CN106357648A - Core network system, system and method for trunking service registration of trunking terminal - Google Patents
Core network system, system and method for trunking service registration of trunking terminal Download PDFInfo
- Publication number
- CN106357648A CN106357648A CN201610839757.9A CN201610839757A CN106357648A CN 106357648 A CN106357648 A CN 106357648A CN 201610839757 A CN201610839757 A CN 201610839757A CN 106357648 A CN106357648 A CN 106357648A
- Authority
- CN
- China
- Prior art keywords
- authentication
- terminal
- core network
- network system
- registration
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L65/00—Network arrangements, protocols or services for supporting real-time applications in data packet communication
- H04L65/1066—Session management
- H04L65/1073—Registration or de-registration
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
- H04L67/104—Peer-to-peer [P2P] networks
- H04L67/1044—Group management mechanisms
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computing Systems (AREA)
- Computer Hardware Design (AREA)
- Multimedia (AREA)
- Business, Economics & Management (AREA)
- Computer Security & Cryptography (AREA)
- General Business, Economics & Management (AREA)
- General Engineering & Computer Science (AREA)
- Physics & Mathematics (AREA)
- Mathematical Physics (AREA)
- Theoretical Computer Science (AREA)
- Telephonic Communication Services (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
The invention provides a core network system, a system and a method for trunking service registration of a trunking terminal. The terminal sends a first trunking registration request which carries a user name and a digest algorithm name to the core network system without sending codes, so that communication safety is improved; the core network system generates and sends a first authentication request to the terminal according to the first trunking registration request, the terminal sends a second trunking registration request to the core network system, the core network system judges whether authentication of the terminal succeeds or not according to the second trunking registration request, and if yes, a second authentication request is generated and sent to enable the terminal to authenticate the core network system according to the second authentication request; after authentication is successful, the core network system receives registration completion information sent by the terminal. The core network system, the system and the method for trunking service registration of the trunking terminal have advantages that multiple users are enabled to use the same terminal for registration and login, bidirectional authentication between the terminal and the core network system is realized, and safety in communication between the terminal and the core network system is improved.
Description
Technical field
The present invention relates to broadband trunking communication field, more specifically, it is related to a kind of group service registration side of colony terminal
Method, system and core network system.
Background technology
B-trunc (boardband trunking communication, broadband trunking communication) is by broadband cluster (b-
Trunc) " lte Digital Transmission+cluster voice communication " private network broadband cluster system based on td-lte that industry alliance organizes to set up
System standard.
Only support that single user logs at present on the colony terminal of b-trunc broadband.Cluster industry between terminal and cluster core net
Business includes registering, nullifies to realize by using the nas agreement of extension, not using traditional sip protocol.Terminal is being passed through
After lte authentication successfully attachment, proceed by cluster registration.Collection is carried in the extension nas registration message that terminal is sent out
Group energy power reporting information, but do not carry the information such as user name, password.emme(enhanced mobility management
Entity, enhancement mode mobile management entity) receive cluster registration message after, obtain user name, generation from terminal context information
Meter terminal carries out cluster registration to tcf (trunking control function, clustered control functional module).This process does not have
Authenticated, but based on lte authentication above, tcf is thought that the terminal that emme represents registration is safe.Due to existing
There is emme in technology not need to carry out cluster register and authentication to terminal, b-trunc broadband colony terminal does not support multi-user
Registration and login, and lack safety.
Content of the invention
In view of this, the invention provides a kind of group service register method of colony terminal, system and core network system,
Support the bi-directional authentification of the group service registration between terminal and core network system, improve the safety of trunking communication.Specifically
Technical scheme is as follows:
A kind of group service register method of colony terminal, methods described is applied to core network system, and methods described includes:
The the first cluster registration request carrying user name and digest algorithm title that receiving terminal sends;
According to described first cluster registration request, generation carries registration failure reason and the first authentication of header field information please
Ask, and described first authentication request is sent to described terminal;
Receive the second cluster registration request carrying Authentication Header domain information that described terminal sends;
Judge whether the authentication to described terminal is successful according to described Authentication Header domain information, if success, generate and carry use
Family subscription data and the second authentication request of described header field information, and described second authentication request is sent to described terminal, make
Described terminal authenticates to described core network system according to described second authentication request;
After the authentication success of core network system described in described terminal-pair, the registration receiving described terminal transmission completes letter
Breath.
Preferably, described according to described first cluster registration request, generate and carry registration failure reason and header field information
The first authentication request, comprising:
According to described first cluster registration request, obtain the authorization data corresponding with described user name;
Generate the first authentication request carrying registration failure reason and header field information, described header field information includes described
Authorization data.
