CN1933650A - CDMA2000 unified authentication platform service access method and system - Google Patents
CDMA2000 unified authentication platform service access method and system Download PDFInfo
- Publication number
- CN1933650A CN1933650A CNA2005100999609A CN200510099960A CN1933650A CN 1933650 A CN1933650 A CN 1933650A CN A2005100999609 A CNA2005100999609 A CN A2005100999609A CN 200510099960 A CN200510099960 A CN 200510099960A CN 1933650 A CN1933650 A CN 1933650A
- Authority
- CN
- China
- Prior art keywords
- authentication
- service
- message
- parameter
- terminal
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Landscapes
- Telephonic Communication Services (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
A service access method of CDMA 2000 unified right certification platform includes sending service right certification request message to service right certification center when service access request or right certification query response from terminal is received by service controller, carrying out right certification on data service of user request according to user identification symbol and right certification parameter after said message is received by said center and sending right certification result to service controller, sending service access reception or service access refusal message to terminal by said controller according to received right certification result.
Description
Technical field
The present invention relates to the data core net (DCN of CDMA 2000 (hereinafter to be referred as cdma2000) mobile communications network, the mechanism of the service level authentication of Data Core Network) data being served, particularly CDMA2000 unifies authentication platform service access method and system.
Background technology
In actual applications, the cdma2000 of CHINAUNICOM commercial network has different service controllers to different business.Its function comprises the professional audit of internal appearance provider (CP), reaches the standard grade, customized information, user are quit the subscription of information, and authentication is chargeed etc.Existing cdma2000 data core network service authentication network structure please refer to Fig. 1.
The data core net of the cdma2000 of CHINAUNICOM commercial network is finished by the corresponding business controller user's service level authentication, lacks a unified authentication platform, and CHINAUNICOM has begun to consider to build unified authentication platform.
Existing service level authentication is a kind of mandate based on pattern register basically.Be user submits user sign and optional password, after the success of system verification user identity, from database, extract this attribute of user file, obtain user's Service Privileges.The main purpose of its service level authentication is to charge.
Fig. 3 shows existing cdma2000 and unifies service authentication message flow (no authentication challenge process):
1. when the user presses service request of certain special keys activation on terminal, terminal will send the service access request message to the corresponding business controller.Message parameter comprises: user identifier (UserID), authentication parameter (Auth Parameter).Authentication parameter may comprise a plurality of parameters, and its concrete data structure is determined by type of service.
2. service controller carries out authentication according to user identifier and authentication parameter.After the authentication success, from database, take out this attribute of user file.
3. service controller sends service access to terminal and accepts message.Message parameter comprises: the service access parameter.The service access parameter may comprise a plurality of parameters, and its concrete data structure is determined by type of service.
4. terminal and service controller are proceeded Signalling exchange.
Fig. 4 shows existing cdma2000 and unifies service authentication message flow (the authentication challenge process is arranged):
1. when the user presses service request of certain special keys activation on terminal, terminal will send the service access request message to the corresponding business controller.Message parameter comprises: user identifier (UserID), authentication parameter (Auth Parameter).Authentication parameter may comprise a plurality of parameters, and its concrete data structure is determined by type of service.
2. service controller sends authentication challenge message (Chap Challenge) to terminal.Message parameter comprises: address inquires to random parameter (Random), this is the random number that service controller produces.
3. terminal sends challenge response message (Chap Response) to service controller.Message parameter comprises: user identifier, authentication calculations result (Authenticator).Authentication calculations result is that terminal is calculated according to addressing inquires to random parameter.
4. service controller is addressed inquires to random parameter and authentication calculations result and is carried out authentication according to user identifier.The authentication success, and from database, take out this attribute of user file.
5. service controller sends service access to terminal and accepts message.Message parameter comprises: the service access parameter.The service access parameter may comprise a plurality of parameters, and its concrete data structure is determined by type of service.
6. terminal and service controller are proceeded Signalling exchange.
