WO2011069423A1 - Method, device and system for license control - Google Patents

Method, device and system for license control Download PDF

Info

Publication number
WO2011069423A1
WO2011069423A1 PCT/CN2010/079292 CN2010079292W WO2011069423A1 WO 2011069423 A1 WO2011069423 A1 WO 2011069423A1 CN 2010079292 W CN2010079292 W CN 2010079292W WO 2011069423 A1 WO2011069423 A1 WO 2011069423A1
Authority
WO
WIPO (PCT)
Prior art keywords
license
lcc
content
implementation
control
Prior art date
Application number
PCT/CN2010/079292
Other languages
French (fr)
Chinese (zh)
Inventor
张勇
Original Assignee
华为技术有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 华为技术有限公司 filed Critical 华为技术有限公司
Publication of WO2011069423A1 publication Critical patent/WO2011069423A1/en

Links

Definitions

  • a license is a form of contract for a supplier/operator to authorize/authorize the range of products sold/purchased. Through the license, the operator can obtain the corresponding service promised by the supplier.
  • the method of authorizing and selling according to the contract is called selling by license; the technology for ensuring the effective implementation of the license is called License technology.
  • the license is usually in the form of a license file.
  • the license file usually contains the device information of the license file to bind the device to the license file. In this way, on the one hand, the license of the operator cannot be stolen by others, and the interests of the operator are protected; on the other hand, the license file cannot be abused by the operator to protect the interests of the equipment manufacturer.
  • a license control method including: the license control center LCC loads and parses a license file, and obtains the LCC acquisition.
  • the license item includes the license content; the LCC determines the license content required to license the implementation of the device; and the LCC carries the license content in the license control message to the license enforcement device.
  • another license control method including: the license implementation device receives a license control message sent by the license control center LCC; the license implementation device acquires the license content that needs to be implemented from the license control message; The device implements license control based on the licensed content that needs to be implemented.
  • a further aspect of the embodiments of the present invention provides a license control device, including: a parsing module, configured to load and parse a license file, obtain a license item acquired by the license control device, where the license item includes a license content; And a sending processing module, configured to carry the licensed content in the license control message and send the license content to the license implementing device.
  • a parsing module configured to load and parse a license file, obtain a license item acquired by the license control device, where the license item includes a license content
  • a sending processing module configured to carry the licensed content in the license control message and send the license content to the license implementing device.
  • a license implementation apparatus including: a receiving module, configured to receive a permission control message sent by a license control center LCC; and an acquiring module, configured to acquire a requirement from a license control message received by the receiving module The license content of the implementation; the implementation module, configured to implement the license control according to the license content that needs to be implemented by the acquisition module.
  • a license control system comprising: the foregoing license control device, and the foregoing license implementation device.
  • the license content required to implement the device implementation can be obtained from the loading file, the license content required to implement the device implementation is sent to the license implementation device using the format of the message, compared to the prior art distribution license.
  • the technical solution of the file does not need to send a large amount of redundant information, so the effective information ratio is high, the transmission efficiency is improved, and the occupation of transmission resources is reduced.
  • 1 is a flow chart of a license control method according to an embodiment of the present invention.
  • FIG. 2 is a flow chart of a license control method according to an embodiment of the present invention.
  • FIG. 3 is a flow chart of signaling interaction of a license control method according to an embodiment of the present invention.
  • FIG. 4 is a flow chart of signaling interaction of a license control method according to an embodiment of the present invention.
  • FIG. 5 is a schematic diagram of a connection relationship between an AP and an AHR according to an embodiment of the present invention
  • FIG. 6 is a schematic diagram of a connection relationship between an AP and a MN in the embodiment of the present invention.
  • Figure ⁇ is a schematic diagram showing the connection relationship between an AP and an AG in the embodiment of the present invention.
  • FIG. 8 is a schematic structural diagram of a license control device according to an embodiment of the present invention.
  • FIG. 9 is a schematic structural diagram of a license implementation device according to an embodiment of the present invention.
  • FIG. 10 is a schematic structural diagram of a license implementation device according to an embodiment of the present invention.
  • the technical solutions in the embodiments of the present invention are clearly and completely described in the following with reference to the accompanying drawings in the embodiments of the present invention. It is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. example. All other embodiments obtained by a person of ordinary skill in the art based on the embodiments of the present invention without creative efforts are within the scope of the present invention.
  • the embodiments of the present invention provide a method, a device, and a system for implementing the license control, which can improve the efficiency of implementing the license control and reduce the occupation of the transmission resources, especially when the L i cens e implementation device is large.
  • a plurality of embodiments will be described below to explain the technical solutions of the embodiments of the present invention. It should be noted that the numbers of the embodiments are used for convenience of description only, and are not used as a basis for comparison between the embodiments.
  • FIG. 1 is a schematic flowchart of a license control method according to an embodiment of the present invention. Referring to FIG. 1, the method includes the following steps:
  • the license control center LCC loads and parses the license file to obtain the license item acquired by the LCC; in this embodiment, it can pass a license control center (L i cens e Con t ro l Cent er , The LCC is referred to as the license file. If the license file is encrypted, it can be decrypted by the LCC first, and then the decrypted license file is loaded. If the license file was not encrypted before, it can be loaded directly. After that, the analysis is performed to obtain the license item acquired by the LCC. It can be understood that the license item includes the license content.
  • LCC determines the license content required to license the implementation of the device
  • the LCC can determine which license content needs to be sent to the license implementation device through different implementations.
  • this step can have different implementations, such as:
  • the license item information supported by the license implementation device may be combined to determine that the license implementation is required. Licensed content for device implementation.
  • the specific process may be: the LCC determines, according to the license item acquired by the LCC, the license item information supported by the license implementation device, and determines the license content required to implement the implementation of the device, for example, the intersection of the two, or the part of the intersection. License item.
  • the LCC can independently select the license item acquired by the LCC and send it to the license implementation device.
  • the specific process may be: After obtaining the license item acquired by the LCC, the LCC may select part or all of the license items acquired by the LCC as the license content required to implement the implementation of the device. In this case, after the license content is sent to the license implementation device, the license implementation device can perform the reselection according to its own support capability or its own needs.
  • the determined license content is carried in the license control message to the license enforcement device.
  • the license content can be directly carried in the license control message to the license implementation device.
  • the determined license content may be encrypted first, and then the encrypted license content is carried in the license control message for transmission.
  • the encryption algorithm used in the encryption process can be determined in various ways. For example: 1) The LCC receives a license control request message sent by the license implementation device, and the license control request message includes: License implementation of the encryption algorithm set information supported by the device. After receiving the license control request message,
  • the LCC can select an encryption algorithm supported by the LCC from the encryption algorithm set information as the encryption algorithm to be used.
  • the LCC may also transmit the identifier of the selected encryption algorithm to the license implementing device in the form of a license control response message, so that the license implementing device may decrypt the received encrypted license content accordingly.
  • This method can be understood as the encryption algorithm that the LCC and the license implementation device negotiate to determine the common support during the license control process.
  • the encryption algorithm supported by the LCC and the license implementation device can be specified statically, that is, the default encryption algorithm. Mode 2) can be adopted directly, or it can be adopted if the negotiation is unsuccessful or there is no negotiation result.
  • the license content may be further encrypted on the basis of using the message format to carry the license content, thereby ensuring that the license content is private during the delivery process, and further protecting the security of the license content, in particular It is aimed at the current use of Licensing in the public network, to avoid the license content being easily intercepted and deciphered.
  • the determined permission content may be first processed before the permission control message is sent, and then the integrity processed license content is carried in the permission control message. Send in.
  • the integrity algorithm used for integrity processing can be determined in a variety of ways. For example: 1) The LCC receives the license control request message sent by the license implementation device, and the license control request message includes: the integrity algorithm set information supported by the license implementation device. After receiving the permission control request message, the LCC may select an integrity algorithm supported by the LCC from the integrity algorithm set information as the integrity algorithm to be used. In addition, the LCC may also send the identifier of the selected integrity algorithm to the license implementation device in the form of a license control response message, so that the license implementation device can perform integrity verification on the received integrity content after receiving the integrity. deal with. This approach can be understood as the LCC and the license implementation device negotiate to determine the commonly supported integrity algorithm during the license control process.
  • the integrity algorithm supported by the LCC and the license implementation device can be specified in a static manner. Mode 2) can be adopted directly, or it can be adopted if the negotiation is unsuccessful or there is no negotiation result. It can be understood that integrity is a feature that data cannot be changed without authorization, that is, information that remains unmodified, uncorrupted, and lost during storage or transmission. Through the integrity processing of the licensed content, the probability of errors in the data transmission process of the licensed content can be reduced, and the accuracy of the transmission of the licensed content is improved.
  • the above encryption algorithm and integrity algorithm may be executed independently or together.
  • the permission control request message carrying the encryption algorithm set information and the integrity algorithm set information may be that the same message carries two kinds of algorithm set information, or may be separately sent two messages respectively.
  • the license content that needs to be licensed to implement the device is determined from the loading file, and then the determined license content is determined by using the format of the message.
  • the transmission to the license implementation device does not require sending a large amount of redundant information compared to the technical solution of the prior art distribution license file, so the effective information ratio is high, the transmission efficiency is improved, and the occupation of the transmission resource is reduced.
  • Encryption and integrity processing further protect the security and integrity of the licensed content.
  • FIG. 2 is a schematic flowchart of a license control method according to an embodiment of the present invention. Referring to FIG. 2, the method includes the following steps:
  • the license implementation device receives the license control message sent by the license control center LCC; in this embodiment, since the LCC sends the license content in the form of a license control message, the license implementation device may receive the license control message;
  • the license implementation device obtains the license content that needs to be implemented from the license control message; in this step, the license implementation device may parse the license control message to obtain the license content carried in the message;
  • the license implementation device may be based on The encryption algorithm and/or integrity algorithm supported by the LCC and the license enforcement device performs corresponding decryption and/or integrity verification processing on the encrypted content after the encryption and/or integrity processing to obtain the license content that needs to be implemented.
  • the license implementation device has previously sent the license information supported by itself to the LCC through the license control request message, the LCC has incorporated the support capability of the license implementation device in the process of selecting the license content, correspondingly,
  • the license content carried in the license control message in step 201 can be understood as all the license items supported by the license implementation device.
  • the license implementing device may use all of the license contents carried in the license control message as the license content to be implemented. Of course, you can also select a part of it as a license content that needs to be implemented.
  • the license implementation device may obtain the license item acquired by the LCC from the license control message, and combine the license item information supported by the license implementation device to select an intersection of the two (may be all or part of the intersection). Thereby determining the license content that needs to be implemented.
  • the license implementation device implements the license control according to the licensed content that is required to be implemented.
  • the license implementation device may perform permission control according to the obtained license content that needs to be implemented, for example, perform function control or resource control of the device.
  • the license implementation result may be returned to the LCC after the license control is implemented as needed for the licensed content.
  • the sending and receiving of the licensed content is performed by using the format of the message, which avoids a large amount of redundant information compared to the technical solution of the prior art distributing the license file.
  • the transmission and reception therefore, the proportion of effective information is higher, the transmission efficiency is improved, and the occupation of transmission resources is reduced.
  • the license content is encrypted and integrity processed on the LCC side, the license content can be decrypted and integrity verified on the license enforcement device side, thus further protecting the security and integrity of the licensed content.
  • Embodiment 1 and Embodiment 2 can be periodically executed, and the L i cense content is updated in time to meet the requirements of real-time performance of the system.
  • the solutions of the first embodiment and the second embodiment described above are described by only one license implementation device. It is worth noting that in the actual scenario, the licensed implementation equipment may be massive and the distribution is relatively scattered. Embodiment 3 In an actual network, there are many license implementation devices, such as base station devices.
  • miniaturized access devices can be implemented as license implementation devices, such as Universal Mobile Telecommunications System (UMTS, Access Point), global Mobile System (GSM, Global System for Mobile communication) AP, GSM (Pico) device, Long Term Evolution (LTE), LTE Pico, Code Diviation Multiple Access (C-Division) AP, CDMA pico, Worldwide Interoperability for Microwave Access (wimax, AP, wimax pico, etc.).
  • UMTS Universal Mobile Telecommunications System
  • GSM Global System for Mobile communication
  • GSM Global System for Mobile communication
  • LTE Long Term Evolution
  • LTE Pico Long Term Evolution
  • CDMA pico Code Diviation Multiple Access
  • Wimax pico Worldwide Interoperability for Microwave Access
  • the embodiment of the present invention provides a method for granting control.
  • the license implementation device is a medical TS AP
  • the LCC module is deployed in an AP Home Register (AHR, AP Home Register), that is, the AHR is used as the LCC.
  • the license is controlled by the medical TS AP.
  • FIG. 3 is a flowchart of signaling interaction of a license control method according to an embodiment of the present invention. As shown in FIG. 3, the method includes:
  • the LCC decrypts, loads, and parses the obtained license file.
  • the LCC obtains the license file first.
  • the method can be obtained from the license production center.
  • the license production center creates a license file for the LCC and sends it to the LCC.
  • the steps to obtain a license file are not necessarily performed each time. For example, you can save it once and save it for later use. Of course, it is also possible to execute the license control once each time.
  • the license file is encrypted, and the LCC needs to decrypt the license file first, and then the decrypted license file is loaded into the LCC device.
  • the license file may have a lot of information, such as file format information, control information, etc., where the control information represents a license item.
  • the LCC parses the loaded license file to obtain the license item sent by the license production center to the LCC, that is, the license item obtained by the LCC.
  • the license items acquired by the LCC are: A: uplink IP packet multiplexing, B: downlink receiving function, C: PS downlink rate maximum, D: PS uplink rate maximum.
  • a and B can be understood as function licenses
  • C and D can be understood as resource licenses.
  • the AP sends a license control request message to the LCC.
  • the AP actively requests the license control from the LCC. Specifically, in this step, the AP may send a Li cense control request message to the LCC, and the Li cense control request message may carry one or a combination of the following information: the license item information supported by the AP (ie, the capability to support Li cense), the AP Supported encryption algorithm set information, integrity algorithm set information supported in the AP.
  • the license item information supported by the AP may be embodied in the form of a function list, and the license item information may indicate the license control capability that the LCC can implement, and the license content that is not in the list, even if sent to the AP, the AP also Can't achieve it.
  • the information of the Li cense item supported by the AP that is sent to the LCC is (C, D, E, F), which are: C: the maximum downlink rate of the PS, the maximum value of the uplink rate of the D: Maximum number of admitted users, and F: Local Iur function.
