[go: up one dir, main page]

CN1968090B - Method and system for realizing data business service center obtaining user terminal authentication information - Google Patents

Method and system for realizing data business service center obtaining user terminal authentication information Download PDF

Info

Publication number
CN1968090B
CN1968090B CN2006100871116A CN200610087111A CN1968090B CN 1968090 B CN1968090 B CN 1968090B CN 2006100871116 A CN2006100871116 A CN 2006100871116A CN 200610087111 A CN200610087111 A CN 200610087111A CN 1968090 B CN1968090 B CN 1968090B
Authority
CN
China
Prior art keywords
mdn
service
data service
pdsn
user terminal
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Fee Related
Application number
CN2006100871116A
Other languages
Chinese (zh)
Other versions
CN1968090A (en
Inventor
柏广昌
程卫明
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Huawei Technologies Co Ltd
Original Assignee
Huawei Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Huawei Technologies Co Ltd filed Critical Huawei Technologies Co Ltd
Priority to CN2006100871116A priority Critical patent/CN1968090B/en
Publication of CN1968090A publication Critical patent/CN1968090A/en
Application granted granted Critical
Publication of CN1968090B publication Critical patent/CN1968090B/en
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Landscapes

  • Mobile Radio Communication Systems (AREA)

Abstract

本发明提供了一种实现数据业务服务中心获得用户终端鉴权信息的方法及系统,该方法为:在系统网元上预置IMSI、用户终端IP地址、与MDN的映射关系,数据业务服务中心通过其与PDSN、以及与系统网元间的信息交互获得相应用户终端的MDN,本发明所提供的系统包括PDSN、系统网元和数据业务服务中心。本发明解决了在CDMA网络中,数据业务服务中心因无法获得用户终端MDN信息而导致对用户终端鉴权失败的问题,使用户终端在无需专门定制的情况下就可以实现数据业务服务中心对用户终端的鉴权。

This invention provides a method and system for a data service center to obtain user terminal authentication information. The method involves pre-setting a mapping relationship between IMSI, user terminal IP address, and MDN on system network elements. The data service center obtains the corresponding user terminal's MDN through information exchange with the PDSN and system network elements. The system provided by this invention includes a PDSN, system network elements, and a data service center. This invention solves the problem in CDMA networks where data service centers fail to authenticate user terminals due to the inability to obtain user terminal MDN information, enabling user terminals to be authenticated by the data service center without special customization.

Description

实现数据业务服务中心获得用户终端鉴权信息的方法及系统 Method and system for realizing data business service center obtaining user terminal authentication information

技术领域technical field

本发明涉及通信技术中的鉴权领域,尤其涉及一种实现数据业务服务中心获得用户终端鉴权信息的方法及系统。The invention relates to the field of authentication in communication technology, in particular to a method and system for realizing authentication information of a user terminal obtained by a data business service center.

背景技术Background technique

在码分多址(CDMA)系统中,由于没有实现国际移动用户识别码(IMSI)或用户终端网际协议(IP)地址、和移动用户号码薄号码(MDN)的映射关系,而其中的MDN恰好是数据业务服务中心用于对用户终端鉴权所需要的鉴权信息,因此所有数据业务都存在数据业务服务中心无法获得用户终端鉴权信息的问题,最终都会导致数据业务服务中心无法实现对用户终端鉴权。In the Code Division Multiple Access (CDMA) system, since the mapping relationship between the International Mobile Subscriber Identity (IMSI) or the user terminal Internet Protocol (IP) address and the Mobile Subscriber Directory Number (MDN) has not been realized, the MDN is exactly It is the authentication information needed by the data service center to authenticate the user terminal. Therefore, all data services have the problem that the data service center cannot obtain the user terminal authentication information, which will eventually lead to the data service center being unable to realize the authentication of the user terminal. Terminal authentication.

以彩信业务为例,当彩信手机终端通过无线核心网将彩信业务请求消息发送到分组数据服务节点(PDSN)时,PDSN通过超文本传输协议(http)直接将彩信业务请求消息发送至多媒体消息服务中心(MMSC),由于在彩信上行的http消息码流中,http头数据的参数X-MSISDN中无彩信业务鉴权所需的手机MDN,因此导致MMSC无法实现对手机终端的鉴权。Taking the MMS service as an example, when the MMS mobile phone terminal sends the MMS service request message to the Packet Data Serving Node (PDSN) through the wireless core network, the PDSN directly sends the MMS service request message to the MMS service through the hypertext transfer protocol (http). Center (MMSC), because in the upstream http message code stream of the multimedia message, the parameter X-MSISDN of the http header data does not have the mobile phone MDN required for the authentication of the multimedia message service, so the MMSC cannot realize the authentication of the mobile phone terminal.

