CN1658703A - Adaptive hierarchical discrimination algorithm in LCS system - Google Patents
Adaptive hierarchical discrimination algorithm in LCS system Download PDFInfo
- Publication number
- CN1658703A CN1658703A CN200510018458.0A CN200510018458A CN1658703A CN 1658703 A CN1658703 A CN 1658703A CN 200510018458 A CN200510018458 A CN 200510018458A CN 1658703 A CN1658703 A CN 1658703A
- Authority
- CN
- China
- Prior art keywords
- client
- authentication
- targeted customer
- rating
- request
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Landscapes
- Mobile Radio Communication Systems (AREA)
Abstract
This invention relates to a auto-adapting classification rating general arithmetic in the LCS system which is mainly used in the gateway of the mobile location center (GMLC). The method is based on the classification and auto-adapting idea. In this invention, after the GMLC receives the outer LCS orientation request sent by the client, firstly classify and rate the general. According to the service type and the client type, ulteriorly rate the client request frequency and the sponsor after the groovy general rating; the client rates the object users after rating. In the progress of rating the multi-object users, after having rated every user, rate the next object user according to the rating result. The general rating will end until all the object users' general ratings have finished the orientation request. This invention makes the orientation general rating flow stratification, simplifies the process course, improves the general rating efficiency of the system, effectively insures the security of the mobile users' location information, and improves the capability of the system and the security.
Description
Technical field
What the present invention relates to is a kind of authentication arithmetic that is applied to GMLC (GMLC) equipment in the business of third generation shift position, adaptive hierarchical discrimination algorithm in a kind of specifically LCS (location-based service) system.
Background technology
The LCS system provides location service to insert and management function to outside LCS client, be responsible for the mobile subscriber is transmitted to the SGSN/MSC (VMSC) of target mobile user current service by the Location Request of outside LCS client, after the positional information that obtains network calculations, the result returned to outside LCS client.
In order to satisfy mobile subscriber's fail safe and private requirement, guarantee that positional information of mobile subscriber neither can be lost, destroy, can do not used by other undelegated third parties yet, the LCS system receives after the position requests of outside LCS client, before handling Location Request, need to verify authority and the identity of initiating requesting client earlier, after checking is passed through, the targeted customer can according to type of service and own signatory the time secret attribute determined Location Request carried out authority limit.
At present general LCS system carries out client authentication and targeted customer's authentication side by side, and different types of service adopts identical authentication process with client type, the authentication principle that then adopts username and password to be complementary for the client authentication.This method for authenticating is fairly simple, be easy to realize, but the LCS system can distribute an independently memory block (user's context) for each targeted customer in common system flow, preserve targeted customer's subscription data and the information that the localization process requirements of process is deposited.This client and targeted customer be the method for authentication simultaneously, if after authentication, set up user's context, need in the authentication process so request message is decomposed checking, client and targeted customer be after all authentication is passed through, and Location Request handled carry out a solicited message in the process of setting up user's context again and decompose to obtain solicited message and targeted customer's information; If just set up context in beginning, so under the situation of client failed authentication, recovery system resource (user's context) again in the time of the refusal client, can make like this occur on the system handles redundant, cause systematic function to descend and the wasting of resources, especially to the multiple target user positioning request.In addition, this authentication arithmetic lacks adaptive ability in the positioning service of multiple client type and type of service.At last, user cipher is easy to be stolen in the authentication principle of user's name and password coupling, can cause customer position information by illegal leakage and use, has reduced the fail safe of system.
Summary of the invention
The technical problem to be solved in the present invention is: adaptive hierarchical discrimination algorithm in a kind of LCS system is provided, algorithm is adaptive to client type, type of service, request target number of users, targeted customer's CAMEL-Subscription-Information and privacy on the basis of multilayer classifying.
The technical scheme that the present invention solves the problems of the technologies described above is: adaptive hierarchical discrimination algorithm in a kind of LCS system is characterized in that client in the one-time positioning request and targeted customer are divided into the two-stage authentication; Client authentication and targeted customer's authentication are according to the further hierarchical discrimination of client type, type of service, request target number of users, targeted customer's CAMEL-Subscription-Information and privacy;
After the LCS system receives Location Request, at first carry out the client authentication; As the client failed authentication, system directly sends refuse information, end process to client; Pass through as the client authentication, then set up context, carry out targeted customer's authentication for each client;
Client method for authenticating: at different client types, comprise value-added service type client and other types client, carry out different processing; For value-added service type client, after by conventional client authentication, to request frequency and the further authentication of promoter;
Targeted customer's method for authenticating: in targeted customer's authentication process, processing respectively is set at different user signing contract informations and privacy; If the targeted customer does not enable authorization function, be defaulted as the targeted customer to all consumer positioning mandates; If the targeted customer enables authorization function, the authority of consumer positioning is set according to grant column list; At the consumer positioning of having authorized,, be defaulted as the user to all consumer positioning mandates if the targeted customer does not enable blocking function; If the targeted customer enables authorization function, according to the authority of block list refusal part consumer positioning;
Multiple target user anthority identifying method:, a plurality of users are made the as a whole authentication of carrying out successively for the multiple target subscription authentication; After each subscription authentication is finished, change corresponding state over to according to authenticating result, carry out next targeted customer's authentication, finish up to all targeted customer's authentications, the Location Request authentication finishes.
Principle of the present invention:
The present invention carries out outside LCS client authentication and the classification of targeted customer's authentication, earlier external client is carried out authentication, and authentication comprises access rights, state and the CAMEL-Subscription-Information of client.The client authentication can be adaptive to multiple client type and multiple business type, in the value-added service authentication also with the part of flow control as the client authentication.If client failed authentication, GMLC directly replys refusal information to client, do not need to position processing, after the client authentication is passed through, system is to Location Request distributing user context, before handling request the targeted customer is carried out authentication, authentication process is adaptive to CAMEL-Subscription-Information and private be provided with of target with the user.Respectively each targeted customer is carried out authentication up and down for this algorithm combination of multiple target user, user profile is filled up to the context of targeted customer's correspondence, failure flags changed corresponding status of fail on the user of failed authentication did in context, the user of authentication success changes armed statees such as corresponding over to, positions processing.So just realized the safety of Location Request and authentication efficiently.
Description of drawings
Fig. 1 is the navigation system structure chart of the embodiment of the invention.
Fig. 2 is the adaptive hierarchical discrimination algorithm structure chart of the embodiment of the invention
Fig. 3 is the client authorizing procedure figure of the embodiment of the invention.
Fig. 4 is targeted customer's authorizing procedure figure of the embodiment of the invention.
Embodiment
Below in conjunction with accompanying drawing adaptive hierarchical discrimination algorithm of the present invention is elaborated.
Fig. 1 is the navigation system structure chart that the present invention relates to.System is made up of outside LCS client (External LCS Client) 101, mobile location centre Chinese gateway (GMLC) 102, attaching position register (HLR) 103, GPRS serving GPRS support node (SGSN) 104, mobile switching centre (MSC) 105, Le interface 106, Lh interface 107, Lg interface 108.
Send Location Request by Le interface 106 to mobile location centre Chinese gateway 102 corresponding to outside LCS client 101, what Le interface 106 carried is the mlp agreement; 102 pairs of location request message that receive of mobile location centre Chinese gateway are decomposed, at first obtain client-side information and check that whether client is the legal contracted user of this mobile location centre Chinese gateway 102, if not just refusing Location Request, otherwise just obtain corresponding subscription data and carry out authentication from mobile location centre Chinese gateway 102 databases, the client authentication by after obtain targeted customer's information, the targeted customer distributes corresponding context respectively according to being positioned, authority and privacy checking to each targeted customer, fill in context, after authentication is general, GMLC102 obtains targeted customer's routing iinformation to attaching position register 103 by Lh interface 107,107 carryings of Lh interface be the map agreement; Send Location Request by Lg interface 108 to the SGSN104/MSC of correspondence (VMSC) 105 according to routing iinformation, what Lg interface 108 carried also is the map agreement.
Outside LCS client 101 has four kinds of types of service among the present invention: value-added service type, urgency traffic type, Operator Specific Service type and legal monitoring business type.
