WO2006116908A1 - A method and interface apparatus for authentication and charging - Google Patents

A method and interface apparatus for authentication and charging Download PDF

Info

Publication number
WO2006116908A1
WO2006116908A1 PCT/CN2006/000753 CN2006000753W WO2006116908A1 WO 2006116908 A1 WO2006116908 A1 WO 2006116908A1 CN 2006000753 W CN2006000753 W CN 2006000753W WO 2006116908 A1 WO2006116908 A1 WO 2006116908A1
Authority
WO
WIPO (PCT)
Prior art keywords
user
external
message
module
local system
Prior art date
Application number
PCT/CN2006/000753
Other languages
French (fr)
Chinese (zh)
Inventor
Haitao Pan
Original Assignee
Huawei Technologies Co., Ltd.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Huawei Technologies Co., Ltd. filed Critical Huawei Technologies Co., Ltd.
Publication of WO2006116908A1 publication Critical patent/WO2006116908A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/02Details
    • H04L12/14Charging, metering or billing arrangements for data wireline or wireless communications
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities

Definitions

  • the present invention relates to the field of network communication technologies, and in particular to a method and apparatus for authentication and charging. Background technique
  • the user accessing the AAA is limited to the users developed by the carrier; , and can only use the business launched by this operator.
  • AAA Authent icat ions Authorization
  • external users also want to use the AAA system provided by the carrier to access services or consume the content services provided by the carrier.
  • the user information of the external users is not in the carrier system. The registration makes it unable to access and consume these content services, thus limiting the resource sharing of access or services, which is not conducive to mutual cooperation and resource sharing among operators.
  • the prior art solution is to synchronize user data between operators, that is, if the user of the B operator can access the A-operator's AAA system or consume content services, the user needs to When the B operator opens an account, the user data is also placed in the AAA system of the operator A, and the AAA system of the operator A is also notified at the same time when the user data is modified in the B operator AAA system.
  • the B operator opens an account
  • the user data is also placed in the AAA system of the operator A
  • the AAA system of the operator A is also notified at the same time when the user data is modified in the B operator AAA system.
  • the main purpose of the present invention is to provide a method and an interface device for authenticating and charging, so that sharing user data in a local carrier system enables user resources to be shared and accessed between different operators. Sharing and sharing of content business resources.
  • the present invention provides a method for authentication and charging, including the steps of:
  • the external user sends an access request or a content service request to the local system
  • the local system authenticates the external user according to a correspondence between the preset user and the home operator.
  • the local system accesses the local system through the authenticated external user or provides content service to the external system, and charges the external user.
  • the local system When the external user is a prepaid user, after the authentication is passed, the local system further sends a fee reservation charging message to apply for a fee reservation to the home operator user data system, and allows the user to access the local system only when the reservation is successful. Or provide content services to them.
  • the local system settles the user fee, deducts it from the reserved fee, and returns the remaining fee to the external user account of the home operator, and provides the external user with Billing Information.
  • the header of the authentication message and the fee reservation charging message includes destination node information of the external data source and local source node information, and the message body includes user information.
  • the local system settles the user fee, provides a consumption report message, and sends the message to the home operator user data system of the external user.
  • the local system communicates with the user data system of the home operator by accessing the database in a structured query language, accessing the database through a stored procedure, accessing the database in a lightweight directory access protocol, or by means of message notification.
  • the correspondence between the user and the home operator is set by setting a user card number segment and a home carrier identity relationship table or establishing a user domain name and a home carrier identity relationship table in advance.
  • the local system authenticates or provides a consumption report message for the correspondence between the user and the home operator.
  • the message header of the authentication and consumption report message includes the destination node of the external data source, the destination automaton, the local source node, and the local automaton. Number information, the message body includes user information o
  • the invention also provides an interface device for authentication and charging, comprising a core process module, an application program interface module, a directory database operation module, a message processing system module; the core process module and an application program interface module, a directory database
  • the operation module and the message processing system module are connected, and are used to call the core process, process, forward, and process the interaction between the local system and the external user;
  • the application interface module is connected to an external relational database for accessing an external relation database
  • the directory database operation module is connected to an external directory database for operating external user data stored in the directory database;
  • the message processing system module is configured to communicate with an external message processing system or a message gateway.
  • the interface device further includes a relational database operation module and a WEB module, wherein the relational database operation module is configured to access an external user letter in the relational database
  • the WEB module is connected to the home server's web server, receives external messages and converts them into agreed protocol messages for processing.
  • the interface device further includes a monitoring module and a log module, wherein:
  • the monitoring module is configured to start or stop the interface device, check an internal process execution situation, and re-execute the related process when the process is abnormal;
  • the log module is used to perform the function of turning the log on or off.
  • the user's data is only kept on the system where the user belongs, so there is no problem that the user data is inconsistent;
  • the AAA system of other operators accesses or consumes the content service
  • the user communicates with the home AAA in real time through the external user interface gateway to complete the user's authentication, billing, and billing (consumption reporting) functions.
  • the user's balance is only in the user's balance. Keep a copy of the attribution, so you can flexibly support the prepaid business;
  • Informix and Oracle may use storage methods such as a directory database and a file database.
  • the present invention can support different user data storage modes. Therefore, the adapter is upgraded or expanded. Instead of upgrading the main system, you can use online expansion or upgrade.
  • FIG. 1 is a schematic structural view of a system of the present invention
  • FIG. 2 is a schematic structural view of an interface device according to the present invention.
  • FIG. 3 is a schematic diagram of a flow of implementing a prepaid user according to the present invention.
  • FIG. 4 is a schematic diagram of a process for implementing a post-paid user according to the present invention. detailed description
  • the invention adds an interface device to the existing AAA system, here called an external user interface gateway, which is responsible for communication between the system and external users, and flexibly provides an interface with different external systems to complete external user access or Real-time authentication, billing, and billing or consumption reporting when consuming content services.
  • an external user interface gateway which is responsible for communication between the system and external users, and flexibly provides an interface with different external systems to complete external user access or Real-time authentication, billing, and billing or consumption reporting when consuming content services.
  • a non-local user is referred to as an external user when using an access or content service; an operator where an external user accounts is called a home operator; and an external user uses the carrier or the content.
  • the local operator is called the local access system
  • the local operator's content system is called the local content system
  • the local system includes the local access system and the local content system
  • the local system and the home carrier is an external user interface gateway.
  • the external user interface gateway is set in the local system to communicate with the home operator of the external user, complete user authentication, billing, and billing or consumption when the external user accesses or consumes the content service.
  • the external user interface gateway can also be set in an independent third On the party device.
  • the present invention provides a flexible, scalable, real-time external user to use a local access service or a content service mechanism, and the external user interface gateway can support multiple external user data storage modes.
  • the user data storage mode of the home operator of the external user may be a relational database (such as Informix or Oracle database), may also use a directory database (such as a file database) or provide user information by using a message processing system, and correspondingly the external user interface gateway
  • the communication method provided may be to access the database in a structured query language (SQL), access the database through a stored procedure, access the database in a Lightweight Directory Access Protocol (LDAP) manner, or notify by message. communication.
  • the external user interface gateway is responsible for communicating with different external data sources to shield the local system from storing external data.
  • the internal protocol can communicate with the local system and the external interface gateway.
  • the internal protocol includes a message header and a message body, wherein the message header includes a home operating node parameter to identify the home operator of the external user, in addition to the necessary parameters of the message header of the common charging message in the industry;
  • the necessary parameters of the message body with the charging message can be realized.
  • the internal protocol may be redefined according to the necessary parameters included, or may be implemented by extending an existing charging message, and the extension field is a parameter of the home operating node.
  • the redefined message can use the following structure:
  • the message header can include the message length, message type, message ID, function entity number, state machine number, and home operating node parameters.
  • the authentication request message body may include a user account, a password flag, and a user encryption password parameter.
  • the charging response message body may include an authentication result, a user type, and a user balance parameter.
  • the billing request message body may include a user account, a start time, an end time, a fee, an operation type, and a session ID parameter.
  • the billing response message body may include a user account, a billing result, an actual fee, an operation type, and a session ID parameter.
  • the consumption report message body may include a user account, a consumption start and end time, a fee for this item, and a report type parameter.
  • the report response includes user account and message report result parameters.
  • FIG. 2 is a schematic structural diagram of an external user interface gateway according to the present invention.
  • the external user interface gateway includes a core process module, an application interface API (Appl icat ion program Interface) module, a directory database operation module, and a message processing system module.
  • the core process module is connected to the API module, the directory database operation module, and the message processing system module, and is used to invoke the core process of the external interface gateway, and is responsible for processing and forwarding the message.
  • the local system interacts with external users; the API module is used to access the external relational database through the API. Due to the encapsulation of the API, the external relational database type is transparent to the external user interface gateway; the directory database operation module is used to connect with the external directory database. And operating the external user data stored in the directory database; the message processing system module is used to interface with other external message processing systems or message gateways to complete the cascade of external user gateways.
  • the external user interface gateway may further include a monitoring module, a log module, a relational database operation module, and a WEB module.
  • the monitoring module is used to start and stop the external user interface gateway, and check the internal process execution. When the process is abnormal, the related process is re-executed; the log module is used to perform the log tracking function on or off; when the external user interface gateway belongs to the same
  • the relational database operation module is used to access the external user information in the relational database through the stored procedure, and does not directly access the user table; when the external user interface gateway
  • the WEB module is used to connect with the home server of the home carrier, receive the external message and convert it into an external user interface gateway and the home operation. The agreement protocol messages between the business systems are processed.
  • the local system When the external user sends a request for accessing or consuming the content to the local system, the local system performs a user authentication message according to the preset relationship between the user and the home operator, and sends the user authentication message to the external user interface gateway.
  • the external user interface gateway determines the communication mode with the home operator according to the home operator information in the authentication message, and interacts with the home operator user data system in the communication mode to perform authentication, charging, or billing or consumption reporting.
  • the user relationship between the user and the home operator may be set by setting a user card number segment and a home carrier identity relationship table in advance, or the user and the home operator may be set by establishing a user domain name and a home carrier identity relationship table. Correspondence between the two. For example, the operator sets the user card number segment and the external data source association table, that is, the user data of some card number segments is stored on the designated external data source, so that the external user interface gateway determines the carrier system to which the external user belongs.
  • the external user interface gateway can access the data in a SQL manner with the user data system of the home operator relative to the different storage modes of the user data of the home operator user data system. Libraries, accessing databases through stored procedures, accessing databases in LDAP, or communicating by message notification. Therefore, the home operator identifier and the user data storage manner relationship table may be preset, and the external user interface gateway searches the relationship table according to the home operator information in the message header of the authentication message to determine a communication manner with the home operator. If the operator is operating, first define all external data source information interconnected with the system, including node number, data type, connection mode, etc., so that the external user interface gateway can be configured to connect to the data source of the external user. .
  • the local system performs authentication, accounting, or provides a consumption report message according to the correspondence between the user set by the local operator and the home carrier.
  • These messages include a message header and a message body, and the message header may include information such as a destination node of an external data source, a destination automaton, a local source node, and a local automaton.
  • the message body includes user information such as a user name and a user password. The number of bytes per element can be defined by itself.
  • the charging further includes the local system providing a fee reservation charging message, and sending the message to the external user interface gateway, and the external user interface gateway according to the message in the header of the home operator
  • the information determines the communication mode with the home operator, and communicates with the home operator to apply for fee reservation in the communication mode. If the reservation is successful, the user is allowed to access the local system or provide content service to the user, when the user ends the access or When accepting the content service, the local system settles the user fee according to the user usage parameter, deducts from the reserved fee, and returns the remaining fee through the charged balance return operation to the external user account of the home operator;
  • the consumption report message is an external user bill.
  • the user sends a request for accessing or consuming the content, and the local system analyzes the request to determine whether the user is an external user, and determines, according to the card number segment and the home carrier correspondence, which home operator the user belongs to;
  • the local system provides an authentication request message (including a message header and a message) according to the result of the analysis, and sends the message to an external user interface gateway connected to the local system;
  • the external user interface gateway determines the communication mode for authenticating with the home operator according to the data storage mode of the home carrier, such as accessing the home carrier database or sending a message request for authentication; 4.
  • the external user interface gateway returns an authentication response to the local system according to the result of the authentication request, and the response message carries information such as the corresponding user type and balance;
  • the local system divides the budget according to the user's balance according to the budget or the maximum online duration
  • the local system provides an accounting reservation message, and sends the message to an external user interface gateway to apply for a reservation fee;
  • the external user interface gateway accesses the home carrier database or sends a message requesting a reserved fee according to the data storage mode of the home operator;
  • the external user interface gateway returns an accounting response message to the local system according to the reservation result, where the response message carries a corresponding reservation result;
  • the local system allows users to access or consume content
  • the local system settles the user's consumption fee according to the corresponding rate, and compares it with the reserved fee. If the fee is left, the local system provides the fee returning charging message, and applies for the return of the remaining fee. ;
  • the external user interface gateway accesses the home carrier database or sends a message request return fee according to the data storage mode of the home operator;
  • the external user interface gateway returns a return fee accounting response to the local system according to the return result, and the response carries a corresponding return result;
  • the local system provides a consumption report message according to the actual consumption of the user, and sends it to the external user interface gateway to notify the user of the consumption situation;
  • the external user interface gateway accesses the home carrier database or sends a message to notify the consumption according to the data storage mode of the home operator;
  • the external user interface gateway returns a consumption report response to the local system according to the processing result, and the response carries the corresponding consumption report processing result; if there is no response, temporarily records for re-reporting.
  • the user issues a request to access or consume content, and the local system analyzes the request, Determining whether the user is an external user, for example, determining which home operator the user belongs to according to the card number segment and the home carrier correspondence relationship;
  • the system provides an authentication request message (including a message header and a message) according to the result of the analysis in step 1, and sends the message to an external user interface gateway connected to the local system;
  • the external user interface gateway determines the communication mode for authenticating with the home operator according to the data storage mode of the home operator, such as accessing the home carrier database or sending a message request for authentication;
  • the external user interface gateway returns a local system authentication response according to the result of the authentication request, and the response message carries information such as the corresponding user type and balance;
  • the local system allows users to access or consume content
  • the system provides a consumption report message according to the actual consumption situation of the user, and sends the message to the external user interface gateway to notify the user of the consumption situation;
  • the external user interface gateway accesses the home operator database or sends a message to notify the consumption according to the data storage mode of the home operator;
  • the external user interface gateway returns a consumption report response to the local system according to the processing result, and the response carries the corresponding consumption report processing result; if there is no response, temporarily records, so as to re-report.
  • the external user data does not need to be saved in the local system, the local system saves the work of managing the external users, and there is no problem of data synchronization.
  • the user accesses or consumes the content, the user real-time and the home operator Communication, real-time query of user data, real-time deduction and real-time billing, so that user data information can be unified and prepaid users can be supported.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)
  • Computer And Data Communications (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

A method and apparatus for authentication and charging, the method comprises the steps: the external user transmits a request for accessing or content services to the local system; the local system authenticates the user and transmits the user authentication message according to the preset relation between the user and the home operator, the external user interface gateway determines the communication type with the home operator according to the home operator information in the authentication message, and interacts with the home operator by the communication type to authenticate; after the authentication is successful, the local system charges for the external user accessing the local system or accepting the content services. Only storing one copy of user’s data in the local system, the present invention realizes sharing the user resource, access resource and content services resource between different operators.

