CN109714493B - Method, device and system for binding machine-card pool - Google Patents

Method, device and system for binding machine-card pool Download PDF

Info

Publication number
CN109714493B
CN109714493B CN201711010425.0A CN201711010425A CN109714493B CN 109714493 B CN109714493 B CN 109714493B CN 201711010425 A CN201711010425 A CN 201711010425A CN 109714493 B CN109714493 B CN 109714493B
Authority
CN
China
Prior art keywords
terminal
communication card
pool
identifier
identification
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201711010425.0A
Other languages
Chinese (zh)
Other versions
CN109714493A (en
Inventor
周辉
邢亮
陈冯
朱海泉
陈强
韩晓斌
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China Telecom Corp Ltd
Original Assignee
China Telecom Corp Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China Telecom Corp Ltd filed Critical China Telecom Corp Ltd
Priority to CN201711010425.0A priority Critical patent/CN109714493B/en
Publication of CN109714493A publication Critical patent/CN109714493A/en
Application granted granted Critical
Publication of CN109714493B publication Critical patent/CN109714493B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Landscapes

  • Mobile Radio Communication Systems (AREA)
  • Telephonic Communication Services (AREA)

Abstract

The invention discloses a method, a device and a system for realizing machine-card pool binding, and relates to the field of communication of the Internet of things. The method comprises the following steps: acquiring a communication card identifier and an equipment identifier of a terminal through a Sy interface between the communication card identifier and a PCRF, wherein the communication card identifier and the equipment identifier of the terminal are mapped to the Sy interface after the PCRF receives a session access request of the terminal; according to the corresponding relation between the communication card identification pool and the equipment identification pool which are associated with the terminal, carrying out binding relation verification on the communication card identification and the equipment identification; and mapping the verification result to a Sy interface so that the PCRF determines whether to allow the terminal to use the data service according to the verification result. The method and the device can trigger and realize the N-machine-card pool binding function service under the condition of not increasing the service processing load of the core network, and prevent illegal equipment or communication cards from accessing the network.