Under prior art, the cdma2000 core net can not be carried out centralized control to user's service level authentication.If increase, revise or delete a user, need carry out Data Update at different service controllers, make user management become very complicated, increased system manager's workload, strengthened the O﹠M cost of operator.Huge day by day when network, when the user was increasing, this shortcoming was more outstanding.
Summary of the invention
For addressing the above problem, the purpose of this invention is to provide a kind of unified authentication platform service access method and system, a service authentication center is set in cdma2000 data core net, the service level authentication that all are professional is integrated into the service authentication center and finishes.Like this, network side just can be controlled all users' service level authentication uniformly.
For achieving the above object, a kind of CDMA2000 unifies authentication platform service access method and system, comprises step:
A) when service controller receives the service access request of self terminal or authentication challenge response, send authentication request message to the service authentication center;
B) after the service authentication center receives the authentication request message of service controller, authentication is carried out in the data service of user applies according to user identifier and authentication parameter; And to service controller transmission authenticating result;
C) service controller sends service access to terminal and accepts or the service access refuse information according to the response of service authentication center to authentication request message.
The present invention has provided at the service authentication center and has finished the service level authentication mechanism, has solved different data services and must finish the problem of service level authentication at different service controllers, thereby strengthened the control of network side for user data service.Reach the cost that has reduced operator, strengthened the purpose of operator the management of data service-user.
Description of drawings
Fig. 1 is existing cdma2000 data core network service authentication network structure;
Fig. 2 is the network structure that cdma2000 data core net is unified the service authentication scheme;
Fig. 3 is present cdma2000 service authentication message flow---a no authentication challenge process;
Fig. 4 is present cdma2000 service authentication message flow---the authentication challenge process is arranged;
Fig. 5 is that cdma2000 unifies the service authentication message flow---no authentication challenge process, authentication success;
Fig. 6 is that cdma2000 unifies the service authentication message flow---no authentication challenge process, failed authentication;
Fig. 7 is that cdma2000 unifies the service authentication message flow---no authentication challenge process, and Tauth is overtime for the Authentication Response waiting timer;
Fig. 8 is that cdma2000 unifies the service authentication message flow---the authentication challenge process is arranged, the authentication success;
Fig. 9 is that cdma2000 unifies the service authentication message flow---the authentication challenge process is arranged, failed authentication;
Figure 10 is that cdma2000 unifies the service authentication message flow---the authentication challenge process is arranged, and Tauth is overtime for the Authentication Response waiting timer.
Embodiment
The present invention mainly comprises three parts: cdma2000 data core-network side Added Business AUC entity, service controller carry out function to be improved, and increases interface in service controller and the service authentication in the heart.
For the service level that realizes data service is unified authentication, need increase the service authentication central entity in cdma2000 data core net.The function at service authentication center is to be responsible for the service level authentication and the mandate of all data services of user.
Existing cdma2000 core net network configuration as shown in Figure 1.
Network configuration as shown in Figure 2 behind the cdma2000 core-network side Added Business AUC entity.
Service controller function in original cdma2000 network is to be responsible for functions such as user management, call setup, charging, authentication.In new departure, all service controllers are peeled off out with authentication functions, concentrate to be placed on the realization of service authentication center.
Unify authentication for the service level that realizes data service, service controller also need increase following function newly:
1. the authorizing procedure before revising is to meet the new authorizing procedure behind the Added Business AUC entity;
2. excessive when the load at service authentication center, cause in the time of can not in time responding authentication request message, can refuse the service access request of terminal, stop signaling process, data call failure this time.
1. defining interface between service controller and service authentication center to be used to transmit the authentication message of user data service, comprising: authentication request message, authentication success message and failed authentication message.
2. at service controller definition Authentication Response waiting timer, with after being used for service controller and sending authentication request message, the response of latency services AUC.
