CN101594276A - The business authorization method that is used for the IP Telecommunication Network system - Google Patents
The business authorization method that is used for the IP Telecommunication Network system Download PDFInfo
- Publication number
- CN101594276A CN101594276A CNA200810113164XA CN200810113164A CN101594276A CN 101594276 A CN101594276 A CN 101594276A CN A200810113164X A CNA200810113164X A CN A200810113164XA CN 200810113164 A CN200810113164 A CN 200810113164A CN 101594276 A CN101594276 A CN 101594276A
- Authority
- CN
- China
- Prior art keywords
- user
- business
- equipment
- edge gateway
- professional
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Abstract
The invention discloses a kind of business authorization method that is used for the IP Telecommunication Network system, prove the center and peripheral gateway device by subscriber equipment, business and cooperate realization.The user sends at the business demonstration of certain electric communication service to business demonstration center and asks, and this user of the heart channel of Hang-Shaoyin demonstration back affirmation has the power of using this telecommunication service in the professional demonstration, sends to the user and confirms response; The user receives and confirms response, sets up the control link with the edge gateway equipment of supporting this telecommunication service and is connected, and the subscriber authorisation book is issued this edge gateway equipment; Edge gateway device has under the situation of enough resources, at the access interface resource allocation, and the link layer between subscriber equipment and the edge gateway equipment is connected the datum plane ID relevant with this business associates.When the user brings into use a certain telecommunication service, at first connect with edge gateway equipment, after edge gateway equipment is discerned this user and is validated user, set up professional the connection with it, the user brings into use this telecommunication service.
Description
Technical field
The present invention relates to a kind of method of telecommunication user being carried out service authorization, relate in particular to a kind of in the IP Telecommunication Network system, prove the professional justification and authorization method that the center and peripheral gateway device cooperatively interacts and realizes by user's terminal equipment, business, belong to the telecommunication technology field.
Background technology
The IP Telecommunication Network system is that the inventor is the new ideas that propose in the patent of invention of ZL 200410037641.0 in the patent No..It adopts unique interior outer double-layer structure and double address addressing system, is not had connection data network (abbreviating the PTDN net as) and is positioned at outer field a plurality of IP network by at least one the multiple location that is positioned at internal layer and form, and also comprises a plurality of edge gateway equipments.IP network does not have the data network of connection by the multiple location of edge gateway equipment and this and is connected.Each multiple location does not have to connect in the data network and also comprises at least one address mapping device; Edge gateway equipment is finished mapping between double address by address mapping device.Multiple location does not have all devices that connects in the data network and edge gateway equipment and all is assigned one and answers the location and do not have the data of connection net address, all devices in the IP network and above-mentioned edge gateway equipment all are assigned the IP address, IP address and multiple location do not have the mapping relations that connect between the data net address and are kept among the interior address mapping table of address mapping device, connect between authenticated back of edge gateway equipment and the address mapping device.Do not have the data network of connection inside in multiple location and also have network management device, this network management device is managed multiple location does not simultaneously have access layer equipment, convergence-level equipment and the core layer equipment that connects in the data network.
Above-mentioned IP Telecommunication Network technical scheme is to make the transition and the special brand new technical system that proposes to the Next Generation Telecommunication Networks based on packet-switch technology at the conventional telecommunications net.Constantly developing in the process of this technical system, the inventor is with regard to the basic framework of IP Telecommunication Network system and realize method for communicating, realize the method for carrying out resource management method in the method, IP Telecommunication Network system of VPN and multicast functionality, the grouping that wherein transmits being carried out header-compressed based on the IP Telecommunication Network system, and a series of problems such as specific packet format that transmits in the IP Telecommunication Network system and realization mechanism thereof have been described in detail, and have not just given unnecessary details at this.
Novel I P bearer network based on the IP Telecommunication Network technical system can be used to carry a plurality of service networks, and can guarantee the bearer network resource that service network is required, to guarantee that service network can provide the user expected QoS, can effectively limit unauthorized user simultaneously and illegally use this business.For this reason, need to use this professional qualification to prove to the user before the user uses this business, can obtain to use the mandate of this business by the user of qualification demonstration, after the user obtained this professional right to use, the user just can use this business.But, how under the IP Telecommunication Network technical system, telecommunication user not to be carried out the concrete technical scheme of service authorization in the prior art.
At publication number is in the Chinese invention patent application of CN101132403, discloses a kind of business authorization method and server, and the user can be activated the service more easily, has reduced the cost of investment of operator.In this technical scheme, receive the use request of user terminal,, then register for this user terminal automatically if user terminal was not registered the business of being asked to business.Under situation about succeeding in registration, allow this user terminal to use institute's requested service.In the process of registering for user terminal, permit control.But this technical scheme can't be used under the IP Telecommunication Network technical system.
Summary of the invention
The purpose of this invention is to provide a kind of business authorization method that is used for the IP Telecommunication Network system.This method is proved the realization that cooperatively interacts of center and peripheral gateway device by user's terminal equipment, business.
For realizing above-mentioned goal of the invention, the present invention adopts following technical scheme:
A kind of business authorization method that is used for the IP Telecommunication Network system is proved the realization that cooperatively interacts of center and peripheral gateway device by subscriber equipment, business, it is characterized in that comprising the steps:
(1) user sends at the business demonstration of specific telecommunication service to business demonstration center and asks;
(2) after professional demonstration request is received at professional demonstration center, the power of using this telecommunication service is arranged, send to the user and confirm response, otherwise refusal sends to the user and confirms to respond if through proving after, confirm this user;
(3) user receives described affirmation response, sets up professional control link with professional ED equipment and is connected, and the subscriber authorisation book is issued this business ED equipment;
(4) there are enough resources to support under this professional situation at professional ED equipment,, and the link layer between subscriber equipment and the professional ED equipment is connected the datum plane ID relevant with this business associate at the access interface resource allocation;
When (5) user brings into use a certain telecommunication service by authorizing, at first connect with professional ED equipment, professional this user of ED recognition of devices is after the validated user, sets up professional the connection with it, and the user brings into use this telecommunication service.
Wherein, in described step (1) before, be unique IP address of described user equipment allocation.
In the described step (2), comprise the information of the professional ED equipment of subscriber authorisation book and this certain electric communication service of support in the described affirmation response.
Described subscriber authorisation book and professional ED facility information adopt double encryption technology.
Described double encryption technology refers to adopt first re-encryption between professional demonstration center and the subscriber equipment, and the user can decipher the information that the user must use that reads; The subscriber authorisation book adopts second re-encryption, and the user can not open the subscriber authorisation book.
The information that described user must use is the inventory and the IP address thereof of available ED equipment.
In the described step (4), determine specifically to use that datum plane ID according to service authorization.
In the described step (1), described telecommunication service does not comprise Internet service.
Business authorization method provided by the present invention can be guaranteed under the design framework of certain electric communication service, the user obtains credible and can expect the service of service quality, simultaneously can effectively limit unauthorized user and illegally use this certain electric communication service, thereby establish technical foundation for the commercial applications of IP Telecommunication Network technology.
Description of drawings
The present invention is further illustrated below in conjunction with the drawings and specific embodiments.
Fig. 1 is the composition structural representation of edge gateway equipment in the IP Telecommunication Network system;
Fig. 2 is the schematic flow sheet of this IP Telecommunication Network business authorization method.
Embodiment
IP Telecommunication Network business authorization method provided by the present invention is to prove the realization that cooperatively interacts of center and peripheral gateway device by user's terminal equipment (abbreviating subscriber equipment as), business in the IP Telecommunication Network system.Specific implementation process to this method describes below.
Before implementing this IP Telecommunication Network business authorization method, at first be that user's terminal equipment distributes an address.Because in the technical system of IP Telecommunication Network system, subscriber equipment all is to be distributed in as among the IP network of outer net, and therefore above-mentioned addresses distributed is the IP address that is used for IP network.Subscriber equipment can dispose by static state or dynamical fashion (as passing through DHCP) and obtain the IP address.For the ease of carrying out user's management, generally in communication process, no matter the user will use the how many kinds of business, all only uses an IP address.Certainly, do not get rid of the situation that allows the user to use different IP addresses respectively at different business yet.
Fig. 1 has shown the basic composition structure of the edge gateway equipment in the IP Telecommunication Network system.This edge gateway equipment is called for short ED equipment, by central processing module, communication resource configuration module, communication resource management and control module, packet reception/sending module, the packet header processing module, the network management interface module, power module, compositions such as database module, wherein central processing module is the critical function module that whole ED equipment is managed and controls, this central processing module respectively with remaining communication resource configuration module, communication resource management and control module, packet reception/sending module, the packet header processing module, the network management interface module, power module is connected with database module.Packet reception/sending module as with the interface of outside telecommunications network, be responsible for receiving and sending packet.The packet header processing module is connected with this packet reception/sending module, is used to realize the processing to the data packet head.Communication resource management and control module are the functional modules that is used to implement resource management and control.This module is connected with packet reception/sending module, to realize the management to the communication resource by the control to packet reception/transmission.Communication resource configuration module is connected with control module with communication resource management, so that realize pre-configured to the network service resource.
ED equipment is one of nucleus equipment in the IP Telecommunication Network.It is placed in Intranet (promptly again location the do not have the connection data network) edge of IP Telecommunication Network system, is used to handle the packet of I/O, and with the IP address with answer the location do not have be connected the data net address mapping relations to uploading among the ADT (address mapping device).In this ED equipment, the conversion of outer net address to interior net address carried out in grouping to data, at input packet carried out the encapsulation of outer header, removes outer header encapsulation, restoring data bag at output.Processing by to the data grouping can further come the configuration data plane according to service authorization, and can carry out cluster to the IP network address of being administered.About further specifying of this ED equipment, can just not describe in detail at this referring to the applicant with regard to the related content in a series of patent applications of IP Telecommunication Network technical system proposition.
The effect that ED equipment is brought into play in this IP Telecommunication Network business authorization method is mainly reflected in aspect two.At first, owing in the IP bearer network of realizing based on the IP Telecommunication Network system, use datum plane ID as unique mark for marking, management and specific data-plane resource of control.The mandate of the use business that ED equipment will obtain according to the user, with associate for the predetermined datum plane ID of this business, thereby guarantee that under this professional design framework the user can obtain expected confidence in security and can expect the service of service quality.On the other hand, the mandate that the user obtains is that the user can not change, i.e. the power of attorney of user's acquisition is to adopt encryption technology to encrypt, and the user can not change.The user delivers the power of attorney to ED equipment.After the ED device decrypts, determine the right to use of user's corresponding service according to the mandate of the power of attorney, and with the user with associate for the predetermined datum plane ID of this business.
In implementing process of the present invention, the professional demonstration center link that also is absolutely necessary.The effect at this business demonstration center is similar to the right discriminating system in the existing telecommunication technology.When the user will use the new business that this IP bearer network provided, need carry out professional justification and authorization by business demonstration center.Have only the user who obtains this service authorization could use this business, otherwise just have no right to use this business.In the concrete process of implementing, this business demonstration center can be a database of depositing the corresponding relation of the business that userspersonal information and this user have the right to use.
Below with reference to shown in Figure 2, introduce the specific implementation process of the professional justification and authorization method at the IP Telecommunication Network user provided by the present invention.
The user can use multiple business simultaneously in communication process.When the user by interface modes such as user interface selected to use a certain professional the time, he at first sends business demonstration request at the certain electric communication service to business demonstration center.This business demonstration request comprises indispensable userspersonal information, the service code that sets in advance and user device IP address.
After professional demonstration center receives the business demonstration request at the certain electric communication service that the user sends, if confirm this user through proving after this professional power of use is arranged, i.e. the affirmation that sends user's demonstration to the user responds; Otherwise sending to the user, refusal confirms response.The corresponding information that comprises the subscriber authorisation book and support the ED equipment (abbreviating professional ED equipment as) of this certain electric communication service in this affirmation response.Wherein, the corresponding information of subscriber authorisation book and professional ED equipment is encrypted.Ciphering process herein can adopt asymmetric-key encryption, and can adopt double encryption technology.Double encryption technology is meant between professional demonstration center and the user and adopts first re-encryption, and the user can decipher the information that the user must use that reads, as the inventory of available ED equipment and IP address thereof etc.; The subscriber authorisation book adopts second re-encryption, and the user can not open the subscriber authorisation book, can not change the content of subscriber authorisation book to guarantee the user.
The user receives the affirmation response of user's demonstration of sending at professional demonstration center, the information that the user must use is read in deciphering, as the inventory of professional ED equipment and IP address thereof etc., set up professional control link according to the IP address of its professional ED equipment that provides with the professional ED equipment of supporting this certain electric communication service and be connected, and subscriber authorisation book and its own IP address are issued this business ED equipment.
Professional ED equipment receives that the subscriber authorisation postscript that the user sends implements decryption oprerations to this power of attorney, and the corresponding port of the information check ED equipment that provides according to the subscriber authorisation book has or not enough network transmission resource can be for this professional use.If there are not enough network transmission resource, professional ED equipment can be refused the professional connection of this time, this means the professional failure of setting up; If professional ED equipment has enough resources can support this business, will set up the multilink layer again for this business and connect.ED equipment is at the access interface resource allocation, and the datum plane that the connection of the link layer between subscriber equipment and the professional ED equipment is relevant with this business (comprising: control, management, real-time and non-real-time data plane) ID associates.Concrete that datum plane ID that uses then determines according to service authorization.
The user bring into use a certain by demonstration and authorize professional the time, at first connect with professional ED equipment.Whether professional ED equipment is discerned this user according to information such as user device IP address is the validated user of a certain concrete business, if then with the terminal of this subscriber equipment as the link layer connection, set up professional the connection with it.
The professional connection after the foundation, the user can carry out this professional communication process.Link layer between user and the professional ED equipment is connected in the communication process and remains.Business or non-real-time service for not needing resource to guarantee can use the non-real-time data plane.Business or non-real-time service for needing resource to guarantee can use the real time data plane.Each concrete professional needed communication resource etc., professional ED equipment can obtain from the information that this professional subscriber authorisation book is provided.
Need to prove,, existing Internet service can be handled as a kind of acquiescence business in order to realize seamlessly transitting and compatibility with existing Internet service.User's internet usage business can not carried out the business demonstration and be authorized.But, then need by professional justification and authorization if introduce the Internet service that peculiar business prototype is arranged of a new generation.
Above the business authorization method that is used for the IP Telecommunication Network system of the present invention is had been described in detail.For one of ordinary skill in the art, any conspicuous change of under the prerequisite that does not deviate from connotation of the present invention it being done all will constitute to infringement of patent right of the present invention, with corresponding legal responsibilities.
Claims (8)
1. business authorization method that is used for the IP Telecommunication Network system is proved the realization that cooperatively interacts of center and peripheral gateway device by subscriber equipment, business, it is characterized in that comprising the steps:
(1) user sends at the business demonstration of certain electric communication service to business demonstration center and asks;
(2) after professional demonstration request is received at professional demonstration center, the power of using this telecommunication service is arranged, send to the user and confirm response, otherwise refusal sends to the user and confirms to respond if through proving after, confirm this user;
(3) user receives described affirmation response, sets up professional control link with the edge gateway equipment of supporting this telecommunication service and is connected, and the subscriber authorisation book is issued this edge gateway equipment;
(4) edge gateway device has enough resources to support under the situation of this telecommunication service, at the access interface resource allocation, and the link layer between subscriber equipment and the edge gateway equipment is connected the datum plane ID relevant with this business associates;
When (5) user brings into use a certain telecommunication service by authorizing, at first connect with edge gateway equipment, it is after the validated user that edge gateway equipment is discerned this user, sets up professional the connection with it, and the user brings into use this telecommunication service.
2. the business authorization method that is used for the IP Telecommunication Network system as claimed in claim 1 is characterized in that:
In described step (1) before, be unique IP address of described user equipment allocation.
3. the business authorization method that is used for the IP Telecommunication Network system as claimed in claim 1 is characterized in that:
In the described step (2), comprise the information of the edge gateway equipment of subscriber authorisation book and this certain electric communication service of support in the described affirmation response.
4. the business authorization method that is used for the IP Telecommunication Network system as claimed in claim 3 is characterized in that:
Described subscriber authorisation book and edge gateway equipment information adopt double encryption technology.
5. the business authorization method that is used for the IP Telecommunication Network system as claimed in claim 4 is characterized in that:
Described double encryption technology refers to adopt first re-encryption between professional demonstration center and the subscriber equipment, and the user can decipher the information that the user must use that reads; The subscriber authorisation book adopts second re-encryption, and the user can not open the subscriber authorisation book.
6. the business authorization method that is used for the IP Telecommunication Network system as claimed in claim 5 is characterized in that:
The information that described user must use is the inventory and the IP address thereof of available edge gateway equipment.
7. the business authorization method that is used for the IP Telecommunication Network system as claimed in claim 1 is characterized in that:
In the described step (4), determine specifically to use that datum plane ID according to service authorization.
8. the business authorization method that is used for the IP Telecommunication Network system as claimed in claim 1 is characterized in that:
In the described step (1), described telecommunication service does not comprise Internet service.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN200810113164XA CN101594276B (en) | 2008-05-28 | 2008-05-28 | Business authorization method for IP telecommunication network system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN200810113164XA CN101594276B (en) | 2008-05-28 | 2008-05-28 | Business authorization method for IP telecommunication network system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN101594276A true CN101594276A (en) | 2009-12-02 |
| CN101594276B CN101594276B (en) | 2011-10-12 |
Family
ID=41408734
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN200810113164XA Expired - Fee Related CN101594276B (en) | 2008-05-28 | 2008-05-28 | Business authorization method for IP telecommunication network system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101594276B (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2022057736A1 (en) * | 2020-09-16 | 2022-03-24 | 华为技术有限公司 | Authorization method and device |
-
2008
- 2008-05-28 CN CN200810113164XA patent/CN101594276B/en not_active Expired - Fee Related
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2022057736A1 (en) * | 2020-09-16 | 2022-03-24 | 华为技术有限公司 | Authorization method and device |
| CN114268943A (en) * | 2020-09-16 | 2022-04-01 | 华为技术有限公司 | Authorization method and device |
Also Published As
| Publication number | Publication date |
|---|---|
| CN101594276B (en) | 2011-10-12 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101321383B (en) | Communication system and method, household base station gateway and home subscriber server | |
| US9059841B2 (en) | Auto-discovery of a non-advertised public network address | |
| CN102292959B (en) | Media data transmission method, device and system based on ott | |
| CN100361475C (en) | Method and system for establishing connection between network elements | |
| US7522907B2 (en) | Generic wlan architecture | |
| CN110266576B (en) | Voice communication method and device | |
| CN100413273C (en) | Method for WiMAX network accessing Internet protocol multimedia subdomain | |
| US6912593B2 (en) | Information switching platform | |
| CN101212374A (en) | Method and system for remote access to campus network resources | |
| CN101578828A (en) | Roaming Wi-Fi access in fixed network architectures | |
| CN106210034B (en) | A kind of intelligent terminal management-control method and system based on IMS enterprise network | |
| CN103023856B (en) | Method, system and the information processing method of single-sign-on, system | |
| CN102113405A (en) | Method for personal network service configuration and system for personal network service configuration | |
| CN103039038A (en) | Method and system for efficient use of a telecommunication network and the connection between the telecommunications network and a customer premises equipment | |
| CN102474722B (en) | Method and equipment for authenticating subscriber terminal | |
| CN1650554A (en) | Information routing device having an auto-configuration feature | |
| CN103209462A (en) | Mobile communication method, mobile communication server and mobile communication system | |
| CN103069750B (en) | The method and system of the connection for being efficiently used between communication network and this communication network and customer rs premise equipment | |
| CN1659558B (en) | Broker-based interworking using hierarchical certificates | |
| CN101800686A (en) | Method, device and system for realizing service | |
| CN100568836C (en) | According to terminal type is the method and the server of terminal distribution local area network (LAN) resource | |
| CN103442450B (en) | Wireless communications method and Wireless Telecom Equipment | |
| CN101594276B (en) | Business authorization method for IP telecommunication network system | |
| CN108259249A (en) | Method for network access, router, terminal device, server and network system | |
| JP2012070225A (en) | Network relay device and transfer control system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20111012 Termination date: 20150528 |
|
| EXPY | Termination of patent right or utility model |