KR20010064140A - Association Establishment Scheme and Method for Number Portability - Google Patents

Abstract

PURPOSE: An association establishment structure of service management systems and a method thereof for number portability are provided to exchange information without disclosure of the information to the exterior. CONSTITUTION: The master service management system(MSMS)(10) provides data required for the number portability(NP) capability supply among carriers to the local service management system(LSMS)(11). The LSMS(11) executes the function of transmission and management for routing information and global title translation(GTT) information and the like. The service control system(13) establishes the NP database and GTT database. The subscriber administration system(SAS)(12) takes over and processes the NP and termination of the service from the subscribers.

Description

Association establishment scheme between service management system for number portability and its method {Association Establishment Scheme and Method for Number Portability}

The present invention provides effective and enhanced protection mechanisms for exchanging information exchanged between the central number management system operating in different domains and the operator management system at the operator level without exposing the information to the outside. The present invention relates to a method for establishing an association between service management systems for number portability.

Recently, the development of communication technology and the development of new networks have provided new communication capabilities to users, such as ISDN networks, intelligent networks, and mobile communication networks. The development of this network capability provides a new level of service to users, and it will be used more widely in the future, so that the overall activities of the society will be carried out using the communication network, and in recent years, a competitive phenomenon of new local telephone operators has occurred. .

However, the main reason why competition is not activated despite the trend of transition to a multi-carrier environment is that service users do not subscribe to a new service provider by sticking to an existing service provider.

In other words, despite the wider choice of general service subscribers as the multi-telecom carrier environment has accelerated, the biggest obstacle to service subscribers from changing from existing subscribed service providers to desired new service providers is that Change of phone number.

The change in telephone numbers avoided by service subscribers is a major cause for the fair competition in the telecommunications market to be activated as service subscribers freely change their operators, thereby preventing them from actually benefiting from service subscribers.

Therefore, if only the factor of the change of the telephone number is removed, service subscribers can select a carrier that provides their preferred service, so the number portability becomes a new challenge.

The phone number portability refers to a network capability that allows a service provider or a service location or type of service to be changed without changing the existing phone number. When moving, the problem that needs to be decided is that subscriber-related information requested by existing telephone service providers and new operators through MSMS (Master Service Management System), that is, network routing information, subscriber data information, and mobility number block ( Information such as Portable Number Block).

Accordingly, the subscriber information requesting the movement is downloaded by the central number management system to the service control point (SCP) via the local service management system (LSMS) of the new service provider.

When this process is completed, the telephone subscriber can use the existing telephone number without changing the telephone number even if the local telephone service provider is changed.

However, in the competing local telephone operator environment, the central number management system (Master SMS) and the operator service management system (Local SMS) have important subscriber information necessary for call processing. It is essential to have a method that allows only authorized persons to access by blocking access restrictions, but there is no proposal of prior art to fundamentally solve this problem.

In addition, as communication equipments are connected to the network worldwide and the interconnection through the network is explosively increasing, network-based breaches are intensifying and attack methods are becoming more intelligent. At this point, if information security lacks safety for the purpose of simply exchanging information or sharing resources, the damage caused by illegal users and the resulting loss of resources will become more severe as the dependence on the communication network increases.

Therefore, the need for a network security device that can protect network information and resources from them and ensure the safety of communication services is emphasized. Security is now an important requirement in the design and manufacture of almost all communication systems. In this respect, providing number portability services based on intelligent networks is no exception.

In particular, in a multi-entity environment, important information such as profile of a service subscriber or location information related to personal identity is transmitted through a plurality of interworking channels. Therefore, in situations where security mechanisms or user authentication capabilities are not sufficiently taken into account, the possibility of information leakage or alteration, whether intentional or accidental, increases during the information delivery or authentication process.

There is an urgent need to establish a linkage between service management systems for number portability, which enables effective interchange of information exchanged during the establishment of linkages between management systems so that information can be exchanged without exposing the information to the outside. It is a required situation.

An object of the present invention for solving the above problems is to effectively and more efficiently exchange information exchanged during the establishment of the linkage between the central number management system, which is a central number management system operating in different domains, and the operator management system of the operator unit. It is to provide a method of establishing a linkage between service management systems for number portability that enables the exchange of information without exposing it to the outside by applying an enhanced protection mechanism.