为实现数据业务服务中心对用户终端的鉴权,现有技术在用户终端例如手机终端中,把数据业务服务中心实现对用户终端鉴权所需的鉴权信息写入到手机用户识别卡(UIM)中,即将MDN信息写入到手机UIM卡中,当手机终端通过无线核心网发送数据业务请求消息时,将携带MDN的数据业务请求消息发送到PDSN上,数据业务服务中心通过与PDSN的信息交互获得手机终端的MDN,实现了对手机终端的鉴权。但是,该技术方案需要定制专门的手机终端,这对于已经投入运营的手机终端来说很难实现。In order to realize the authentication of the user terminal by the data service service center, in the user terminal such as a mobile phone terminal in the prior art, the authentication information required for the data service service center to realize the authentication of the user terminal is written into the user identification card (UIM) of the mobile phone. ), write the MDN information into the UIM card of the mobile phone, when the mobile terminal sends a data service request message through the wireless core network, the data service request message carrying the MDN is sent to the PDSN, and the data service center passes the information with the PDSN The MDN of the mobile terminal is obtained interactively, and the authentication of the mobile terminal is realized. However, this technical solution needs to customize a special mobile phone terminal, which is difficult to realize for mobile phone terminals that have already been put into operation.

发明内容Contents of the invention

本发明所要解决的技术问题是提供一种实现数据业务服务中心获得用户终端鉴权信息的方法及系统,以实现用户终端无需专门的定制就能够使数据业务服务中心获得对用户终端鉴权所需要的信息。The technical problem to be solved by the present invention is to provide a method and system for the data service center to obtain user terminal authentication information, so that the user terminal can obtain the user terminal authentication information required by the data service center without special customization. Information.

为此,本发明提供了一种实现数据业务服务中心获得用户终端鉴权信息的方法,该方法为:For this reason, the present invention provides a kind of method that realizes data business service center to obtain user terminal authentication information, and this method is:

分组数据服务节点PDSN发起数据业务请求;The packet data serving node PDSN initiates a data service request;

依据系统网元中预置的IMSI、IP地址和MDN之间的映射关系,查找用于数据业务服务中心对移动用户鉴权所需的鉴权信息MDN;According to the mapping relationship between the IMSI, IP address and MDN preset in the system network element, search for the authentication information MDN required for the data service service center to authenticate the mobile user;

数据业务服务中心获得所述鉴权信息MDN。The data service service center obtains the authentication information MDN.

其中,实现所述数据业务服务中心获得相应用户终端MDN的方法有四种:Among them, there are four methods for realizing that the data service service center obtains the corresponding user terminal MDN:

方法1为:Method 1 is:

步骤1a:系统网元与PDSN进行信息交互,查找出相应用户终端的MDN,并将含有MDN的业务消息发送到数据业务服务中心;Step 1a: The system network element and the PDSN perform information interaction, find out the MDN of the corresponding user terminal, and send the service message containing the MDN to the data service center;

步骤1b:数据业务服务中心接收到PDSN业务请求消息后,依据系统网元发来的含有MDN的业务消息得到相应用户终端的MDN。Step 1b: After receiving the PDSN service request message, the data service center obtains the MDN of the corresponding user terminal according to the service message containing the MDN sent by the system network element.

方法2为:Method 2 is:

步骤2a:PDSN与系统网元信息交互,获得相应用户终端的MDN;Step 2a: PDSN interacts with system network element information to obtain the MDN of the corresponding user terminal;

步骤2b:PDSN将包含相应用户终端MDN的业务请求消息发送到数据业务服务中心;Step 2b: PDSN sends the service request message containing the corresponding user terminal MDN to the data service service center;

步骤2c:数据业务服务中心接收到PDSN发送来的业务请求信息,获得对于用户终端的MDN。Step 2c: The data service service center receives the service request information sent by the PDSN, and obtains the MDN for the user terminal.

方法3为:Method 3 is:

步骤3a:系统网元与PDSN信息交互获得相应用户终端的MDN,将含有相应用户终端MDN的业务消息转发到无线综合业务网关WISG;Step 3a: The system network element interacts with the PDSN information to obtain the MDN of the corresponding user terminal, and forwards the service message containing the MDN of the corresponding user terminal to the wireless integrated service gateway WISG;

步骤3b:PDSN向数据业务服务中心发送业务请求消息,数据业务服务中心依据该业务请求消息,与WISG的信息交互,获得相应用户终端的MDN。Step 3b: PDSN sends a service request message to the data service center, and the data service center interacts with WISG information according to the service request message to obtain the MDN of the corresponding user terminal.

方法4为:Method 4 is:

数据业务服务中心依据接收到的PDSN业务请求消息,到系统网元上获取相应用户终端的MDN。According to the received PDSN service request message, the data service service center obtains the MDN of the corresponding user terminal from the system network element.

其中,在方法1、方法2、和方法3所述步骤1a、2a、3a之前进一步包括:Wherein, before method 1, method 2, and step 1a, 2a, 3a described in method 3, further include:

用用户终端通过无线核心网发送业务请求消息到PDSN,PDSN对该请求消息进行认证,若认证通过,则发起用户数据业务请求。The user terminal sends a service request message to the PDSN through the wireless core network, and the PDSN authenticates the request message, and initiates a user data service request if the authentication passes.

其中,方法4中,在数据业务服务中心接收到PDSN业务请求之前,该方法进一步包括:Wherein, in method 4, before the data service service center receives the PDSN service request, the method further includes:

用户终端通过无线核心网发送业务请求消息到PDSN,PDSN对该请求消息进行认证,若认证通过,则发起用户数据业务请求。The user terminal sends a service request message to the PDSN through the wireless core network, and the PDSN authenticates the request message, and initiates a user data service request if the authentication passes.

其中,所述系统网元为授权、验证和计费中心AAA或独立设置的数据库。Wherein, the system network element is an authorization, authentication and accounting center AAA or an independently set database.

