CN1780459A - Method and device for realizing PHS wireless network positioning service hierarchical authentication - Google Patents
Method and device for realizing PHS wireless network positioning service hierarchical authentication Download PDFInfo
- Publication number
- CN1780459A CN1780459A CN200410009825.6A CN200410009825A CN1780459A CN 1780459 A CN1780459 A CN 1780459A CN 200410009825 A CN200410009825 A CN 200410009825A CN 1780459 A CN1780459 A CN 1780459A
- Authority
- CN
- China
- Prior art keywords
- authentication
- positioning service
- address
- type
- positioning
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Landscapes
- Mobile Radio Communication Systems (AREA)
Abstract
Based on existing location service authentication standard, two authentication ways, the IP address connection authentication and location service type authentication, are added into it to improve the security level of location service in PHS wireless network. The invention can secure the location system in four aspects of access to system, identifying user, marking type and privately authorizing.
Description
Technical field
The present invention relates to a kind of implementation of wireless communication network system positioning service authentication, relate in particular to the implementation of PHS wireless network positioning business authentication.
Background technology
The location-based service business is along with the development in mobile communication technology and market becomes the focus of new business gradually, and the PHS radio local telephone network helps carrying out, promoting the wireless network location technology more and is basic location-based service value-added service owing to adopt the microcellulor technology.
Wireless network location system relates to many entities in concrete the application, as service provider SP, positioning service administrative center LSMC, location gateway GLC, GIS-Geographic Information System GIS etc.During concrete the application; be responsible for commencing business by SP service provider; and be connected the open network environment that may be present in Internet between SP and the location-based service administrative center LSMC; under such environment; if self is not protected; be unsafe, diverse network is attacked, virus will constitute serious threat to the stable operation of equipment.Therefore, in order to guarantee normally carrying out of location-based service business, safety seems particularly important, and authentication provides a kind of powerful measure of safety assurance.
In order to help the development of PHS network site business, make things convenient in the business of PHS network site interconnected between each network element device and make things convenient for business function to provide, China Telecom has worked out the interface specification of each network element device in the PHS wireless network location service in succession.But only introduced the authentication mode that user identity identification, privacy of user are controlled two aspects at the positioning service authentication in the interface specification.Under present network environment, existing authentication mode is to guaranteeing that there is potential safety hazard in normally carrying out of positioning service.
Through retrieval, do not find the document and the patent of PHS wireless network positioning business authentication correlation technique at present as yet.
Summary of the invention
The purpose of this invention is to provide a kind of method and device of realizing the multistage authentication of positioning service,, and can promote the safety of positioning service to carry out with the fail safe of raising PHS wireless network positioning business.
In order to reach purpose of the present invention, the present invention not only comprises identification authentication, privacy of user authentication, but also comprises that the IP address connects authentication and/or positioning service type authentication.Described IP address connects authentication and is meant that the IP address to inserting authenticates, and judges that it is whether in allowing the address realm that inserts; Described positioning service type authentication is meant that the positioning service type judged in the Location Request is whether in the scope of business that allows.
According to said method of the present invention, comprise the steps:
The first step: service provider SP is initiated Location Request to positioning service administrative center LSMC, comprises the identity ID of SP and password in the Location Request and has caller, called party information;
Second step: LSMC obtains the IP address of SP;
The 3rd step: LSMC inserts the IP address and authenticates, if the 4th step was then continued in the IP address in allowing the address realm that inserts, otherwise changes step 8;
The 4th step: the SP identification, identity ID and the password of comparison SP, if compare OK then continued for the 5th step, otherwise step 8;
The 5th step: the positioning service type relatively compares the positioning service type in the Location Request, if type of service allows, then continues step 6, otherwise step 8;
The 6th step: privacy of user control is authorized, and judges the calling subscriber who initiates Location Request whether within the scope of subscriber authorisation that is positioned, if, step 7 then, otherwise step 8;
The 7th step: authentication is passed through;
The 8th step: failed authentication.
According to said method of the present invention, in described step 2, adopt TCP/IP to be connected between service provider SP and the positioning service administrative center LSMC, LSMC obtains SP from the SOCKET connection of the request of SP IP address.
According to said method of the present invention, in described step 3, after positioning service administrative center LSMC gets access to the IP address of service provider SP, judge at first whether this IP address is refusing within the IP address list scope that connects, if belong to the IP address that refusal connects, then authentification failure disconnects connection, directly changes step 8; If do not belong to the IP address that refusal connects, then whether continuation inspection belongs to the IP address that permission connects, if do not belong to the IP address range that allows connection, then failed authentication directly changes step 8; If belong to the scope that allows connection, then access authentication success continues step 4, can erect protection at the TCP/IP articulamentum like this, stops the access of illegal IP address.
