CN1658703A - Adaptive hierarchical discrimination algorithm in LCS system - Google Patents

Adaptive hierarchical discrimination algorithm in LCS system Download PDF

Info

Publication number
CN1658703A
CN1658703A CN200510018458.0A CN200510018458A CN1658703A CN 1658703 A CN1658703 A CN 1658703A CN 200510018458 A CN200510018458 A CN 200510018458A CN 1658703 A CN1658703 A CN 1658703A
Authority
CN
China
Prior art keywords
client
authentication
targeted customer
rating
request
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN200510018458.0A
Other languages
Chinese (zh)
Other versions
CN100349495C (en
Inventor
明惠芳
郑亮
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Northern Fiberhome Technologies Co Ltd
Original Assignee
Beijing Northern Fiberhome Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Northern Fiberhome Technologies Co Ltd filed Critical Beijing Northern Fiberhome Technologies Co Ltd
Priority to CNB2005100184580A priority Critical patent/CN100349495C/en
Publication of CN1658703A publication Critical patent/CN1658703A/en
Application granted granted Critical
Publication of CN100349495C publication Critical patent/CN100349495C/en
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Landscapes

  • Mobile Radio Communication Systems (AREA)

Abstract

This invention relates to a auto-adapting classification rating general arithmetic in the LCS system which is mainly used in the gateway of the mobile location center (GMLC). The method is based on the classification and auto-adapting idea. In this invention, after the GMLC receives the outer LCS orientation request sent by the client, firstly classify and rate the general. According to the service type and the client type, ulteriorly rate the client request frequency and the sponsor after the groovy general rating; the client rates the object users after rating. In the progress of rating the multi-object users, after having rated every user, rate the next object user according to the rating result. The general rating will end until all the object users' general ratings have finished the orientation request. This invention makes the orientation general rating flow stratification, simplifies the process course, improves the general rating efficiency of the system, effectively insures the security of the mobile users' location information, and improves the capability of the system and the security.

