CN100355313C - Method for preventing terminal user from illegal roaming - Google Patents

Method for preventing terminal user from illegal roaming Download PDF

Info

Publication number
CN100355313C
CN100355313C CNB2004100500530A CN200410050053A CN100355313C CN 100355313 C CN100355313 C CN 100355313C CN B2004100500530 A CNB2004100500530 A CN B2004100500530A CN 200410050053 A CN200410050053 A CN 200410050053A CN 100355313 C CN100355313 C CN 100355313C
Authority
CN
China
Prior art keywords
user
information
roaming
address
address field
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Fee Related
Application number
CNB2004100500530A
Other languages
Chinese (zh)
Other versions
CN1717095A (en
Inventor
姚鑫
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Huawei Technologies Co Ltd
Original Assignee
Huawei Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Huawei Technologies Co Ltd filed Critical Huawei Technologies Co Ltd
Priority to CNB2004100500530A priority Critical patent/CN100355313C/en
Publication of CN1717095A publication Critical patent/CN1717095A/en
Application granted granted Critical
Publication of CN100355313C publication Critical patent/CN100355313C/en
Anticipated expiration legal-status Critical
Expired - Fee Related legal-status Critical Current

Links

Images

Landscapes

  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The present invention discloses a method for preventing terminal users from illegal roam, which comprises that corresponding relation between the user ID information of a roam authorized user and a registrable IP address domain of the user is established; a registrable IP address domain corresponding to the user ID information in a current registration request is looked up via the corresponding relation established between the ID information and the registrable IP address domain after a user registration request comprising the user ID information and the IP address is received; whether the user IP address in the current registration request is in the range of which can be looked up or not is judged, if the user IP address is in the range of the IP address domain which can be looked up, user registration is executed, or otherwise, the process is terminated. The project of the present invention can be used for limiting the access IP address of users and preventing the users from illegal roam.

Description

A kind of method that prevents terminal use's illegal browse
Technical field
The present invention relates to roaming technology, be meant the method that a kind of terminal use of preventing illegally roams by IP network especially based on Internet protocol (IP) network.
Background technology
Along with development of Communication Technique, various types of communication networks move towards to merge just gradually, and a lot of new business have been brought thus, such as: the services of roaming of IP based network, the user not only can realize voice call between the strange land by this services of roaming, can also carry out multiple information interchanges such as short message, multimedia, thereby be subjected to the generally attention of industry.
What development in recent years was got up is next generation network (NGN) technology of core with soft switch and packet-switch technology, because it has broad application prospects and can satisfy people's variation, personalized business demand, has become one of focus that industry pays close attention to most.
NGN is based on Internet protocol (IP) technique construction, and in principle, as long as can visit from the IP layer, the user just can be linked in the NGN network.Because the interoperability of IP network, as: transworld internet (Internet), so the natural characteristic with the roaming supported of NGN network, carry out the direction that services of roaming will be future development in NGN.
But because IP network, the NGN terminal use can insert the NGN system from the optional position, and the IP address that the user is adopted when inserting is fixing usually, can have certain mobility scale.Particularly in the occasion of having used agency (PROXY) equipment, terminal will be registered by PROXY, and the terminal address that the NGN system is seen all is the address of PROXY, and not have real user profile.In this case, though in present NGN system, for subscriber authorisation the time, write down the relevant attribute that whether allows the user to roam, but for above-mentioned reasons, still can't prevent the generation of some illegal browse phenomenons of user, such as: opened the user of services of roaming in a city, go on business the other places in addition abroad after, still can insert the NGN system by IP network and roam, and enjoy Freight Basis when roaming in former city.
Like this, will cause the confusion of chargeing and serving in the network operation, be unfavorable for Virtual network operator exploitation and development services of roaming.
Summary of the invention
In view of this, main purpose of the present invention is to provide a kind of method of the terminal use's of preventing illegal browse, and user's access IP address is limited, and prevents the generation of user's illegal browse phenomenon.
According to above-mentioned purpose a kind of method that prevents terminal use's illegal browse provided by the invention, comprising:
A) corresponding relation of user identity (ID) information of foundation roaming authorized user and this user's registrable IP address field;
B) when receive include user ID information and IP address user register requirement after, judge whether the user ID information in the current register requirement is kept in the corresponding relation of described id information and registrable IP address field, if, then the id information of setting up by step a) is searched the corresponding registrable IP address field of user ID information, execution in step c then in the current register requirement with registrable IP address field corresponding relation); Otherwise, carry out the default process mechanism of non-roaming authorized user, jump out this flow process then;
C) judge the IP address that comprises in the current register requirement whether in the IP address field scope that step b) obtains, if, then carry out user registration process, otherwise, termination process.
If this method active user is not the roaming authorized user, judge then whether the default process mechanism of non-roaming authorized user allows registration, if then register; Otherwise, termination process.
This method further comprises: according to the different roaming authorities of roaming authorized user, the id information that will have identical roaming authority user is divided into same ID group;
Described step a) is to set up the corresponding relation of user's registrable IP address field in each ID group and this ID group;
Step b) is described to be comprised after receiving registration request from user: judge ID group under this user ID information according to the user ID information in the register requirement, search this ID according to the corresponding relation of the registrable IP address field of user in ID group and this ID group and organize corresponding registrable IP address field.
The id information that this method is provided with identical roaming authority user has identical ID feature, and described ID group is the id information set with identical ID feature of the identical roaming authority of representative.
The described id information of this method is that telephone number or domain names or the two comprise simultaneously.
From above as can be seen, the user ID information of the method that prevents terminal use's illegal browse provided by the invention by setting up the roaming authorized user and the corresponding relation of this user's registrable IP address field, and when the user carries out the registration of network insertion, judge whether the IP address that the user adopts belongs in the registrable IP address field scope of this user ID information correspondence, draw the whether legal conclusion in IP address that this user adopts, and forbid the mode that illegal IP address user registers, thereby prevented that the user from adopting illegal IP address to roam.The present invention program realizes simply, effectively, can be provided with flexibly according to different network condition, need not to increase operation cost, and, have stronger practicality applicable to the different situation of user's roaming authority.
Description of drawings
Fig. 1 is the classical group web frame schematic diagram of the employing PROXY of the preferred embodiment of the present invention;
Fig. 2 be in the preferred embodiment of the present invention PROXY to the handling process schematic diagram of user's register requirement.
Embodiment
The present invention is further described in more detail below in conjunction with drawings and the specific embodiments.
Consider that user terminal when operation such as starting shooting, needs to carry out the registration process of access network, and the id information and the IP address that in this process, need to submit to user terminal.Utilize these characteristics core concept of the present invention to be: the corresponding relation of the user ID information of foundation roaming authorized user and this user's registrable IP address field; When the user carried out register requirement, the id information that passes through to be set up was searched the corresponding registrable IP address field of user ID information in the current register requirement with registrable IP address field corresponding relation; And judge the IP address that comprises in the current register requirement whether in searching the IP address field scope that obtains, if, then carry out user registration process, otherwise, termination process.Access IP address when registering by limited subscriber like this, and then limited subscriber adopts illegal IP address to roam.
The preferred embodiments of the invention realize by PROXY equipment in the NGN net, this is for the terminal use because of PROXY equipment, can be regarded as the server end equipment of NGN network, such as being soft switch or gatekeeper, message such as the registration of terminal and calling all can be issued PROXY equipment earlier.PROXY equipment is transmitted to real server apparatus after treatment again.Simultaneously, PROXY equipment can be regarded as the terminal use again for server apparatus.Server is at first issued PROXY equipment to information such as call requests, and PROXY equipment is transmitted to real terminal use again through after handling.PROXY has participated in the full detail interaction flow between user terminal and the server.And in reciprocal process, PROXY can obtain terminal use's IP address information by the login request message of user terminal, and user's information such as ID.User's id information can be a number format, as: telephone number 82881008; Or Domain Name Form registering sites, as: email address user@huawei.com, can certainly take other form.Like this, the specific descriptions of this preferred embodiment are as follows:
At first, set up user's the id information and the binding relationship of registrable IP address field.
Consider for the non-roaming user who is not authorized to enjoy services of roaming, under most of situation, be only to allow in same city or roaming among a small circle in,, can have certain IP address field excursion though the IP address during access can be definitely unfixing.For the roamer, as a rule also should be divided into the claim limitation of different stage, roam at home such as allowing, do not allow international roaming or the like, also there is the corresponding IP address segment limit in the roamer of different stage.Like this in conjunction with present actual conditions, and it is put in order optimization, thus be the user of different rights, comprise the roamer and the non-roaming user of different stage, distribute different IP address field scopes, thereby the IP address field that makes user right and user allow to insert is mapped.Such as: the address field of international roaming is the IP address field with the 192.168.1 beginning; The address field of National roaming is the IP address field with the 10.2.0 beginning; Also can be with the form of a plurality of IP address fields combination, be respectively with 192.168.0 and the IP address field that starts with 10.2.9 such as: the address field of certain roaming authority.In addition, those skilled in the art should find out, can also take other form to divide the IP address field, so long as user's roaming authority and certain corresponding getting final product of IP address range.
For the user who authorizes roaming, according to the restriction rank difference of user roaming user's id information is divided into more than one group, identical authority user's id information is divided into one group, and identifies with a group number, thereby makes the ID group of authorized user corresponding with roaming authority.Consider in the actual conditions, user's id information also has certain rules according to user's roaming authority difference, such as: suffix be all the user may have same roaming authority, therefore preferably, the ID that has same characteristic features for user's distribution of identical roaming authority, such as preceding four of: the ID of number format is that 8288 user's roaming authority is international roaming, and preceding four of number ID is that 8284~8287 user's roaming authority is a National roaming; And the user's of Domain Name Form registering sites suffix suffix @huawei.com roaming authority is domestic part city roaming etc.Regular like this setting will make things convenient for later judgement and search.Certainly, each ID group also can be made up of the form of some ID set without any rule.
The user ID group and the IP address field that will have identical roaming authority are bound, and set up the user right table, and ginseng is shown in Table 1.
Authority International roaming National roaming Domestic part roaming
The user ID group number 1 2 3
IP address field number A B C
Table 1
In the table 1, " 1,2,3 " represent corresponding ID group number respectively, are 8288 ID group such as preceding four of: " 1 " corresponding number, and preceding four of " 2 " corresponding number is 8284~8287 an ID group etc." A, B, C " represents IP address field number respectively, such as: the IP address field of " A " corresponding 192.168.1 network segment, the IP address field of " B " corresponding 10.2.0 network segment etc.
The classical group web frame of the employing PROXY of present embodiment is referring to shown in Figure 1.Same as the prior art, user terminal inserts NGN network of network phone (VoIP) server by PROXY, user terminal and PROXY, and be connected by IP network between PROXY and the VoIP server.Different is to be provided with ID group, the IP address field of authorized user and the user right table that comprises the corresponding relation of ID group and IP address field in the PROXY side.
When user terminal is started shooting, can initiate register requirement to PROXY by sending logon message to PROXY, the processing procedure of PROXY referring to shown in Figure 2, may further comprise the steps:
Step 201, PROXY receives the logon message of terminal; Information such as the user ID of taking-up terminal and IP address from logon message.
Step 202 judges according to user's ID whether this user is the authorized user of roaming, judges promptly whether this user's ID belongs to some user ID groups, if then enter step 203; Otherwise, if the neither one group has comprised this user ID, illustrate that then this user ID is not through authorizing, need handle according to the default process mechanism of default: if system default allows user's registration, then continue this user's register flow path, otherwise, by sending the register flow path that messages such as registration failure or refusal registration stop this user.
Here, if it is with the form setting of number segment or domain name suffix etc. comparatively clocklike that ID organizes, then can whether belong to the number segment or the domain name suffix scope of user's group by judging active user ID, whether very fast definite this user ID belongs to the ID group of certain mandate.If the ID group is to set up with the form of the set with identical authority user ID, then need to search for one by one each ID group, comprise the id information identical if find not have in the ID group with active user ID, then enter step 203; Otherwise, illustrate that this user ID is not through authorizing.
Step 203, find the ID group under the active user ID after, take out the group number of this ID group, in the user right table, search this ID according to this ID group number and organize pairing IP address field number.
Step 204, according to the IP address in active user's endpoint registration message, whether the IP address of judging active user's terminal is in the IP address field scope of the IP address field correspondence that step 203 obtains, if then continue user's register flow path; Otherwise, illustrate that this user inserts the NGN net by illegal IP Address requests, therefore stop this user's register flow path, send messages such as registration failure or refusal registration to user terminal.
Setting up in the process in the user ID information of the foregoing description and the binding relationship of registrable IP address field, is to be divided into an ID group by the user ID with identical roaming authority, and again that the ID group is registrable with it IP address field binding realizes; In addition, also can take the mode of the IP address field binding that each authorized user ID is directly registrable with it.And, under extreme case, the roaming claim limitation that also may not have authorized user, promptly the user of Shou Quaning enjoys same roaming authority, only there is roamer and non-roaming user's difference, like this, can take the directly mode of binding of each authorized user ID IP address field registrable with it.
Mainly considered situation about realizing in the scheme of the foregoing description on PROXY, therefore the binding relationship with user ID and IP address is configured on the PROXY.In addition, the binding relationship of user ID and IP address (authority list) also can be arranged on other position, and when needs are inquired about, be issued to again in the PROXY equipment, such as: be arranged on the strategic server, PROXY is by specific protocol, as COPS, obtains corresponding configuration data or strategic server initiatively is issued on the PROXY from strategic server.
Under the other situation, these binding relationships may be based upon on the equipment such as soft switch.Such as: directly in user's configuration data of Softswitch, exist an expression to allow the information of the IP address field of user's access.Like this, be equivalent to set up corresponding relation between the registrable IP address field of each user ID information and this user.
In this case, if there is not PROXY equipment during networking, user's IP address information can be directly seen in soft switch just, then soft switch processing mode can be as follows: when receiving registration request from user, take out the IP address domain information of this user ID correspondence, IP address in user's register requirement and IP address field are compared, see whether belong to the address field that is limited.
If there is PROXY equipment, then because therefore the IP address that PROXY has made the IP address of terminal into PROXY needs to exist a cover agreement that user's IP address information is passed to soft switchcall server.The mode of transmitting can adopt the new proprietary protocol of definition to realize, also can expand prior protocols and realize.After real IP address information has been obtained in soft switch, can discern processing to IP address.In addition, also can remove directly to obtain user's id information, thereby take out the IP address domain information, compare by PROXY.
The present invention program not only can be applied to the NGN network, also can be applied in other by inserting the situation that IP network is roamed.
In addition, the present invention program can also prevent that user account number or password are stolen.Such as: software terminal is installed on the PC of public arenas such as Internet bar is carried out the VoIP business, when the user utilizes the computer of Internet bar to carry out services of roaming, the user can see some processes of running software on display, user's information like this, as id information etc., be easy to be illegally accessed, then these information taken to other local use.Like this, with all user ID and corresponding IP address, the IP address that be the Internet bar this moment bundlees, and just can prevent effectively that user ID is stolen by the inventive method.
The above only is preferred embodiment of the present invention, and is in order to restriction the present invention, within the spirit and principles in the present invention not all, any modification of being done, is equal to replacement, improvement etc., all should be included within protection scope of the present invention.

Claims (5)

1, a kind of method that prevents terminal use's illegal browse is characterized in that, comprising:
A) corresponding relation of the user ID information of foundation roaming authorized user and this user's registrable IP address field;
B) when receive include user ID information and IP address user register requirement after, judge whether the user ID information in the current register requirement is kept in the corresponding relation of described id information and registrable IP address field, if, then the id information of setting up by step a) is searched the corresponding registrable IP address field of user ID information, execution in step c then in the current register requirement with registrable IP address field corresponding relation); Otherwise, carry out the default process mechanism of non-roaming authorized user, jump out this flow process then;
C) judge the IP address that comprises in the current register requirement whether in the IP address field scope that step b) obtains, if, then carry out user registration process, otherwise, termination process.
2, method according to claim 1 is characterized in that, if the active user is not the roaming authorized user, judges then whether the default process mechanism of non-roaming authorized user allows registration, if then register; Otherwise, termination process.
3, method according to claim 1 is characterized in that, further comprises: according to the different roaming authorities of roaming authorized user, the id information that will have identical roaming authority user is divided into same ID group;
Described step a) is to set up the corresponding relation of user's registrable IP address field in each ID group and this ID group;
Step b) is described to be comprised after receiving registration request from user: judge ID group under this user ID information according to the user ID information in the register requirement, search this ID according to the corresponding relation of the registrable IP address field of user in ID group and this ID group and organize corresponding registrable IP address field.
4, method according to claim 3 is characterized in that, the id information that identical roaming authority user is set has identical ID feature, and described ID group is the id information set with identical ID feature of the identical roaming authority of representative.
According to claim 1 or 3 described methods, it is characterized in that 5, described id information is that telephone number or domain names or the two comprise simultaneously.
CNB2004100500530A 2004-06-29 2004-06-29 Method for preventing terminal user from illegal roaming Expired - Fee Related CN100355313C (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CNB2004100500530A CN100355313C (en) 2004-06-29 2004-06-29 Method for preventing terminal user from illegal roaming

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CNB2004100500530A CN100355313C (en) 2004-06-29 2004-06-29 Method for preventing terminal user from illegal roaming

Publications (2)

Publication Number Publication Date
CN1717095A CN1717095A (en) 2006-01-04
CN100355313C true CN100355313C (en) 2007-12-12

Family

ID=35822442

Family Applications (1)

Application Number Title Priority Date Filing Date
CNB2004100500530A Expired - Fee Related CN100355313C (en) 2004-06-29 2004-06-29 Method for preventing terminal user from illegal roaming

Country Status (1)

Country Link
CN (1) CN100355313C (en)

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102695173B (en) * 2012-06-15 2015-04-08 华为终端有限公司 Safety control method for accessing wireless network and terminal
CN103856941A (en) 2012-12-05 2014-06-11 腾讯科技(深圳)有限公司 Wireless network monitoring method and related device
CN104581655B (en) * 2014-12-31 2018-06-01 上海禹为通信技术有限公司 Multimedia message sending control system and its method under a kind of contingency mode
CN104602190B (en) * 2014-12-31 2018-06-01 上海禹为通信技术有限公司 A kind of multimedia message under contingency mode receives control system and its method

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2002025985A1 (en) * 2000-09-21 2002-03-28 Great Human Software Co., Ltd. International mobile communication roaming servicing system over the internet protocol
CN1353559A (en) * 2001-11-13 2002-06-12 西安西电捷通无线网络通信有限公司 Cross-IP internet roaming method for mobile terminal
WO2002080491A1 (en) * 2001-03-30 2002-10-10 Nokia Corporation Mechanism for managing mobility in telecommunication networks
CN1437361A (en) * 2002-02-07 2003-08-20 华为技术有限公司 Network access control method based on network address
WO2003075516A1 (en) * 2002-03-04 2003-09-12 Telenor Asa A system and method for controlling the access to an external network
KR20040054151A (en) * 2002-12-17 2004-06-25 정찬익 Apparatus for providing internet roaming service

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2002025985A1 (en) * 2000-09-21 2002-03-28 Great Human Software Co., Ltd. International mobile communication roaming servicing system over the internet protocol
WO2002080491A1 (en) * 2001-03-30 2002-10-10 Nokia Corporation Mechanism for managing mobility in telecommunication networks
CN1353559A (en) * 2001-11-13 2002-06-12 西安西电捷通无线网络通信有限公司 Cross-IP internet roaming method for mobile terminal
CN1437361A (en) * 2002-02-07 2003-08-20 华为技术有限公司 Network access control method based on network address
WO2003075516A1 (en) * 2002-03-04 2003-09-12 Telenor Asa A system and method for controlling the access to an external network
KR20040054151A (en) * 2002-12-17 2004-06-25 정찬익 Apparatus for providing internet roaming service

Also Published As

Publication number Publication date
CN1717095A (en) 2006-01-04

Similar Documents

Publication Publication Date Title
CN101379757B (en) Methods and systems for providing telephony services and enforcing policies in a communication network
US7062253B2 (en) Method and system for real-time tiered rating of communication services
US8375360B2 (en) Provision of services over a common delivery platform such as a mobile telephony network
US8291077B2 (en) Provision of services over a common delivery platform such as a mobile telephony network
CN100488098C (en) Information-processing apparatus and method
CN100512161C (en) Method for transmitting legal monitoring information
US9071505B2 (en) Method and system for dynamically allocating services for subscribers data traffic
EP4302504A1 (en) Methods, systems and computer readable media for resource object level authorization at a network function (nf)
US9036800B2 (en) Billing for calls and routing of billing information in an internet protocol multimedia subsystem
EP1869870B1 (en) Multi-operator telecommunication distribution of service content
US20080141355A1 (en) Sharing network access capacities across internet service providers
US20060161616A1 (en) Provision of services over a common delivery platform such as a mobile telephony network
CN102480487B (en) Multi-user on-line video game method based on authentication and system thereof
CN100355313C (en) Method for preventing terminal user from illegal roaming
SE524733C2 (en) Procedure and systems for retransmitting mobile IP services in a telecommunications system
CN105915665A (en) Method for managing a user in a telecommunication network, and associated device
CN104066086B (en) The method and device of voice communication
JP2004166226A (en) Method and system for controlling online access from terminal user to content service
WO2009006770A1 (en) Method of p2p node management
KR101247336B1 (en) Systm for providing network service and method thereof
CN100499838C (en) Method for controlling terminal user roaming in NGN network system
KR20050116789A (en) Policy based service management platform in the wireless internet
GB2422219A (en) A software development system
CN116760801A (en) IMS network-based data interaction system
GB2347045A (en) Gateway discovery

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20071212

Termination date: 20150629

EXPY Termination of patent right or utility model