Description

Method, device and system for binding machine-card pool
Technical Field
The disclosure relates to the field of communication of the internet of things, in particular to a method, a device and a system for realizing machine-card pool binding.
Background
The Chinese Internet of things is remarkably promoted from 1700 million yuan of 2009 to 7500 million yuan of 2015, and the annual composite growth rate exceeds 25%. In the end of 2016, mobile internet connectivity was 1.4 billion, with machine-to-machine (M2M) applications using more than 1 billion terminals accounting for 31% of the total world. As a domestic full-service operator, China telecom has huge development space in the industry of Internet of things. At present, a China telecom Internet of things mobile network is divided into a provincial network and a private network two-stage architecture, the provincial network is deployed by depending on network elements of a large network, and wireless access and core network access capabilities of Internet of things users are mainly provided. The internet of things private network is intensively arranged in Jiangsu at present and is responsible for collecting the user traffic of the internet of things in the whole network, so that unified account opening, authentication and charging of the users of the internet of things are realized, unified strategy distribution is realized, and intensive operation is supported.
With the introduction of M2M (Machine to Machine) communication, especially the particularity of the internet of things device, for example, for unattended outdoor internet of things devices, the internet of things terminal tariff package is cheap, in order to prevent a user from unplugging a card and placing the card on another terminal (e.g., a Mobile phone) for use, the Mobile phone tariff needs to be limited, the user cannot replace another terminal, that is, the network is required to support the card locking function, and generally the IMEI (International Mobile Equipment Identity) of one internet of things device is required to be uniquely corresponding to the IMSI (International Mobile Subscriber Identity) of an inserted device, or is required to be only corresponding to a plurality of specified IMSIs; conversely, a certain IMSI is also limited to one or several specified IMEIs. Therefore, the relationship between the IMSI and the IMEI needs to be stored in the network to limit the combination of the illegal device and the communication card from accessing the network, thereby realizing the anti-theft. But along with the use outdoor unmanned on duty thing networking equipment in a large number of thing networking enterprises, enterprise's customer has applied for a large amount of communication cards to the operator, has also purchased a large amount of thing networking communication module, if adopt 1 between original IMSI and IMEI: 1 or 1: and N binding, when the terminal and the card are temporarily changed, the terminal and the card must be changed through operator network equipment, so that the automation control complexity of enterprise customers is increased.
Disclosure of Invention
The technical problem to be solved by the present disclosure is to provide a method, an apparatus and a system for implementing machine-card pool binding, which can trigger implementation of N: N machine-card pool binding function services without increasing the service processing load of a core network, so as to prevent access of an illegal device or a communication card to a network.
According to an aspect of the present disclosure, a method for implementing machine-card pool binding is provided, including: acquiring a communication card identifier and an equipment identifier of a terminal through a Sy interface between the PCRF and a policy and charging rule functional unit, wherein the PCRF maps the communication card identifier and the equipment identifier of the terminal to the Sy interface after receiving a session access request of the terminal; according to the corresponding relation between the communication card identification pool and the equipment identification pool which are associated with the terminal, carrying out binding relation verification on the communication card identification and the equipment identification; and mapping the verification result to a Sy interface so that the PCRF determines whether to allow the terminal to use the data service according to the verification result.
Further, acquiring a corresponding communication card attribution number according to the communication card identification of the terminal; acquiring a corresponding terminal attribution number according to the communication card attribution number of the terminal; acquiring an equipment identification pool bound by the terminal according to the terminal attribution number; and judging whether the equipment identifier of the terminal is contained in the equipment identifier pool, if so, determining that the binding relationship check is passed, otherwise, determining that the binding relationship check is not passed.
Further, before the step of obtaining the corresponding communication card attribution number according to the communication card identifier of the terminal, the method further comprises the following steps: inquiring whether the communication card identification database contains the communication card identification of the terminal; if the communication card identification database does not contain the communication card identification, determining that the binding relationship passes the verification; and if the communication card identification database contains the communication card identification, acquiring the corresponding communication card attribution number according to the communication card identification of the terminal.
Further, before the step of determining whether the device identifier of the terminal is included in the device identifier pool, the method further includes: judging whether the equipment identification pool is empty or not; if the equipment identification pool is empty, determining that the binding relationship is verified; and if the equipment identification pool is not empty, judging whether the equipment identification of the terminal is contained in the equipment identification pool.
Further, acquiring a communication card identifier and an equipment identifier of the terminal through an Attribute Value Pair (AVP) field of a Sy interface initial consumption quota report request (SLR) message between the PCRF; the check result is mapped to the policy computation state PCS field of the Sy interface SLR message.
Further, the communication card identifier of the terminal is the international mobile subscriber identity IMSI of the terminal; the equipment identification of the terminal is the international mobile equipment identification IMEI of the terminal.
According to another aspect of the present disclosure, a device for implementing machine-card pool binding is further provided, including: a Sy interface processing module, configured to obtain a communication card identifier and a device identifier of the terminal through a Sy interface between the policy and charging rule functional unit and a PCRF, where the PCRF maps the communication card identifier and the device identifier of the terminal to the Sy interface after receiving a session access request of the terminal; the verification judgment module is used for verifying the binding relationship between the communication card identifier and the equipment identifier according to the corresponding relationship between the communication card identifier pool and the equipment identifier pool which are associated with the terminal; and the verification result mapping module is used for mapping the verification result to the Sy interface so that the PCRF can determine whether the terminal is allowed to use the data service according to the verification result.
Further, the checking and judging module comprises: the communication card attribution number acquiring unit is used for acquiring a corresponding communication card attribution number according to the communication card identification of the terminal; the terminal attribution number acquiring unit is used for acquiring a corresponding terminal attribution number according to the communication card attribution number of the terminal; the equipment identification pool acquiring unit is used for acquiring the equipment identification pool bound by the terminal according to the terminal attribution number; the device identification judging unit is used for judging whether the device identification of the terminal is contained in the device identification pool or not; and the verification judging unit is used for determining that the binding relationship verification is passed if the equipment identifier of the terminal is contained in the equipment identifier pool, and otherwise, determining that the binding relationship verification is not passed.