Description

Adaptive hierarchical discrimination algorithm in a kind of LCS system
Technical field
What the present invention relates to is a kind of authentication arithmetic that is applied to GMLC (GMLC) equipment in the business of third generation shift position, adaptive hierarchical discrimination algorithm in a kind of specifically LCS (location-based service) system.
Background technology
The LCS system provides location service to insert and management function to outside LCS client, be responsible for the mobile subscriber is transmitted to the SGSN/MSC (VMSC) of target mobile user current service by the Location Request of outside LCS client, after the positional information that obtains network calculations, the result returned to outside LCS client.
In order to satisfy mobile subscriber's fail safe and private requirement, guarantee that positional information of mobile subscriber neither can be lost, destroy, can do not used by other undelegated third parties yet, the LCS system receives after the position requests of outside LCS client, before handling Location Request, need to verify authority and the identity of initiating requesting client earlier, after checking is passed through, the targeted customer can according to type of service and own signatory the time secret attribute determined Location Request carried out authority limit.
At present general LCS system carries out client authentication and targeted customer's authentication side by side, and different types of service adopts identical authentication process with client type, the authentication principle that then adopts username and password to be complementary for the client authentication.This method for authenticating is fairly simple, be easy to realize, but the LCS system can distribute an independently memory block (user's context) for each targeted customer in common system flow, preserve targeted customer's subscription data and the information that the localization process requirements of process is deposited.This client and targeted customer be the method for authentication simultaneously, if after authentication, set up user's context, need in the authentication process so request message is decomposed checking, client and targeted customer be after all authentication is passed through, and Location Request handled carry out a solicited message in the process of setting up user's context again and decompose to obtain solicited message and targeted customer's information; If just set up context in beginning, so under the situation of client failed authentication, recovery system resource (user's context) again in the time of the refusal client, can make like this occur on the system handles redundant, cause systematic function to descend and the wasting of resources, especially to the multiple target user positioning request.In addition, this authentication arithmetic lacks adaptive ability in the positioning service of multiple client type and type of service.At last, user cipher is easy to be stolen in the authentication principle of user's name and password coupling, can cause customer position information by illegal leakage and use, has reduced the fail safe of system.
Summary of the invention
The technical problem to be solved in the present invention is: adaptive hierarchical discrimination algorithm in a kind of LCS system is provided, algorithm is adaptive to client type, type of service, request target number of users, targeted customer's CAMEL-Subscription-Information and privacy on the basis of multilayer classifying.
The technical scheme that the present invention solves the problems of the technologies described above is: adaptive hierarchical discrimination algorithm in a kind of LCS system is characterized in that client in the one-time positioning request and targeted customer are divided into the two-stage authentication; Client authentication and targeted customer's authentication are according to the further hierarchical discrimination of client type, type of service, request target number of users, targeted customer's CAMEL-Subscription-Information and privacy;
After the LCS system receives Location Request, at first carry out the client authentication; As the client failed authentication, system directly sends refuse information, end process to client; Pass through as the client authentication, then set up context, carry out targeted customer's authentication for each client;
Client method for authenticating: at different client types, comprise value-added service type client and other types client, carry out different processing; For value-added service type client, after by conventional client authentication, to request frequency and the further authentication of promoter;
Targeted customer's method for authenticating: in targeted customer's authentication process, processing respectively is set at different user signing contract informations and privacy; If the targeted customer does not enable authorization function, be defaulted as the targeted customer to all consumer positioning mandates; If the targeted customer enables authorization function, the authority of consumer positioning is set according to grant column list; At the consumer positioning of having authorized,, be defaulted as the user to all consumer positioning mandates if the targeted customer does not enable blocking function; If the targeted customer enables authorization function, according to the authority of block list refusal part consumer positioning;
Multiple target user anthority identifying method:, a plurality of users are made the as a whole authentication of carrying out successively for the multiple target subscription authentication; After each subscription authentication is finished, change corresponding state over to according to authenticating result, carry out next targeted customer's authentication, finish up to all targeted customer's authentications, the Location Request authentication finishes.
Principle of the present invention:
The present invention carries out outside LCS client authentication and the classification of targeted customer's authentication, earlier external client is carried out authentication, and authentication comprises access rights, state and the CAMEL-Subscription-Information of client.The client authentication can be adaptive to multiple client type and multiple business type, in the value-added service authentication also with the part of flow control as the client authentication.If client failed authentication, GMLC directly replys refusal information to client, do not need to position processing, after the client authentication is passed through, system is to Location Request distributing user context, before handling request the targeted customer is carried out authentication, authentication process is adaptive to CAMEL-Subscription-Information and private be provided with of target with the user.Respectively each targeted customer is carried out authentication up and down for this algorithm combination of multiple target user, user profile is filled up to the context of targeted customer's correspondence, failure flags changed corresponding status of fail on the user of failed authentication did in context, the user of authentication success changes armed statees such as corresponding over to, positions processing.So just realized the safety of Location Request and authentication efficiently.
Description of drawings
Fig. 1 is the navigation system structure chart of the embodiment of the invention.
Fig. 2 is the adaptive hierarchical discrimination algorithm structure chart of the embodiment of the invention
Fig. 3 is the client authorizing procedure figure of the embodiment of the invention.
Fig. 4 is targeted customer's authorizing procedure figure of the embodiment of the invention.
Embodiment
Below in conjunction with accompanying drawing adaptive hierarchical discrimination algorithm of the present invention is elaborated.
Fig. 1 is the navigation system structure chart that the present invention relates to.System is made up of outside LCS client (External LCS Client) 101, mobile location centre Chinese gateway (GMLC) 102, attaching position register (HLR) 103, GPRS serving GPRS support node (SGSN) 104, mobile switching centre (MSC) 105, Le interface 106, Lh interface 107, Lg interface 108.
Send Location Request by Le interface 106 to mobile location centre Chinese gateway 102 corresponding to outside LCS client 101, what Le interface 106 carried is the mlp agreement; 102 pairs of location request message that receive of mobile location centre Chinese gateway are decomposed, at first obtain client-side information and check that whether client is the legal contracted user of this mobile location centre Chinese gateway 102, if not just refusing Location Request, otherwise just obtain corresponding subscription data and carry out authentication from mobile location centre Chinese gateway 102 databases, the client authentication by after obtain targeted customer's information, the targeted customer distributes corresponding context respectively according to being positioned, authority and privacy checking to each targeted customer, fill in context, after authentication is general, GMLC102 obtains targeted customer's routing iinformation to attaching position register 103 by Lh interface 107,107 carryings of Lh interface be the map agreement; Send Location Request by Lg interface 108 to the SGSN104/MSC of correspondence (VMSC) 105 according to routing iinformation, what Lg interface 108 carried also is the map agreement.