According to said method of the present invention, in described step 5, the expenses standard that different positioning service types is corresponding different.
According to said method of the present invention, in described step 5, when type of service is divided into a plurality of subservice type, at first compare the positioning service type in the Location Request, if type of service allows, more sub-again positioning service type is to allow as fruit positioning service type, then continue step 6, otherwise step 8.
According to said method of the present invention, in described step 6, the own setting of user can be directly need not the Familiarity Number of password to oneself location, and the number beyond the Familiarity Number is located own, then needs to provide own preset password; According to the caller that has in the positioning service request message, called party information, be that oneself locatees oneself if system is judged, then authentication is directly passed through; Otherwise check at first whether calling number belongs to the user's that is positioned Familiarity Number, if belong to Familiarity Number, then do not need the verification password, authentication is passed through; If do not belong to Familiarity Number, then continue the location password that brings in the verification Location Request, if the location password is correct, then enter step 7, authentication is passed through, otherwise enters step 8, failed authentication.
The present invention also provides a kind of device of realizing the multistage authentication of positioning service, it comprises the interface of SP of Connection Service provider and positioning service administrative center LSMC, in this interface, comprise identification authentication module, privacy of user authentication module, it is characterized in that, comprise also that in this interface the IP address connects authentication module and/or positioning service type authentication module, wherein said IP address connects authentication module and is used for the IP address of inserting is authenticated, and judges that it is whether in allowing the address realm that inserts; Described positioning service type authentication module is used for judging that the positioning service type of Location Request is whether in the scope of business that allows.
According to said apparatus of the present invention, also comprise sub-positioning service type authentication module in the described positioning service type authentication module, be used for when the positioning service type comprises a plurality of subservice type, judge that the subservice type is whether in the subservice scope that allows.
According to said apparatus of the present invention, also comprise accounting module in the described positioning service type authentication module, be used for different positioning service types is taked different Freight Basis.
The present invention connects authentication, two kinds of authentication means of positioning service type authentication by having increased the IP address on the normative foundation of formulating at oneself, thereby strengthens the fail safe of PHS wireless network positioning business widely.This is a reason: on the one hand, because the Internet network is based on ICP/IP protocol, and also be to adopt TCP/IP to connect between each equipment of positioning service, the IP address of each equipment is fixed, therefore can pass through to limit the mode that allows limited IP address to insert, prevent that the IP of malice from connecting attack.On the other hand, positioning service is according to concrete application scenario, can be subdivided into many types of service, as inquire about transport information, the inquiry landmark information, location triggered service, inquire about other people position etc., operator is when commencing business, can be configured combination to concrete positioning service type and user, i.e. user's positioning service of allowing to carry out can be disposed, and the user can only enjoy the service that has been configured.
The present invention can provide safeguard to the safety of navigation system from connection access, identification, type identification, four aspects of privacy mandate preferably by adopting the multistage method for authenticating of this positioning service.Simultaneously, in concrete application scenario, can formulate authentication policy flexibly, reduce relevant authorizing procedure.Compared with prior art, need not increase new investment, as long as improve software, just can achieve the goal, carrying out for the location-based service service security provides strong assurance.
Description of drawings
Fig. 1 is that the present invention realizes the multistage method for authenticating realization flow of positioning service figure;
Fig. 2 is the structured flowchart that the present invention realizes the most preferred embodiment of the multistage authentication device of positioning service.
Embodiment
The present invention is described in further detail below in conjunction with accompanying drawing.
Fig. 1 is the multistage authentication realization flow of positioning service figure, and treatment step is as follows:
The first step: SP initiates Location Request.SP is as content supplier, and for the user provides concrete service, SP initiates Location Request to LSMC positioning service administrative center.
Second step: the IP address that obtains SP.Adopt TCP/IP to be connected between SP and the LSMC, LSMC can be easy to get access to the IP address of SP from SOCKET (socket) connection of request.
The 3rd step: IP address access authentication.After LSMC gets access to the IP address, judge at first whether is refusing within the IP address list scope that connects this IP address, if belong to the IP address that refusal connects, then authentification failure disconnects connection, directly changes step 8.If do not belong to the IP address that refusal connects, then whether continuation inspection belongs to the IP address that permission connects, if do not belong to the IP address range that allows connection, then failed authentication directly changes step 8.If belong to the scope that allows connection, then access authentication success continues step 4, can erect protection at the TCP/IP articulamentum like this, stops the access of illegal IP address.