For realizing the unified authentication scheme of cdma2000 data service, each network element of cdma2000 mobile communications network and terminal need be followed the message conveying flow of following A1--A6:
A1:cdma2000 unifies the service authentication message flow---no authentication challenge process, authentication success (with reference to figure 5)
1. when the user presses service request of certain special keys activation on terminal, terminal will send the service access request message to the corresponding business controller.Message parameter comprises: user identifier (UserID), authentication parameter (Auth Parameter).Authentication parameter may comprise a plurality of parameters, and its concrete data structure is determined by type of service.
2. service controller sends authentication request message to the service authentication center, and starts Authentication Response waiting timer T
AuthMessage parameter comprises: user identifier (UserID), type of service, authentication parameter (Auth Parameter).Wherein user identifier and authentication parameter come the business request information that self terminal sends.
3. authentication is carried out according to user identifier and authentication parameter in the service authentication center.The authentication success, and from database, take out this attribute of user file.
4. after the authentication success, the mind-set service controller sends the authentication success message in the service authentication.Message parameter comprises: user attribute file.The authority that comprises the user in the property file about this data service.Service controller is at timer T
AuthReceive the authentication success message before overtime, and stop timer T
Auth
5. service controller sends service access to terminal and accepts message.Message parameter comprises: the service access parameter.The service access parameter may comprise a plurality of parameters, and its concrete data structure is determined by type of service.
6. terminal and service controller are proceeded Signalling exchange.
A2:cdma2000 unifies the service authentication message flow---no authentication challenge process, failed authentication (with reference to figure 6)
1. when the user presses service request of certain special keys activation on terminal, terminal will send the service access request message to the corresponding business controller.Message parameter comprises: user identifier (UserID), authentication parameter (Auth Parameter).Authentication parameter may comprise a plurality of parameters, and its concrete data structure is determined by type of service.
2. service controller sends authentication request message to the service authentication center, and starts Authentication Response waiting timer T
AuthMessage parameter comprises: user identifier (UserID), type of service, authentication parameter (Auth Parameter).Wherein user identifier and authentication parameter come the business request information that self terminal sends.
3. authentication, failed authentication are carried out according to user identifier and authentication parameter in the service authentication center.
4. behind the failed authentication, the mind-set service controller sends failed authentication message in the service authentication.Message parameter comprises: the failed authentication reason.Service controller is at timer T
AuthReceive failed authentication message before overtime, and stop timer T
Auth
5. service controller sends the service access refuse information to terminal.Message parameter comprises: failed authentication reason, the failed authentication message that this parameter sends from mind-set service controller in the service authentication.
A3:cdma2000 unifies the service authentication message flow---no authentication challenge process, timer T
AuthOvertime (with reference to figure 7)
1. when the user presses service request of certain special keys activation on terminal, terminal will send the service access request message to the corresponding business controller.Message parameter comprises: user identifier (UserID), authentication parameter (Auth Parameter).Authentication parameter may comprise a plurality of parameters, and its concrete data structure is determined by type of service.
2. service controller sends authentication request message to the service authentication center, and starts Authentication Response waiting timer T
AuthMessage parameter comprises: user identifier (UserID), type of service, authentication parameter (Auth Parameter).Wherein user identifier and authentication parameter come the business request information that self terminal sends.
3. service controller is not received authentication success or the failed authentication message that the service authentication center sends, and timer T
AuthOvertime.
4. service controller sends the service access refuse information to terminal.Message parameter comprises: the failed authentication reason, and former because server busy.
A4:cdma2000 unifies the service authentication message flow---the authentication challenge process is arranged, authentication success (with reference to figure 8)
1. when the user presses service request of certain special keys activation on terminal, terminal will send the service access request message to the corresponding business controller.Message parameter comprises: user identifier (UserID), authentication parameter (Auth Parameter).Authentication parameter may comprise a plurality of parameters, and its concrete data structure is determined by type of service.
2. service controller sends authentication challenge message (Chap Challenge) to terminal.Message parameter comprises: address inquires to random parameter (Random), this is the random number that service controller produces.
3. terminal sends challenge response message (Chap Response) to service controller.Message parameter comprises: user identifier, authentication calculations result.Authentication calculations result is that terminal is calculated according to addressing inquires to random parameter.
4. service controller sends authentication request message to the service authentication center, and starts Authentication Response waiting timer T
AuthMessage parameter comprises: user identifier (UserID), address inquires to random parameter (Random), authentication calculations result (Authenticator).In the parameter, user identifier (UserID), the challenge response message that authentication calculations result all comes self terminal to send; Address inquires to the authentication challenge message that random parameter (Random) sends to terminal from service controller.
5. the service authentication center is addressed inquires to random parameter and authentication calculations result and is carried out authentication according to user identifier.The authentication success, and from database, take out this attribute of user file.
6. after the authentication success, the mind-set service controller sends the authentication success message in the service authentication.Message parameter comprises: user attribute file.The authority that comprises the user in the property file about this data service.Service controller is at timer T
AuthReceive the authentication success message before overtime, and stop timer T
Auth
7. service controller sends service access to terminal and accepts message.Message parameter comprises: the service access parameter.The service access parameter may comprise a plurality of parameters, and its concrete data structure is determined by type of service.
8. terminal and service controller are proceeded Signalling exchange.
A5:cdma2000 unifies the service authentication message flow---the authentication challenge process is arranged, failed authentication (with reference to figure 9)
1. when the user presses service request of certain special keys activation on terminal, terminal will send the service access request message to the corresponding business controller.Message parameter comprises: user identifier (UserID), authentication parameter (Auth Parameter).Authentication parameter may comprise a plurality of parameters, and its concrete data structure is determined by type of service.
2. service controller sends authentication challenge message (Chap Challenge) to terminal.Message parameter comprises: address inquires to random parameter (Random), this is the random number that service controller produces.
3. terminal sends challenge response message (Chap Response) to service controller.Message parameter comprises: user identifier, authentication calculations result.Authentication calculations result is that terminal is calculated according to addressing inquires to random parameter.
4. service controller sends authentication request message to the service authentication center, and starts Authentication Response waiting timer T
AuthMessage parameter comprises: user identifier (UserID), address inquires to random parameter (Random), authentication calculations result.In the parameter, user identifier (UserID), the challenge response message that authentication calculations result all comes self terminal to send; Address inquires to the authentication challenge message that random parameter (Random) sends to terminal from service controller.
5. the service authentication center is addressed inquires to random parameter and authentication calculations result and is carried out authentication, failed authentication according to user identifier.
6. behind the failed authentication, the mind-set service controller sends failed authentication message in the service authentication.Message parameter comprises: the failed authentication reason.Service controller is at timer T
AuthReceive failed authentication message before overtime, and stop timer T
Auth
7. service controller sends the service access refuse information to terminal.Message parameter comprises: failed authentication reason, the failed authentication message that this parameter sends from mind-set service controller in the service authentication.
A6:cdma2000 unifies the service authentication message flow---the authentication challenge process is arranged, timer T
AuthOvertime (with reference to Figure 10)
1. when the user presses service request of certain special keys activation on terminal, terminal will send the service access request message to the corresponding business controller.Message parameter comprises: user identifier (UserID), authentication parameter (Auth Parameter).Authentication parameter may comprise a plurality of parameters, and its concrete data structure is determined by type of service.
2. service controller sends authentication challenge message (Chap Challenge) to terminal.Message parameter comprises: address inquires to random parameter (Random), this is the random number that service controller produces.
3. terminal sends challenge response message (Chap Response) to service controller.Message parameter comprises: user identifier, authentication calculations result.Authentication calculations result is that terminal is calculated according to addressing inquires to random parameter.
4. service controller sends authentication request message to the service authentication center, and starts Authentication Response waiting timer T
AuthMessage parameter comprises: user identifier (UserID), address inquires to random parameter (Random), authentication calculations result.In the parameter, user identifier (UserID), the challenge response message that authentication calculations result all comes self terminal to send; Address inquires to the authentication challenge message that random parameter (Random) sends to terminal from service controller.
5. service controller is not received authentication success or the failed authentication message that the service authentication center sends, and timer T
AuthOvertime.
6. service controller sends the service access refuse information to terminal.Message parameter comprises: the failed authentication reason, and former because server busy.
Claims (14)
1. a CDMA2000 unifies authentication platform service access method and system, comprises step:
(a) when service controller receives the service access request of self terminal or authentication challenge response, send authentication request message to the service authentication center;
(b) after the service authentication center receives the authentication request message of service controller, authentication is carried out in the data service of user applies according to user identifier and authentication parameter; And to service controller transmission authenticating result;
(c) service controller sends service access to terminal and accepts or the service access refuse information according to the response of service authentication center to authentication request message.
2. method according to claim 1 is characterized in that at service controller starting the Authentication Response waiting timer, the response of latency services AUC when the service authentication center sends authentication request message.
3. method according to claim 1 is characterized in that at service controller comprising data service type, user identifier and authentication parameter in this message when the service authentication center sends authentication request message.
4. method according to claim 3 is characterized in that described user identifier and authentication parameter come the service access request of self terminal, and the data service type is produced by service controller.
5. method according to claim 1 is characterized in that receiving the authentication challenge of self terminal when service controller responds the back when the service authentication center sends authentication request message, and the authentication parameter in this message comprises authentication calculations result and challenge nonce.
6. method according to claim 5 is characterized in that described authentication calculations result comes the authentication challenge response of self terminal, and challenge nonce is produced by service controller.
7. according to the method for claim 2, it is characterized in that then sending service access and receiving message to terminal if service controller is received the authentication success message that the service authentication center sends before the Authentication Response waiting timer is overtime.
8. method according to claim 2 is characterized in that then sending the service access refuse information to terminal if service controller is received the failed authentication message that the service authentication center sends before the Authentication Response waiting timer is overtime.
9. method according to claim 8 is characterized in that described service access refuse information comprises the failed authentication reason.
10. method according to claim 2 is characterized in that should sending the service access refuse information to terminal if service controller is not received authentication success or the failed authentication message that the service authentication center sends before the Authentication Response waiting timer is overtime.
11. method according to claim 10.It is characterized in that described service access refuse information comprises: the failed authentication reason.
12., it is characterized in that if service controller receives the authentication success or failed authentication message that the service authentication center sends before the Authentication Response waiting timer is overtime after, close the Authentication Response waiting timer according to claim 7 or 8 described methods.
13. a CDMA unifies the authentication platform service access system, comprises base station, packet data exchanged center, it is characterized in that also comprising:
Business and the authentication and the mandate of all data services of user are responsible in the service authentication center;
Service controller is responsible for functions such as user management, call setup, charging;
The interface that connects between service authentication center and service controller is used to transmit the authentication message of user data service.
14. system according to claim 13 is characterized in that being used for the response of latency services AUC at described service controller definition Authentication Response waiting timer.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNA2005100999609A CN1933650A (en) | 2005-09-12 | 2005-09-12 | CDMA2000 unified authentication platform service access method and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNA2005100999609A CN1933650A (en) | 2005-09-12 | 2005-09-12 | CDMA2000 unified authentication platform service access method and system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN1933650A true CN1933650A (en) | 2007-03-21 |
Family
ID=37879217
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CNA2005100999609A Pending CN1933650A (en) | 2005-09-12 | 2005-09-12 | CDMA2000 unified authentication platform service access method and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN1933650A (en) |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101296196B (en) * | 2008-06-13 | 2012-12-12 | 腾讯科技(深圳)有限公司 | Authentication method and authentication device |
| WO2014029367A1 (en) * | 2012-08-24 | 2014-02-27 | 中兴通讯股份有限公司 | Dynamic configuration method, device and system |
| CN104917730A (en) * | 2014-03-12 | 2015-09-16 | 腾讯科技(深圳)有限公司 | Authentication method, system and authentication server |
| CN107113173A (en) * | 2014-11-17 | 2017-08-29 | 三星电子株式会社 | The method and apparatus that service is provided for the identifier based on user equipment |
| CN107172057A (en) * | 2017-06-01 | 2017-09-15 | 浙江数链科技有限公司 | Authentication implementing method and device |
-
2005
- 2005-09-12 CN CNA2005100999609A patent/CN1933650A/en active Pending
Cited By (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101296196B (en) * | 2008-06-13 | 2012-12-12 | 腾讯科技(深圳)有限公司 | Authentication method and authentication device |
| WO2014029367A1 (en) * | 2012-08-24 | 2014-02-27 | 中兴通讯股份有限公司 | Dynamic configuration method, device and system |
| CN104917730A (en) * | 2014-03-12 | 2015-09-16 | 腾讯科技(深圳)有限公司 | Authentication method, system and authentication server |
| CN104917730B (en) * | 2014-03-12 | 2019-04-26 | 腾讯科技(深圳)有限公司 | A kind of method for authenticating and system, authentication server |
| CN107113173A (en) * | 2014-11-17 | 2017-08-29 | 三星电子株式会社 | The method and apparatus that service is provided for the identifier based on user equipment |
| US10862684B2 (en) | 2014-11-17 | 2020-12-08 | Samsung Electronics Co., Ltd. | Method and apparatus for providing service on basis of identifier of user equipment |
| CN107172057A (en) * | 2017-06-01 | 2017-09-15 | 浙江数链科技有限公司 | Authentication implementing method and device |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN1213567C (en) | Concentrated network equipment managing method | |
| CN1315268C (en) | Method for authenticating users | |
| CN101069382A (en) | Apparatus and method for integrated billing management by real-time session management in wire/wireless integrated service network | |
| CN101064872A (en) | Group calling authentication method for cluster system | |
| CN1933650A (en) | CDMA2000 unified authentication platform service access method and system | |
| CN101039312A (en) | Method and apparatus for preventing service function entity of general authentication framework from attack | |
| CN1658636A (en) | Immediate voice communication method for implementing interactive of 3G network and internet | |
| CN1929482A (en) | Network business identification method and device | |
| CN1885770A (en) | Authentication method | |
| CN1905734A (en) | Method and system for object base station to obtain KI | |
| CN1848980A (en) | Method for determining voice right distributing mode and group communication system | |
| CN1968090A (en) | Method and system for obtaining user terminal authentication information by data service center | |
| CN1863111A (en) | Correlation method. system and apparatus of user relative information in network attached sub-system | |
| CN1561027A (en) | Integral service discrimination interface and integral service implementing method | |
| CN1722870A (en) | A method for identifying different cluster groups | |
| CN1885768A (en) | Worldwide web authentication method | |
| CN1848977A (en) | Method for insertion point obtaining insertion gateway address in mobile communication network | |
| CN1859200A (en) | Method, system and terminal for synchronously marking language terminal equipment of terminal management | |
| CN1859120A (en) | System and method for realizing service | |
| CN1274169C (en) | Method for limiting illegal mobile telephone | |
| CN1282354C (en) | Method of providing services for distance special terminal and relative equipment | |
| CN1750568A (en) | Data service control system and control network and service control method | |
| CN1812620A (en) | Method for realizing right discriminating to network by terminal in CDMA network | |
| CN1949889A (en) | Method and apparatus for implementing call service | |
| CN1661960A (en) | Authentication method of separation between device and card by using CAVE as access authentication algorithm and equipment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C02 | Deemed withdrawal of patent application after publication (patent law 2001) | ||
| WD01 | Invention patent application deemed withdrawn after publication |