Outside LCS client 101 has four kinds of types of service among the present invention: value-added service type, urgency traffic type, Operator Specific Service type and legal monitoring business type.
Fig. 2 is the adaptive hierarchical discrimination algorithm structure chart.Whole Location Request authentication process 200 is mainly undertaken by client authentication 201 and 202 two processes of targeted customer's authentication classification successively, also be to adopt classification mechanism in client authentication 201 and targeted customer's authentication 202, the client authentication comprise general client-side information authentication with according to different client types and positioning service self adaptation authentication 210 two-stages.General client authentication comprises the checking to client access authority 203, client user's title and password 204 and client location authority 205 several aspects, self adaptation authentication 210 adopts different authentication principles according to type, the type of service of requesting client, comprise request frequency control 206 and promoter's authentication 207 two-stages, promoter's authentication 207 utilizes authorization list and the blocked list in the GMLC102 subscribed database to carry out the checking 208 of promoter's grant column list and promoter's block list checking 209.Any one failed authentication then stops current authentication process and returns refusal information to client and do not continue downward operation in the superincumbent authentication process.
After the success of client authentication, system distributes context for the targeted customer, carry out targeted customer's authentication, it comprises: checking call/session correlation number legitimacy 211 (if it is relevant to have call/session in the request), the whether signatory positioning service (212) of adaptive checking targeted customer and targeted customer's privacy check 215 (mainly be in the GMLC102 subscribed database, check the white box of contracted user tabulate 213 box inspection contracted user black boxs tabulation 214) in targeted customer's authentication process if the single goal user positioning request then changes corresponding state over to, refuse information is sent to external client 101, if the multiple target user positioning request changes state in the current goal user's context over to corresponding state so, proceed next targeted customer's authentication, finishing up to all targeted customer's authentications positions processing then.
Fig. 3 is the client authentication arithmetic flow chart that relates among the present invention.
Just as discussed above, client authentication process at first just when mobile location centre Chinese gateway 102 receives outside LCS client 101 Location Requests.Flow process starts from 301, step 302, resolve Location Request message IE, check whether message has the log-on message (generally comprising client id and password) of initiating the Location Request client in being, obtains client-side information.The client id that utilization is obtained in 302 steps, step 303 check whether client is the registered user of this mobile location centre Chinese, if step 304 is obtained the subscription data of this client in local GMLC database.Subscription data has coordinate system and the position shape of corresponding ID, password, type of service, request type, priority, state, effective time, trigger event, the support of client, some data, promoter grant column list and the block list etc. relevant with request frequency.Step 305 compares the password that lands in password and the CAMEL-Subscription-Information that carries in the Location Request, if authentication so inequality finishes 318, and the password unanimity, algorithm thinks that the outside LCS client of initiating Location Request has the authority of the current GMLC of visit.The location authority of checking client in step 306 and 307, outside LCS client has 3 signatory states in GMLC: the one, and contracted and still do not opened positioning service, the 2nd, signatory and opened positioning service, the 3rd, signatory still positioning service surpasses the term of validity, step 306 is checked the state of client, only allowing to be in client signatory and unlatching scope of business state positions, step 307 compares the validity of checking client request with current system time and effective time.To the generic authentication process of just having finished client here.Step 308 is obtained the signatory type of service of client, and step 309 is checked, if client is not the value-added service type, so to the authentication of just having finished client here.If the value-added service client, step 310 is according to the checking request frequency of subscription data, and step 311 checks whether the promoter of Location Request is the cellphone subscriber, if not finishing the client authentication, otherwise begins the authentication to the promoter.
The at first grant column list setting in the adaptive inspection client subscription data in step 312 of promoter's authentication, if client is not provided with grant column list or the grant column list function is not enabled, algorithm thinks that client is to all promoters' mandates, otherwise step 315 is checked client authorization user list record, the promoter is not by authorizing, enter step 317 failed authentication, pass through authentication, continuing the adaptive inspection client of step 314 block list is provided with, if block list is not set same client or the block list function is not enabled, algorithm thinks that client do not block all promoters.Enabling under the situation of blocking function, step 315 checks whether the promoter is blocked by client, client allows, authentication completes successfully the client authentication, if client refusal promoter initiates the location, algorithm just enters step 317 failed authentication, and GMLC sends refuse information to client, finishes whole positioning flow.
Fig. 4 is the targeted customer's authorizing procedure figure that relates among the present invention.
In the algorithm only after client authentication success, system begins to distribute context for each targeted customer, and the information in the localization message is filled up to (step 401) in the context, carry out targeted customer's authentication then, step 402 and step 403 sign in based on context determines that whether the location is to call out relevant or session relevant, calls out the number APN relevant with session that is correlated with if then verify respectively according to the database of system's correspondence.After checking was passed through, step 406 was obtained targeted customer's CAMEL-Subscription-Information at local data base, and subscription data has targeted customer's sign, service condition and privacy to be provided with etc.Service condition is divided into the signatory positioning service and two kinds of the positioning services of contracting, step 407, allow signatory targeted customer to pass through authentication, step 408, check that user's privacy is provided with, if privacy is masked as " refusal ", step 409 is further checked client POI value, have only the POI value when client just to allow to position for " ignoring (OVERRIDE) ", the targeted customer who is masked as " not refusing " for privacy does not need to check client POI value.Step 410 is obtained targeted customer's white box tabulation configuration information, adopt the self adaptation principle: do not think that the targeted customer allows anyone that oneself own positioned if white box listing function is enabled this algorithm, otherwise, step 411 checks that consumer positioning is whether in the allowed band of white box, not in white box tabulation, do not allow this targeted customer location, authentication process failure (414), fill in failure flags in about this targeted customer, after white box allows, step 412 inspection is obtained the tabulation of targeted customer's black box and is provided with, the same self adaptation principle that adopts: do not think that the targeted customer does not limit anyone location if the black box listing function is enabled this algorithm, otherwise, step 413 is traversal in the black box tabulation, if find this location initiator, illustrate that the targeted customer does not allow the promoter that oneself is positioned, enter step 414, failed authentication is simultaneously filled in failure flags this targeted customer in up and down, if black box allows the location initiator location, single target subscription authentication success, context changes corresponding state over to and waits for localization process, this user's authentication success (415).
Discussed above is single goal subscription authentication process, in multiple target subscription authentication process, the targeted customer is carried out authentication one by one successively, each targeted customer's authorizing procedure is identical with process discussed above, be that success or failure all will check whether be last user after targeted customer's authentication is finished in step 417, continue to take out next targeted customer's context if not algorithm, carry out authentication and all finish up to all targeted customer's authentications, whole Location Request authentication finishes.
Above the invention has been described in conjunction with example, should point out, those skilled in the art can make the change on various forms of and the details, and do not depart from by the determined the spirit and scope of the present invention of claims.

Claims (1)

1, adaptive hierarchical discrimination algorithm in a kind of LCS system is characterized in that client in the one-time positioning request and targeted customer are divided into the two-stage authentication; Client authentication and targeted customer's authentication are according to the further hierarchical discrimination of client type, type of service, request target number of users, targeted customer's CAMEL-Subscription-Information and privacy;
After the LCS system receives Location Request, at first carry out the client authentication; As the client failed authentication, system directly sends refuse information, end process to client; Pass through as the client authentication, then set up context, carry out targeted customer's authentication for each client;
Client method for authenticating: at different client types, comprise value-added service type client and other types client, carry out different processing; For value-added service type client, after by conventional client authentication, to request frequency and the further authentication of promoter;
Targeted customer's method for authenticating: in targeted customer's authentication process, processing respectively is set at different user signing contract informations and privacy; If the targeted customer does not enable authorization function, be defaulted as the targeted customer to all consumer positioning mandates; If the targeted customer enables authorization function, the authority of consumer positioning is set according to grant column list; At the consumer positioning of having authorized,, be defaulted as the user to all consumer positioning mandates if the targeted customer does not enable blocking function; If the targeted customer enables authorization function, according to the authority of block list refusal part consumer positioning;
Multiple target user anthority identifying method:, a plurality of users are made the as a whole authentication of carrying out successively for the multiple target subscription authentication; After each subscription authentication is finished, change corresponding state over to according to authenticating result, carry out next targeted customer's authentication, finish up to all targeted customer's authentications, the Location Request authentication finishes.
CNB2005100184580A 2005-03-25 2005-03-25 Adaptive hierarchical discrimination algorithm in LCS system Expired - Fee Related CN100349495C (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CNB2005100184580A CN100349495C (en) 2005-03-25 2005-03-25 Adaptive hierarchical discrimination algorithm in LCS system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CNB2005100184580A CN100349495C (en) 2005-03-25 2005-03-25 Adaptive hierarchical discrimination algorithm in LCS system

Publications (2)

Publication Number Publication Date
CN1658703A true CN1658703A (en) 2005-08-24
CN100349495C CN100349495C (en) 2007-11-14

Family

ID=35007906

Family Applications (1)

Application Number Title Priority Date Filing Date
CNB2005100184580A Expired - Fee Related CN100349495C (en) 2005-03-25 2005-03-25 Adaptive hierarchical discrimination algorithm in LCS system

Country Status (1)

Country Link
CN (1) CN100349495C (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101132279B (en) * 2006-08-24 2011-05-11 华为技术有限公司 Authentication method and authentication system
CN103096241A (en) * 2011-11-02 2013-05-08 上海贝尔股份有限公司 Method and device used for offering position information
CN103813264A (en) * 2012-11-12 2014-05-21 中国电信股份有限公司 Method and system for processing positioning request and mobile switch
CN108363081A (en) * 2018-02-13 2018-08-03 山东顺国电子科技有限公司 Location information method for visualizing, system, device and server based on GIS

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
SE509435C2 (en) * 1997-05-16 1999-01-25 Ericsson Telefon Ab L M Privacy protection in a telecommunications system
US6138003A (en) * 1997-11-26 2000-10-24 Ericsson Inc. System and method for authorization of location services
AU2001285069A1 (en) * 2000-08-22 2002-03-04 Ericsson Inc. Methods, mobile user terminals, and systems for controlling access to mobile user terminal location information
EP1437027B1 (en) * 2001-10-17 2010-04-14 Nokia Corporation Method for the provision of location information

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101132279B (en) * 2006-08-24 2011-05-11 华为技术有限公司 Authentication method and authentication system
CN103096241A (en) * 2011-11-02 2013-05-08 上海贝尔股份有限公司 Method and device used for offering position information
CN103813264A (en) * 2012-11-12 2014-05-21 中国电信股份有限公司 Method and system for processing positioning request and mobile switch
CN108363081A (en) * 2018-02-13 2018-08-03 山东顺国电子科技有限公司 Location information method for visualizing, system, device and server based on GIS

Also Published As

Publication number Publication date
CN100349495C (en) 2007-11-14

Similar Documents

Publication Publication Date Title
CN109918878B (en) Industrial Internet of things equipment identity authentication and safe interaction method based on block chain
CN109511115B (en) Authorization method and network element
US8250634B2 (en) Systems, methods, media, and means for user level authentication
US9113332B2 (en) Method and device for managing authentication of a user
EP2375629B1 (en) Method and apparatus for transmitting/receiving in emergency services
CN100459799C (en) Control system and control method for terminal to use network
EP1713204A1 (en) A method for managing the user equipment accessed to the network by using the generic authentication architecture
CN1716961A (en) Method of providing resources with restricted access
CN103391539A (en) Internet protocol multimedia subsystem (IMS) account opening method, device and system
CN100349495C (en) Adaptive hierarchical discrimination algorithm in LCS system
CN113992406A (en) Authority access control method for alliance chain cross-chain
US20180145984A1 (en) System and method for providing security solutions to protect enterprise critical assets
US10298588B2 (en) Secure communication system and method
CN1169330C (en) System and method for local policy enforcement for internet service providers
CN101087326B (en) A communication terminal registration method and system
CN1277366C (en) Method of information providing end data protection
CN102984118B (en) The method of checking IP Multimedia System user identity and Automatic Configuration Server
CN112491895A (en) Identity authentication method, storage medium and system based on micro-service
CN1266954C (en) Identity and authority identifying method for information providing end
CN103036858B (en) System, implementation method, ACF and the PAG of user Internet access
CN100393166C (en) Method and device for realizing PHS wireless network positioning service hierarchical authentication
CN1178423C (en) Method for protecting Internet supplementary service
CN105635098B (en) The register method and system of IMS network
CN104052753A (en) Authentication method and device
CN100337451C (en) Authentication for wireless package domain lateral activation

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant
C17 Cessation of patent right
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20071114