Description

一种鉴权和计费的方法及用于鉴权和计费  Method for authentication and charging and for authentication and billing
的接口装置  Interface device
技术领域 Technical field
本发明涉及网络通信技术领域,具体地说涉及鉴权和计费的方法和装 置。 背景技术  The present invention relates to the field of network communication technologies, and in particular to a method and apparatus for authentication and charging. Background technique
随着国内 Internet业务使用量的增加, 互联网宽带数据业务也在不 断地发展,越来越多的运营商提供和发展宽带数据业务。但随着业务运营 的不断深入,运营商各自为战的状态不断地被打破,取而代之的运营商之 间的相互合作, 互相取长补短, 共同为用户提供具有优势的业务。  With the increase in the use of domestic Internet services, Internet broadband data services are constantly evolving, and more and more operators are providing and developing broadband data services. However, with the continuous deepening of business operations, the operators' respective battles are constantly being broken, and the mutual cooperation among the operators is complemented by each other to provide users with advantageous services.
在运营商开展接入业务初期, 运营商认证、 授权、 计费系统 AAA ( Authent icat ions Authorizat ion^ Account ing )接入的用户仅局限于 本运营商发展的用户; 同样本运营商发展的用户,也仅能使用本运营商推 出的业务。但随着运营商多元化的发展,外部用户也希望使用本运营商提 供的 AAA系统进行业务接入或消费该运营商提供的内容业务,但由于外部 用户的用户信息没有在本运营商系统中注册,导致其无法接入及消费这些 内容业务, 因此限制了接入或业务的资源共享, 不利于运营商之间的相互 合作、 资源共享。  In the initial stage of the operator's access service, the user accessing the AAA (Authent icat ions Authorization) is limited to the users developed by the carrier; , and can only use the business launched by this operator. However, with the development of the diversified operators, external users also want to use the AAA system provided by the carrier to access services or consume the content services provided by the carrier. However, the user information of the external users is not in the carrier system. The registration makes it unable to access and consume these content services, thus limiting the resource sharing of access or services, which is not conducive to mutual cooperation and resource sharing among operators.
为了解决这一问题 ,现有技术方案是为各运营商之间进行用户数据的 同步,即若要 B运营商的用户可以接入 A运营商的 AAA系统或进行内容业 务消费,需要该用户在 B运营商开户时也将该用户数据放置一份在运营商 A的 AAA系统中, 并且在 B运营商 AAA系统中用户数据修改时也需同时通 知运营商 A的 AAA系统。 通过该方案可以实现用户资源的共享, 并允许 B 运营商的用户在 A运营商的 AAA系统中接入或消费内容业务。但同时也带 来如下缺点:  In order to solve this problem, the prior art solution is to synchronize user data between operators, that is, if the user of the B operator can access the A-operator's AAA system or consume content services, the user needs to When the B operator opens an account, the user data is also placed in the AAA system of the operator A, and the AAA system of the operator A is also notified at the same time when the user data is modified in the B operator AAA system. Through this solution, user resources can be shared, and users of the B operator can be allowed to access or consume content services in the A-operator's AAA system. But it also brings the following disadvantages:
1、 用户开户时需要在两个或多个运营商系统中同步开户, 增加了 运营商的运营成本;  1. When users open an account, they need to open accounts in two or more carrier systems, which increases the operating costs of the operators.
2、 需要不定时的对用户数据同步, 导致用户数据在一段时间内无法 一致, 造成用户数据不准确; 2 , need to synchronize the user data from time to time, resulting in user data can not be used for a period of time Consistent, resulting in inaccurate user data;
3、 由于用户数据的非实时同步, 用户余额可能不真实, 故该方案只 能支持后付费用户, 无法支持预付费用户。 发明内容  3. Due to the non-real-time synchronization of user data, the user balance may not be true, so the solution can only support post-paid users and cannot support pre-paid users. Summary of the invention
本发明的主要目的在于提供一种鉴权和计费的方法和接口装置,以实 现仅在本地运营商系统中保留一份用户数据就可使不同运营商之间实现 用户资源共享、 接入资源共享及内容业务资源共享。  The main purpose of the present invention is to provide a method and an interface device for authenticating and charging, so that sharing user data in a local carrier system enables user resources to be shared and accessed between different operators. Sharing and sharing of content business resources.
为达到以上目的, 本发明提供的一种鉴权和计费的方法, 包括步骤: To achieve the above objective, the present invention provides a method for authentication and charging, including the steps of:
A、 外部用户向本地系统发出接入请求或内容服务请求; A. The external user sends an access request or a content service request to the local system;
B、本地系统根据预先设置的用户与归属运营商之间的对应关系, 对 所述外部用户进行认证;  B. The local system authenticates the external user according to a correspondence between the preset user and the home operator.
C、 所述本地系统将通过认证的外部用户接入本地系统或者向其提供 内容服务, 并对该外部用户计费。  C. The local system accesses the local system through the authenticated external user or provides content service to the external system, and charges the external user.
当所述外部用户为预付费用户, 认证通过后还包括本地系统发送费 用预留计费消息,向归属运营商用户数据系统申请费用预留,并仅在预留 成功时允许用户接入本地系统或向其提供内容服务。  When the external user is a prepaid user, after the authentication is passed, the local system further sends a fee reservation charging message to apply for a fee reservation to the home operator user data system, and allows the user to access the local system only when the reservation is successful. Or provide content services to them.
当用户结束接入或接受内容服务时, 本地系统对用户费用进行结算, 从预留的费用中将其扣除,并把剩余的费用返回至归属运营商的该外部用 户账户, 并为外部用户提供账单信息。  When the user ends the access or accepts the content service, the local system settles the user fee, deducts it from the reserved fee, and returns the remaining fee to the external user account of the home operator, and provides the external user with Billing Information.
所述认证消息和费用预留计费消息的消息头中包括外部数据源的目 的节点信息及本地源节点信息, 消息体中包括用户信息。  The header of the authentication message and the fee reservation charging message includes destination node information of the external data source and local source node information, and the message body includes user information.
当所述外部用户为后付费用户, 在该用户结束接入或接受内容服务 时, 本地系统对用户费用进行结算, 提供消费报告消息, 并发送至该外 部用户的归属运营商用户数据系统。  When the external user is a post-paid user, when the user ends the access or accepts the content service, the local system settles the user fee, provides a consumption report message, and sends the message to the home operator user data system of the external user.
所述本地系统同归属运营商的用户数据系统的通讯方式为以结构化 查询语言方式访问数据库、通过存储过程访问数据库、以轻量級目录访问 协议方式访问数据库、 或以消息通知方式。  The local system communicates with the user data system of the home operator by accessing the database in a structured query language, accessing the database through a stored procedure, accessing the database in a lightweight directory access protocol, or by means of message notification.
通过预先设置用户卡号段和归属运营商标识关系表或建立用户域名 和归属运营商标识关系表来设置用户与归属运营商之间的对应关系。 本地系统 居用户与归属运营商之间的对应关系进行认证或提供 消费报告消息, 该认证和消费报告消息的消息头中包括外部数据源的 目的节点、 目的自动机、 本地源节点及本地自动机号信息, 消息体中 包括用户信息 o The correspondence between the user and the home operator is set by setting a user card number segment and a home carrier identity relationship table or establishing a user domain name and a home carrier identity relationship table in advance. The local system authenticates or provides a consumption report message for the correspondence between the user and the home operator. The message header of the authentication and consumption report message includes the destination node of the external data source, the destination automaton, the local source node, and the local automaton. Number information, the message body includes user information o
本发明还提供一种用于鉴权和计费的接口装置, 包括核心进程模 块、 应用程序接口模块、 目录数据库操作模块、 消息处理系统模块; 所述核心进程模块与应用程序接口模块、 目录数据库操作模块、 消息处理系统模块相连, 用于调用核心进程, 进行消息的处理、 转发 及处理本地系统与外部用户的交互;  The invention also provides an interface device for authentication and charging, comprising a core process module, an application program interface module, a directory database operation module, a message processing system module; the core process module and an application program interface module, a directory database The operation module and the message processing system module are connected, and are used to call the core process, process, forward, and process the interaction between the local system and the external user;
所述应用程序接口模块与外部关系数据库相连, 用于访问外部关 系数据库;  The application interface module is connected to an external relational database for accessing an external relation database;
所述目录数据库操作模块与外部目录数据库相连, 用于操作储存 在目录数据库中的外部用户数据;  The directory database operation module is connected to an external directory database for operating external user data stored in the directory database;
所述消息处理系统模块用于同外部消息处理系统或者消息网关通 讯。  The message processing system module is configured to communicate with an external message processing system or a message gateway.
该接口装置还包括关系数据库操作模块及 WEB模块, 其中, 所述关系数据库操作模块用于访问关系数据库中的外部用户信  The interface device further includes a relational database operation module and a WEB module, wherein the relational database operation module is configured to access an external user letter in the relational database
WEB模块与归属运营商的 Web服务器相连, 接收外部消息并将其转 换为约定协议报文进行处理。 The WEB module is connected to the home server's web server, receives external messages and converts them into agreed protocol messages for processing.
该接口装置还包括监控模块、 日志模块, 其中:  The interface device further includes a monitoring module and a log module, wherein:
所述监控模块用于启动或停止所述接口装置, 检查内部进程执行 情况, 当进程异常时, 重新执行相关进程;  The monitoring module is configured to start or stop the interface device, check an internal process execution situation, and re-execute the related process when the process is abnormal;
所述日志模块用于执行打开或关闭日志功能。  The log module is used to perform the function of turning the log on or off.
采用本发明提供的方法, 不需要在接入或内容业务消费地进行用 户开户, 仅需要在用户所归属的运营商系统上进行开户即可, 减少运 营商运营的成本。  By adopting the method provided by the invention, it is not necessary to open an account at the access or content service consumption place, and only need to open an account on the operator system to which the user belongs, thereby reducing the operation cost of the operator.
根据本发明的方案, 用户的数据仅保留在用户归属地的系统上, 因此不存在用户数据不一致的问题; 用户在其它运营商的 A A A系统进行接入或消费内容业务时,通过外 部用户接口网关实时与归属 AAA进行通讯, 完成用户的认证、 计费及出 具账单 (消费报告) 功能, 用户的余额仅在归属地保存一份, 因此可 以灵活地支持预付费业务; According to the solution of the present invention, the user's data is only kept on the system where the user belongs, so there is no problem that the user data is inconsistent; When the AAA system of other operators accesses or consumes the content service, the user communicates with the home AAA in real time through the external user interface gateway to complete the user's authentication, billing, and billing (consumption reporting) functions. The user's balance is only in the user's balance. Keep a copy of the attribution, so you can flexibly support the prepaid business;
由于不同运营商对用户数据保存方式的不同,如可能是 Informix、 Oracle , 也可能使用目录数据库、 文件数据库等存储方式, 本发明可 以支持不同的用户数据存储方式, 因此, 适配升级或扩容灵活, 而不 需要升级主系统, 更利用在线扩容或升级。 附图说明  Different types of user data storage methods may be used by different operators. For example, Informix and Oracle may use storage methods such as a directory database and a file database. The present invention can support different user data storage modes. Therefore, the adapter is upgraded or expanded. Instead of upgrading the main system, you can use online expansion or upgrade. DRAWINGS
图 1为本发明的系统结构示意图;  1 is a schematic structural view of a system of the present invention;
图 2为本发明的接口装置的结构示意图;  2 is a schematic structural view of an interface device according to the present invention;
图 3为本发明的预付费用户实现流程示意图;  3 is a schematic diagram of a flow of implementing a prepaid user according to the present invention;
图 4为本发明的后付费用户实现流程示意图。 具体实施方式  FIG. 4 is a schematic diagram of a process for implementing a post-paid user according to the present invention. detailed description
为了说明本发明的特点、 特性和优点, 下面结合实施例和附图, 对本发明进一步详细描述。  In order to explain the features, characteristics and advantages of the present invention, the present invention will be further described in detail below with reference to the embodiments and the accompanying drawings.
本发明在现有 AAA系统的 上增加一个接口装置,在此,称为外部 用户接口网关, 负责该系统与外部用户的通讯,并灵活地提供与外部不同 系统的接口,完成外部用户接入或消费内容业务时的实时认证、计费及出 具账单或消费报告。  The invention adds an interface device to the existing AAA system, here called an external user interface gateway, which is responsible for communication between the system and external users, and flexibly provides an interface with different external systems to complete external user access or Real-time authentication, billing, and billing or consumption reporting when consuming content services.
如图 1所示,在本发明中,非本地用户在使用接入或内容业务时称为 外部用户; 外部用户开户所在运营商称为归属运营商;外部用户使用接入 或内容的该运营商称为本地运营商,本地运营商的接入系统称为本地接入 系统,本地运营商的内容系统称为本地内容系统;本地系统包含本地接入 系统与本地内容系统;本地系统与归属运营商系统进行通讯的模块即所述 接口装置为外部用户接口网关。  As shown in FIG. 1 , in the present invention, a non-local user is referred to as an external user when using an access or content service; an operator where an external user accounts is called a home operator; and an external user uses the carrier or the content. The local operator is called the local access system, the local operator's content system is called the local content system, the local system includes the local access system and the local content system, and the local system and the home carrier. The module that communicates with the system, that is, the interface device is an external user interface gateway.
该外部用户接口网关设置于本地系统中,用来与外部用户的归属运营 商进行通讯, 完成外部用户接入或消费内容业务时的用户认证、计费及出 具账单或消费 4艮告。 当然,该外部用户接口网关也可以设置在独立的第三 方设备上。本发明为了提供一种灵活、可扩展、 实时的外部用户使用本地 接入业务或内容业务机制,该外部用户接口网关可支持多种外部用户数据 保存方式。该外部用户的归属运营商的用户数据存储方式可能是关系数据 库(如 Informix或 Oracle数据库)、 也可使用目录数据库(如文件数据 库)或者利用消息处理系统提供用户信息,相应地该外部用户接口网关提 供的通讯方式可以是以结构式询问语言 SQL ( S t ructured Query Language )方式访问数据库、通过存储过程访问数据库、 以轻量级目录访 问协议 LDAP ( Lightweight Directory Access Protocol )方式访问数据 库或以消息通知方式通讯。外部用户接口网关负责与外部不同数据源进行 通讯, 以使本地系统屏蔽外部数据的存储方式。而本地系统与外部接口网 关之间可以利用内部协议进行通讯。该内部协议包括消息头和消息体,其 中消息头中除了包括业界常用计费消息的消息头的必要参数外,还需要包 括归属运营节点参数以标识外部用户的归属运营商;消息体包括业界现有 计费消息的消息体的必要参数即可实现。该内部协议可以依据所包括的必 要参数重新定义,也可以通过扩展现有的计费消息实现,扩展字段为归属 运营节点参数。如重新定义的消息可以釆用如下结构: 消息头可以包括消 息长度、 消息类型、 消息 ID、 功能实体号、 状态机号及归属运营节点参 数。 认证请求消息体可以包括用户账号、 密码标志及用户加密密码参数。 计费响应消息体可以包括认证结果、用户类型及用户余额参数。计费请求 消息体可以包括用户账号、 开始时间、 结束时间、 费用、操作类型及会话 ID 参数。 计费响应消息体可以包括用户账号、 计费结果、 实际费用、 操 作类型及会话 ID参数。 消费报告消息体可以包括用户账号、 消费开始及 结束时间、本条费用及报告类型参数。报告响应包括用户账号及消息报告 结果参数。 The external user interface gateway is set in the local system to communicate with the home operator of the external user, complete user authentication, billing, and billing or consumption when the external user accesses or consumes the content service. Of course, the external user interface gateway can also be set in an independent third On the party device. The present invention provides a flexible, scalable, real-time external user to use a local access service or a content service mechanism, and the external user interface gateway can support multiple external user data storage modes. The user data storage mode of the home operator of the external user may be a relational database (such as Informix or Oracle database), may also use a directory database (such as a file database) or provide user information by using a message processing system, and correspondingly the external user interface gateway The communication method provided may be to access the database in a structured query language (SQL), access the database through a stored procedure, access the database in a Lightweight Directory Access Protocol (LDAP) manner, or notify by message. communication. The external user interface gateway is responsible for communicating with different external data sources to shield the local system from storing external data. The internal protocol can communicate with the local system and the external interface gateway. The internal protocol includes a message header and a message body, wherein the message header includes a home operating node parameter to identify the home operator of the external user, in addition to the necessary parameters of the message header of the common charging message in the industry; The necessary parameters of the message body with the charging message can be realized. The internal protocol may be redefined according to the necessary parameters included, or may be implemented by extending an existing charging message, and the extension field is a parameter of the home operating node. For example, the redefined message can use the following structure: The message header can include the message length, message type, message ID, function entity number, state machine number, and home operating node parameters. The authentication request message body may include a user account, a password flag, and a user encryption password parameter. The charging response message body may include an authentication result, a user type, and a user balance parameter. The billing request message body may include a user account, a start time, an end time, a fee, an operation type, and a session ID parameter. The billing response message body may include a user account, a billing result, an actual fee, an operation type, and a session ID parameter. The consumption report message body may include a user account, a consumption start and end time, a fee for this item, and a report type parameter. The report response includes user account and message report result parameters.
如图 2所示,为本发明外部用户接口网关的结构示意图。所述外部用 户接口网关包括核心进程模块、应用程序接口 API ( Appl icat ion Program Interface )模块、 目录数据库操作模块、 消息处理系统模块。 其中, 所 述核心进程模块与 API模块、 目录数据库操作模块、消息处理系统模块相 连, 用于调用外部接口网关的核心进程, 负责消息的处理及转发, 用于处 理本地系统与外部用户的交互; API模块用于通过 API访问外部关系数据 库, 由于 API的封装性, 因此外部关系数据库类型对外部用户接口网关透 明; 目录数据库操作模块用于与外部目录数据库进行连接,并操作储存在 目录数据库中的外部用户数据;消息处理系统模块用于与外部其它消息处 理系统或者消息网关的消息进行对接, 以完成外部用户网关的级联。 FIG. 2 is a schematic structural diagram of an external user interface gateway according to the present invention. The external user interface gateway includes a core process module, an application interface API (Appl icat ion program Interface) module, a directory database operation module, and a message processing system module. The core process module is connected to the API module, the directory database operation module, and the message processing system module, and is used to invoke the core process of the external interface gateway, and is responsible for processing and forwarding the message. The local system interacts with external users; the API module is used to access the external relational database through the API. Due to the encapsulation of the API, the external relational database type is transparent to the external user interface gateway; the directory database operation module is used to connect with the external directory database. And operating the external user data stored in the directory database; the message processing system module is used to interface with other external message processing systems or message gateways to complete the cascade of external user gateways.
该外部用户接口网关还可以包括监控模块、 日志模块、关系数据库操 作模块、 WEB模块。 其中, 监控模块用于启动、 停止外部用户接口网关, 并检查内部进程执行情况, 当进程异常时, 重新执行相关进程; 日志模块 用于执行打开或关闭日志跟踪功能;当外部用户接口网关同归属运营商的 消息处理系统属于同一制造商提供或基于同一约定协议通讯时,关系数据 库操作模块用于通过存储过程的方式访问关系数据库中的外部用户信息 , 不直接访问用户表;当外部用户接口网关同归属运营商的消息处理系统属 于同一制造商提供或基于同一约定协议通讯时, WEB模块用于与该归属运 营商的 Web服务器连接,接收外部消息并将其转换为外部用户接口网关同 归属运营商系统之间的约定协议报文进行处理。  The external user interface gateway may further include a monitoring module, a log module, a relational database operation module, and a WEB module. The monitoring module is used to start and stop the external user interface gateway, and check the internal process execution. When the process is abnormal, the related process is re-executed; the log module is used to perform the log tracking function on or off; when the external user interface gateway belongs to the same When the operator's message processing system belongs to the same manufacturer or communicates based on the same contract protocol, the relational database operation module is used to access the external user information in the relational database through the stored procedure, and does not directly access the user table; when the external user interface gateway When the message processing system of the home carrier belongs to the same manufacturer or communicates according to the same agreement protocol, the WEB module is used to connect with the home server of the home carrier, receive the external message and convert it into an external user interface gateway and the home operation. The agreement protocol messages between the business systems are processed.
当外部用户向本地系统发出接入或消费内容的请求时,本地系统根据 预先设置的用户与归属运营商之间的对应关系,进行用户认证消息,将该 用户认证消息发送到外部用户接口网关,外部用户接口网关根据认证消息 中的归属运营商信息确定同该归属运营商的通讯方式,且以该通讯方式同 该归属运营商用户数据系统交互以进行认证、 计费或出具账单或消费报 告。  When the external user sends a request for accessing or consuming the content to the local system, the local system performs a user authentication message according to the preset relationship between the user and the home operator, and sends the user authentication message to the external user interface gateway. The external user interface gateway determines the communication mode with the home operator according to the home operator information in the authentication message, and interacts with the home operator user data system in the communication mode to perform authentication, charging, or billing or consumption reporting.
其中,可以通过预先设置用户卡号段和归属运营商标识关系表来设置 用户与归属运营商之间的对应关系,也可以通过建立用户域名和归属运营 商标识关系表来设置用户与归属运营商之间的对应关系。如运营商设置用 户卡号段与外部数据源关联表,即某些卡号段的用户数据存储在指定的外 部数据源上, 进而使外部用户接口网关确定该外部用户归属的运营商系 统。  The user relationship between the user and the home operator may be set by setting a user card number segment and a home carrier identity relationship table in advance, or the user and the home operator may be set by establishing a user domain name and a home carrier identity relationship table. Correspondence between the two. For example, the operator sets the user card number segment and the external data source association table, that is, the user data of some card number segments is stored on the designated external data source, so that the external user interface gateway determines the carrier system to which the external user belongs.
相对于归属运营商用户数据系统对用户数据的不同存储方式,该外部 用户接口网关同归属运营商的用户数据系统之间可以 SQL 方式访问数据 库、 通过存储过程访问数据库、 以 LDAP方式访问数据库、 或以消息通知 方式进行通讯。故可以预先设置归属运营商标识及用户数据存储方式关系 表,外部用户接口网关根据认证消息的消息头中的归属运营商信息查寻该 关系表以确定同该归属运营商的通讯方式。如运营商在运营时,首先在系 统中定义与之互联的所有外部数据源信息, 包括节点编号、数据类型、联 接方式等信息,以便外部用户接口网关才 据配置联接到外部用户所在的数 据源。 The external user interface gateway can access the data in a SQL manner with the user data system of the home operator relative to the different storage modes of the user data of the home operator user data system. Libraries, accessing databases through stored procedures, accessing databases in LDAP, or communicating by message notification. Therefore, the home operator identifier and the user data storage manner relationship table may be preset, and the external user interface gateway searches the relationship table according to the home operator information in the message header of the authentication message to determine a communication manner with the home operator. If the operator is operating, first define all external data source information interconnected with the system, including node number, data type, connection mode, etc., so that the external user interface gateway can be configured to connect to the data source of the external user. .
本地系统根据本地运营商设置的用户与归属运营商之间的对应关系, 进行认证、 计费或者提供消费报告消息。 这些消息包括消息头和消息体, 消息头中可以包括外部数据源的目的节点、 目的自动机、本地源节点及本 地自动机号等信息。 而消息体中包括用户名和用户密码等用户信息。每个 元素所占字节数可以自行定义。  The local system performs authentication, accounting, or provides a consumption report message according to the correspondence between the user set by the local operator and the home carrier. These messages include a message header and a message body, and the message header may include information such as a destination node of an external data source, a destination automaton, a local source node, and a local automaton. The message body includes user information such as a user name and a user password. The number of bytes per element can be defined by itself.
如果所述外部用户为预付费用户时,该计费进一步包括本地系统提供 费用预留计费消息,将该消息发送至外部用户接口网关,外部用户接口网 关根据该消息的消息头中归属运营商信息确定同归属运营商的通讯方式, 且以该通讯方式同归属运营商通讯申请费用预留,如果预留成功,则允许 用户接入本地系统或向其提供内容服务,当用户结束接入或接受内容服务 时,本地系统依据用户使用参数对用户费用进行结算,从预留的费用进行 扣除,并把剩余的费用通过计费的余额返还操作返回至归属运营商的该外 部用户账户; 并通过消费报告消息为外部用户出账单。  If the external user is a prepaid subscriber, the charging further includes the local system providing a fee reservation charging message, and sending the message to the external user interface gateway, and the external user interface gateway according to the message in the header of the home operator The information determines the communication mode with the home operator, and communicates with the home operator to apply for fee reservation in the communication mode. If the reservation is successful, the user is allowed to access the local system or provide content service to the user, when the user ends the access or When accepting the content service, the local system settles the user fee according to the user usage parameter, deducts from the reserved fee, and returns the remaining fee through the charged balance return operation to the external user account of the home operator; The consumption report message is an external user bill.
具体流程如图 3所示, 包括如下步骤:  The specific process is shown in Figure 3, including the following steps:
1、 用户发出接入或消费内容的请求, 本地系统分析所述请求, 确 定该用户是否为外部用户, 如是依据卡号段和归属运营商对应关系确 定该用户属于哪一个归属运营商;  1. The user sends a request for accessing or consuming the content, and the local system analyzes the request to determine whether the user is an external user, and determines, according to the card number segment and the home carrier correspondence, which home operator the user belongs to;
2、 本地系统根据 1分析的结果, 提供认证请求消息 (包括消息头 和消息) , 并将该消息发送至与本地系统相连的外部用户接口网关; 2. The local system provides an authentication request message (including a message header and a message) according to the result of the analysis, and sends the message to an external user interface gateway connected to the local system;
3、外部用户接口网关根据归属运营商的数据存储方式决定同归属 运营商进行认证的通讯方式, 如访问归属运营商数据库或发消息请求 以进行认证; 4、外部用户接口网关根据认证请求结果, 向本地系统返回认证响 应, 该响应消息中携带有相应的用户类型、 余额等信息; 3. The external user interface gateway determines the communication mode for authenticating with the home operator according to the data storage mode of the home carrier, such as accessing the home carrier database or sending a message request for authentication; 4. The external user interface gateway returns an authentication response to the local system according to the result of the authentication request, and the response message carries information such as the corresponding user type and balance;
5、依据用户类型判断出该用户为预付费用户,则本地系统根据用 户的余额分割比或最大在线时长等预算需要的费用;  5. According to the user type, it is judged that the user is a prepaid user, and the local system divides the budget according to the user's balance according to the budget or the maximum online duration;
6、本地系统提供计费预留消息,将该消息发送至外部用户接口网 关以申请预留费用;  6. The local system provides an accounting reservation message, and sends the message to an external user interface gateway to apply for a reservation fee;
7、 外部用户接口网关根据归属运营商的数据存储方式访问归属 运营商数据库或发消息请求预留费用;  7. The external user interface gateway accesses the home carrier database or sends a message requesting a reserved fee according to the data storage mode of the home operator;
8、 外部用户接口网关根据预留结果, 向本地系统返回计费响应 消息, 该响应消息中携带有相应的预留结果;  8. The external user interface gateway returns an accounting response message to the local system according to the reservation result, where the response message carries a corresponding reservation result;
9、 本地系统允许用户接入或消费内容;  9. The local system allows users to access or consume content;
10、 用户接入结束或消费内容结束, 本地系统根据相应的费率结 算出用户消费的费用, 并与预留费用比较, 如果费用剩余, 则本地系 统提供费用返还计费消息, 申请返还剩余费用;  10. When the user access ends or the consumption content ends, the local system settles the user's consumption fee according to the corresponding rate, and compares it with the reserved fee. If the fee is left, the local system provides the fee returning charging message, and applies for the return of the remaining fee. ;
11、 外部用户接口网关根据归属运营商的数据存储方式访问归属 运营商数据库或发消息请求返还费用;  11. The external user interface gateway accesses the home carrier database or sends a message request return fee according to the data storage mode of the home operator;
12、 外部用户接口网关根据返还结果, 向本地系统返回返还费用 计费响应, 该响应中携带有相应的返还结果;  12. The external user interface gateway returns a return fee accounting response to the local system according to the return result, and the response carries a corresponding return result;
13、 本地系统根据用户实际消费提供消费报告消息, 并将其发送 至外部用户接口网关通知用户消费情况;  13. The local system provides a consumption report message according to the actual consumption of the user, and sends it to the external user interface gateway to notify the user of the consumption situation;
14、 外部用户接口网关根据归属运营商的数据存储方式访问归属 运营商数据库或发消息通知消费情况;  14. The external user interface gateway accesses the home carrier database or sends a message to notify the consumption according to the data storage mode of the home operator;
15、 外部用户接口网关根据处理结果, 向本地系统返回消费报告 响应, 该响应中携带有相应的消费报告处理结果; 如果没有响应, 则 暂时记录, 以便重新报告。  15. The external user interface gateway returns a consumption report response to the local system according to the processing result, and the response carries the corresponding consumption report processing result; if there is no response, temporarily records for re-reporting.
如果用户为后付费,本地系统则仅进行认证及以消息报告的形式出具 账单, 不需要预留、 返还余额等操作。 其具体流程如图 4所示, 包括如下 步骤:  If the user pays for the post, the local system only authenticates and issues the bill in the form of a message report, and does not need to reserve or return the balance. The specific process is shown in Figure 4, including the following steps:
1 )用户发出接入或消费内容的请求, 本地系统分析所述请求, 确 定该用户是否为外部用户, 如是依据卡号段和归属运营商对应关系确 定该用户属于哪一个归属运营商; 1) The user issues a request to access or consume content, and the local system analyzes the request, Determining whether the user is an external user, for example, determining which home operator the user belongs to according to the card number segment and the home carrier correspondence relationship;
2 ) 系统根据步骤 1分析的结果, 提供认证请求消息 (包括消息头 和消息) , 并将该消息发送至与本地系统相连的外部用户接口网关; 2) The system provides an authentication request message (including a message header and a message) according to the result of the analysis in step 1, and sends the message to an external user interface gateway connected to the local system;
3 )外部用户接口网关根据归属运营商的数据存储方式决定同归属 运营商进行认证的通讯方式, 如访问归属运营商数据库或发消息请求 以进行认证; 3) The external user interface gateway determines the communication mode for authenticating with the home operator according to the data storage mode of the home operator, such as accessing the home carrier database or sending a message request for authentication;
4 )外部用户接口网关根据认证请求结果,返回本地系统认证响应 , 该响应消息中携带有相应的用户类型、 余额等信息;  4) The external user interface gateway returns a local system authentication response according to the result of the authentication request, and the response message carries information such as the corresponding user type and balance;
5 ) 本地系统允许用户接入或消费内容;  5) The local system allows users to access or consume content;
6 )系统根据用户实际消费情况提供消费报告消息,将该消息发送 至外部用户接口网关以通知用户消费情况;  6) The system provides a consumption report message according to the actual consumption situation of the user, and sends the message to the external user interface gateway to notify the user of the consumption situation;
7 )夕卜部用户接口网关根据归属运营商的数据存储方式访问归属运 营商数据库或发消息通知消费情况;  7) The external user interface gateway accesses the home operator database or sends a message to notify the consumption according to the data storage mode of the home operator;
8 )外部用户接口网关根据处理结果, 向本地系统返回消费报告响 应, 该响应中携带有相应的消费报告处理结果; 如果没有响应, 则暂 时记录, 以便重新 4艮告。  8) The external user interface gateway returns a consumption report response to the local system according to the processing result, and the response carries the corresponding consumption report processing result; if there is no response, temporarily records, so as to re-report.
通过本发明,外部用户数据不需要在本地系统中保存,本地系统省去 了对外部用户管理的工作,也就不存在数据同步的问题,用户接入或消费 内容时, 用户实时与归属运营商通讯, 完成用户数据实时查询、 实时扣费 及实时出账单,因此可以实现用户数据信息的统一,同时支持预付费用户。  Through the invention, the external user data does not need to be saved in the local system, the local system saves the work of managing the external users, and there is no problem of data synchronization. When the user accesses or consumes the content, the user real-time and the home operator Communication, real-time query of user data, real-time deduction and real-time billing, so that user data information can be unified and prepaid users can be supported.

Claims

权 利 要 求 Rights request
1、 一种鉴权和计费的方法, 其特征在于, 包括步驟:  A method for authentication and charging, characterized in that it comprises the steps of:
A、 外部用户向本地系统发出接入请求或内容月 I务请求;  A. The external user sends an access request or a content monthly request to the local system;
B、本地系统根据预先设置的用户与归属运营商之间的对应关系, 对 所述外部用户进行认证;  B. The local system authenticates the external user according to a correspondence between the preset user and the home operator.
C、所述本地系统将通过认证的外部用户接入本地系统或者向其提供 内容服务, 并对该外部用户计费。  C. The local system accesses or provides content services to the local system through the authenticated external user, and charges the external user.
2、 如权利要求 1所述的方法, 其特征在于,当所述外部用户为预付费 用户,认证通过后还包括本地系统发送费用预留计费消息,向归属运营商 用户数据系统申请费用预留,并仅在预留成功时允许用户接入本地系统或 向其提供内容服务。  2. The method according to claim 1, wherein when the external user is a prepaid user, after the authentication is passed, the local system further includes sending a fee reservation charging message to apply for a fee to the home operator user data system. Leave and allow users to access or provide content services to the local system only when the reservation is successful.
3、 如权利要求 2所述的方法, 其特征在于, 当本地系统结束对外部 用户的接入或停止向外部用户提供内容服务时 ,本地系统对外部用户的费 用进行结算,从预留的费用中将其扣除,并把剩余的费用返回至归属运营 商的该外部用户账户, 并为外部用户提供账单信息。  3. The method according to claim 2, wherein when the local system ends the access to the external user or stops providing the content service to the external user, the local system settles the fee of the external user, from the reserved fee. It deducts it and returns the remaining fee to the external user account of the home operator and provides billing information for the external user.
4、 如权利要求 2所述的方法, 其特征在于, 其中认证相关消息和所 述费用预留计费消息的消息头中包括外部数据源的目的节点信息及本 地源节点信息, 消息体中包括用户信息。  The method according to claim 2, wherein the header of the authentication related message and the fee reserved charging message includes destination node information of an external data source and local source node information, and the message body includes User Info.
5、如权利要求 1所述的方法, 其特征在于,当所述外部用户为后付费 用户,在本地系统结束该外部用户的接入或停止向外部用户提供内容服务 时, 本地系统对外部用户的费用进行结算, 提供消费报告消息, 并发送 至该外部用户的归属运营商用户数据系统。  The method according to claim 1, wherein when the external user is a post-paid user, the local system is to the external user when the local system ends the access of the external user or stops providing the content service to the external user. The fee is settled, a consumption report message is provided, and sent to the home operator's user data system of the external user.
6、 如权利要求 2、 3或 5所述的方法, 其特征在于, 所述本地系统同 归属运营商的用户数据系统的通讯方式为以结构化查询语言方式访问数 据库、通过存储过程访问数据库、以轻量级目录访问协议方式访问数据库、 或以消息通知方式。  The method according to claim 2, 3 or 5, wherein the local system communicates with the user data system of the home operator by accessing the database in a structured query language, accessing the database through the stored procedure, Access the database in a lightweight directory access protocol, or as a message notification.
7、 如权利要求 1所述的方法, 其特征在于,通过预先设置用户卡号段 和归属运营商标识关系表或建立用户域名和归属运营商标识关系表来设 置用户与归属运营商之间的对应关系。 The method according to claim 1, wherein the correspondence between the user and the home operator is set by setting a user card number segment and a home operator identity relationship table or establishing a user domain name and a home operator identity relationship table in advance. relationship.
8、 如权利要求 3或 5所述的方法, 其特征在于, 本地系统根据用户 与归属运营商之间的对应关系进行认证或提供消费报告消息, 该认证 和消费报告消息的消息头中包括外部数据源的目的节点、 目的自动机、 本地源节点及本地自动机号信息, 消息体中包括用户信息。 The method according to claim 3 or 5, wherein the local system performs authentication or provides a consumption report message according to a correspondence between the user and the home operator, and the header of the authentication and consumption report message includes an external The destination node of the data source, the destination automaton, the local source node, and the local automaton information, and the message body includes user information.
9、 一种用于鉴权和计费的接口装置, 其特征在于, 包括核心进程 模块、 应用程序接口模块、 目录数据库操作模块和消息处理系统模块; 所述核心进程模块与应用程序接口模块、 目录数据库操作模块、 消息处理系统模块相连, 用于调用核心进程, 进行消息的处理、 转发 及处理本地系统与外部用户的交互; 9. An interface device for authentication and charging, comprising: a core process module, an application program interface module, a directory database operation module, and a message processing system module; the core process module and an application program interface module, The directory database operation module and the message processing system module are connected, and are used to call the core process, process, forward, and process the interaction between the local system and the external user;
所述应用程序接口模块与外部关系数据库相连, 用于访问外部关 系数据库;  The application interface module is connected to an external relational database for accessing an external relation database;
所述目录数据库操作模块与外部目录数据库相连, 用于操作储存 在目录数据库中的外部用户数据;  The directory database operation module is connected to an external directory database for operating external user data stored in the directory database;
所述消息处理系统模块用于同外部消息处理系统或者消息网关通 讯。  The message processing system module is configured to communicate with an external message processing system or a message gateway.
10、 如权利要求 9所述的接口装置, 其特征在于, 还包括关系数据库 操作模块及 WEB模块, 其中,  The interface device according to claim 9, further comprising a relational database operation module and a WEB module, wherein
所述关系数据库操作模块用于访问关系数据库中的外部用户信  The relational database operation module is used to access an external user letter in a relational database
WEB模块与归属运营商的 Web服务器相连, 接收外部消息并将其转 换为约定协议报文进行处理。 The WEB module is connected to the home server's web server, receives external messages and converts them into agreed protocol messages for processing.
11、 如权利要求 9所述的接口装置, 其特征在于, 还包括监控模块和 曰志模块, 其中:  The interface device according to claim 9, further comprising a monitoring module and a monitoring module, wherein:
所述监控模块用于启动或停止所述接口装置, 检查内部进程执行 情况, 当进程异常时, 重新执行相关进程;  The monitoring module is configured to start or stop the interface device, check an internal process execution situation, and re-execute the related process when the process is abnormal;
所述日志模块用于执行打开或关闭日志功能。  The log module is used to perform the function of turning the log on or off.
PCT/CN2006/000753 2005-04-30 2006-04-21 A method and interface apparatus for authentication and charging WO2006116908A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CNB2005100680260A CN100417146C (en) 2005-04-30 2005-04-30 Method for power discrimination and charging and external user interface gateway
CN200510068026.0 2005-04-30

Publications (1)

Publication Number Publication Date
WO2006116908A1 true WO2006116908A1 (en) 2006-11-09

Family

ID=37298201

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2006/000753 WO2006116908A1 (en) 2005-04-30 2006-04-21 A method and interface apparatus for authentication and charging

Country Status (2)

Country Link
CN (1) CN100417146C (en)
WO (1) WO2006116908A1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10637655B1 (en) 2018-01-09 2020-04-28 Amdocs Development Limited System, method, and computer program for providing seamless data access from different internet service providers

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1968106B (en) * 2006-11-13 2013-04-24 华为技术有限公司 Charging system and method for balance sharing
CN101282225A (en) * 2007-04-04 2008-10-08 华为技术有限公司 Charging network, charging method and gateway
CN104854841B (en) * 2013-10-31 2018-07-31 华为技术有限公司 Application server, terminal device, network capabilities calling system and method
CN106982126B (en) * 2016-01-18 2020-02-14 中国移动通信集团重庆有限公司 Resource sharing charging method and charging device, and memory bank

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1259258A (en) * 1997-06-02 2000-07-05 艾利森电话股份有限公司 Method for handling parallel transactions on telephone pre-paid accounts
US20020034298A1 (en) * 2000-09-15 2002-03-21 Roke Manor Research Limited. LAN user protocol
CN1553741A (en) * 2003-05-30 2004-12-08 ��Ϊ�������޹�˾ Method and system for providing user network roam

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20010033653A (en) * 1998-10-27 2001-04-25 요트.게.아. 롤페즈 Broadcast network with interactive services
EP1198941B1 (en) * 1999-07-02 2008-09-03 Nokia Corporation Authentication method and system
US7305550B2 (en) * 2000-12-29 2007-12-04 Intel Corporation System and method for providing authentication and verification services in an enhanced media gateway
CN1423461A (en) * 2001-11-23 2003-06-11 中望商业机器有限公司 Broad access network gate
CN1194500C (en) * 2002-04-23 2005-03-23 华为技术有限公司 Fusion method between radio LAN and mobile network

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1259258A (en) * 1997-06-02 2000-07-05 艾利森电话股份有限公司 Method for handling parallel transactions on telephone pre-paid accounts
US20020034298A1 (en) * 2000-09-15 2002-03-21 Roke Manor Research Limited. LAN user protocol
CN1553741A (en) * 2003-05-30 2004-12-08 ��Ϊ�������޹�˾ Method and system for providing user network roam

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10637655B1 (en) 2018-01-09 2020-04-28 Amdocs Development Limited System, method, and computer program for providing seamless data access from different internet service providers

Also Published As

Publication number Publication date
CN1859338A (en) 2006-11-08
CN100417146C (en) 2008-09-03

Similar Documents

Publication Publication Date Title
US9438746B2 (en) Centralized charging systems for offline charging and online charging
JP4709721B2 (en) Third-party access gateway for communication services
JP4526526B2 (en) Third-party access gateway for communication services
US7653933B2 (en) System and method of network authentication, authorization and accounting
JP4491652B2 (en) Apparatus and method for controlling service progress between different domains
US8738741B2 (en) Brokering network resources
US6404870B1 (en) Method and apparatus for authorization based phone calls in packet switched networks
EP1552666A1 (en) Configuration of enterprise gateways
JP2003134145A (en) Service control network, server device, network device, and method and program for distributing service information
WO2006111095A1 (en) A charging network , charging agent apparatus as well and the charging method thereof
WO2009039719A1 (en) A user identifier server, a system and method for processing the data service
WO2006116908A1 (en) A method and interface apparatus for authentication and charging
WO2011066788A1 (en) Method, apparatus and system for file transmission between support region systems
JP4065436B2 (en) Method and system for building and communicating data about network access and service transactions in a communication network
WO2010121513A1 (en) System and method for billing short messages
US10171466B2 (en) Maintaining a common identifier for a user session on a communication network
KR100621203B1 (en) Method and system for controlling wireless data service for prepaid and limited subscriber
CN103139695B (en) The telecommunication capability call method of curstomer-oriented end and the network equipment
US20040122687A1 (en) Wireless LAN roaming using a Parlay gateway
CN101447878B (en) Charging method for prepayment service and system thereof
CN116055147B (en) Cloud service light-weight identity authentication method based on identification
Hakala et al. RFC 4006: Diameter Credit-Control Application
KR20040026578A (en) System and method for real-time billing about additional service except voice call and data call in mobile phone network
US20220286308A1 (en) Method and packet core system for common charging of network connectivity and cloud resource utilization
EP1942632A2 (en) Method and system for automatic subscriber and service provisioning

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application
NENP Non-entry into the national phase

Ref country code: DE

WWW Wipo information: withdrawn in national office

Country of ref document: DE

NENP Non-entry into the national phase

Ref country code: RU

WWW Wipo information: withdrawn in national office

Country of ref document: RU

122 Ep: pct application non-entry in european phase

Ref document number: 06722388

Country of ref document: EP

Kind code of ref document: A1

WWW Wipo information: withdrawn in national office

Ref document number: 6722388

Country of ref document: EP