  • the encryption algorithm set information supported by the AP embodies the encryption algorithm that the AP can support, and can be used as the basis for selecting the encryption algorithm by the LCC.
  • the integrity algorithm set information supported by the AP reflects the integrity algorithm supported by the AP and can be used as the basis for the LCC selection integrity algorithm. In the embodiment of the present invention, the following three kinds of information are carried in the Li cense control request message as an example for description.
  • the LCC determines the license content according to the license control request message, and performs encryption and integrity processing.
  • the LCC may take two pieces of license information (C, D, E, F) supported by the AP carried by the Li cense control request message, and the license item information (A, B, C, D) obtained by the LCC, and take two The intersection (C, D) is the license content that needs to be implemented by the AP.
  • the license content may be encrypted and integrity processed before being sent to the AP.
  • the algorithm used for encryption and integrity processing can be dynamically negotiated. Specifically: Since the LCC has learned the encryption algorithm and integrity algorithm supported by the AP according to the Li cense control request message, the LCC can support itself according to its own support. The encryption algorithm and the integrity algorithm select the encryption algorithm and the integrity algorithm supported by both to encrypt and integrity the licensed content. Alternatively, the encryption and integrity processing of this step can also use the default encryption algorithm and integrity algorithm. The default algorithm can be used if there is no result of negotiation or the negotiation is unsuccessful, or it can be used directly. Of course, if the default algorithm is used directly, the LI cense control request message sent by the AP to the LCC may not carry the algorithm set information.
  • the LCC returns a Li cense control response message to the AP.
  • the Li cense control response message is a license content that carries the required AP implementation. License control message.
  • the Li cense control response message includes: an encryption algorithm identifier and an integrity algorithm identifier selected by the LCC; and a license content implemented by the AP, which has been processed by a selected or default encryption algorithm and an integrity algorithm.
  • the AP performs Li cense control according to the information in the Li cense control response message.
  • the AP selects the encryption algorithm identifier in the Li cense control response message, and selects a corresponding decryption algorithm to decrypt the encrypted license content.
  • the AP selects a corresponding integrity verification algorithm according to the integrity algorithm identifier in the Li cense control response message, and performs integrity verification on the integrity content of the integrity processing. If the data can pass the integrity verification, the AP can be used as the content of the AP implementation license.
  • the license content obtained after the decryption and integrity verification in this step is: (C, D), where C is the maximum downlink rate of the PS and D is the maximum value of the uplink rate of the PS. , License control is performed on the corresponding resources of the AP device.
  • the AP feeds back the result of the Li cense implementation to the LCC.
  • the result of the Li cense implementation can be sent to the LCC.
  • the transmission and reception of the license content is performed using the format of the message, and the license content is the control information which is really useful in the license file, that is, the license item information.
  • the license content is the control information which is really useful in the license file, that is, the license item information.
  • the AP actively sends a request message to the LCC, and the request message carries the license item information, the encryption algorithm, and the integrity algorithm information supported by the AP, and the license function negotiation can be completed in advance to ensure that the license content sent to the AP can be implemented. And; can be completed in advance
  • the algorithm negotiates and processes it using an algorithm supported by both parties.
  • the AP actively sends a license request, which can be processed according to the actual situation of the specific AP.
  • the license control is more targeted and improves the efficiency of the license control.
  • Embodiment 4 the encryption and integrity processing of the licensed content guarantees the privacy and integrity of the licensed content (ie, truly useful control messages) during delivery.
  • the embodiment of the present invention provides a method for granting control.
  • the L i cense implementation device is a medical TS AP
  • the LCC module is deployed to the AHR, that is, the AHR is used as the LCC device.
  • the LCC actively issues a license item
  • the AP selects a license item supported by the AP according to its own support capability to implement Li cense control.
  • FIG. 4 is a flowchart of signaling interaction of a license control method according to an embodiment of the present invention. As shown in FIG. 4, the method includes:
  • the LCC decrypts, loads, and parses the obtained L i cense file.
  • the license items obtained by LCC are also set to (A, B, C, D), specifically, A: uplink IP packet multiplexing, B: downlink receiving function, C: PS downlink rate maximum, D: PS uplink The maximum rate.
  • the LCC determines the license content, and performs encryption and integrity processing
  • the LCC since the LCC does not know the license item information supported by the AP, the LCC can automatically select the license item acquired by the LCC.
  • the specific process may be: After the LCC obtains the license items (A, B, C, D) obtained by the LCC, part or all of the license items acquired by the LCC may be selected as the license content required for the AP implementation. This embodiment assumes that the LCC uses (A, B, C, D) as the permitted contents.
  • the license content may be encrypted and integrity processed before being sent to the AP.
  • the algorithm used in the encryption and integrity processing may be determined by dynamic negotiation before the content of the license is sent, or the integrity algorithm supported by the LCC and the AP, that is, the default integrity algorithm, may be specified in a static manner. It can be understood that the steps of determining the algorithm are not necessarily performed every time, and there is no necessary context with step 401, as long as the algorithm is determined before the encryption and integrity processing. 403.
  • the LCC sends a L i cense control indication message to the AP.
  • the L i cens e control indication message is a permission control message carrying the licensed content required to be implemented by the AP.
  • the L i cense control indication message includes: a license content that needs to be implemented by the AP.
  • the message may further include an encryption algorithm identifier and an integrity algorithm identifier selected by the LCC.
  • the AP has already learned the algorithm to be used before the sending, the AP does not need to carry the LCC selected encryption algorithm identifier and integrity algorithm identifier in the L i cense control indication message.
  • the AP selects a license item and implements L i cense control
  • the AP may first perform decryption and integrity verification processing on the licensed content.
  • the AP needs to select the license items according to the capabilities supported by the AP. Specifically, assuming that the AP supports C and D, but does not support A and B, the selected licenses can be C and D.
  • the AP After the AP selects the license item, it can perform resource control or function control based on this.
  • the result of the L i cense implementation can be sent to the LCC.
  • the transmission and reception of the license content is performed using the format of the message, and the license content is the control information which is really useful in the license file, that is, the license item information.
  • the license content is the control information which is really useful in the license file, that is, the license item information.
  • the LCC actively delivers the license item in the message format, which can reduce the information exchange between the AP and the LCC, save signaling overhead, simplify the process, and improve the processing efficiency.
  • Embodiment 3 and Embodiment 4 are deployed in the AHR by using the LCC module.
  • the implementation is described as an example.
  • a schematic diagram of the connection relationship between the AP and the AHR can be seen in FIG. 5.
  • the access point 504, the access point 505, and the access point 506 are connected to the access point home register AHR50L through a security gateway (SeGW, Security Gateway) 503 and an access gateway (AG, Access Gateway) 502.
  • SeGW Security Gateway
  • AG Access Gateway
  • the LCC module can also be deployed in a small base station management system (Li S, Home NodeB)
  • FIG. 6 is a schematic diagram of the connection relationship between the HMS and the AP. As shown in FIG. 6, the access point 603, the access point 604, and the access point 605 are connected to the small base station management system 601 through the security gateway 602. .
  • the LCC module can also be deployed in the AG.
  • Figure 7 shows an example of the connection relationship between the AG and the AP. As shown in the figure, the access point 703, the access point 704, and the access point 705 are connected to the access gateway 701 through the security gateway 702. Embodiment 5
  • FIG. 8 is a schematic structural diagram of the license control device.
  • the device includes: a parsing module 801, configured to load and parse a license file, to obtain a license item acquired by the license control device; a determining module 802, configured to determine a license content that needs to be licensed to implement the device implementation; and, send
  • the processing module 803 is configured to carry the license content in the license control message and send the content to the license implementation device.
  • the license control device may further include: a receiving module 804, configured to receive a license control request message sent by the license implementation device, where the license control request message is This includes: License information for license implementation device support.
  • the determining module 802 may be configured to: select, according to the license item acquired by the license control device obtained by the parsing module 801, the license item supported by the license implementation device received by the receiving module 804, and select the license content that needs to be licensed to implement the device implementation.
  • the AP sends the license information of the license to the LCC through the license control request message.
  • the license item supported by the AP is (C, D, E, F).
  • the LCC obtains the license item (A, B, C, D), and the determination module 802 can select the intersection (C, D) of the two as the license content required for the AP implementation.
  • C, D the license item supported by the AP
  • E, F the license item supported by the AP
  • the LCC obtains the license item (A, B, C, D)
  • the determination module 802 can select the intersection (C, D) of the two as the license content required for the AP implementation.
  • the determining module 802 For: Selecting part or all of the license items acquired by the license control device obtained from the parsing module 801 as the license content required to implement the device implementation.
  • the license implementation device is an AP and the license control device is an LCC
  • the LCC may select some or all of (A, B, C, D) and send it to the AP.
  • the sending processing module 803 may be specifically implemented by, for example, an algorithm processing unit 8031, configured to encrypt the licensed content by using an encryption algorithm and/or an integrity algorithm supported by the LCC and the license implementing device. Or integrity processing; the sending unit 8032, configured to carry the license content processed by the algorithm processing unit in the license control message to the license implementation device.
  • an algorithm processing unit 8031 configured to encrypt the licensed content by using an encryption algorithm and/or an integrity algorithm supported by the LCC and the license implementing device.
  • integrity processing the sending unit 8032, configured to carry the license content processed by the algorithm processing unit in the license control message to the license implementation device.
  • the admission control device is deployed in the access point home register, or deployed in the small base station management system device, or deployed in the access gateway of the access point system.
  • FIG. 9 is a schematic structural diagram of the license implementation device.
  • the device includes: a receiving module 901, configured to receive a permission control message sent by a license control center LCC, and an obtaining module 902, configured to obtain, from a license control message received by the receiving module, a license content that needs to be implemented;
  • the module 903 is configured to implement the license control according to the license content that needs to be implemented by the acquisition module.
  • the license implementation device may further include: a requesting module 904, configured to send, to the LCC, a license control request message, where the license control request message includes One or a combination of the following information: License item information supported by the license implementation device, encryption algorithm set information supported by the device implementation license, and integrity algorithm set information supported by the device implementation device.
  • the corresponding acquisition module The 902 may be specifically implemented by the following unit, including: a decryption unit 9021, configured to perform corresponding decryption processing on the content that needs to be implemented after the encryption process according to an encryption algorithm supported by the LCC and the license implementation device; and/or, complete
  • the verification unit 9022 is configured to perform corresponding integrity verification processing on the content that needs to be implemented after the integrity processing according to the integrity algorithm supported by the LCC and the license implementation device.
  • FIG. 10 is a schematic structural diagram of the license implementation device.
  • the device includes: a receiving module 1 001, configured to receive a permission control message sent by a license control center LCC; and an acquiring module 1 002, configured to receive from the receiving module
  • the license control message obtains the license content that needs to be implemented;
  • the implementation module 003 is configured to implement the license control according to the license content that needs to be implemented by the acquisition module.
  • the obtaining module 1 002 may be specifically implemented by the following unit: an obtaining unit 1 0021, configured to obtain a license item obtained by the LCC from the permission control message, and a determining unit 1 0022, configured to acquire according to the LCC acquired by the obtaining unit 1 002 1
  • the license item together with the license item information supported by the license implementation device, determines the license content that needs to be implemented.
  • the obtaining unit 1 0021 can be implemented by the above-described decryption unit and integrity verification unit, that is, after the decryption process and the integrity verification process, the LCC acquired license item can be obtained.
  • the license implementation device may further include a reporting unit, configured to report the result of the license implementation to the license control device.
  • a reporting unit configured to report the result of the license implementation to the license control device.
  • the embodiment of the present invention further provides a license implementation system including the license control device and the license implementation device in the foregoing embodiments.
  • the license implementation device may be: a base station or other device that can implement the license, and in the case of an indoor coverage scenario, it may be a miniaturized access device of various standards, such as an AP.
  • the license control device can be an AHR, HMS or AG device that integrates the LCC module. It can be understood that, in the technical solutions of the license control device, the license implementation device, and the license control system provided by the embodiments of the present invention, the content of the message is used for sending and receiving the license content, and the license content is really useful in the license file. Control information, that is, license item information.
  • the license implementation device (such as an AP) actively sends a request message to the LCC, and the request message carries the license item information, the encryption algorithm, and the integrity algorithm information supported by the AP
  • the negotiation of the license function is completed to ensure that the license content sent to the AP is implementable; and the algorithm negotiation can be completed in advance, so as to be processed by an algorithm supported by both parties.
  • the license implementation device actively sends a license request, which can implement corresponding processing according to the actual situation of the specific license implementation device, and the license control is more targeted, and the efficiency of the license control is improved.
  • the LCC actively delivers the license in the message format
  • the information exchange between the license implementation device (such as the AP) and the LCC can be reduced, signaling overhead is saved, the process is simplified, and the processing efficiency is improved.
  • the encryption and integrity processing of the licensed content guarantees the privacy and integrity of the licensed content (ie, truly useful control messages) during delivery.
  • the LCC module can be installed in a variety of network devices, so that the license control device can be implemented in a plurality of network devices, and the operator can be provided with multiple implementations to flexibly respond to specific network scenarios and requirements.
  • the present invention can be implemented by means of software plus a necessary general hardware platform, and of course, can also be through hardware, but in many cases, the former is a better implementation. the way.
  • the technical solution of the present invention which is essential or contributes to the prior art, may be embodied in the form of a software product stored in a storage medium, including a plurality of instructions for making a A computer device (which may be a personal computer, server, or network device, etc.) performs all or part of the steps of the methods described in various embodiments of the present invention.
  • the foregoing storage medium includes: a medium such as a USB flash drive, a removable hard disk, a read only memory (ROM), a random access memory (RAM), a magnetic disk, or an optical disk, which can store program codes.
  • the disclosed systems, devices, and methods may be implemented in other manners without departing from the scope of the present application.
  • the device embodiments described above are merely illustrative.
  • the division of the modules or units is only a logical function division.
  • there may be another division manner for example, multiple units or components may be used. Combined or can be integrated into another system, or some features can be ignored, Or not.
  • the units described as separate components may or may not be physically separated, and the components displayed as the units may or may not be physical units, that is, may be located in one place, or may be distributed to multiple network units. .
  • Some or all of the modules may be selected according to actual needs to achieve the purpose of the solution of the embodiment. Those of ordinary skill in the art can understand and implement without any creative effort.
  • the described systems, devices, and methods, and the schematic diagrams of various embodiments may be combined or integrated with other systems, modules, techniques or methods without departing from the scope of the present application.
  • the mutual coupling or direct coupling or communication connection shown or discussed may be an indirect coupling or communication connection through some interface, device or unit, and may be in electronic, mechanical or other form.