Further, the checking and judging module further comprises: the communication card identification query unit is used for querying whether the communication card identification database contains the communication card identification of the terminal; the checking and judging unit is used for determining that the binding relationship passes the checking if the communication card identification database does not contain the communication card identification; and the communication card attribution number acquiring unit is used for acquiring a corresponding communication card attribution number according to the communication card identification of the terminal if the communication card identification database contains the communication card identification.
Further, the checking and judging module further comprises: a device identification pool judgment unit for judging whether the device identification pool is empty; the checking and judging unit is used for determining that the binding relationship passes the checking if the equipment identification pool is empty; the device identifier determining unit is configured to determine whether the device identifier of the terminal is included in the device identifier pool if the device identifier pool is not empty.
Further, the Sy interface processing module is used for acquiring a communication card identifier and an equipment identifier of the terminal through an Attribute Value Pair (AVP) field of an initial consumption quota report request (SLR) message of the Sy interface between the terminal and the PCRF; and the check result mapping module is used for mapping the check result to the strategy calculation state PCS field of the Sy interface SLR message.
Further, the communication card identifier of the terminal is the international mobile subscriber identity IMSI of the terminal; the equipment identification of the terminal is the international mobile equipment identification IMEI of the terminal.
According to another aspect of the present disclosure, a system for implementing machine-card pool binding is further provided, including a policy and charging rule functional unit PCRF and the above-mentioned device for implementing machine-card pool binding; the PCRF is used for mapping the communication card identification and the equipment identification of the terminal to a Sy interface between devices bound with the machine-card pool after receiving a session access request of the terminal, and determining whether the terminal is allowed to use the data service according to a verification result mapped by the devices bound with the machine-card pool.
According to another aspect of the present disclosure, a device for implementing machine-card pool binding is further provided, including: a memory; and a processor coupled to the memory, the processor configured to perform the method as described above based on instructions stored in the memory.
According to another aspect of the present disclosure, a computer-readable storage medium is also proposed, on which computer program instructions are stored, which instructions, when executed by a processor, implement the steps of the above-described method.
The communication card identification and the equipment identification of the terminal are obtained through a Sy interface between the communication card identification and the PCRF, binding relation verification is carried out on the communication card identification and the equipment identification according to the corresponding relation between a communication card identification pool and an equipment identification pool associated with the terminal, and a verification result is mapped to the Sy interface, so that the PCRF determines whether the terminal is allowed to use data services or not according to the verification result, N machine-card pool binding function service can be triggered and realized under the condition that the core network service processing load is not increased, and illegal equipment or communication cards are prevented from being accessed into a network.
Other features of the present disclosure and advantages thereof will become apparent from the following detailed description of exemplary embodiments thereof, which proceeds with reference to the accompanying drawings.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments of the disclosure and together with the description, serve to explain the principles of the disclosure.
The present disclosure may be more clearly understood from the following detailed description, taken with reference to the accompanying drawings, in which:
fig. 1 is a flowchart illustrating an embodiment of a method for implementing machine-card pool binding according to the present disclosure.
Fig. 2 is a flowchart illustrating another embodiment of a method for implementing machine-card pool binding according to the present disclosure.
Fig. 3 is a flowchart illustrating a method for implementing machine-card pool binding according to still another embodiment of the present disclosure.
Fig. 4 is a schematic structural diagram of an embodiment of an apparatus for implementing machine-card pool binding according to the present disclosure.
Fig. 5 is a schematic structural diagram of another embodiment of an apparatus for implementing machine-card pool binding according to the present disclosure.
Fig. 6 is a schematic structural diagram of an embodiment of a system for implementing machine-card pool binding according to the present disclosure.
Fig. 7 is a schematic structural diagram of another embodiment of the system for implementing machine-card pool binding according to the present disclosure.
Fig. 8 is a schematic structural diagram of an apparatus for implementing machine-card pool binding according to still another embodiment of the present disclosure.
Fig. 9 is a schematic structural diagram of an apparatus for implementing machine-card pool binding according to another embodiment of the present disclosure.
Detailed Description
Various exemplary embodiments of the present disclosure will now be described in detail with reference to the accompanying drawings. It should be noted that: the relative arrangement of the components and steps, the numerical expressions, and numerical values set forth in these embodiments do not limit the scope of the present disclosure unless specifically stated otherwise.
Meanwhile, it should be understood that the sizes of the respective portions shown in the drawings are not drawn in an actual proportional relationship for the convenience of description.
The following description of at least one exemplary embodiment is merely illustrative in nature and is in no way intended to limit the disclosure, its application, or uses.
Techniques, methods, and apparatus known to those of ordinary skill in the relevant art may not be discussed in detail but are intended to be part of the specification where appropriate.
In all examples shown and discussed herein, any particular value should be construed as merely illustrative, and not limiting. Thus, other examples of the exemplary embodiments may have different values.
It should be noted that: like reference numbers and letters refer to like items in the following figures, and thus, once an item is defined in one figure, further discussion thereof is not required in subsequent figures.
For the purpose of promoting a better understanding of the objects, aspects and advantages of the present disclosure, reference is made to the following detailed description taken in conjunction with the accompanying drawings.
Fig. 1 is a flowchart illustrating an embodiment of a method for implementing machine-card pool binding according to the present disclosure. The method is executed by a device for realizing machine-card pool binding, and the device for realizing machine-card pool binding interacts with a PCRF (Policy and Charging Rules Function) network element through a Sy interface.
In step 110, the communication card identifier and the device identifier of the terminal are obtained through a Sy interface between the PCRF and the terminal, wherein the PCRF maps the communication card identifier and the device identifier of the terminal to the Sy interface after receiving the session access request of the terminal. The communication card identifier of the terminal may be an IMSI of a SIM card of the terminal, and the device identifier of the terminal may be an IMEI of the terminal.
In step 120, the binding relationship between the communication card identifier and the device identifier is verified according to the correspondence between the communication card identifier pool and the device identifier pool associated with the terminal. For example, an enterprise client may form IMEIs of multiple terminals into an IMEI terminal pool, and IMSIs of multiple SIM cards into an IMSI number pool, wherein an enterprise client may only sign one IMSI number pool and one IMEI terminal pool, identifying that there is one IMSI list and one IMEI terminal list in the enterprise client. If the IMSI list is empty and the IMEI list associated with the enterprise client is not empty, the fact that the enterprise client does not have an IMSI card number for allocation is shown, the IMEI terminal is not bound, and the IMEI terminal can use the IMSI card number at will; if the IMSI list is not empty and the IMEI terminal list is empty, the enterprise client does not have any IMEI terminal available for allocation, and the IMSI card of the enterprise client can use any IMEI terminal. If the IMSI list is not empty and the IMEI terminal list is not empty, the IMSI of the enterprise user can only use the terminal in the IMEI terminal list.
In step 130, the check result is mapped to the Sy interface, so that the PCRF determines whether to allow the terminal to use the data service according to the check result. For example, if the binding relationship check passes, the PCRF requests the PGW to apply a release policy to a PDN (Public Data Network) connection bearer of the terminal, and if the binding relationship check fails, the PCRF requests the PGW to apply a blocking policy to the PDN connection bearer of the terminal.
In the embodiment, a communication card identifier and a device identifier of a terminal are acquired through a Sy interface between the communication card identifier and a PCRF, binding relation verification is carried out on the communication card identifier and the device identifier according to a corresponding relation between a communication card identifier pool and a device identifier pool associated with the terminal, and a verification result is mapped to the Sy interface, so that the PCRF determines whether the terminal is allowed to use data services or not according to the verification result, N machine-card pool binding function service can be triggered and realized under the condition that the service processing load of a core network is not increased, and illegal devices or communication cards are prevented from being accessed to the network. Moreover, when the terminal equipment and the communication card are temporarily changed, the corresponding relation between the terminal equipment and the communication card does not need to be changed through operator network equipment.
Fig. 2 is a flowchart illustrating another embodiment of a method for implementing machine-card pool binding according to the present disclosure. The method is executed by a device for realizing the machine-card pool binding, the device for realizing the machine-card pool binding can be an external device or an internal device, and the external device is taken as an example for description below.
In step 210, after receiving the session access Request of the terminal, the PCRF maps the communication card identifier and the device identifier of the terminal to an AVP (Attribute Value Pairs) field of a Sy interface SLR (speed Limit Request) message between the terminal and a set device.
In step 220, the external device obtains the communication card identifier and the device identifier of the terminal through the Sy interface.
In step 230, the communication card id database is queried to determine whether the communication card id is included, if so, step 240 is executed, otherwise, step 280 is executed.
In step 240, the corresponding communication card affiliation number is obtained according to the communication card identifier of the terminal, and the corresponding terminal affiliation number is obtained according to the communication card affiliation number of the terminal. The terminal home number is a corporate client home number, for example, a corporate a home number is 1, and a corporate B home number is 2.
In step 250, the device identification pool bound by the terminal is obtained according to the terminal home number.
In step 260, it is determined whether the device identification pool is empty, if so, step 280 is performed, otherwise, step 270 is performed.
In step 270, it is determined whether the device identifier of the terminal is included in the device identifier pool, if so, step 280 is executed, otherwise, step 290 is executed.
At step 280, it is determined that the binding check passed. If the communication card identifier is not contained in the communication card identifier database, it indicates that the user has not signed up the card pool binding service, and the PDN connection bearer session of the terminal can be continuously executed. And if the equipment identification pool is empty, the PDN connection bearer session of the terminal can be continuously executed. If the device identifier of the terminal is contained in the device identifier pool, it indicates that the communication card identifier and the device identifier of the terminal are legally used, and the PDN connection bearer session of the terminal can be continuously executed.
At step 290, it is determined that the binding check failed. If the equipment identifier of the terminal is not contained in the equipment identifier pool, the fact that the communication card identifier and the equipment identifier of the terminal are used illegally is shown, and the PDN connection of the terminal is required to be blocked.
In step 2100, the external device maps the verification result to a PCS (Policy-Counter-Status) field of the Sy interface SLR message. For example, if the binding relationship check is determined to pass, the PCS field is set to 0, and if the binding relationship check is determined not to pass, the PCS field is set to 1.
In step 2110, the PCRF determines that the PDN connection bearer of the terminal adopts a blocking policy or a release policy according to the verification result. For example, if the PCS field of the Sy interface SLR message received by the PCRF is set to 0, the PGW is required to apply an open policy to the PDN connection bearer of the terminal user through a Gx interface CCA (Credit-Control-Answer) message. And if the PCS field of the Sy interface SLR message received by the PCRF is set to 1, the PGW is required to adopt a blocking strategy for the PDN connection bearer of the terminal user through the Gx interface CCA message.
In the embodiment, the external device acquires the communication card identifier and the device identifier of the terminal through the Sy interface, and maps the verification result to the Sy interface to verify the binding relationship between the communication card identifier and the device identifier, so that the PCRF determines that the PDN connection bearer of the terminal adopts the blocking strategy or the releasing strategy according to the verification result.
Fig. 3 is a flowchart illustrating a method for implementing machine-card pool binding according to still another embodiment of the present disclosure.
In step 310, after the internet of things terminal is on line, when the terminal initiates a PDN connection bearer, a session access request is initiated to the PCRF by the internet of things private network PGW.
In step 320, after receiving the session establishment Request of the terminal, the PCRF extracts the IMSI and IMEI information of the terminal in a CC-Request Command message.
In step 330, the PCRF maps the IMSI and IMEI information of the terminal to the Sy interface SLR message AVP field between the PCRF and the external device.
In step 340, the external device obtains the IMSI and IMEI information of the terminal through the Sy interface. In this embodiment, the correspondence between the IMEI list and the IMSI list associated with the enterprise client needs to be maintained. An enterprise client can only sign one IMSI list and one IMEI list; if the IMSI list is empty, the IMEI list associated with the enterprise client is not empty, the enterprise client does not have an IMSI card number for allocation, and the IMEI terminal is not bound and can be used at will; if the IMSI list is not empty and the IMEI list is empty, the enterprise client does not have any IMEI terminal available for allocation, and the IMSI card of the enterprise client can use any IMEI terminal. If the IMSI list is not empty and the IMEI list is not empty, the IMSI card of the enterprise can only use the terminal in the IMEI list.
In step 350, the IMSI subscriber base is queried whether the IMSI information is included, if so, step 360 is executed, otherwise, step 3100 is executed.
In step 360, the home number of the enterprise client associated with the IMSI is obtained. For example, the home number of the communication card is found according to the IMSI, and then the home number of the enterprise client is found according to the home number of the communication card.
In step 370, all IMEIs bound by the enterprise are obtained through the associated enterprise client home number in the IMEI device binding library of the external device. Wherein all IMEIs obtainable via the device identification database.
In step 380, it is determined whether the IMEI list is empty, if so, step 3100 is performed, otherwise, step 390 is performed.
In step 390, with the obtained IMEI information as a query condition, all IMEIs bound to the enterprise are retrieved, and it is determined whether the corresponding IMEI information can be retrieved, if yes, step 3100 is executed, otherwise, step 3110 is executed.
In step 3100, set PCS field of Sy interface SLR message to 0, determine that PDN connection bearer session for the user can continue. If the IMSI is not inquired in the IMSI subscriber library, the terminal does not sign the machine card pool binding service, and the PDN connection bearer session of the terminal can be continuously executed. And if the IMEI list bound by the enterprise is empty, marking that the Gx session of the terminal can be continuously executed. If the corresponding IMEI information is retrieved, the IMEI and IMSI of the user are legally used, and the PDN connection bearer session of the user can be continuously executed.
In step 3110, the PCS field of the Sy interface SLR message is set to 1, and it is determined that the PDN connection of the user carries session blocking.
In step 3120, the PCRF requests, through the Gx interface, that the PGW can adopt an open policy for the PDN connection bearer of the end user.
At step 3130, the PCRF requests over the Gx interface that the PGW can apply a blocking policy for the PDN connection bearer of the end user.
In this embodiment, the external device obtains the IMEI and IMSI of the terminal according to the Sy interface, performs binding relationship verification on the IMEI and IMSI of the terminal, maps the determination result to the PCS field of the Sy interface SLR message, and requires the PCRF to determine, according to the PCS field result, that the PDN connection bearer of the terminal user employs the blocking policy or the releasing policy. According to the embodiment, when the terminal equipment and the communication card are temporarily changed, an additional link of interaction with a user is not needed, the corresponding relation between the terminal equipment and the communication card does not need to be changed through operator network equipment, and the complexity of enterprise customer automation control is reduced.
Fig. 4 is a schematic structural diagram of an embodiment of an apparatus for implementing machine-card pool binding according to the present disclosure. The device for realizing machine-card pool binding interacts with a PCRF network element through a Sy interface, wherein the device for realizing machine-card pool binding comprises a Sy interface processing module 410, a verification judgment module 420 and a verification result mapping module 430, wherein:
the Sy interface processing module 410 is configured to obtain a communication card identifier and a device identifier of the terminal through a Sy interface between the PCRF and the communication card module, where the PCRF maps the communication card identifier and the device identifier of the terminal to the Sy interface after receiving the session access request of the terminal. The communication card identifier of the terminal may be an IMSI of the terminal, and the device identifier of the terminal may be an IMEI of the terminal.
The checking and determining module 420 is configured to check a binding relationship between the communication card identifier and the device identifier according to a correspondence between the communication card identifier pool and the device identifier pool associated with the terminal. For example, an enterprise client may form IMEIs of multiple terminals into an IMEI terminal pool, and IMSIs of multiple SIM cards into an IMSI number pool, wherein an enterprise client may only sign one IMSI number pool and one IMEI terminal pool, identifying that there is one IMSI list and one IMEI terminal list in the enterprise client. If the IMSI list is empty and the IMEI list associated with the enterprise client is not empty, the fact that the enterprise client does not have an IMSI card number for allocation is shown, the IMEI terminal is not bound, and the IMEI terminal can use the IMSI card number at will; if the IMSI list is not empty and the IMEI terminal list is empty, the enterprise client does not have any IMEI terminal available for allocation, and the IMSI card of the enterprise client can use any IMEI terminal. If the IMSI list is not empty and the IMEI terminal list is not empty, the IMSI of the enterprise user can only use the terminal in the IMEI terminal list.
The verification result mapping module 430 is configured to map the verification result to the Sy interface, so that the PCRF determines whether to allow the terminal to use the data service according to the verification result. For example, if the binding relationship check passes, the PCRF requests the PGW to apply an open policy to the PDN connection bearer of the terminal, and if the binding relationship check fails, the PCRF requests the PGW to apply a blocking policy to the PDN connection bearer of the terminal.
In the embodiment, a communication card identifier and a device identifier of a terminal are acquired through a Sy interface between the communication card identifier and a PCRF, binding relation verification is carried out on the communication card identifier and the device identifier according to a corresponding relation between a communication card identifier pool and a device identifier pool associated with the terminal, and a verification result is mapped to the Sy interface, so that the PCRF determines whether the terminal is allowed to use data services or not according to the verification result, N machine-card pool binding function service can be triggered and realized under the condition that the service processing load of a core network is not increased, and illegal devices or communication cards are prevented from being accessed to the network. Moreover, when the terminal equipment and the communication card are temporarily changed, the corresponding relation between the terminal equipment and the communication card does not need to be changed through operator network equipment.
Fig. 5 is a schematic structural diagram of another embodiment of an apparatus for implementing machine-card pool binding according to the present disclosure. The device for realizing the machine-card pool binding comprises a Sy interface processing module 510, a checking judgment module 520 and a checking result mapping module 530, wherein:
and the Sy interface processing module is used for acquiring the communication card identifier and the equipment identifier of the terminal through the AVP field of the Sy interface SLR message between the terminal and the PCRF.
The verification judging module 520 may include a communication card home number acquiring unit 521, a terminal home number acquiring unit 522, an apparatus identification pool acquiring unit 523, an apparatus identification judging unit 524, and a verification judging unit 525, where:
the communication card affiliation number acquisition unit 521 is configured to acquire a corresponding communication card affiliation number according to a communication card identifier of the terminal. The terminal affiliation number acquisition unit 522 is configured to acquire a corresponding terminal affiliation number according to a communication card affiliation number of the terminal. For example, enterprise a has a home number of 1 and enterprise B has a home number of 2. The device identifier pool obtaining unit 523 is configured to obtain the device identifier pool bound by the terminal according to the home number of the communication card, that is, obtain the terminal IMEI database according to the home number of the communication card. The device identifier determining unit 524 is configured to determine whether the device identifier of the terminal is included in the device identifier pool. The checking and judging unit 525 is configured to determine that the binding relationship check is passed if the device identifier of the terminal is included in the device identifier pool, and otherwise, determine that the binding relationship check is not passed. If the device identifier of the terminal is contained in the device identifier pool, it indicates that the communication card identifier and the device identifier of the terminal are legally used, and the PDN connection bearer session of the terminal can be continuously executed.
In another embodiment, the checking and determining module 520 may further include a communication card identifier querying unit 526, configured to query whether the communication card identifier database includes the communication card identifier of the terminal, that is, query whether the IMSI subscriber repository includes the IMSI information. If the communication card identifier database contains a communication card identifier, the communication card affiliation number acquisition unit 521 acquires a corresponding communication card affiliation number according to the communication card identifier of the terminal. If the communication card identifier is not contained in the communication card identifier database, the verification determining unit 525 determines that the binding relationship verification is passed. If the communication card identifier is not contained in the communication card identifier database, it indicates that the user has not signed up the card pool binding service, and the PDN connection bearer session of the terminal can be continuously executed.
In another embodiment, the checking and determining module 520 may further include an equipment identity pool determining unit 527, configured to determine whether the equipment identity pool is empty, that is, determine whether the IMEI list is empty, if the IMEI list is empty, the checking and determining unit 525 determines that the binding relationship check is passed, which indicates that the PDN connection bearer session of the terminal may continue to be executed. If not, the device identifier determining unit 524 determines whether the device identifier of the terminal is included in the device identifier pool.
The check result mapping module 530 is used for mapping the check result to the PCS field of the Sy interface SLR message. For example, if the binding relationship check is determined to pass, the PCS field is set to 0, and if the binding relationship check is determined not to pass, the PCS field is set to 1. And the PCRF determines that the PDN connection bearer of the terminal adopts a blocking strategy or a releasing strategy according to the verification result. For example, if the PCS field of the Sy interface SLR message received by the PCRF is set to 0, the PGW is required to apply an open policy to the PDN connection bearer of the end user through the Gx interface CCA message. And if the PCS field of the Sy interface SLR message received by the PCRF is set to 1, the PGW is required to adopt a blocking strategy for the PDN connection bearer of the terminal user through the Gx interface CCA message.
In the embodiment, the external device acquires the communication card identifier and the device identifier of the terminal through the Sy interface, and maps the verification result to the Sy interface to verify the binding relationship between the communication card identifier and the device identifier, so that the PCRF determines that the PDN connection bearer of the terminal adopts the blocking strategy or the releasing strategy according to the verification result. Moreover, when the terminal equipment and the communication card are temporarily changed, the corresponding relation between the terminal equipment and the communication card does not need to be changed through operator network equipment, and the complexity of enterprise customer automation control is reduced.
Fig. 6 is a schematic structural diagram of an embodiment of a system for implementing machine-card pool binding according to the present disclosure. The system comprises a PCRF 610 and a device 620 for realizing machine-card pool binding, wherein the device 620 for realizing machine-card pool binding interacts with a PCRF 610 network element through a Sy interface. The device 620 for implementing machine-card pool binding is described in detail in the foregoing embodiment, and the PCRF 610 is configured to map, after receiving the session access request of the terminal, the communication card identifier and the device identifier of the terminal to a Sy interface between the devices for implementing machine-card pool binding, and determine whether to allow the terminal to use the data service according to a verification result mapped by the device for implementing machine-card pool binding. The communication card identifier of the terminal may be an IMSI of the terminal, and the device identifier of the terminal may be an IMEI of the terminal.
For example, as shown in fig. 7, after the internet of things terminal is online, when the internet of things terminal 630 initiates a PDN connection bearer, a session access request is initiated to the PCRF 610 by the internet of things private network PGW 650 through the Serving GateWay (SGW) 640. After receiving a session establishment Request CCR of the terminal 630 of the Internet of things, the PCRF 610 extracts IMSI and IMEI information of the terminal user in a CC-Request Command message, and adds a Sy interface SLR message AVP field mapped between the PCRF 610 and the device 620 for realizing machine-card pool binding, so that the device 620 for realizing machine-card pool binding acquires the IMEI of the terminal and the IMSI used by the terminal through the Sy interface. After receiving the verification result of the device 620 for implementing machine-card pool binding, the PCRF 610 determines, according to the Policy-Counter-Status field result, that the PDN connection bearer of the terminal user employs the blocking Policy or the put-through Policy. If Policy-Counter-Status field of Sy interface SLR message received by PCRF is set to 0, PCRF 610 requests PGW 650 to apply put-through Policy to PDN connection bearer of the terminal user through Gx interface CCA message. If Policy-Counter-Status field of Sy interface SLR message received by PCRF 610 is set to 1, PCRF 610 requires PGW 650 to apply blocking Policy for PDN connection bearer of the end user through Gx interface CCA message. The device 620 for implementing machine-card pool binding may obtain the communication card identifier database and the device identifier database signed by the terminal through a Customer Relationship Management (CRM) 660 signing interface.
The machine-card binding strategy adopted by the related technology operators is as follows: the method includes the steps that a 1:1 binding relationship between IMSI and IMEI is set in an HSS (Home Subscriber Server) 670, in the stages of user authentication, TAU (Tracking Area Update) periodic location Update, MME (Mobility Management Entity) 680 switching and the like, when the HSS 670 receives the IMEI and IMSI sent by the MME 680, the IMSI and the IMEI are checked, and if the IMSI and the IMEI are not matched, the terminal is refused to access a network, and obviously, the current implementation strategy mode needs to change the existing HSS logic judgment processing mechanism to meet the requirements of enterprise clients of the Internet of things.
The embodiment interacts with a PCRF network element through built-in binding pool data and judgment logic of a device for realizing machine-card pool binding, triggers and realizes N machine-card binding pool function service, and reduces the complexity of enterprise customer automation control because the terminal equipment and the communication card are temporarily changed without changing through operator network equipment.
Fig. 8 is a schematic structural diagram of an apparatus for implementing machine-card pool binding according to still another embodiment of the present disclosure. The apparatus includes a memory 810 and a processor 820. Wherein: the memory 810 may be a magnetic disk, flash memory, or any other non-volatile storage medium. The memory 810 is used to store instructions in the embodiments corresponding to fig. 1-3. Processor 820 is coupled to memory 810 and may be implemented as one or more integrated circuits, such as a microprocessor or microcontroller. The processor 820 is configured to execute instructions stored in the memory.
In one embodiment, as also shown in fig. 9, the apparatus 900 includes a memory 910 and a processor 920. Processor 920 is coupled to memory 910 by a BUS 930. The device 900 may also be coupled to an external storage device 950 via a storage interface 940 for facilitating retrieval of external data, and may also be coupled to a network or another computer system (not shown) via a network interface 960, which will not be described in detail herein.
In the embodiment, the memory stores the data instruction, and the processor processes the instruction, so that the N-machine card pool binding function service can be triggered and realized under the condition of not increasing the service processing load of the core network, and illegal equipment or communication cards are prevented from accessing the network. Moreover, when the terminal equipment and the communication card are temporarily changed, the corresponding relation between the terminal equipment and the communication card does not need to be changed through operator network equipment.
In another embodiment, a computer-readable storage medium has stored thereon computer program instructions which, when executed by a processor, implement the steps of the method in the corresponding embodiment of fig. 1-3. As will be appreciated by one skilled in the art, embodiments of the present disclosure may be provided as a method, apparatus, or computer program product. Accordingly, the present disclosure may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present disclosure may take the form of a computer program product embodied on one or more computer-usable non-transitory storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The present disclosure is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems) and computer program products according to embodiments of the disclosure. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
Thus far, the present disclosure has been described in detail. Some details that are well known in the art have not been described in order to avoid obscuring the concepts of the present disclosure. It will be fully apparent to those skilled in the art from the foregoing description how to practice the presently disclosed embodiments.
Although some specific embodiments of the present disclosure have been described in detail by way of example, it should be understood by those skilled in the art that the foregoing examples are for purposes of illustration only and are not intended to limit the scope of the present disclosure. It will be appreciated by those skilled in the art that modifications may be made to the above embodiments without departing from the scope and spirit of the present disclosure. The scope of the present disclosure is defined by the appended claims.

