CN103067532A - Method and system of unified identification management of mobile internet users - Google Patents
Method and system of unified identification management of mobile internet users Download PDFInfo
- Publication number
- CN103067532A CN103067532A CN 201210401170 CN201210401170A CN103067532A CN 103067532 A CN103067532 A CN 103067532A CN 201210401170 CN201210401170 CN 201210401170 CN 201210401170 A CN201210401170 A CN 201210401170A CN 103067532 A CN103067532 A CN 103067532A
- Authority
- CN
- China
- Prior art keywords
- intranet
- public network
- mobile
- server
- user identification
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
The invention provides a method and a system of unified identification management of mobile internet users. The method includes steps: a RADIUS interface server on a provincial level user identification platform abstracts mobile user identification fields, intranet internet protocol (IP) fields and intranet port fields from RADIUS information, and sets up first corresponding relationships between the mobile user identification fields, the intranet IP fields and the intranet port fields; a SYSLOG interface server on the provincial level user identification platform receives SYSLOG data from a network address translator (NAT) firewall of a service provider, abstracts an intranet IP, intranet ports, a public network IP and public network ports, and sets up second corresponding relationships between intranet IP, the intranet ports, the public network IP and the public network ports; and a service provider (SP) interface server utilizes the public IP and the public network ports as query indexes, carries out an associative query between the first corresponding relationships and the second corresponding relationships, sends queried results back the server of a network service provider. The server of the network service provider can realize real-time obtaining of mobile user identification and public network IP traceability queries.
Description
Technical field
The present invention relates to communication technical field, particularly a kind of mobile Internet user unifies the identity management method and system.
Background technology
3G has opened the gate that a fan pass is crossed internet world to mobile communications network, and mobile Internet combines the convenience of mobile communication and the rich content of the Internet, becomes the crossing domain of communication industry and internet industry fusion development, have huge market prospects.But, because mobile communications network and the Internet are essentially different aspect user ID, caused Internet service network operator can not utilize well user's mobile user identification to commence business, the problem that has simultaneously yet caused the mobile Internet user to trace to the source does not satisfy the requirement of internet security management.
Because the Internet is as user ID take public network IP and public network port, this and mobile radio communication have essential distinction take mobile subscriber's phone number as mobile user identification (MSISDN), and this difference is that the Internet service server only can't carry out charging judgement and Business Processing to mobile subscriber's true identity by public network IP and public network port information.And by obtaining mobile user identification (MSISDN), namely subscriber phone number then can carry out constantly service order to the cellphone subscriber and deducts fees and personal authentication.
Summary of the invention
The invention provides a kind of mobile Internet user and unify the identity management method and system, solved the mobile subscriber by network online access network services merchant's server, can't be according to the problem of content charging because can't obtain constantly mobile user identification, and owing to can't obtain the MSISDN coding of current mobile user and the relation of public network IP by this mobile subscriber's public network IP, cause to carry out the problem that public network IP is traced to the source and inquired about.
To achieve these goals, the invention provides following technical scheme:
A kind of mobile Internet user unifies the identity management method, comprises step:
(1) when the mobile subscriber is professional by network element access network services provider of operator, the RADIUS that described operator network element sends (far-end checking dial-in customer service) protocol message, the RADIUS interface server of provincial user ID platform extracts mobile user identification, Intranet IP and Intranet port information from described radius protocol message, and sets up the first corresponding relation between described mobile user identification, Intranet IP, the Intranet port;
(2) when mobile subscriber's access message is passed through NAT (network address translation) SOCKS server, described NATNAT fire compartment wall sends SYSLOG (system journal) message message, the SYSLOG interface server extracts the Intranet IP (implicit IP address that the GGSN network element distributes) in the described SYSLOG message message, Intranet port (port that Intranet IP is corresponding), public network IP (the NATNAT fire compartment wall is the public network IP of the correspondence of its IP address of internal network distribution), public network port (port that public network IP is corresponding) information, and set up described Intranet IP, the Intranet port, public network IP, the second corresponding relation between the public network port;
(3) when mobile subscriber's access network services merchant professional, the SP interface server (being responsible for doing with Internet service provider's business platform of user's access the server of interface) that the server of Internet service provider sends to provincial user identification system with mobile subscriber's public network IP and public network port information; The SP interface server of user ID platform is search index according to described public network IP and public network port information, in described the first corresponding relation and the second corresponding relation, carry out correlation inquiry, and the described mobile user identification that inquires is returned to the server of Internet service provider.
Preferably, described operator network element is GGSN (the global system for mobile communications support node of gateway) or PDSN (packet data serving node in code division multiple access).
The present invention also provides a kind of user identification system of identifying constantly the mobile number of operator, comprising:
The RADIUS interface server of provincial user ID platform, be used for when the mobile subscriber is professional by network element access network services provider of operator, from the radius protocol message that described operator network element sends, extract mobile user identification, Intranet IP and Intranet port information, and set up the first corresponding relation between described mobile user identification, Intranet IP, the Intranet port;
The SYSLOG interface server of provincial user ID platform, be used for when mobile subscriber's access message is passed through the NATNAT fire compartment wall, receive the SYSLOG message message that described NATNAT fire compartment wall sends, extract Intranet IP, Intranet port, public network IP, public network port information in the described SYSLOG message message, and set up the second corresponding relation between described Intranet IP, Intranet port, public network IP, the public network port;
The SP interface server of provincial user ID platform, be used for when mobile subscriber's access network services merchant professional, the mobile subscriber's that the server of reception Internet service provider sends over public network IP and public network port information, be search index according to described public network IP and public network port information, in described the first corresponding relation and the second corresponding relation, carry out correlation inquiry, and the described mobile user identification that inquires is returned to the server of Internet service provider.
Preferably, described operator network element is GGSN (the global system for mobile communications support node of gateway) or PDSN (packet data serving node in code division multiple access).
By implementing above technical scheme, have following technique effect: mobile Internet user provided by the invention unifies the identity management method and system provides a brand-new charge mode for operator, single operation mode before having broken away from (such as monthly payment etc.), provide a kind of and new can be have constantly carried out pattern by content charging for mobile subscriber's subscribe business, also improved user's experience property.
The present invention can pass through mobile subscriber's public network address and mobile user identification corresponding relation in addition, inquires about this user's internet behavior record, has also satisfied the requirement of national information security department about information security.
Description of drawings
Fig. 1 is method flow diagram provided by the invention;
Fig. 2 is the structure principle chart of system provided by the invention;
The forwarding charging authorizing procedure figure that Fig. 3 provides for application examples of the present invention;
Fig. 4 obtains and is converted to by the NAT fire compartment wall flow chart of public network IP and public network port for what application examples of the present invention provided according to mobile user identification, Intranet IP and Intranet port;
Fig. 5 obtains the mobile user identification flow chart for the server of the Internet service provider that application examples of the present invention provides.
Embodiment
Technical scheme is for a better understanding of the present invention described embodiment provided by the invention in detail below in conjunction with accompanying drawing.
The embodiment of the invention provides a kind of mobile Internet user to unify the identity management method, and as shown in Figure 1, the method comprising the steps of:
(1) when the mobile subscriber is professional by network element access network services provider of operator, the RADIUS that described operator network element sends (far-end checking dial-in customer service) protocol message, the RADIUS interface server of provincial user ID platform extracts mobile user identification from described radius protocol message, Intranet IP and Intranet port information, i.e. mobile user identification field from this protocol message, Intranet IP field and Intranet peer-port field are extracted this mobile user identification, Intranet IP and Intranet port information (that is: the port numbers of public network IP address and Intranet port), and set up described mobile user identification, Intranet IP, the first corresponding relation between the Intranet port;
(2) when mobile subscriber's access message is passed through the NATNAT fire compartment wall, described NATNAT fire compartment wall sends SYSLOG message message, the SYSLOG interface server of provincial user ID platform receives and extracts Intranet IP, Intranet port, public network IP, the public network port information in the described SYSLOG message message, and sets up the second corresponding relation between described Intranet IP, Intranet port, public network IP, the public network port; Namely the Intranet IP field from this message message, Intranet peer-port field, public network IP field, public network peer-port field are extracted this Intranet IP, Intranet port, public network IP, public network port information,
(3) when mobile subscriber's access network services merchant professional, the SP interface server that the server of Internet service provider sends to provincial user ID platform with mobile subscriber's public network IP and public network port information;
(4) the SP interface server of provincial user ID platform is search index according to described public network IP and public network port information, in described the first corresponding relation and the second corresponding relation, carry out correlation inquiry, and the described mobile user identification that inquires is returned to the server of Internet service provider.
In the various embodiments described above, preferably, described operator network element is GGSN (the global system for mobile communications support node of gateway) or PDSN (packet data serving node in code division multiple access), in the communication system that is applicable to respectively global system for mobile communications and code division multiple access.
The embodiment of the invention also provides a kind of user identification system of identifying constantly the mobile number of operator, and as shown in Figure 2, this system comprises:
The RADIUS interface server of provincial user ID platform, be used for when the mobile subscriber is professional by network element access network services provider of operator, from the radius protocol message that described operator network element sends, extract mobile user identification, Intranet IP and Intranet port information, and set up the first corresponding relation between described mobile user identification, Intranet IP, the Intranet port;
The SYSLOG of provincial user ID platform (system journal) interface server, be used for when mobile subscriber's access message is passed through the NATNAT fire compartment wall, receive the SYSLOG message message that described NATNAT fire compartment wall sends, and extract Intranet IP, Intranet port, public network IP, public network port information in the described SYSLOG message message, and set up the second corresponding relation between described Intranet IP, Intranet port, public network IP, the public network port;
The SP interface server of provincial user ID platform, being used for according to described public network IP and public network port information is search index, in described the first corresponding relation and the second corresponding relation, carry out correlation inquiry, and the described mobile user identification that inquires is returned to the server of Internet service provider.
In the various embodiments described above, preferably, described operator network element is GGSN (the global system for mobile communications support node of gateway) or PDSN (packet data serving node in code division multiple access).Be applicable to respectively in the communication system of global system for mobile communications and code division multiple access.
In the Application Example of said method and system, as shown in Figure 3, transmit the charging authorizing procedure, comprise step:
1), the mobile subscriber initiates the business of accesses network;
2), GGSN will include mobile user identification, mobile subscriber's Intranet IP, the radius protocol message such as Intranet port are submitted to the RADIUS interface module of the RADIUS interface server of provincial user ID platform;
3), after the RADIUS interface module receives this mobile subscriber's mobile user identification, Intranet IP and Intranet port, this radius protocol message is forwarded to the database of provincial user ID platform;
4), database is to above-mentioned mobile user identification, interior network interface and the Intranet IP maintenance of tabulating.
As shown in Figure 4, obtain according to described mobile user identification, Intranet IP and Intranet port and NAT is converted to the flow process of public network IP and public network port:
1), GGSN sends to the NAT fire compartment wall with the information of Intranet IP, Intranet port;
2), the NAT fire compartment wall is converted to the information of this Intranet IP, Intranet port the information of public network IP and public network port;
3), the SYSLOG interface server is by fire compartment wall syslog data, public network IP, public network port information when receiving through this NAT fire compartment wall from the NAT fire compartment wall after the conversion, and Intranet IP, and Intranet port information;
4), the SYSLOG interface server is public network IP, public network port information, and Intranet IP, and the Intranet port information be transmitted to database.
As shown in Figure 5, the server of Internet service provider obtains the mobile user identification flow process:
1), Internet service provider obtains this user's public network IP and public network port information by mobile subscriber's access service website;
2), the server of Internet service provider as querying condition, is initiated query requests to the SP interface server of provincial user ID platform with this public network IP and public network port information;
3), provincial user ID platform carries out correlation inquiry (that is: carrying out correlation inquiry in described the first corresponding relation and the second corresponding relation) according to this public network IP and public network port information;
4), the SP interface server of provincial user ID platform returns mobile user identification to the server of Internet service provider, the server of Internet service provider is finished obtaining of mobile user identification;
5), the server of Internet service provider can be initiated service order, authentication etc. according to this mobile user identification.
Above a kind of mobile Internet user that the embodiment of the invention is provided unifies the identity management method and system and is described in detail, for one of ordinary skill in the art, thought according to the embodiment of the invention, all will change in specific embodiments and applications, in sum, this description should not be construed as limitation of the present invention.
Claims (5)
1. a mobile Internet user unifies the identity management method, it is characterized in that, comprises step:
(1) when the mobile subscriber is professional by network element access network services provider of operator, described operator network element sends radius protocol message, the RADIUS interface server of provincial user ID platform extracts mobile user identification, Intranet IP and Intranet port information from described radius protocol message, and sets up the first corresponding relation between described mobile user identification, Intranet IP, the Intranet port;
(2) when mobile subscriber's access message is passed through the NATNAT fire compartment wall, described NATNAT fire compartment wall sends SYSLOG message message to the SYSLOG interface server of provincial user ID platform, the SYSLOG interface server extracts Intranet IP, Intranet port, public network IP, the public network port information in the described SYSLOG message message, and sets up the second corresponding relation between described Intranet IP, Intranet port, public network IP, the public network port;
(3) when mobile subscriber's access network services merchant professional, the SP interface server that the server of Internet service provider sends to provincial user ID platform with mobile subscriber's public network IP and public network port information;
(4) the SP interface server of provincial user ID platform is search index according to described public network IP and public network port information, in described the first corresponding relation and the second corresponding relation, carry out correlation inquiry, and the described mobile user identification that inquires is returned to the server of Internet service provider.
2. method as claimed in claim 1 is characterized in that, in described step (4) afterwards, further comprises: the server of described Internet service provider is initiated service order, authentication operations.
3. method as claimed in claim 1 or 2 is characterized in that, described operator network element is GGSN or PDSN.
4. a mobile Internet user unifies the identity management system, it is characterized in that, comprising:
The RADIUS interface server of provincial user ID platform, be used for when the mobile subscriber is professional by network element access network services provider of operator, from the radius protocol message that described operator network element sends, extract mobile user identification, Intranet IP and Intranet port information, and set up the first corresponding relation between described mobile user identification, Intranet IP, the Intranet port;
The SYSLOG interface server of provincial user ID platform, be used for when mobile subscriber's access message is passed through the NATNAT fire compartment wall, receive the SYSLOG message message that described NATNAT fire compartment wall sends, and extract Intranet IP, Intranet port, public network IP, public network port information in the described SYSLOG message message, and set up the second corresponding relation between described Intranet IP, Intranet port, public network IP, the public network port;
The SP interface server of provincial user ID platform, be used for when mobile subscriber's access network services merchant professional, the mobile subscriber's that the server of reception Internet service provider sends over public network IP and public network port information, be search index according to described public network IP and public network port information, in described the first corresponding relation and the second corresponding relation, carry out correlation inquiry, and the described mobile user identification that inquires is returned to the server of Internet service provider.
5. system as claimed in claim 4 is characterized in that, described operator network element is GGSN or PDSN.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 201210401170 CN103067532A (en) | 2012-10-19 | 2012-10-19 | Method and system of unified identification management of mobile internet users |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 201210401170 CN103067532A (en) | 2012-10-19 | 2012-10-19 | Method and system of unified identification management of mobile internet users |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN103067532A true CN103067532A (en) | 2013-04-24 |
Family
ID=48109985
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN 201210401170 Pending CN103067532A (en) | 2012-10-19 | 2012-10-19 | Method and system of unified identification management of mobile internet users |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103067532A (en) |
Cited By (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103441859A (en) * | 2013-08-26 | 2013-12-11 | 暨南大学 | Generation management method and system for identifiers for user charging services |
| CN103532947A (en) * | 2013-10-10 | 2014-01-22 | 北京首信科技股份有限公司 | Management device and management method for mobile internet on-line user identifiers |
| CN104144417A (en) * | 2013-05-10 | 2014-11-12 | 中国电信股份有限公司 | Mobile Internet surfing user number checking method, device and system |
| CN104869181A (en) * | 2015-02-13 | 2015-08-26 | 北京集奥聚合科技有限公司 | Method for tracing user data under NAT444 deployment |
| WO2015188536A1 (en) * | 2014-06-13 | 2015-12-17 | 中兴通讯股份有限公司 | Method for associating user information and data flow, main control apparatus, and radius server |
| CN107360271A (en) * | 2017-08-22 | 2017-11-17 | 顺丰科技有限公司 | Network equipment information obtains and IP address automatic division method, system and equipment |
| WO2023093605A1 (en) * | 2021-11-24 | 2023-06-01 | 中国移动通信有限公司研究院 | Information transmission method, terminal, and network device |
-
2012
- 2012-10-19 CN CN 201210401170 patent/CN103067532A/en active Pending
Cited By (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104144417A (en) * | 2013-05-10 | 2014-11-12 | 中国电信股份有限公司 | Mobile Internet surfing user number checking method, device and system |
| CN103441859A (en) * | 2013-08-26 | 2013-12-11 | 暨南大学 | Generation management method and system for identifiers for user charging services |
| CN103532947A (en) * | 2013-10-10 | 2014-01-22 | 北京首信科技股份有限公司 | Management device and management method for mobile internet on-line user identifiers |
| WO2015188536A1 (en) * | 2014-06-13 | 2015-12-17 | 中兴通讯股份有限公司 | Method for associating user information and data flow, main control apparatus, and radius server |
| CN105227685A (en) * | 2014-06-13 | 2016-01-06 | 中兴通讯股份有限公司 | The correlating method of user profile and data flow, master control set, radius server |
| CN104869181A (en) * | 2015-02-13 | 2015-08-26 | 北京集奥聚合科技有限公司 | Method for tracing user data under NAT444 deployment |
| CN104869181B (en) * | 2015-02-13 | 2018-12-28 | 北京集奥聚合科技有限公司 | Method for tracing user data under NAT444 deployment |
| CN107360271A (en) * | 2017-08-22 | 2017-11-17 | 顺丰科技有限公司 | Network equipment information obtains and IP address automatic division method, system and equipment |
| CN107360271B (en) * | 2017-08-22 | 2019-12-27 | 顺丰科技有限公司 | Method, system and equipment for acquiring network equipment information and automatically segmenting IP address |
| WO2023093605A1 (en) * | 2021-11-24 | 2023-06-01 | 中国移动通信有限公司研究院 | Information transmission method, terminal, and network device |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN103067532A (en) | Method and system of unified identification management of mobile internet users | |
| CN103888928B (en) | Business strategy control method and system | |
| CN103269479B (en) | A kind of call bill processing method, device and system | |
| US9054882B2 (en) | System and method for associating an end user for billing in a network environment | |
| US8756657B2 (en) | Mobile or user device authentication and tracking | |
| CN103167444B (en) | Website obtains the method for subscriber phone number, system, client and server | |
| CN102710755A (en) | Data mining method of terminal user social network, correlation method, device and system | |
| CN105228140A (en) | A kind of data access method and device | |
| CN106789834B (en) | The method of user identity, gateway, PCRF network element and system for identification | |
| US20130311283A1 (en) | Data mining method for social network of terminal user and related methods, apparatuses and systems | |
| CN103441859A (en) | Generation management method and system for identifiers for user charging services | |
| CN107835132B (en) | Method and device for tracking flow source | |
| CN102695167A (en) | Mobile subscriber identity management method and apparatus thereof | |
| CN104462285A (en) | Privacy protection method for mobile service inquiry system | |
| CN106649476A (en) | IP address information query system | |
| CN105959934A (en) | Repeated network access identification method and system | |
| CN102811435A (en) | Method and system for smart phone user identity identification | |
| CN104038917A (en) | Method and device for terminal roaming authentication | |
| CN102780791A (en) | Self-adaption IP (Internet Protocol) method, device and system | |
| CN104717079A (en) | Network flow data processing method and device | |
| CN103442096B (en) | NAT method based on mobile Internet and system | |
| CN102868539B (en) | A kind of management method of national charging identifier gateway and system | |
| CN100401676C (en) | Method for content charging of data service | |
| CN101567879A (en) | Method, server, equipment and system for treating terminal request | |
| CN109309907A (en) | Method, apparatus and its relevant device for charge on traffic |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| DD01 | Delivery of document by public notice |
Addressee: Zhongtai Data Communication (Shenzhen) Co., Ltd. Document name: Notification of an Office Action |
|
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20130424 |
|
| RJ01 | Rejection of invention patent application after publication |