Landscapes

  • Mobile Radio Communication Systems (AREA)
  • Storage Device Security (AREA)

Abstract

The present invention relates to the field of communications technology, and discloses a method, device and system for license control. The method includes: a License Control Center (LCC) loads and analyzes a license file, and the license item acquired by the LCC is obtained; the LCC confirms the license content required to be executed by a license executing device; the LCC sends the license content carried by a license control message to the license executing device. With the technical solution provided by the present invention, the efficiency of license control can be improved.

Description

许可控制的方法、 设备和系统  Method, device and system for license control
本申请要求于 2009 年 12 月 10 日提交中国专利局、 申请号为 200910188858.4, 发明名称为"许可控制的方法、 设备和系统"的中国专利申 请的优先权, 其全部内容通过引用结合在本申请中。 技术领域 本发明涉及通信技术领域, 尤其涉及一种实现许可控制的方法、 设备 和系统。 背景技术 许可 (License)是供应商与运营商对所销售 /购买的产品使用范围进 行授权 /被授权的一种合约形式, 通过 License, 运营商可以获得供应商所 承诺的相应服务。向运营商授权并按照合约进行销售的方法称为按 License 销售; 保证授权合约有效实施的技术称为 License技术。 运营商通过购买 特定的 License, 可灵活选择适合于特定阶段的网络功能和容量, 以最大程 度保护投资。 The present application claims priority to Chinese Patent Application No. 200910188858.4, the entire disclosure of which is hereby incorporated by reference in its entirety in its entirety in in. TECHNICAL FIELD The present invention relates to the field of communications technologies, and in particular, to a method, device, and system for implementing license control. BACKGROUND OF THE INVENTION A license is a form of contract for a supplier/operator to authorize/authorize the range of products sold/purchased. Through the license, the operator can obtain the corresponding service promised by the supplier. The method of authorizing and selling according to the contract is called selling by license; the technology for ensuring the effective implementation of the license is called License technology. By purchasing a specific license, operators can flexibly choose the network functions and capacity that are appropriate for a particular stage to maximize investment protection.
License一般会以一个力口密的 License文件的形式出现, License文件 一般会包含实施 License文件的设备信息, 以便实现设备与 License文件 的绑定。 这样, 一方面保证运营商的 License 不能被他人盗用, 保护运营 商的利益; 另一方面保证 License文件不能被运营商滥用, 保护设备商的 利益。  The license is usually in the form of a license file. The license file usually contains the device information of the license file to bind the device to the license file. In this way, on the one hand, the license of the operator cannot be stolen by others, and the interests of the operator are protected; on the other hand, the license file cannot be abused by the operator to protect the interests of the equipment manufacturer.
目前 License控制方式是通过将相应的 License文件分发到各个设备 中, 以实现设备的功能控制或资源控制。 但是, 采用这种 License控制方 式效率较低。 发明内容 本发明实施例要解决的技术问题是提供一种许可控制的方法、 设备和 系统, 以提高许可控制的效率。 为解决上述技术问题, 本发明的目的是通过以下技术方案实现的: 本发明实施例一方面, 提供了一种许可控制方法, 包括: 许可控制中 心 LCC加载并解析许可文件, 得到所述 LCC获取的许可项, 所述许可项包 括许可内容; LCC确定需要许可实施设备实施的许可内容; LCC将许可内容 携带在许可控制消息中向许可实施设备发送。 Currently, the license control mode is implemented by distributing the corresponding license file to each device to implement function control or resource control. However, the use of this license control method is inefficient. SUMMARY OF THE INVENTION A technical problem to be solved by embodiments of the present invention is to provide a method, device, and system for license control to improve the efficiency of license control. In order to solve the above technical problem, the object of the present invention is achieved by the following technical solutions: In an aspect of the present invention, a license control method is provided, including: the license control center LCC loads and parses a license file, and obtains the LCC acquisition. The license item includes the license content; the LCC determines the license content required to license the implementation of the device; and the LCC carries the license content in the license control message to the license enforcement device.
本发明实施例另一方面, 提供了另外一种许可控制方法, 包括: 许可 实施设备接收许可控制中心 LCC发送的许可控制消息; 许可实施设备从许 可控制消息中获取需要实施的许可内容; 许可实施设备根据需要实施的许 可内容实施许可控制。  In another aspect of the present invention, another license control method is provided, including: the license implementation device receives a license control message sent by the license control center LCC; the license implementation device acquires the license content that needs to be implemented from the license control message; The device implements license control based on the licensed content that needs to be implemented.
本发明实施例再一方面, 提供了一种许可控制设备, 包括: 解析模块, 用于加载并解析许可文件, 得到所述许可控制设备获取的许可项, 所述许 可项包括许可内容; 确定模块, 用于确定需要许可实施设备实施的许可内 容; 发送处理模块, 用于将许可内容携带在许可控制消息中向许可实施设 备发送。  A further aspect of the embodiments of the present invention provides a license control device, including: a parsing module, configured to load and parse a license file, obtain a license item acquired by the license control device, where the license item includes a license content; And a sending processing module, configured to carry the licensed content in the license control message and send the license content to the license implementing device.
本发明实施例又一方面, 提供了一种许可实施设备, 包括: 接收模块, 用于接收许可控制中心 LCC发送的许可控制消息; 获取模块, 用于从接收 模块接收的许可控制消息中获取需要实施的许可内容; 实施模块, 用于根 据获取模块获取的需要实施的许可内容实施许可控制。  According to still another aspect of the embodiments of the present invention, a license implementation apparatus is provided, including: a receiving module, configured to receive a permission control message sent by a license control center LCC; and an acquiring module, configured to acquire a requirement from a license control message received by the receiving module The license content of the implementation; the implementation module, configured to implement the license control according to the license content that needs to be implemented by the acquisition module.
本发明实施例再一方面, 提供了一种许可控制系统, 包括: 前述的许 可控制设备, 以及, 前述的许可实施设备。  According to still another aspect of the present invention, a license control system is provided, comprising: the foregoing license control device, and the foregoing license implementation device.
由以上技术方案可以看出, 由于可以从加载文件中获取需要许可实施 设备实施的许可内容, 再使用消息的格式将需要实施设备实施的许可内容 发送到许可实施设备, 相比现有技术分发许可文件的技术方案, 不需要发 送大量的冗余信息, 因此有效信息比例较高, 提高了发送效率, 降低了对 传输资源的占用。 附图说明 为了更清楚地说明本发明实施例或现有技术中的技术方案, 下面将对 实施例或现有技术描述中所需要使用的附图作简单地介绍, 显而易见地, 下面描述中的附图仅仅是本发明的一些实施例, 对于本领域普通技术人员 来讲, 在不付出创造性劳动性的前提下, 还可以根据这些附图获得其他的 附图。 It can be seen from the above technical solution that since the license content required to implement the device implementation can be obtained from the loading file, the license content required to implement the device implementation is sent to the license implementation device using the format of the message, compared to the prior art distribution license. The technical solution of the file does not need to send a large amount of redundant information, so the effective information ratio is high, the transmission efficiency is improved, and the occupation of transmission resources is reduced. BRIEF DESCRIPTION OF THE DRAWINGS In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings to be used in the embodiments or the description of the prior art will be briefly described below, and obviously, in the following description The drawings are only some embodiments of the invention, which will be apparent to those of ordinary skill in the art In other words, other drawings can be obtained based on these drawings without paying for creative labor.
图 1是本发明实施例一种许可控制方法流程图;  1 is a flow chart of a license control method according to an embodiment of the present invention;
图 2是本发明实施例一种许可控制方法流程图;  2 is a flow chart of a license control method according to an embodiment of the present invention;
图 3是本发明实施例一种许可控制方法的信令交互流程图;  3 is a flow chart of signaling interaction of a license control method according to an embodiment of the present invention;
图 4是本发明实施例一种许可控制方法的信令交互流程图;  4 is a flow chart of signaling interaction of a license control method according to an embodiment of the present invention;
图 5是本发明实施例中 AP和 AHR的连接关系示意图;  FIG. 5 is a schematic diagram of a connection relationship between an AP and an AHR according to an embodiment of the present invention; FIG.
图 6是本发明实施例中 AP和丽 S的连接关系示意图;  6 is a schematic diagram of a connection relationship between an AP and a MN in the embodiment of the present invention;
图 Ί是本发明实施例中 AP和 AG的连接关系示意图;  Figure Ί is a schematic diagram showing the connection relationship between an AP and an AG in the embodiment of the present invention;
图 8是本发明实施例一种许可控制设备的结构示意图;  8 is a schematic structural diagram of a license control device according to an embodiment of the present invention;
图 9是本发明实施例一种许可实施设备的结构示意图;  9 is a schematic structural diagram of a license implementation device according to an embodiment of the present invention;
图 1 0是本发明实施例一种许可实施设备的结构示意图。 具体实施方式 下面将结合本发明实施例中的附图, 对本发明实施例中的技术方案进 行清楚、 完整地描述, 显然, 所描述的实施例仅仅是本发明一部分实施例, 而不是全部的实施例。 基于本发明中的实施例, 本领域普通技术人员在没 有作出创造性劳动前提下所获得的所有其他实施例, 都属于本发明保护的 范围。  FIG. 10 is a schematic structural diagram of a license implementation device according to an embodiment of the present invention. The technical solutions in the embodiments of the present invention are clearly and completely described in the following with reference to the accompanying drawings in the embodiments of the present invention. It is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. example. All other embodiments obtained by a person of ordinary skill in the art based on the embodiments of the present invention without creative efforts are within the scope of the present invention.
本发明实施例提供了一种实现许可控制的方法、 设备和系统, 可以提 高实现许可控制的效率, 降低对传输资源的占用, 尤其在 L i cens e 实施设 备较多时。 下面将描述多个实施例, 以对本发明实施例的技术方案进行说 明。 值得说明的是, 实施例的编号只是为了描述的方便而使用, 而不作为 实施例之间优劣比对的依据。  The embodiments of the present invention provide a method, a device, and a system for implementing the license control, which can improve the efficiency of implementing the license control and reduce the occupation of the transmission resources, especially when the L i cens e implementation device is large. A plurality of embodiments will be described below to explain the technical solutions of the embodiments of the present invention. It should be noted that the numbers of the embodiments are used for convenience of description only, and are not used as a basis for comparison between the embodiments.
实施例一  Embodiment 1
图 1是本发明实施例提供的一种许可控制方法的流程示意图,参见图 1, 该方法包括如下步骤:  1 is a schematic flowchart of a license control method according to an embodiment of the present invention. Referring to FIG. 1, the method includes the following steps:
1 01:许可控制中心 LCC加载并解析许可文件,得到 LCC获取的许可项; 本实施例中, 可以通过一个许可控制中心 ( L i cens e Con t ro l Cent er , 简称 LCC )对许可文件进行处理。 如果许可文件是加密的, 则可以由 LCC先 对其进行解密处理, 然后加载解密后的许可文件。 如果许可文件之前没有 加密, 则可以直接加载。 之后进行解析, 得到 LCC获取的许可项。 可以理 解的是, 许可项包括许可内容。 1 01: The license control center LCC loads and parses the license file to obtain the license item acquired by the LCC; in this embodiment, it can pass a license control center (L i cens e Con t ro l Cent er , The LCC is referred to as the license file. If the license file is encrypted, it can be decrypted by the LCC first, and then the decrypted license file is loaded. If the license file was not encrypted before, it can be loaded directly. After that, the analysis is performed to obtain the license item acquired by the LCC. It can be understood that the license item includes the license content.
1 02: LCC确定需要许可实施设备实施的许可内容;  1 02: LCC determines the license content required to license the implementation of the device;
本步骤中, LCC可以通过不同的实现方式来确定哪些许可内容是需要发 送给许可实施设备。  In this step, the LCC can determine which license content needs to be sent to the license implementation device through different implementations.
具体的, 该步骤可以有不同的实现方式, 比如:  Specifically, this step can have different implementations, such as:
方式一:  method one:
如果许可实施设备之前上报了该许可实施设备所支持的许可项信息 (可以采用上报许可控制请求消息的方式实现), 则可以结合该许可实施设 备所支持的许可项信息, 以确定需要该许可实施设备实施的许可内容。  If the license implementation device has previously reported the license item information supported by the license implementation device (which can be implemented by reporting the license control request message), the license item information supported by the license implementation device may be combined to determine that the license implementation is required. Licensed content for device implementation.
具体的过程可以是: LCC根据该 LCC获取的许可项, 结合许可实施设备 支持的许可项信息, 确定需要许可实施设备实施的许可内容, 比如, 取两 者的交集, 或者, 取交集内的部分许可项。  The specific process may be: the LCC determines, according to the license item acquired by the LCC, the license item information supported by the license implementation device, and determines the license content required to implement the implementation of the device, for example, the intersection of the two, or the part of the intersection. License item.
方式二:  Method 2:
如果 LCC不知道许可实施设备所支持的许可项信息, 则 LCC可以自主 选择该 LCC获取的许可项, 进而发送给许可实施设备。  If the LCC does not know the license item information supported by the license implementation device, the LCC can independently select the license item acquired by the LCC and send it to the license implementation device.
具体的过程可以为: LCC得到 LCC获取的许可项后, 可以选择 LCC获取 的许可项的部分或全部, 作为需要许可实施设备实施的许可内容。 此种情 况下, 将许可内容发送给许可实施设备后, 可以由许可实施设备再根据自 身的支持能力或自身的需要, 进行再次选择。  The specific process may be: After obtaining the license item acquired by the LCC, the LCC may select part or all of the license items acquired by the LCC as the license content required to implement the implementation of the device. In this case, after the license content is sent to the license implementation device, the license implementation device can perform the reselection according to its own support capability or its own needs.
1 03: 将确定的许可内容携带在许可控制消息中向许可实施设备发送。 本步骤中, 可以将许可内容直接携带在许可控制消息中向许可实施设 备发送。  1 03: The determined license content is carried in the license control message to the license enforcement device. In this step, the license content can be directly carried in the license control message to the license implementation device.
可选的, 基于安全性的考虑, 还可以在发送许可控制消息之前, 对确 定出的许可内容先进行加密处理, 然后将加密处理后的许可内容携带在许 可控制消息中进行发送。  Optionally, based on the security considerations, before the permission control message is sent, the determined license content may be encrypted first, and then the encrypted license content is carried in the license control message for transmission.
而加密处理所采用的加密算法, 可以有多种确定方式。 比如: 1 ) LCC 接收许可实施设备发送的许可控制请求消息, 该许可控制请求消息中包括: 许可实施设备支持的加密算法集合信息。 接收到该许可控制请求消息后,The encryption algorithm used in the encryption process can be determined in various ways. For example: 1) The LCC receives a license control request message sent by the license implementation device, and the license control request message includes: License implementation of the encryption algorithm set information supported by the device. After receiving the license control request message,
LCC就可以从该加密算法集合信息中, 选择该 LCC也支持的加密算法, 作为 所要采用的加密算法。 另外, LCC还可以通过许可控制响应消息的形式, 将 选择的加密算法的标识发送给许可实施设备, 这样, 许可实施设备就可以 据此对接收到的加密后的许可内容进行解密处理。该种方式可以理解为 LCC 与许可实施设备在许可控制过程中协商确定共同支持的加密算法。 又比如: 2 )可以通过静态方式指定 LCC与许可实施设备所共同支持的加密算法, 即 默认加密算法。 方式 2 )可以直接采用, 也可以在协商不成功或者没有协商 结果的情况下采用。 The LCC can select an encryption algorithm supported by the LCC from the encryption algorithm set information as the encryption algorithm to be used. In addition, the LCC may also transmit the identifier of the selected encryption algorithm to the license implementing device in the form of a license control response message, so that the license implementing device may decrypt the received encrypted license content accordingly. This method can be understood as the encryption algorithm that the LCC and the license implementation device negotiate to determine the common support during the license control process. For example: 2) The encryption algorithm supported by the LCC and the license implementation device can be specified statically, that is, the default encryption algorithm. Mode 2) can be adopted directly, or it can be adopted if the negotiation is unsuccessful or there is no negotiation result.
在现有技术中, 由于文件的分发都是在专用网络中, 未考虑安全性问 题但是随着技术的发展, L i cense控制开始在公众网络中使用, L i cense文 件分发过程就变的非常不安全, 容易被拦截破译。 而本发明实施例的技术 方案中, 可以在采用消息格式承载许可内容的基础上, 进一步对许可内容 进行加密处理, 可以确保许可内容在传递过程是私密的, 进一步保护许可 内容的安全性, 尤其是针对目前 L i cens e控制在公众网络中使用的情况, 避免许可内容被轻易的拦截破译。  In the prior art, since the distribution of files is in a private network, security issues are not considered, but as the technology develops, the License control starts to be used in the public network, and the Licens file distribution process becomes very Unsafe, easy to intercept and decipher. In the technical solution of the embodiment of the present invention, the license content may be further encrypted on the basis of using the message format to carry the license content, thereby ensuring that the license content is private during the delivery process, and further protecting the security of the license content, in particular It is aimed at the current use of Licensing in the public network, to avoid the license content being easily intercepted and deciphered.
另一方面, 可选的, 基于数据完整性的考虑, 还可以在发送许可控制 消息之前, 对确定出的许可内容先进行完整性处理, 然后将完整性处理后 的许可内容携带在许可控制消息中进行发送。  On the other hand, optionally, based on the data integrity consideration, the determined permission content may be first processed before the permission control message is sent, and then the integrity processed license content is carried in the permission control message. Send in.
而完整性处理所采用的完整性算法, 可以有多种确定方式。 比如: 1 ) LCC接收许可实施设备发送的许可控制请求消息,该许可控制请求消息中包 括: 许可实施设备支持的完整性算法集合信息。 接收到该许可控制请求消 息后, LCC就可以从该完整性算法集合信息中, 选择该 LCC也支持的完整性 算法, 作为所要采用的完整性算法。 另外, LCC还可以通过许可控制响应消 息的形式, 将选择的完整性算法的标识发送给许可实施设备, 这样, 许可 实施设备就可以据此对接收到的完整性后的许可内容进行完整性验证处 理。 该种方式可以理解为 LCC 与许可实施设备在许可控制过程中协商确定 共同支持的完整性算法。 又比如: 2 )可以通过静态方式指定 LCC与许可实 施设备所共同支持的完整性算法, 即默认完整性算法。 方式 2 )可以直接采 用, 也可以在协商不成功或者没有协商结果的情况下采用。 可以理解的是, 完整性是数据未经授权不能进行改变的特性, 即信息 在存储或传输过程中保持不被修改、 不被破坏和丟失的特性。 通过对许可 内容的完整性处理, 可以降低许可内容在数据传输过程中出现误差的几率, 提高了许可内容传输的准确性。 The integrity algorithm used for integrity processing can be determined in a variety of ways. For example: 1) The LCC receives the license control request message sent by the license implementation device, and the license control request message includes: the integrity algorithm set information supported by the license implementation device. After receiving the permission control request message, the LCC may select an integrity algorithm supported by the LCC from the integrity algorithm set information as the integrity algorithm to be used. In addition, the LCC may also send the identifier of the selected integrity algorithm to the license implementation device in the form of a license control response message, so that the license implementation device can perform integrity verification on the received integrity content after receiving the integrity. deal with. This approach can be understood as the LCC and the license implementation device negotiate to determine the commonly supported integrity algorithm during the license control process. For example: 2) The integrity algorithm supported by the LCC and the license implementation device, that is, the default integrity algorithm, can be specified in a static manner. Mode 2) can be adopted directly, or it can be adopted if the negotiation is unsuccessful or there is no negotiation result. It can be understood that integrity is a feature that data cannot be changed without authorization, that is, information that remains unmodified, uncorrupted, and lost during storage or transmission. Through the integrity processing of the licensed content, the probability of errors in the data transmission process of the licensed content can be reduced, and the accuracy of the transmission of the licensed content is improved.
上述加密算法和完整性算法可以独立执行, 也可以一起执行。 携带加 密算法集合信息和完整性算法集合信息的许可控制请求消息, 可以是同一 个消息携带两种算法集合信息, 也可以是分别发送两个消息分别携带。  The above encryption algorithm and integrity algorithm may be executed independently or together. The permission control request message carrying the encryption algorithm set information and the integrity algorithm set information may be that the same message carries two kinds of algorithm set information, or may be separately sent two messages respectively.
从本发明实施例的技术描述可以看出: 由于本发明实施例提供的许可 控制方法中, 从加载文件中确定出需要许可实施设备实施的许可内容, 进 而使用消息的格式将确定出的许可内容发送到许可实施设备, 相比现有技 术分发许可文件的技术方案而言, 不需要发送大量冗余信息, 因此有效信 息比例较高, 发送效率得到了提高, 降低了对传输资源的占用。 而加密和 完整性处理, 可以进一步保护许可内容的安全性和完整性。 实施例二  It can be seen from the technical description of the embodiment of the present invention that, in the license control method provided by the embodiment of the present invention, the license content that needs to be licensed to implement the device is determined from the loading file, and then the determined license content is determined by using the format of the message. The transmission to the license implementation device does not require sending a large amount of redundant information compared to the technical solution of the prior art distribution license file, so the effective information ratio is high, the transmission efficiency is improved, and the occupation of the transmission resource is reduced. Encryption and integrity processing further protect the security and integrity of the licensed content. Embodiment 2
图 2是本发明实施例提供的一种许可控制方法的流程示意图,参见图 2, 该方法包括如下步骤:  FIG. 2 is a schematic flowchart of a license control method according to an embodiment of the present invention. Referring to FIG. 2, the method includes the following steps:
201: 许可实施设备接收许可控制中心 LCC发送的许可控制消息; 本实施例中, 由于 LCC 以许可控制消息的形式发送许可内容, 许可实 施设备可以接收该许可控制消息;  201: The license implementation device receives the license control message sent by the license control center LCC; in this embodiment, since the LCC sends the license content in the form of a license control message, the license implementation device may receive the license control message;
202: 许可实施设备从许可控制消息中获取需要实施的许可内容; 本步骤中, 许可实施设备可以解析该许可控制消息, 获取该消息中携 带的许可内容;  202: The license implementation device obtains the license content that needs to be implemented from the license control message; in this step, the license implementation device may parse the license control message to obtain the license content carried in the message;
如果需要实施的许可内容为 LCC采用 LCC和许可实施设备所共同支持 的加密算法和 /或完整性算法进行加密和 /或完整性处理后的许可内容, 那 么, 本步骤中, 许可实施设备可以根据 LCC和许可实施设备所共同支持的 加密算法和 /或完整性算法, 对进行加密和 /或完整性处理后的许可内容进 行相应的解密和 /或完整性验证处理, 获得需要实施的许可内容。  If the license content to be implemented is the license content of the encryption and/or integrity processing performed by the LCC using the encryption algorithm and/or integrity algorithm supported by the LCC and the license implementation device, then, in this step, the license implementation device may be based on The encryption algorithm and/or integrity algorithm supported by the LCC and the license enforcement device performs corresponding decryption and/or integrity verification processing on the encrypted content after the encryption and/or integrity processing to obtain the license content that needs to be implemented.
而如何确定加密算法、 完整性算法, 以及相应的解密算法和完整性验 证算法, 可以参见实施例一中的描述, 此处不再赘述。 另一方面, 如果许可实施设备之前已经将自身支持的许可项信息通过 许可控制请求消息发送给 LCC, 那么, LCC在许可内容进行选择的过程中已 经结合了许可实施设备的支持能力, 相应的, 步骤 201 中的许可控制消息 中携带的许可内容, 可以理解为全部都是该许可实施设备所支持的许可项。 此种情况下, 许可实施设备可以将许可控制消息中携带的许可内容的全部 都作为需要实施的许可内容。 当然, 也可以从中选择一部分, 作为需要实 施的许可内容。 反之, 如果在 LCC发送许可控制消息之前并不知道许可实 施设备所支持的许可项, 则 LCC发送的许可控制消息中的许可内容中, 可 能有一部分是该许可实施设备所不支持的。 此种情况下, 许可实施设备可 以从许可控制消息中得到 LCC获取的许可项, 再结合该许可实施设备身所 支持的许可项信息, 选择两者的交集(可以是交集的全部或部分), 从而确 定需要实施的许可内容。 For details on how to determine the encryption algorithm, the integrity algorithm, and the corresponding decryption algorithm and the integrity verification algorithm, refer to the description in the first embodiment, and details are not described herein again. On the other hand, if the license implementation device has previously sent the license information supported by itself to the LCC through the license control request message, the LCC has incorporated the support capability of the license implementation device in the process of selecting the license content, correspondingly, The license content carried in the license control message in step 201 can be understood as all the license items supported by the license implementation device. In this case, the license implementing device may use all of the license contents carried in the license control message as the license content to be implemented. Of course, you can also select a part of it as a license content that needs to be implemented. On the other hand, if the license item supported by the license implementation device is not known before the LCC sends the license control message, a part of the license content in the license control message sent by the LCC may not be supported by the license implementation device. In this case, the license implementation device may obtain the license item acquired by the LCC from the license control message, and combine the license item information supported by the license implementation device to select an intersection of the two (may be all or part of the intersection). Thereby determining the license content that needs to be implemented.
203: 许可实施设备根据获取的需要实施的许可内容实施许可控制。 本步骤中, 许可实施设备可以根据获取的需要实施的许可内容进行许 可控制, 比如, 进行该设备的功能控制或资源控制。  203: The license implementation device implements the license control according to the licensed content that is required to be implemented. In this step, the license implementation device may perform permission control according to the obtained license content that needs to be implemented, for example, perform function control or resource control of the device.
可选的, 在根据需要实施的许可内容实施许可控制之后, 可以向 LCC 返回许可实施结果。  Alternatively, the license implementation result may be returned to the LCC after the license control is implemented as needed for the licensed content.
可以理解的是, 由于本发明实施例提供的许可控制方法中, 使用消息 的格式进行许可内容的发送和接收, 相比现有技术分发许可文件的技术方 案而言, 避免了对大量冗余信息的发送和接收, 因此有效信息比例较高, 发送效率得到了提高, 降低了对传输资源的占用。 如果在 LCC侧对许可内 容进行了加密和完整性处理, 则在许可实施设备侧可以对许可内容进行解 密和完整性验证处理, 这样, 可以进一步保护许可内容的安全性和完整性。  It can be understood that, in the license control method provided by the embodiment of the present invention, the sending and receiving of the licensed content is performed by using the format of the message, which avoids a large amount of redundant information compared to the technical solution of the prior art distributing the license file. The transmission and reception, therefore, the proportion of effective information is higher, the transmission efficiency is improved, and the occupation of transmission resources is reduced. If the license content is encrypted and integrity processed on the LCC side, the license content can be decrypted and integrity verified on the license enforcement device side, thus further protecting the security and integrity of the licensed content.
另外, 上述实施例一和实施例二的方案, 可以周期性执行, 以及时更 新 L i cense内容, 满足系统实时性的要求。  In addition, the solutions of the foregoing Embodiment 1 and Embodiment 2 can be periodically executed, and the L i cense content is updated in time to meet the requirements of real-time performance of the system.
再者, 上述实施例一和实施例二的方案, 仅以一个许可实施设备进行 了说明。 值得说明的是, 实际场景下, 许可实施设备可能是海量的, 而且 分布比较分散。 实施例三 在实际网络中, 许可实施设备有很多种, 比如基站设备。 具体的, 在 室内覆盖场景下, 各种制式的小型化接入设备都可以作为 License 实施设 备,例如:通用移动通讯系统( UMTS, Universal Mobile Telecommunications System)接入点(AP, Access Point )、全球移动通信系统( GSM, Global System for Mobile communication) AP、 GSM 型 ( Pico )设备、 长期演进(LTE, Long Term Evolution) AP、 LTE Pico, 码分多址( C腿, Code Divi s ion Multiple Access ) AP、 CDMA pico, 微波存取全球互通 ( wimax, Worldwide Interoperability for Microwave Access ) AP、 wimax pico等等。 Furthermore, the solutions of the first embodiment and the second embodiment described above are described by only one license implementation device. It is worth noting that in the actual scenario, the licensed implementation equipment may be massive and the distribution is relatively scattered. Embodiment 3 In an actual network, there are many license implementation devices, such as base station devices. Specifically, in an indoor coverage scenario, various types of miniaturized access devices can be implemented as license implementation devices, such as Universal Mobile Telecommunications System (UMTS, Access Point), global Mobile System (GSM, Global System for Mobile communication) AP, GSM (Pico) device, Long Term Evolution (LTE), LTE Pico, Code Diviation Multiple Access (C-Division) AP, CDMA pico, Worldwide Interoperability for Microwave Access (wimax, AP, wimax pico, etc.).
本发明实施例提供了一种许可控制的方法, 该实施例中, License实施 设备为醫 TS AP, LCC模块部署到 AP归属寄存器 ( AHR, AP Home Register ) 中, 即由 AHR作为 LCC。 另外, 该实施例中, 由醫 TS AP主动请求 License 控制。  The embodiment of the present invention provides a method for granting control. In this embodiment, the license implementation device is a medical TS AP, and the LCC module is deployed in an AP Home Register (AHR, AP Home Register), that is, the AHR is used as the LCC. In addition, in this embodiment, the license is controlled by the medical TS AP.
图 3 为本发明实施例提供的许可控制方法的信令交互流程图, 如图 3 所示, 该方法包括:  FIG. 3 is a flowchart of signaling interaction of a license control method according to an embodiment of the present invention. As shown in FIG. 3, the method includes:
301、 LCC解密、 加载并解析获取的 License文件;  301. The LCC decrypts, loads, and parses the obtained license file.
本步骤中, LCC首先获取 License文件,获取的方法可以为:从 License 制作中心获取, 具体的, License制作中心为 LCC制作好 License文件后, 发送给 LCC。 获取 License文件的步骤不一定每次都要执行, 比如, 可以获 取一次后予以保存, 供后续使用。 当然, 也可以每次执行 License控制都 执行一次。  In this step, the LCC obtains the license file first. The method can be obtained from the license production center. Specifically, the license production center creates a license file for the LCC and sends it to the LCC. The steps to obtain a license file are not necessarily performed each time. For example, you can save it once and save it for later use. Of course, it is also possible to execute the license control once each time.
另外, 本实施例中 支设 License 文件是加密的, 则 LCC 需要先对该 License文件进行解密, 之后将解密后的 License文件加载到 LCC设备上。 其中, 该 License文件可以有很多信息, 比如文件格式信息、 控制信息等, 其中, 控制信息代表了许可项。 LCC 解析加载的许可文件, 就可以得到 License制作中心发送给 LCC的许可项, 即 LCC获取的许可项, 比如, LCC 获取的许可项为: A: 上行 IP包复用, B: 下行接收功能, C: PS下行速率 最大值, D: PS上行速率最大值。 其中, A和 B可以理解为功能许可, C和 D可以理解为资源许可。  In addition, in this embodiment, the license file is encrypted, and the LCC needs to decrypt the license file first, and then the decrypted license file is loaded into the LCC device. The license file may have a lot of information, such as file format information, control information, etc., where the control information represents a license item. The LCC parses the loaded license file to obtain the license item sent by the license production center to the LCC, that is, the license item obtained by the LCC. For example, the license items acquired by the LCC are: A: uplink IP packet multiplexing, B: downlink receiving function, C: PS downlink rate maximum, D: PS uplink rate maximum. Among them, A and B can be understood as function licenses, and C and D can be understood as resource licenses.
302、 AP向 LCC发送 License控制请求消息。  302. The AP sends a license control request message to the LCC.
本实施例中, AP主动向 LCC请求 License控制。 具体到本步骤中, AP可以向 LCC发送 Li cense控制请求消息, Li cense 控制请求消息中可以携带如下信息之一或其组合: AP 自身支持的许可项信 息 (即支持 Li cense的能力), AP支持的加密算法集合信息, AP中支持的 完整性算法集合信息。 In this embodiment, the AP actively requests the license control from the LCC. Specifically, in this step, the AP may send a Li cense control request message to the LCC, and the Li cense control request message may carry one or a combination of the following information: the license item information supported by the AP (ie, the capability to support Li cense), the AP Supported encryption algorithm set information, integrity algorithm set information supported in the AP.
其中, AP 自身支持的许可项信息可以以功能列表的形式体现, 该许可 项信息可以指示 LCC该 AP所能实现的许可控制能力, 不在该列表范围内的 许可内容, 即使发送给 AP, AP也不能实现。 本实施例中, 支设发给 LCC的 AP支持的 Li cense项信息为 (C, D, E, F ), 分别是: C: PS下行速率最大 值, D: PS上行速率最大值, E: 准入用户数最大值, 和 F: 本地 Iur功能。  The license item information supported by the AP may be embodied in the form of a function list, and the license item information may indicate the license control capability that the LCC can implement, and the license content that is not in the list, even if sent to the AP, the AP also Can't achieve it. In this embodiment, the information of the Li cense item supported by the AP that is sent to the LCC is (C, D, E, F), which are: C: the maximum downlink rate of the PS, the maximum value of the uplink rate of the D: Maximum number of admitted users, and F: Local Iur function.
另外, AP支持的加密算法集合信息体现了 AP所能支持的加密算法, 可 以作为 LCC选择加密算法的依据。 AP支持的完整性算法集合信息体现了 AP 能支持的完整性算法, 可以作为 LCC选择完整性算法的依据。 本发明实施 例中, 以该 Li cense控制请求消息中同时携带上述三种信息为例进行说明。  In addition, the encryption algorithm set information supported by the AP embodies the encryption algorithm that the AP can support, and can be used as the basis for selecting the encryption algorithm by the LCC. The integrity algorithm set information supported by the AP reflects the integrity algorithm supported by the AP and can be used as the basis for the LCC selection integrity algorithm. In the embodiment of the present invention, the following three kinds of information are carried in the Li cense control request message as an example for description.
303、 LCC根据 License控制请求消息, 确定许可内容, 并进行加密和 完整性处理;  303. The LCC determines the license content according to the license control request message, and performs encryption and integrity processing.
本步骤中, LCC可以根据 Li cense控制请求消息携带的 AP 自身支持的 许可项信息 (C, D, E, F ), 以及 LCC获取的许可项信息 (A, B, C, D ), 取两者交集(C, D )作为需要 AP实施的许可内容。  In this step, the LCC may take two pieces of license information (C, D, E, F) supported by the AP carried by the Li cense control request message, and the license item information (A, B, C, D) obtained by the LCC, and take two The intersection (C, D) is the license content that needs to be implemented by the AP.
在将该许可内容发送给 AP之前, 可以先对该许可内容进行加密和完整 性处理。  The license content may be encrypted and integrity processed before being sent to the AP.
而加密和完整性处理所采用的算法, 可以采用动态协商的方式, 具体 的: 由于 LCC已经根据 Li cense控制请求消息获知了 AP支持的加密算法和 完整性算法, 所以, LCC可以再根据自身支持的加密算法和完整性算法, 选 择两者共同支持的加密算法和完整性算法, 对许可内容进行加密和完整性 处理。 或者, 本步骤的加密和完整性处理, 也可以使用默认加密算法和完 整性算法。 采用默认算法, 可以在协商没有结果或者协商不成功的情况下 使用,也可以直接使用。 当然,如果是直接使用默认算法, 则 AP发送给 LCC 的 Li cense控制请求消息中就可以不携带算法集合信息。  The algorithm used for encryption and integrity processing can be dynamically negotiated. Specifically: Since the LCC has learned the encryption algorithm and integrity algorithm supported by the AP according to the Li cense control request message, the LCC can support itself according to its own support. The encryption algorithm and the integrity algorithm select the encryption algorithm and the integrity algorithm supported by both to encrypt and integrity the licensed content. Alternatively, the encryption and integrity processing of this step can also use the default encryption algorithm and integrity algorithm. The default algorithm can be used if there is no result of negotiation or the negotiation is unsuccessful, or it can be used directly. Of course, if the default algorithm is used directly, the LI cense control request message sent by the AP to the LCC may not carry the algorithm set information.
304、 LCC向 AP返回 Li cense控制响应消息;  304. The LCC returns a Li cense control response message to the AP.
该实施例中, Li cense控制响应消息即为携带需要 AP实施的许可内容 的许可控制消息。 In this embodiment, the Li cense control response message is a license content that carries the required AP implementation. License control message.
Li cense控制响应消息中包括: LCC选择的加密算法标识和完整性算法 标识; 需要 AP实施的许可内容, 这些许可内容已经经过了选择的或默认的 加密算法和完整性算法的处理。  The Li cense control response message includes: an encryption algorithm identifier and an integrity algorithm identifier selected by the LCC; and a license content implemented by the AP, which has been processed by a selected or default encryption algorithm and an integrity algorithm.
305、 AP根据 Li cense控制响应消息中的信息, 实施 Li cense控制; 本步骤中, AP才艮据 Li cense控制响应消息中的加密算法标识, 选择相 应的解密算法对加密的许可内容进行解密; AP根据 Li cense控制响应消息 中的完整性算法标识, 选择相应完整性验证算法, 对完整性处理的许可内 容进行完整性验证, 如果数据能够通过完整性验证, 则可以作为 AP实施许 可的内容。  305. The AP performs Li cense control according to the information in the Li cense control response message. In this step, the AP selects the encryption algorithm identifier in the Li cense control response message, and selects a corresponding decryption algorithm to decrypt the encrypted license content. The AP selects a corresponding integrity verification algorithm according to the integrity algorithm identifier in the Li cense control response message, and performs integrity verification on the integrity content of the integrity processing. If the data can pass the integrity verification, the AP can be used as the content of the AP implementation license.
H没本步骤中经过解密和完整性验证后得到的许可内容为: (C, D ), 其中, C 为 PS下行速率最大值, D为 PS上行速率最大值, 则 AP可以才艮据 许可内容, 对本 AP设备的相应资源进行许可控制。  The license content obtained after the decryption and integrity verification in this step is: (C, D), where C is the maximum downlink rate of the PS and D is the maximum value of the uplink rate of the PS. , License control is performed on the corresponding resources of the AP device.
306、 AP将 Li cense实施结果反馈给 LCC。  306. The AP feeds back the result of the Li cense implementation to the LCC.
可选的, 在 AP实施了 Li cense控制之后, 可以把 Li cense实施的结果 上才艮给 LCC。  Optionally, after the Li cense control is implemented on the AP, the result of the Li cense implementation can be sent to the LCC.
可以理解的是, 由于本发明实施例提供的许可控制方法中, 使用消息 的格式进行许可内容的发送和接收, 而许可内容是许可文件中真正有用的 控制信息, 即许可项信息。 相比现有技术分发许可文件的技术方案而言, 避免了对大量冗余信息 (比如文件格式信息, 以及其他无关信息等) 的发 送和接收, 因此有效信息比例较高, 发送效率得到了提高, 降低了对传输 资源的占用。 比如, 现有技术中, 在控制信息较少时, 文件格式信息也不 会减少,相应效率也就更低。且随着技术的发展,处于同一个系统的 Li cense 实施设备也越来越多, Li cense 实施设备越多, 发送效率会越低。 针对 AP 场景, 由于 AP的数量非常多, 而且分布比较分散, 本发明实施例提供的方 案的优势就更为明显, 可以对大量分布在用户家庭的 AP 进行批量远程 Li cense控制, 不用上门就可以开启或关闭某些功能, 降低了维护成本。  It can be understood that, in the license control method provided by the embodiment of the present invention, the transmission and reception of the license content is performed using the format of the message, and the license content is the control information which is really useful in the license file, that is, the license item information. Compared with the technical solutions for distributing license files in the prior art, transmission and reception of a large amount of redundant information (such as file format information and other irrelevant information) are avoided, so that the effective information ratio is high and the transmission efficiency is improved. , reducing the occupation of transmission resources. For example, in the prior art, when the control information is small, the file format information is not reduced, and the corresponding efficiency is lower. With the development of technology, there are more and more Li cense implementation devices in the same system. The more devices implemented by Li Cense, the lower the transmission efficiency. For the AP scenario, because the number of APs is very large, and the distribution is relatively scattered, the advantages of the solution provided by the embodiment of the present invention are more obvious, and batch remote Licens control can be performed on a large number of APs distributed in the user's home, without going to the door. Turning certain features on or off reduces maintenance costs.