The 4th step: SP identification.In the SP location request initiating, can be with sign ID and the password code of going up SP, system differentiates the identity of SP according to ID and password code, allocate legal ID and password to SP in advance if meet operator, then SP identification success continues step 5, otherwise the commentaries on classics step 8, failed authentication.
The 5th step: the positioning service type relatively.After the SP authentication is passed through, position the authentication of type of service, the Location Request each time that SP initiates should all belong to a certain positioning service type, and SP can obtain to carry out the qualification of one or more types of service, and this is distributed by operator.Operator can formulate different charging policy according to different types of service when giving the SP open service, type of service can also be divided the subservice type, so this step can continue to expand to subservice type authentication.Allow the business of carrying out if this positioning service type belongs to this SP, then the type of service authentication is passed through, and continues step 6, otherwise changes step 8, failed authentication.
The 6th step: privacy of user control is authorized.Whom each user can oneself set can directly locate and need not password (belonging to Familiarity Number) to oneself, if other people locate themselves, just need provide own preset password.In the positioning service request message, all can be with caller (initiator), called (side of being positioned) information, be that oneself locatees oneself if system is judged, then authentication is directly passed through.Otherwise check at first whether calling number belongs to the user's that is positioned Familiarity Number, if belong to Familiarity Number, then do not need the verification password, authentication is passed through.If do not belong to Familiarity Number, then continue the location password brought up in the verification Location Request, if the location password is correct, then walk step 7, authentication is passed through, otherwise step 8, failed authentication.
The 7th step: authentication is passed through.Flow process has arrived this step, illustrates that this positioning service is legal.
The 8th step: failed authentication.Illustrate that positioning service request authentication can not pass through, can return to SP to the authentication error reason by this step.
Fig. 2 is the structured flowchart that the present invention realizes the most preferred embodiment of the multistage authentication device of positioning service.The SP of Connection Service provider comprises that with the interface of positioning service administrative center LSMC the IP address is connected authentication module, identification authentication module, positioning service type authentication module, privacy of user authentication module.When SP when LSMC initiates Location Request, connect authentication module through described IP address, the IP address of inserting is authenticated, judge it whether in allowing the address realm that inserts, when in its address realm that is allowing to insert, then authentication is passed through; Next, through described identification authentication module, differentiate the identity of the SP that inserts according to the sign ID of SP and password code, when the identity of SP met operator and allocates in advance to the legal ID of SP and password, authentication was passed through; Next, through described positioning service type authentication module, judge positioning service type in the Location Request whether in the scope of business that allows, when belonging to the scope of business of permission, authentication is passed through; Next, through described privacy of user authentication module, judge whether calling number belongs to the user's that is positioned Familiarity Number, and, judge whether its password that provides is correct for the calling subscriber who does not belong in the Familiarity Number scope, if belong to Familiarity Number, then do not need the verification password, authentication is passed through.If do not belong to Familiarity Number, then continue the location password brought up in the verification Location Request, if the location password is correct, then authentication is passed through.And the Location Request of working as SP is not passed through in above-mentioned any one module, then all can failed authentication.By the authentication of above-mentioned four modules, improved the safety guarantee of navigation system widely.
In addition, in said apparatus, can also comprise sub-positioning service type authentication module in the described positioning service type authentication module, be used for when the positioning service type comprises a plurality of subservice type, judge that the subservice type is whether in the subservice scope that allows.Also comprise accounting module in the described positioning service type authentication module, be used for different positioning service types is taked different Freight Basis.
Foregoing only is an optimum implementation of the present invention, and it is not to be used for limiting the specific embodiment of the present invention, and all modification and changes of carrying out according to the main inventive concept of this method all should belong to the desired protection range of claims of the present invention.
Claims (10)
1, a kind of method that realizes the multistage authentication of PHS wireless network positioning business, comprise identification authentication, privacy of user authentication, it is characterized in that, comprise that also the IP address connects authentication and/or positioning service type authentication, described IP address connects authentication and is meant that the IP address to inserting authenticates, and judges that it is whether in allowing the address realm that inserts; Described positioning service type authentication is meant that the positioning service type judged in the Location Request is whether in the scope of business that allows.
2, according to the method for the multistage authentication of realization positioning service of claim 1, it is characterized in that, further comprise the steps:
The first step: the service provider initiates Location Request to positioning service administrative center, comprises service provider's identity and password in the Location Request and has caller, called party information;
Second step: positioning service administrative center obtains service provider's IP address;
The 3rd step: positioning service administrative center inserts the IP address and authenticates, if the 4th step was then continued in the IP address in allowing the address realm that inserts, otherwise changes step 8;
The 4th step: service provider identity is discerned, and compares service provider's identity and password, if compare OK then continued for the 5th step, otherwise step 8;
The 5th step: the positioning service type relatively compares the positioning service type in the Location Request, if type of service allows, then continues step 6, otherwise step 8;
The 6th step: privacy of user control is authorized, and judges the calling subscriber who initiates Location Request whether within the scope of subscriber authorisation that is positioned, if, step 7 then, otherwise step 8;
The 7th step: authentication is passed through;
The 8th step: failed authentication.