Preferably, described judge whether the authentication of described terminal is successfully included according to described Authentication Header domain information:
The authentication value being obtained according to described second cluster registration request in described Authentication Header domain information is generated with described terminal
Random value, and obtain the password corresponding with described user name;
According to described user name, described password and described random value, given birth to by the corresponding algorithm of described digest algorithm title
Ratio in pairs;
Judge whether described authentication value is identical with described reduced value, if identical, authenticate successfully.
Preferably, described authentication value is by described digest algorithm title by described user name, password and described random value
Corresponding algorithm generates.
Preferably, methods described also includes:
When the authentication fails, generate the registration response message carrying registration failure reason, and described registration response is believed
Breath sends to described terminal;Described registration failure reason is failed authentication.
A kind of core network system, described core network system includes:
First receiving unit, the first cluster note carrying user name and digest algorithm title sending for receiving terminal
Volume request;
Signal generating unit, carries registration failure reason and header field letter for according to described first cluster registration request, generating
First authentication request of breath, and described first authentication request is sent to described terminal;
Second receiving unit, asks for receiving the second cluster registration carrying Authentication Header domain information that described terminal sends
Ask;
Judging unit, for judging whether the authentication to described terminal is successful according to described Authentication Header domain information, if success,
Generate the second authentication request carrying user contracting data and described header field information, and by described second authentication request send to
Described terminal, makes described terminal according to described second authentication request, described core network system be authenticated;
3rd receiving unit, for when the authentication success of core network system described in described terminal-pair after, receiving described terminal
The registration sending completes information.
Preferably, described signal generating unit includes:
First acquisition subelement, for according to described first cluster registration request, obtaining corresponding with described user name
Authorization data;
First generation subelement, for generating the first authentication request carrying registration failure reason and header field information, institute
State header field information and include described authorization data.
Preferably, described judging unit includes:
Second acquisition subelement, for obtaining recognizing in described Authentication Header domain information according to described second cluster registration request
The random value that card value is generated with described terminal, and obtain the password corresponding with described user name;
Second generation subelement, for according to described user name, described password and described random value, being calculated by described summary
The corresponding algorithm of legitimate name generates reduced value;
Judgment sub-unit, whether identical with described reduced value for judging described authentication value, if identical, authenticate successfully.
Preferably, described core network system also includes:
Failed authentication response unit, for when the authentication fails, generating the registration response letter carrying registration failure reason
Breath, and described registration response message is sent to described terminal;Described registration failure reason is failed authentication.
A kind of group service register method of colony terminal, methods described is applied to terminal, and methods described includes:
Generate and send the first cluster registration request carrying user name and digest algorithm title to core network system;
Receive the first authentication request carrying registration failure reason and header field information that described core network system sends;
When described registration failure reason is not authenticate, generates and carry authentication header field to the transmission of described core network system
Second cluster registration request of information;
When described core network system is to the authentication success of described terminal, receive carrying of described core network system transmission
User contracting data and the second authentication request of described header field information;
Judge whether the authentication to described core network system is successful according to described header field information, if success, generate and to institute
State core network system transmission registration and complete information.
Preferably, methods described also includes:
When described registration failure reason is not not authenticate, regenerates and send described first to described core network system
Cluster registration request.
A kind of terminal, described terminal includes:
First signal generating unit, sends for generating and to core network system and carries the of user name and digest algorithm title
One cluster registration request;
First receiving unit, carries registration failure reason and header field information for receive that described core network system sends
The first authentication request;
Second signal generating unit, for when described registration failure reason is not authenticate, generating and to described core network system
Send the second cluster registration request carrying Authentication Header domain information;
Second receiving unit, for when described core network system is to the authentication success of described terminal, receiving described core
The second authentication request carrying user contracting data and described header field information that net system sends;
Authenticating unit, for judging whether the authentication to described core network system is successful according to described header field information, if become
Work(, generates and completes information to the transmission registration of described core network system.
Preferably, described terminal also includes:
3rd signal generating unit, for when described registration failure reason is not not authenticate, regenerating and to described core
Net system sends described first cluster registration request.
A kind of group service Accreditation System of colony terminal, described system includes: above-mentioned core network system and above-mentioned terminal.
