CN102918878B - File transmitting method and device - Google Patents
File transmitting method and device Download PDFInfo
- Publication number
- CN102918878B CN102918878B CN201180001436.7A CN201180001436A CN102918878B CN 102918878 B CN102918878 B CN 102918878B CN 201180001436 A CN201180001436 A CN 201180001436A CN 102918878 B CN102918878 B CN 102918878B
- Authority
- CN
- China
- Prior art keywords
- user
- equipment
- imsi
- binding relationship
- subscriber equipment
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W8/00—Network data management
- H04W8/02—Processing of mobility data, e.g. registration information at HLR [Home Location Register] or VLR [Visitor Location Register]; Transfer of mobility data, e.g. between HLR, VLR or external networks
- H04W8/08—Mobility data transfer
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/06—Authentication
- H04W12/062—Pre-authentication
Abstract
Embodiments provide a kind of file transmitting method and device, relate to the communications field, described method comprises: receive the authentication request from first user equipment, identify according to this first user, home subscriber servers HSS to this first user sends the request of user's binding authentication, makes the HSS of this first user judge that whether the IMSI of this first user equipment is legal with the binding relationship of this first user mark according to the binding relationship of the IMSI preserved and user ID; When the HSS of this first user determines that the IMSI of this first user equipment and the binding relationship of this first user mark are legal, the IMSI of this first user equipment and the binding relationship of this first user mark is downloaded from the HSS of this first user, and after first user equipment and the second subscriber equipment are set up and communicated, when receiving the message from this first user equipment, the message of the binding relationship meeting download is sent to the second subscriber equipment.The present invention prevents the generation that in data transmission procedure, user ID is forged, and improves the fail safe of transfer of data.
Description
Technical field
The present invention relates to the communications field, particularly a kind of file transmitting method and device.
Background technology
Along with the appearance of mobile device a large amount of in the Internet, unique user has the situation that multiple equipment has become very common, in order to solve the problem of the Internet in mobility, many hosts and fail safe etc., propose a kind of user ID and address separation scheme UIP (UserIdentifierProtocol, user ID agreement), network is divided into multiple territory by UIP framework, and introduce the service of two global scope, be by the mapping services of user ID to address and the data encapsulation/de-encapsulation services of territory egress router respectively.Under UIP framework, all access users are all assigned with unique user ID, and communicating pair connects with respective user ID, obtained the address of opposite end, and realized the transmission of data message by the encapsulation/decapsulation of territory egress router by query mappings.The program relieves the defect being limited to address or equipment in current internet communication, can well solve the problems such as above-described mobility, many hosts and the many equipment of single user.
Realizing in process of the present invention, inventor finds that prior art at least exists following problem:
In prior art, the UIP be deployed in LTE (LongTermEvolution, Long Term Evolution) framework cannot prevent the forgery of user ID when communicating.Because network does not carry out certification to the mark of user, assailant arbitrarily can send the message of forgery user ID to reach the effect of identity personation, and implements network attack on this basis, and cause serious consequence, fail safe is low.
Summary of the invention
In order to improve the fail safe of transfer of data, embodiments provide a kind of file transmitting method and device.Described technical scheme is as follows:
A kind of file transmitting method, comprising:
Receive the authentication request from first user equipment, described authentication request carries international mobile subscriber identity IMSI and the first user mark of described first user equipment, and described first user mark is for identifying the first user using described first user equipment;
Identify according to described first user, home subscriber servers HSS to described first user sends the request of user binding authentication, makes the HSS of described first user judge that whether the binding relationship of the IMSI of described first user equipment and described first user mark is legal according to the binding relationship of the IMSI preserved and user ID; IMSI and the first user mark of described subscriber equipment are carried in the request of described user's binding authentication;
When the HSS of described first user determines that the binding relationship of the IMSI of described first user equipment and described first user mark is legal, the IMSI of described first user equipment and the binding relationship of described first user mark is downloaded from the HSS of described first user, and after first user equipment and the second subscriber equipment to be set up according to LTE framework and communicated, when receiving the message from described first user equipment, the message of the binding relationship meeting download is sent to the second subscriber equipment.
A kind of file transmitting method, comprising:
Receive the user's binding authentication request from MME; Described authentication request carries IMSI and the first user mark of described first user equipment;
The IMSI preserved according to this locality and the binding relationship of user ID judge that whether the binding relationship of the IMSI of described first user equipment and described first user mark is legal;
If, the binding relationship of the IMSI of described first user equipment and described first user mark is downloaded to described MME, make after described first user equipment and the second subscriber equipment to be set up according to LTE framework and communicated, when described MME receives the message from described first user equipment, the message of the binding relationship meeting download is sent to described second subscriber equipment.
A kind of network equipment, comprising:
Receiver module, for receiving the authentication request from first user equipment, described authentication request carries international mobile subscriber identity IMSI and the first user mark of described first user equipment, and described first user mark is for identifying the first user using described first user equipment;
User's binding authentication request sending module, for identifying according to described first user, home subscriber servers HSS to described first user sends the request of user binding authentication, makes the HSS of described first user judge that whether the binding relationship of the IMSI of described first user equipment and described first user mark is legal according to the binding relationship of the IMSI preserved and user ID; IMSI and the first user mark of described subscriber equipment are carried in the request of described user's binding authentication;
Download module, when binding relationship for the IMSI and described first user mark that determine described first user equipment as the HSS of described first user is legal, download the IMSI of described first user equipment and the binding relationship of described first user mark from the HSS of described first user;
Communication building block, for setting up communicating of first user equipment and the second subscriber equipment according to LTE framework;
Message processing module (MPM), after setting up at first user equipment and the second subscriber equipment and communicating, when receiving the message from described first user equipment, sends to the second subscriber equipment by the message of the binding relationship meeting download.
A kind of network side server, comprising:
Receiver module, for receiving the user's binding authentication request from MME; Described authentication request carries IMSI and the first user mark of described first user equipment;
Judge module, the binding relationship for the IMSI that preserves according to this locality and user ID judges that whether the binding relationship of the IMSI of described first user equipment and described first user mark is legal;
Download module, if the judged result for described judge module is that the binding relationship of the IMSI of described first user equipment and described first user mark is legal, the binding relationship of the IMSI of described first user equipment and described first user mark is downloaded to described MME, make after described first user equipment and the second subscriber equipment to be set up according to LTE framework and communicated, when described MME receives the message from described first user equipment, the message of the binding relationship meeting download is sent to described second subscriber equipment.
The beneficial effect of the technical scheme that the embodiment of the present invention provides is:
By carrying out binding authentication according to the binding relationship between the subscriber equipment preserved in advance and user to subscriber equipment, and when the binding relationship certification of subscriber equipment is legal, this binding relationship is utilized to carry out validity checking to message, the message meeting binding relationship is sent to object equipment, prevent the generation that in data transmission procedure, user ID is forged, improve the fail safe of transfer of data.
Accompanying drawing explanation
Fig. 1 be the embodiment of the present invention 1 provide a kind of flow chart of file transmitting method;
Fig. 2 be the embodiment of the present invention 1 provide a kind of flow chart of file transmitting method;
Fig. 3 be the embodiment of the present invention 1 provide a kind of flow chart of file transmitting method;
The structural representation of a kind of network equipment that Fig. 4 provides for the embodiment of the present invention;
The structural representation of a kind of network equipment that Fig. 5 provides for the embodiment of the present invention;
The structural representation of a kind of network equipment that Fig. 6 provides for the embodiment of the present invention;
The structural representation of a kind of network equipment that Fig. 7 provides for the embodiment of the present invention;
The structural representation of a kind of network side server that Fig. 8 provides for the embodiment of the present invention;
The structural representation of a kind of network side server that Fig. 9 provides for the embodiment of the present invention;
The structural representation of a kind of network side server that Figure 10 provides for the embodiment of the present invention.
Embodiment
For making the object, technical solutions and advantages of the present invention clearly, below in conjunction with accompanying drawing, embodiment of the present invention is described further in detail.
The flow chart of a kind of file transmitting method that Fig. 1 a provides for the embodiment of the present invention.See Fig. 1 b, in the lte networks, comprise: the second subscriber equipment IMSIB1 that the first user equipment I MSIA1 that first user UIDA is using, the second user UIDB are using, MME (MobilityManagementEntity, mobile management entity)/SGW (ServingGateway, gateway), the HSS of first user and the HSS of the second user, the executive agent of this this embodiment of MME be MME see Fig. 1, the method comprises:
101, the authentication request from first user equipment is received, this authentication request carries the IMSI (InternationalMobileSubscriberIdentity of this first user equipment, international mobile subscriber identity) and first user mark, this first user mark is for identifying the first user using this first user equipment;
In the present embodiment, each user in network is assigned with the unique user ID of the overall situation and is used for identifying user identity, is called UID (UserIdentifier).The subscriber equipment of each support UIP stores the mark of its user, the i.e. UID of user.UID can write in the SIM card of subscriber equipment in advance, also manually can be configured in subscriber equipment by its UID by user.The present invention uses IMSI (InternationalMobileSubscriberIdentity) in mobile communications network for identifying user equipment.Subscriber equipment can be the mobile terminal in network, the entity etc. with communication function.The LTE network of the present embodiment comprises: the first user equipment that first user is using and the second subscriber equipment that the second user is using, and for carrying out the MME of relaying.Before this step 101, built vertical communication between this first user equipment and second subscriber equipment, in order to improve the fail safe that message sends, prevent the generation that in data transmission procedure, user ID is forged, first user equipment needs the certification through MME, this process is different from authentication process part conventional in prior art and is, first user equipment also carries first user mark in the authentication request sent.
102, identify according to this first user, to the HSS (HomeSubscriberServer of this first user, home subscriber servers) send the request of user's binding authentication, make the HSS of this first user judge that whether the IMSI of this first user equipment is legal with the binding relationship of this first user mark according to the binding relationship of the IMSI preserved and user ID; IMSI and the first user mark of this subscriber equipment are carried in this user's binding authentication request;
Under LTE framework, the HSS that the equipment that the corresponding HSS of each user, the HSS of this user can have for this user belongs to.
In the present embodiment, MME identifies according to first user, inquire about the HSS that this first user mark is corresponding, obtain the HSS of first user, the HSS of this first user preserves the binding relationship of user ID UID and IMSI, unique user can bind multiple subscriber equipment simultaneously, and namely a user ID UID can corresponding multiple IMSI.This binding relationship is static, the mode under line can be adopted to realize, preferably, the embodiment of the present invention uses user's binding table to store the binding relationship of the IMSI of UID and subscriber equipment, see table 1, table 1 is an example of user's binding table, and the corresponding multiple equipment of UIDA, shows as UIDA corresponding IMSIA1, IMSIB1 etc. in Table 1.
Table 1
It should be noted that, HHS also safeguards the mapping relations of each user to its current used subscriber equipment, by the mapping relations of UID and IMSI.Unique user can map to multiple equipment simultaneously, and namely a UID can corresponding multiple IMSI.Further, this mapping dynamically updates when can be switched the subscriber equipment of use by user.
Preferably, the embodiment of the present invention uses user's mapping table to store the mapping relations of UID to the IMSI of the subscriber equipment of current use, see table 2, table 2 is an example of user's mapping table, the corresponding equipment of UIDA, the corresponding multiple equipment of UIDB, shows as UIDB corresponding IMSIB1, IMSIB2 in Table 1.
Table 2
103, when the HSS of this first user determines that the binding relationship of the IMSI of this first user equipment and this first user mark is legal, the IMSI of this first user equipment and the binding relationship of this first user mark is downloaded from the HSS of this first user, and after first user equipment and the second subscriber equipment are set up and communicated, when receiving the message from this first user equipment, the message of the binding relationship meeting download is sent to the second subscriber equipment.
The method that the present embodiment provides, by carrying out binding authentication according to the binding relationship between the subscriber equipment preserved in advance and user to subscriber equipment, and when the binding relationship certification of subscriber equipment is legal, this binding relationship is utilized to carry out validity checking to message, the message meeting binding relationship is sent to object equipment, prevent the generation that in data transmission procedure, user ID is forged, improve the fail safe of transfer of data.
The flow chart of a kind of file transmitting method that Fig. 2 provides for the embodiment of the present invention.The interaction agent of this embodiment be first user equipment, the HSS of first user, the second user that first user is using using the second subscriber equipment, the HSS of the second user, source MME.See Fig. 2, this embodiment comprises:
201, first user equipment sends authentication request to source MME, and this authentication request carries international mobile subscriber identity IMSI and the first user mark of this first user equipment, and this first user mark is for identifying the first user using this first user equipment;
In embodiments of the present invention, when carrying out certification to subscriber equipment, be with the difference of EPS-AKA agreement, in authentication request, add first user mark, MME utilizes first user to identify and the IMSI of first user equipment carries out binding authentication to first user equipment.In this process of transmitting, new field can be increased in authentication request message, UID and IMSI is placed in the new field of authentication request message; Also can implicit expression UID and IMSI be uploaded, as uploaded some designated character, finally being carried out the calculating of preset algorithm according to designated character by HSS, obtaining final IMSI and UID.
202, MME receives the authentication request from first user equipment; This authentication request carries international mobile subscriber identity IMSI and the first user mark of this first user equipment, and this first user mark is for identifying the first user using this first user equipment;
203, MME identifies according to this first user, and the home subscriber servers HSS to this first user sends the request of user's binding authentication; IMSI and the first user mark of this subscriber equipment are carried in this user's binding authentication request;
Those skilled in the art can be known, there are user ID and this user ID mapping relations to its HHS this locality.
204, the HSS of first user receives the request of user's binding authentication, and judges that whether the IMSI of this first user equipment is legal with the binding relationship of this first user mark according to the binding relationship of the IMSI preserved and user ID;
In the present embodiment, HSS has the function storing user's binding relationship and user's mapping relations.Each HSS is user's binding table that its user of ownership stores its static state, user's binding table comprises the binding relationship between user and subscriber equipment, store and correct maintenance user mapping table, user's mapping table comprises the mapping relations between subscriber equipment that user and this user using simultaneously.
205, the HSS of first user feeds back judged result to MME;
In the present embodiment, if bind legal; return authentication success message, otherwise return authentication failed message also terminates identifying procedure;
206, when judged result be binding relationship legal time, MME downloads the binding relationship of the IMSI of this first user equipment and this first user mark from the HSS of first user;
207, MME proceeds the follow-up flow process of EPC-AKA authentication protocol, namely to the HSS request authentication data of subscriber equipment, and and between subscriber equipment, complete Challenge-response and key agreement;
The embodiment of the present invention increases the process to user's binding authentication in this identifying procedure, and certification completes between the HSS of the current use equipment of subscriber equipment, local MME, user HSS and user.
In the present embodiment, relative to LTE framework, in the process of user's binding authentication, subscriber equipment carries the UID of user in authentication request message, when MME receives this authentication request, sends the message of user's binding authentication to user HSS; Inquire about local user's binding table by user HSS according to user UID and the binding relationship of UID and IMSI received is judged, again judged result is returned MME, when judged result be binding relationship legal time, user location MME/SGW downloads this binding relationship.
The verification process of above-mentioned steps 201-207 can perform when first user equipment networks, and this verification process only need carry out before first user equipment initiating communication, and the embodiment of the present invention is not specifically limited.
208, first user equipment initiating communication request, communication request carries first user mark, the second user ID;
In the present embodiment, source is first user equipment, and destination is the second subscriber equipment; Those skilled in the art can be known, this communication request also comprises source port mark and destination interface mark.
209, source MME receives this communication request, and obtains according to the second user ID the second subscriber equipment that this second user using;
It should be noted that, because first user equipment is legal by source MME certification, so when source MME receives this communication request, allow first user equipment to set up with the second subscriber equipment and communicate.
Particularly, this step 209 comprises: source MME receives this communication request, and according to the HSS initiation map locating of the second user ID in this communication request to the second user, the HSS of the second user obtains the presently used subscriber equipment IMSI of the second user according to the user's mapping table preserved, and returns source MME; Wherein, user's mapping table is user's mapping relations of being somebody's turn to do in step 102, and the present embodiment does not repeat.Illustrate, MME initiates map locating to the HSS of user UIDC, and it is IMSIC1 that HHS obtains subscriber equipment corresponding to this UIDC according to table 2 inquiry, then IMSIC1 is fed back to first user equipment.
210, communication is set up between first user equipment and the second subscriber equipment;
Those skilled in the art can be known, the process of this foundation communication is carried out according to the communication process of LTE framework itself.
Relative to LTE framework, this communication process is that mark sets up communication connection by the UID of source user equipment and object subscriber equipment, and MME initiates map locating according to object subscriber equipment UID, and obtains the function of respective user equipment IMSI.
When MME receives the message from this first user equipment, perform step 211;
211, when MME receives the message from this first user equipment, the message of the binding relationship meeting download is sent to the second subscriber equipment by MME;
Particularly, when MME receives the message from this first user equipment, check this message according to the binding relationship of this download, when the binding relationship of the IMSI comprised in this message and user ID meets the binding relationship of this download, this message is sent to the second subscriber equipment; When the IMSI comprised in this message and the binding relationship of user ID do not meet the binding relationship of this download, abandon this message.
If the success of user's binding authentication, then the user location MME/SGW corresponding binding relationship that can obtain from user HSS.In follow-up data transmission procedure, owing to comprising UID and IMSI information in the message of telex network simultaneously, user location MME/SGW just can check the legitimacy of UID and IMSI corresponding relation in user's message accordingly, prevents the generation that user ID is forged.If user uses the UID of forgery to send data, corresponding message will be detected as illegal and abandon.
In data plane, the EPS-AKA agreement of LTE itself can produce corresponding key to protect integrality and the confidentiality of subscriber data traffic, and the privacy realizing equipment and user identifier is maintained secrecy; Method provided by the invention can the forgery of simultaneously prevention device and user ID.Because the UIP be deployed in LTE framework is lower in control plane fail safe, namely the fail safe of the mapping table from user ID to its equipment that UIP safeguards is difficult to ensure, at control plane, UIP needs to ensure that user is to the correctness of its current used device map relation, i.e. the correctness of user's mapping table that stores of user HSS.After subscriber equipment have passed user's binding authentication, the present invention also comprises the flow process of user's map updating, this flow process at subscriber equipment, complete between local MME and user HSS, as shown in Figure 3:
301, when first user is switched to the 3rd subscriber equipment from first user equipment, the 3rd subscriber equipment sends map updating request to local MME, and the IMSI of first user mark and the 3rd subscriber equipment is carried in this map updating request; 3rd subscriber equipment is the subscriber equipment of the current use of this first user;
302, when receiving the map updating request of this first user, check that whether the binding relationship of the IMSI of this first mapped identification and the 3rd subscriber equipment is legal; If so, step 303 is performed;
In the present embodiment, the IMSI of first user mark and the 3rd subscriber equipment is carried in this map updating request; 3rd subscriber equipment is the subscriber equipment of the current use of this first user;
303, MME/SGW is by this map updating request forward to the HSS of this first user, and the HSS of this first user is upgraded user's mapping relations of preserving according to this map updating request.
Renewal described in the present embodiment refers to the mapping relations between the subscriber equipment mapping relations of preserving in HSS being revised as user and the current use of user.After the HSS renewal mapping relations of user, return acknowledge message to MME, after MME receives the confirmation message, return confirmation updating message to the 3rd subscriber equipment.Relative to LTE framework, in the process of user's map updating, subscriber equipment sends map updating request when user is switched to this subscriber equipment, MME triggers message validity inspection according to this map updating request, map updating request is forwarded to user HSS further when legal, map updating request is identified by user HSS, and upgrade local user's mapping table, return successful message.
The method that the present embodiment provides, by carrying out binding authentication according to the binding relationship between the subscriber equipment preserved in advance and user to subscriber equipment, and when the binding relationship certification of subscriber equipment is legal, this binding relationship is utilized to carry out validity checking to message, the message meeting binding relationship is sent to object equipment, prevent the generation that in data transmission procedure, user ID is forged, improve the fail safe of transfer of data.Further, by after binding relationship certification is passed through, adding users map updating flow process, ensures that user is to the correctness of its current used device map relation, enhances the fail safe of UIP protocol aspect and control plane.
The structural representation of a kind of network equipment that Fig. 4 provides for the embodiment of the present invention.See Fig. 4, this network equipment comprises:
Receiver module 401, for receiving the authentication request from first user equipment, described authentication request carries international mobile subscriber identity IMSI and the first user mark of described first user equipment, and described first user mark is for identifying the first user using described first user equipment;
User's binding authentication request sending module 402, for identifying according to described first user, home subscriber servers HSS to described first user sends the request of user binding authentication, makes the HSS of described first user judge that whether the binding relationship of the IMSI of described first user equipment and described first user mark is legal according to the binding relationship of the IMSI preserved and user ID; IMSI and the first user mark of described subscriber equipment are carried in the request of described user's binding authentication;
Download module 403, when binding relationship for the IMSI and described first user mark that determine described first user equipment as the HSS of described first user is legal, download the IMSI of described first user equipment and the binding relationship of described first user mark from the HSS of described first user;
Communication building block 404, for setting up communicating of first user equipment and the second subscriber equipment;
Message processing module (MPM) 405, after setting up at first user equipment and the second subscriber equipment and communicating, when receiving the message from described first user equipment, sends to the second subscriber equipment by the message of the binding relationship meeting download.
See Fig. 5, described message processing module (MPM) 405 specifically comprises:
Inspection unit 405a, for when receiving the message from described first user equipment, checks described message according to the binding relationship of described download;
First processing unit 405b, for when the binding relationship of the IMSI comprised in described message and user ID meets the binding relationship of described download, sends to the second subscriber equipment by described message;
Second processing unit 405c, for when the binding relationship of the IMSI comprised in described message and user ID does not meet the binding relationship of described download, abandons described message.
See Fig. 6, institute's communication building block 404 comprises:
Receiving element 404a, for receiving the communication request of first user equipment, described communication request carries first user mark, the second user ID;
Acquiring unit 404b, for according to the second user ID, obtains the second subscriber equipment that described second user is using, and makes to set up communication port between described first user equipment and described second subscriber equipment.
Described acquiring unit 404b initiates map locating specifically for the HSS to described second user, makes the HSS of described second user return according to user's mapping relations of preserving the second subscriber equipment that described second user using.
See Fig. 7, described network equipment also comprises:
Checking module 406, for when receiving the map updating request of described first user, the IMSI of first user mark and the 3rd subscriber equipment is carried in described map updating request; Described 3rd subscriber equipment is the subscriber equipment of the current use of described first user; Check that whether the binding relationship of the IMSI of described first mapped identification and described 3rd subscriber equipment is legal,
If so, trigger and to be used for described map updating request forward, to the forwarding module 407 of HSS of described first user, the HSS of described first user being upgraded user's mapping relations of preserving according to described map updating request.
The network equipment that the embodiment of the present invention provides, by carrying out binding authentication according to the binding relationship between the subscriber equipment preserved in advance and user to subscriber equipment, and when the binding relationship certification of subscriber equipment is legal, this binding relationship is utilized to carry out validity checking to message, the message meeting binding relationship is sent to object equipment, prevent the generation that in data transmission procedure, user ID is forged, improve the fail safe of transfer of data.
The structural representation of a kind of network side server that Fig. 8 provides for the embodiment of the present invention.See Fig. 8, this network side server comprises:
Receiver module 801, for receiving the user's binding authentication request from MME; Described authentication request carries IMSI and the first user mark of described first user equipment;
Judge module 802, the binding relationship for the IMSI that preserves according to this locality and user ID judges that whether the binding relationship of the IMSI of described first user equipment and described first user mark is legal;
Download module 803, if the judged result for described judge module is that the binding relationship of the IMSI of described first user equipment and described first user mark is legal, the binding relationship of the IMSI of described first user equipment and described first user mark is downloaded to described MME, make after described first user equipment and the second subscriber equipment are set up and communicated, when described MME receives the message from described first user equipment, the message of the binding relationship meeting download is sent to described second subscriber equipment.
See Fig. 9, described network side server also comprises:
Enquiry module 804, in communication channel process of establishing, when receiving the map locating that MME initiates, obtaining according to user's mapping relations of preserving the second subscriber equipment that the second user using, and described second subscriber equipment is returned to described MME.
See Figure 10, described network side server also comprises:
Update module 805, for when receiving the map updating request that MME forwards, upgrades user's mapping relations that this locality is preserved according to described map updating request.
The network side server that the embodiment of the present invention provides, by carrying out binding authentication according to the binding relationship between the subscriber equipment preserved in advance and user to subscriber equipment, and when the binding relationship certification of subscriber equipment is legal, this binding relationship is downloaded in network equipment, network equipment is made to carry out validity checking according to this binding relationship to message, and the message meeting binding relationship is sent to object equipment, prevent the generation that in data transmission procedure, user ID is forged, improve the fail safe of transfer of data.
The embodiment of the present invention can utilize software simulating, and corresponding software program can be stored in the storage medium that can read, such as, in the hard disk of computer, buffer memory or CD.
The foregoing is only preferred embodiment of the present invention, not in order to limit the present invention, within the spirit and principles in the present invention all, any amendment done, equivalent replacement, improvement etc., all should be included within protection scope of the present invention.
Claims (16)
1. a file transmitting method, is characterized in that, comprising:
Receive the authentication request from first user equipment, described authentication request carries international mobile subscriber identity IMSI and the first user mark of described first user equipment, and described first user mark is for identifying the first user using described first user equipment;
Identify according to described first user, home subscriber servers HSS to described first user sends the request of user binding authentication, makes the HSS of described first user judge that whether the binding relationship of the IMSI of described first user equipment and described first user mark is legal according to the binding relationship of the IMSI preserved and user ID; IMSI and the first user mark of described first user equipment are carried in the request of described user's binding authentication;
When the HSS of described first user determines that the binding relationship of the IMSI of described first user equipment and described first user mark is legal, the IMSI of described first user equipment and the binding relationship of described first user mark is downloaded from the HSS of described first user, and after described first user equipment and the second subscriber equipment to be set up according to Long Term Evolution LTE framework and communicated, when receiving the message from described first user equipment, the message of the binding relationship meeting download is sent to described second subscriber equipment.
2. method according to claim 1, is characterized in that, when receiving the message from described first user equipment, the message of the binding relationship meeting download being sent to described second subscriber equipment, specifically comprises:
When receiving the message from described first user equipment, described message is checked according to the binding relationship of described download, when the binding relationship of the IMSI comprised in described message and user ID meets the binding relationship of described download, described message is sent to described second subscriber equipment;
When the binding relationship of the IMSI comprised in described message and user ID does not meet the binding relationship of described download, abandon described message.
3. method according to claim 1, is characterized in that, described foundation with the second subscriber equipment communicates, and specifically comprises:
Receive the communication request of described first user equipment, described communication request carries described first user mark, described second user ID;
According to described second user ID, obtain the second subscriber equipment that described second user is using, make to set up communication port between described first user equipment and described second subscriber equipment.
4. method according to claim 3, is characterized in that, obtains the second subscriber equipment that described second user is using, specifically comprises:
HSS to described second user initiates map locating, makes the HSS of described second user return according to user's mapping relations of preserving the second subscriber equipment that described second user using.
5. method according to claim 1, is characterized in that, described method also comprises:
When receiving the map updating request of described first user, check that whether the binding relationship of the IMSI of the first mapped identification and the 3rd subscriber equipment is legal, if, by described map updating request forward to the HSS of described first user, the HSS of described first user is upgraded to user's mapping relations of preserving according to described map updating request; The IMSI of described first user mark and described 3rd subscriber equipment is carried in described map updating request; Described 3rd subscriber equipment is the subscriber equipment of the current use of described first user.
6. a file transmitting method, is characterized in that, comprising:
Receive the user's binding authentication request from MME; IMSI and the first user mark of first user equipment are carried in the request of described user's binding authentication;
The IMSI preserved according to this locality and the binding relationship of user ID judge that whether the binding relationship of the IMSI of described first user equipment and described first user mark is legal;
If, the binding relationship of the IMSI of described first user equipment and described first user mark is downloaded to described MME, make after described first user equipment and the second subscriber equipment to be set up according to Long Term Evolution LTE framework and communicated, when described MME receives the message from described first user equipment, the message of the binding relationship meeting download is sent to described second subscriber equipment.
7. method according to claim 6, is characterized in that, receives the user's binding authentication request from MME, also comprises before:
In communication channel process of establishing, when receiving the map locating that described MME initiates, obtaining according to user's mapping relations of preserving the second subscriber equipment that the second user using, and described second subscriber equipment is returned to described MME.
8. method according to claim 6, is characterized in that, described method also comprises:
When receiving the map updating request that described MME forwards, according to described map updating request, user's mapping relations that this locality is preserved are upgraded.
9. a network equipment, is characterized in that, comprising:
Receiver module, for receiving the authentication request from first user equipment, described authentication request carries international mobile subscriber identity IMSI and the first user mark of described first user equipment, and described first user mark is for identifying the first user using described first user equipment;
User's binding authentication request sending module, for identifying according to described first user, home subscriber servers HSS to described first user sends the request of user binding authentication, makes the HSS of described first user judge that whether the binding relationship of the IMSI of described first user equipment and described first user mark is legal according to the binding relationship of the IMSI preserved and user ID; IMSI and the first user mark of described first user equipment are carried in the request of described user's binding authentication;
Download module, when binding relationship for the IMSI and described first user mark that determine described first user equipment as the HSS of described first user is legal, download the IMSI of described first user equipment and the binding relationship of described first user mark from the HSS of described first user;
Communication building block, for setting up communicating of described first user equipment and the second subscriber equipment according to Long Term Evolution LTE framework;
Message processing module (MPM), after setting up at described first user equipment and described second subscriber equipment and communicating, when receiving the message from described first user equipment, sends to described second subscriber equipment by the message of the binding relationship meeting download.
10. network equipment according to claim 9, is characterized in that, described message processing module (MPM) specifically comprises:
Inspection unit, for when receiving the message from described first user equipment, checks described message according to the binding relationship of described download;
First processing unit, for when the binding relationship of the IMSI comprised in described message and user ID meets the binding relationship of described download, sends to described second subscriber equipment by described message;
Second processing unit, for when the binding relationship of the IMSI comprised in described message and user ID does not meet the binding relationship of described download, abandons described message.
11. network equipments according to claim 9, is characterized in that, institute's communication building block comprises:
Receiving element, for receiving the communication request of described first user equipment, described communication request carries described first user mark, described second user ID;
Acquiring unit, for according to described second user ID, obtains the second subscriber equipment that described second user is using, and makes to set up communication port between described first user equipment and described second subscriber equipment.
12. network equipments according to claim 11, it is characterized in that, described acquiring unit initiates map locating specifically for the HSS to described second user, makes the HSS of described second user return according to user's mapping relations of preserving the second subscriber equipment that described second user using.
13. network equipments according to claim 9, is characterized in that, described network equipment also comprises:
Checking module, for when receiving the map updating request of described first user, check that whether the binding relationship of the IMSI of the first mapped identification and the 3rd subscriber equipment is legal, if, trigger and to be used for described map updating request forward, to the forwarding module of HSS of described first user, the HSS of described first user being upgraded user's mapping relations of preserving according to described map updating request; The IMSI of described first user mark and described 3rd subscriber equipment is carried in described map updating request; Described 3rd subscriber equipment is the subscriber equipment of the current use of described first user.
14. 1 kinds of network side servers, is characterized in that, comprising:
Receiver module, for receiving the user's binding authentication request from MME; IMSI and the first user mark of described first user equipment are carried in the request of described user's binding authentication;
Judge module, the binding relationship for the IMSI that preserves according to this locality and user ID judges that whether the binding relationship of the IMSI of described first user equipment and described first user mark is legal;
Download module, if the judged result for described judge module is that the binding relationship of the IMSI of described first user equipment and described first user mark is legal, the binding relationship of the IMSI of described first user equipment and described first user mark is downloaded to described MME, make after described first user equipment and the second subscriber equipment to be set up according to Long Term Evolution LTE framework and communicated, when described MME receives the message from described first user equipment, the message of the binding relationship meeting download is sent to described second subscriber equipment.
15. network side servers according to claim 14, is characterized in that, described network side server also comprises:
Enquiry module, in communication channel process of establishing, when receiving the map locating that described MME initiates, obtaining according to user's mapping relations of preserving the second subscriber equipment that the second user using, and described second subscriber equipment is returned to described MME.
16. network side servers according to claim 14, is characterized in that, described network side server also comprises:
Update module, for when receiving the map updating request that described MME forwards, upgrades user's mapping relations that this locality is preserved according to described map updating request.
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| PCT/CN2011/075041 WO2011157142A2 (en) | 2011-05-31 | 2011-05-31 | Method and apparatus for message transmission |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN102918878A CN102918878A (en) | 2013-02-06 |
| CN102918878B true CN102918878B (en) | 2016-03-09 |
Family
ID=45348623
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201180001436.7A Active CN102918878B (en) | 2011-05-31 | 2011-05-31 | File transmitting method and device |
Country Status (2)
| Country | Link |
|---|---|
| CN (1) | CN102918878B (en) |
| WO (1) | WO2011157142A2 (en) |
Families Citing this family (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| AU2014205387B2 (en) | 2013-01-09 | 2019-02-21 | Evernym, Inc. | Systems and methods for access-controlled interactions |
| CN107911814B (en) * | 2017-11-24 | 2020-08-25 | 中国科学院信息工程研究所 | HSS (home subscriber server) -enhanced user identity information protection method and system |
| CN111143351B (en) * | 2019-11-27 | 2023-03-21 | 中国联合网络通信集团有限公司 | IMSI data management method and equipment |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101695164A (en) * | 2009-09-28 | 2010-04-14 | 华为技术有限公司 | Verification method, device and system for controlling resource access |
| CN101784044A (en) * | 2009-01-21 | 2010-07-21 | 华为技术有限公司 | Address checking method and device and network system |
| CN102045688A (en) * | 2009-10-15 | 2011-05-04 | 中兴通讯股份有限公司 | Detection method and device of illegal use of user equipment |
Family Cites Families (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101022672B (en) * | 2007-02-16 | 2010-05-26 | 华为技术有限公司 | Method and system for testing mobile user legality |
| CN101374050B (en) * | 2008-10-23 | 2011-04-06 | 普天信息技术研究院有限公司 | Apparatus, system and method for implementing identification authentication |
| CN102075909B (en) * | 2009-11-23 | 2014-01-01 | 中兴通讯股份有限公司 | Checking method and device of binding relationship of IMSI and IMEI |
| CN101820432A (en) * | 2010-05-12 | 2010-09-01 | 中兴通讯股份有限公司 | Safety control method and device of stateless address configuration |
-
2011
- 2011-05-31 WO PCT/CN2011/075041 patent/WO2011157142A2/en active Application Filing
- 2011-05-31 CN CN201180001436.7A patent/CN102918878B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101784044A (en) * | 2009-01-21 | 2010-07-21 | 华为技术有限公司 | Address checking method and device and network system |
| CN101695164A (en) * | 2009-09-28 | 2010-04-14 | 华为技术有限公司 | Verification method, device and system for controlling resource access |
| CN102045688A (en) * | 2009-10-15 | 2011-05-04 | 中兴通讯股份有限公司 | Detection method and device of illegal use of user equipment |
Also Published As
| Publication number | Publication date |
|---|---|
| WO2011157142A2 (en) | 2011-12-22 |
| WO2011157142A3 (en) | 2012-04-26 |
| CN102918878A (en) | 2013-02-06 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN102045314B (en) | The method of anonymous communication, register method, information transceiving method and system | |
| CN1531245B (en) | Server, terminal controller and terminal weight determiner | |
| CN103220372B (en) | Data service access method and system | |
| CN102685712B (en) | Mapping server in a kind of identity position separation network and its implementation | |
| CN105763464A (en) | Data flow sharing method, device and system | |
| CN105306612A (en) | Method for acquiring identifier of terminal in network and management network element | |
| CN102316416A (en) | Access method for terminal and wireless communication network | |
| CN102752292B (en) | Method and system for registering application account | |
| CN107005430B (en) | Communication method, device and system based on data link layer | |
| CN104869554A (en) | System for realizing mobile communication through co-location of SIM card and corresponding method | |
| CN106534040A (en) | Method and device for identifying subscriber identity of terminal equipment | |
| CN105491169A (en) | Data proxy method and system | |
| CN102984261B (en) | Network service login method, equipment and system based on mobile telephone terminal | |
| CN102918878B (en) | File transmitting method and device | |
| WO2017178054A1 (en) | Registration of data packet traffic for a wireless device | |
| CN103313245B (en) | Based on the Network access method of mobile phone terminal, equipment and system | |
| CN100461958C (en) | Mobile communication access system and method | |
| CN102685746A (en) | Method, device and system for verifying mobile equipment | |
| CA2565536A1 (en) | Supporting a network behind a wireless station | |
| CN107071900A (en) | A kind of user facility positioning method and device | |
| CN106685979A (en) | Security terminal identifier based on STiP model and authentication method and system | |
| CN103458392A (en) | Method and system for user registration in process of application store crossing | |
| CN100417298C (en) | Mobile communication control method and mobile communication system | |
| CN102984697A (en) | IP (communication method, equipment and system based on mobile terminals | |
| CN103916370A (en) | Safe and reliable communication method between Beidou operation center and branch centers |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant |