WO2011069423A1 - Procédé, dispositif et système de contrôle de licence - Google Patents

Procédé, dispositif et système de contrôle de licence Download PDF

Info

Publication number
WO2011069423A1
WO2011069423A1 PCT/CN2010/079292 CN2010079292W WO2011069423A1 WO 2011069423 A1 WO2011069423 A1 WO 2011069423A1 CN 2010079292 W CN2010079292 W CN 2010079292W WO 2011069423 A1 WO2011069423 A1 WO 2011069423A1
Authority
WO
WIPO (PCT)
Prior art keywords
license
lcc
content
implementation
control
Prior art date
Application number
PCT/CN2010/079292
Other languages
English (en)
Chinese (zh)
Inventor
张勇
Original Assignee
华为技术有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 华为技术有限公司 filed Critical 华为技术有限公司
Publication of WO2011069423A1 publication Critical patent/WO2011069423A1/fr

Links

Definitions

  • a license is a form of contract for a supplier/operator to authorize/authorize the range of products sold/purchased. Through the license, the operator can obtain the corresponding service promised by the supplier.
  • the method of authorizing and selling according to the contract is called selling by license; the technology for ensuring the effective implementation of the license is called License technology.
  • the license is usually in the form of a license file.
  • the license file usually contains the device information of the license file to bind the device to the license file. In this way, on the one hand, the license of the operator cannot be stolen by others, and the interests of the operator are protected; on the other hand, the license file cannot be abused by the operator to protect the interests of the equipment manufacturer.
  • a license control method including: the license control center LCC loads and parses a license file, and obtains the LCC acquisition.
  • the license item includes the license content; the LCC determines the license content required to license the implementation of the device; and the LCC carries the license content in the license control message to the license enforcement device.
  • another license control method including: the license implementation device receives a license control message sent by the license control center LCC; the license implementation device acquires the license content that needs to be implemented from the license control message; The device implements license control based on the licensed content that needs to be implemented.
  • a further aspect of the embodiments of the present invention provides a license control device, including: a parsing module, configured to load and parse a license file, obtain a license item acquired by the license control device, where the license item includes a license content; And a sending processing module, configured to carry the licensed content in the license control message and send the license content to the license implementing device.
  • a parsing module configured to load and parse a license file, obtain a license item acquired by the license control device, where the license item includes a license content
  • a sending processing module configured to carry the licensed content in the license control message and send the license content to the license implementing device.
  • a license implementation apparatus including: a receiving module, configured to receive a permission control message sent by a license control center LCC; and an acquiring module, configured to acquire a requirement from a license control message received by the receiving module The license content of the implementation; the implementation module, configured to implement the license control according to the license content that needs to be implemented by the acquisition module.
  • a license control system comprising: the foregoing license control device, and the foregoing license implementation device.
  • the license content required to implement the device implementation can be obtained from the loading file, the license content required to implement the device implementation is sent to the license implementation device using the format of the message, compared to the prior art distribution license.
  • the technical solution of the file does not need to send a large amount of redundant information, so the effective information ratio is high, the transmission efficiency is improved, and the occupation of transmission resources is reduced.
  • 1 is a flow chart of a license control method according to an embodiment of the present invention.
  • FIG. 2 is a flow chart of a license control method according to an embodiment of the present invention.
  • FIG. 3 is a flow chart of signaling interaction of a license control method according to an embodiment of the present invention.
  • FIG. 4 is a flow chart of signaling interaction of a license control method according to an embodiment of the present invention.
  • FIG. 5 is a schematic diagram of a connection relationship between an AP and an AHR according to an embodiment of the present invention
  • FIG. 6 is a schematic diagram of a connection relationship between an AP and a MN in the embodiment of the present invention.
  • Figure ⁇ is a schematic diagram showing the connection relationship between an AP and an AG in the embodiment of the present invention.
  • FIG. 8 is a schematic structural diagram of a license control device according to an embodiment of the present invention.
  • FIG. 9 is a schematic structural diagram of a license implementation device according to an embodiment of the present invention.
  • FIG. 10 is a schematic structural diagram of a license implementation device according to an embodiment of the present invention.
  • the technical solutions in the embodiments of the present invention are clearly and completely described in the following with reference to the accompanying drawings in the embodiments of the present invention. It is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. example. All other embodiments obtained by a person of ordinary skill in the art based on the embodiments of the present invention without creative efforts are within the scope of the present invention.
