave link etc. usually.Core-network entities is suitable for handling the data of many types.In typical GSM/EDGE network,, in GGSN408, set up or activate packet data protocol (PDP) context that is used for management traffic in response to request from UE106.Will be understood that UE can also insert by WLAN (wireless local area network) and be connected to network.
Fig. 5 is the block diagram of communication equipment 106, and it comprises suitable transceiver 502, to be used for exchanging radio signal with the BS of RAN404.The entrained information of these signals is handled by processor 504, and this processor 504 can comprise one or more sub-processors, and carries out one or more software application, so that come the operation of actuating equipment 106 according to above-mentioned MO.User's input of terminal provides by keypad 506 or other equipment.Software application can be stored in the suitable applications memory 508, and this equipment can also be downloaded and/or in the desired information of suitable memory 510 high speed buffer memorys.Equipment 106 also comprises interface 512, and this interface can be used to miscellaneous part (such as computer, keyboard etc.) is connected to equipment 106.
Fig. 6 is that operation has the flow chart of the method for VPN agency's communication equipment as mentioned above.In equipment, provide at least one to use MO (step 602), and connective MO (step 606) also is provided in equipment.Using MO can use connective MO to communicate.In step 604, between application MO and connective MO, on function, arrange and act on behalf of MO.This is acted on behalf of MO and is convenient at least one and uses MO and communicate by connective MO.As mentioned above, acting on behalf of MO can be so that uses MO by communicating via the VPN connection that connective MO set up.VPN connects and can comprise by basis such as the PPTP of connectivity managed object and the tunnel of the agreement the L2TP agreement.
Can think that the present invention as described herein is presented as any type of computer-readable recording medium fully, this computer-readable recording medium stores suitable instruction set thereon, so that use or the use that combines of and instruction executive system, device or equipment by instruction execution system, device or equipment, for example the computer based system, comprise processor system or can be from medium instruction fetch and carry out the other system of these instructions.As used herein, " computer-readable medium " can be can comprise, store, transmit, propagate or transmit by instruction execution system, device or equipment to use or combine any device of the program used of and instruction executive system, device or equipment.For instance, this computer-readable medium can be but be not limited to electricity, magnetic, light, electromagnetism, infrared or semi-conductive system, device, equipment or propagation medium.More object lessons of this computer-readable medium (tabulation of non exhaustive property) comprise electrical connection, portable computer diskette, RAM, ROM, Erasable Programmable Read Only Memory EPROM (EPROM or flash memory) and the optical fiber with one or more line.
Can reckon with that the present invention can be implemented, and for example comprises mobile communication equipment in various environment.Also will recognize, can carry out above-mentioned process repeatedly as required.For the ease of understanding, according to being described to various aspects of the present invention by the action sequence that the element of for example programmable computer system is carried out.Will recognize that exercises can be by special circuit (discrete logic gates that for example interconnects in order to carry out special function or application-specific integrated circuit (ASIC)), carry out by the performed program command of one or more processors or by the combination of the two.
Therefore, the present invention can be presented as many different forms, its form of ownership is not described above, and all such forms all is envisioned within the scope of the invention.For each of various aspects of the present invention, any such form can be known as " logic that is configured to carry out described action ", perhaps selectively is known as " logic of carrying out described action ".Be stressed that when using in this application, term " comprises " and " comprising " stipulated to exist described feature, integer, step or parts, and do not get rid of and exist or add one or more other feature, integer, step, parts or its combinations.
Above-mentioned specific embodiment only is illustrative, and in no case should be considered to restrictive.Scope of the present invention determined by the following claim book, and all variation and equivalents of dropping in the scope of claims all plan to be comprised in wherein.
Claims (20)
1. the method for an apparatus for operating communication may further comprise the steps:
At least one application management object is provided;
The connectivity managed object that provides application management object to communicate by it; And
Arrange proxy management object between application management object and connectivity managed object on function, wherein this proxy management object is convenient at least one application management object and is communicated by connectivity managed object.
2. the described method of claim 1, wherein proxy management object is convenient to application management object and is connected by the VPN(Virtual Private Network) of setting up via connectivity managed object and communicate.
3. the described method of claim 2, wherein VPN connect comprise by connectivity managed object, according to the tunnel of one of Point to Point Tunnel Protocol and Level 2 Tunnel Protocol.
4. the described method of claim 3, wherein proxy management object comprises recognition node, encryption node and authorization method types node.
5. the described method of claim 4, wherein the authorization method types node comprises at least one in password or packet authentication protocol, challenge handshake authentication protocol and the microsoft challenge handshake authentication protocol.
6. the described method of claim 1, wherein proxy management object is convenient at least one application management object by changing this equipment for the employed connectedness of respective application, communicates by connectivity managed object.
7. the described method of claim 6 wherein changes connectedness and comprises that selection is by employed at least one setting of respective application.
8. the described method of claim 7, wherein respective application is the web browser.
9. the device in the communication equipment comprises:
Can be configured to carry out programmable processor according to the instruction of management object;
At least one application management object;
The connectivity managed object that application management object can communicate by it; And
The proxy management object of arranging on function between application management object and connectivity managed object, wherein this proxy management object is convenient at least one application management object and is communicated by connectivity managed object.
10. the described equipment of claim 9, wherein proxy management object is convenient to application management object and is connected by the VPN(Virtual Private Network) of setting up via connectivity managed object and communicate.
11. the described equipment of claim 10, wherein VPN connect comprise by connectivity managed object, according to the tunnel of one of Point to Point Tunnel Protocol and Level 2 Tunnel Protocol.
12. the described equipment of claim 11, wherein proxy management object comprises recognition node, encryption node and authorization method types node.
13. the described equipment of claim 12, wherein the authorization method types node comprises at least one in password or packet authentication protocol, challenge handshake authentication protocol and the microsoft challenge handshake authentication protocol.
14. the described equipment of claim 9, wherein proxy management object changes this equipment for the employed connectedness of respective application.
15. the described equipment of claim 14, wherein this equipment also comprises memory, and by select respective application employed at least one be provided with and change connectedness.
16. the described equipment of claim 15, wherein respective application is the web browser.
17. a computer-readable medium comprises the computer program that is used for apparatus for operating communication, this computer program is implemented following steps:
At least one application management object is provided;
The connectivity managed object that provides application management object to communicate by it; And
Arrange proxy management object between application management object and connectivity managed object on function, wherein this proxy management object is convenient at least one application management object and is communicated by connectivity managed object.
18. the described computer-readable medium of claim 17, wherein proxy management object is convenient to application management object and is connected by the VPN(Virtual Private Network) set up via connectivity managed object and communicate.
19. the described computer-readable medium of claim 18, wherein VPN connect comprise by connectivity managed object, according to the tunnel of one of Point to Point Tunnel Protocol and Level 2 Tunnel Protocol.
20. the described computer-readable medium of claim 17, wherein proxy management object is convenient at least one application management object by changing this equipment for the employed connectedness of respective application, communicates by connectivity managed object.
Applications Claiming Priority (3)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| US67463705P | 2005-04-25 | 2005-04-25 | |
| US60/674,637 | 2005-04-25 | ||
| US11/379,475 | 2006-04-20 |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN101167332A true CN101167332A (en) | 2008-04-23 |
Family
ID=39334923
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CNA200680013954XA Pending CN101167332A (en) | 2005-04-25 | 2006-04-24 | VPN proxy management object |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101167332A (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2013075432A1 (en) * | 2011-11-23 | 2013-05-30 | 中兴通讯股份有限公司 | Network administrator, base station configuration data decoupling method and base station |
| CN108306872A (en) * | 2018-01-24 | 2018-07-20 | 腾讯科技(深圳)有限公司 | Network request processing method, device, computer equipment and storage medium |
| CN108701278A (en) * | 2015-12-28 | 2018-10-23 | 皇家Kpn公司 | Method for providing service to the user equipment for being connected to the first carrier network via the second carrier network |
-
2006
- 2006-04-24 CN CNA200680013954XA patent/CN101167332A/en active Pending
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2013075432A1 (en) * | 2011-11-23 | 2013-05-30 | 中兴通讯股份有限公司 | Network administrator, base station configuration data decoupling method and base station |
| CN108701278A (en) * | 2015-12-28 | 2018-10-23 | 皇家Kpn公司 | Method for providing service to the user equipment for being connected to the first carrier network via the second carrier network |
| CN108701278B (en) * | 2015-12-28 | 2023-01-10 | 皇家Kpn公司 | Method for providing a service to a user equipment connected to a first operator network via a second operator network |
| CN108306872A (en) * | 2018-01-24 | 2018-07-20 | 腾讯科技(深圳)有限公司 | Network request processing method, device, computer equipment and storage medium |
| CN108306872B (en) * | 2018-01-24 | 2022-03-18 | 腾讯科技(深圳)有限公司 | Network request processing method and device, computer equipment and storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| KR20080012895A (en) | JPN proxy managed object | |
| CN102474839B (en) | The method and apparatus of externally network registry in wireless network environment | |
| EP1550335B1 (en) | Method and system for providing access via a first network to a service of a second network | |
| US8428626B2 (en) | Selective caching of real time messaging threads | |
| CN1534921B (en) | Method of public authentication and authorization between independent networks | |
| US7239632B2 (en) | Method and apparatus for converging local area and wide area wireless data networks | |
| TWI264917B (en) | Method and system for authenticating user of data transfer device | |
| CN109429216B (en) | Secure element operating system update notification | |
| US20070004393A1 (en) | System and method for automatic application profile and policy creation | |
| US20040131023A1 (en) | Communications system and method | |
| AU2017423732A1 (en) | Network security management method, and apparatus | |
| CN101507309A (en) | Selective control of user equipment capabilities | |
| JP2009524164A (en) | Dependency notification | |
| CN107517189B (en) | Method and equipment for WLAN user access authentication and configuration information issuing | |
| CN101971648A (en) | Method and system for mobile telephone roaming | |
| CN104170416A (en) | Online subscription data configuration method, device, and system | |
| US20050107100A1 (en) | Method of modifying parameters of user terminal, radio system and user terminal | |
| CN104412633A (en) | Methods and devices for remote smart card personalization | |
| JP2003502759A (en) | SAT back channel security system for mobile terminals using USSD | |
| EP1208714B1 (en) | Utilization of subscriber data in a telecommunication system | |
| JP4778708B2 (en) | Communication device management via GPRS and GSM connections | |
| EP1519600A2 (en) | Providing property data on mobile terminal for services | |
| CN101167332A (en) | VPN proxy management object | |
| JP2005529550A5 (en) | ||
| TWI258301B (en) | Method for provisioning compatible interoperation information for a private branch exchange |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C02 | Deemed withdrawal of patent application after publication (patent law 2001) | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Open date: 20080423 |