With respect to prior art, beneficial effects of the present invention are as follows:
The group service register method of the colony terminal that the present invention provides, terminal sends to core network system and carries user
Name and the first cluster registration request of digest algorithm title, do not send password, enhance the safety of communication;Core network system root
According to the first cluster registration request, generate and send to terminal carry the first authentication of registration failure reason and header field information please
Ask, terminal sends, to core network system, the second cluster registration request carrying Authentication Header domain information according to the first authentication request,
Core network system judges whether the authentication to terminal is successful, if success, generates and simultaneously carries user contracting data to terminal transmission
With the second authentication request of header field information, terminal is made according to described second authentication request, core network system to be authenticated;Work as end
After end is to the authentication success of core network system, the registration that core network system receiving terminal sends completes information.The present invention can make
Multiple users use same endpoint registration and login, are simultaneously achieved the bi-directional authentification between terminal and core network system, carry
The high safety communicating between terminal and core network system.
Brief description
In order to be illustrated more clearly that the embodiment of the present invention or technical scheme of the prior art, below will be to embodiment or existing
Have technology description in required use accompanying drawing be briefly described it should be apparent that, drawings in the following description be only this
Inventive embodiment, for those of ordinary skill in the art, on the premise of not paying creative work, can also basis
The accompanying drawing providing obtains other accompanying drawings.
Fig. 1 is a kind of group service register method flow chart of colony terminal disclosed in the embodiment of the present invention;
Fig. 2 is a kind of another method flow of the group service register method of colony terminal disclosed in the embodiment of the present invention
Figure;
Fig. 3 is a kind of another method flow of the group service register method of colony terminal disclosed in the embodiment of the present invention
Figure;
Fig. 4 is a kind of structural representation of core network system disclosed in the embodiment of the present invention;
Fig. 5 is the structural representation of another kind of core network system disclosed in the embodiment of the present invention;
Fig. 6 is a kind of group service register method flow chart of colony terminal disclosed in another embodiment of the present invention;
Fig. 7 is a kind of structural representation of terminal disclosed in the embodiment of the present invention.
Specific embodiment
Below in conjunction with the accompanying drawing in the embodiment of the present invention, the technical scheme in the embodiment of the present invention is carried out clear, complete
Site preparation description is it is clear that described embodiment is only a part of embodiment of the present invention, rather than whole embodiments.It is based on
Embodiment in the present invention, it is every other that those of ordinary skill in the art are obtained under the premise of not making creative work
Embodiment, broadly falls into the scope of protection of the invention.
Refer to Fig. 1, embodiments provide a kind of group service register method of colony terminal, methods described should
For core network system, methods described specifically includes following steps:
Step s101: the first cluster registration request carrying user name and digest algorithm title that receiving terminal sends;
Specifically, proceed by group service registration after terminal is successfully adhered to, take in described first cluster registration request
User name and digest algorithm title are carried, conventional digest algorithm is md5, and terminal is not sent out to core network system in this process
Send password, improve the safety communicating between terminal and core network system.
Step s102: according to described first cluster registration request, generate and carry registration failure reason and header field information
First authentication request, and described authentication request is sent to described terminal;
Specifically, method provided in an embodiment of the present invention, terminal to the first time registration request that core network system sends is
Do not enable to register, when core network system receives described first cluster registration request, can generate that to carry registration failure former
Because of the first authentication request with header field information, and described authentication request is sent to described terminal, wherein, authentication request is specifically wrapped
Include registration failure reason cause, header field information realm, qoq, nonce, algorithm and opaque, realm and
Algorithm is authorization data, and cause now is unauthorized (authentication), and realm is protected region ginseng
Number;Algorithm is algorithm name parameter, generally digest algorithm md5, and this parameter is passed to terminal by core network system, protects
Card core net and terminal use same digest algorithm;Which kind of protection scheme qoq supports for predetermined server, and terminal can be from
A specific qoq parameter is selected in parameter list;Nonce is the random random value generating of core network system, differs every time
Sample, to prevent replay attack;Opaque is state parameter, and this parameter passes to terminal by core network system, when terminal sends the
During two cluster registration requests, then read this state.
Step s103: receive the second cluster registration request carrying Authentication Header domain information that described terminal sends;
Specifically, described Authentication Header domain information (authorization) include realm, qoq, nonce, algorithm and
Opaque, realm, algorithm, username, cnonce, uri, response and nc, wherein, username is user
Name;The random parameter value that cnonce generates for terminal, terminal and core network system all can use, and to avoid using plaintext text, make
Obtain the identity that both sides can check other side;Uri is universal resource indicator, contains the uri that terminal desires access to;Nc is one
The numerical value of individual 16 systems, represents that terminal sends out the quantity of registration request, the purpose of this parameter is so that core network system is detected
The quantity of repetitive requests, if this value sees twice, this request is to repeat;Here nonce value please with authentication
The nonce value comprising in asking is identical, response be terminal according to username, nonce, cnonce, algorithm,
The information such as password are generated using the algorithm that algorithm specifies.
Step s104: judge whether the authentication to described terminal is successful according to described Authentication Header domain information, if success, generate
Carry the second authentication request of user contracting data and described header field information, and described second authentication request is sent to described
Terminal, makes described terminal according to described second authentication request, described core network system be authenticated;
Specifically, after core network system is to the authentication success of terminal, core network system generates and carries use to terminal
Family subscription data and the second authentication request of header field information, make terminal according to the second authentication request, core network system be reflected
Weigh the bi-directional authentification it is achieved that group service is registered between terminal and core net.
Specifically, core net registers whether successfully to whether the authentication of terminal is successfully directly connected to, when the authentication fails,
Generate the registration response message carrying registration failure reason, and described registration response message is sent to described terminal;Described
Registration failure reason is failed authentication.
Described user signing contract information includes: the affiliated group information of user and the information such as group service authority.
The group service register method of the colony terminal that the present invention provides, terminal sends to core network system and carries user
Name and the first cluster registration request of digest algorithm title, do not send password, enhance the safety of communication;Core network system root
According to the first cluster registration request, generate and send to terminal carry the first authentication of registration failure reason and header field information please
Ask, terminal sends, to core network system, the second cluster registration request carrying Authentication Header domain information according to the first authentication request,
Core network system judges whether the authentication to terminal is successful, if success, generates and simultaneously carries user contracting data to terminal transmission
With the second authentication request of header field information, terminal is made according to described second authentication request, core network system to be authenticated;Work as end
After end is to the authentication success of core network system, the registration that core network system receiving terminal sends completes information.The present invention can make
Multiple users use same endpoint registration and login, are simultaneously achieved the bi-directional authentification between terminal and core network system, carry
The high safety communicating between terminal and core network system.
Refer to Fig. 2, described according to described first cluster registration request, generate and carry registration failure reason and believe with header field
First authentication request of breath, comprises the following steps:
Step s201: according to described first cluster registration request, obtain the authorization data corresponding with described user name;
Specifically, core network system includes the first network element and the second network element, and the first network element is according to described first cluster registration
Request, sends to the second network element and obtains authorization data request, and the second network element receives described authorization data and asks backward first net
Unit sends the authorization data response carrying the authorization data corresponding with described user name.Authorization data includes: realm and
Algorithm, realm are protected region parameter;Algorithm is algorithm name parameter, generally digest algorithm md5.
Step s202: generate the first authentication request carrying registration failure reason and header field information, described header field information
Include described authorization data.
Specifically, after the first network element obtains authorization data, generate the authentication carrying registration failure reason and header field information
Request, described header field information includes described authorization data, and described authentication request is sent to terminal.Registration failure reason
Cause is unauthorized (authentication);Header field information includes: realm, qoq, nonce, algorithm and opaque,
Realm is protected region parameter;Algorithm is algorithm name parameter, generally digest algorithm md5, core network system
This parameter is passed to terminal it is ensured that core net uses same digest algorithm with terminal;Qoq is used for which predetermined server supports
Plant protection scheme, terminal can select a specific qoq parameter from parameter list;Nonce gives birth at random for core network system
The random value becoming, every time different, to prevent replay attack;Opaque is state parameter, and this parameter is passed by core network system
Pass terminal, when terminal sends the second cluster registration request, then read this state.
Refer to Fig. 3, described according to described Authentication Header domain information judge the authentication to described terminal whether successfully include with
Lower step:
Step s301: according to described second cluster registration request obtain described Authentication Header domain information in authentication value with described
The random value that terminal generates, and obtain the password corresponding with described user name;
Specifically, described second network element obtains the authentication value response in described Authentication Header domain information and described terminal life
The random value cnonce becoming, and it is stored in corresponding with user name password on the 3rd network element to the 3rd network element acquisition.
Step s302: according to described user name, described password and described random value, corresponded to by described digest algorithm title
Algorithm generate reduced value;
Specifically, described second network element is according to the user name obtaining before in the first cluster registration request and digest algorithm name
Claim, from Authentication Header domain information obtain random value, and to the 3rd network element obtain be stored on the 3rd network element with user famous prime minister
Corresponding password, generates reduced value by the corresponding algorithm of described digest algorithm title.
Step s303: judge whether described authentication value is identical with described reduced value, if identical, authenticate successfully.
If it is understood that when the first cluster registration request and the second cluster registration request are to be sent by same terminal,
Under normal circumstances, due to using information such as same username, nonce, cnonce, algorithm, passwords and basis
The authentication value response that the algorithm that algorithm specifies generates is identical with reduced value, authenticates successfully.
It should be noted that the authentication of terminal-pair core net, header field in the second authentication request that core net sends to terminal
In realm, qoq, nonce, algorithm and opaque value in information and the header field information in above-mentioned first authentication request
Realm, qoq, nonce, algorithm are identical with opaque value.
The authentication to terminal for the core network system, is with the difference of the authentication of terminal-pair core network system:
Request-digest is used for core network system to terminal authentication, and response-digest is used for terminal-pair core net and authenticates.No
By being request-digest in header field information, or the response-digest in header field information, it is all to be plucked using md5
Want data genaration summary that algorithm is concatenated into secret and data it may be assumed that
H (data)=md5 (data)
Kd (secret, data)=h (concat (secret, ": ", data))
Specifically, formula is as follows:
A kind of group service register method of the colony terminal being provided based on above-described embodiment, refers to Fig. 4, and the present invention is real
Apply example correspondence and disclose a kind of core network system, specifically include:
First receiving unit 101, the first collection carrying user name and digest algorithm title sending for receiving terminal
Group's registration request;
Signal generating unit 102, for according to described first cluster registration request, generating and carrying registration failure reason and header field
First authentication request of information, and described first authentication request is sent to described terminal;
Second receiving unit 103, for receiving the second cluster note carrying Authentication Header domain information that described terminal sends
Volume request;
Judging unit 104, for judging whether the authentication to described terminal is successful according to described Authentication Header domain information, if become
Work(, generates the second authentication request carrying user contracting data and described header field information, and described second authentication request is sent out
Deliver to described terminal, so that described terminal according to described second authentication request, described core network system is authenticated;
3rd receiving unit 105, for when the authentication success of core network system described in described terminal-pair after, receiving described end
The registration that end sends completes information.
The core network system that the present invention provides, terminal sends to core network system and carries user name and digest algorithm title
The first cluster registration request, do not send password, enhance the safety of communication;Core network system please according to the first cluster registration
Ask, generate and send the first authentication request to terminal, terminal sends the second cluster registration request, core net system to core network system
According to the second cluster registration request, system judges whether the authentication to terminal is successful, if success, generate and simultaneously send the second mirror to terminal
Power request, makes described terminal according to the second authentication request, core network system be authenticated;Mirror when terminal-pair core network system
After power success, the registration that core network system receiving terminal sends completes information.It is same that the present invention can make multiple users use
Endpoint registration and login, are simultaneously achieved the bi-directional authentification between terminal and core network system, improve terminal and core net system
The safety of communication between system.
Refer to Fig. 5, described signal generating unit 102 includes:
First acquisition subelement 107, for according to described first cluster registration request, obtaining corresponding with described user name
Authorization data;
First generation subelement 108, for generating the first authentication request carrying registration failure reason and header field information,
Described header field information includes described authorization data.
Described judging unit 104 includes:
Second acquisition subelement 109, for obtaining in described Authentication Header domain information according to described second cluster registration request
The random value that generates with described terminal of authentication value, and obtain the password corresponding with described user name;
Second generation subelement 110, for according to described user name, described password and described random value, being plucked by described
The corresponding algorithm of algorithm title is wanted to generate reduced value;
Judgment sub-unit 111, whether identical with described reduced value for judging described authentication value, if identical, authenticate successfully.
Described core network system also includes:
Failed authentication response unit 106, for when the authentication fails, generating the registration response carrying registration failure reason
Information, and described registration response message is sent to described terminal;Described registration failure reason is failed authentication.
Refer to Fig. 6, based on the cluster industry of the colony terminal being applied to core network system a kind of disclosed in above-described embodiment
Business register method, embodiment of the present invention correspondence discloses a kind of group service register method of the group terminal being applied to terminal, tool
Body comprises the following steps:
Step s401: generate and send to core network system the first cluster note carrying user name and digest algorithm title
Volume request;
Step s402: receive the first mirror carrying registration failure reason and header field information that described core network system sends
Power request;
Step s403: when described registration failure reason is not authenticate, generates and carry to the transmission of described core network system
There is the second cluster registration request of Authentication Header domain information;
Step s404: when described core network system is to the authentication success of described terminal, receives described core network system and send out
The second authentication request carrying user contracting data and described header field information sent;
Step s405: judge whether the authentication to described core network system is successful according to described header field information, if success, raw
Core network system described in Cheng Bingxiang sends registration and completes information.
It is understood that method disclosed in the embodiment of the present invention and the above-mentioned colony terminal being applied to core network system
Group service register method is corresponding, and concrete implementation procedure and parameter declaration refer to above-described embodiment.
It should be noted that when described registration failure reason is not not authenticate, for example: during the reason such as system mistake, eventually
End regenerates and sends described first cluster registration request to described core network system.
Based on the group service register method of colony terminal disclosed in above-described embodiment, embodiment of the present invention correspondence discloses
A kind of terminal, refers to Fig. 7, and described terminal includes:
First signal generating unit 201, carries user name and digest algorithm title for generating and sending to core network system
The first cluster registration request;
First receiving unit 202, carries registration failure reason and header field for receive that described core network system sends
First authentication request of information;
Second signal generating unit 203, for when described registration failure reason is not authenticate, generating and to described core net system
System sends the second cluster registration request carrying Authentication Header domain information;
Second receiving unit 204, for when described core network system is to the authentication success of described terminal, receiving described core
The second authentication request carrying user contracting data and described header field information that heart net system sends;
Authenticating unit 205, for judging whether the authentication to described core network system is successful according to described header field information, if
Success, generates and completes information to the transmission registration of described core network system.
It should be noted that described terminal also includes:
3rd signal generating unit, for when described registration failure reason is not not authenticate, regenerating and to described core
Net system sends described first cluster registration request.
Based on core network system disclosed in above-described embodiment, embodiment of the present invention correspondence discloses a kind of collection of colony terminal
Group business Accreditation System, including terminal disclosed in above-described embodiment and core network system disclosed in above-described embodiment.
The group service Accreditation System of the colony terminal that the present invention provides, terminal sends to core network system and carries user
Name and the first cluster registration request of digest algorithm title, do not send password, enhance the safety of communication;Core network system root
According to the first cluster registration request, generate and send the first authentication request to terminal, terminal sends the second cluster to core network system
Registration request, according to the second cluster registration request, core network system judges whether the authentication to terminal is successful, if success, generate simultaneously
Send the second authentication request to terminal, so that described terminal according to the second authentication request, core network system is authenticated;Work as terminal
After the authentication success of core network system, the registration that core network system receiving terminal sends completes information.The present invention can make many
Individual user uses same endpoint registration and login, is simultaneously achieved the bi-directional authentification between terminal and core network system, improves
The safety that communicates between terminal and core network system.
Described above to the disclosed embodiments, makes professional and technical personnel in the field be capable of or uses the present invention.
Multiple modifications to these embodiments will be apparent from for those skilled in the art, as defined herein
General Principle can be realized without departing from the spirit or scope of the present invention in other embodiments.Therefore, the present invention
It is not intended to be limited to the embodiments shown herein, and be to fit to and principles disclosed herein and features of novelty phase one
The scope the widest causing.
Claims (14)
1. a kind of group service register method of colony terminal is it is characterised in that methods described is applied to core network system, described
Method includes:
The the first cluster registration request carrying user name and digest algorithm title that receiving terminal sends;
According to described first cluster registration request, generate the first authentication request carrying registration failure reason and header field information,
And send described first authentication request to described terminal;
Receive the second cluster registration request carrying Authentication Header domain information that described terminal sends;
Judge whether the authentication to described terminal is successful according to described Authentication Header domain information, if success, generate and carry user's label
Second authentication request of about data and described header field information, and described second authentication request is sent to described terminal, make described
Terminal authenticates to described core network system according to described second authentication request;
After the authentication success of core network system described in described terminal-pair, the registration receiving described terminal transmission completes information.
2. according to claim 1 method it is characterised in that described according to described first cluster registration request, generation carries
There is the first authentication request of registration failure reason and header field information, comprising:
According to described first cluster registration request, obtain the authorization data corresponding with described user name;
Generate the first authentication request carrying registration failure reason and header field information, described header field information includes described authentication
Data.
3. method according to claim 1 is it is characterised in that described judge to described end according to described Authentication Header domain information
Whether the authentication at end successfully includes:
According to described second cluster registration request obtain that authentication value in described Authentication Header domain information and described terminal generate with
Machine value, and obtain the password corresponding with described user name;
According to described user name, described password and described random value, it is right to be generated by the corresponding algorithm of described digest algorithm title
Ratio;
Judge whether described authentication value is identical with described reduced value, if identical, authenticate successfully.
4. method according to claim 3 is it is characterised in that described authentication value is by described user name, password and described
Random value is generated by the corresponding algorithm of described digest algorithm title.
5. method according to claim 1 is it is characterised in that methods described also includes:
When the authentication fails, generate the registration response message carrying registration failure reason, and described registration response message is sent out
Deliver to described terminal;Described registration failure reason is failed authentication.
6. a kind of core network system is it is characterised in that described core network system includes:
First receiving unit, the first cluster registration of user name and digest algorithm title of carrying sending for receiving terminal please
Ask;
Signal generating unit, for according to described first cluster registration request, generating and carrying registration failure reason and header field information
First authentication request, and described first authentication request is sent to described terminal;
Second receiving unit, for receiving the second cluster registration request carrying Authentication Header domain information that described terminal sends;
Judging unit, for judging whether the authentication to described terminal is successful according to described Authentication Header domain information, if success, generates
Carry the second authentication request of user contracting data and described header field information, and described second authentication request is sent to described
Terminal, makes described terminal according to described second authentication request, described core network system be authenticated;
3rd receiving unit, sends for when the authentication success of core network system described in described terminal-pair after, receiving described terminal
Registration complete information.
7. core network system according to claim 6 is it is characterised in that described signal generating unit includes:
First acquisition subelement, for according to described first cluster registration request, obtaining the authentication corresponding with described user name
Data;
First generation subelement, for generating the first authentication request carrying registration failure reason and header field information, described head
Domain information includes described authorization data.
8. core network system according to claim 6 is it is characterised in that described judging unit includes:
Second acquisition subelement, for obtaining the authentication value in described Authentication Header domain information according to described second cluster registration request
The random value generating with described terminal, and obtain the password corresponding with described user name;
Second generation subelement, for according to described user name, described password and described random value, by described digest algorithm name
Corresponding algorithm is claimed to generate reduced value;
Judgment sub-unit, whether identical with described reduced value for judging described authentication value, if identical, authenticate successfully.
9. according to claim 6 it is characterised in that described core network system also includes:
Failed authentication response unit, for when the authentication fails, generating the registration response message carrying registration failure reason, and
Described registration response message is sent to described terminal;Described registration failure reason is failed authentication.
10. a kind of group service register method of colony terminal is it is characterised in that methods described is applied to terminal, methods described
Including:
Generate and send the first cluster registration request carrying user name and digest algorithm title to core network system;
Receive the first authentication request carrying registration failure reason and header field information that described core network system sends;
When described registration failure reason is not authenticate, generates and carry Authentication Header domain information to the transmission of described core network system
The second cluster registration request;
When described core network system is to the authentication success of described terminal, receive described core network system transmission carries user
Subscription data and the second authentication request of described header field information;
Judge whether the authentication to described core network system is successful according to described header field information, if success, generate and to described core
Heart net system sends registration and completes information.
11. methods according to claim 10 are it is characterised in that methods described also includes:
When described registration failure reason is not not authenticate, regenerates and send described first cluster to described core network system
Registration request.
A kind of 12. terminals are it is characterised in that described terminal includes:
First signal generating unit, sends the first collection carrying user name and digest algorithm title for generating and to core network system
Group's registration request;
First receiving unit, carries the of registration failure reason and header field information for receive that described core network system sends
One authentication request;
Second signal generating unit, for when described registration failure reason is not authenticate, generating and sending to described core network system
Carry the second cluster registration request of Authentication Header domain information;
Second receiving unit, for when described core network system is to the authentication success of described terminal, receiving described core net system
The second authentication request carrying user contracting data and described header field information that system sends;
Authenticating unit, for judging whether the authentication to described core network system is successful according to described header field information, if success, raw
Core network system described in Cheng Bingxiang sends registration and completes information.
13. terminals according to claim 12 are it is characterised in that described terminal also includes:
3rd signal generating unit, for when described registration failure reason is not not authenticate, regenerating and to described core net system
System sends described first cluster registration request.
A kind of group service Accreditation System of 14. colony terminals is it is characterised in that described system includes: claim 6~9 times