1 is a structure diagram of number portability service management to which the present invention is applied;

2 is a CMIPUserInfo structure and a LnpAccessControl data structure;

3 is a hash code generation process and encryption of transmission data M;

4 is an encryption process for transmission data M using a session key;

5 is an authentication process in a master number management system (Master SMS).

In order to achieve the above object, a feature of a linkage configuration structure between service management systems for number portability according to the present invention is to perform a role of distributing or collectively adjusting the shared information required for the number portability service in each network. A central number management system for providing data necessary for providing number portability capability between operators; By downloading the subscriber data, routing data, Global Title Translation (GTT) data, etc. required for number movement provided by the central number management system, NP (Number Portability) application function and NP GTT (Number Portability Generalization) are downloaded. A service provider management system that performs a function of transmitting and managing data such as routing information and GTT (general name translation) information as a specific system for processing a name translation) function; After receiving the line-related data and non-line-related message routing information required for the number portability call processing from the operator management system, the NP DB (number portability database) and GTT DB (general name translation database) are constructed and then transferred to the number. A service control system that handles routing of call routing and non-line related messages in the network; And a subscriber management system for receiving and processing a number shift and termination request from a subscriber; The association setting request (AARQ-PDU) unit for establishing a number association has a user information parameter. The user information parameter includes a CMIPUserInfo data structure, which is a common management information protocol (CMIP) user information. There is access control field inside, and this field is composed of number portability access control structure, and the number portability access control structure is composed of 4 items such as system unique number, system type, CMIP departure time and signature. The association setting request (AARQ-PDU) unit is exchanged between the central number management system and the operator management system, thereby disallowing the establishment of the association.

A feature of the present invention for achieving the above object is that the association setting request (AARQ-PDU) unit for number association setting has a user information parameter, the user information parameter is CMIP (Common Management Information Protocol) user information There is CMIPUserInfo data structure, and there is access control field inside, and this field is composed of number portability access control structure, and the number portability access control structure is total number of system unique number, system type, CMIP departure time, signature, etc. In the connection setting method between the service management system for the number portability that is not authorized to establish the association while exchanging the association setting request (AARQ-PDU) unit between the central number management system and the operator management system comprising four items, The AARQ-PDU unit is connected to the operator management system. After St. generate hash code and a first process and a password transmission data for transmitting to the central control system and the number; A second step of re-encrypting the transmission data encrypted with the first step using a session key; And a third process of receiving transmission data according to an AARQ-PDU unit re-encrypted through the second process from the central number management system to determine whether to authenticate.

As an additional feature of the present invention for achieving the above object, the first process is to generate the association establishment request (AARQ-PDU) unit, which is a association establishment request message in the operator management system, and thereafter, the number portability access control structure therein. A first step of defining system unique number, system type, and CMIP departure time information among the data as transmission data; A second step of generating data defined as transmission data through the first step as a hash code using an MD5 hash function; A third step of encrypting the hash code generated through the second step with the public key algorithm RSA using KRlsms, the private key of the operator management system, and adding the result to the message; And digital signature information in a signature item of the number portability access control structure data in the AARQ-PDU unit having an MD5 hash code and information encoding the system unique number, system type, and CMIP departure time. It includes four steps.

As another additional feature of the present invention for achieving the above object, the second process generates a random number to be used as a session key in the operator management system and then uses a symmetric encryption algorithm IDEA (International Data Encryption Algorithm) Encrypting the transmission message with Ks; A second step of re-encrypting the session key with KUmsms, which is a public key of the central number management system, to prevent the exposure of the session key Ks and adding it to the transmission message; And a third step in which the information encrypted through the second step is carried in a signature field of the number portability access control structure and transmitted to the central number management system.

In another aspect of the present invention for achieving the above object, the third process includes receiving a private key of a received message when the central number management system receives an association establishment request (AARQ-PDU) from the operator management system. Detecting the session key Ks by decrypting with KRmsms; Decrypt the message using the session key Ks detected through the first step. The hash code encrypted with KRlsms, the secret key of the operator management system, is decrypted with the public key KUlsms of the operator management system, and a new hash for the message. Generating a code and comparing the decoded hash code value with each other; And a third step of authenticating association setting between service management systems for number portability if the two values match.

The above objects and various advantages of the present invention will become more apparent from the preferred embodiments of the invention described below with reference to the accompanying drawings by those skilled in the art.

First, briefly look at the industrial use field applied in the present invention.

Typically, a method of managing number portability (hereinafter referred to as NP) data includes a domain-oriented management method, a centralized management system at a national level, and a number block management method.

The domain-oriented management method manages NP data by country area code or the same currency zone. The database is divided and distributed by domain.

In this structure, the inter-network interfaces are more complicated. Since the centralized management method at the national level is a method of initiating disagreement coordination or number management policies by independent organizations coordinating various carriers, the present invention adopts a domain-oriented management method in consideration of the domestic communication environment. have.

In this centralized management structure, international standardization recommendations for number portability data management or contributions related to Service Management System (SMS), a service management system for number portability, have not been submitted yet, and there is no mention of standardization. have.

Therefore, the method proposed in the present invention is a service provider service management system operated by each operator in an environment in which a subscriber moves a number from an existing provider to a new provider in a centralized management method at the national level (the LSMS 11). : Association establishment method based on cryptographic system to reinforce security weakness when establishing linkage between Local SMS) and Central Number Management System (MSMS).

Hereinafter, exemplary embodiments of the present invention will be described with reference to the accompanying drawings.

1 illustrates a service management structure for providing number portability service. The description of each system constituting the service management structure is as follows.

The MSMS (Master Service Management System) 10 is a system for providing data required for providing number portability capability between operators to a local service management system (LSMS) 11, and the MSMS 10 is provided in the entire network. It distributes or collectively adjusts the shared information required for the number porting service to the LSMS 11 of each service provider.

In particular, it plays a role of mediation to accept routing information necessary for service provision and subscriber information of all service providers to maintain integrity and synchronization of these information.

In addition, the LSMS 11 downloads subscriber data, routing data, global title translation (GTT) data, etc. necessary for number movement from the MSMS 10, and has a number portability (NP) application function; Function to transmit and manage data such as routing information and GTT (general name translation) information to a service control system (hereinafter referred to as SCP) 13 that processes NP GTT (number portability global title translation) function. To perform.

The SCP 13 receives the line-related data and the non-line-related message routing information necessary for the number portability call processing from the LSMS 11 to construct the NP DB and the GTT DB, and then calls routing to the ported number. Handles routing of non-line related messages.

At this time, the subscriber administration system (hereinafter referred to as SAS) 12 is a subscription management system that receives and processes a number shift and termination request from a subscriber.

If using a two-step routing scheme, a transaction may occur with the LSMS 11 to provide location mobility within the same area code. In this case, the SAS 12 requests a change in the network routing information of the subscriber moved to the LSMS 11 to change its own network information of the LSMS 11 to complete the call to the new destination exchange.

The SCP 13 has a transaction function with a service switching point (hereinafter referred to as an SSP) and an NP DB necessary for providing number portability capability. When the SCP 13 receives an inquiry from the SSP, it is included in this query. The network routing number corresponding to the called party's address is searched and the corresponding SSP is answered to proceed the call.

In addition, the SCP (13) is building a GTT DB necessary for processing the non-line related NP GTT function. The SCP 13 receives a non-line related message from a Signaling Transfer Point (hereinafter referred to as STP), retrieves a signal point code corresponding to a destination address of the message, and sends it to the corresponding signal point. Perform the function of rerouting.

Thus, the technical spirit of the present invention and the basic operating state to which the present invention has been briefly described.

Hereinafter, FIG. 2 shows a configuration of an association setting request protocol data unit, which is represented by an abbreviation A-ASSOCIATE Request-Protocol Data Unit (AARQ-PDU).

The AARQ-PDU, referred to by reference number 20, has a user information parameter referred to by reference number 21, which contains a CMIPUserInfo (22) data structure that is a Common Management Information Protocol (CMIP) user information. There is.

The CMIPUserInfo 22, which is the CMIP user information, has an access control field 23, and this field is composed of an Lnp access control (number portability access control) 24 structure.

The Lnp access control 24 structure is composed of four items including a system unique number (systemId), a system type (systemType), a CMIP departure time (cmipDepartureTime), a signature, and an abstract syntax notation. One, hereinafter referred to as ASN.1).

Detailed description of each item will be described again in the description of FIG.

The Lnp access control 24 is used as access control information for securing a secured interface when the MSMS 10 and the LSMS 11 establish mutual connection.

In the linkage establishment procedure between the LSMS 11 and the MSMS 10, first, data of the same structure as the AARQ-PDU 20, which is a linkage establishment request message, is generated by the LSMS 11 and the MSMS 10 is generated. This is how you send it.

3 is a diagram illustrating a process of encrypting data in the Lnp access control 24 to send the MSMS 10 to the MSMS 10.

The system identification number (systemId), system type (systemType), and CMIP departure time (cmipDepartureTime) information excluding a signature item among the data in the Lnp access control 24 are referred to as M 25 and a message M 25. Each item of is defined as follows.

First, a system unique number (systemId) is defined as having an unique ID in the number portability network as an identifier for identifying the LSMS (11).

In addition, the system type (systemType) is defined as having only one value of the LSMS (11) or MSMS (10).

Finally, the CMIP Departure Time (cmipDepartureTime) is defined as representing the time at which the message was transmitted in the LSMS 11 or the MSMS 10.

Therefore, in order to ensure data integrity and non-repudiation, the clocks of the LSMS 11 and the MSMS 10 must be synchronized in advance and only valid if they arrive within 5 minutes.

In the Lnp access control 24 structure, a signature item includes digital signature information that encrypts an MD5 hash code, the system unique number (systemId), the system type (systemType), and the CMIP departure time (cmipDepartureTime). .

First, it is assumed that KUlsms and KUmsms, which are the public keys of the LSMS 11 and the MSMS 10, are distributed in advance through a number porting service management network.

At this time, the message M (25) consisting of the system unique number (systemId), system type (systemType), CMIP Departure Time (cmipDepartureTime) items are generated as a hash code 26 using the MD5 hash function.

This hash code is again encrypted with the public key algorithm RSA using KRlsms 27, which is the secret key of the LSMS 11, and added to the message M 25 (28). Therefore, when the LSMS 11 encrypts the hash code with its private key KRlsms 27, this means that the LSMS 11 provides a digital signature. (The process of FIG. 3 is denoted as Procedure 1).

4 shows a process of encrypting with a session key and a secret key of the MSMS 10 to protect the hash code 26 and the message M 25 generated by the LSMS 11.

In this procedure, the LSMS 11 generates a random number to be used as a session key, and then uses the symmetric encryption algorithm IDEA (International Data Encryption Algorithm) to send message M 33 to Ks 29, which is a one-time session key. Encrypt it.

In order to prevent the exposure of the session key Ks 29, the session key 29 is encrypted 32 again with KUmsms 30, which is the public key of the MSMS 10, and added to the message M 33. The information encrypted through this process is transmitted in the signature field of the Lnp access control 24 data structure and transmitted to the MSMS 10 (the entire process of FIG. 4 is denoted as Procedure 2).

Thereafter, the processes performed in FIGS. 3 and 4, that is, the contents described in Procedures 1 and 2, are performed by the LSMS 11. Through the above-described process, once the encryption is completed, the LSMS 11 transmits the AARQ-PDU 20 to the MSMS 10 and then operates a timer to activate the association setting response message AARE- within a specified time (Tunable Time). If the A-Associate Response-Protocol Data Unit (PDU) 20 is not received from the MSMS 10, the LSMS 11 assumes that the association establishment has failed and terminates.

The operation of the LSMS 11 has been described above. Hereinafter, the MSMS 10 receiving the AARQ-PDU (A-Associate Request-Protocol Data Unit) 20 is received with reference to FIG. 5. Let's look at the process of verifying a piece of data.

When the MSMS 10 receives the association establishment request (AARQ-PDU) from the LSMS 11, the MSMS 10 starts to verify the received message, first to KRmsms 34, its own private key. Decrypt and detect session key Ks.

The message M is decrypted using the session key Ks detected through the process (35), and the hash code H (M) encrypted with the KRlsms (11), the secret key of the LSMS (36), is stored in the LSMS ( And decrypted with the public key KUlsms (37). The MSMS 10 generates a new hash code 38 for message M and compares it with the decrypted hash code H (M) value.

If the two values match, the received message proves that the contents are not tampered with during transmission, so it is authenticated with valid data and sends an AARE-PDU message to the LSMS 11 in response. At this time, the MSMS 10 checks each item of the Lnp access control 24 data, that is, a system unique number (systemId), a system type (systemType), and a CMIP departure time (cmipDepartureTime). The system unique number (systemId), the system type (systemType) is searched to verify whether the LSMS 11 currently registered in the MSMS 10, and in the case of CMIP Departure Time (cmipDepartureTime) check whether the message arrived within 5 minutes Go through the procedure.

If the decrypted hash codes H (M) do not coincide with each other, the MSMS 10 sends the message to the LSMS 11 with an A-ABORT message indicating that the access is prohibited. When the LSMS 11 receives the AARE-PDU message in response, the linkage establishment procedure between the MSMS and the LSMS 11 is completed and management information exchange between the two systems is started.

While the invention has been shown and described in connection with specific embodiments thereof, it will be appreciated that various modifications and changes can be made without departing from the spirit and scope of the invention as indicated by the claims. Anyone who owns it can easily find out.

By providing a method for establishing a linkage between service management systems for number portability according to the present invention operating as described above, the information exchanged during the establishment of linkage between management systems is effectively applied by applying a stronger protection mechanism. There is an effect that can be exchanged without exposing to the outside.

Claims (5)

A central number management system for providing data necessary for providing number portability capability among service providers in order to distribute or collectively adjust shared information required for a number porting service in each network; By downloading the subscriber data, routing data, Global Title Translation (GTT) data, etc. necessary for number movement provided by the central number management system, routing information, GTT to a specific system that processes NP (Number Portability) application function and NP GTT function A provider management system that performs a function of transmitting and managing data such as information; After receiving the line related data and non-line related message routing information necessary for the number portability call processing from the service provider management system, constructing the NP DB and GTT DB, routing the call to the ported number and routing of the non-line related message A service control system for processing; And It consists of a subscriber management system that receives and processes the number transfer and termination request from the subscriber, The association setting request (AARQ-PDU) unit for establishing a number association has a user information parameter. The user information parameter includes a CMIPUserInfo data structure that is user information of a Common Management Information Protocol (CMIP) management protocol. There is an access control field, and this field is composed of number portability access control structure, and the number portability access control structure is composed of 4 items such as system unique number, system type, CMIP departure time and signature. An association setting structure between service management systems for number portability, characterized in that the association setting is disallowed while exchanging an association setting request (AARQ-PDU) unit between the number management system and the operator management system. The association setting request (AARQ-PDU) unit for establishing a number association has a user information parameter, and the user information parameter has a CMIPUserInfo data structure that is CMIP (Common Management Information Protocol) user information, and an access control field therein. This field is composed of the number portability access control structure, and the number portability access control structure is composed of 4 items such as system unique number, system type, CMIP departure time, and signature. In the method of establishing a linkage between a service management system for portability that does not permit linkage setting while exchanging an association setting request (AARQ-PDU) unit between a service provider and a service management system, Generating a hash code after encrypting the AARQ-PDU unit in the operator management system and encrypting transmission data for transmission to the central number management system; A second step of re-encrypting the transmission data encrypted in the first step by using a session key; And And a third process of receiving transmission data according to an AARQ-PDU unit re-encrypted through the second process from the central number management system to determine whether to authenticate the number. How to establish linkage between service management systems. The method of claim 2, The first process is to generate the association setting request (AARQ-PDU) unit, which is an association establishment request message in the operator management system, and then the system unique number, system type, and CMIP departure time information among the number portability access control structure data therein. Defining a as transmission data; A second step of generating data defined as transmission data through the first step into a hash code using an MD5 hash function; A third step of encrypting the hash code generated through the second step with the public key algorithm RSA using KRlsms, the private key of the operator management system, and adding the result to the message; And A fourth digital signature information in a signature item of the number portability access control structure data in the association setting request (AARQ-PDU) unit having an MD5 hash code and information encoding the system unique number, system type, and CMIP departure time; Method for establishing an association between service management systems for number portability, characterized in that it comprises a step. The method of claim 2, The second process includes generating a random number to be used as a session key in the operator management system and encrypting a transmission message with a one-time session key, Ks, using a symmetric encryption algorithm, IDEA (International Data Encryption Algorithm); A second step of re-encrypting the session key with KUmsms which is a public key of the central number management system to prevent the exposure of the session key Ks and adding it to the transmission message; And And a third step in which the information encrypted through the second step is transmitted to the central number management system in a signature field of the number portability access control structure. . The method according to any one of claims 2 to 4, The third step is a first step of detecting the session key Ks by decrypting the received message with its own private key, KRmsms, upon receiving the AARQ-PDU from the operator management system in the central number management system. ; Decrypt the message using the session key Ks detected through the first step. The hash code encrypted with KRlsms, the secret key of the operator management system, is decrypted with the public key KUlsms of the operator management system, and a new hash for the message. A second step of generating a code and comparing the decoded hash code value with each other; And And a third step of authenticating association setting between service management systems for number portability if the two values coincide with each other.