  • the embodiments of the present invention provide a method, a device, and a system for implementing the license control, which can improve the efficiency of implementing the license control and reduce the occupation of the transmission resources, especially when the L i cens e implementation device is large.
  • a plurality of embodiments will be described below to explain the technical solutions of the embodiments of the present invention. It should be noted that the numbers of the embodiments are used for convenience of description only, and are not used as a basis for comparison between the embodiments.
  • FIG. 1 is a schematic flowchart of a license control method according to an embodiment of the present invention. Referring to FIG. 1, the method includes the following steps:
  • the license control center LCC loads and parses the license file to obtain the license item acquired by the LCC; in this embodiment, it can pass a license control center (L i cens e Con t ro l Cent er , The LCC is referred to as the license file. If the license file is encrypted, it can be decrypted by the LCC first, and then the decrypted license file is loaded. If the license file was not encrypted before, it can be loaded directly. After that, the analysis is performed to obtain the license item acquired by the LCC. It can be understood that the license item includes the license content.
  • LCC determines the license content required to license the implementation of the device
  • the LCC can determine which license content needs to be sent to the license implementation device through different implementations.
  • this step can have different implementations, such as:
  • the license item information supported by the license implementation device may be combined to determine that the license implementation is required. Licensed content for device implementation.
  • the specific process may be: the LCC determines, according to the license item acquired by the LCC, the license item information supported by the license implementation device, and determines the license content required to implement the implementation of the device, for example, the intersection of the two, or the part of the intersection. License item.
  • the LCC can independently select the license item acquired by the LCC and send it to the license implementation device.
  • the specific process may be: After obtaining the license item acquired by the LCC, the LCC may select part or all of the license items acquired by the LCC as the license content required to implement the implementation of the device. In this case, after the license content is sent to the license implementation device, the license implementation device can perform the reselection according to its own support capability or its own needs.
  • the determined license content is carried in the license control message to the license enforcement device.
  • the license content can be directly carried in the license control message to the license implementation device.
  • the determined license content may be encrypted first, and then the encrypted license content is carried in the license control message for transmission.
  • the encryption algorithm used in the encryption process can be determined in various ways. For example: 1) The LCC receives a license control request message sent by the license implementation device, and the license control request message includes: License implementation of the encryption algorithm set information supported by the device. After receiving the license control request message,
  • the LCC can select an encryption algorithm supported by the LCC from the encryption algorithm set information as the encryption algorithm to be used.
  • the LCC may also transmit the identifier of the selected encryption algorithm to the license implementing device in the form of a license control response message, so that the license implementing device may decrypt the received encrypted license content accordingly.
  • This method can be understood as the encryption algorithm that the LCC and the license implementation device negotiate to determine the common support during the license control process.
  • the encryption algorithm supported by the LCC and the license implementation device can be specified statically, that is, the default encryption algorithm. Mode 2) can be adopted directly, or it can be adopted if the negotiation is unsuccessful or there is no negotiation result.
  • the license content may be further encrypted on the basis of using the message format to carry the license content, thereby ensuring that the license content is private during the delivery process, and further protecting the security of the license content, in particular It is aimed at the current use of Licensing in the public network, to avoid the license content being easily intercepted and deciphered.
  • the determined permission content may be first processed before the permission control message is sent, and then the integrity processed license content is carried in the permission control message. Send in.
  • the integrity algorithm used for integrity processing can be determined in a variety of ways. For example: 1) The LCC receives the license control request message sent by the license implementation device, and the license control request message includes: the integrity algorithm set information supported by the license implementation device. After receiving the permission control request message, the LCC may select an integrity algorithm supported by the LCC from the integrity algorithm set information as the integrity algorithm to be used. In addition, the LCC may also send the identifier of the selected integrity algorithm to the license implementation device in the form of a license control response message, so that the license implementation device can perform integrity verification on the received integrity content after receiving the integrity. deal with. This approach can be understood as the LCC and the license implementation device negotiate to determine the commonly supported integrity algorithm during the license control process.
  • the integrity algorithm supported by the LCC and the license implementation device can be specified in a static manner. Mode 2) can be adopted directly, or it can be adopted if the negotiation is unsuccessful or there is no negotiation result. It can be understood that integrity is a feature that data cannot be changed without authorization, that is, information that remains unmodified, uncorrupted, and lost during storage or transmission. Through the integrity processing of the licensed content, the probability of errors in the data transmission process of the licensed content can be reduced, and the accuracy of the transmission of the licensed content is improved.
  • the above encryption algorithm and integrity algorithm may be executed independently or together.
  • the permission control request message carrying the encryption algorithm set information and the integrity algorithm set information may be that the same message carries two kinds of algorithm set information, or may be separately sent two messages respectively.
  • the license content that needs to be licensed to implement the device is determined from the loading file, and then the determined license content is determined by using the format of the message.
  • the transmission to the license implementation device does not require sending a large amount of redundant information compared to the technical solution of the prior art distribution license file, so the effective information ratio is high, the transmission efficiency is improved, and the occupation of the transmission resource is reduced.
  • Encryption and integrity processing further protect the security and integrity of the licensed content.
  • FIG. 2 is a schematic flowchart of a license control method according to an embodiment of the present invention. Referring to FIG. 2, the method includes the following steps:
  • the license implementation device receives the license control message sent by the license control center LCC; in this embodiment, since the LCC sends the license content in the form of a license control message, the license implementation device may receive the license control message;
  • the license implementation device obtains the license content that needs to be implemented from the license control message; in this step, the license implementation device may parse the license control message to obtain the license content carried in the message;
  • the license implementation device may be based on The encryption algorithm and/or integrity algorithm supported by the LCC and the license enforcement device performs corresponding decryption and/or integrity verification processing on the encrypted content after the encryption and/or integrity processing to obtain the license content that needs to be implemented.
  • the license implementation device has previously sent the license information supported by itself to the LCC through the license control request message, the LCC has incorporated the support capability of the license implementation device in the process of selecting the license content, correspondingly,
  • the license content carried in the license control message in step 201 can be understood as all the license items supported by the license implementation device.
  • the license implementing device may use all of the license contents carried in the license control message as the license content to be implemented. Of course, you can also select a part of it as a license content that needs to be implemented.
  • the license implementation device may obtain the license item acquired by the LCC from the license control message, and combine the license item information supported by the license implementation device to select an intersection of the two (may be all or part of the intersection). Thereby determining the license content that needs to be implemented.
  • the license implementation device implements the license control according to the licensed content that is required to be implemented.
  • the license implementation device may perform permission control according to the obtained license content that needs to be implemented, for example, perform function control or resource control of the device.
  • the license implementation result may be returned to the LCC after the license control is implemented as needed for the licensed content.
  • the sending and receiving of the licensed content is performed by using the format of the message, which avoids a large amount of redundant information compared to the technical solution of the prior art distributing the license file.
  • the transmission and reception therefore, the proportion of effective information is higher, the transmission efficiency is improved, and the occupation of transmission resources is reduced.
  • the license content is encrypted and integrity processed on the LCC side, the license content can be decrypted and integrity verified on the license enforcement device side, thus further protecting the security and integrity of the licensed content.
  • Embodiment 1 and Embodiment 2 can be periodically executed, and the L i cense content is updated in time to meet the requirements of real-time performance of the system.
  • the solutions of the first embodiment and the second embodiment described above are described by only one license implementation device. It is worth noting that in the actual scenario, the licensed implementation equipment may be massive and the distribution is relatively scattered. Embodiment 3 In an actual network, there are many license implementation devices, such as base station devices.
  • miniaturized access devices can be implemented as license implementation devices, such as Universal Mobile Telecommunications System (UMTS, Access Point), global Mobile System (GSM, Global System for Mobile communication) AP, GSM (Pico) device, Long Term Evolution (LTE), LTE Pico, Code Diviation Multiple Access (C-Division) AP, CDMA pico, Worldwide Interoperability for Microwave Access (wimax, AP, wimax pico, etc.).
  • UMTS Universal Mobile Telecommunications System
  • GSM Global System for Mobile communication
  • GSM Global System for Mobile communication
  • LTE Long Term Evolution
  • LTE Pico Long Term Evolution
  • CDMA pico Code Diviation Multiple Access
  • Wimax pico Worldwide Interoperability for Microwave Access
  • the embodiment of the present invention provides a method for granting control.
  • the license implementation device is a medical TS AP
  • the LCC module is deployed in an AP Home Register (AHR, AP Home Register), that is, the AHR is used as the LCC.
  • the license is controlled by the medical TS AP.
  • FIG. 3 is a flowchart of signaling interaction of a license control method according to an embodiment of the present invention. As shown in FIG. 3, the method includes:
  • the LCC decrypts, loads, and parses the obtained license file.
  • the LCC obtains the license file first.
  • the method can be obtained from the license production center.
  • the license production center creates a license file for the LCC and sends it to the LCC.
  • the steps to obtain a license file are not necessarily performed each time. For example, you can save it once and save it for later use. Of course, it is also possible to execute the license control once each time.
  • the license file is encrypted, and the LCC needs to decrypt the license file first, and then the decrypted license file is loaded into the LCC device.
  • the license file may have a lot of information, such as file format information, control information, etc., where the control information represents a license item.
  • the LCC parses the loaded license file to obtain the license item sent by the license production center to the LCC, that is, the license item obtained by the LCC.
  • the license items acquired by the LCC are: A: uplink IP packet multiplexing, B: downlink receiving function, C: PS downlink rate maximum, D: PS uplink rate maximum.
  • a and B can be understood as function licenses
  • C and D can be understood as resource licenses.
  • the AP sends a license control request message to the LCC.
  • the AP actively requests the license control from the LCC. Specifically, in this step, the AP may send a Li cense control request message to the LCC, and the Li cense control request message may carry one or a combination of the following information: the license item information supported by the AP (ie, the capability to support Li cense), the AP Supported encryption algorithm set information, integrity algorithm set information supported in the AP.
  • the license item information supported by the AP may be embodied in the form of a function list, and the license item information may indicate the license control capability that the LCC can implement, and the license content that is not in the list, even if sent to the AP, the AP also Can't achieve it.
  • the information of the Li cense item supported by the AP that is sent to the LCC is (C, D, E, F), which are: C: the maximum downlink rate of the PS, the maximum value of the uplink rate of the D: Maximum number of admitted users, and F: Local Iur function.
  • the encryption algorithm set information supported by the AP embodies the encryption algorithm that the AP can support, and can be used as the basis for selecting the encryption algorithm by the LCC.
  • the integrity algorithm set information supported by the AP reflects the integrity algorithm supported by the AP and can be used as the basis for the LCC selection integrity algorithm. In the embodiment of the present invention, the following three kinds of information are carried in the Li cense control request message as an example for description.
  • the LCC determines the license content according to the license control request message, and performs encryption and integrity processing.
  • the LCC may take two pieces of license information (C, D, E, F) supported by the AP carried by the Li cense control request message, and the license item information (A, B, C, D) obtained by the LCC, and take two The intersection (C, D) is the license content that needs to be implemented by the AP.
  • the license content may be encrypted and integrity processed before being sent to the AP.
  • the algorithm used for encryption and integrity processing can be dynamically negotiated. Specifically: Since the LCC has learned the encryption algorithm and integrity algorithm supported by the AP according to the Li cense control request message, the LCC can support itself according to its own support. The encryption algorithm and the integrity algorithm select the encryption algorithm and the integrity algorithm supported by both to encrypt and integrity the licensed content. Alternatively, the encryption and integrity processing of this step can also use the default encryption algorithm and integrity algorithm. The default algorithm can be used if there is no result of negotiation or the negotiation is unsuccessful, or it can be used directly. Of course, if the default algorithm is used directly, the LI cense control request message sent by the AP to the LCC may not carry the algorithm set information.
  • the LCC returns a Li cense control response message to the AP.
  • the Li cense control response message is a license content that carries the required AP implementation. License control message.
  • the Li cense control response message includes: an encryption algorithm identifier and an integrity algorithm identifier selected by the LCC; and a license content implemented by the AP, which has been processed by a selected or default encryption algorithm and an integrity algorithm.
  • the AP performs Li cense control according to the information in the Li cense control response message.
  • the AP selects the encryption algorithm identifier in the Li cense control response message, and selects a corresponding decryption algorithm to decrypt the encrypted license content.
  • the AP selects a corresponding integrity verification algorithm according to the integrity algorithm identifier in the Li cense control response message, and performs integrity verification on the integrity content of the integrity processing. If the data can pass the integrity verification, the AP can be used as the content of the AP implementation license.
  • the license content obtained after the decryption and integrity verification in this step is: (C, D), where C is the maximum downlink rate of the PS and D is the maximum value of the uplink rate of the PS. , License control is performed on the corresponding resources of the AP device.
  • the AP feeds back the result of the Li cense implementation to the LCC.
  • the result of the Li cense implementation can be sent to the LCC.
  • the transmission and reception of the license content is performed using the format of the message, and the license content is the control information which is really useful in the license file, that is, the license item information.
  • the license content is the control information which is really useful in the license file, that is, the license item information.
  • the AP actively sends a request message to the LCC, and the request message carries the license item information, the encryption algorithm, and the integrity algorithm information supported by the AP, and the license function negotiation can be completed in advance to ensure that the license content sent to the AP can be implemented. And; can be completed in advance
  • the algorithm negotiates and processes it using an algorithm supported by both parties.
  • the AP actively sends a license request, which can be processed according to the actual situation of the specific AP.
  • the license control is more targeted and improves the efficiency of the license control.
  • Embodiment 4 the encryption and integrity processing of the licensed content guarantees the privacy and integrity of the licensed content (ie, truly useful control messages) during delivery.
  • the embodiment of the present invention provides a method for granting control.
  • the L i cense implementation device is a medical TS AP
  • the LCC module is deployed to the AHR, that is, the AHR is used as the LCC device.
  • the LCC actively issues a license item
  • the AP selects a license item supported by the AP according to its own support capability to implement Li cense control.
  • FIG. 4 is a flowchart of signaling interaction of a license control method according to an embodiment of the present invention. As shown in FIG. 4, the method includes:
  • the LCC decrypts, loads, and parses the obtained L i cense file.
  • the license items obtained by LCC are also set to (A, B, C, D), specifically, A: uplink IP packet multiplexing, B: downlink receiving function, C: PS downlink rate maximum, D: PS uplink The maximum rate.
  • the LCC determines the license content, and performs encryption and integrity processing
  • the LCC since the LCC does not know the license item information supported by the AP, the LCC can automatically select the license item acquired by the LCC.
  • the specific process may be: After the LCC obtains the license items (A, B, C, D) obtained by the LCC, part or all of the license items acquired by the LCC may be selected as the license content required for the AP implementation. This embodiment assumes that the LCC uses (A, B, C, D) as the permitted contents.
  • the license content may be encrypted and integrity processed before being sent to the AP.
  • the algorithm used in the encryption and integrity processing may be determined by dynamic negotiation before the content of the license is sent, or the integrity algorithm supported by the LCC and the AP, that is, the default integrity algorithm, may be specified in a static manner. It can be understood that the steps of determining the algorithm are not necessarily performed every time, and there is no necessary context with step 401, as long as the algorithm is determined before the encryption and integrity processing. 403.
  • the LCC sends a L i cense control indication message to the AP.
  • the L i cens e control indication message is a permission control message carrying the licensed content required to be implemented by the AP.
  • the L i cense control indication message includes: a license content that needs to be implemented by the AP.
  • the message may further include an encryption algorithm identifier and an integrity algorithm identifier selected by the LCC.
  • the AP has already learned the algorithm to be used before the sending, the AP does not need to carry the LCC selected encryption algorithm identifier and integrity algorithm identifier in the L i cense control indication message.
  • the AP selects a license item and implements L i cense control
  • the AP may first perform decryption and integrity verification processing on the licensed content.
  • the AP needs to select the license items according to the capabilities supported by the AP. Specifically, assuming that the AP supports C and D, but does not support A and B, the selected licenses can be C and D.
  • the AP After the AP selects the license item, it can perform resource control or function control based on this.
  • the result of the L i cense implementation can be sent to the LCC.
  • the transmission and reception of the license content is performed using the format of the message, and the license content is the control information which is really useful in the license file, that is, the license item information.
  • the license content is the control information which is really useful in the license file, that is, the license item information.
  • the LCC actively delivers the license item in the message format, which can reduce the information exchange between the AP and the LCC, save signaling overhead, simplify the process, and improve the processing efficiency.
  • Embodiment 3 and Embodiment 4 are deployed in the AHR by using the LCC module.
  • the implementation is described as an example.
  • a schematic diagram of the connection relationship between the AP and the AHR can be seen in FIG. 5.
  • the access point 504, the access point 505, and the access point 506 are connected to the access point home register AHR50L through a security gateway (SeGW, Security Gateway) 503 and an access gateway (AG, Access Gateway) 502.
  • SeGW Security Gateway
  • AG Access Gateway
  • the LCC module can also be deployed in a small base station management system (Li S, Home NodeB)
  • FIG. 6 is a schematic diagram of the connection relationship between the HMS and the AP. As shown in FIG. 6, the access point 603, the access point 604, and the access point 605 are connected to the small base station management system 601 through the security gateway 602. .
  • the LCC module can also be deployed in the AG.
  • Figure 7 shows an example of the connection relationship between the AG and the AP. As shown in the figure, the access point 703, the access point 704, and the access point 705 are connected to the access gateway 701 through the security gateway 702. Embodiment 5
  • FIG. 8 is a schematic structural diagram of the license control device.
  • the device includes: a parsing module 801, configured to load and parse a license file, to obtain a license item acquired by the license control device; a determining module 802, configured to determine a license content that needs to be licensed to implement the device implementation; and, send
  • the processing module 803 is configured to carry the license content in the license control message and send the content to the license implementation device.
  • the license control device may further include: a receiving module 804, configured to receive a license control request message sent by the license implementation device, where the license control request message is This includes: License information for license implementation device support.
  • the determining module 802 may be configured to: select, according to the license item acquired by the license control device obtained by the parsing module 801, the license item supported by the license implementation device received by the receiving module 804, and select the license content that needs to be licensed to implement the device implementation.
  • the AP sends the license information of the license to the LCC through the license control request message.
  • the license item supported by the AP is (C, D, E, F).
  • the LCC obtains the license item (A, B, C, D), and the determination module 802 can select the intersection (C, D) of the two as the license content required for the AP implementation.
  • C, D the license item supported by the AP
  • E, F the license item supported by the AP
  • the LCC obtains the license item (A, B, C, D)
  • the determination module 802 can select the intersection (C, D) of the two as the license content required for the AP implementation.
  • the determining module 802 For: Selecting part or all of the license items acquired by the license control device obtained from the parsing module 801 as the license content required to implement the device implementation.
  • the license implementation device is an AP and the license control device is an LCC
  • the LCC may select some or all of (A, B, C, D) and send it to the AP.
  • the sending processing module 803 may be specifically implemented by, for example, an algorithm processing unit 8031, configured to encrypt the licensed content by using an encryption algorithm and/or an integrity algorithm supported by the LCC and the license implementing device. Or integrity processing; the sending unit 8032, configured to carry the license content processed by the algorithm processing unit in the license control message to the license implementation device.
  • an algorithm processing unit 8031 configured to encrypt the licensed content by using an encryption algorithm and/or an integrity algorithm supported by the LCC and the license implementing device.
  • integrity processing the sending unit 8032, configured to carry the license content processed by the algorithm processing unit in the license control message to the license implementation device.
  • the admission control device is deployed in the access point home register, or deployed in the small base station management system device, or deployed in the access gateway of the access point system.
  • FIG. 9 is a schematic structural diagram of the license implementation device.
  • the device includes: a receiving module 901, configured to receive a permission control message sent by a license control center LCC, and an obtaining module 902, configured to obtain, from a license control message received by the receiving module, a license content that needs to be implemented;
  • the module 903 is configured to implement the license control according to the license content that needs to be implemented by the acquisition module.
  • the license implementation device may further include: a requesting module 904, configured to send, to the LCC, a license control request message, where the license control request message includes One or a combination of the following information: License item information supported by the license implementation device, encryption algorithm set information supported by the device implementation license, and integrity algorithm set information supported by the device implementation device.
  • the corresponding acquisition module The 902 may be specifically implemented by the following unit, including: a decryption unit 9021, configured to perform corresponding decryption processing on the content that needs to be implemented after the encryption process according to an encryption algorithm supported by the LCC and the license implementation device; and/or, complete
  • the verification unit 9022 is configured to perform corresponding integrity verification processing on the content that needs to be implemented after the integrity processing according to the integrity algorithm supported by the LCC and the license implementation device.
  • FIG. 10 is a schematic structural diagram of the license implementation device.
  • the device includes: a receiving module 1 001, configured to receive a permission control message sent by a license control center LCC; and an acquiring module 1 002, configured to receive from the receiving module
  • the license control message obtains the license content that needs to be implemented;
  • the implementation module 003 is configured to implement the license control according to the license content that needs to be implemented by the acquisition module.
  • the obtaining module 1 002 may be specifically implemented by the following unit: an obtaining unit 1 0021, configured to obtain a license item obtained by the LCC from the permission control message, and a determining unit 1 0022, configured to acquire according to the LCC acquired by the obtaining unit 1 002 1
  • the license item together with the license item information supported by the license implementation device, determines the license content that needs to be implemented.
  • the obtaining unit 1 0021 can be implemented by the above-described decryption unit and integrity verification unit, that is, after the decryption process and the integrity verification process, the LCC acquired license item can be obtained.
  • the license implementation device may further include a reporting unit, configured to report the result of the license implementation to the license control device.
  • a reporting unit configured to report the result of the license implementation to the license control device.
  • the embodiment of the present invention further provides a license implementation system including the license control device and the license implementation device in the foregoing embodiments.
  • the license implementation device may be: a base station or other device that can implement the license, and in the case of an indoor coverage scenario, it may be a miniaturized access device of various standards, such as an AP.
  • the license control device can be an AHR, HMS or AG device that integrates the LCC module. It can be understood that, in the technical solutions of the license control device, the license implementation device, and the license control system provided by the embodiments of the present invention, the content of the message is used for sending and receiving the license content, and the license content is really useful in the license file. Control information, that is, license item information.
  • the license implementation device (such as an AP) actively sends a request message to the LCC, and the request message carries the license item information, the encryption algorithm, and the integrity algorithm information supported by the AP
  • the negotiation of the license function is completed to ensure that the license content sent to the AP is implementable; and the algorithm negotiation can be completed in advance, so as to be processed by an algorithm supported by both parties.
  • the license implementation device actively sends a license request, which can implement corresponding processing according to the actual situation of the specific license implementation device, and the license control is more targeted, and the efficiency of the license control is improved.
  • the LCC actively delivers the license in the message format
  • the information exchange between the license implementation device (such as the AP) and the LCC can be reduced, signaling overhead is saved, the process is simplified, and the processing efficiency is improved.
  • the encryption and integrity processing of the licensed content guarantees the privacy and integrity of the licensed content (ie, truly useful control messages) during delivery.
  • the LCC module can be installed in a variety of network devices, so that the license control device can be implemented in a plurality of network devices, and the operator can be provided with multiple implementations to flexibly respond to specific network scenarios and requirements.
  • the present invention can be implemented by means of software plus a necessary general hardware platform, and of course, can also be through hardware, but in many cases, the former is a better implementation. the way.
  • the technical solution of the present invention which is essential or contributes to the prior art, may be embodied in the form of a software product stored in a storage medium, including a plurality of instructions for making a A computer device (which may be a personal computer, server, or network device, etc.) performs all or part of the steps of the methods described in various embodiments of the present invention.
  • the foregoing storage medium includes: a medium such as a USB flash drive, a removable hard disk, a read only memory (ROM), a random access memory (RAM), a magnetic disk, or an optical disk, which can store program codes.
  • the disclosed systems, devices, and methods may be implemented in other manners without departing from the scope of the present application.
  • the device embodiments described above are merely illustrative.
  • the division of the modules or units is only a logical function division.
  • there may be another division manner for example, multiple units or components may be used. Combined or can be integrated into another system, or some features can be ignored, Or not.
  • the units described as separate components may or may not be physically separated, and the components displayed as the units may or may not be physical units, that is, may be located in one place, or may be distributed to multiple network units. .
  • Some or all of the modules may be selected according to actual needs to achieve the purpose of the solution of the embodiment. Those of ordinary skill in the art can understand and implement without any creative effort.
  • the described systems, devices, and methods, and the schematic diagrams of various embodiments may be combined or integrated with other systems, modules, techniques or methods without departing from the scope of the present application.
  • the mutual coupling or direct coupling or communication connection shown or discussed may be an indirect coupling or communication connection through some interface, device or unit, and may be in electronic, mechanical or other form.

Landscapes

  • Mobile Radio Communication Systems (AREA)
  • Storage Device Security (AREA)

Abstract

La présente invention porte sur le domaine de la technologie des communications, et sur un procédé, un dispositif et un système de contrôle de licence. Le procédé comprend : un centre de contrôle de licence (CCL) charge et analyse un fichier de licence, et l'élément de licence acquis par le centre de contrôle de licence (CCL) est obtenu ; le centre de contrôle de licence (CCL) confirme le contenu de licence dont l'exécution est requise par un dispositif d'exécution de licence ; le centre de contrôle de licence (CCL) adresse le contenu de licence véhiculé par un message de contrôle de licence au dispositif d'exécution de licence. Au moyen de la solution technique apportée par la présente invention, on peut améliorer l'efficacité du contrôle de licence.
PCT/CN2010/079292 2009-12-10 2010-11-30 Procédé, dispositif et système de contrôle de licence WO2011069423A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN200910188858.4 2009-12-10
CN200910188858A CN101741833A (zh) 2009-12-10 2009-12-10 许可控制的方法、设备和系统

Publications (1)

Publication Number Publication Date
WO2011069423A1 true WO2011069423A1 (fr) 2011-06-16

Family

ID=42464723

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2010/079292 WO2011069423A1 (fr) 2009-12-10 2010-11-30 Procédé, dispositif et système de contrôle de licence

Country Status (2)

Country Link
CN (1) CN101741833A (fr)
WO (1) WO2011069423A1 (fr)

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101741833A (zh) * 2009-12-10 2010-06-16 华为技术有限公司 许可控制的方法、设备和系统
CN104243420A (zh) * 2013-06-18 2014-12-24 沈阳中科博微自动化技术有限公司 用于集成电路工厂自动化系统与设备通讯的数据加密方法
CN111970319A (zh) * 2020-06-22 2020-11-20 联想(北京)有限公司 一种软件许可License的分发控制方法及网络设备

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1874218A (zh) * 2006-01-05 2006-12-06 华为技术有限公司 一种许可证管理方法、系统及装置
CN101163104A (zh) * 2007-11-13 2008-04-16 华为技术有限公司 共享交换节点的许可实现方法、设备和系统
CN101188522A (zh) * 2007-12-06 2008-05-28 华为技术有限公司 许可证管理方法和系统
CN101741833A (zh) * 2009-12-10 2010-06-16 华为技术有限公司 许可控制的方法、设备和系统

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1874218A (zh) * 2006-01-05 2006-12-06 华为技术有限公司 一种许可证管理方法、系统及装置
CN101163104A (zh) * 2007-11-13 2008-04-16 华为技术有限公司 共享交换节点的许可实现方法、设备和系统
CN101188522A (zh) * 2007-12-06 2008-05-28 华为技术有限公司 许可证管理方法和系统
CN101741833A (zh) * 2009-12-10 2010-06-16 华为技术有限公司 许可控制的方法、设备和系统

Also Published As

Publication number Publication date
CN101741833A (zh) 2010-06-16

Similar Documents

Publication Publication Date Title
JP6242938B2 (ja) 無線式送電装置
EP2863612B1 (fr) Procédé, dispositif, et système de partage de contenu
US8295488B2 (en) Exchange of key material
KR101009686B1 (ko) 다수의 가상 운영자를 지원하는 공용 무선 lan을 위한 세션 키 관리
WO2018006626A1 (fr) Système, procédé et dispositif de gestion de sécurité de réseau
US20190342082A1 (en) Network key processing method and system and related device
CN107094127B (zh) 安全信息的处理方法及装置、获取方法及装置
CN101990211B (zh) 网络接入方法、装置和系统
CN105828326A (zh) 一种无线局域网的接入方法、无线访问节点
JP2006109449A (ja) 認証された無線局に暗号化キーを無線で提供するアクセスポイント
US10172003B2 (en) Communication security processing method, and apparatus
CN113784343A (zh) 保护通信的方法和装置
CN113556227A (zh) 网络连接管理方法、装置、计算机可读介质及电子设备
EP4030802A1 (fr) Procédé et appareil de gestion de données d'abonnement
US20230179400A1 (en) Key management method and communication apparatus
CN105392133A (zh) 用于无线功能设备自动接入无线接入点的方法和系统
US9154949B1 (en) Authenticated delivery of premium communication services to untrusted devices over an untrusted network
WO2011069423A1 (fr) Procédé, dispositif et système de contrôle de licence
WO2018076298A1 (fr) Procédé de négociation de capacité de sécurité et dispositif associé
CN114584969B (zh) 基于关联加密的信息处理方法及装置
KR101500118B1 (ko) 데이터 공유 방법 및 이를 이용한 데이터 공유 시스템
CN113543131A (zh) 网络连接管理方法、装置、计算机可读介质及电子设备
EP3219066B1 (fr) Système de sécurité matériel pour dispositif radio pour utilisation en spectre sans fil
CN103152348B (zh) 许可控制的方法、设备和系统
EP2251808A2 (fr) Système de communication sans fil

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 10835458

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 10835458

Country of ref document: EP

Kind code of ref document: A1