Core network system described in meaning one and the terminal described in claim 12 or 13.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610839757.9A CN106357648B (en) | 2016-09-21 | 2016-09-21 | A kind of group service register method, system and the core network system of colony terminal |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610839757.9A CN106357648B (en) | 2016-09-21 | 2016-09-21 | A kind of group service register method, system and the core network system of colony terminal |
Publications (2)
Publication Number | Publication Date |
---|---|
CN106357648A true CN106357648A (en) | 2017-01-25 |
CN106357648B CN106357648B (en) | 2019-10-29 |
Family
ID=57859136
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201610839757.9A Active CN106357648B (en) | 2016-09-21 | 2016-09-21 | A kind of group service register method, system and the core network system of colony terminal |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN106357648B (en) |
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107888622A (en) * | 2017-12-15 | 2018-04-06 | 京信通信系统(中国)有限公司 | A kind of information processing method and mobile management entity |
CN109327456A (en) * | 2018-11-06 | 2019-02-12 | 北京知道创宇信息技术有限公司 | A kind of cluster method for authenticating, clustered node and the electronic equipment of decentralization |
CN110839215A (en) * | 2018-08-16 | 2020-02-25 | 海能达通信股份有限公司 | Cluster communication method, server, terminal equipment and storage medium |
CN114095929A (en) * | 2021-11-22 | 2022-02-25 | 北京长焜科技有限公司 | Account security enhancement method in B-Trunc system |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101106795A (en) * | 2006-07-12 | 2008-01-16 | 华为技术有限公司 | A registration hiding method for IMS domain |
WO2009036620A1 (en) * | 2007-09-20 | 2009-03-26 | Zte Corporation | A method of a cluster system paging a terminal and a dispatching sub-system thereof |
CN102833256A (en) * | 2012-09-03 | 2012-12-19 | 广州杰赛科技股份有限公司 | Method and cloud system for registering cluster control server and node control server |
CN103441989A (en) * | 2013-08-05 | 2013-12-11 | 大唐移动通信设备有限公司 | Authentication and information processing method and device |
CN105208555A (en) * | 2014-06-16 | 2015-12-30 | 中兴通讯股份有限公司 | Cluster service registration method and device |
-
2016
- 2016-09-21 CN CN201610839757.9A patent/CN106357648B/en active Active
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101106795A (en) * | 2006-07-12 | 2008-01-16 | 华为技术有限公司 | A registration hiding method for IMS domain |
WO2009036620A1 (en) * | 2007-09-20 | 2009-03-26 | Zte Corporation | A method of a cluster system paging a terminal and a dispatching sub-system thereof |
CN102833256A (en) * | 2012-09-03 | 2012-12-19 | 广州杰赛科技股份有限公司 | Method and cloud system for registering cluster control server and node control server |
CN103441989A (en) * | 2013-08-05 | 2013-12-11 | 大唐移动通信设备有限公司 | Authentication and information processing method and device |
CN105208555A (en) * | 2014-06-16 | 2015-12-30 | 中兴通讯股份有限公司 | Cluster service registration method and device |
Cited By (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107888622A (en) * | 2017-12-15 | 2018-04-06 | 京信通信系统(中国)有限公司 | A kind of information processing method and mobile management entity |
CN107888622B (en) * | 2017-12-15 | 2020-06-23 | 京信通信系统(中国)有限公司 | Information processing method and mobile management entity |
CN110839215A (en) * | 2018-08-16 | 2020-02-25 | 海能达通信股份有限公司 | Cluster communication method, server, terminal equipment and storage medium |
CN109327456A (en) * | 2018-11-06 | 2019-02-12 | 北京知道创宇信息技术有限公司 | A kind of cluster method for authenticating, clustered node and the electronic equipment of decentralization |
CN114095929A (en) * | 2021-11-22 | 2022-02-25 | 北京长焜科技有限公司 | Account security enhancement method in B-Trunc system |
CN114095929B (en) * | 2021-11-22 | 2023-08-29 | 北京长焜科技有限公司 | Account security enhancement method in B-trunk system |
Also Published As
Publication number | Publication date |
---|---|
CN106357648B (en) | 2019-10-29 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN104065653B (en) | A kind of interactive auth method, device, system and relevant device | |
CN101183932B (en) | Security identification system of wireless application service and login and entry method thereof | |
CN104065652B (en) | A kind of auth method, device, system and relevant device | |
CN107294916B (en) | Single-point logging method, single-sign-on terminal and single-node login system | |
CN107196922B (en) | Identity authentication method, user equipment and server | |
RU2458481C2 (en) | Method and system for trusted third party-based two-way object identification | |
CN102201915B (en) | Terminal authentication method and device based on single sign-on | |
CN111783068B (en) | Device authentication method, system, electronic device and storage medium | |
CN103597799B (en) | service access authentication method and system | |
CN102624720B (en) | Method, device and system for identity authentication | |
CN104468115A (en) | Information system access authentication method and device | |
US20100185860A1 (en) | Method for authenticating a communication channel between a client and a server | |
JP2012530311A5 (en) | ||
Bicakci et al. | Mobile authentication secure against man-in-the-middle attacks | |
JP2012530311A (en) | How to log into a mobile radio network | |
CN102196434A (en) | Authentication method and system for wireless local area network terminal | |
KR20130084315A (en) | A bidirectional entity authentication method based on the credible third party | |
CN109005155A (en) | Identity identifying method and device | |
TWI632798B (en) | Server, mobile terminal, and network real-name authentication system and method | |
CN106357648B (en) | A kind of group service register method, system and the core network system of colony terminal | |
CN104063650B (en) | A kind of key storage device and using method thereof | |
EP2879421A1 (en) | Terminal identity verification and service authentication method, system, and terminal | |
CN104767617A (en) | Message processing method, system and related device | |
CN108965341A (en) | The method, apparatus and system of login authentication | |
CN106713279A (en) | Video terminal identity authentication system |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |