WO2006116908A1 - Procede et appareil d’interface pour l’authentification et la facturation - Google Patents

Procede et appareil d’interface pour l’authentification et la facturation Download PDF

Info

Publication number
WO2006116908A1
WO2006116908A1 PCT/CN2006/000753 CN2006000753W WO2006116908A1 WO 2006116908 A1 WO2006116908 A1 WO 2006116908A1 CN 2006000753 W CN2006000753 W CN 2006000753W WO 2006116908 A1 WO2006116908 A1 WO 2006116908A1
Authority
WO
WIPO (PCT)
Prior art keywords
user
external
message
module
local system
Prior art date
Application number
PCT/CN2006/000753
Other languages
English (en)
Chinese (zh)
Inventor
Haitao Pan
Original Assignee
Huawei Technologies Co., Ltd.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Huawei Technologies Co., Ltd. filed Critical Huawei Technologies Co., Ltd.
Publication of WO2006116908A1 publication Critical patent/WO2006116908A1/fr

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/02Details
    • H04L12/14Charging, metering or billing arrangements for data wireline or wireless communications
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities

Definitions

  • the present invention relates to the field of network communication technologies, and in particular to a method and apparatus for authentication and charging. Background technique
  • the user accessing the AAA is limited to the users developed by the carrier; , and can only use the business launched by this operator.
  • AAA Authent icat ions Authorization
  • external users also want to use the AAA system provided by the carrier to access services or consume the content services provided by the carrier.
  • the user information of the external users is not in the carrier system. The registration makes it unable to access and consume these content services, thus limiting the resource sharing of access or services, which is not conducive to mutual cooperation and resource sharing among operators.
  • the prior art solution is to synchronize user data between operators, that is, if the user of the B operator can access the A-operator's AAA system or consume content services, the user needs to When the B operator opens an account, the user data is also placed in the AAA system of the operator A, and the AAA system of the operator A is also notified at the same time when the user data is modified in the B operator AAA system.
  • the B operator opens an account
  • the user data is also placed in the AAA system of the operator A
  • the AAA system of the operator A is also notified at the same time when the user data is modified in the B operator AAA system.
  • the main purpose of the present invention is to provide a method and an interface device for authenticating and charging, so that sharing user data in a local carrier system enables user resources to be shared and accessed between different operators. Sharing and sharing of content business resources.
  • the present invention provides a method for authentication and charging, including the steps of:
  • the external user sends an access request or a content service request to the local system
  • the local system authenticates the external user according to a correspondence between the preset user and the home operator.
  • the local system accesses the local system through the authenticated external user or provides content service to the external system, and charges the external user.
  • the local system When the external user is a prepaid user, after the authentication is passed, the local system further sends a fee reservation charging message to apply for a fee reservation to the home operator user data system, and allows the user to access the local system only when the reservation is successful. Or provide content services to them.
  • the local system settles the user fee, deducts it from the reserved fee, and returns the remaining fee to the external user account of the home operator, and provides the external user with Billing Information.
  • the header of the authentication message and the fee reservation charging message includes destination node information of the external data source and local source node information, and the message body includes user information.
  • the local system settles the user fee, provides a consumption report message, and sends the message to the home operator user data system of the external user.
  • the local system communicates with the user data system of the home operator by accessing the database in a structured query language, accessing the database through a stored procedure, accessing the database in a lightweight directory access protocol, or by means of message notification.
  • the correspondence between the user and the home operator is set by setting a user card number segment and a home carrier identity relationship table or establishing a user domain name and a home carrier identity relationship table in advance.
  • the local system authenticates or provides a consumption report message for the correspondence between the user and the home operator.
  • the message header of the authentication and consumption report message includes the destination node of the external data source, the destination automaton, the local source node, and the local automaton. Number information, the message body includes user information o
  • the invention also provides an interface device for authentication and charging, comprising a core process module, an application program interface module, a directory database operation module, a message processing system module; the core process module and an application program interface module, a directory database
  • the operation module and the message processing system module are connected, and are used to call the core process, process, forward, and process the interaction between the local system and the external user;
  • the application interface module is connected to an external relational database for accessing an external relation database
  • the directory database operation module is connected to an external directory database for operating external user data stored in the directory database;
  • the message processing system module is configured to communicate with an external message processing system or a message gateway.
  • the interface device further includes a relational database operation module and a WEB module, wherein the relational database operation module is configured to access an external user letter in the relational database
  • the WEB module is connected to the home server's web server, receives external messages and converts them into agreed protocol messages for processing.
  • the interface device further includes a monitoring module and a log module, wherein:
  • the monitoring module is configured to start or stop the interface device, check an internal process execution situation, and re-execute the related process when the process is abnormal;
  • the log module is used to perform the function of turning the log on or off.
  • the user's data is only kept on the system where the user belongs, so there is no problem that the user data is inconsistent;
  • the AAA system of other operators accesses or consumes the content service
  • the user communicates with the home AAA in real time through the external user interface gateway to complete the user's authentication, billing, and billing (consumption reporting) functions.
  • the user's balance is only in the user's balance. Keep a copy of the attribution, so you can flexibly support the prepaid business;
  • Informix and Oracle may use storage methods such as a directory database and a file database.
  • the present invention can support different user data storage modes. Therefore, the adapter is upgraded or expanded. Instead of upgrading the main system, you can use online expansion or upgrade.
  • FIG. 1 is a schematic structural view of a system of the present invention
  • FIG. 2 is a schematic structural view of an interface device according to the present invention.
  • FIG. 3 is a schematic diagram of a flow of implementing a prepaid user according to the present invention.
  • FIG. 4 is a schematic diagram of a process for implementing a post-paid user according to the present invention. detailed description
  • the invention adds an interface device to the existing AAA system, here called an external user interface gateway, which is responsible for communication between the system and external users, and flexibly provides an interface with different external systems to complete external user access or Real-time authentication, billing, and billing or consumption reporting when consuming content services.
  • an external user interface gateway which is responsible for communication between the system and external users, and flexibly provides an interface with different external systems to complete external user access or Real-time authentication, billing, and billing or consumption reporting when consuming content services.
  • a non-local user is referred to as an external user when using an access or content service; an operator where an external user accounts is called a home operator; and an external user uses the carrier or the content.
  • the local operator is called the local access system
  • the local operator's content system is called the local content system
  • the local system includes the local access system and the local content system
  • the local system and the home carrier is an external user interface gateway.
  • the external user interface gateway is set in the local system to communicate with the home operator of the external user, complete user authentication, billing, and billing or consumption when the external user accesses or consumes the content service.
  • the external user interface gateway can also be set in an independent third On the party device.
  • the present invention provides a flexible, scalable, real-time external user to use a local access service or a content service mechanism, and the external user interface gateway can support multiple external user data storage modes.
  • the user data storage mode of the home operator of the external user may be a relational database (such as Informix or Oracle database), may also use a directory database (such as a file database) or provide user information by using a message processing system, and correspondingly the external user interface gateway
  • the communication method provided may be to access the database in a structured query language (SQL), access the database through a stored procedure, access the database in a Lightweight Directory Access Protocol (LDAP) manner, or notify by message. communication.
  • the external user interface gateway is responsible for communicating with different external data sources to shield the local system from storing external data.
  • the internal protocol can communicate with the local system and the external interface gateway.
  • the internal protocol includes a message header and a message body, wherein the message header includes a home operating node parameter to identify the home operator of the external user, in addition to the necessary parameters of the message header of the common charging message in the industry;
  • the necessary parameters of the message body with the charging message can be realized.
  • the internal protocol may be redefined according to the necessary parameters included, or may be implemented by extending an existing charging message, and the extension field is a parameter of the home operating node.
  • the redefined message can use the following structure:
  • the message header can include the message length, message type, message ID, function entity number, state machine number, and home operating node parameters.
  • the authentication request message body may include a user account, a password flag, and a user encryption password parameter.
  • the charging response message body may include an authentication result, a user type, and a user balance parameter.
  • the billing request message body may include a user account, a start time, an end time, a fee, an operation type, and a session ID parameter.
  • the billing response message body may include a user account, a billing result, an actual fee, an operation type, and a session ID parameter.
  • the consumption report message body may include a user account, a consumption start and end time, a fee for this item, and a report type parameter.
  • the report response includes user account and message report result parameters.
  • FIG. 2 is a schematic structural diagram of an external user interface gateway according to the present invention.
  • the external user interface gateway includes a core process module, an application interface API (Appl icat ion program Interface) module, a directory database operation module, and a message processing system module.
  • the core process module is connected to the API module, the directory database operation module, and the message processing system module, and is used to invoke the core process of the external interface gateway, and is responsible for processing and forwarding the message.
  • the local system interacts with external users; the API module is used to access the external relational database through the API. Due to the encapsulation of the API, the external relational database type is transparent to the external user interface gateway; the directory database operation module is used to connect with the external directory database. And operating the external user data stored in the directory database; the message processing system module is used to interface with other external message processing systems or message gateways to complete the cascade of external user gateways.
  • the external user interface gateway may further include a monitoring module, a log module, a relational database operation module, and a WEB module.
  • the monitoring module is used to start and stop the external user interface gateway, and check the internal process execution. When the process is abnormal, the related process is re-executed; the log module is used to perform the log tracking function on or off; when the external user interface gateway belongs to the same
  • the relational database operation module is used to access the external user information in the relational database through the stored procedure, and does not directly access the user table; when the external user interface gateway
  • the WEB module is used to connect with the home server of the home carrier, receive the external message and convert it into an external user interface gateway and the home operation. The agreement protocol messages between the business systems are processed.
  • the local system When the external user sends a request for accessing or consuming the content to the local system, the local system performs a user authentication message according to the preset relationship between the user and the home operator, and sends the user authentication message to the external user interface gateway.
  • the external user interface gateway determines the communication mode with the home operator according to the home operator information in the authentication message, and interacts with the home operator user data system in the communication mode to perform authentication, charging, or billing or consumption reporting.
  • the user relationship between the user and the home operator may be set by setting a user card number segment and a home carrier identity relationship table in advance, or the user and the home operator may be set by establishing a user domain name and a home carrier identity relationship table. Correspondence between the two. For example, the operator sets the user card number segment and the external data source association table, that is, the user data of some card number segments is stored on the designated external data source, so that the external user interface gateway determines the carrier system to which the external user belongs.
  • the external user interface gateway can access the data in a SQL manner with the user data system of the home operator relative to the different storage modes of the user data of the home operator user data system. Libraries, accessing databases through stored procedures, accessing databases in LDAP, or communicating by message notification. Therefore, the home operator identifier and the user data storage manner relationship table may be preset, and the external user interface gateway searches the relationship table according to the home operator information in the message header of the authentication message to determine a communication manner with the home operator. If the operator is operating, first define all external data source information interconnected with the system, including node number, data type, connection mode, etc., so that the external user interface gateway can be configured to connect to the data source of the external user. .
  • the local system performs authentication, accounting, or provides a consumption report message according to the correspondence between the user set by the local operator and the home carrier.
  • These messages include a message header and a message body, and the message header may include information such as a destination node of an external data source, a destination automaton, a local source node, and a local automaton.
  • the message body includes user information such as a user name and a user password. The number of bytes per element can be defined by itself.
  • the charging further includes the local system providing a fee reservation charging message, and sending the message to the external user interface gateway, and the external user interface gateway according to the message in the header of the home operator
  • the information determines the communication mode with the home operator, and communicates with the home operator to apply for fee reservation in the communication mode. If the reservation is successful, the user is allowed to access the local system or provide content service to the user, when the user ends the access or When accepting the content service, the local system settles the user fee according to the user usage parameter, deducts from the reserved fee, and returns the remaining fee through the charged balance return operation to the external user account of the home operator;
  • the consumption report message is an external user bill.
  • the user sends a request for accessing or consuming the content, and the local system analyzes the request to determine whether the user is an external user, and determines, according to the card number segment and the home carrier correspondence, which home operator the user belongs to;
  • the local system provides an authentication request message (including a message header and a message) according to the result of the analysis, and sends the message to an external user interface gateway connected to the local system;
  • the external user interface gateway determines the communication mode for authenticating with the home operator according to the data storage mode of the home carrier, such as accessing the home carrier database or sending a message request for authentication; 4.
  • the external user interface gateway returns an authentication response to the local system according to the result of the authentication request, and the response message carries information such as the corresponding user type and balance;
  • the local system divides the budget according to the user's balance according to the budget or the maximum online duration
  • the local system provides an accounting reservation message, and sends the message to an external user interface gateway to apply for a reservation fee;
  • the external user interface gateway accesses the home carrier database or sends a message requesting a reserved fee according to the data storage mode of the home operator;
  • the external user interface gateway returns an accounting response message to the local system according to the reservation result, where the response message carries a corresponding reservation result;
  • the local system allows users to access or consume content
  • the local system settles the user's consumption fee according to the corresponding rate, and compares it with the reserved fee. If the fee is left, the local system provides the fee returning charging message, and applies for the return of the remaining fee. ;
  • the external user interface gateway accesses the home carrier database or sends a message request return fee according to the data storage mode of the home operator;
  • the external user interface gateway returns a return fee accounting response to the local system according to the return result, and the response carries a corresponding return result;
  • the local system provides a consumption report message according to the actual consumption of the user, and sends it to the external user interface gateway to notify the user of the consumption situation;
  • the external user interface gateway accesses the home carrier database or sends a message to notify the consumption according to the data storage mode of the home operator;
  • the external user interface gateway returns a consumption report response to the local system according to the processing result, and the response carries the corresponding consumption report processing result; if there is no response, temporarily records for re-reporting.
  • the user issues a request to access or consume content, and the local system analyzes the request, Determining whether the user is an external user, for example, determining which home operator the user belongs to according to the card number segment and the home carrier correspondence relationship;
  • the system provides an authentication request message (including a message header and a message) according to the result of the analysis in step 1, and sends the message to an external user interface gateway connected to the local system;
  • the external user interface gateway determines the communication mode for authenticating with the home operator according to the data storage mode of the home operator, such as accessing the home carrier database or sending a message request for authentication;
  • the external user interface gateway returns a local system authentication response according to the result of the authentication request, and the response message carries information such as the corresponding user type and balance;
  • the local system allows users to access or consume content
  • the system provides a consumption report message according to the actual consumption situation of the user, and sends the message to the external user interface gateway to notify the user of the consumption situation;
  • the external user interface gateway accesses the home operator database or sends a message to notify the consumption according to the data storage mode of the home operator;
  • the external user interface gateway returns a consumption report response to the local system according to the processing result, and the response carries the corresponding consumption report processing result; if there is no response, temporarily records, so as to re-report.
  • the external user data does not need to be saved in the local system, the local system saves the work of managing the external users, and there is no problem of data synchronization.
  • the user accesses or consumes the content, the user real-time and the home operator Communication, real-time query of user data, real-time deduction and real-time billing, so that user data information can be unified and prepaid users can be supported.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)
  • Computer And Data Communications (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

Procédé et appareil pour l’authentification et la facturation, le procédé comprenant les étapes suivantes : l’utilisateur externe transmet une demande d’accès ou de services de contenus au système local ; le système local authentifie l’utilisateur et transmet le message d’authentification de l’utilisateur selon la relation prédéfinie entre l’utilisateur et l’opérateur à domicile, la passerelle d’interface d’utilisateur externe détermine le type de communication avec l’opérateur à domicile selon les informations de l’opérateur à domicile dans le message d’authentification, et interagit avec l’opérateur à domicile par le type de communication pour authentifier ; après la réussite de l’authentification, le système local facture l’utilisateur externe pour l’accès au système local ou l’acceptation des services de contenus. En ne stockant qu’une copie des données de l’utilisateur dans le système local, la présente invention réalise le partage de la ressource de l’utilisateur, la ressource d’accès et la ressource de services de contenus entre des opérateurs différents.
PCT/CN2006/000753 2005-04-30 2006-04-21 Procede et appareil d’interface pour l’authentification et la facturation WO2006116908A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CNB2005100680260A CN100417146C (zh) 2005-04-30 2005-04-30 一种鉴权和计费的方法及外部用户接口网关
CN200510068026.0 2005-04-30

Publications (1)

Publication Number Publication Date
WO2006116908A1 true WO2006116908A1 (fr) 2006-11-09

Family

ID=37298201

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2006/000753 WO2006116908A1 (fr) 2005-04-30 2006-04-21 Procede et appareil d’interface pour l’authentification et la facturation

Country Status (2)

Country Link
CN (1) CN100417146C (fr)
WO (1) WO2006116908A1 (fr)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10637655B1 (en) 2018-01-09 2020-04-28 Amdocs Development Limited System, method, and computer program for providing seamless data access from different internet service providers

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1968106B (zh) * 2006-11-13 2013-04-24 华为技术有限公司 实现余额共享的计费系统及方法
CN101282225A (zh) * 2007-04-04 2008-10-08 华为技术有限公司 计费网络、计费方法和网关
EP3065374B1 (fr) * 2013-10-31 2018-12-12 Huawei Technologies Co., Ltd. Procédé d'activation de ressources de réseau
CN106982126B (zh) * 2016-01-18 2020-02-14 中国移动通信集团重庆有限公司 一种资源共享计费方法及计费装置、内存库

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1259258A (zh) * 1997-06-02 2000-07-05 艾利森电话股份有限公司 用于处理电话预付费帐户的并行事务处理的方法
US20020034298A1 (en) * 2000-09-15 2002-03-21 Roke Manor Research Limited. LAN user protocol
CN1553741A (zh) * 2003-05-30 2004-12-08 ��Ϊ�������޹�˾ 为用户提供网络漫游的方法和系统

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1292200A (zh) * 1998-10-27 2001-04-18 皇家菲利浦电子有限公司 具有交互业务的广播网
CN1144440C (zh) * 1999-07-02 2004-03-31 诺基亚公司 认证方法、认证系统和网关设备
US7305550B2 (en) * 2000-12-29 2007-12-04 Intel Corporation System and method for providing authentication and verification services in an enhanced media gateway
CN1423461A (zh) * 2001-11-23 2003-06-11 中望商业机器有限公司 宽带接入网关
CN1194500C (zh) * 2002-04-23 2005-03-23 华为技术有限公司 一种无线局域网和移动网络的融合方法

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1259258A (zh) * 1997-06-02 2000-07-05 艾利森电话股份有限公司 用于处理电话预付费帐户的并行事务处理的方法
US20020034298A1 (en) * 2000-09-15 2002-03-21 Roke Manor Research Limited. LAN user protocol
CN1553741A (zh) * 2003-05-30 2004-12-08 ��Ϊ�������޹�˾ 为用户提供网络漫游的方法和系统

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10637655B1 (en) 2018-01-09 2020-04-28 Amdocs Development Limited System, method, and computer program for providing seamless data access from different internet service providers

Also Published As

Publication number Publication date
CN100417146C (zh) 2008-09-03
CN1859338A (zh) 2006-11-08

Similar Documents

Publication Publication Date Title
US9438746B2 (en) Centralized charging systems for offline charging and online charging
JP4709721B2 (ja) 通信サービスのためのサードパーティアクセスゲートウェイ
JP4526526B2 (ja) 通信サービスのためのサードパーティアクセスゲートウェイ
US7653933B2 (en) System and method of network authentication, authorization and accounting
JP4491652B2 (ja) 異なるドメイン間でのサービス進行を制御する装置及び方法
US8738741B2 (en) Brokering network resources
US6404870B1 (en) Method and apparatus for authorization based phone calls in packet switched networks
WO2004036874A1 (fr) Configuration de passerelles d'entreprise
JP2003134145A (ja) サービス制御ネットワーク、サーバ装置、ネットワーク装置、サービス情報配布方法、及びサービス情報配布プログラム
WO2006111095A1 (fr) Reseau de charge, appareil formant agent de charge et procede de charge correspondant
WO2009039719A1 (fr) Serveur d'identifiant d'utilisateur, système et procédé pour traiter le service de données
WO2006116908A1 (fr) Procede et appareil d’interface pour l’authentification et la facturation
WO2011066788A1 (fr) Procédé, dispositif et système de transmission de fichiers entre des systèmes régionaux de support
WO2009129719A1 (fr) Procédé, système et entité d’authentification de factures dans la desserte de réseaux
JP4065436B2 (ja) 通信ネットワークにおけるネットワーク・アクセス及びサービス・トランザクションについてのデータを構築及び通信する方法及びシステム
WO2010121513A1 (fr) Système et procédé de facturation de messages courts
US10171466B2 (en) Maintaining a common identifier for a user session on a communication network
KR20040027527A (ko) 선불 및 한도 가입자를 위한 무선 데이터 서비스 제어방법 및 시스템
US20040122687A1 (en) Wireless LAN roaming using a Parlay gateway
Hakala et al. RFC 4006: Diameter Credit-Control Application
KR20040026578A (ko) 이동전화 통신망에서 음성 호 및 데이터 호를 제외한부가형 서비스에 대한 실시간 과금 시스템 및 방법
US20220286308A1 (en) Method and packet core system for common charging of network connectivity and cloud resource utilization
EP1942632A2 (fr) Procédé et système pour la prévision automatique de services et d'abonnés
US20050240988A1 (en) Separate accounting server
CN115379449A (zh) 一种一号多终端业务处理方法、网元及系统

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application
NENP Non-entry into the national phase

Ref country code: DE

WWW Wipo information: withdrawn in national office

Country of ref document: DE

NENP Non-entry into the national phase

Ref country code: RU

WWW Wipo information: withdrawn in national office

Country of ref document: RU

122 Ep: pct application non-entry in european phase

Ref document number: 06722388

Country of ref document: EP

Kind code of ref document: A1

WWW Wipo information: withdrawn in national office

Ref document number: 6722388

Country of ref document: EP