其中,所述PDSN、AAA和数据业务服务中心之间采用Radius协议进行信息交互。Wherein, the Radius protocol is used for information exchange between the PDSN, the AAA and the data service center.

本发明还提供了一种实现数据业务服务中心获得用户终端鉴权信息的系统,该系统包括:The present invention also provides a system for realizing the data business service center to obtain user terminal authentication information, and the system includes:

PDSN,根据用户终端的请求发起数据业务请求消息到系统网元或数据业务服务中心;PDSN, according to the request of the user terminal, initiates a data service request message to the system network element or data service center;

系统网元,预置MDN、IMSI和IP地址之间的映射关系,根据接收到的查找鉴权信息请求,找到相应用户终端的MDN并通过数据交互使数据业务服务中心获得相应的MDN信息;The system network element presets the mapping relationship between MDN, IMSI and IP address, finds the MDN of the corresponding user terminal according to the received request for searching authentication information, and enables the data service center to obtain the corresponding MDN information through data interaction;

数据业务服务中心,根据获得的用户终端MDN信息,执行数据业务鉴权。The data service service center performs data service authentication according to the obtained user terminal MDN information.

其中,所述系统网元为授权、验证和计费中心AAA或独立设置的数据库。Wherein, the system network element is an authorization, authentication and accounting center AAA or an independently set database.

其中,所述PDSN、AAA和数据业务服务中心之间采用Radius协议进行信息交互。Wherein, the Radius protocol is used for information exchange between the PDSN, the AAA and the data service center.

由于本发明在系统网元上预置有IMSI、用户终端IP地址、与MDN的映射关系,使得数据业务服务中心在与PDSN、及系统网元间的信息交互中能够获得用于数据业务服务中心对用户终端鉴权所需要的MDN信息,解决了在CDMA网络中数据业务服务中心因无法获得用户终端鉴权所需要的MDN信息而导致对用户终端鉴权失败的问题,使用户无需使用专门定制的终端就可以实现数据业务服务中心对用户终端的鉴权。Since the present invention presets the mapping relationship between the IMSI, the user terminal IP address, and the MDN on the system network element, the data service center can obtain information for the data service service center in the information interaction with the PDSN and the system network element. The MDN information required for user terminal authentication solves the problem that the data service service center in the CDMA network cannot obtain the MDN information required for user terminal authentication, which leads to the failure of user terminal authentication, so that users do not need to use specially customized The terminal can realize the authentication of the user terminal by the data service service center.

进一步,由于本发明还提供了实现数据业务数据服务中心获取用户终端MDN的四种方法,因而使本发明应用灵活,易于结合不同业务情况和系统架构予以实现,且本发明中使用现有网络中的AAA网元保存所述映射关系,达到了与现有网络系统的兼容,避免了对现有网络架构的更改。Further, since the present invention also provides four methods for realizing the data service data service center to obtain the user terminal MDN, the present invention is flexible in application, easy to realize in combination with different business situations and system architectures, and the present invention uses existing network The AAA network element saves the mapping relationship, achieving compatibility with the existing network system and avoiding changes to the existing network architecture.

本发明还提供了一种实现数据业务服务中心获得鉴权信息所需要的系统,该系统解决了数据业务服务中心因无法获得用户终端MDN信息而导致对用户终端鉴权失败的问题,使用户无需使用专门的定制终端就可以实现数据业务服务中心对用户终端的鉴权。The present invention also provides a system required for the data business service center to obtain authentication information. The system solves the problem that the data business service center fails to authenticate the user terminal due to the inability to obtain the user terminal MDN information, so that the user does not need to The authentication of the user terminal by the data service service center can be realized by using a special customized terminal.

附图说明Description of drawings

图1为本发明实施例1的信令流程图;FIG. 1 is a signaling flow chart of Embodiment 1 of the present invention;

图2为本发明实施例2的信令流程图;FIG. 2 is a signaling flow chart of Embodiment 2 of the present invention;

图3为本发明实施例3的信令流程图;FIG. 3 is a signaling flow chart of Embodiment 3 of the present invention;

图4为本发明实施例4的信令流程图。FIG. 4 is a signaling flowchart of Embodiment 4 of the present invention.

具体实施方式Detailed ways

本发明的核心思想在于:在CDMA系统网元上预置IMSI、用户终端IP地址、和MDN的映射关系,使得数据业务服务中心通过与系统网元的信息交互能够获得相应用户终端的MDN,从而解决了数据业务服务中心对用户终端的鉴权问题。The core idea of the present invention is: preset the mapping relationship between IMSI, user terminal IP address, and MDN on the CDMA system network element, so that the data service service center can obtain the MDN of the corresponding user terminal through information interaction with the system network element, thereby The problem of authentication of the user terminal by the data service service center is solved.

下面,以手机彩信业务为例,并结合附图对本发明所述数据业务服务中心获得手机终端MDN的方法进行详细描述。Next, taking the MMS service of a mobile phone as an example, the method for obtaining the MDN of a mobile terminal by a data service service center of the present invention will be described in detail in conjunction with the accompanying drawings.

实施例1Example 1

参见图1,在授权、验证、和计费中心(AAA)网元中保存IMSI或用户终端IP地址、和MDN的映射关系,MMSC获得相应手机终端MDN的方法,步骤如下:Referring to Fig. 1, the mapping relationship of IMSI or user terminal IP address and MDN is stored in authorization, verification, and billing center (AAA) network element, and the method for MMSC to obtain corresponding mobile phone terminal MDN is as follows:

步骤101~步骤102:手机终端发起一个彩信(MMS)请求消息,该消息通过无线核心网到达PDSN,并通过PDSN的认证后,PDSN发送对手机终端的记费请求消息到AAA;Steps 101 to 102: the mobile terminal initiates a multimedia message (MMS) request message, which arrives at the PDSN through the wireless core network, and after being authenticated by the PDSN, the PDSN sends a billing request message to the mobile terminal to the AAA;

其中,计费请求消息中包含手机终端的IMSI或IP地址、MMSC信息、以及相应的业务信息;Wherein, the charging request message includes the IMSI or IP address of the mobile terminal, MMSC information, and corresponding service information;

步骤103:AAA配置为Radius Proxy模式,AAA从PDSN接到计费请求消息后,根据本地存放的IMSI、IP地址、和MDN的映射关系,获得相应手机终端的MDN;AAA把获得的MDN放到记费请求消息中,并通过Radius协议转发到MMSC上;Step 103: AAA is configured as Radius Proxy mode. After AAA receives the charging request message from PDSN, it obtains the MDN of the corresponding mobile terminal according to the mapping relationship between the IMSI, IP address, and MDN stored locally; AAA puts the obtained MDN into Billing request message, and forwarded to MMSC through Radius protocol;

其中,本实施例数据业务服务中心为MMSC,在实际网络中也可能是需要MDN信息的其他数据业务服务中心、需要MDN信息的无线应用协议网关(WAPGW)、无线综合业务网关(WISG)等其他网元,不影响本发明的实现;Wherein, the data business service center in this embodiment is MMSC, and may also be other data business service centers that require MDN information, wireless application protocol gateways (WAPGW) that require MDN information, wireless integrated service gateways (WISG), etc. in actual networks. The network element does not affect the realization of the present invention;

步骤104:MMSC获得AAA转发的计费消息后保存在本地,然后发送响应消息回给AAA;Step 104: MMSC saves locally after obtaining the charging message forwarded by AAA, and then sends a response message back to AAA;

这样,MMSC上就存有了手机终端IMSI或者手机终端IP地址、以及相应手机终端的MDN信息;In this way, the IMSI or IP address of the mobile terminal and the MDN information of the corresponding mobile terminal are stored in the MMSC;

步骤105:AAA获得MMSC发回的响应消息后,发送响应消息到PDSN;Step 105: AAA sends a response message to the PDSN after obtaining the response message sent back by the MMSC;

步骤106:PDSN接到AAA发来的响应消息后,发送MMS业务请求消息到MMSC,MMSC根据先前存有的AAA转发的记费请求消息,得到相应手机终端的MDN;Step 106: After receiving the response message from the AAA, the PDSN sends an MMS service request message to the MMSC, and the MMSC obtains the MDN of the corresponding mobile terminal according to the billing request message forwarded by the previously stored AAA;

至此,MMSC获得了相应手机终端的MDN。So far, MMSC has obtained the MDN of the corresponding mobile terminal.

实施例2Example 2

参见图2,在AAA网元中预置IMSI、用户终端IP地址、和MDN的映射关系,MMSC获得相应手机终端MDN的方法,步骤如下:Referring to Figure 2, the mapping relationship between IMSI, user terminal IP address, and MDN is preset in the AAA network element, and the method for MMSC to obtain the corresponding mobile terminal MDN is as follows:

步骤201~步骤202:手机终端发起一个MMS请求消息,该消息通过无线核心网到达PDSN,并通过PDSN的认证后,PDSN发送对手机终端的记费请求消息到AAA;Steps 201 to 202: the mobile terminal initiates an MMS request message, which reaches the PDSN through the wireless core network, and after being authenticated by the PDSN, the PDSN sends a billing request message for the mobile terminal to the AAA;

其中,计费请求消息中包含手机终端的IMSI或IP地址、MMSC信息、以及相应的业务信息;Wherein, the charging request message includes the IMSI or IP address of the mobile terminal, MMSC information, and corresponding service information;

步骤203:AAA接到PDSN发来的计费请求消息后,根据本地存放的手机终端的IMSI或IP地址、和MDN映射关系,获得相应手机终端的MDN,然后把获得的MDN放到响应消息中回发到PDSN;Step 203: After receiving the charging request message from the PDSN, AAA obtains the MDN of the corresponding mobile terminal according to the mapping relationship between the IMSI or IP address of the mobile terminal stored locally and the MDN, and then puts the obtained MDN into the response message Send back to PDSN;

步骤204:PDSN接到AAA回发的响应消息后,把从与AAA的交互响应消息中得到的相应手机终端的MDN放到MMS请求消息中,并发送到MMSC上;Step 204: After receiving the response message sent back by the AAA, the PDSN puts the MDN of the corresponding mobile terminal obtained from the interactive response message with the AAA into the MMS request message and sends it to the MMSC;

MMSC据此获得了相应手机终端的MDN。Based on this, MMSC obtains the MDN of the corresponding mobile terminal.

其中,本实施例数据业务服务中心为MMSC,在实际网络中也可能是需要MDN信息的其他数据业务服务中心、需要MDN信息的无线应用协议网关(WAPGW)、无线综合业务网关(WISG)等其他网元,不影响本发明的实现。Wherein, the data business service center in this embodiment is MMSC, and may also be other data business service centers that require MDN information, wireless application protocol gateways (WAPGW) that require MDN information, wireless integrated service gateways (WISG), etc. in actual networks. The network element does not affect the realization of the present invention.

实施例3Example 3

参见图3,在AAA网元中预置IMSI、用户终端IP地址、和MDN的映射关系,MMSC获得相应手机终端的MDN的方法,步骤如下:Referring to Figure 3, the mapping relationship between IMSI, user terminal IP address, and MDN is preset in the AAA network element, and the method for the MMSC to obtain the MDN of the corresponding mobile terminal is as follows:

步骤301~步骤302:手机终端发起一个MMS请求消息,该消息通过无线核心网到达PDSN,并通过PDSN的认证后,PDSN发送该MMS请求消息到MMSC;Steps 301 to 302: The mobile terminal initiates an MMS request message, which reaches the PDSN through the wireless core network, and after being authenticated by the PDSN, the PDSN sends the MMS request message to the MMSC;

其中,本实施例数据业务服务中心为MMSC,在实际网络中也可能是需要MDN信息的其他数据业务服务中心、需要MDN信息的无线应用协议网关(WAPGW)、无线综合业务网关(WISG)等其他网元,不影响本发明的实现;Wherein, the data business service center in this embodiment is MMSC, and may also be other data business service centers that require MDN information, wireless application protocol gateways (WAPGW) that require MDN information, wireless integrated service gateways (WISG), etc. in actual networks. The network element does not affect the realization of the present invention;

步骤303:AAA配置为Radius Proxy模式,MMSC接收到PDSN发送来到MMSC业务请求消息后,通过Radius协议向AAA发送获取MDN的请求;Step 303: AAA is configured as a Radius Proxy mode, and the MMSC sends a request to obtain an MDN to the AAA through the Radius protocol after receiving the MMSC service request message sent by the PDSN;

其中,获得MDN的请求消息中至少包含手机终端对应的IMSI或IP地址、及MMSC信息;Wherein, the request message for obtaining the MDN includes at least the IMSI or IP address corresponding to the mobile terminal, and MMSC information;

步骤304:AAA接收到MMSC发来的获取MDN请求消息后,根据本地存放的手机终端对应的IMSI或IP地址、和MDN映射关系,获得手机终端对应的MDN,然后把获得的MDN放到对应响应消息中通过Radius协议发送回MMSC,MMSC根据收到的响应消息得到相应手机终端的MDN;Step 304: After receiving the MDN request message from the MMSC, the AAA obtains the MDN corresponding to the mobile terminal according to the IMSI or IP address corresponding to the locally stored mobile terminal and the MDN mapping relationship, and then puts the obtained MDN into the corresponding response The message is sent back to the MMSC through the Radius protocol, and the MMSC obtains the MDN of the corresponding mobile terminal according to the received response message;

至此,MMSC获得了相应手机终端的MDN。So far, MMSC has obtained the MDN of the corresponding mobile terminal.

实施例4Example 4

参见图4,在CDMA网络中有WISG情况下,MMSC获得相应手机终端的MDN的方法,步骤如下:Referring to Fig. 4, under the situation that there is WISG in CDMA network, the method for MMSC to obtain the MDN of corresponding mobile phone terminal, the steps are as follows:

在AAA网元中预置IMSI、用户终端IP地址、和MDN的映射关系;Preset the mapping relationship between IMSI, user terminal IP address, and MDN in the AAA network element;

步骤401~步骤402:手机终端发起一个MMS请求消息,该消息通过无线核心网到达PDSN,并通过PDSN的认证后,PDSN发送计费请求消息到AAA;Steps 401 to 402: The mobile terminal initiates an MMS request message, which reaches the PDSN through the wireless core network, and after being authenticated by the PDSN, the PDSN sends an accounting request message to the AAA;

步骤403:AAA配置为Radius Proxy模式,AAA接到PDSN发来的计费请求消息后,根据本地存放的手机终端对应的IMSI或IP地址、和MDN映射关系,获得手机终端对应的MDN,然后把获得的MDN放到记费请求消息中,并通过Radius协议转发该记费请求消息到WISG;Step 403: AAA is configured as a Radius Proxy mode. After receiving the charging request message from the PDSN, the AAA obtains the MDN corresponding to the mobile terminal according to the IMSI or IP address corresponding to the locally stored mobile terminal and the mapping relationship with the MDN, and then sends the Put the obtained MDN into the billing request message, and forward the billing request message to WISG through the Radius protocol;

步骤404:WISG接收到AAA转发的含有手机终端对应的MDN的记费请求消息后,将该消息保存在本地,然后回发响应消息给AAA;Step 404: WISG receives the billing request message containing the MDN corresponding to the mobile terminal forwarded by AAA, saves the message locally, and then sends back a response message to AAA;

这样,业务中心WISG上就存有了手机终端对应的IMSI或者IP地址、以及相应手机终端的MDN信息;In this way, the IMSI or IP address corresponding to the mobile terminal and the MDN information of the corresponding mobile terminal are stored in the service center WISG;

步骤405:AAA接收到WISG回发的响应消息后,发送相应的响应消息给PDSN;Step 405: AAA sends a corresponding response message to the PDSN after receiving the response message sent back by the WISG;

步骤406:PDSN收到AAA的响应消息后,发送MMS请求消息至MMSC上;Step 406: After receiving the AAA response message, the PDSN sends an MMS request message to the MMSC;

其中,本实施例数据业务服务中心为MMSC,在实际网络中也可能是需要MDN信息的其他数据业务服务中心、需要MDN信息的无线应用协议网关(WAPGW)、无线综合业务网关(WISG)等其他网元,不影响本发明的实现;Wherein, the data business service center in this embodiment is MMSC, and may also be other data business service centers that require MDN information, wireless application protocol gateways (WAPGW) that require MDN information, wireless integrated service gateways (WISG), etc. in actual networks. The network element does not affect the realization of the present invention;

步骤407:MMSC接到PDSN发来的MMS请求消息后,向WISG发出查询MDN请求;Step 407: After receiving the MMS request message from the PDSN, the MMSC sends an MDN query request to the WISG;

其中,查询MDN请求中至少包含需要查询的手机终端对应的IMSI或IP地址、WISG信息、以及相应的其他业务信息;Wherein, the MDN query request at least includes the IMSI or IP address corresponding to the mobile terminal to be queried, WISG information, and other corresponding business information;

步骤408:WISG接到MMSC发来的查询MDN请求消息后,根据先前保存的AAA转发的记费请求消息,得到手机终端对应的MDN,并将其加在相应的应答消息中回发给MMSC;Step 408: After receiving the query MDN request message sent by the MMSC, the WISG obtains the corresponding MDN of the mobile terminal according to the billing request message forwarded by the previously stored AAA, and adds it to the corresponding response message and sends it back to the MMSC;

MMSC据此获得了手机终端对应的MDN。Based on this, the MMSC obtains the MDN corresponding to the mobile terminal.

可见,本发明所述的方法,不需要在手机终端UIM中写入其对应的MDN就可以实现多媒体业务服务中心对手机终端的鉴权。通过在系统网元AAA中预置MDN、IMSI和用户终端IP地址之间的映射关系,使得数据业务服务中心在与PDSN、及系统网元间的信息交互中能够获得用于数据业务服务中心对用户终端鉴权所需要的MDN信息,解决了在CDMA网络中数据业务服务中心因无法获得用户终端鉴权所需要的MDN信息而导致对用户终端鉴权失败的问题,使用户无需使用专门定制的终端就可以实现数据业务服务中心对用户终端的鉴权。It can be seen that the method of the present invention can realize the authentication of the mobile terminal by the multimedia service center without writing its corresponding MDN in the UIM of the mobile terminal. By presetting the mapping relationship between MDN, IMSI, and user terminal IP address in the system network element AAA, the data service center can obtain information for the data service center to use in the information interaction with the PDSN and system network elements. The MDN information required for user terminal authentication solves the problem that the data service service center in the CDMA network cannot obtain the MDN information required for user terminal authentication, which leads to the failure of user terminal authentication, so that users do not need to use specially customized The terminal can realize the authentication of the user terminal by the data service service center.

本发明还提供了实现数据业务服务中心获得用户终端鉴权信息的系统,该系统包括:The present invention also provides a system for realizing the data business service center to obtain user terminal authentication information, and the system includes:

PDSN,根据用户终端的请求发起数据业务请求消息到AAA网元或数据业务服务中心;PDSN, according to the request of the user terminal, initiates a data service request message to the AAA network element or the data service service center;

AAA网元,预置MDN、IMSI和IP地址之间的映射关系,并配置为RadiusProxy模式,根据接收到的查找鉴权信息请求,找到相应用户终端的MDN并通过数据交互使数据业务服务中心获得相应的MDN信息;The AAA network element presets the mapping relationship between MDN, IMSI and IP address, and configures it in RadiusProxy mode. According to the received authentication information search request, it finds the MDN of the corresponding user terminal and enables the data service service center to obtain it through data interaction. Corresponding MDN information;

其中,所述查找鉴权信息请求可以由PDSN发起,也可以由数据业务服务中心发起,不影响本发明的实现;Wherein, the search authentication information request can be initiated by the PDSN, or can be initiated by the data service service center, which does not affect the realization of the present invention;

数据业务服务中心,根据获得的用户终端MDN信息,执行数据业务鉴权。The data service service center performs data service authentication according to the obtained user terminal MDN information.

其中,所述PDSN、AAA和数据业务服务中心之间采用Radius协议进行信息交互。Wherein, the Radius protocol is used for information exchange between the PDSN, the AAA and the data service center.

可见,本系统通过在系统网元AAA上预置MDN、IMSI和用户终端IP地址之间的映射关系,使得数据业务服务中心在与PDSN、及系统网元间的信息交互中能够获得用于数据业务服务中心对用户终端鉴权所需要的MDN信息,解决了在CDMA网络中数据业务服务中心因无法获得用户终端鉴权所需要的MDN信息而导致对用户终端鉴权失败的问题,使用户无需使用专门定制的终端就可以实现数据业务服务中心对用户终端的鉴权。It can be seen that the system presets the mapping relationship between MDN, IMSI and user terminal IP address on the system network element AAA, so that the data service center can obtain the information used for the data exchange between the PDSN and the system network element. The MDN information required by the business service center for user terminal authentication solves the problem that the data service service center cannot obtain the MDN information required for user terminal authentication in the CDMA network, which leads to the failure of user terminal authentication, so that users do not need to The authentication of the user terminal by the data service service center can be realized by using a specially customized terminal.

以上所述仅为本发明的较佳实施例而已,并不用以限制本发明,凡在本发明的精神和原则之内,所作的任何修改、等同替换、改进等,均应包含在本发明的保护范围之内。The above descriptions are only preferred embodiments of the present invention, and are not intended to limit the present invention. Any modifications, equivalent replacements, improvements, etc. made within the spirit and principles of the present invention shall be included in the scope of the present invention. within the scope of protection.

Claims (7)

1. realize that data service service centre obtains the method for subscriber terminal authority information for one kind, it is characterized in that,
Packet data serving node PDSN initiates the data service request;
According to the mapping relations between the international mobile subscriber identity IMSI that presets in system's network element, mobile subscriber's international agreement IP address and the Mobile Directory Number MDN, search and be used for the MDN required of data service service centre mobile phone user authentication, wherein, MDN is the data service service centre authentication information required to mobile phone user authentication;
Data service service centre obtains described MDN, specifically comprises:
System's network element and PDSN carry out information interaction, find out the MDN of relative users terminal, and the service message that will contain MDN sends to data service service centre; After data service service centre received the PDSN business request information, the service message of sending according to system's network element that contains MDN obtained the MDN of relative users terminal;
Or
PDSN and system's network element carry out information interaction, obtain the MDN of relative users terminal; The business request information that PDSN will comprise the MDN of relative users terminal sends to data service service centre; Data service service centre receives the service requesting information that PDSN sends, and obtains the MDN of respective user terminal;
Or
System's network element and PDSN information interaction obtain the MDN of relative users terminal, and the service message that will contain the MDN of relative users terminal is forwarded to wireless integrated service gateway WISG; PDSN sends business request information to data service service centre, and data service service centre with the information interaction of WISG, obtains the MDN of relative users terminal according to this business request information;
Or
After the business request information that the PDSN that data service service centre receives sends, send the request of the MDN that obtains user terminal to system's network element; After system's network element receives the MDN request message that obtains user terminal that data service service centre sends, IMSI or the IP address and the MDN mapping relations of the user terminal correspondence of depositing according to this locality, obtain the MDN of user terminal correspondence, the MDN of user terminal is carried in the response message sends to data service service centre by the Radius agreement; Data service service centre obtains the MDN of user terminal according to the response message that receives.
2. method according to claim 1 is characterized in that, data service service centre obtains further to comprise before the described MDN:
User terminal sends business request information to PDSN by wireless core network, and PDSN authenticates this request message, if authentication is passed through, then initiates the user data service request.
3. method according to claim 2 is characterized in that, described system network element is Authorization, Authentication and Accounting center AAA or the independent database that is provided with.
4. method according to claim 3 is characterized in that, adopts the Radius agreement to carry out information interaction between described PDSN, AAA and the data service service centre.
5. realize that data service service centre obtains the system of subscriber terminal authority information, is characterized in that this system comprises for one kind:
PDSN initiates the data service request message to system's network element or data service service centre according to the request of user terminal;
System's network element presets the mapping relations between MDN, IMSI and the IP address, and wherein, MDN is the data service service centre authentication information required to mobile phone user authentication; Carry out information interaction with PDSN, find out the MDN of relative users terminal, and the service message that will contain MDN sends to data service service centre, make data service service centre obtain corresponding M DN information; Or, carry out information interaction with PDSN, make PDSN obtain the MDN of relative users terminal, so that will comprising the business request information of the MDN of relative users terminal, PDSN sends to data service service centre, make data service service centre obtain corresponding M DN information; Or, MDN with PDSN information interaction acquisition relative users terminal, the service message that will contain the MDN of relative users terminal is forwarded to wireless integrated service gateway WISG, so that data service service centre is after the business request information that receives the PDSN transmission, according to the information interaction of this business request information and WISG, obtain the MDN of relative users terminal; Or, the request of the MDN that obtains user terminal that reception data service service centre sends after the business request information that the PDSN that receives sends, IMSI or the IP address and the MDN mapping relations of the user terminal correspondence of depositing according to this locality, obtain the MDN of user terminal correspondence, the MDN of user terminal is carried in the response message sends to data service service centre, make data service service centre obtain the MDN of user terminal according to the response message that receives by the Radius agreement;
Data service service centre according to the MDN information of the user terminal that obtains, carries out data business right discriminating.
6. system according to claim 5 is characterized in that, described system network element is Authorization, Authentication and Accounting center AAA or the independent database that is provided with.
7. system according to claim 6 is characterized in that, adopts the Radius agreement to carry out information interaction between described PDSN, AAA and the data service service centre.
CN2006100871116A 2006-06-09 2006-06-09 Method and system for realizing data business service center obtaining user terminal authentication information Expired - Fee Related CN1968090B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN2006100871116A CN1968090B (en) 2006-06-09 2006-06-09 Method and system for realizing data business service center obtaining user terminal authentication information

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN2006100871116A CN1968090B (en) 2006-06-09 2006-06-09 Method and system for realizing data business service center obtaining user terminal authentication information

Publications (2)

Publication Number Publication Date
CN1968090A CN1968090A (en) 2007-05-23
CN1968090B true CN1968090B (en) 2010-10-27

Family

ID=38076663

Family Applications (1)

Application Number Title Priority Date Filing Date
CN2006100871116A Expired - Fee Related CN1968090B (en) 2006-06-09 2006-06-09 Method and system for realizing data business service center obtaining user terminal authentication information

Country Status (1)

Country Link
CN (1) CN1968090B (en)

Families Citing this family (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101106551B (en) * 2007-06-15 2011-02-02 华为技术有限公司 Method and device for transferring user number
CN101217704B (en) * 2008-01-15 2010-09-29 中兴通讯股份有限公司 Method for updating user information in authentication, authorization and billing system
CN101998380B (en) * 2009-08-13 2014-11-19 中国电信股份有限公司 Method for transmitting mobile directory number (MDN)
CN103379092A (en) * 2012-04-16 2013-10-30 上海博路信息技术有限公司 Message authentication and authorization service system
CN103701758B (en) * 2012-09-27 2017-07-07 中国电信股份有限公司 Method, system and the authentication gateway of business are used by mobile terminal client terminal
CN103874055B (en) * 2012-12-12 2018-05-11 中国电信股份有限公司 To method, system and the PDSN of WAP gateway transmission user identifier
CN104219652B (en) * 2013-05-31 2017-09-19 中国电信股份有限公司 Access the method and system that subscriber identity information is transmitted when WAP is applied
CN104349307B (en) * 2013-07-31 2017-11-10 中国电信股份有限公司 Realize method, WAP gateway and the system of WAP business Transparent Proxies

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1339213A (en) * 1999-02-04 2002-03-06 爱培恩通信有限公司 Telecommunications gateway
CN1538778A (en) * 2003-04-15 2004-10-20 华为技术有限公司 A method for monitoring packet services based on mobile phone numbers
CN1552150A (en) * 2001-07-06 2004-12-01 ����ɭ�绰�ɷ����޹�˾ Method and Apparatus for Resolving Entity Identifiers to Internet Addresses Using Domain Name System Server and Entity Identifier Portable Transfer Database
CN1561027A (en) * 2004-03-05 2005-01-05 中兴通讯股份有限公司 A cluster service authentication interface and a cluster service authentication implementation method
US6950660B1 (en) * 2002-05-10 2005-09-27 Qualcomm, Incorporated Provisioning a mobile device in a wireless communication system

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1339213A (en) * 1999-02-04 2002-03-06 爱培恩通信有限公司 Telecommunications gateway
CN1552150A (en) * 2001-07-06 2004-12-01 ����ɭ�绰�ɷ����޹�˾ Method and Apparatus for Resolving Entity Identifiers to Internet Addresses Using Domain Name System Server and Entity Identifier Portable Transfer Database
US6950660B1 (en) * 2002-05-10 2005-09-27 Qualcomm, Incorporated Provisioning a mobile device in a wireless communication system
CN1538778A (en) * 2003-04-15 2004-10-20 华为技术有限公司 A method for monitoring packet services based on mobile phone numbers
CN1561027A (en) * 2004-03-05 2005-01-05 中兴通讯股份有限公司 A cluster service authentication interface and a cluster service authentication implementation method

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
CN 1561027 A,全文.

Also Published As

Publication number Publication date
CN1968090A (en) 2007-05-23

Similar Documents

Publication Publication Date Title
CN1157027C (en) Mobile Internet access
AU2003285885B2 (en) Configuration of enterprise gateways
CN1946023B (en) Authentication and authorization architecture for access gateways
CN102695167B (en) Mobile subscriber identity management method and apparatus thereof
US8527007B2 (en) Multimedia message system and method for sending multimedia message
US20050277407A1 (en) Method and device for providing mobile services with virtual number
US8812597B2 (en) Method and system for instant messaging traffic routing
WO2012174885A1 (en) Information sending method and gateway
US8621582B2 (en) Authentication system
US20220360584A1 (en) Data management for authorizing data consumers in communication network
CN1968090B (en) Method and system for realizing data business service center obtaining user terminal authentication information
CN100405781C (en) Method and system for providing network services
CN101019384B (en) System and method for distributing and distributing end-user information in a network environment
US7496102B2 (en) Broadband telecommunication service with personalized service capability for mobile terminals
JP2003060714A (en) How to provide custom services
US7292840B2 (en) Method for ascertaining a billing tariff for a data transfer
CN100464595C (en) Method and network element equipment for acquiring user's access home GGSN
EP1472827A2 (en) Optimization of point-to-point sessions
CN1941778B (en) Third-Party Access Gateways for Telecom Services
CN100544256C (en) Method for locating user access authorization functional entity in NASS
WO2008154834A1 (en) Method and equipment for transmitting user number
CN100544255C (en) The method of locating and describing data functional entity in NASS
WO2010139145A1 (en) Method, server and system for realizing industry application multimedia message service
WO2006037269A1 (en) A method for service registration based on ip access
CN112153629A (en) Traffic management method and device

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant
C17 Cessation of patent right
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20101027

Termination date: 20130609