3, the method for the multistage authentication of realization positioning service according to claim 2 is characterized in that,
In described step 2, adopt TCP/IP to be connected between service provider and positioning service administrative center, positioning service administrative center obtains the service provider from the socket connection of service provider's request IP address.
4, the method for the multistage authentication of realization positioning service according to claim 2 is characterized in that,
In described step 3, after positioning service administrative center LSMC gets access to service provider's IP address, judge at first whether this IP address is refusing within the IP address list scope that connects, if belong to the IP address that refusal connects, then authentification failure disconnects connection, directly changes step 8; If do not belong to the IP address that refusal connects, then whether continuation inspection belongs to the IP address that permission connects, if do not belong to the IP address range that allows connection, then failed authentication directly changes step 8; If belong to the scope that allows connection, then access authentication success continues step 4, can erect protection at the TCP/IP articulamentum like this, stops the access of illegal IP address.
5, the method for the multistage authentication of realization positioning service according to claim 2 is characterized in that, in described step 5, and the expenses standard that different positioning service types is corresponding different.
6, the method for the multistage authentication of realization positioning service according to claim 2 is characterized in that,
In described step 5, when type of service is divided into a plurality of subservice type, the positioning service type in the Location Request at first relatively, if type of service allows, more sub-again positioning service type is to allow as fruit positioning service type, then continue step 6, otherwise step 8.
7, the method for the multistage authentication of realization positioning service according to claim 2 is characterized in that,
In described step 6, the own setting of user can be directly need not the Familiarity Number of password to oneself location, and the number beyond the Familiarity Number is located own, then needs to provide own preset password; According to the caller that has in the positioning service request message, called party information, be that oneself locatees oneself if system is judged, then authentication is directly passed through; Otherwise check at first whether calling number belongs to the user's that is positioned Familiarity Number, if belong to Familiarity Number, then do not need the verification password, authentication is passed through; If do not belong to Familiarity Number, then continue the location password that brings in the verification Location Request, if the location password is correct, then enter step 7, authentication is passed through, otherwise enters step 8, failed authentication.
8, a kind of device of realizing the multistage authentication of positioning service, the interface that comprises Connection Service provider and positioning service administrative center, in this interface, comprise identification authentication module, privacy of user authentication module, it is characterized in that, comprise also that in this interface the IP address connects authentication module and/or positioning service type authentication module, wherein said IP address connects authentication module and is used for the IP address of inserting is authenticated, and judges that it is whether in allowing the address realm that inserts; Described positioning service type authentication module is used for judging that the positioning service type of Location Request is whether in the scope of business that allows.
9, the device of the multistage authentication of positioning service according to claim 8, it is characterized in that, also comprise sub-positioning service type authentication module in the described positioning service type authentication module, be used for when the positioning service type comprises a plurality of subservice type, judge that the subservice type is whether in the subservice scope that allows.
10, the device of the multistage authentication of positioning service according to claim 8 is characterized in that, also comprises accounting module in the described positioning service type authentication module, is used for different positioning service types is taked different Freight Basis.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNB2004100098256A CN100393166C (en) | 2004-11-19 | 2004-11-19 | Method and device for realizing PHS wireless network positioning service hierarchical authentication |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNB2004100098256A CN100393166C (en) | 2004-11-19 | 2004-11-19 | Method and device for realizing PHS wireless network positioning service hierarchical authentication |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN1780459A true CN1780459A (en) | 2006-05-31 |
| CN100393166C CN100393166C (en) | 2008-06-04 |
Family
ID=36770532
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CNB2004100098256A Expired - Fee Related CN100393166C (en) | 2004-11-19 | 2004-11-19 | Method and device for realizing PHS wireless network positioning service hierarchical authentication |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN100393166C (en) |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2009024060A1 (en) * | 2007-08-17 | 2009-02-26 | Huawei Technologies Co., Ltd. | An access control method, network devices and system of private service access point |
| CN101437196B (en) * | 2007-11-13 | 2011-11-09 | 朗讯科技公司 | Position service information transmission of mobile packet mode |
| CN101325583B (en) * | 2007-06-15 | 2012-08-08 | 华为技术有限公司 | Method for registering gateway address and mobility management entity |
| CN103546489A (en) * | 2013-11-05 | 2014-01-29 | 腾讯科技(武汉)有限公司 | Method, server and system for authority control |
Family Cites Families (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20030061480A1 (en) * | 2001-09-14 | 2003-03-27 | Franck Le | Method of authenticating IP paging requests as security mechanism, device and system therefor |
| US20040162992A1 (en) * | 2003-02-19 | 2004-08-19 | Sami Vikash Krishna | Internet privacy protection device |
| US7421732B2 (en) * | 2003-05-05 | 2008-09-02 | Nokia Corporation | System, apparatus, and method for providing generic internet protocol authentication |
-
2004
- 2004-11-19 CN CNB2004100098256A patent/CN100393166C/en not_active Expired - Fee Related
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101325583B (en) * | 2007-06-15 | 2012-08-08 | 华为技术有限公司 | Method for registering gateway address and mobility management entity |
| WO2009024060A1 (en) * | 2007-08-17 | 2009-02-26 | Huawei Technologies Co., Ltd. | An access control method, network devices and system of private service access point |
| CN101437196B (en) * | 2007-11-13 | 2011-11-09 | 朗讯科技公司 | Position service information transmission of mobile packet mode |
| CN103546489A (en) * | 2013-11-05 | 2014-01-29 | 腾讯科技(武汉)有限公司 | Method, server and system for authority control |
Also Published As
| Publication number | Publication date |
|---|---|
| CN100393166C (en) | 2008-06-04 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US7519986B2 (en) | Method and apparatus for network security using a router based authentication system | |
| CN114039750B (en) | Implementation method for protecting SDP controller | |
| CN1149504C (en) | Method of authorization in data communication systems | |
| CN101632282B (en) | Blacklisting of unlicensed mobile access (UMA) users via AAA policy database | |
| US20110138462A1 (en) | System and method for detecting voip toll fraud attack for internet telephone | |
| CN110830447A (en) | SPA single packet authorization method and device | |
| CN104202338A (en) | Secure access method applicable to enterprise-level mobile applications | |
| CN1874595A (en) | Control system and control method for terminal to use network | |
| CN105681259A (en) | Open authorization method and apparatus and open platform | |
| CN1694570A (en) | Method for setting safety channel between mobile user and application server | |
| CN1268150C (en) | Method for establishing connection between terminal and operating mobile radio network, mobile radio network and terminal used in such method | |
| CN1279551A (en) | Communication network and management for immigration of mobile agents | |
| CN1780459A (en) | Method and device for realizing PHS wireless network positioning service hierarchical authentication | |
| CN101079695A (en) | A network security verification system and its method | |
| CN103621125A (en) | Systems and methods of integrating openid with a telecommunications network | |
| CN100349495C (en) | Adaptive hierarchical discrimination algorithm in LCS system | |
| JP4273113B2 (en) | Wireless LAN device authentication method and system, and wireless LAN device authentication program | |
| CN1124766C (en) | System and method for preventing replay attacks in wireless communication | |
| CN101039324A (en) | Method, system and apparatus for defending network virus | |
| CN101087326B (en) | A communication terminal registration method and system | |
| CN114760082A (en) | Access control method and device | |
| CN1929375A (en) | On-line identification method and system | |
| CN101006699B (en) | System and method for a secure log-on to a communications system comprising network connection and connection handling computers | |
| CN113407947A (en) | Trusted connection verification method for mobile terminal user in cloud environment | |
| CN1688124A (en) | Wireless network access controlling method based on port technique and authorization protocol |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| ASS | Succession or assignment of patent right |
Owner name: JINJIANG HIGH-TECH DEVELOPMENT OFFICE Free format text: FORMER OWNER: ZTE CORPORATION Effective date: 20131107 |
|
| C41 | Transfer of patent application or patent right or utility model | ||
| COR | Change of bibliographic data |
Free format text: CORRECT: ADDRESS; FROM: 518057 SHENZHEN, GUANGDONG PROVINCE TO: 362200 QUANZHOU, FUJIAN PROVINCE |
|
| TR01 | Transfer of patent right |
Effective date of registration: 20131107 Address after: Jinjiang City, Fujian province 362200 Chongde road Quanzhou City No. 283 friends Jade Technology Building Patentee after: Jinjiang high and new technology development office Address before: 518057 Nanshan District, Guangdong high tech Industrial Park, science and Technology Industrial Park, ZTE building, block A, layer 6, layer Patentee before: ZTE Corporation |
|
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20080604 Termination date: 20161119 |
|
| CF01 | Termination of patent right due to non-payment of annual fee |