Claims (11)

1. A method for realizing machine-card pool binding comprises the following steps:
acquiring a communication card identifier and an equipment identifier of a terminal through an Attribute Value Pair (AVP) field of an initial consumption quota report request (SLR) message of a Sy interface between a policy and charging rule functional unit (PCRF), wherein the communication card identifier and the equipment identifier of the terminal are mapped to the Sy interface after the PCRF receives a session access request of the terminal;
acquiring a corresponding communication card attribution number according to the communication card identification of the terminal;
acquiring a corresponding terminal attribution number according to the communication card attribution number of the terminal;
acquiring an equipment identification pool bound by the terminal according to the terminal attribution number;
judging whether the equipment identifier of the terminal is contained in the equipment identifier pool, if so, determining that the binding relationship check is passed, otherwise, determining that the binding relationship check is not passed;
and mapping the verification result to a policy computation state PCS word of the Sy interface SLR message so that the PCRF determines whether to allow the terminal to use the data service according to the verification result.
2. The method according to claim 1, wherein the step of obtaining the corresponding home number of the communication card according to the communication card identifier of the terminal further comprises:
inquiring whether a communication card identification database contains the communication card identification of the terminal;
if the communication card identification database does not contain the communication card identification, determining that the binding relationship passes the verification;
and if the communication card identification database contains the communication card identification, acquiring a corresponding communication card attribution number according to the communication card identification of the terminal.
3. The method of claim 1, wherein the step of determining whether the device identifier of the terminal is included in the device identifier pool further comprises:
judging whether the equipment identification pool is empty or not;
if the equipment identification pool is empty, determining that the binding relationship is verified;
and if the equipment identification pool is not empty, judging whether the equipment identification of the terminal is contained in the equipment identification pool.
4. The method according to any one of claims 1 to 3,
the communication card identification of the terminal is the International Mobile Subscriber Identity (IMSI) of the terminal;
the equipment identification of the terminal is International Mobile Equipment Identification (IMEI) of the terminal.
5. An apparatus for implementing machine-card pool binding, comprising:
a Sy interface processing module, configured to acquire a communication card identifier and a device identifier of a terminal through an attribute value pair AVP field of a Sy interface initial consumption quota report request SLR message between the policy and charging rule functional unit PCRF, where the PCRF maps the communication card identifier and the device identifier of the terminal to the Sy interface after receiving a session access request of the terminal;
the check judgment module comprises:
a communication card attribution number acquiring unit, configured to acquire a corresponding communication card attribution number according to a communication card identifier of the terminal;
a terminal attribution number obtaining unit, configured to obtain a corresponding terminal attribution number according to a communication card attribution number of the terminal;
the equipment identification pool acquisition unit is used for acquiring the equipment identification pool bound by the terminal according to the terminal attribution number;
a device identifier determining unit, configured to determine whether a device identifier of the terminal is included in the device identifier pool;
a check judging unit, configured to determine that the binding relationship check passes if the device identifier of the terminal is included in the device identifier pool, and otherwise, determine that the binding relationship check fails;
and the verification result mapping module is used for mapping the verification result to the policy calculation state PCS word of the Sy interface SLR message so that the PCRF can determine whether the terminal is allowed to use the data service according to the verification result.
6. The apparatus of claim 5, wherein the check judgment module further comprises:
the communication card identification query unit is used for querying whether a communication card identification database contains the communication card identification of the terminal;
the verification judging unit is used for determining that the binding relationship verification is passed if the communication card identifier is not contained in the communication card identifier database;
and the communication card attribution number acquiring unit is used for acquiring a corresponding communication card attribution number according to the communication card identification of the terminal if the communication card identification database contains the communication card identification.
7. The apparatus of claim 5, wherein the check judgment module further comprises:
an equipment identification pool judgment unit, configured to judge whether the equipment identification pool is empty;
the check judging unit is used for determining that the binding relationship check is passed if the equipment identification pool is empty;
the device identifier determining unit is configured to determine whether the device identifier of the terminal is included in the device identifier pool if the device identifier pool is not empty.
8. The apparatus of any one of claims 5-7,
the communication card identification of the terminal is the International Mobile Subscriber Identity (IMSI) of the terminal;
the equipment identification of the terminal is International Mobile Equipment Identification (IMEI) of the terminal.
9. A system for implementing machine-card pool binding, comprising a Policy and Charging Rules Function (PCRF) unit and the device for implementing machine-card pool binding of any claim 5-8;
and the PCRF is used for mapping the communication card identification and the equipment identification of the terminal to a Sy interface between the devices bound with the machine-card pool after receiving a session access request of the terminal, and determining whether the terminal is allowed to use the data service according to a verification result mapped by the devices bound with the machine-card pool.
10. An apparatus for implementing machine-card pool binding, comprising:
a memory; and
a processor coupled to the memory, the processor configured to perform the method of any of claims 1-4 based on instructions stored in the memory.
11. A computer readable storage medium having stored thereon computer program instructions which, when executed by a processor, implement the steps of the method of any one of claims 1 to 4.
CN201711010425.0A 2017-10-26 2017-10-26 Method, device and system for binding machine-card pool Active CN109714493B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201711010425.0A CN109714493B (en) 2017-10-26 2017-10-26 Method, device and system for binding machine-card pool

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201711010425.0A CN109714493B (en) 2017-10-26 2017-10-26 Method, device and system for binding machine-card pool

Publications (2)

Publication Number Publication Date
CN109714493A CN109714493A (en) 2019-05-03
CN109714493B true CN109714493B (en) 2021-06-18

Family

ID=66253276

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201711010425.0A Active CN109714493B (en) 2017-10-26 2017-10-26 Method, device and system for binding machine-card pool

Country Status (1)

Country Link
CN (1) CN109714493B (en)

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114390509B (en) * 2021-12-28 2023-12-05 天翼物联科技有限公司 Machine-card binding pool realization method, device, equipment and medium based on Internet of things
CN114374942B (en) * 2021-12-29 2024-05-28 天翼物联科技有限公司 Service processing method, system, device and storage medium based on machine-card binding
CN114339689B (en) * 2021-12-30 2023-12-22 天翼物联科技有限公司 Internet of things machine card binding pool management and control method, device and related medium
CN117221874A (en) * 2023-08-15 2023-12-12 惠州市百富智能技术有限公司 Code number configuration method, configuration device, electronic equipment and storage medium

Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101370263A (en) * 2007-08-15 2009-02-18 华为技术有限公司 Policy control method and system
CN102075909A (en) * 2009-11-23 2011-05-25 中兴通讯股份有限公司 Checking method and device of binding relationship of IMSI and IMEI
CN102083212A (en) * 2010-04-30 2011-06-01 大唐移动通信设备有限公司 Method, system and device for identifying terminal
CN102449955A (en) * 2009-11-24 2012-05-09 华为技术有限公司 Method, apparatus and system for controlling behaviors of machine type communication MTC terminals
CN102595400A (en) * 2012-03-19 2012-07-18 中兴通讯股份有限公司 Method, system and user device for detecting whether universal integrated circuit card (UICC) is used on authorized device
CN105100130A (en) * 2014-04-25 2015-11-25 北京奇虎科技有限公司 Terminal device and terminal device theft prevention method and system
CN105120448A (en) * 2015-07-31 2015-12-02 深圳市鼎信通达科技有限公司 System and method for using multiple SIM cards limitlessly
US9277572B1 (en) * 2013-05-10 2016-03-01 Sprint Communications Company L.P. Modification of diameter messages to establish a communication session over a home packet data network gateway
CN106982125A (en) * 2016-01-18 2017-07-25 中兴通讯股份有限公司 Strategic charging control method, protocol converter, policy charging rule equipment, system

Patent Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101370263A (en) * 2007-08-15 2009-02-18 华为技术有限公司 Policy control method and system
CN102075909A (en) * 2009-11-23 2011-05-25 中兴通讯股份有限公司 Checking method and device of binding relationship of IMSI and IMEI
CN102449955A (en) * 2009-11-24 2012-05-09 华为技术有限公司 Method, apparatus and system for controlling behaviors of machine type communication MTC terminals
CN102083212A (en) * 2010-04-30 2011-06-01 大唐移动通信设备有限公司 Method, system and device for identifying terminal
CN102595400A (en) * 2012-03-19 2012-07-18 中兴通讯股份有限公司 Method, system and user device for detecting whether universal integrated circuit card (UICC) is used on authorized device
US9277572B1 (en) * 2013-05-10 2016-03-01 Sprint Communications Company L.P. Modification of diameter messages to establish a communication session over a home packet data network gateway
CN105100130A (en) * 2014-04-25 2015-11-25 北京奇虎科技有限公司 Terminal device and terminal device theft prevention method and system
CN105120448A (en) * 2015-07-31 2015-12-02 深圳市鼎信通达科技有限公司 System and method for using multiple SIM cards limitlessly
CN106982125A (en) * 2016-01-18 2017-07-25 中兴通讯股份有限公司 Strategic charging control method, protocol converter, policy charging rule equipment, system

Also Published As

Publication number Publication date
CN109714493A (en) 2019-05-03

Similar Documents

Publication Publication Date Title
CN109714493B (en) Method, device and system for binding machine-card pool
US9819810B2 (en) Method and system for enabling usage of mobile telephone services on a donor device
US20170170856A1 (en) Cloud sim card pool system
KR102141372B1 (en) Terminal device with built-in subscriber identification module and profile selection method for this
CN112654033B (en) Service opening method and device
CN105227786B (en) A kind of means of communication and device based on virtual-number
CN104244227A (en) Terminal access authentication method and device in internet of things system
EP2708069B1 (en) Sim lock for multi-sim environment
CN108540973B (en) Data service processing method, device and system in roaming scene
CN103747028B (en) A kind of method for authorizing user's temporary root authority
CN107645722B (en) Private network selective access method and system, public network MME, HSS and base station
US20150023219A1 (en) Charging method and apparatus
US9445274B2 (en) Method for preventing fraud or misuse when using a specific service of a public land mobile network by a user equipment, subscriber identity module and application program
CN104378750A (en) Charging method and system with multiple terminals sharing balance of account
WO2011091658A1 (en) Terminal and method for binding sim card
WO2014149059A1 (en) Enabling monitoring and reporting for dynamic policy enforcement in multi-operator wholesale networks
CN109792671A (en) The equipment being obstructed is checked in roaming scence
CN105228123A (en) Mobile phone users carries out the method and system of communication service in roaming place
CN109587642B (en) Charging method and device
CN103856940A (en) Security authentication method and system
CN101217704B (en) An updating method of user information of authentication authorized charging system
JP2018504003A (en) Billing control apparatus, method, and system
CN109729515B (en) Method for realizing machine-card binding, user identification card and Internet of things terminal
US10813037B2 (en) Operator-ID based restriction for a cellular network
KR20160028455A (en) Automatically detection of a network operator for a mobile network device

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant