CN104144417B - Mobile Internet access Subscriber Number inverse-checking method, device and system - Google Patents
Mobile Internet access Subscriber Number inverse-checking method, device and system Download PDFInfo
- Publication number
- CN104144417B CN104144417B CN201310170495.8A CN201310170495A CN104144417B CN 104144417 B CN104144417 B CN 104144417B CN 201310170495 A CN201310170495 A CN 201310170495A CN 104144417 B CN104144417 B CN 104144417B
- Authority
- CN
- China
- Prior art keywords
- address
- user
- mdn
- counter
- numbers
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Abstract
The invention discloses a kind of mobile Internet access Subscriber Number inverse-checking method, device and system, it is related to mobile Internet field.Brush selects accounting request message in all Radius messages sent and received from aaa server;The IP address and MDN numbers of user is obtained from accounting request message;According to the type of accounting request message, IP address and MDN numbers to user carry out database manipulation;Monitor counter make a thorough investigation of of number that SP websites are sent to ask, wherein including the anti-IP address looked into of needs;In the IP address of the user preserved according to the IP address from database and the record of MDN numbers, find MDN numbers corresponding with the IP address, be returned to SP websites, so as to SP websites provide WAP log in secondary checking or NET modes exempt from authenticate automated log on.The present invention can ensure the safety of user profile under WAP network accesses, or realize that user exempts to authenticate automated log under NET network accesses.
Description
Technical field
The present invention relates to mobile Internet business field in mobile communication, more particularly to a kind of mobile Internet access Subscriber Number is anti-
Checking method, device and system.
Background technology
With the popularization made the overall arrangement for intelligent terminal of 3G network, mobile Internet access business rapidly increases, while user couple
The service-aware of mobile Internet access requires also more and more higher, and therefore, each operation commercial city is being directed to lifting mobile Internet field
Service quality and user perceive, and the security and convenience of mobile Internet access business are then the important aspects of two of which.
The access of operator's mobile Internet access at present is generally divided into WAP(Wireless Application Protocol, wirelessly
Application protocol)Mode and NET two ways.
1st, WAP modes
Mobile grouping field network element is that user distributes private net address(Such as 10.0.0.0/8 address fields), will be used by WAP gateway
The private network source IP address at family is mapped as public network address, and then realizes and SP on internet(Service provider)The access of website is handed over
Mutually.
In the process, AAA(Verify authorization and accounting)Charging message message can be transmitted to WAP gateway, WAP by server
Gateway obtains the MDN numbers of user by parsing the message(Mobile Directory Number)With the user profile such as source IP address,
As the HTTP of user(HTTP)When request is sent to WAP gateway, corresponding user profile is inserted into by WAP gateway
In HTTP request, NAT is carried out by fire wall(Network address translation)After be forwarded to SP websites.SP websites are according to HTTP message head
In user profile realize and exempt to authenticate the function such as automated log on.
If SP websites are not for the address of user's request(Address after fire wall NAT)Limited, but directly
Realized according to the user profile carried in HTTP message and exempt to authenticate automated log on, then larger potential safety hazard be present.Hacker can be pseudo-
The HTTP message containing relevant field is made, the privacy information of user, such as login user are obtained by exempting from authentication automated log on mode
Mailbox, palm business hall etc., implement illegal operation even with which, significant damage caused to user benefit.
If SP websites consider that the address that security is asked user is limited, WAP gateway increases address every time
Section/pond, it is required to notify all related SP websites in theory, otherwise user may be caused not log in normally, not possess reality
Operability.
2nd, NET modes
Mobile grouping field network element is that user distributes public network address, directly can be interacted with SP websites on internet.
In the process, user's request is without proxy server(Such as WAP gateway)Deng network element, and directly by packet domain,
Bearer network is sent to SP websites, can not carry the information such as the number of user, therefore can not realize and exempt to authenticate automated log on.User is every
Secondary login is required for inputting associated user name/encrypted message, in-convenience in use, and identical business of networking in WAP modes and
Business uniformity under NET modes perceives poor.
The content of the invention
A technical problem to be solved of the embodiment of the present invention is:A kind of anti-side of looking into of mobile Internet access Subscriber Number is provided
Method, device and system, solve the problems, such as to ensure user information safety under WAP modes, or, realize that user exempts to reflect under NET modes
Weigh automated log on.
The one side of the embodiment of the present invention provides a kind of mobile Internet access Subscriber Number inverse-checking method, including:By dividing
Light obtains all Radius that checking authorization and accounting aaa server sends and receives(Remote authentication dial-in user service)Report
Text, and brush selects accounting request message from Radius messages;Obtained from accounting request message user IP address and No. MDN
Code;According to the type of accounting request message, IP address and MDN numbers to user carry out database manipulation;Monitoring is counter to look into interface,
From it is counter look into interface obtain service provider site counter make a thorough investigation of of number ask, number it is counter make a thorough investigation of ask in include service provider site
Need the anti-IP address looked into;According to the anti-IP address looked into of the needs, the IP address of the user preserved from database and
In the record of MDN numbers, MDN numbers corresponding with the counter IP address looked into of the needs are found, and by find No. MDN
Code returns to service provider site, so that service provider site provides the secondary checking that WAP logs in or NET modes are exempted to reflect
Weigh automated log on.
The embodiment of the present invention looks into device another aspect provides a kind of mobile Internet access Subscriber Number is counter, including:
Radius receives authentication module, all remote for being sent and received by light splitting acquisition checking authorization and accounting aaa server
Journey certification dial-in user service Radius messages, and brush selects accounting request message from Radius messages;Radius handles mould
Block, for obtaining the IP address and Mobile Directory Number MDN numbers of user from accounting request message;Please according to charging
The type of message is sought, the IP address and MDN numbers to user carry out database manipulation;It is counter to External Number to look into module, for monitoring
It is counter to look into interface, from it is counter look into interface obtain service provider site counter make a thorough investigation of of number ask, number it is counter make a thorough investigation of ask in comprising service
Provider's website needs the anti-IP address looked into;According to the anti-IP address looked into of the needs, the user preserved from database
IP address and MDN numbers record in, find MDN numbers corresponding with the counter IP address looked into of the needs, and will look into
The MDN numbers found return to service provider site, so that service provider site provides what WAP WAP was logged in
It is secondary checking or NET modes exempt from authenticate automated log on.
Another aspect of the embodiment of the present invention provides that a kind of mobile Internet access Subscriber Number is counter to look into system, including:It is foregoing
Mobile Internet access Subscriber Number is counter to look into device and service provider site, and service provider site is used for mobile Internet access Subscriber Number
It is counter look into device and send counter make a thorough investigation of of number ask, number it is counter make a thorough investigation of ask in comprising service provider site with needing the anti-IP looked into
Location, and provide secondary checking that WAP WAP logs in or NET modes according to the counter MDN numbers that check in and exempt to reflect
Weigh automated log on.
The present invention is by being divided all Radius messages for obtaining aaa server and sending and receiving, from Radius messages
Brush selects accounting request message, the IP address and MDN numbers of user is then obtained from accounting request message, then according to charging
The type of request message, IP address and MDN numbers to user carry out database manipulation, so as to build user's in database
The mapping table of IP address and MDN numbers, provided the foundation for follow-up counter look into of SP websites;For WAP modes, anti-device of looking into can
To provide real IP and MDN corresponding relations, SP websites realize secondary checking, and it is automatic by modes such as message forgeries to prevent hacker
Log in, and then obtain user profile, so as to ensure the safety of user profile;For NET modes, anti-device of looking into can provide very
Real IP and MDN corresponding relations, SP websites are realized according to the anti-MDN checked in exempts to authenticate automated log on, and improving customer service makes
Convenience, and cause under different access ways, business is consistent using perception, no matter being surfed the Net using WAP modes
Or surfed the Net using NET modes, user can not have to repeatedly input username and password, it is only necessary to input once follow-up can
Realize authentication automated log on.
By referring to the drawings to the present invention exemplary embodiment detailed description, further feature of the invention and its
Advantage will be made apparent from.
Brief description of the drawings
In order to illustrate more clearly about the embodiment of the present invention or technical scheme of the prior art, below will be to embodiment or existing
There is the required accompanying drawing used in technology description to be briefly described, it should be apparent that, drawings in the following description are only this
Some embodiments of invention, for those of ordinary skill in the art, without having to pay creative labor, may be used also
To obtain other accompanying drawings according to these accompanying drawings.
Fig. 1 is the anti-structural representation for looking into system one embodiment of mobile Internet access Subscriber Number of the present invention.
Fig. 2 is the schematic flow sheet of mobile Internet access Subscriber Number inverse-checking method one embodiment of the present invention.
Fig. 3 is that Radius of the present invention receives checking schematic flow sheet.
Fig. 4 is Radius handling processes schematic diagram of the present invention.
Fig. 5 is cache database operating process schematic diagram of the present invention.
Fig. 6 looks into interface interchange schematic flow sheet for number of the present invention is counter.
Fig. 7 is the anti-structural representation for looking into device one embodiment of mobile Internet access Subscriber Number of the present invention.
Fig. 8 is the anti-structural representation for looking into another embodiment of device of mobile Internet access Subscriber Number of the present invention.
Embodiment
Below in conjunction with the accompanying drawing in the embodiment of the present invention, the technical scheme in the embodiment of the present invention is carried out clear, complete
Site preparation describes, it is clear that described embodiment is only part of the embodiment of the present invention, rather than whole embodiments.Below
Description only actually at least one exemplary embodiment is illustrative, is never used as to the present invention and its application or makes
Any restrictions.Based on the embodiment in the present invention, those of ordinary skill in the art are not making creative work premise
Lower obtained every other embodiment, belongs to the scope of protection of the invention.
Unless specifically stated otherwise, the part and positioned opposite, the digital table of step otherwise illustrated in these embodiments
Do not limited the scope of the invention up to formula and numerical value.
Simultaneously, it should be appreciated that for the ease of description, the size of the various pieces shown in accompanying drawing is not according to reality
Proportionate relationship draw.
It may be not discussed in detail for technology, method and apparatus known to person of ordinary skill in the relevant, but suitable
In the case of, the technology, method and apparatus should be considered as authorizing part for specification.
In shown here and discussion all examples, any occurrence should be construed as merely exemplary, without
It is as limitation.Therefore, the other examples of exemplary embodiment can have different values.
It should be noted that:Similar label and letter represents similar terms in following accompanying drawing, therefore, once a certain Xiang Yi
It is defined, then it need not be further discussed in subsequent accompanying drawing in individual accompanying drawing.
In the present invention, the anti-system of looking into of mobile Internet access Subscriber Number referred to as counter can look into system, mobile Internet access Subscriber Number
Anti- device of looking into referred to as counter can look into device, and mobile Internet access Subscriber Number inverse-checking method can abbreviation inverse-checking method.
Fig. 1 is the anti-structural representation for looking into system one embodiment of mobile Internet access Subscriber Number of the present invention.
As shown in figure 1, the anti-system 10 of looking into of the embodiment can include:Mobile Internet access Subscriber Number is counter to look into the He of device 101
Service provider site 102, anti-device 101 of looking into carry out information exchange with service provider site 102 by anti-interface of looking into.For
Different network accesses, anti-system 10 of looking into can also include different equipment.Under WAP network accesses, anti-system 10 of looking into may be used also
With including:Proxy server 103, aaa server 104 and mobile grouping field network element PDSN(Packet data serving node)105, its
In proxy server 103 for example can be WAP gateway, PDSN105 therein is user's mobile Internet access entrance.Surfed the Net in NET
Under mode, anti-system 10 of looking into can also include:PDSN105, PDSN105 can be by bearer networks directly with carrying out letter to SP websites
Breath interaction, without passing through proxy server 103.