Fig. 2 is the adaptive hierarchical discrimination algorithm structure chart.Whole Location Request authentication process 200 is mainly undertaken by client authentication 201 and 202 two processes of targeted customer's authentication classification successively, also be to adopt classification mechanism in client authentication 201 and targeted customer's authentication 202, the client authentication comprise general client-side information authentication with according to different client types and positioning service self adaptation authentication 210 two-stages.General client authentication comprises the checking to client access authority 203, client user's title and password 204 and client location authority 205 several aspects, self adaptation authentication 210 adopts different authentication principles according to type, the type of service of requesting client, comprise request frequency control 206 and promoter's authentication 207 two-stages, promoter's authentication 207 utilizes authorization list and the blocked list in the GMLC102 subscribed database to carry out the checking 208 of promoter's grant column list and promoter's block list checking 209.Any one failed authentication then stops current authentication process and returns refusal information to client and do not continue downward operation in the superincumbent authentication process.
After the success of client authentication, system distributes context for the targeted customer, carry out targeted customer's authentication, it comprises: checking call/session correlation number legitimacy 211 (if it is relevant to have call/session in the request), the whether signatory positioning service (212) of adaptive checking targeted customer and targeted customer's privacy check 215 (mainly be in the GMLC102 subscribed database, check the white box of contracted user tabulate 213 box inspection contracted user black boxs tabulation 214) in targeted customer's authentication process if the single goal user positioning request then changes corresponding state over to, refuse information is sent to external client 101, if the multiple target user positioning request changes state in the current goal user's context over to corresponding state so, proceed next targeted customer's authentication, finishing up to all targeted customer's authentications positions processing then.
Fig. 3 is the client authentication arithmetic flow chart that relates among the present invention.
Just as discussed above, client authentication process at first just when mobile location centre Chinese gateway 102 receives outside LCS client 101 Location Requests.Flow process starts from 301, step 302, resolve Location Request message IE, check whether message has the log-on message (generally comprising client id and password) of initiating the Location Request client in being, obtains client-side information.The client id that utilization is obtained in 302 steps, step 303 check whether client is the registered user of this mobile location centre Chinese, if step 304 is obtained the subscription data of this client in local GMLC database.Subscription data has coordinate system and the position shape of corresponding ID, password, type of service, request type, priority, state, effective time, trigger event, the support of client, some data, promoter grant column list and the block list etc. relevant with request frequency.Step 305 compares the password that lands in password and the CAMEL-Subscription-Information that carries in the Location Request, if authentication so inequality finishes 318, and the password unanimity, algorithm thinks that the outside LCS client of initiating Location Request has the authority of the current GMLC of visit.The location authority of checking client in step 306 and 307, outside LCS client has 3 signatory states in GMLC: the one, and contracted and still do not opened positioning service, the 2nd, signatory and opened positioning service, the 3rd, signatory still positioning service surpasses the term of validity, step 306 is checked the state of client, only allowing to be in client signatory and unlatching scope of business state positions, step 307 compares the validity of checking client request with current system time and effective time.To the generic authentication process of just having finished client here.Step 308 is obtained the signatory type of service of client, and step 309 is checked, if client is not the value-added service type, so to the authentication of just having finished client here.If the value-added service client, step 310 is according to the checking request frequency of subscription data, and step 311 checks whether the promoter of Location Request is the cellphone subscriber, if not finishing the client authentication, otherwise begins the authentication to the promoter.
The at first grant column list setting in the adaptive inspection client subscription data in step 312 of promoter's authentication, if client is not provided with grant column list or the grant column list function is not enabled, algorithm thinks that client is to all promoters' mandates, otherwise step 315 is checked client authorization user list record, the promoter is not by authorizing, enter step 317 failed authentication, pass through authentication, continuing the adaptive inspection client of step 314 block list is provided with, if block list is not set same client or the block list function is not enabled, algorithm thinks that client do not block all promoters.Enabling under the situation of blocking function, step 315 checks whether the promoter is blocked by client, client allows, authentication completes successfully the client authentication, if client refusal promoter initiates the location, algorithm just enters step 317 failed authentication, and GMLC sends refuse information to client, finishes whole positioning flow.
Fig. 4 is the targeted customer's authorizing procedure figure that relates among the present invention.
In the algorithm only after client authentication success, system begins to distribute context for each targeted customer, and the information in the localization message is filled up to (step 401) in the context, carry out targeted customer's authentication then, step 402 and step 403 sign in based on context determines that whether the location is to call out relevant or session relevant, calls out the number APN relevant with session that is correlated with if then verify respectively according to the database of system's correspondence.After checking was passed through, step 406 was obtained targeted customer's CAMEL-Subscription-Information at local data base, and subscription data has targeted customer's sign, service condition and privacy to be provided with etc.Service condition is divided into the signatory positioning service and two kinds of the positioning services of contracting, step 407, allow signatory targeted customer to pass through authentication, step 408, check that user's privacy is provided with, if privacy is masked as " refusal ", step 409 is further checked client POI value, have only the POI value when client just to allow to position for " ignoring (OVERRIDE) ", the targeted customer who is masked as " not refusing " for privacy does not need to check client POI value.Step 410 is obtained targeted customer's white box tabulation configuration information, adopt the self adaptation principle: do not think that the targeted customer allows anyone that oneself own positioned if white box listing function is enabled this algorithm, otherwise, step 411 checks that consumer positioning is whether in the allowed band of white box, not in white box tabulation, do not allow this targeted customer location, authentication process failure (414), fill in failure flags in about this targeted customer, after white box allows, step 412 inspection is obtained the tabulation of targeted customer's black box and is provided with, the same self adaptation principle that adopts: do not think that the targeted customer does not limit anyone location if the black box listing function is enabled this algorithm, otherwise, step 413 is traversal in the black box tabulation, if find this location initiator, illustrate that the targeted customer does not allow the promoter that oneself is positioned, enter step 414, failed authentication is simultaneously filled in failure flags this targeted customer in up and down, if black box allows the location initiator location, single target subscription authentication success, context changes corresponding state over to and waits for localization process, this user's authentication success (415).
Discussed above is single goal subscription authentication process, in multiple target subscription authentication process, the targeted customer is carried out authentication one by one successively, each targeted customer's authorizing procedure is identical with process discussed above, be that success or failure all will check whether be last user after targeted customer's authentication is finished in step 417, continue to take out next targeted customer's context if not algorithm, carry out authentication and all finish up to all targeted customer's authentications, whole Location Request authentication finishes.
Above the invention has been described in conjunction with example, should point out, those skilled in the art can make the change on various forms of and the details, and do not depart from by the determined the spirit and scope of the present invention of claims.
Claims (1)
1, adaptive hierarchical discrimination algorithm in a kind of LCS system is characterized in that client in the one-time positioning request and targeted customer are divided into the two-stage authentication; Client authentication and targeted customer's authentication are according to the further hierarchical discrimination of client type, type of service, request target number of users, targeted customer's CAMEL-Subscription-Information and privacy;
After the LCS system receives Location Request, at first carry out the client authentication; As the client failed authentication, system directly sends refuse information, end process to client; Pass through as the client authentication, then set up context, carry out targeted customer's authentication for each client;
Client method for authenticating: at different client types, comprise value-added service type client and other types client, carry out different processing; For value-added service type client, after by conventional client authentication, to request frequency and the further authentication of promoter;
Targeted customer's method for authenticating: in targeted customer's authentication process, processing respectively is set at different user signing contract informations and privacy; If the targeted customer does not enable authorization function, be defaulted as the targeted customer to all consumer positioning mandates; If the targeted customer enables authorization function, the authority of consumer positioning is set according to grant column list; At the consumer positioning of having authorized,, be defaulted as the user to all consumer positioning mandates if the targeted customer does not enable blocking function; If the targeted customer enables authorization function, according to the authority of block list refusal part consumer positioning;
Multiple target user anthority identifying method:, a plurality of users are made the as a whole authentication of carrying out successively for the multiple target subscription authentication; After each subscription authentication is finished, change corresponding state over to according to authenticating result, carry out next targeted customer's authentication, finish up to all targeted customer's authentications, the Location Request authentication finishes.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNB2005100184580A CN100349495C (en) | 2005-03-25 | 2005-03-25 | Adaptive hierarchical discrimination algorithm in LCS system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNB2005100184580A CN100349495C (en) | 2005-03-25 | 2005-03-25 | Adaptive hierarchical discrimination algorithm in LCS system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN1658703A true CN1658703A (en) | 2005-08-24 |
| CN100349495C CN100349495C (en) | 2007-11-14 |
Family
ID=35007906
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CNB2005100184580A Expired - Fee Related CN100349495C (en) | 2005-03-25 | 2005-03-25 | Adaptive hierarchical discrimination algorithm in LCS system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN100349495C (en) |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101132279B (en) * | 2006-08-24 | 2011-05-11 | 华为技术有限公司 | Authentication method and authentication system |
| CN103096241A (en) * | 2011-11-02 | 2013-05-08 | 上海贝尔股份有限公司 | Method and device used for offering position information |
| CN103813264A (en) * | 2012-11-12 | 2014-05-21 | 中国电信股份有限公司 | Method and system for processing positioning request and mobile switch |
| CN108363081A (en) * | 2018-02-13 | 2018-08-03 | 山东顺国电子科技有限公司 | Location information method for visualizing, system, device and server based on GIS |
Family Cites Families (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| SE509435C2 (en) * | 1997-05-16 | 1999-01-25 | Ericsson Telefon Ab L M | Privacy protection in a telecommunications system |
| US6138003A (en) * | 1997-11-26 | 2000-10-24 | Ericsson Inc. | System and method for authorization of location services |
| WO2002017656A2 (en) * | 2000-08-22 | 2002-02-28 | Ericsson Inc | Methods, mobile user terminal and system for controlling access to mobile user terminal location information |
| JP2005506779A (en) * | 2001-10-17 | 2005-03-03 | ノキア コーポレイション | How to provide location information |
-
2005
- 2005-03-25 CN CNB2005100184580A patent/CN100349495C/en not_active Expired - Fee Related
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101132279B (en) * | 2006-08-24 | 2011-05-11 | 华为技术有限公司 | Authentication method and authentication system |
| CN103096241A (en) * | 2011-11-02 | 2013-05-08 | 上海贝尔股份有限公司 | Method and device used for offering position information |
| CN103813264A (en) * | 2012-11-12 | 2014-05-21 | 中国电信股份有限公司 | Method and system for processing positioning request and mobile switch |
| CN108363081A (en) * | 2018-02-13 | 2018-08-03 | 山东顺国电子科技有限公司 | Location information method for visualizing, system, device and server based on GIS |
Also Published As
| Publication number | Publication date |
|---|---|
| CN100349495C (en) | 2007-11-14 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109918878B (en) | Industrial Internet of things equipment identity authentication and safe interaction method based on block chain | |
| CN109511115B (en) | Authorization method and network element | |
| US9113332B2 (en) | Method and device for managing authentication of a user | |
| US20080168540A1 (en) | Systems, Methods, Media, and Means for User Level Authentication | |
| EP2375629B1 (en) | Method and apparatus for transmitting/receiving in emergency services | |
| CN100459799C (en) | Control system and control method for terminal to use network | |
| EP1713204A1 (en) | A method for managing the user equipment accessed to the network by using the generic authentication architecture | |
| JP2002508121A (en) | Method and apparatus for a communication system | |
| CN103391539A (en) | Internet protocol multimedia subsystem (IMS) account opening method, device and system | |
| CN1716961A (en) | Method of providing resources with restricted access | |
| CN1279551A (en) | Communication network and management for immigration of mobile agents | |
| CN100349495C (en) | Adaptive hierarchical discrimination algorithm in LCS system | |
| CN1672393A (en) | Mobile terminal identity protection through home location register modification | |
| EP1984952A1 (en) | Method and apparatus for authentication | |
| US20180145984A1 (en) | System and method for providing security solutions to protect enterprise critical assets | |
| US10298588B2 (en) | Secure communication system and method | |
| CN1169330C (en) | System and method for local policy enforcement for internet service providers | |
| CN102124767B (en) | A kind of method and apparatus for providing identity Confidentiality protection for user of communication terminal | |
| CN101087326A (en) | A communication terminal registration method and system | |
| CN1277366C (en) | Method of information providing end data protection | |
| CN102984118B (en) | The method of checking IP Multimedia System user identity and Automatic Configuration Server | |
| CN112491895A (en) | Identity authentication method, storage medium and system based on micro-service | |
| CN1266954C (en) | Identity and authority identifying method for information providing end | |
| CN100393166C (en) | Method and device for realizing PHS wireless network positioning service hierarchical authentication | |
| CN1178423C (en) | Method for protecting Internet supplementary service |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| C17 | Cessation of patent right | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20071114 |