CN100393166C - Method and device for realizing PHS wireless network positioning service hierarchical authentication - Google Patents
Method and device for realizing PHS wireless network positioning service hierarchical authentication Download PDFInfo
- Publication number
- CN100393166C CN100393166C CNB2004100098256A CN200410009825A CN100393166C CN 100393166 C CN100393166 C CN 100393166C CN B2004100098256 A CNB2004100098256 A CN B2004100098256A CN 200410009825 A CN200410009825 A CN 200410009825A CN 100393166 C CN100393166 C CN 100393166C
- Authority
- CN
- China
- Prior art keywords
- authentication
- positioning service
- address
- type
- positioning
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Images
Abstract
The present invention relates to a method and a device for realizing the multilevel authentication of a location service. Based on the existing set location service authentication standard, the present invention increases two authentication means, IP address connection authentication and location service type authentication, to enhance the safety of the location service in PHS wireless networks greatly and improve the safe development of the location service. By using the present invention, the safety of a locating system can be ensured from four aspects: connection access, personal identification, type mark and privacy authorization. At the same time, authentication strategies can be formulated flexibly and relevant authentication processes can be simplified in specific application situations. Compared with the prior art, a goal can be achieved without increasing new investment, and therefore, a powerful guarantee is provided for the safe development of location service business.
Description
Technical field
The present invention relates to a kind of implementation of wireless communication network system positioning service authentication, relate in particular to the implementation of PHS wireless network positioning business authentication.
Background technology
The location-based service business is along with the development in mobile communication technology and market becomes the focus of new business gradually, and the PHS radio local telephone network helps carrying out, promoting the wireless network location technology more and is basic location-based service value-added service owing to adopt the microcellulor technology.
Wireless network location system relates to many entities in concrete the application, as service provider SP, positioning service administrative center LSMC, location gateway GLC, GIS-Geographic Information System GIS etc.During concrete the application, be responsible for commencing business by SP service provider, and be connected the open network environment that may be present in Internet between SP and the location-based service administrative center LSMC, under such environment, if self is not protected expansion, be unsafe, diverse network is attacked, virus will constitute serious threat to the stable operation of equipment.Therefore, in order to guarantee normally carrying out of location-based service business, safety seems particularly important, and authentication provides a kind of powerful measure of safety assurance.
In order to help the development of PHS network site business, make things convenient in the business of PHS network site interconnected between each network element device and make things convenient for business function to provide, China Telecom has worked out the interface specification of each network element device in the PHS wireless network location service in succession.But only introduced the authentication mode that user identity identification, privacy of user are controlled two aspects at the positioning service authentication in the interface specification.Under present network environment, existing authentication mode is to guaranteeing that there is potential safety hazard in normally carrying out of positioning service.
Through retrieval, do not find the document and the patent of PHS wireless network positioning business authentication correlation technique at present as yet.
Summary of the invention
The purpose of this invention is to provide a kind of method and device of realizing the multistage authentication of positioning service,, and can promote the safety of positioning service to carry out with the fail safe of raising PHS wireless network positioning business.
In order to reach purpose of the present invention, the present invention not only comprises identification authentication and privacy of user authentication, but also comprises that the IP address connects authentication and/or positioning service type authentication.It is to carry out before described identification authentication step that described IP address connects authentication step, is meant that the IP address to inserting authenticates, and judges that it is whether in allowing the address realm that inserts; Described positioning service type authentication step is after described identification authentication step, carries out before the described privacy of user authentication step, is meant that the positioning service type judged in the Location Request is whether in the scope of business of permission.
According to said method of the present invention, comprise the steps:
The first step: service provider SP is initiated Location Request to positioning service administrative center LSMC, comprises the identity ID of SP and password in the Location Request and has caller and called party information;
Second step: LSMC obtains the IP address of SP;
The 3rd step: LSMC inserts the IP address and authenticates, if the 4th step was then continued in the IP address in allowing the address realm that inserts, otherwise changes step 8;
The 4th step: the SP identification, identity ID and the password of comparison SP, if compare OK then continued for the 5th step, otherwise step 8;
The 5th step: the positioning service type relatively compares the positioning service type in the Location Request, if type of service allows, then continues step 6, otherwise step 8;
The 6th step: privacy of user control is authorized, and judges the calling subscriber who initiates Location Request whether within the scope of subscriber authorisation that is positioned, if, step 7 then, otherwise step 8;
The 7th step: authentication is passed through;
The 8th step: failed authentication.
According to said method of the present invention, in described step 2, adopt TCP/IP to be connected between service provider SP and the positioning service administrative center LSMC, LSMC obtains SP from the SOCKET connection of the request of SP IP address.
According to said method of the present invention, in described step 3, after positioning service administrative center LSMC gets access to the IP address of service provider SP, judge at first whether this IP address is refusing within the IP address list scope that connects, if belong to the IP address that refusal connects, then authentification failure disconnects connection, directly changes step 8; If do not belong to the IP address that refusal connects, then whether continuation inspection belongs to the IP address that permission connects, if do not belong to the IP address range that allows connection, then failed authentication directly changes step 8; If belong to the scope that allows connection, then access authentication success continues step 4, can erect protection at the TCP/IP articulamentum like this, stops the access of illegal IP address.
According to said method of the present invention, in described step 5, the expenses standard that different positioning service types is corresponding different.
According to said method of the present invention, in described step 5, when type of service is divided into a plurality of subservice type, at first compare the positioning service type in the Location Request, if type of service allows, more sub-again positioning service type is to allow as fruit positioning service type, then continue step 6, otherwise step 8.
According to said method of the present invention, in described step 6, the own setting of user can be directly need not the Familiarity Number of password to oneself location, and the number beyond the Familiarity Number is located own, then needs to provide own preset password; According to caller that has in the positioning service request message and called party information, be that oneself locatees oneself if system is judged, then authentication is directly passed through; Otherwise check at first whether calling number belongs to the user's that is positioned Familiarity Number, if belong to Familiarity Number, then do not need the verification password, authentication is passed through; If do not belong to Familiarity Number, then continue the location password that brings in the verification Location Request, if the location password is correct, then enter step 7, authentication is passed through, otherwise enters step 8, failed authentication.
The present invention also provides a kind of device of realizing the multistage authentication of positioning service, it comprises the interface of SP of Connection Service provider and positioning service administrative center LSMC, in this interface, comprise identification authentication module, privacy of user authentication module, it is characterized in that, comprise also that in this interface the IP address connects authentication module and/or positioning service type authentication module, wherein said IP address connects authentication module and is used for the IP address of inserting is authenticated, and judges that it is whether in allowing the address realm that inserts; Described positioning service type authentication module is used for judging that the positioning service type of Location Request is whether in the scope of business that allows.
According to said apparatus of the present invention, also comprise sub-positioning service type authentication module in the described positioning service type authentication module, be used for when the positioning service type comprises a plurality of subservice type, judge that the subservice type is whether in the subservice scope that allows.
According to said apparatus of the present invention, also comprise accounting module in the described positioning service type authentication module, be used for different positioning service types is taked different Freight Basis.
The present invention connects authentication and/or two kinds of authentication means of positioning service type authentication by increased the IP address on established normative foundation, thereby strengthens the fail safe of PHS wireless network positioning business widely.This is a reason: on the one hand, because the Internet network is based on ICP/IP protocol, and also be to adopt TCP/IP to connect between each equipment of positioning service, the IP address of each equipment is fixed, therefore can pass through to limit the mode that allows limited IP address to insert, prevent that the IP of malice from connecting attack.On the other hand, positioning service is according to concrete application scenario, can be subdivided into many types of service, as inquire about transport information, the inquiry landmark information, location triggered service, inquire about other people position etc., operator is when commencing business, can be configured combination to concrete positioning service type and user, i.e. user's positioning service of allowing to carry out can be disposed, and the user can only enjoy the service that has been configured.
The present invention can provide safeguard to the safety of navigation system from connection access, identification, type identification, four aspects of privacy mandate preferably by adopting the multistage method for authenticating of this positioning service.Simultaneously, in concrete application scenario, can formulate authentication policy flexibly, reduce relevant authorizing procedure.Compared with prior art, need not increase new investment, as long as improve software, just can achieve the goal, carrying out for the location-based service service security provides strong assurance.
Description of drawings
Fig. 1 is that the present invention realizes the multistage method for authenticating realization flow of positioning service figure;
Fig. 2 is the structured flowchart that the present invention realizes the most preferred embodiment of the multistage authentication device of positioning service.
Embodiment
The present invention is described in further detail below in conjunction with accompanying drawing.
Fig. 1 is the multistage authentication realization flow of positioning service figure, and treatment step is as follows:
The first step: SP initiates Location Request.SP is as content supplier, and for the user provides concrete service, SP initiates Location Request to LSMC positioning service administrative center.
Second step: the IP address that obtains SP.Adopt TCP/IP to be connected between SP and the LSMC, LSMC can be easy to get access to the IP address of SP from SOCKET (socket) connection of request.
The 3rd step: IP address access authentication.After LSMC gets access to the IP address, judge at first whether is refusing within the IP address list scope that connects this IP address, if belong to the IP address that refusal connects, then authentification failure disconnects connection, directly changes step 8.If do not belong to the IP address that refusal connects, then whether continuation inspection belongs to the IP address that permission connects, if do not belong to the IP address range that allows connection, then failed authentication directly changes step 8.If belong to the scope that allows connection, then access authentication success continues step 4, can erect protection at the TCP/IP articulamentum like this, stops the access of illegal IP address.
The 4th step: SP identification.In the SP location request initiating, can be with sign ID and the password code of going up SP, system differentiates the identity of SP according to ID and password code, allocate legal ID and password to SP in advance if meet operator, then SP identification success continues step 5, otherwise the commentaries on classics step 8, failed authentication.
The 5th step: the positioning service type relatively.After the SP authentication is passed through, position the authentication of type of service, the Location Request each time that SP initiates should all belong to a certain positioning service type, and SP can obtain to carry out the qualification of one or more types of service, and this is distributed by operator.Operator can formulate different charging policy according to different types of service when giving the SP open service, type of service can also be divided the subservice type, so this step can continue to expand to subservice type authentication.Allow the business of carrying out if this positioning service type belongs to this SP, then the type of service authentication is passed through, and continues step 6, otherwise changes step 8, failed authentication.
The 6th step: privacy of user control is authorized.Whom each user can oneself set can directly locate and need not password (belonging to Familiarity Number) to oneself, if other people locate themselves, just need provide own preset password.In the positioning service request message, all can be with caller (initiator), called (side of being positioned) information, be that oneself locatees oneself if system is judged, then authentication is directly passed through.Otherwise check at first whether calling number belongs to the user's that is positioned Familiarity Number, if belong to Familiarity Number, then do not need the verification password, authentication is passed through.If do not belong to Familiarity Number, then continue the location password brought up in the verification Location Request, if the location password is correct, then walk step 7, authentication is passed through, otherwise step 8, failed authentication.
The 7th step: authentication is passed through.Flow process has arrived this step, illustrates that this positioning service is legal.
The 8th step: failed authentication.Illustrate that positioning service request authentication can not pass through, can return to SP to the authentication error reason by this step.
Fig. 2 is the structured flowchart that the present invention realizes the most preferred embodiment of the multistage authentication device of positioning service.The SP of Connection Service provider comprises that with the interface of positioning service administrative center LSMC the IP address is connected authentication module, identification authentication module, positioning service type authentication module, privacy of user authentication module.When SP when LSMC initiates Location Request, connect authentication module through described IP address, the IP address of inserting is authenticated, judge it whether in allowing the address realm that inserts, when in its address realm that is allowing to insert, then authentication is passed through; Next, through described identification authentication module, differentiate the identity of the SP that inserts according to the sign ID of SP and password code, when the identity of SP met operator and allocates in advance to the legal ID of SP and password, authentication was passed through; Next, through described positioning service type authentication module, judge positioning service type in the Location Request whether in the scope of business that allows, when belonging to the scope of business of permission, authentication is passed through; Next, through described privacy of user authentication module, judge whether calling number belongs to the user's that is positioned Familiarity Number, and, judge whether its password that provides is correct for the calling subscriber who does not belong in the Familiarity Number scope, if belong to Familiarity Number, then do not need the verification password, authentication is passed through.If do not belong to Familiarity Number, then continue the location password brought up in the verification Location Request, if the location password is correct, then authentication is passed through.And the Location Request of working as SP is not passed through in above-mentioned any one module, then all can failed authentication.By the authentication of above-mentioned four modules, improved the safety guarantee of navigation system widely.
In addition, in said apparatus, can also comprise sub-positioning service type authentication module in the described positioning service type authentication module, be used for when the positioning service type comprises a plurality of subservice type, judge that the subservice type is whether in the subservice scope that allows.Also comprise accounting module in the described positioning service type authentication module, be used for different positioning service types is taked different Freight Basis.
Foregoing only is an optimum implementation of the present invention, and it is not to be used for limiting the specific embodiment of the present invention, and all modification and changes of carrying out according to the main inventive concept of this method all should belong to the desired protection range of claims of the present invention.
Claims (10)
1. method that realizes the multistage authentication of PHS wireless network positioning business, comprise identification authentication and privacy of user authentication, it is characterized in that, comprise that also the IP address connects authentication and/or positioning service type authentication, it is to carry out before described identification authentication step that described IP address connects authentication step, be meant that the IP address to inserting authenticates, judge that it is whether in allowing the address realm that inserts; Described positioning service type authentication step is after described identification authentication step, carries out before the described privacy of user authentication step, is meant that the positioning service type judged in the Location Request is whether in the scope of business of permission.
2. according to the method for the multistage authentication of realization positioning service of claim 1, it is characterized in that, further comprise the steps:
The first step: the service provider initiates Location Request to positioning service administrative center, comprises service provider's identity and password in the Location Request and has caller and called party information;
Second step: positioning service administrative center obtains service provider's IP address;
The 3rd step: positioning service administrative center inserts the IP address and authenticates, if the 4th step was then continued in the IP address in allowing the address realm that inserts, otherwise changes step 8;
The 4th step: service provider identity is discerned, and compares service provider's identity and password, if compare OK then continued for the 5th step, otherwise step 8;
The 5th step: the positioning service type relatively compares the positioning service type in the Location Request, if type of service allows, then continues step 6, otherwise step 8;
The 6th step: privacy of user control is authorized, and judges the calling subscriber who initiates Location Request whether within the scope of subscriber authorisation that is positioned, if, step 7 then, otherwise step 8;
The 7th step: authentication is passed through;
The 8th step: failed authentication.
3. the method for the multistage authentication of realization positioning service according to claim 2 is characterized in that,
In described step 2, adopt TCP/IP to be connected between service provider and positioning service administrative center, positioning service administrative center obtains the service provider from the socket connection of service provider's request IP address.
4. the method for the multistage authentication of realization positioning service according to claim 2 is characterized in that,
In described step 3, after positioning service administrative center LSMC gets access to service provider's IP address, judge at first whether this IP address is refusing within the IP address list scope that connects, if belong to the IP address that refusal connects, then authentification failure disconnects connection, directly changes step 8; If do not belong to the IP address that refusal connects, then whether continuation inspection belongs to the IP address that permission connects, if do not belong to the IP address range that allows connection, then failed authentication directly changes step 8; If belong to the scope that allows connection, then access authentication success continues step 4, can erect anti-the expansion at the TCP/IP articulamentum like this, the access of prevention illegal IP address.
5. the method for the multistage authentication of realization positioning service according to claim 2 is characterized in that,
In described step 5, the expenses standard that different positioning service types is corresponding different.
6. the method for the multistage authentication of realization positioning service according to claim 2 is characterized in that,
In described step 5, when type of service is divided into a plurality of subservice type, the positioning service type in the Location Request at first relatively, if type of service allows, more sub-again positioning service type is to allow as fruit positioning service type, then continue step 6, otherwise step 8.
7. the method for the multistage authentication of realization positioning service according to claim 2 is characterized in that,
In described step 6, the own setting of user can be directly need not the Familiarity Number of password to oneself location, and the number beyond the Familiarity Number is located own, then needs to provide own preset password; According to caller that has in the positioning service request message and called party information, be that oneself locatees oneself if system is judged, then authentication is directly passed through; Otherwise check at first whether calling number belongs to the user's that is positioned Familiarity Number, if belong to Familiarity Number, then do not need the verification password, authentication is passed through; If do not belong to Familiarity Number, then continue the location password that brings in the verification Location Request, if the location password is correct, then enter step 7, authentication is passed through, otherwise enters step 8, failed authentication.
8. device of realizing the multistage authentication of positioning service, the interface that comprises Connection Service provider and positioning service administrative center, in this interface, comprise identification authentication module and privacy of user authentication module, it is characterized in that, comprise also that in this interface the IP address connects authentication module and/or positioning service type authentication module, wherein said IP address connects authentication module and is used for the IP address of inserting is authenticated, and judges that it is whether in allowing the address realm that inserts; Described positioning service type authentication module is used for judging that the positioning service type of Location Request is whether in the scope of business that allows.
9. the device of the multistage authentication of positioning service according to claim 8, it is characterized in that, also comprise sub-positioning service type authentication module in the described positioning service type authentication module, be used for when the positioning service type comprises a plurality of subservice type, judge that the subservice type is whether in the subservice scope that allows.
10. the device of the multistage authentication of positioning service according to claim 8 is characterized in that, also comprises accounting module in the described positioning service type authentication module, is used for different positioning service types is taked different Freight Basis.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNB2004100098256A CN100393166C (en) | 2004-11-19 | 2004-11-19 | Method and device for realizing PHS wireless network positioning service hierarchical authentication |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNB2004100098256A CN100393166C (en) | 2004-11-19 | 2004-11-19 | Method and device for realizing PHS wireless network positioning service hierarchical authentication |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN1780459A CN1780459A (en) | 2006-05-31 |
| CN100393166C true CN100393166C (en) | 2008-06-04 |
Family
ID=36770532
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CNB2004100098256A Expired - Fee Related CN100393166C (en) | 2004-11-19 | 2004-11-19 | Method and device for realizing PHS wireless network positioning service hierarchical authentication |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN100393166C (en) |
Families Citing this family (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101325583B (en) * | 2007-06-15 | 2012-08-08 | 华为技术有限公司 | Method for registering gateway address and mobility management entity |
| CN101370251A (en) * | 2007-08-17 | 2009-02-18 | 华为技术有限公司 | Access control method for private service access point, its network appliance and system |
| CN101437196B (en) * | 2007-11-13 | 2011-11-09 | 朗讯科技公司 | Position service information transmission of mobile packet mode |
| CN103546489B (en) * | 2013-11-05 | 2017-05-03 | 腾讯科技(武汉)有限公司 | Method, server and system for authority control |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| EP1428402A1 (en) * | 2001-09-14 | 2004-06-16 | Nokia Corporation | Authenticating ip paging requests as security mechanism |
| WO2004075504A1 (en) * | 2003-02-19 | 2004-09-02 | Saafnet Canada Inc | Internet privacy protection device |
| US20040225878A1 (en) * | 2003-05-05 | 2004-11-11 | Jose Costa-Requena | System, apparatus, and method for providing generic internet protocol authentication |
-
2004
- 2004-11-19 CN CNB2004100098256A patent/CN100393166C/en not_active Expired - Fee Related
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| EP1428402A1 (en) * | 2001-09-14 | 2004-06-16 | Nokia Corporation | Authenticating ip paging requests as security mechanism |
| WO2004075504A1 (en) * | 2003-02-19 | 2004-09-02 | Saafnet Canada Inc | Internet privacy protection device |
| US20040225878A1 (en) * | 2003-05-05 | 2004-11-11 | Jose Costa-Requena | System, apparatus, and method for providing generic internet protocol authentication |
Also Published As
| Publication number | Publication date |
|---|---|
| CN1780459A (en) | 2006-05-31 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| EP1833219B1 (en) | Methods, apparatus and software for using a token to calculate time-limited password within cellular telephone | |
| US8561139B2 (en) | Method and appartus for network security using a router based authentication | |
| EP2403283B1 (en) | Improved subscriber authentication for unlicensed mobile access signaling | |
| US9807579B2 (en) | Method that enables the user of a wireless telephone terminal to establish an emergency connection in a local network, and terminal and server for carrying out this method | |
| KR100564674B1 (en) | Method for securing over-the-air communication in a wireless system | |
| CN101632282B (en) | Blacklisting of unlicensed mobile access (UMA) users via AAA policy database | |
| CN101127659B (en) | Method for controlling online mobile terminal via user authentication in WiMAX system | |
| CN102415119B (en) | Managing undesired service requests in a network | |
| EP2375629B1 (en) | Method and apparatus for transmitting/receiving in emergency services | |
| CN105703910B (en) | Dynamic token verification method based on wechat service number | |
| CN104202338A (en) | Secure access method applicable to enterprise-level mobile applications | |
| EP2384038A1 (en) | Method, system and terminal device for realizing locking network by terminal device | |
| CN106790251A (en) | User access method and subscriber access system | |
| CN1268150C (en) | Method for establishing connection between terminal and operating mobile radio network, mobile radio network and terminal used in such method | |
| CN100393166C (en) | Method and device for realizing PHS wireless network positioning service hierarchical authentication | |
| CN101026869A (en) | Privacy control method for position service | |
| CN103621125A (en) | Systems and methods of integrating openid with a telecommunications network | |
| CN105873059A (en) | United identity authentication method and system for power distribution communication wireless private network | |
| WO2006079953A1 (en) | Authentication method and device for use in wireless communication system | |
| CN101562526B (en) | Method, system and equipment for data interaction | |
| EP3169033A1 (en) | Support of imei checking procedure for wlan access by an user equipment to 3gpp evolved packet core | |
| Huang et al. | One-pass authentication and key agreement procedure in IP multimedia subsystem for UMTS | |
| CN100349495C (en) | Adaptive hierarchical discrimination algorithm in LCS system | |
| CN115767538A (en) | Information verification method, information processing method, device and equipment | |
| CN101087326B (en) | A communication terminal registration method and system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| ASS | Succession or assignment of patent right |
Owner name: JINJIANG HIGH-TECH DEVELOPMENT OFFICE Free format text: FORMER OWNER: ZTE CORPORATION Effective date: 20131107 |
|
| C41 | Transfer of patent application or patent right or utility model | ||
| COR | Change of bibliographic data |
Free format text: CORRECT: ADDRESS; FROM: 518057 SHENZHEN, GUANGDONG PROVINCE TO: 362200 QUANZHOU, FUJIAN PROVINCE |
|
| TR01 | Transfer of patent right |
Effective date of registration: 20131107 Address after: Jinjiang City, Fujian province 362200 Chongde road Quanzhou City No. 283 friends Jade Technology Building Patentee after: Jinjiang high and new technology development office Address before: 518057 Nanshan District, Guangdong high tech Industrial Park, science and Technology Industrial Park, ZTE building, block A, layer 6, layer Patentee before: ZTE Corporation |
|
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20080604 Termination date: 20161119 |
|
| CF01 | Termination of patent right due to non-payment of annual fee |