而且, 采用 AP主动向 LCC发送请求消息, 在请求消息中携带 AP支持 的许可项信息、 加密算法和完整性算法信息, 可以事先完成许可功能的协 商, 以确保发送给 AP的许可内容是可以实施的; 以及, 可以事先可以完成 算法协商, 从而采用双方都支持的算法进行处理。 总体上, 采用 AP主动发 送许可请求的方式, 可以实现根据特定 AP的实际情况进行相应处理, 许可 控制的针对性更强, 提高了许可控制的效率。 Moreover, the AP actively sends a request message to the LCC, and the request message carries the license item information, the encryption algorithm, and the integrity algorithm information supported by the AP, and the license function negotiation can be completed in advance to ensure that the license content sent to the AP can be implemented. And; can be completed in advance The algorithm negotiates and processes it using an algorithm supported by both parties. In general, the AP actively sends a license request, which can be processed according to the actual situation of the specific AP. The license control is more targeted and improves the efficiency of the license control.
另外, 对许可内容进行的加密和完整性处理, 可以保证许可内容(即 真正有用的控制消息)在传递过程中的私密性和完整性。 实施例四  In addition, the encryption and integrity processing of the licensed content guarantees the privacy and integrity of the licensed content (ie, truly useful control messages) during delivery. Embodiment 4
本发明实施例提供了一种许可控制的方法, 该实施例中, L i cense实施 设备为醫 TS AP, LCC模块部署到 AHR中, 即由 AHR作为 LCC设备。 另夕卜, 该实施例中, 由 LCC主动下发许可项, 由 AP根据自己的支持能力选择自身 支持的许可项, 以实现 Li cense控制。  The embodiment of the present invention provides a method for granting control. In this embodiment, the L i cense implementation device is a medical TS AP, and the LCC module is deployed to the AHR, that is, the AHR is used as the LCC device. In addition, in this embodiment, the LCC actively issues a license item, and the AP selects a license item supported by the AP according to its own support capability to implement Li cense control.
图 4 为本发明实施例提供的许可控制方法的信令交互流程图, 如图 4 所示, 该方法包括:  FIG. 4 is a flowchart of signaling interaction of a license control method according to an embodiment of the present invention. As shown in FIG. 4, the method includes:
401、 LCC解密、 加载并解析获取的 L i cense文件;  401. The LCC decrypts, loads, and parses the obtained L i cense file.
本步骤与步骤 301类似, 不再详细描述。 另外, 同样支设 LCC获取的 许可项为 (A, B, C, D ), 具体的, A: 上行 IP包复用, B: 下行接收功能, C: PS下行速率最大值, D: PS上行速率最大值。  This step is similar to step 301 and will not be described in detail. In addition, the license items obtained by LCC are also set to (A, B, C, D), specifically, A: uplink IP packet multiplexing, B: downlink receiving function, C: PS downlink rate maximum, D: PS uplink The maximum rate.
402、 LCC确定许可内容, 并进行加密和完整性处理;  402. The LCC determines the license content, and performs encryption and integrity processing;
本实施例中, 由于 LCC不知道 AP所支持的许可项信息, 则 LCC可以自 主选择该 LCC获取的许可项。 具体的过程可以为: LCC得到 LCC获取的许可 项 (A, B, C, D )后, 可以选择 LCC获取的许可项的部分或全部, 作为需 要 AP实施的许可内容。 本实施例假设 LCC将(A, B, C, D )都作为许可内 容。  In this embodiment, since the LCC does not know the license item information supported by the AP, the LCC can automatically select the license item acquired by the LCC. The specific process may be: After the LCC obtains the license items (A, B, C, D) obtained by the LCC, part or all of the license items acquired by the LCC may be selected as the license content required for the AP implementation. This embodiment assumes that the LCC uses (A, B, C, D) as the permitted contents.
另外, 在将该许可内容发送给 AP之前, 可以先对该许可内容进行加密 和完整性处理。  In addition, the license content may be encrypted and integrity processed before being sent to the AP.
而加密和完整性处理所采用的算法, 可以在发送许可内容之前, 采用 动态协商的方式确定, 或者, 通过静态方式指定 LCC与 AP所共同支持的完 整性算法, 即默认完整性算法。 可以理解的是, 确定算法的步骤不一定每 次都执行, 且和步骤 401 没有必然的前后关系, 只要在加密和完整性处理 之前确定好算法即可。 403、 LCC向 AP发送 L i cense控制指示消息; The algorithm used in the encryption and integrity processing may be determined by dynamic negotiation before the content of the license is sent, or the integrity algorithm supported by the LCC and the AP, that is, the default integrity algorithm, may be specified in a static manner. It can be understood that the steps of determining the algorithm are not necessarily performed every time, and there is no necessary context with step 401, as long as the algorithm is determined before the encryption and integrity processing. 403. The LCC sends a L i cense control indication message to the AP.
该实施例中, L i cens e控制指示消息即为携带需要 AP实施的许可内容 的许可控制消息。  In this embodiment, the L i cens e control indication message is a permission control message carrying the licensed content required to be implemented by the AP.
L i cense控制指示消息中包括: 需要 AP实施的许可内容。  The L i cense control indication message includes: a license content that needs to be implemented by the AP.
如果采用动态协商加密算法和完整性算法的方式, 则该消息中还可以 包括 LCC选择的加密算法标识和完整性算法标识。 当然, 如果是在发送之 前就通过信令交互, AP 已经知道需要采用的算法, 则不需要在该 L i cense 控制指示消息中携带 LCC选择的加密算法标识和完整性算法标识。  If the method of dynamically negotiating the encryption algorithm and the integrity algorithm is adopted, the message may further include an encryption algorithm identifier and an integrity algorithm identifier selected by the LCC. Of course, if the AP has already learned the algorithm to be used before the sending, the AP does not need to carry the LCC selected encryption algorithm identifier and integrity algorithm identifier in the L i cense control indication message.
404、 AP选择许可项, 并实施 L i cense控制;  404. The AP selects a license item and implements L i cense control;
本步骤中, AP 可以先对许可内容进行解密和完整性验证处理, 具体过 程可参见前一个实施例。 值得说明的是, 由于 LCC发送过来的许可项不一 定是 AP所支持的, 所以, 在本步骤中, AP需要根据自身支持的能力, 从中 选择许可项。 具体的, 假设 AP支持 C和 D, 但不支持 A和 B, 则选择后的 许可项可以为 C和 D。  In this step, the AP may first perform decryption and integrity verification processing on the licensed content. For the specific process, refer to the previous embodiment. It is worth noting that since the licenses sent by the LCC are not necessarily supported by the AP, in this step, the AP needs to select the license items according to the capabilities supported by the AP. Specifically, assuming that the AP supports C and D, but does not support A and B, the selected licenses can be C and D.
AP选择出许可项之后, 可以据此进行资源控制或功能控制。  After the AP selects the license item, it can perform resource control or function control based on this.
405、 AP将 L i cense实施结果反馈给 LCC。  405. The AP feeds back the L i cense implementation result to the LCC.
可选的, 在 AP实施了 L i cense控制之后, 可以把 L i cense实施的结果 上才艮给 LCC。  Optionally, after the AP implements the L i cense control, the result of the L i cense implementation can be sent to the LCC.
可以理解的是, 由于本发明实施例提供的许可控制方法中, 使用消息 的格式进行许可内容的发送和接收, 而许可内容是许可文件中真正有用的 控制信息, 即许可项信息。 相比现有技术分发许可文件的技术方案而言, 避免了对大量冗余信息 (比如文件格式信息, 以及其他无关信息等) 的发 送和接收, 因此有效信息比例较高, 发送效率得到了提高, 降低了对传输 资源的占用。  It can be understood that, in the license control method provided by the embodiment of the present invention, the transmission and reception of the license content is performed using the format of the message, and the license content is the control information which is really useful in the license file, that is, the license item information. Compared with the technical solutions for distributing license files in the prior art, transmission and reception of a large amount of redundant information (such as file format information and other irrelevant information) are avoided, so that the effective information ratio is high and the transmission efficiency is improved. , reducing the occupation of transmission resources.
而且,采用 LCC主动以消息格式下发许可项的方案,可以减少 AP和 LCC 的信息交互, 节省信令开销, 简化流程, 提高处理效率。  Moreover, the LCC actively delivers the license item in the message format, which can reduce the information exchange between the AP and the LCC, save signaling overhead, simplify the process, and improve the processing efficiency.
另外, 对许可内容进行的加密和完整性处理, 可以保证许可内容(即 真正有用的控制消息)在传递过程中的私密性和完整性。 值得说明的是, 上述实施例三和实施例四, 以 LCC模块部署到 AHR中 实现为例进行了说明, AP和 AHR的连接关系示意图可参见图 5。 如图 5所 示, 接入点 504、 接入点 505、 接入点 506通过安全网关( SeGW, Security Gateway ) 503、 接入网关 (AG, Access Gateway ) 502连接到接入点归属寄 存器 AHR50L In addition, the encryption and integrity processing of the licensed content ensures the privacy and integrity of the licensed content (ie, truly useful control messages) during delivery. It should be noted that the foregoing Embodiment 3 and Embodiment 4 are deployed in the AHR by using the LCC module. The implementation is described as an example. A schematic diagram of the connection relationship between the AP and the AHR can be seen in FIG. 5. As shown in FIG. 5, the access point 504, the access point 505, and the access point 506 are connected to the access point home register AHR50L through a security gateway (SeGW, Security Gateway) 503 and an access gateway (AG, Access Gateway) 502.
另外, LCC 模块也可以部署在小基站管理系统 (丽 S, Home NodeB In addition, the LCC module can also be deployed in a small base station management system (Li S, Home NodeB)
Management System)设备上, 图 6为 HMS与 AP之间的连接关系示意图, 如图 6所示, 接入点 603、 接入点 604、 接入点 605通过安全网关 602连接 到小基站管理系统 601。 On the management system, FIG. 6 is a schematic diagram of the connection relationship between the HMS and the AP. As shown in FIG. 6, the access point 603, the access point 604, and the access point 605 are connected to the small base station management system 601 through the security gateway 602. .
或者, LCC模块也可以部署在 AG中, 图 7为 AG与 AP之间的连接关系 示例。如图 Ί所示,接入点 703、接入点 704、接入点 705通过安全网关 702 连接到接入网关 701。 实施例五  Alternatively, the LCC module can also be deployed in the AG. Figure 7 shows an example of the connection relationship between the AG and the AP. As shown in the figure, the access point 703, the access point 704, and the access point 705 are connected to the access gateway 701 through the security gateway 702. Embodiment 5
本发明实施例还提供了一种许可控制设备, 图 8 是该许可控制设备的 结构示意图。 如图 8所示, 该设备包括: 解析模块 801, 用于加载并解析许 可文件, 得到许可控制设备获取的许可项; 确定模块 802, 用于确定需要许 可实施设备实施的许可内容; 以及, 发送处理模块 803, 用于将许可内容携 带在许可控制消息中向许可实施设备发送。  The embodiment of the present invention further provides a license control device, and FIG. 8 is a schematic structural diagram of the license control device. As shown in FIG. 8, the device includes: a parsing module 801, configured to load and parse a license file, to obtain a license item acquired by the license control device; a determining module 802, configured to determine a license content that needs to be licensed to implement the device implementation; and, send The processing module 803 is configured to carry the license content in the license control message and send the content to the license implementation device.
可选的, 如果许可实施设备主动向许可控制设备发送许可控制请求, 那么, 该许可控制设备还可以包括: 接收模块 804, 用于接收许可实施设备 发送的许可控制请求消息, 该许可控制请求消息中包括: 许可实施设备支 持的许可项信息。 相应的, 上述确定模块 802可以用于: 根据解析模块 801 得到的许可控制设备获取的许可项, 结合接收模块 804接收的许可实施设 备支持的许可项信息, 选择需要许可实施设备实施的许可内容。  Optionally, if the license implementation device sends a license control request to the license control device, the license control device may further include: a receiving module 804, configured to receive a license control request message sent by the license implementation device, where the license control request message is This includes: License information for license implementation device support. Correspondingly, the determining module 802 may be configured to: select, according to the license item acquired by the license control device obtained by the parsing module 801, the license item supported by the license implementation device received by the receiving module 804, and select the license content that needs to be licensed to implement the device implementation.
以许可实施设备为 AP、 许可控制设备为 LCC为例, 比如, AP把自己支 持的 License项信息通过许可控制请求消息发给 LCC, AP支持的 License 项为 (C, D, E, F), 而 LCC获取的许可项为 (A, B, C, D ), 则确定模块 802可以选取两者的交集(C, D), 作为需要 AP实施的许可内容。 具体的一 些实现细节可参见方法实施例的描述。  For example, the AP sends the license information of the license to the LCC through the license control request message. The license item supported by the AP is (C, D, E, F). The LCC obtains the license item (A, B, C, D), and the determination module 802 can select the intersection (C, D) of the two as the license content required for the AP implementation. For specific implementation details, refer to the description of the method embodiments.
可选的, 如果采用许可控制设备主动下发控制的方式, 则确定模块 802 用于: 从解析模块 801 得到的许可控制设备获取的许可项中选择部分或全 部, 作为需要许可实施设备实施的许可内容。 仍以许可实施设备为 AP、 许 可控制设备为 LCC为例, LCC可以选择(A, B, C , D )的部分或全部, 发送 给 AP。 具体的一些实现细节可参见方法实施例的描述。 Optionally, if the manner in which the license control device actively delivers the control is adopted, the determining module 802 For: Selecting part or all of the license items acquired by the license control device obtained from the parsing module 801 as the license content required to implement the device implementation. For example, if the license implementation device is an AP and the license control device is an LCC, the LCC may select some or all of (A, B, C, D) and send it to the AP. For specific implementation details, refer to the description of the method embodiments.
进一步的, 发送处理模块 803 可以具体由以下单元来实现, 比如: 算 法处理单元 8031,用于采用 LCC和许可实施设备所共同支持的加密算法和 / 或完整性算法, 对许可内容进行加密和 /或完整性处理; 发送单元 8032, 用 于将算法处理单元处理过的许可内容携带在许可控制消息中向许可实施设 备发送。  Further, the sending processing module 803 may be specifically implemented by, for example, an algorithm processing unit 8031, configured to encrypt the licensed content by using an encryption algorithm and/or an integrity algorithm supported by the LCC and the license implementing device. Or integrity processing; the sending unit 8032, configured to carry the license content processed by the algorithm processing unit in the license control message to the license implementation device.
另外, 该许可控制设备部署在接入点归属寄存器中, 或部署在小基站 管理系统设备中, 或, 部署在接入点系统的接入网关中。 实施例六  In addition, the admission control device is deployed in the access point home register, or deployed in the small base station management system device, or deployed in the access gateway of the access point system. Embodiment 6
本发明实施例还提供了一种许可实施设备, 图 9 是该许可实施设备的 结构示意图。 如图 9所示, 该设备包括: 接收模块 901, 用于接收许可控制 中心 LCC发送的许可控制消息; 获取模块 902, 用于从接收模块接收的许可 控制消息中获取需要实施的许可内容; 实施模块 903, 用于根据获取模块获 取的需要实施的许可内容实施许可控制。  The embodiment of the present invention further provides a license implementation device, and FIG. 9 is a schematic structural diagram of the license implementation device. As shown in FIG. 9, the device includes: a receiving module 901, configured to receive a permission control message sent by a license control center LCC, and an obtaining module 902, configured to obtain, from a license control message received by the receiving module, a license content that needs to be implemented; The module 903 is configured to implement the license control according to the license content that needs to be implemented by the acquisition module.
可选的, 如果许可实施设备采用主动发送许可控制请求消息给 LCC 的 方式, 则该许可实施设备还可以包括: 请求模块 904, 用于向 LCC发送许可 控制请求消息, 该许可控制请求消息中包括如下信息之一或其组合: 许可 实施设备支持的许可项信息, 许可实施设备支持的加密算法集合信息, 许 可实施设备支持的完整性算法集合信息。  Optionally, if the license implementation device adopts a method for actively sending a license control request message to the LCC, the license implementation device may further include: a requesting module 904, configured to send, to the LCC, a license control request message, where the license control request message includes One or a combination of the following information: License item information supported by the license implementation device, encryption algorithm set information supported by the device implementation license, and integrity algorithm set information supported by the device implementation device.
另外, 如果需要实施的许可内容为 LCC采用 LCC和许可实施设备所共 同支持的加密算法和 /或完整性算法进行加密和 /或完整性处理后的需要实 施的许可内容, 则相应的, 获取模块 902具体可以由如下单元实现, 包括: 解密单元 9021, 用于根据 LCC和许可实施设备所共同支持的加密算法, 对 进行加密处理后的需要实施的内容进行相应的解密处理; 和 /或, 完整性验 证单元 9022, 用于根据 LCC和许可实施设备所共同支持的完整性算法, 对 进行完整性处理后的需要实施的内容进行相应的完整性验证处理。 另一方面, 如果 LCC发送许可控制消息之前并不知道许可实施设备的 许可支持能力, 则许可控制消息中的许可项可能是该许可实施设备所不支 持的。 图 1 0是该许可实施设备的结构示意图, 参见图 1 0, 该设备包括: 接 收模块 1 001, 用于接收许可控制中心 LCC发送的许可控制消息; 获取模块 1 002, 用于从接收模块接收的许可控制消息中获取需要实施的许可内容; 实施模块 1 003, 用于根据获取模块获取的需要实施的许可内容实施许可控 制。 其中, 获取模块 1 002可以具体由如下单元实现: 获取单元 1 0021, 用 于从许可控制消息中得到 LCC获取的许可项; 确定单元 1 0022, 用于根据获 取单元 1 002 1获取的 LCC获取的许可项, 并结合许可实施设备自身所支持 的许可项信息, 确定需要实施的许可内容。 实际上, 该获取单元 1 0021 可 以由上述的解密单元和完整性验证单元实现, 即, 进行解密处理和完整性 验证处理之后, 就可以得到 LCC获取的许可项。 In addition, if the license content to be implemented is the license content that needs to be implemented after the encryption and/or integrity processing is performed by the LCC and the encryption algorithm and/or the integrity algorithm supported by the LCC and the license implementation device, the corresponding acquisition module The 902 may be specifically implemented by the following unit, including: a decryption unit 9021, configured to perform corresponding decryption processing on the content that needs to be implemented after the encryption process according to an encryption algorithm supported by the LCC and the license implementation device; and/or, complete The verification unit 9022 is configured to perform corresponding integrity verification processing on the content that needs to be implemented after the integrity processing according to the integrity algorithm supported by the LCC and the license implementation device. On the other hand, if the LCC does not know the license support capability of the license enforcement device before sending the license control message, the license entry in the license control message may not be supported by the license enforcement device. FIG. 10 is a schematic structural diagram of the license implementation device. Referring to FIG. 10, the device includes: a receiving module 1 001, configured to receive a permission control message sent by a license control center LCC; and an acquiring module 1 002, configured to receive from the receiving module The license control message obtains the license content that needs to be implemented; the implementation module 003 is configured to implement the license control according to the license content that needs to be implemented by the acquisition module. The obtaining module 1 002 may be specifically implemented by the following unit: an obtaining unit 1 0021, configured to obtain a license item obtained by the LCC from the permission control message, and a determining unit 1 0022, configured to acquire according to the LCC acquired by the obtaining unit 1 002 1 The license item, together with the license item information supported by the license implementation device, determines the license content that needs to be implemented. In fact, the obtaining unit 1 0021 can be implemented by the above-described decryption unit and integrity verification unit, that is, after the decryption process and the integrity verification process, the LCC acquired license item can be obtained.
可选的, 该许可实施设备还可以包括上报单元, 用于将许可实施的结 果上报给许可控制设备。 实施例七  Optionally, the license implementation device may further include a reporting unit, configured to report the result of the license implementation to the license control device. Example 7
本发明实施例还提供了一种许可实施系统, 包括了前述实施例中的许 可控制设备和许可实施设备。  The embodiment of the present invention further provides a license implementation system including the license control device and the license implementation device in the foregoing embodiments.
该许可实施设备可以是: 基站或其他可以实施许可的设备, 具体到室 内覆盖场景下, 可以是各种制式的小型化接入设备, 比如 AP。 该许可控制 设备可以是集成了 LCC模块的 AHR、 HMS或 AG等设备。 可以理解的是, 由于本发明实施例提供的许可控制设备、 许可实施设 备以及许可控制系统的技术方案中, 使用消息的格式进行许可内容的发送 和接收, 而许可内容是许可文件中真正有用的控制信息, 即许可项信息。 相比现有技术分发许可文件的技术方案而言, 避免了对大量冗余信息 (比 如文件格式信息, 以及其他无关信息等) 的发送和接收, 因此有效信息比 例较高, 发送效率得到了提高, 降低了对传输资源的占用。  The license implementation device may be: a base station or other device that can implement the license, and in the case of an indoor coverage scenario, it may be a miniaturized access device of various standards, such as an AP. The license control device can be an AHR, HMS or AG device that integrates the LCC module. It can be understood that, in the technical solutions of the license control device, the license implementation device, and the license control system provided by the embodiments of the present invention, the content of the message is used for sending and receiving the license content, and the license content is really useful in the license file. Control information, that is, license item information. Compared with the technical solutions for distributing license files in the prior art, transmission and reception of a large amount of redundant information (such as file format information and other irrelevant information) are avoided, so that the effective information ratio is high and the transmission efficiency is improved. , reducing the occupation of transmission resources.
如果采用许可实施设备 (比如 AP )主动向 LCC发送请求消息, 在请求 消息中携带 AP支持的许可项信息、 加密算法和完整性算法信息, 可以事先 完成许可功能的协商, 以确保发送给 AP的许可内容是可以实施的; 以及, 可以事先可以完成算法协商, 从而采用双方都支持的算法进行处理。 总体 上, 采用许可实施设备主动发送许可请求的方式, 可以实现根据特定许可 实施设备的实际情况进行相应处理, 许可控制的针对性更强, 提高了许可 控制的效率。 If the license implementation device (such as an AP) actively sends a request message to the LCC, and the request message carries the license item information, the encryption algorithm, and the integrity algorithm information supported by the AP, The negotiation of the license function is completed to ensure that the license content sent to the AP is implementable; and the algorithm negotiation can be completed in advance, so as to be processed by an algorithm supported by both parties. In general, the license implementation device actively sends a license request, which can implement corresponding processing according to the actual situation of the specific license implementation device, and the license control is more targeted, and the efficiency of the license control is improved.
如果采用 LCC主动以消息格式下发许可项的方案, 可以减少许可实施 设备(比如 AP )和 LCC的信息交互, 节省信令开销, 简化流程, 提高处理 效率。  If the LCC actively delivers the license in the message format, the information exchange between the license implementation device (such as the AP) and the LCC can be reduced, signaling overhead is saved, the process is simplified, and the processing efficiency is improved.
另外, 对许可内容进行的加密和完整性处理, 可以保证许可内容(即 真正有用的控制消息)在传递过程中的私密性和完整性。  In addition, the encryption and integrity processing of the licensed content guarantees the privacy and integrity of the licensed content (ie, truly useful control messages) during delivery.
再者, LCC模块可以设置在多种网络设备中,从而使得许可控制设备可 以在多种网络设备中实现, 可以给运营商提供多种实现方式, 以灵活的应 对具体的网络场景和需求。  Furthermore, the LCC module can be installed in a variety of network devices, so that the license control device can be implemented in a plurality of network devices, and the operator can be provided with multiple implementations to flexibly respond to specific network scenarios and requirements.
所属领域的技术人员可以清楚地了解到, 为描述的方便和简洁, 上述 描述的系统、 设备、 模块和单元的具体工作过程, 可以参考前述方法实施 例中的对应过程, 在此不再赘述。  A person skilled in the art can clearly understand that, for the convenience and brevity of the description, the specific working process of the system, the device, the module and the unit described above can refer to the corresponding process in the foregoing method embodiment, and details are not described herein again.
通过以上的实施例的描述, 所属领域的技术人员可以清楚地了解到本 发明可借助软件加必需的通用硬件平台的方式来实现, 当然也可以通过硬 件, 但很多情况下前者是更佳的实施方式。 基于这样的理解, 本发明的技 术方案本质上或者说对现有技术做出贡献的部分可以以软件产品的形式体 现出来, 该计算机软件产品存储在一个存储介质中, 包括若干指令用以使 得一台计算机设备(可以是个人计算机, 服务器, 或者网络设备等)执行 本发明各个实施例所述方法的全部或部分步骤。 而前述的存储介质包括: U 盘、 移动硬盘、 只读存储器 (R0M )、 随机存取存储器(RAM )、 磁碟或者光 盘等各种可以存储程序代码的介质。  Through the description of the above embodiments, those skilled in the art can clearly understand that the present invention can be implemented by means of software plus a necessary general hardware platform, and of course, can also be through hardware, but in many cases, the former is a better implementation. the way. Based on such understanding, the technical solution of the present invention, which is essential or contributes to the prior art, may be embodied in the form of a software product stored in a storage medium, including a plurality of instructions for making a A computer device (which may be a personal computer, server, or network device, etc.) performs all or part of the steps of the methods described in various embodiments of the present invention. The foregoing storage medium includes: a medium such as a USB flash drive, a removable hard disk, a read only memory (ROM), a random access memory (RAM), a magnetic disk, or an optical disk, which can store program codes.
在本申请所提供的几个实施例中, 应该理解到, 所揭露的系统、 设备 和方法, 在没有超过本申请的范围内, 可以通过其他的方式实现。 例如, 以上所描述的装置实施例仅仅是示意性的, 例如, 所述模块或单元的划分, 仅仅为一种逻辑功能划分, 实际实现时可以有另外的划分方式, 例如多个 单元或组件可以结合或者可以集成到另一个系统, 或一些特征可以忽略, 或不执行。 其中所述作为分离部件说明的单元可以是或者也可以不是物理 上分开的, 作为单元显示的部件可以是或者也可以不是物理单元, 即可以 位于一个地方, 或者也可以分布到多个网络单元上。 可以根据实际的需要 选择其中的部分或者全部模块来实现本实施例方案的目的。 本领域普通技 术人员在不付出创造性劳动的情况下, 即可以理解并实施。 In the several embodiments provided in the present application, it should be understood that the disclosed systems, devices, and methods may be implemented in other manners without departing from the scope of the present application. For example, the device embodiments described above are merely illustrative. For example, the division of the modules or units is only a logical function division. In actual implementation, there may be another division manner, for example, multiple units or components may be used. Combined or can be integrated into another system, or some features can be ignored, Or not. The units described as separate components may or may not be physically separated, and the components displayed as the units may or may not be physical units, that is, may be located in one place, or may be distributed to multiple network units. . Some or all of the modules may be selected according to actual needs to achieve the purpose of the solution of the embodiment. Those of ordinary skill in the art can understand and implement without any creative effort.
另外, 所描述系统、 设备和方法以及不同实施例的示意图, 在不超出 本申请的范围内, 可以与其它系统, 模块, 技术或方法结合或集成。 另一 点, 所显示或讨论的相互之间的耦合或直接耦合或通信连接可以是通过一 些接口, 装置或单元的间接耦合或通信连接, 可以是电子、 机械或其它的 形式。  In addition, the described systems, devices, and methods, and the schematic diagrams of various embodiments, may be combined or integrated with other systems, modules, techniques or methods without departing from the scope of the present application. In addition, the mutual coupling or direct coupling or communication connection shown or discussed may be an indirect coupling or communication connection through some interface, device or unit, and may be in electronic, mechanical or other form.
以上所述, 仅为本发明的具体实施方式, 但本发明的保护范围并不局 限于此, 任何熟悉本技术领域的技术人员在本发明揭露的技术范围内, 可 轻易想到变化或替换, 都应涵盖在本发明的保护范围之内。 因此, 本发明 的保护范围应所述以权利要求的保护范围为准。  The above is only the specific embodiment of the present invention, but the scope of the present invention is not limited thereto, and any person skilled in the art can easily think of changes or substitutions within the technical scope of the present invention. It should be covered by the scope of the present invention. Therefore, the scope of the invention should be determined by the scope of the claims.

Claims

权利要求 Rights request
1、 一种许可控制方法, 其特征在于, 包括: A license control method, characterized in that it comprises:
许可控制中心 LCC加载并解析许可文件, 得到所述 LCC获取的许可项, 所述许可项包括许可内容;  The license control center LCC loads and parses the license file to obtain the license item acquired by the LCC, and the license item includes the license content;
所述 LCC确定需要许可实施设备实施的许可内容;  The LCC determines a license content that requires permission to implement device implementation;
所述 LCC将所述许可内容携带在许可控制消息中向所述许可实施设备 发送。  The LCC carries the licensed content in an admission control message to the license enforcement device.
2、 如权利要求 1所述的方法, 其特征在于, 所述 LCC确定需要许可实 施设备实施的许可内容包括:  2. The method according to claim 1, wherein the LCC determines that the license content required to implement the implementation of the device comprises:
所述 LCC根据所述 LCC获取的许可项, 结合所述许可实施设备支持的 许可项信息, 确定需要所述许可实施设备实施的许可内容;  Determining, according to the license item acquired by the LCC, the license item information supported by the license implementation device, the license content required to be implemented by the license implementation device;
所述方法还包括:  The method further includes:
所述 LCC接收所述许可实施设备发送的许可控制请求消息, 所述许可 控制请求消息中包括: 许可实施设备支持的许可项信息。  The LCC receives the license control request message sent by the license implementation device, where the license control request message includes: license item information supported by the license implementation device.
3、 如权利要求 1所述的方法, 其特征在于, 所述 LCC确定需要许可实 施设备实施的许可内容包括:  3. The method according to claim 1, wherein the LCC determines that the license content required to implement the implementation of the device comprises:
所述 LCC选择所述 LCC获取的许可项的部分或全部, 作为需要所述许 可实施设备实施的许可内容。  The LCC selects part or all of the license items acquired by the LCC as the license content required to implement the license implementation.
4、 如权利要求 1至 3任一项所述的方法, 其特征在于, 所述将所述许 可内容携带在许可控制消息中向所述许可实施设备发送, 包括:  The method according to any one of claims 1 to 3, wherein the transmitting the license content in the license control message to the license enforcement device comprises:
所述 LCC采用所述 LCC和所述许可实施设备所共同支持的加密算法和 / 或完整性算法, 对所述许可内容进行加密和 /或完整性处理, 将加密和 /或 完整性处理后的许可内容携带在许可控制消息中向所述许可实施设备发 送。  The LCC encrypts and/or performs integrity processing on the licensed content by using an encryption algorithm and/or an integrity algorithm supported by the LCC and the license implementation device, and encrypts and/or integrity The license content is carried in the license control message to the license enforcement device.
5、 如权利要求 4 所述的方法, 其特征在于, 所述加密算法和 /或完整 性算法采用默认的加密算法和 /或完整性算法, 或者, 采用动态协商的方式 确定;  The method according to claim 4, wherein the encryption algorithm and/or integrity algorithm adopts a default encryption algorithm and/or an integrity algorithm, or is determined by dynamic negotiation;
当采用动态协商的方式确定时, 所述方法还包括:  When the method is determined by dynamic negotiation, the method further includes:
所述 LCC接收所述许可实施设备发送的许可控制请求消息, 所述许可 控制请求消息中包括: 许可实施设备支持的加密算法集合信息和 /或完整性 算法集合信息; The LCC receives a license control request message sent by the license implementation device, the license The control request message includes: an encryption algorithm set information and/or an integrity algorithm set information supported by the license implementation device;
所述 LCC根据所述许可实施设备支持的加密算法集合信息和 /或完整性 算法集合信息, 选择所述 LCC和所述许可实施设备所共同支持的加密算法 和完整性算法。  The LCC selects an encryption algorithm and an integrity algorithm supported by the LCC and the license implementation device according to the encryption algorithm set information and/or the integrity algorithm set information supported by the license implementation device.
6、 一种许可控制方法, 其特征在于, 包括:  6. A method of license control, characterized in that it comprises:
许可实施设备接收许可控制中心 LCC发送的许可控制消息;  The license implementation device receives the license control message sent by the license control center LCC;
所述许可实施设备从所述许可控制消息中获取需要实施的许可内容; 所述许可实施设备根据所述需要实施的许可内容实施许可控制。  The license implementation device acquires license content that needs to be implemented from the license control message; the license implementation device implements license control according to the license content that needs to be implemented.
7、 如权利要求 6所述的方法, 其特征在于, 还包括:  7. The method of claim 6, further comprising:
所述许可实施设备向所述 LCC发送许可控制请求消息, 所述许可控制 请求消息中包括如下信息之一或其组合:  The license implementation device sends a license control request message to the LCC, where the license control request message includes one or a combination of the following information:
许可实施设备支持的许可项信息, 许可实施设备支持的加密算法集合 信息, 许可实施设备支持的完整性算法集合信息。  The license implementation information supported by the license implementation device, the encryption algorithm set information supported by the implementation implementation device, and the integrity algorithm set information supported by the implementation implementation device.
8、 如权利要求 6或 7所述的方法, 其特征在于, 所述需要实施的许可 内容为所述 LCC采用所述 LCC和所述许可实施设备所共同支持的加密算法 和 /或完整性算法进行加密和 /或完整性处理后的许可内容;  The method according to claim 6 or 7, wherein the license content that needs to be implemented is an encryption algorithm and/or an integrity algorithm supported by the LCC using the LCC and the license implementation device. Licensed content after encryption and/or integrity processing;
所述许可实施设备从所述许可控制消息中获取需要实施的许可内容, 包括:  And obtaining, by the license implementation device, the license content that needs to be implemented from the license control message, including:
所述许可实施设备根据所述 LCC和所述许可实施设备所共同支持的加 密算法和 /或完整性算法, 对所述进行加密和 /或完整性处理后的需要实施 的内容进行相应的解密和 /或完整性验证处理, 获得需要实施的许可内容。  The license implementation device decrypts the content that needs to be implemented after the encryption and/or integrity processing according to an encryption algorithm and/or an integrity algorithm supported by the LCC and the license implementation device. / or integrity verification processing, get the license content that needs to be implemented.
9、 如权利要求 6所述的方法, 其特征在于, 所述许可实施设备从所述 许可控制消息中获取需要实施的许可内容, 包括:  The method according to claim 6, wherein the license implementation device acquires the license content that needs to be implemented from the license control message, and includes:
所述许可实施设备从所述许可控制消息中得到所述 LCC获取的许可项, 结合所述许可实施设备自身所支持的许可项信息, 获取需要实施的许可内 容。  The license implementation device obtains the license item acquired by the LCC from the license control message, and obtains the license content that needs to be implemented in conjunction with the license item information supported by the license implementation device itself.
1 0、 如权利要求 6至 9任一项所述的方法, 其特征在于, 还包括: 所述许可实施设备在根据所述需要实施的许可内容实施许可控制之 后, 向所述 LCC返回许可实施结果。 The method according to any one of claims 6 to 9, further comprising: the license implementing device returning the license implementation to the LCC after performing the license control according to the license content implemented as needed result.
11、 一种许可控制设备, 其特征在于, 包括: 11. A license control device, comprising:
解析模块, 用于加载并解析许可文件, 得到所述许可控制设备获取的 许可项, 所述许可项包括许可内容;  a parsing module, configured to load and parse the license file, to obtain a license item acquired by the license control device, where the license item includes the license content;
确定模块, 用于确定需要许可实施设备实施的许可内容;  a determination module for determining a license content that requires permission to implement device implementation;
发送处理模块, 用于将所述许可内容携带在许可控制消息中向所述许 可实施设备发送。  And a sending processing module, configured to carry the licensed content in an admission control message to the licensed implementation device.
12、 如权利要求 11所述的设备, 其特征在于, 还包括: 接收模块, 用 于接收所述许可实施设备发送的许可控制请求消息, 所述许可控制请求消 息中包括: 许可实施设备支持的许可项信息;  The device according to claim 11, further comprising: a receiving module, configured to receive a license control request message sent by the license implementing device, where the license control request message includes: License item information;
所述确定模块用于: 根据所述解析模块得到的所述许可控制设备获取 的许可项, 结合所述接收模块接收的许可实施设备支持的许可项信息, 选 择需要所述许可实施设备实施的许可内容。  The determining module is configured to: select, according to the license item acquired by the license control device obtained by the parsing module, the license item information that is required by the license implementation device, in combination with the license item information supported by the license implementation device received by the receiving module content.
13、 如权利要求 11所述的设备, 其特征在于, 所述确定模块用于: 从 所述解析模块得到的所述许可控制设备获取的许可项中选择部分或全部, 作为需要所述许可实施设备实施的许可内容。  The device according to claim 11, wherein the determining module is configured to: select some or all of the license items acquired by the license control device obtained by the parsing module, as the license implementation is required Licensed content for device implementation.
14、 如权利要求 11至 13任一项所述的设备, 其特征在于, 所述发送 处理模块包括:  The device according to any one of claims 11 to 13, wherein the sending processing module comprises:
算法处理单元, 用于采用所述许可控制设备和所述许可实施设备所共 同支持的加密算法和 /或完整性算法, 对所述许可内容进行加密和 /或完整 性处理;  An algorithm processing unit, configured to perform encryption and/or integrity processing on the license content by using an encryption algorithm and/or an integrity algorithm supported by the license control device and the license implementation device;
发送单元, 用于将所述算法处理单元处理过的许可内容携带在许可控 制消息中向所述许可实施设备发送。  And a sending unit, configured to carry the licensed content processed by the algorithm processing unit in the license control message to the license implementing device.
15、 如权利要求 11至 14任一项所述的设备, 其特征在于, 所述设备 部署在接入点归属寄存器中, 或部署在小基站管理系统设备中, 或, 部署 在接入点系统的接入网关中。  The device according to any one of claims 11 to 14, wherein the device is deployed in an access point home register, or deployed in a small cell management system device, or deployed in an access point system. In the access gateway.
16、 一种许可实施设备, 其特征在于, 包括:  16. A license implementation device, comprising:
接收模块, 用于接收许可控制中心 LCC发送的许可控制消息; 获取模块, 用于从所述接收模块接收的许可控制消息中获取需要实施 的许可内容;  a receiving module, configured to receive a license control message sent by the license control center LCC, and an obtaining module, configured to obtain, from the license control message received by the receiving module, the license content that needs to be implemented;
实施模块, 用于根据所述获取模块获取的需要实施的许可内容实施许 可控制。 An implementation module, configured to implement, according to the license content acquired by the obtaining module controllable.
17、 如权利要求 16所述的设备, 其特征在于, 还包括:  The device of claim 16, further comprising:
请求模块, 用于向所述 LCC发送许可控制请求消息, 所述许可控制请 求消息中包括如下信息之一或其组合:  And a requesting module, configured to send a license control request message to the LCC, where the license control request message includes one or a combination of the following information:
所述许可实施设备支持的许可项信息, 所述许可实施设备支持的加密 算法集合信息, 所述许可实施设备支持的完整性算法集合信息。  The license item information supported by the license implementation device, the encryption algorithm set information supported by the license implementation device, and the integrity algorithm set information supported by the license implementation device.
18、 如权利要求 16所述的设备, 其特征在于, 所述需要实施的许可内 容为所述 LCC采用所述 LCC和所述许可实施设备所共同支持的加密算法和 / 或完整性算法进行加密和 /或完整性处理后的许可内容;  The device according to claim 16, wherein the license content to be implemented is encrypted by the LCC using an encryption algorithm and/or an integrity algorithm supported by the LCC and the license implementation device. And/or the content of the license after the integrity processing;
所述获取模块包括:  The obtaining module includes:
解密单元, 用于根据所述 LCC和所述许可实施设备所共同支持的加密 算法, 对所述进行加密处理后的需要实施的内容进行相应的解密处理; 和 / 或,  a decryption unit, configured to perform corresponding decryption processing on the content that needs to be implemented after the encryption process according to an encryption algorithm supported by the LCC and the license implementation device; and/or,
完整性验证单元, 用于根据所述 LCC和所述许可实施设备所共同支持 的完整性算法, 对所述进行完整性处理后的需要实施的内容进行相应的完 整性验证处理。  The integrity verification unit is configured to perform corresponding integrity verification processing on the content that needs to be implemented after the integrity processing according to the integrity algorithm supported by the LCC and the license implementation device.
19、 如权利要求 16至 18任一项所述的设备, 其特征在于, 所述获取 模块包括:  The device according to any one of claims 16 to 18, wherein the obtaining module comprises:
获取单元, 用于从所述许可控制消息中得到所述 LCC获取的许可项; 确定单元, 用于根据所述获取单元获取的所述 LCC获取的许可项, 并 结合所述许可实施设备自身所支持的许可项信息, 确定需要实施的许可内 容。  An obtaining unit, configured to obtain, from the license control message, a license item acquired by the LCC; a determining unit, configured to use, according to the license item acquired by the LCC acquired by the acquiring unit, in combination with the license implementation device itself Supported license information to determine the license content that needs to be implemented.
20、 一种许可控制系统, 其特征在于, 包括:  20. A license control system, comprising:
如权利要求 11至 15任一项所述的许可控制设备, 以及,  The license control device according to any one of claims 11 to 15, and
如权利要求 16至 19任一项所述的许可实施设备。  A license enforcing device according to any one of claims 16 to 19.
PCT/CN2010/079292 2009-12-10 2010-11-30 Method, device and system for license control WO2011069423A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN200910188858.4 2009-12-10
CN200910188858A CN101741833A (en) 2009-12-10 2009-12-10 Method, equipment and system for license control

Publications (1)

Publication Number Publication Date
WO2011069423A1 true WO2011069423A1 (en) 2011-06-16

Family

ID=42464723

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2010/079292 WO2011069423A1 (en) 2009-12-10 2010-11-30 Method, device and system for license control

Country Status (2)

Country Link
CN (1) CN101741833A (en)
WO (1) WO2011069423A1 (en)

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101741833A (en) * 2009-12-10 2010-06-16 华为技术有限公司 Method, equipment and system for license control
CN104243420A (en) * 2013-06-18 2014-12-24 沈阳中科博微自动化技术有限公司 Data encryption method for communication between integrated circuit factory automation system and equipment
CN111970319A (en) * 2020-06-22 2020-11-20 联想(北京)有限公司 Distribution control method of software License and network equipment

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1874218A (en) * 2006-01-05 2006-12-06 华为技术有限公司 Method, system and equipment for license management
CN101163104A (en) * 2007-11-13 2008-04-16 华为技术有限公司 Permission implementing method, equipment and system of sharing switch node
CN101188522A (en) * 2007-12-06 2008-05-28 华为技术有限公司 License management method and system
CN101741833A (en) * 2009-12-10 2010-06-16 华为技术有限公司 Method, equipment and system for license control

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1874218A (en) * 2006-01-05 2006-12-06 华为技术有限公司 Method, system and equipment for license management
CN101163104A (en) * 2007-11-13 2008-04-16 华为技术有限公司 Permission implementing method, equipment and system of sharing switch node
CN101188522A (en) * 2007-12-06 2008-05-28 华为技术有限公司 License management method and system
CN101741833A (en) * 2009-12-10 2010-06-16 华为技术有限公司 Method, equipment and system for license control

Also Published As

Publication number Publication date
CN101741833A (en) 2010-06-16

Similar Documents

Publication Publication Date Title
JP6242938B2 (en) Wireless power transmission device
EP2863612B1 (en) Content sharing method, device and system
US8295488B2 (en) Exchange of key material
KR101009686B1 (en) Session key management for public wireless lan supporting multiple virtual operators
WO2018006626A1 (en) Network security management system, method and device
US20190342082A1 (en) Network key processing method and system and related device
CN107094127B (en) Processing method and device, and obtaining method and device of security information
CN105828326A (en) Wireless local area network access method and wireless access node
JP2006109449A (en) Access point that wirelessly provides encryption key to authenticated wireless station
US10172003B2 (en) Communication security processing method, and apparatus
CN113556227A (en) Network connection management method and device, computer readable medium and electronic equipment
EP4030802A1 (en) Method and apparatus for managing subscription data
CN113784343A (en) Method and apparatus for securing communications
US20230179400A1 (en) Key management method and communication apparatus
CN105392133A (en) Method and system for wireless function device to automatically access to wireless access point
US9154949B1 (en) Authenticated delivery of premium communication services to untrusted devices over an untrusted network
WO2011069423A1 (en) Method, device and system for license control
WO2018076298A1 (en) Security capability negotiation method and related device
CN114584969B (en) Information processing method and device based on associated encryption
KR101500118B1 (en) Data sharing method and data sharing system
CN113543131A (en) Network connection management method and device, computer readable medium and electronic equipment
EP3219066B1 (en) Radio device hardware security system for wireless spectrum usage
CN103152348B (en) The method, apparatus and system of admissions control
EP2251808A2 (en) Wireless communication system
CN118041713A (en) Communication method, master device, slave device and communication system

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 10835458

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 10835458

Country of ref document: EP

Kind code of ref document: A1