Each equipment is introduced separately below.
Mobile Internet access Subscriber Number is counter to look into device 101:Radius messages are obtained by being divided, according to Rule Extraction user's
IP, MDN information, interacted with SP websites, realize that user exempts to authenticate under the secondary checking and NET modes that user logs under WAP modes
Automated log on.Wherein, user exempt from authenticate automated log on refer to, user input username and password login system after, subsequently again
When needing login system, system can be signed in without input username and password again.
Under WAP network accesses, service provider site 102:Logged in providing WAP according to the anti-MDN numbers checked in
Secondary checking when, specifically can be used for Receiving Agent server forwarding HTTP request, the HTTP request include agency takes
The IP address and MDN numbers for the user that business device obtains from charging message;Using the IP address of the user in HTTP request as needs
The anti-IP address looked into, and by the counter IP address looked into of the needs carry number it is counter make a thorough investigation of ask in carry out that number is counter to be looked into
Obtain MDN numbers;By the MDN numbers in HTTP request compared with the anti-MDN numbers checked in, if the two is consistent,
MDN numbers in HTTP request, which are realized, exempts to authenticate automated log on.
Under NET network accesses, service provider site 102:NET modes are being provided according to the anti-MDN numbers checked in
Exempt from authenticate automated log on when, specifically can be used for receive by public network IP address route user request;During user is asked
Public network IP address as needing the anti-IP address looked into, it is and the counter IP address carrying looked into of the needs is anti-in number
Make a thorough investigation of and ask middle and carry out that number is counter sees to obtain MDN numbers;Realized according to the anti-MDN numbers checked in and exempt to authenticate automated log on.
Proxy server(Such as WAP gateway)103:The proxy server of SP websites, a side are accessed as user under WAP modes
The processing of user's HTTP request is realized in face, on the other hand realizes form conversion of the contents such as picture, word etc..Can also be used into
Row network address translation, it is public network address by private net address Mapping and Converting.
Aaa server 104:Interacted with PDSN, user's access authentication is completed by message such as PAP/CHAP.Receive simultaneously
The charging message that PDSN is sent, the charge accounting of user's mobile Internet access is realized, and be responsible for corresponding message being transmitted to OCS, WAP net
The periphery network elements such as pass.
Mobile grouping field network element PDSN105:For user's mobile Internet access entrance, it is responsible for establishing PPP with user terminal being connected, with
Aaa server interaction carries out access authentication, and IP address is distributed for user, while is used as charging message message source, sends related report
Text gives aaa server.For NET modes, directly user is asked by PDSN to be routed to SP websites by bearer network, completes user
Access request.
System is looked into based on above-mentioned mobile Internet access Subscriber Number is counter, mobile Internet access Subscriber Number inverse-checking method is described below.
Fig. 2 is the schematic flow sheet of mobile Internet access Subscriber Number inverse-checking method one embodiment of the present invention.
As shown in Fig. 2 the inverse-checking method of the embodiment comprises the following steps:
Step 201, the anti-all Radius messages looked into device and sent and received by being divided acquisition aaa server, and from
Brush selects accounting request message in Radius messages.
Wherein, brush selects a kind of embodiment of accounting request message and is from Radius messages:According to preset packet
Data serving node PDSN IP address, effective Radius messages are extracted from all Radius messages of light splitting acquisition;Root
Brush choosing is carried out according to the code fields of effective Radius messages, if code fields are 4, the Radius messages are accounting requests
Message.
Wherein, a kind of embodiment for extracting effective Radius messages is:All Radius messages obtained to light splitting
Source IP address matched with preset packet data serving node PDSN IP address, if the match is successful, should
Radius messages are effective Radius messages, extract the Radius messages, if matching is unsuccessful, abandon Radius reports
Text.
Step 202, the anti-IP address and MDN numbers looked into device and user is obtained from accounting request message.
Wherein, the IP address of user is obtained from accounting request message and a kind of embodiment of MDN numbers is:According to
Accounting request message is divided into charging and starts to report among message, accounting completion packet and charging by Acct-Status-Type fields
Text, wherein, the Acct-Status-Type that charging starts message is 1, and the Acct-Status-Type of accounting completion packet is 2,
The Acct-Status-Type of charging midamble is other numerical value in addition to 1 and 2;Start message or charging knot for charging
Beam message, Framed-IP-Address fields and Calling-Station-Id fields in outgoing packet are extracted, wherein,
Framed-IP-Address field references PDSN is the IP address Calling-Station-Id field references users of user's distribution
MDN numbers.It for charging midamble, can abandon, and also the record in database is not updated.
Step 203, counter to look into type of the device according to accounting request message, IP address and MDN numbers to user enter line number
Operated according to storehouse.
Wherein, according to the type of accounting request message, IP address and MDN numbers to user carry out the one of database manipulation
Planting embodiment is:
If the type of accounting request message, which is charging, starts message, check whether have in database the IP address of user or
The record of MDN numbers, if having the IP address of user or the record of MDN numbers in database, former record is deleted, insertion, which includes, to be used
The IP address at family and the new record of MDN numbers, if there is no the record of the IP address of user or MDN numbers in database, insertion
The new record of IP address comprising user and MDN numbers.
If the type of accounting request message is accounting completion packet, check database in whether have user IP address or
The record of MDN numbers, if having the IP address of user or the record of MDN numbers in database, former record is deleted, if database
In there is no the record of the IP address of user or MDN numbers, database is not operated.
Step 204, it is counter look into device monitor it is counter look into interface, counter made a thorough investigation of from the anti-number for looking into interface acquisition service provider site
Ask, number it is counter make a thorough investigation of ask in comprising service provider site need the anti-IP address looked into.
Step 205, anti-device of looking into is according to the anti-IP address looked into of the needs, the IP address of the user preserved from database
In the record of MDN numbers, MDN numbers corresponding with the counter IP address looked into of the needs, and the MDN that will be found are found
Number returns to service provider site, so that service provider site provides the secondary checking of WAP logins or exempting from for NET modes
Authenticate automated log on.
It is counter look into device and be built-in with possess the anti-legal SP site lists for looking into qualification, the list can be manually added by WEB
Mode or REQ file modes, which are synchronized to, counter looks into device.Before counter looked into, anti-device of looking into can be by the counter source asked of making a thorough investigation of of number
IP address is compared with legal SP site lists, if the anti-source IP address asked of making a thorough investigation of of number in legal SP site lists,
Then ask for legal counter make a thorough investigation of of number, if the anti-source IP address asked of making a thorough investigation of of number not in legal SP site lists, to be non-
Counter make a thorough investigation of of the number of method is asked, and can abandon counter make a thorough investigation of of illegal number and ask.
Wherein, service provider site provides the embodiment for the secondary checking that WAP is logged in, or, service provider station
Point provides the embodiment for exempting to authenticate automated log on of NET modes, may be referred to foregoing, repeats no more here.
Above-mentioned mobile Internet access Subscriber Number inverse-checking method, can divide be further subdivided into Radius receive checking flow,
Radius handling processes, cache database operating process, number are counter to look into interface interchange flow, in order that the present invention is more clear
Chu, it is introduced separately below.
Fig. 3 is that Radius of the present invention receives checking schematic flow sheet.Include as shown in figure 3, Radius receives checking flow
Following steps:
Step 301, by inserting light-dividing device between aaa server and core router, anti-device of looking into obtains AAA clothes
All Radius messages that business device sends and receives.
Step 302, looked into counter in device, all mobile network nucleus equipment PDSN source IP address is prefixed, as extraction
The foundation of effective Radius messages.The anti-IP address looked into device and read preset PDSN, enters to the validity of Radius messages
Row checking.
Step 303, the anti-source IP address for looking into all Radius messages that device obtains to light splitting and preset PDSN equipment
IP address matched.
Step 304A, if the match is successful, the message is the message that PDSN is sent, including PDSN authentication requests message and
Accounting request message etc..
Step 304B, if matching is unsuccessful, the message is not the message that PDSN is sent, to subsequent cache data
The inquiry and change in storehouse directly abandon the message without effect.
Step 304A or step 304B can be performed after step 303.After step 304A, step 305, step are performed
After 304B, this flow terminates.
Step 305, the Radius messages sent to PDSN, anti-device of looking into are screened according to the code fields of message, inspection
Whether the code fields for looking into Radius messages are 4.Step 306A or step 306B can be performed after step 305.
Step 306A, if code values are 4, for effective accounting request message(Accounting request are reported
Text).
Step 306B, if code values are not 4, for the other kinds of invalid packet such as authentication request message, directly lose
Abandon.
Fig. 4 is Radius handling processes schematic diagram of the present invention.As shown in figure 4, Radius handling processes comprise the following steps:
Step 401, the type of accounting request message is identified anti-device of looking into.
Step 402, it is counter look into device accounting request message can be divided into by charging according to Acct-Status-Type fields open
Beginning message, accounting completion packet and charging midamble.Specifically, the Acct-Status-Type that charging starts message is 1, meter
The Acct-Status-Type for taking end message is 2, and the Acct-Status-Type of charging midamble is in addition to 1 and 2
Other numerical value.
Step 403A, if charging starts message or accounting completion packet, anti-device of looking into extracts Framed- therein
IP-Address fields and Calling-Station-Id fields, IP address that PDSN distributes as user and user are represented respectively
MDN numbers.
Step 403B, if charging midamble, then anti-device of looking into abandons the message, subsequently also not in database
Record is updated.
Step 403A or step 403B can be performed after step 402, step 404 can be performed after step 403A.
Step 404, anti-device of looking into carries out database manipulation, the database to the IP address and MDN numbers of the user of extraction
Can be cache database, corresponding database manipulation includes insertion, deletion and lookup etc., the following detailed description of.
Fig. 5 is cache database operating process schematic diagram of the present invention.As shown in figure 5, cache database operates
Flow comprises the following steps:
Step 501, anti-device of looking into is handled according to the different type classification of accounting request message.
Step 502, whether it is " 1 " according to Acct-Status-Type fields, anti-device of looking into starts charging and charging knot
Beam message makes a distinction, and carries out different cache database operations respectively.
Step 503A or step 503B can be performed after step 502.
Step 503A, if Acct-Status-Type is 1, start message for charging, it is counter to look into device respectively with extraction
IP and MDN out searches original cache database as keyword.
Step 504A, anti-device of looking into judge whether there is MDN numbers or the record of IP address in database.
Step 505A1, if having MDN numbers or the record of IP address in database, explanation is that newest charging starts to report
Text deletes original record, it is necessary to update original database, and insertion is comprising MDN numbers and IP address in database
New record.
Step 505A2, if there is no MDN numbers or the record of IP address in database, inserted in database and include MDN
The new record of number and IP address.
Step 503B, if Acct-Status-Type is not 1(With reference to foregoing, then the value is only possible to as 2), then it is charging
End message, the anti-IP and MDN for looking into device respectively to extract search original cached data as keyword respectively
Storehouse.
Step 504B, anti-device of looking into judge whether there is MDN numbers or the record of IP address in database.
Step 505B1, if having MDN numbers or the record of IP address in database, explanation is that newest charging terminates to report
Text, therefore original record is deleted, avoid looking into the presence of " dirty " data influence number is counter.
Step 505B2, if not having MDN numbers or the record of IP address in database, without response in database of descriptions
Entry, database is not operated for the situation.
So far, cache database has carried out corresponding renewal according to PDSN accounting request message, can basis
Counter make a thorough investigation of of SP websites seeks the corresponding result of offer.
The basic structure of cache database is as shown in the table:
MDN numbers | IP address |
13301010101 | 100.0.0.6 |
13301010102 | 100.0.0.7 |
13301010103 | 100.0.0.8 |
...... | ...... |
Fig. 6 looks into interface interchange schematic flow sheet for number of the present invention is counter.As shown in fig. 6, number is counter to look into interface interchange flow
Comprise the following steps:
Step 601, anti-device of looking into by monitoring API query interfaces, ask by counter make a thorough investigation of of number for obtaining SP websites.
Step 602, it is counter look into device and be built-in with possess the anti-legal SP site lists for looking into qualification, the list can pass through WEB
Manually add mode or REQ file modes are synchronized to and counter look into device.Legal SP site lists are read, counter make a thorough investigation of of checking numbers asks progress
Legitimate verification.
Step 603, the counter source IP address asked of making a thorough investigation of of number can be compared with legal SP site lists for anti-device of looking into,
Asked with counter make a thorough investigation of of the number for determining whether legal.
Step 604A, if the anti-source IP address asked of making a thorough investigation of of number in legal SP site lists, for legal number
Counter make a thorough investigation of is asked, in the record of the anti-IP address for looking into the user that device preserves from database and MDN numbers, in lookup and the request
MDN numbers corresponding to IP address.
Step 604B, if the anti-source IP address asked of making a thorough investigation of of number not in legal SP site lists, for illegal number
Counter make a thorough investigation of of code is asked, and anti-device of looking into directly abandons the request, while for security reasons, can remember this inquiry request
Record is got off, and is convenient for system audit and analytic statistics.
Step 605, anti-device of looking into judges whether to find MDN numbers corresponding with the IP address in the request.
Step 606A, if finding MDN numbers corresponding with the IP address in the request, by it is counter look into interface by this
As a result SP websites are returned.
Step 606B, if not finding MDN numbers corresponding with the IP address in the request, it can be looked into by counter
Interface returns to null value record.
In addition, the query function based on IP and MDN numbers, can reserve corresponding api interface, subsequently can and other
CRM(CRM system)、BSS(Business support system)Docked etc. marketing system, the base of interface is being got through with CRM, BSS
On plinth, increase corresponding field code, provide more user properties for SP, facilitate legal authorization website to provide the user more
Abundant personalized service.
Fig. 7 is the anti-structural representation for looking into device one embodiment of mobile Internet access Subscriber Number of the present invention.
As shown in fig. 7, anti-device of looking into includes:Radius receives authentication module 701, Radius processing modules 702, to nickname
Code is counter to look into module 703.
Radius receives authentication module 701, for verifying that authorization and accounting aaa server sends and connect by being divided to obtain
All remote authentication dial-in user service Radius messages received, and brush selects accounting request message from Radius messages;
Radius processing modules 702, for obtaining the IP address and mobile subscriber number of user from accounting request message
Book number MDN numbers;According to the type of accounting request message, IP address and MDN numbers to user carry out database manipulation;
It is counter to External Number to look into module 703, for monitor it is counter look into interface, from it is counter look into interface obtain service provider site number
Counter make a thorough investigation of of code is asked, number it is counter make a thorough investigation of ask in comprising the anti-IP address looked into of service provider site needs;According to the needs
The anti-IP address looked into, from the IP address of user and the record of MDN numbers of database preservation, find and enter with the needs
MDN numbers corresponding to the anti-IP address looked into of row, and the MDN numbers found are returned into service provider site, to service
Provider website provide the secondary checking that WAP WAP logs in or NET modes exempt from authenticate automated log on.
Fig. 8 is the anti-structural representation for looking into another embodiment of device of mobile Internet access Subscriber Number of the present invention.
As shown in figure 8, Radius receives authentication module 701, including:Message sink submodule 7011, validation verification
Module 7012 and type of message identifying processing submodule 7013.
Message sink submodule 7011, for verifying that authorization and accounting aaa server sends and receives by being divided to obtain
All remote authentication dial-in user service Radius messages;
Validation verification submodule 7012, for the IP address according to preset packet data serving node PDSN, from point
Effective Radius messages are extracted in all Radius messages that light obtains;
Type of message identifying processing submodule 7013, for being brushed according to the code fields of effective Radius messages
Choosing, if code fields are 4, the Radius messages are accounting request messages.
Wherein, validation verification submodule 7012, specifically for the source IP to being divided all Radius messages obtained
Location is matched with preset packet data serving node PDSN IP address, if the match is successful, the Radius messages are
Effective Radius messages, extract the Radius messages, if matching is unsuccessful, abandon the Radius messages.
As shown in figure 8, Radius processing modules 702, including:Charge type identification submodule 7021, charging processing submodule
Block 7022 and database operation submodule 7023.
Charge type identifies submodule 7021, for being divided into accounting request message according to Acct-Status-Type fields
Charging starts message, accounting completion packet and charging midamble;
Charging handles submodule 7022, for starting message or accounting completion packet for charging, extracts in outgoing packet
Framed-IP-Address fields and Calling-Station-Id fields, wherein, Framed-IP-Address field references
PDSN is the MDN numbers of the IP address Calling-Station-Id field references users of user's distribution;
Database manipulation submodule 7023, for the type according to accounting request message, the IP address to user and No. MDN
Code carries out database manipulation.
Wherein, database manipulation submodule 7023, is specifically used for
If the type of accounting request message, which is charging, starts message, check whether have in database the IP address of user or
The record of MDN numbers, if having the IP address of user or the record of MDN numbers in database, former record is deleted, insertion, which includes, to be used
The IP address at family and the new record of MDN numbers, if there is no the record of the IP address of user or MDN numbers in database, insertion
The new record of IP address comprising user and MDN numbers;
If the type of accounting request message is accounting completion packet, check database in whether have user IP address or
The record of MDN numbers, if having the IP address of user or the record of MDN numbers in database, former record is deleted, if database
In there is no the record of the IP address of user or MDN numbers, database is not operated.
Module 703 is looked into as shown in figure 8, counter to External Number, including:External inquiry interface sub-module 7031 and data base querying
Submodule 7033.
External inquiry interface sub-module 7031, for monitor it is counter look into interface, from it is counter look into interface obtain service provider site
Counter make a thorough investigation of of number ask, number it is counter make a thorough investigation of ask in comprising service provider site need the anti-IP address looked into;
Data base querying submodule 7033, possess according to the anti-IP address looked into of the needs, the use preserved from database
In the IP address at family and the record of MDN numbers, MDN numbers corresponding with the counter IP address looked into of the needs are found, and will
The MDN numbers found return to service provider site, are logged in so that service provider site provides WAP WAP
Secondary checking or NET modes exempt from authenticate automated log on.
It is counter to External Number to look into module 703 as shown in figure 8, optional, in addition to:Inquire about address legitimate verification submodule
7032 or/and log recording submodule 7034.
Inquire about address legitimate verification submodule 7032, for perform data base querying submodule is counter looked into before,
The counter source IP address asked of making a thorough investigation of of number is compared with legal SP site lists, if the anti-source IP address asked of making a thorough investigation of of number exists
In legal SP site lists, then asked for counter make a thorough investigation of of legal number, if the anti-source IP address asked of making a thorough investigation of of number is not in legal SP
In site list, then asked for counter make a thorough investigation of of illegal number, counter make a thorough investigation of of illegal number can be abandoned and asked.
Log recording submodule 7034, for recording the anti-information for looking into process correlation, it is convenient for system audit and analysis
Statistics.
Mobile Internet access Subscriber Number inverse-checking method provided in an embodiment of the present invention, device and system, pass through to be divided and obtain AAA
All Radius messages that server sends and receives, brush selects accounting request message from Radius messages, then from charging
The IP address and MDN numbers of user is obtained in request message, then according to the type of accounting request message, to the IP address of user
Database manipulation is carried out with MDN numbers, so as to build the mapping table of the IP address of user and MDN numbers in database,
Provided the foundation for follow-up counter look into of SP websites;For WAP modes, anti-device of looking into can provide real IP and MDN corresponding relations,
SP websites realize secondary checking, prevent hacker by mode automated log ons such as message forgeries, and then obtain user profile, so as to protect
The safety of user profile is hindered;For NET modes, anti-device of looking into can provide real IP and MDN corresponding relations, SP website roots
Realized according to the anti-MDN checked in and exempt to authenticate automated log on, improve the convenience that customer service uses, and cause different access sides
Under formula, business is consistent using perception, no matter being surfed the Net using WAP modes or being surfed the Net using NET modes, user can
Without repeatedly inputting username and password, it is only necessary to which once follow-up can realizes authentication automated log on for input.
One of ordinary skill in the art will appreciate that hardware can be passed through by realizing all or part of step of above-described embodiment
To complete, by program the hardware of correlation can also be instructed to complete, described program can be stored in a kind of computer-readable
In storage medium, storage medium mentioned above can be read-only storage, disk or CD etc..
The foregoing is only presently preferred embodiments of the present invention, be not intended to limit the invention, it is all the present invention spirit and
Within principle, any modification, equivalent substitution and improvements made etc., it should be included in the scope of the protection.
Claims (13)
1. a kind of mobile Internet access Subscriber Number inverse-checking method, including:
By being divided all remote authentication dial-in user services for obtaining checking authorization and accounting aaa server and sending and receiving
Radius messages, and brush selects accounting request message from Radius messages;
The IP address and Mobile Directory Number MDN numbers of user is obtained from accounting request message;
According to the type of accounting request message, IP address and MDN numbers to user carry out database manipulation;
Monitor it is counter looks into interface, ask from anti-number counter make a thorough investigation of for looking into interface acquisition service provider site, asked in counter make a thorough investigation of of number
The anti-IP address looked into is needed comprising service provider site;
According to the anti-IP address looked into of the needs, in the IP address of user and the record of MDN numbers that are preserved from database, look into
MDN numbers corresponding with the counter IP address looked into of the needs are found, and the MDN numbers found are returned into service provider
Website, so as to service provider site provide the secondary checking that WAP WAP logs in or NET modes to exempt from authentication automatic
Log in;
Wherein, the HTTP HTTP for needing the anti-IP address service looked into be received from service provider site
Obtained in request, the service provider site, which provides the secondary checking that WAP WAP is logged in, to be included:Service provider
Website by the MDN numbers in the HTTP request compared with the anti-MDN numbers checked in, if the two is consistent, basis
MDN numbers in the HTTP request, which are realized, exempts to authenticate automated log on.
2. according to the method for claim 1, it is characterised in that the service provider site offer NET modes are exempted to reflect
Power automated log on includes:
Service provider site receives the user being route by public network IP address and asked;
Public network IP address during service provider site asks user needs as the anti-IP address looked into of needs, and by this
The counter IP address looked into carry number it is counter make a thorough investigation of ask in carry out that number is counter to be seen to obtain MDN numbers;
Service provider site is realized according to the anti-MDN numbers checked in exempts to authenticate automated log on.
3. according to the method for claim 1, it is characterised in that brush selects accounting request message in the message from Radius
Including:
According to preset packet data serving node PDSN IP address, being extracted in all Radius messages obtained from light splitting has
The Radius messages of effect;
Brush choosing is carried out according to the code fields of effective Radius messages, if code fields are 4, the Radius messages are meters
Take request message.
4. according to the method for claim 3, it is characterised in that described according to preset packet data serving node PDSN's
IP address, extract effective Radius messages and include in all Radius messages obtained from light splitting:
The IP address of the source IP address of all Radius messages obtained to light splitting and preset packet data serving node PDSN
Matched, if the match is successful, the Radius messages are effective Radius messages, extract the Radius messages, if
Match unsuccessful, abandon the Radius messages.
5. according to the method for claim 1, it is characterised in that the IP address of user is obtained in the message from accounting request
Include with MDN numbers:
Accounting request message is divided into by charging according to Acct-Status-Type fields and starts message, accounting completion packet and charging
Midamble;
Start message or accounting completion packet for charging, extract Framed-IP-Address fields in outgoing packet and
Calling-Station-Id fields, wherein, Framed-IP-Address field references PDSN is the IP address of user's distribution
The MDN numbers of Calling-Station-Id field references users.
6. according to the method for claim 1, it is characterised in that the type according to accounting request message, to user's
IP address and MDN numbers, which carry out database manipulation, to be included:
Whether if the type of accounting request message, which is charging, starts message, checking has the IP address or MDN of user in database
The record of number, if having the IP address of user or the record of MDN numbers in database, former record is deleted, insertion includes user
IP address and MDN numbers new record, if there is no the record of the IP address of user or MDN numbers in database, insertion bag
The new record of IP address and MDN numbers containing user;
Whether if the type of accounting request message is accounting completion packet, checking has the IP address or MDN of user in database
The record of number, if having the IP address of user or the record of MDN numbers in database, former record is deleted, if in database
There is no the record of the IP address of user or MDN numbers, database is not operated.
Device is looked into 7. a kind of mobile Internet access Subscriber Number is counter, including:
Radius receives authentication module, for by being divided the institute for obtaining checking authorization and accounting aaa server and sending and receiving
There are remote authentication dial-in user service Radius messages, and brush selects accounting request message from Radius messages;
Radius processing modules, for obtaining the IP address and Mobile Directory Number of user from accounting request message
MDN numbers;According to the type of accounting request message, IP address and MDN numbers to user carry out database manipulation;
It is counter to External Number to look into module, for monitor it is counter look into interface, from it is counter look into interface and obtain the number of service provider site counter look into
Request, number it is counter make a thorough investigation of ask in comprising service provider site need the anti-IP address looked into;Carried out according to the needs anti-
The IP address looked into, in the IP address of user and the record of MDN numbers that are preserved from database, find and the needs are counter is looked into
IP address corresponding to MDN numbers, and the MDN numbers found are returned into service provider site, so as to service provider
Website provide the secondary checking that WAP WAP logs in or NET modes exempt from authenticate automated log on;
Wherein, the HTTP HTTP for needing the anti-IP address service looked into be received from service provider site
Obtained in request, the service provider site, which provides the secondary checking that WAP WAP is logged in, to be included:Service provider
Website by the MDN numbers in the HTTP request compared with the anti-MDN numbers checked in, if the two is consistent, basis
MDN numbers in the HTTP request, which are realized, exempts to authenticate automated log on.
8. device according to claim 7, it is characterised in that the Radius receives authentication module, including:
Message sink submodule, it is all remote for being sent and received by light splitting acquisition checking authorization and accounting aaa server
Journey certification dial-in user service Radius messages;
Validation verification submodule, for the IP address according to preset packet data serving node PDSN, obtained from light splitting
Effective Radius messages are extracted in all Radius messages;
Type of message identifying processing submodule, for carrying out brush choosing according to the code fields of effective Radius messages, if
Code fields are 4, then the Radius messages are accounting request messages.
9. device according to claim 8, it is characterised in that the validation verification submodule, specifically for light splitting
The source IP address of all Radius messages obtained is matched with preset packet data serving node PDSN IP address, such as
The match is successful for fruit, then the Radius messages are effective Radius messages, extracts the Radius messages, if matching is unsuccessful,
Abandon the Radius messages.
10. device according to claim 7, it is characterised in that the Radius processing modules, including:
Charge type identifies submodule, starts for accounting request message to be divided into charging according to Acct-Status-Type fields
Message, accounting completion packet and charging midamble;
Charging handles submodule, for starting message or accounting completion packet for charging, extracts the Framed- in outgoing packet
IP-Address fields and Calling-Station-Id fields, wherein, Framed-IP-Address field references PDSN is use
The MDN numbers of the IP address Calling-Station-Id field references users of family distribution;
Database manipulation submodule, for the type according to accounting request message, IP address and MDN numbers to user enter line number
Operated according to storehouse.
11. device according to claim 7, it is characterised in that the database manipulation submodule, be specifically used for
Whether if the type of accounting request message, which is charging, starts message, checking has the IP address or MDN of user in database
The record of number, if having the IP address of user or the record of MDN numbers in database, former record is deleted, insertion includes user
IP address and MDN numbers new record, if there is no the record of the IP address of user or MDN numbers in database, insertion bag
The new record of IP address and MDN numbers containing user;
Whether if the type of accounting request message is accounting completion packet, checking has the IP address or MDN of user in database
The record of number, if having the IP address of user or the record of MDN numbers in database, former record is deleted, if in database
There is no the record of the IP address of user or MDN numbers, database is not operated.
System is looked into 12. a kind of mobile Internet access Subscriber Number is counter, including:Mobile Internet access as described in claim any one of 7-11
Subscriber Number is counter to look into device and service provider site, and service provider site is used to look into device to mobile Internet access Subscriber Number is counter
Counter make a thorough investigation of of number is sent to ask, number it is counter make a thorough investigation of ask in comprising service provider site need the anti-IP address looked into, and
The secondary checking of WAP WAP logins is provided according to the anti-MDN numbers checked in or the authentication of exempting from of NET modes is stepped on automatically
Record;
Wherein, the HTTP HTTP for needing the anti-IP address service looked into be received from service provider site
Obtained in request, the service provider site is providing what WAP WAP was logged according to the anti-MDN numbers checked in
During secondary checking, specifically for the MDN numbers in HTTP request compared with the anti-MDN numbers checked in, if the two one
Cause, then the MDN numbers in HTTP request, which are realized, exempts to authenticate automated log on.
13. system according to claim 12, it is characterised in that the service provider site checks according to counter
MDN numbers provide when exempting to authenticate automated log on of NET modes, are specifically used for
The user routeing by public network IP address is received to ask;Public network IP address during user is asked is as needing counter looked into
IP address, and by the counter IP address looked into of the needs carry number it is counter make a thorough investigation of ask in carry out that number is counter to be seen to obtain
MDN numbers;Realized according to the anti-MDN numbers checked in and exempt to authenticate automated log on.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201310170495.8A CN104144417B (en) | 2013-05-10 | 2013-05-10 | Mobile Internet access Subscriber Number inverse-checking method, device and system |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201310170495.8A CN104144417B (en) | 2013-05-10 | 2013-05-10 | Mobile Internet access Subscriber Number inverse-checking method, device and system |
Publications (2)
Publication Number | Publication Date |
---|---|
CN104144417A CN104144417A (en) | 2014-11-12 |
CN104144417B true CN104144417B (en) | 2018-01-23 |
Family
ID=51853467
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201310170495.8A Active CN104144417B (en) | 2013-05-10 | 2013-05-10 | Mobile Internet access Subscriber Number inverse-checking method, device and system |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN104144417B (en) |
Families Citing this family (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110085234A (en) * | 2019-04-29 | 2019-08-02 | 苏州狗尾草智能科技有限公司 | Access automatic speech recognition system |
CN115001734B (en) * | 2022-04-17 | 2024-03-22 | 广西电网有限责任公司电力科学研究院 | IP (Internet protocol) reverse check system and method for power network safety monitoring |
Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR100598461B1 (en) * | 2005-05-13 | 2006-07-10 | 엘지전자 주식회사 | System for transmitting multimedia message and controlling method thereof |
CN101163000A (en) * | 2006-10-13 | 2008-04-16 | 中兴通讯股份有限公司 | Secondary authentication method and system |
CN101399853A (en) * | 2007-09-24 | 2009-04-01 | 中国移动通信集团公司 | Customer identification server, data service processing system and method |
CN101854360A (en) * | 2010-05-21 | 2010-10-06 | 恒安嘉新(北京)科技有限公司 | Device and method for tracing to the source of mobile subscriber cellphone number according to IP (Internet Protocol) address |
CN102014368A (en) * | 2009-09-07 | 2011-04-13 | 中国移动通信集团公司 | Method, system and device for acquiring position information of user equipment |
CN102036209A (en) * | 2010-11-18 | 2011-04-27 | 南京安讯科技有限责任公司 | Method and device for identity authentication and charging of mobile interconnection network user |
Family Cites Families (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103067532A (en) * | 2012-10-19 | 2013-04-24 | 中太数据通信(深圳)有限公司 | Method and system of unified identification management of mobile internet users |
-
2013
- 2013-05-10 CN CN201310170495.8A patent/CN104144417B/en active Active
Patent Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR100598461B1 (en) * | 2005-05-13 | 2006-07-10 | 엘지전자 주식회사 | System for transmitting multimedia message and controlling method thereof |
CN101163000A (en) * | 2006-10-13 | 2008-04-16 | 中兴通讯股份有限公司 | Secondary authentication method and system |
CN101399853A (en) * | 2007-09-24 | 2009-04-01 | 中国移动通信集团公司 | Customer identification server, data service processing system and method |
CN102014368A (en) * | 2009-09-07 | 2011-04-13 | 中国移动通信集团公司 | Method, system and device for acquiring position information of user equipment |
CN101854360A (en) * | 2010-05-21 | 2010-10-06 | 恒安嘉新(北京)科技有限公司 | Device and method for tracing to the source of mobile subscriber cellphone number according to IP (Internet Protocol) address |
CN102036209A (en) * | 2010-11-18 | 2011-04-27 | 南京安讯科技有限责任公司 | Method and device for identity authentication and charging of mobile interconnection network user |
Non-Patent Citations (1)
Title |
---|
《VOIP系统的实现及Radius协议在其中的应用》;马巧华;《中国优秀硕士学位论文全文数据库 信息科技辑》;20030615(第2期);第30-33页 * |
Also Published As
Publication number | Publication date |
---|---|
CN104144417A (en) | 2014-11-12 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
JP4722056B2 (en) | Method and apparatus for personalization and identity management | |
CN106789834B (en) | The method of user identity, gateway, PCRF network element and system for identification | |
CN103812836B (en) | A kind of website sends the system and method that user reserves information | |
CN105228140B (en) | A kind of data access method and device | |
CN101005503A (en) | Method and data processing system for intercepting communication between a client and a service | |
CN106851632A (en) | A kind of smart machine accesses the method and device of WLAN | |
JP2014527326A (en) | Wireless LAN connection device and operation method thereof | |
US9973399B2 (en) | IPV6 address tracing method, apparatus, and system | |
CN104735027B (en) | A kind of safety certifying method and authentication server | |
CN102932775A (en) | Method and device for carrying out terminal identification by combining IMEI and UA | |
WO2010123385A1 (en) | Identifying and tracking users in network communications | |
CN108900484A (en) | A kind of generation method and device of access authority information | |
CN103067532A (en) | Method and system of unified identification management of mobile internet users | |
EP3016423A1 (en) | Network safety monitoring method and system | |
CN108737407A (en) | A kind of method and device for kidnapping network flow | |
KR101506594B1 (en) | Method and system for subscriber to log in internet content provider(icp) website in identity/location separation network and login device thereof | |
CN108093390A (en) | A kind of smart machine of feature based information finds method | |
CN104144417B (en) | Mobile Internet access Subscriber Number inverse-checking method, device and system | |
CN102420808A (en) | Method for realizing single signon on telecom on-line business hall | |
CN106982434B (en) | Wireless local area network security access method and device | |
CN105429880B (en) | The network equipment and its method for carrying out routing forwarding | |
CN109309907A (en) | Method, apparatus and its relevant device for charge on traffic | |
CN106131243A (en) | A kind of user's internet behavior auditing method and audit device | |
CN102868539A (en) | Method and system for managing nationwide billing identification gateways | |
CN104869180B (en) | The method and apparatus of controlling terminal communication range |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |