WO2016101784A1 - Procédé, dispositif et système d'acquisition d'informations d'utilisateur - Google Patents

Procédé, dispositif et système d'acquisition d'informations d'utilisateur Download PDF

Info

Publication number
WO2016101784A1
WO2016101784A1 PCT/CN2015/096566 CN2015096566W WO2016101784A1 WO 2016101784 A1 WO2016101784 A1 WO 2016101784A1 CN 2015096566 W CN2015096566 W CN 2015096566W WO 2016101784 A1 WO2016101784 A1 WO 2016101784A1
Authority
WO
WIPO (PCT)
Prior art keywords
user information
server
encrypted
information
service
Prior art date
Application number
PCT/CN2015/096566
Other languages
English (en)
Chinese (zh)
Inventor
于彬
杨敏昌
颜娜
徐斌
Original Assignee
华为技术有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 华为技术有限公司 filed Critical 华为技术有限公司
Publication of WO2016101784A1 publication Critical patent/WO2016101784A1/fr

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/40Network security protocols

Definitions

  • the present invention relates to the field of communications, and in particular, to a method, device, and system for acquiring user information.
  • the user's real mobile phone number and user information are stored in the telecommunication network device, and the information is the user's private information.
  • ICT information communication technology
  • telecommunication network operators need to cooperate with third-party service providers.
  • third-party service providers need to use the user's mobile phone number when performing business logic processing. For example, information association, marketing advertising, etc. This raises the question of how a telecommunications network operator can securely open a user's real mobile number to a third-party service provider without invading the user's privacy.
  • PCRF Policy Control and Charging Rule
  • the user's dynamic session information is stored in the device, for example, including the user's IP address, user ID, etc., and the user identifier may be the mobile station identification number MSISDN.
  • AF Application-function, application function server, which can be an operator-owned business server or an Internet third-party service provider.
  • the Rx interface is the message interface of AF to PCRF, and the AF server can obtain the IP address according to itself.
  • the PCRF is requested by the Rx interface to the PCRF, such as the access location of the user, and the PCRF indexes the access location of the user by using an IP address.
  • the main messages of the Rx interface are AAR messages and AAA messages.
  • the AAR messages are request messages initiated by the AF to the PCRF, and the AAA messages are response messages returned by the PCRF to the AF.
  • the two messages are paired.
  • the user identification information cannot be carried in the AAA message. Therefore, the AF server cannot obtain the user identifier and cannot perform certain services that require the user identifier.
  • the embodiment of the invention provides a method for acquiring user information, which can obtain AF security from the PCRF. User information is taken and the service is performed using the user information.
  • the embodiments of the present invention also provide corresponding devices and systems.
  • a first aspect of the present invention provides a method for acquiring information, where the method is applied to an information control device of a data fusion system, where the data fusion system further includes a policy and charging rule control function PCRF device, a user device, and an application function AF server. And the PCRF establishes and saves a correspondence between the protocol IP address and the user information of the interconnection between the networks of the user equipment when the user equipment is activated, where the method includes:
  • AAR message sent by the AF server, where the AAR message includes an indication of the user information to be acquired and an IP address of the user equipment;
  • the AAR message is forwarded to the PCRF, so that the PCRF searches for the user information corresponding to the indication according to the IP address of the user equipment;
  • the method further includes:
  • the method further includes:
  • the data fusion system further includes a short message server, where the AAA message is forwarded to the AF server, the AAA After the message carries the encrypted user information, the method further includes:
  • the data fusion system further includes a service issuing server, where the AAA message is forwarded to the AF server, the AAA After the message carries the encrypted user information, the method further includes:
  • the encrypted user information is decrypted to obtain user information of the plaintext
  • the data fusion system further includes a billing server, and the AAA message is forwarded to the AF server, the AAA After the message carries the encrypted user information, the method further includes:
  • the AF server sends the bill file to the AF server, where the bill file carries the encrypted bill user information, so that the AF server compares the encrypted bill user information with the encrypted user information.
  • the CDR file corresponding to the encrypted CDR user information is checked against the CDR file corresponding to the encrypted user information.
  • the data fusion system further includes a core network convergence device, where the AAA message is forwarded to the AF server, After the AAA message carries the encrypted user information, the method further includes:
  • the encrypted user information is decrypted to obtain user information of the plaintext
  • the core network convergence device Forwarding the query request to the core network convergence device, where the query request carries the user information of the plaintext, so that the core network convergence device queries the indication of the to-be-queried result according to the user information of the plaintext.
  • the query result corresponding to the information
  • a second aspect of the present invention provides a method for acquiring information, where the method is applied to an application function AF server of a data fusion system, where the data fusion system further includes a policy and charging rule control function PCRF device, user equipment, and information control device. And the PCRF establishes and saves a correspondence between the protocol IP address and the user information of the interconnection between the networks of the user equipment when the user equipment is activated, where the method includes:
  • An authentication authorization request AAR message sent to the information control device where the AAR message includes an indication of the user information to be acquired and an IP address of the user equipment, so that the information control device determines to allow the AF server
  • the AAR message is forwarded to the PCRF, and the IP address of the user equipment is used by the PCRF to search for user information corresponding to the indication according to the IP address of the user equipment;
  • the receiving the information control device Sending an AAA message where the AAA message carries the user information corresponding to the indication, including:
  • Performing the service according to the user information corresponding to the indication includes:
  • the data fusion system further includes a short message server, and the performing the service according to the encrypted user information includes:
  • the data fusion system further includes a service issuing server, where the performing the service according to the encrypted user information includes:
  • the data fusion system further includes a billing server, and the performing the service according to the encrypted user information includes:
  • the bill file corresponding to the encrypted bill user information is checked with the bill file corresponding to the encrypted user information.
  • the data fusion system further includes a core network convergence device, where the performing the service according to the encrypted user information includes:
  • a third aspect of the present invention provides an information control device, wherein the information control device is applied to data fusion
  • the data fusion system further includes a policy and charging rule control function PCRF device, a user equipment, and an application function AF server, where the PCRF establishes and saves between the network of the user equipment when the user equipment is activated.
  • the information control device includes:
  • a receiving unit configured to receive an authentication authorization request AAR message sent by the AF server, where the AAR message includes an indication of the user information to be acquired and an IP address of the user equipment;
  • a determining unit configured to determine whether the AF server is allowed to acquire the user information to be acquired
  • a sending unit configured to: when the determining unit determines that the AF server is allowed to acquire the to-be-obtained user information received by the receiving unit, forwarding the AAR message to the PCRF, so that the PCRF is configured according to the The IP address of the user equipment searches for user information corresponding to the indication;
  • the receiving unit is further configured to receive an authentication authorization response AAA message sent by the PCRF, where the AAA message carries user information corresponding to the indication;
  • the sending unit is further configured to forward the AAA message received by the receiving unit to the AF server, so that the AF server performs a service according to the user information corresponding to the indication.
  • the determining unit is further configured to: after receiving, by the receiving unit, an AAA message sent by the PCRF, where the AAA message carries the user information corresponding to the indication, according to the identity information of the AF server and the AF server Determining, by the at least one of the service types of the service to be executed, whether the user information corresponding to the indication needs to be encrypted;
  • the information control device further includes: an encryption unit and an adding unit,
  • the encryption unit is configured to: when the determining unit determines that the user information corresponding to the indication needs to be encrypted, encrypt the user information corresponding to the indication, to obtain encrypted user information;
  • the adding unit is configured to add encrypted user information obtained by encrypting the encryption unit to the AAA message;
  • the sending unit is further configured to forward the AAA message to the AF server, where the AAA message carries encrypted user information added by the adding unit, so that the AF server performs a service according to the encrypted user information. .
  • the data fusion system also includes a short message server.
  • the receiving unit is further configured to: after the sending unit forwards the AAA message to the AF server, receive a short message request sent by the AF server, where the short message request carries the encrypted user information;
  • the information control device further includes: a first decryption unit,
  • the first decryption unit decrypts the encrypted user information to obtain user information of the plaintext
  • the sending unit is further configured to forward the short message request to the short message server, where the short message request carries the user information of the plaintext decrypted by the first decryption unit, so that the short message server is configured according to the The user information of the plaintext sends a short message to the user equipment.
  • the data fusion system further includes a service delivery server,
  • the receiving unit is further configured to: after the sending unit forwards the AAA message to the AF server, receive a service issuance request sent by the AF server, where the service release request carries the encrypted user information and The type of business in which the business is issued;
  • the determining unit is further configured to determine whether the AF server is allowed to perform the to-be-issued service corresponding to the service type;
  • the information control device further includes: a second decryption unit,
  • the second decrypting unit is further configured to: when the determining unit determines that the AF server is allowed to perform the to-be-issued service corresponding to the service type, decrypt the encrypted user information to obtain user information of the plaintext;
  • the sending unit is further configured to forward the service issuing request to the service issuing server, where the service issuing request carries the user information of the plaintext decrypted by the second decrypting unit, so that the service is performed.
  • the issuing server issues the to-be-issued service corresponding to the service type to the user equipment according to the user information of the plaintext.
  • the data fusion system further includes a bill server.
  • the receiving unit is further configured to receive a bill file sent by the bill server, where the bill is User information carrying the bill user in the piece;
  • the encryption unit is further configured to encrypt user information of the bill user received by the receiving unit to obtain encrypted bill user information;
  • the information control device further includes: a replacement unit,
  • the replacing unit is configured to replace the user information of the bill user with the encrypted bill user information encrypted by the encryption unit;
  • the sending unit is further configured to send the bill file to the AF server, where the bill file carries the encrypted bill user information replaced by the replacing unit, so that the AF server is in the encryption After the CDR user information is matched with the encrypted user information, the CDR file corresponding to the encrypted CDR user information is checked against the CDR file corresponding to the encrypted user information.
  • the data fusion system further includes a core network convergence device
  • the receiving unit is further configured to receive a query request sent by the AF server, where the query request carries the encrypted user information and indication information of a to-be-queried result;
  • the determining unit is further configured to determine whether to allow a query operation of the AF server;
  • the information control device further includes: a third decryption unit,
  • the third decryption unit is further configured to: when the determining unit determines that the query operation of the AF server is permitted, decrypt the encrypted user information to obtain user information of the plaintext;
  • the sending unit is further configured to forward the query request to the core network convergence device, where the query request carries the user information of the plaintext, so that the core network convergence device is configured according to the third decryption unit.
  • the user information of the plaintext obtained by the decryption is used to query the query result corresponding to the indication information of the to-be-queried result;
  • the sending unit is further configured to return the query result to the AF server.
  • a fourth aspect of the present invention provides an application function AF server, where the AF server is applied to a data fusion system, where the data fusion system further includes a policy and charging rule control function PCRF device, a user equipment, and an information control device, and the PCRF Establishing and saving a correspondence between a protocol IP address and user information of a network between the user equipments when the user equipment is activated, the AF service
  • the device includes:
  • a sending unit configured to send an authentication authorization request AAR message to the information control device, where the AAR message includes an indication of the user information to be acquired and an IP address of the user equipment, so that the information control device determines
  • the AF server is allowed to obtain the user information to be acquired
  • the AAR message is forwarded to the PCRF, and the IP address of the user equipment is used by the PCRF to search for the indication according to the IP address of the user equipment.
  • a receiving unit configured to send, after the sending unit sends the AAR message, the information control device to send an AAA message, where the AAA message carries the user information corresponding to the indication;
  • a service execution unit configured to perform a service according to the user information corresponding to the indication received by the receiving unit.
  • the receiving unit is specifically configured to receive, by the information control device, an AAA message, where the AAA message carries encrypted user information;
  • the service execution unit is specifically configured to perform a service according to the encrypted user information.
  • the data fusion system further includes a short message server
  • the service execution unit is specifically configured to trigger a short message request sent by the sending unit to the information control device, where the short message request carries the encrypted user information.
  • the data fusion system further includes a service delivery server,
  • the service execution unit is specifically configured to trigger a service release request sent by the sending unit to the information control device, where the service release request carries the encrypted user information and a service type of the service to be issued.
  • the data fusion system further includes a billing server
  • the service execution unit is further configured to trigger the receiving unit to receive the CDR file sent by the information control device, where the CDR file carries the encrypted CDR user information, and the encrypted CDR user information and the encryption User information is matched; the encrypted bill user information and the encrypted user letter are After the information is matched, the CDR file corresponding to the encrypted CDR user information is checked against the CDR file corresponding to the encrypted user information.
  • the data fusion system further includes a core network convergence device
  • the service execution unit is further configured to trigger the sending unit to send a query request to the information control device, where the query request carries the encrypted user information and indication information of the to-be-queried result;
  • the service execution unit is further configured to trigger the receiving unit to receive a query result sent by the information control device.
  • a fifth aspect of the present invention provides a data fusion system, including: an information control device, a policy and charging rule control function PCRF device, a user equipment, and an application function AF server, where the PCRF is established and saved when the user equipment is activated.
  • a data fusion system including: an information control device, a policy and charging rule control function PCRF device, a user equipment, and an application function AF server, where the PCRF is established and saved when the user equipment is activated.
  • the information control device is used to:
  • AAR message sent by the AF server, where the AAR message includes an indication of the user information to be acquired and an IP address of the user equipment;
  • the AAR message is forwarded to the PCRF, so that the PCRF searches for the user information corresponding to the indication according to the IP address of the user equipment;
  • the AF server is used to:
  • the method for acquiring information provided by the embodiment of the invention is applied to the information control device of the data fusion system
  • the data fusion system further includes a policy and charging rule control function PCRF device, a user equipment, and an application function AF server, where the PCRF establishes and saves the network of the user equipment when the user equipment is activated.
  • the method includes: receiving an authentication authorization request AAR message sent by the AF server, where the AAR message includes an indication of the user information to be acquired and an IP of the user equipment Addressing, when it is determined that the AF server is allowed to obtain the user information to be acquired, forwarding the AAR message to the PCRF, so that the PCRF searches for the user information corresponding to the indication according to the IP address of the user equipment.
  • Receiving an authentication authorization response AAA message sent by the PCRF where the AAA message carries the user information corresponding to the indication; forwarding the AAA message to the AF server, so that the AF server according to the indication Corresponding user information performs business.
  • the AF server cannot obtain the user identifier and cannot perform the service that needs to use the user information
  • the method for obtaining the information provided by the embodiment of the present invention can enable the AF security to obtain the user information from the PCRF and use the The user information is executed to perform the business.
  • FIG. 1 is a schematic diagram of an embodiment of a method for acquiring information in an embodiment of the present invention
  • FIG. 2 is a schematic diagram of another embodiment of a method for acquiring information in an embodiment of the present invention.
  • FIG. 3 is a schematic diagram of another embodiment of a method for acquiring information in an embodiment of the present invention.
  • FIG. 4 is a schematic diagram of another embodiment of a method for acquiring information in an embodiment of the present invention.
  • FIG. 5 is a schematic diagram of another embodiment of a method for acquiring information in an embodiment of the present invention.
  • FIG. 6 is a schematic diagram of another embodiment of a method for acquiring information in an embodiment of the present invention.
  • FIG. 7 is a schematic diagram of another embodiment of a method for acquiring information in an embodiment of the present invention.
  • FIG. 8 is a schematic diagram of an embodiment of an information control device according to an embodiment of the present invention.
  • FIG. 9 is a schematic diagram of another embodiment of an information control device according to an embodiment of the present invention.
  • FIG. 10 is a schematic diagram of another embodiment of an information control device according to an embodiment of the present invention.
  • FIG. 11 is a schematic diagram of another embodiment of an information control device according to an embodiment of the present invention.
  • FIG. 12 is a schematic diagram of another embodiment of an information control device according to an embodiment of the present invention.
  • FIG. 13 is a schematic diagram of another embodiment of an information control device according to an embodiment of the present invention.
  • FIG. 14 is a schematic diagram of an embodiment of an AF server according to an embodiment of the present invention.
  • 15 is a schematic diagram of another embodiment of an information control device according to an embodiment of the present invention.
  • FIG. 16 is a schematic diagram of another embodiment of an AF server according to an embodiment of the present invention.
  • FIG. 17 is a schematic diagram of an embodiment of a data fusion system according to an embodiment of the present invention.
  • the embodiment of the invention provides a method for acquiring user information, which can enable AF security to acquire user information from the PCRF and perform service using the user information.
  • the embodiments of the present invention also provide corresponding devices and systems. The details are described below separately.
  • the data fusion system may include an information control device (which may be a device of a data open platform), a policy and charging rule control function PCRF device, a user equipment, and an application function AF server, and may also include a packet gateway (Packet). Gateway, PGW).
  • an information control device which may be a device of a data open platform
  • PCRF device policy and charging rule control function
  • PCRF device policy and charging rule control function
  • user equipment a user equipment
  • an application function AF server may also include a packet gateway (Packet). Gateway, PGW).
  • PGW packet gateway
  • an embodiment of a method for information acquisition provided by an embodiment of the present invention includes:
  • the UE initiates an activation request to the PGW.
  • the PGW sends a Credit-Control-Request (CCR) to the PCRF, where the CCR carries the IP address and user information of the UE.
  • CCR Credit-Control-Request
  • the user information may include a user identifier Sub-Id, such as a mobile phone number, and may also include an identifier of the UE, such as an International Mobile Equipment Identity (IMEI).
  • IMEI International Mobile Equipment Identity
  • the PCRF saves the correspondence between the user information and the IP address.
  • the correspondence may be: IP address 2--Sub-Id2-IMEI2.
  • the correspondence between the IP address of each UE and the user information can be maintained through a table.
  • the PCRF sends a Credit-Control-Answer (CCA) message to the PGW.
  • CCA Credit-Control-Answer
  • the PGW sends a response that the activation succeeds to the UE.
  • the AF server can be accessed.
  • the AF server sends an authorization-authentication-request (AAR) message to the information control device, where the AAR message carries an indication of the IP address of the UE and the user information.
  • AAR authorization-authentication-request
  • the AVP Required-User-Info is extended in the AAR message to indicate whether the AF needs to obtain the user information.
  • the value of the AVP is an enumeration value, and the value range includes "Sub-Id” and "IMEI". .
  • This AVP can appear only once, or it can be repeated multiple times, indicating that multiple user information can be obtained.
  • the indication of "Sub-Id” may be represented by 1, and the indication of "IMEI" may be indicated by 2. Of course, it can also be indicated by other instructions.
  • the AF carries two Required-User-Info AVPs in the AAR message, and is assigned the values of "Sub-Id” and "IMEI” respectively, indicating that the user's identification information and IMEI information need to be acquired.
  • the information control device first determines whether the AF server is allowed to request at least one of “Sub-Id” and “IMEI”, and the judgment is based on a preset policy of the operator on the information control device, and the input of the determination is At least one of the identity information of the AF server and the service type of the service to be executed by the AF server may be identified, and the information identifying the AF identity may be a source IP address, a host name, and the like of the message, and the service type information may be a media type, such as Audio, video, etc., or the operating entity identifier of the AF server, such as "Ali", “Tencent” or "Ali Hand Amoy", “Tencent WeChat”, etc., whether the output allows the AF server to request "Sub-Id” and " At least one of IMEI”.
  • the information control device forwards the AAR message to the PCRF.
  • the data open platform If it is determined that the AF server does not allow all or part of the information to be obtained, the data open platform returns an incorrect AAA message to the AF server, and the carried error code is “unauthorized”.
  • the PCRF searches for the user information corresponding to the indication according to the IP address of the user equipment.
  • IP address is IP address 2
  • corresponding user information is found as Sub-Id2 and IMEI2.
  • the PCRF After receiving the AAR, the PCRF indexes the Sub-Id or IMEI according to the IP address, and according to the AAR.
  • the Required-User-Info indicates that the information requested by the AF server is carried in the AVP Subscription-id and/or AVP User-Equipment-Info in the AAA message.
  • AVP Subscription-id and AVP User-Equipment-Info are two AVPs that are extended based on the prior art, and respectively populate the Sub-Id and the user's IMEI information.
  • the PCRF sends an Authentication-Authentication-Answer (AAA) message to the information control device, where the AAA message carries the user information corresponding to the indication.
  • AAA Authentication-Authentication-Answer
  • the information control device After receiving the AAA message, the information control device first determines whether the user information needs to be encrypted.
  • the judgment is based on the preset policy of the operator on the data open platform.
  • the input of the judgment is information indicating the identity of the AF server and/or the service type information.
  • the information identifying the identity of the AF server may be the source IP address of the message and the host.
  • the service type information may be a media type, such as audio, video, etc., or an operator identifier of the AF server, such as "Ali", "Tencent", etc., and the output is whether the user information requested by the AF server needs to be encrypted.
  • the information control device directly forwards the AAA message to the AF server. If it is determined that the AF server allows to obtain at least one of the plaintext sub-id and the IMEI, the information control device directly encrypts or maps at least one of the sub-id and the IMEI in the AAA message, and then encrypts the field. Add to the AAA message and forward it to the AF server.
  • the information control device forwards the AAA to the AF server.
  • the AF server is an operator-owned AF server, at least one of the plaintext sub-id and the IMEI is allowed to be obtained, and the encryption is not required to be directly forwarded.
  • the AF server is a third-party AF server
  • at least one of the plaintext sub-id and the IMEI is not allowed to be obtained, and encryption is required, and the encrypted user information is added to the AAA message and forwarded to the AF server.
  • the AF server parses at least one of the sub-id and the IMEI from the AAA message, for example, the sub-id can be used for subsequent processing, such as charging bills, processing for association and association, or user information based on IMEI information. Conduct terminal-based marketing, statistics, and more.
  • the AF server cannot obtain the user identifier and cannot perform the service that needs to use the user information
  • the method for obtaining the information provided by the embodiment of the present invention can enable the AF security to obtain the user information from the PCRF and use the The user information is executed to perform the business.
  • the data fusion system further includes a short message server;
  • the steps S200 to S260 are the same as the steps S100 to S160 in FIG. 1 , and the steps S100 to S160 in FIG. 1 are used for understanding.
  • the AF server sends a short message request to the information control device, where the short message request carries the encrypted user information.
  • the encrypted user information can be an encrypted sub-id.
  • the information control device decrypts the encrypted user information, and obtains user information corresponding to the indication.
  • Decryption is performed according to the reverse process of encryption. Before encryption, it is sub-id. After encryption, the encrypted sub-id is obtained. After decryption, the sub-id of the plaintext is obtained.
  • the short message server sends a short message to the user equipment of the user indicated by the sub-id of the plaintext according to the sub-id of the plaintext.
  • the user information is securely opened to other operators for providing SMS promotion services to other operators.
  • the data fusion system further includes a service delivery server;
  • the steps S300 to S360 are the same as the steps S100 to S160 in FIG. 1 , and the steps S100 to S160 in FIG. 1 are used for understanding.
  • the AF server sends a service release request to the information control device, where the service release request carries the encrypted user information and the service type of the service to be issued.
  • the AF server may trigger the service issuance request to the information control device, where the encrypted sub-Id is carried and carries the relevant business type.
  • the information control device After receiving the service issuance request, the information control device first determines whether the service operation is allowed (the judgment process is omitted). If allowed, the data open platform takes out the encrypted sub-id, and according to the locally saved information or the decryption algorithm, the sub-id Restore to plaintext sub-id.
  • S380 Forward the service release request to the service release server, where the service release request carries the user information of the plaintext.
  • the service issuance server issues the to-be-issued service corresponding to the service type to the user equipment according to the user information of the plaintext.
  • the user information is securely opened to other operators for providing service marketing for other operators.
  • the data fusion system further includes a bill server;
  • the steps S400 to S460 are the same as the steps S100 to S160 in FIG. 1 , and the steps S100 to S160 in FIG. 1 are used for understanding.
  • the CDR server sends a CDR file to the information control device, where the CDR file carries the user information of the CDR user.
  • the information control device encrypts the user information of the bill user to obtain encrypted bill user information, and replaces the user information of the bill user with the encrypted bill user information.
  • the information control device performs the encryption operation through the sub-id in the dialog file to replace the sub-id in the original bill.
  • the information control device sends a bill file to the AF server, where the bill file carries the encrypted bill user information.
  • the AF server checks, after the encrypted bill user information matches the encrypted user information, the bill file corresponding to the encrypted bill user information and the bill file corresponding to the encrypted user information.
  • This step is performed on a regular basis and can be done automatically by the program or manually.
  • the user information is securely opened to other operators for providing bill reconciliation services for other operators.
  • the data fusion system further includes a core network convergence device.
  • the steps S50 to S560 are the same as the steps S100 to S160 in FIG. 1 , and the steps S100 to S160 in FIG. 1 are used for understanding.
  • the AF server sends a query request to the information control device, where the query request carries the encrypted user information and the indication information of the to-be-queried result.
  • the information control device determines whether the query operation of the AF server is allowed.
  • the information control device when determining that the query operation of the AF server is permitted, decrypts the encrypted user information to obtain user information of the plaintext.
  • S580 The information control device forwards the query request to the core network convergence device, where the query request carries the user information of the plaintext.
  • the core network convergence device queries the query result corresponding to the indication information of the to-be-queried result according to the user information of the plaintext.
  • the core network convergence device sends the query result to the information control device.
  • the information control device returns the query result to the AF server.
  • the security of the user information is open to other operators, and is used to provide other operators with more information about the user, for example, the subscription information of the core network convergence device needs to be queried.
  • the core network convergence device can be an HSS/HLR device.
  • the method for acquiring information provided by the embodiment of the present invention is applied to an information control device of a data fusion system, where the data fusion system further includes a PCRF device, a user device, and an application function AF server.
  • the PCRF is established and guaranteed when the user equipment is activated.
  • the AAR message is forwarded to the PCRF, so that the PCRF searches for the user information corresponding to the indication according to the IP address of the user equipment. ;
  • the method for acquiring information provided by the embodiment of the present invention is applied to an information control device of a data fusion system, where the data fusion system further includes a policy and charging rule control function PCRF device, a user equipment, and an application function AF server, where the PCRF is When the user equipment is activated, the corresponding relationship between the protocol IP address and the user information of the network between the user equipments is established and saved, and the method includes: receiving an authentication authorization request AAR message sent by the AF server, The AAR message includes an indication of the user information to be acquired and an IP address of the user equipment; when it is determined that the AF server is allowed to acquire the user information to be acquired, the AAR message is forwarded to the PCRF, so that The PCRF searches for the user information corresponding to the indication according to the IP address of the user equipment, and receives an authentication authorization response AAA message sent by the PCRF, where the AAA message carries the user information corresponding to the indication; The AAA message is forwarded to the AF server, so that the AF server performs the service according
  • the AF server cannot obtain the user identifier and cannot perform the service that needs to use the user information
  • the method for obtaining the information provided by the embodiment of the present invention can enable the AF security to obtain the user information from the PCRF and use the The user information is executed to perform the business.
  • the receiving the AAA message sent by the PCRF, the AAA on the basis of the foregoing embodiment corresponding to FIG.
  • the method may further include:
  • the identity information of the AF server and the service type of the service to be executed by the AF server At least one of determining whether the user information corresponding to the indication needs to be encrypted;
  • the method may further include:
  • the data fusion system further includes a short message.
  • the server after the AAA message is forwarded to the AF server, after the AAA message carries the encrypted user information, the method may further include:
  • the short message server Forwarding the short message request to the short message server, where the short message request carries the user information of the specified text, so that the short message server sends a short message to the user equipment according to the user information of the plaintext.
  • the data fusion system further includes service delivery.
  • the server after the AAA message is forwarded to the AF server, after the AAA message carries the encrypted user information, the method may further include:
  • the encrypted user information is decrypted to obtain user information of the plaintext
  • the user equipment issues a to-be-issued service corresponding to the service type.
  • the data fusion system further includes a bill.
  • the server after the AAA message is forwarded to the AF server, after the AAA message carries the encrypted user information, the method may further include:
  • the data fusion system further includes a core network.
  • the fused device, the AAA message is forwarded to the AF server, and after the AAA message carries the encrypted user information, the method may further include:
  • the encrypted user information is decrypted to obtain user information of the plaintext
  • the core network convergence device Forwarding the query request to the core network convergence device, where the query request carries the user information of the plaintext, so that the core network convergence device queries the indication of the to-be-queried result according to the user information of the plaintext.
  • the query result corresponding to the information
  • a method for acquiring information is applied to an application function AF server of a data fusion system, where the data fusion system further includes a policy and charging rule control function PCRF device, a user equipment, and an information control device.
  • the PCRF establishes and saves a correspondence between a protocol IP address and a user information of the interconnection between the networks of the user equipments when the user equipment is activated, and the method includes:
  • An authentication authorization request AAR message sent to the information control device where the AAR message includes an indication of the user information to be acquired and an IP address of the user equipment, so that the information control device determines to allow the
  • the AAR message is forwarded to the PCRF, and the IP address of the user equipment is used by the PCRF to search for the user information corresponding to the indication according to the IP address of the user equipment.
  • the receiving the information control device sends an AAA message, where the AAA message carries the user information corresponding to the indication.
  • the method for acquiring information provided by the embodiment of the present invention is applied to an application function AF server of a data fusion system, where the data fusion system further includes a policy and charging rule control function PCRF device, a user equipment, and an information control device, where the PCRF is When the user equipment is activated, the correspondence between the protocol IP address and the user information of the interconnection between the networks of the user equipment is established and saved, and the method includes: an authentication authorization request AAR message sent to the information control device
  • the AAR message includes an indication of the user information to be acquired and an IP address of the user equipment, so that the information control device sends the AAR message when it is determined that the AF server is allowed to acquire the user information to be acquired.
  • the IP address of the user equipment is used by the PCRF to search for user information corresponding to the indication according to the IP address of the user equipment; and receiving the information control device to send an AAA message, where the AAA message is sent.
  • the AF server cannot obtain the user identifier and cannot perform the service that needs to use the user information, and the method for obtaining the information provided by the embodiment of the present invention can enable the AF security to obtain the user information from the PCRF and use the The user information is executed to perform the business.
  • the receiving the information control device sends an AAA message
  • the user information corresponding to the indication in the AAA message may include:
  • the performing the service according to the user information corresponding to the indication may include:
  • the data fusion system further includes a short message server, where the The encrypting the user information to perform the service may include:
  • the data fusion system further includes a service issuing server, where the The encrypting the user information to perform the service may include:
  • the data fusion system further includes a billing server, where the basis is The encrypting the user information to perform the service may include:
  • the bill file corresponding to the encrypted bill user information is checked with the bill file corresponding to the encrypted user information.
  • the data fusion system further includes a core network convergence device, where Performing the service according to the encrypted user information may include:
  • FIG. 7 The embodiment of the present invention corresponding to FIG. 7 and its optional embodiments can be understood by referring to the description of FIG. 1 to FIG. 5, and no further description is made herein.
  • an information control device 80 is applied to a data fusion system, where the data fusion system further includes a policy and charging rule control function PCRF device, a user equipment, and an application function AF server, where the PCRF is When the user equipment is activated, the correspondence between the protocol IP address and the user information of the interconnection between the networks of the user equipment is established and saved, and the information control device includes:
  • the receiving unit 801 is configured to receive an authentication authorization request AAR message sent by the AF server, where the AAR message includes an indication of the user information to be acquired and an IP address of the user equipment.
  • a determining unit 802 configured to determine whether the AF server is allowed to acquire the to-be-obtained user information received by the receiving unit 801;
  • the sending unit 803 is configured to: when the determining unit 802 determines that the AF server is allowed to acquire the user information to be acquired, forwarding the AAR message to the PCRF, so that the PCRF is based on the IP of the user equipment. Addressing the user information corresponding to the indication;
  • the receiving unit 801 is further configured to receive an authentication authorization response AAA message sent by the PCRF, where the AAA message carries user information corresponding to the indication;
  • the sending unit 803 is further configured to forward the AAA message received by the receiving unit 801 to the AF server, so that the AF server performs a service according to the user information corresponding to the indication.
  • the determining unit 802 is further configured to: after receiving, by the receiving unit 801, the AAA message sent by the PCRF, where the AAA message carries the user information corresponding to the indication, according to the identity information of the AF server and the Determining, by the at least one of the service types of the service to be executed by the AF server, whether the user information corresponding to the indication needs to be encrypted;
  • the information control device 80 further includes an encryption unit 804 and an adding unit 805.
  • the encryption unit 804 is configured to: when the determining unit 802 determines that the user information corresponding to the indication needs to be encrypted, encrypt the user information corresponding to the indication, to obtain encrypted user information;
  • the adding unit 805 is configured to add the encrypted user information obtained by encrypting the encryption unit 804. Add to the AAA message;
  • the sending unit 803 is further configured to forward the AAA message to the AF server, where the AAA message carries the encrypted user information added by the adding unit 805, so that the AF server is configured according to the encrypted user information. Perform business.
  • the data fusion system further Including short message server
  • the receiving unit 801 is further configured to: after the sending unit 803 forwards the AAA message to the AF server, receive a short message request sent by the AF server, where the short message request carries the encrypted user information;
  • the information control device 80 further includes: a first decryption unit 806,
  • the first decryption unit 806 decrypts the encrypted user information received by the receiving unit 801 to obtain user information of the plaintext
  • the sending unit 803 is further configured to forward the short message request to the short message server, where the short message request carries the user information of the plaintext, so that the short message server is configured according to the first decryption unit 807.
  • the decrypted plaintext user information sends a short message to the user equipment.
  • the data fusion system is further provided on the basis of the first optional embodiment corresponding to FIG. Including the service delivery server,
  • the receiving unit 801 is further configured to: after the sending unit 803 forwards the AAA message to the AF server, receive a service release request sent by the AF server, where the service release request carries the encrypted user information And the type of business to be issued;
  • the determining unit 802 is further configured to determine whether the AF server is allowed to perform the to-be-issued service corresponding to the service type;
  • the information control device further includes: a second decryption unit 807,
  • the second decryption unit 807 is further configured to: when the determining unit 802 determines that the AF server is allowed to perform the to-be-issued service corresponding to the service type, decrypt the encrypted user information to obtain the plaintext user information. ;
  • the sending unit 803 is further configured to forward the service issuing request to the service issuing server, where the service issuing request carries the user information of the plaintext decrypted by the second decrypting unit 807, so that the user
  • the service issuing server issues the to-be-issued service corresponding to the service type to the user equipment according to the user information of the plaintext.
  • the data fusion system further Including the bill server
  • the receiving unit 801 is further configured to receive a bill file sent by the billing server, where the bill file carries user information of the bill user;
  • the encryption unit 804 is further configured to encrypt user information of the CDR user received by the receiving unit to obtain encrypted CDR user information.
  • the information control device 80 further includes: a replacement unit 808,
  • the replacing unit 808 is configured to replace the user information of the bill user with the encrypted bill user information encrypted by the encrypting unit 804;
  • the sending unit 803 is further configured to send the bill file to the AF server, where the bill file carries the encrypted bill user information of the replacement unit 808, so that the AF server is in the office. After the encrypted CDR user information is matched with the encrypted user information, the CDR file corresponding to the encrypted CDR user information is checked against the CDR file corresponding to the encrypted user information.
  • the data fusion system further Including core network convergence equipment
  • the receiving unit 801 is further configured to receive the query request sent by the AF server, where the query request carries the encrypted user information and the indication information of the to-be-queried result;
  • the determining unit 802 is further configured to determine whether to allow a query operation of the AF server;
  • the information control device 80 further includes: a third decryption unit 809,
  • the third decryption unit 809 is further configured to: when the determining unit 802 determines that the query operation of the AF server is permitted, decrypt the encrypted user information to obtain user information of the plaintext;
  • the sending unit 803 is further configured to forward the query request to the core network convergence device,
  • the query request carries the user information of the plaintext decrypted by the third decryption unit 809, so that the core network convergence device queries the indication information of the to-be-queried result according to the user information of the plaintext. search result;
  • the receiving unit 801 receives the query result sent by the core network convergence device
  • the sending unit 803 is further configured to return the query result to the AF server.
  • an application function AF server 90 provided by an embodiment of the present invention is applied to a data fusion system, where the data fusion system further includes a policy and charging rule control function PCRF device, a user equipment, and an information control device, where the PCRF is When the user equipment is activated, the correspondence between the protocol IP address and the user information of the interconnection between the networks of the user equipment is established and saved, and the AF server 90 includes:
  • the sending unit 901 is configured to send an authentication authorization request AAR message to the information control device, where the AAR message includes an indication of the user information to be acquired and an IP address of the user equipment, so that the information control device is Determining that the AAR message is allowed to be forwarded to the PCRF, and the IP address of the user equipment is used by the PCRF to search for the indication according to the IP address of the user equipment.
  • the AAR message includes an indication of the user information to be acquired and an IP address of the user equipment, so that the information control device is Determining that the AAR message is allowed to be forwarded to the PCRF, and the IP address of the user equipment is used by the PCRF to search for the indication according to the IP address of the user equipment.
  • the information control device is Determining that the AAR message is allowed to be forwarded to the PCRF, and the IP address of the user equipment is used by the PCRF to search for the indication according to the IP address of the user equipment.
  • the IP address of the user equipment is used by the PCRF to search for
  • the receiving unit 902 is configured to: after the sending unit 901 sends the AAR message, receive the information control device to send an AAA message, where the AAA message carries the user information corresponding to the indication;
  • the service execution unit 903 is configured to perform a service according to the user information corresponding to the indication received by the receiving unit 902.
  • the application function AF server 90 provided by the embodiment of the present invention is applied to a data fusion system, where the data fusion system further includes a policy and charging rule control function PCRF device, a user equipment, and an information control device, where the PCRF is in the user equipment.
  • the data fusion system further includes a policy and charging rule control function PCRF device, a user equipment, and an information control device, where the PCRF is in the user equipment.
  • the AF server 90 includes: an authentication authorization request AAR sent by the sending unit 901 to the information control device.
  • the AAR message includes an indication of the user information to be acquired and an IP address of the user equipment, so that the information control device, when determining that the AF server is allowed to acquire the user information to be acquired, the AAR Message forwarding
  • the IP address of the user equipment is used by the PCRF to search for the user information corresponding to the indication according to the IP address of the user equipment; after the sending unit 901 sends the AAR message, the receiving unit 902
  • the receiving the information control device sends an AAA message, where the AAA message carries the user information corresponding to the indication; the service execution unit 903 performs the service according to the user information corresponding to the indication received by the receiving unit 902.
  • the AF server provided by the embodiment of the present invention can securely obtain user information from the PCRF and perform the use of the user information, as compared with the prior art, in which the AF server cannot obtain the user identifier and cannot perform the service that needs to use the user information. business.
  • the receiving unit 902 is specifically configured to receive, by the information control device, an AAA message, where the AAA message carries encrypted user information;
  • the service execution unit 903 is specifically configured to perform a service according to the encrypted user information.
  • the data fusion system further includes a short message server, in the second optional embodiment of the AF server.
  • the service execution unit 903 is specifically configured to trigger a short message request sent by the sending unit to the information control device, where the short message request carries the encrypted user information.
  • the data fusion system further includes a service delivery server
  • the service execution unit 903 is specifically configured to trigger a service release request sent by the sending unit to the information control device, where the service release request carries the encrypted user information and a service type of the service to be issued.
  • the data fusion system further includes a billing server, on the basis of the foregoing optional embodiment of the AF server.
  • the service execution unit 903 is further configured to trigger the receiving unit 902 to receive the CDR file sent by the information control device, where the CDR file carries the encrypted CDR user information, and the encrypted CDR is The user information is matched with the encrypted user information; after the encrypted bill user information is matched with the encrypted user information, the bill corresponding to the encrypted bill user information and the encrypted user information is CDR The file is checked.
  • the data fusion system further includes a core network convergence device.
  • the service execution unit 903 is further configured to trigger the sending unit 901 to send a query request to the information control device, where the query request carries the encrypted user information and the indication information of the to-be-queried result;
  • the service execution unit 903 is further configured to trigger the receiving unit 902 to receive the query result sent by the information control device.
  • FIG. 15 is a schematic structural diagram of an information control device 80 in the embodiment of the present invention.
  • the information control device 80 is applied to an information control device of a data fusion system, and the data fusion system further includes a policy and charging rule control function PCRF device, a user device, and an application function AF server, where the PCRF is activated by the user device.
  • the correspondence between the protocol IP address and the user information of the interconnection between the networks of the user equipment is established and saved, and the information control device 80 may include an input device 810, an output device 820, a processor 830, and a memory 840.
  • Memory 840 can include read only memory and random access memory and provides instructions and data to processor 830. A portion of memory 840 may also include non-volatile random access memory (NVRAM).
  • NVRAM non-volatile random access memory
  • Memory 840 stores the following elements, executable modules or data structures, or subsets thereof, or their extended sets:
  • Operation instructions include various operation instructions for implementing various operations.
  • Operating system Includes a variety of system programs for implementing various basic services and handling hardware-based tasks.
  • the processor 830 performs the following operations by calling an operation instruction stored in the memory 840, which can be stored in the operating system:
  • an authentication authorization request AAR message sent by the AF server where the AAR message includes an indication of the user information to be acquired and an IP address of the user equipment;
  • the AAR message is forwarded to the PCRF, so that the PCRF searches for the user information corresponding to the indication according to the IP address of the user equipment;
  • the AAA message is forwarded to the AF server by the output device 820, so that the AF server performs a service according to the user information corresponding to the indication.
  • the information control device provided by the embodiment of the present invention can enable the AF security to obtain user information from the PCRF, and use the information, as compared with the information that the AF server cannot obtain the user identifier and cannot perform the service that needs to use the user information.
  • User information performs business.
  • the processor 830 is controlled to operate the information control device 80, which may also be referred to as a CPU (Central Processing Unit).
  • Memory 840 can include read only memory and random access memory and provides instructions and data to processor 830. A portion of memory 840 may also include non-volatile random access memory (NVRAM).
  • NVRAM non-volatile random access memory
  • the various components of the information control device 80 are coupled together by a bus system 850.
  • the bus system 850 may include a power bus, a control bus, a status signal bus, and the like in addition to the data bus. However, for clarity of description, various buses are labeled as bus system 850 in the figure.
  • Processor 830 may be an integrated circuit chip with signal processing capabilities. In the implementation process, each step of the above method may be completed by an integrated logic circuit of hardware in the processor 830 or an instruction in the form of software.
  • the processor 830 described above may be a general purpose processor, a digital signal processor (DSP), an application specific integrated circuit (ASIC), an off-the-shelf programmable gate array (FPGA) or other programmable logic device, a discrete gate or transistor logic device, or discrete hardware. Component.
  • DSP digital signal processor
  • ASIC application specific integrated circuit
  • FPGA off-the-shelf programmable gate array
  • the methods, steps, and logical block diagrams disclosed in the embodiments of the present invention may be implemented or carried out.
  • General purpose processor can be micro The processor or the processor can also be any conventional processor or the like.
  • the steps of the method disclosed in the embodiments of the present invention may be directly implemented by the hardware decoding processor, or may be performed by a combination of hardware and software modules in the decoding processor.
  • the software module can be located in a conventional storage medium such as random access memory, flash memory, read only memory, programmable read only memory or electrically erasable programmable memory, registers, and the like.
  • the storage medium is located in memory 840, and processor 830 reads the information in memory 840 and, in conjunction with its hardware, performs the steps of the above method.
  • the processor 830 is further configured to determine, according to at least one of identity information of the AF server and a service type of the service to be executed by the AF server, whether the user information corresponding to the indication needs to be encrypted; Determining, when the user information corresponding to the indication needs to be encrypted, encrypting the user information corresponding to the indication, obtaining encrypted user information, and adding the encrypted user information to the AAA message;
  • the output device 820 is specifically configured to forward the AAA message to the AF server, where the AAA message carries the encrypted user information, so that the AF server performs a service according to the encrypted user information.
  • the data fusion system further includes a short message server.
  • the input device 810 is further configured to receive a short message request sent by the AF server, where the short message request carries the encrypted user information;
  • the processor 830 is further configured to decrypt the encrypted user information to obtain user information of the plaintext
  • the output device 820 is further configured to forward the short message request to the short message server, where the short message request carries the user information of the specified text, so that the short message server according to the user information of the plaintext The user equipment sends a short message.
  • the data fusion system further includes a service delivery server,
  • the input device 810 is further configured to receive a service release request sent by the AF server, where the service release request carries the encrypted user information and a service type of a service to be issued;
  • the processor 830 is further configured to, when determining that the AF server is allowed to perform the to-be-issued service corresponding to the service type, decrypt the encrypted user information to obtain user information of the plaintext;
  • the output device 820 is further configured to forward the service release request to the service delivery service.
  • the service issuance request carries the user information of the plaintext, so that the service issuance server issues the to-be-issued service corresponding to the service type to the user equipment according to the user information of the plaintext.
  • the data fusion system further includes a bill server.
  • the input device 810 is further configured to receive a bill file sent by the bill server, where the bill file carries user information of the bill user;
  • the processor 830 is further configured to encrypt the user information of the bill user, obtain the encrypted bill user information, and replace the user information of the bill user with the encrypted bill user information;
  • the output device 820 is further configured to send the bill file to the AF server, where the bill file carries the encrypted bill user information, so that the AF server is in the encrypted bill user information and After the encrypted user information is matched, the CDR file corresponding to the encrypted CDR user information is checked with the CDR file corresponding to the encrypted user information.
  • the data fusion system further includes a core network convergence device.
  • the input device 810 is further configured to receive a query request sent by the AF server, where the query request carries the encrypted user information and indication information of a result to be queried;
  • the processor 830 is further configured to, when determining that the query operation of the AF server is permitted, decrypt the encrypted user information to obtain user information of the plaintext;
  • the output device 820 is further configured to forward the query request to the core network convergence device, where the query request carries the user information of the plaintext, so that the core network convergence device is based on the user information of the plaintext. Querying a query result corresponding to the indication information of the to-be-queried result;
  • the input device 810 is further configured to receive the query result sent by the core network convergence device, and return the query result to the AF server.
  • FIG. 15 of the present invention can be understood by referring to the description of FIG. 1 to FIG. 6 and FIG. 8 to FIG. 13 , and no further description is made herein.
  • FIG. 16 is a schematic structural diagram of an AF server 90 according to an embodiment of the present invention.
  • the RNC is applied to an application function AF server of a data fusion system, and the data fusion system further includes a policy and charging rule control function PCRF device, a user equipment, and an information control device, where the PCRF is activated when the user equipment is activated,
  • the correspondence between the protocol IP address and the user information of the interconnection between the networks of the user equipment is established and saved, and the AF server 90 may include an input device 910, an output device 920, a processor 930, and a memory 940.
  • Memory 940 can include read only memory and random access memory and provides instructions and data to processor 930. A portion of the memory 940 may also include non-volatile random access memory (NVRAM).
  • NVRAM non-volatile random access memory
  • Memory 940 stores the following elements, executable modules or data structures, or subsets thereof, or their extended sets:
  • Operation instructions include various operation instructions for implementing various operations.
  • Operating system Includes a variety of system programs for implementing various basic services and handling hardware-based tasks.
  • the processor 930 performs the following operations by calling an operation instruction stored in the memory 940, which can be stored in the operating system:
  • the AAR message is forwarded to the PCRF, and the IP address of the user equipment is used by the PCRF to search for the indication according to the IP address of the user equipment.
  • the information control device receives an AAA message, where the AAA message carries the user information corresponding to the indication;
  • the AF server provided by the embodiment of the present invention can securely obtain user information from the PCRF and perform the use of the user information, as compared with the prior art, in which the AF server cannot obtain the user identifier and cannot perform the service that needs to use the user information. business.
  • the processor 930 controls the operation of the AF server 90, which may also be referred to as a CPU (Central Processing Unit).
  • Memory 940 can include read only memory and random access memory and provides instructions and data to processor 930. A portion of the memory 940 may also include non-volatile random access memory (NVRAM).
  • NVRAM non-volatile random access memory
  • the various components of the AF server 90 are coupled together by a bus system 950, wherein the bus system 950 can include, in addition to the data bus. Including the power bus, control bus and status signal bus. However, for clarity of description, various buses are labeled as bus system 950 in the figure.
  • Processor 930 may be an integrated circuit chip with signal processing capabilities. In the implementation process, each step of the foregoing method may be completed by an integrated logic circuit of hardware in the processor 930 or an instruction in a form of software.
  • the processor 930 described above may be a general purpose processor, a digital signal processor (DSP), an application specific integrated circuit (ASIC), an off-the-shelf programmable gate array (FPGA) or other programmable logic device, a discrete gate or transistor logic device, or discrete hardware. Component.
  • DSP digital signal processor
  • ASIC application specific integrated circuit
  • FPGA off-the-shelf programmable gate array
  • the methods, steps, and logical block diagrams disclosed in the embodiments of the present invention may be implemented or carried out.
  • the general purpose processor may be a microprocessor or the processor or any conventional processor or the like.
  • the steps of the method disclosed in the embodiments of the present invention may be directly implemented by the hardware decoding processor, or may be performed by a combination of hardware and software modules in the decoding processor.
  • the software module can be located in a conventional storage medium such as random access memory, flash memory, read only memory, programmable read only memory or electrically erasable programmable memory, registers, and the like.
  • the storage medium is located in memory 940, and processor 930 reads the information in memory 940 and, in conjunction with its hardware, performs the steps of the above method.
  • the input device 910 is further configured to receive, by the information control device, an AAA message, where the AAA message carries encrypted user information;
  • the processor 930 is specifically configured to perform a service according to the encrypted user information.
  • the data fusion system further includes a short message server, and the processor 930 is further configured to trigger a short message request sent to the information control device, where the short message request carries the encrypted user information.
  • the data fusion system further includes a service issuance server, and the processor 930 is further configured to trigger a service release request sent to the information control device, where the service release request carries the encrypted user information and the service to be issued business type.
  • the data fusion system further includes a bill server.
  • the processor 930 is further configured to trigger to receive a bill file sent by the information control device, where the bill file carries the encrypted bill user information; and the encrypted bill user information is matched with the encrypted user information. After the encrypted bill user information matches the encrypted user information, The CDR file corresponding to the encrypted CDR user information is checked against the CDR file corresponding to the encrypted user information.
  • the data fusion system further includes a core network convergence device.
  • the processor 930 is further configured to trigger the sending of the query request to the information control device, where the query request carries the encrypted user information and the indication information of the to-be-queried result; triggering receiving the query result sent by the information control device.
  • a data fusion system includes: an information control device 80, a policy and charging rule control function PCRF device 70, a user device 60, and an application function AF server 90.
  • the PCRF is activated on the user equipment. Establishing and saving a correspondence between the protocol IP address and the user information of the interconnection between the networks of the user equipment,
  • the information control device 80 is configured to:
  • AAR message sent by the AF server, where the AAR message includes an indication of the user information to be acquired and an IP address of the user equipment;
  • the AAR message is forwarded to the PCRF, so that the PCRF searches for the user information corresponding to the indication according to the IP address of the user equipment;
  • the AF server 90 is configured to:
  • the AF server cannot obtain the user ID, and cannot use the user letter.
  • the data fusion system provided by the embodiment of the present invention can enable the AF to securely obtain user information from the PCRF and use the user information to perform services.
  • the storage medium may include: a ROM, a RAM, a magnetic disk, or an optical disk.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Telephonic Communication Services (AREA)

Abstract

L'invention concerne un procédé d'acquisition d'informations, consistant à : recevoir un message AAR transmis par un serveur AF, le message AAR comprenant un indicateur d'informations d'utilisateur à obtenir et une adresse IP d'un équipement d'utilisateur (UE) ; transmettre le message AAR à un PCRF, de sorte que le PCRF demande, selon l'adresse IP de l'UE, les informations d'utilisateur correspondant à l'indicateur ; recevoir un message AAA transmis par le PCRF, le message AAA portant les informations d'utilisateur correspondant à l'indicateur ; et transmettre le message AAA à un serveur AF, de sorte que le serveur AF exécute un service selon les informations d'utilisateur correspondant à l'indicateur. Le procédé d'acquisition d'informations selon un mode de réalisation de la présente invention permet à un serveur AF d'acquérir de manière sûre des informations d'utilisateur depuis un PCRF et d'exécuter un service à l'aide des informations d'utilisateur.
PCT/CN2015/096566 2014-12-26 2015-12-07 Procédé, dispositif et système d'acquisition d'informations d'utilisateur WO2016101784A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201410836270.6A CN105791256B (zh) 2014-12-26 2014-12-26 一种获取用户信息的方法、装置及系统
CN201410836270.6 2014-12-26

Publications (1)

Publication Number Publication Date
WO2016101784A1 true WO2016101784A1 (fr) 2016-06-30

Family

ID=56149222

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2015/096566 WO2016101784A1 (fr) 2014-12-26 2015-12-07 Procédé, dispositif et système d'acquisition d'informations d'utilisateur

Country Status (2)

Country Link
CN (1) CN105791256B (fr)
WO (1) WO2016101784A1 (fr)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107786348B (zh) * 2016-08-29 2021-09-17 中国电信股份有限公司 实现ott业务的方法和系统以及pcrf
CN110300083B (zh) * 2018-03-22 2021-02-12 华为技术有限公司 一种获取身份信息的方法、终端及验证服务器

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101420338A (zh) * 2007-10-26 2009-04-29 华为技术有限公司 Pcc架构中的信息查询方法、装置及系统
CN102638783A (zh) * 2012-03-21 2012-08-15 中兴通讯股份有限公司 一种获取ue接入位置信息的方法及系统
CN103249023A (zh) * 2012-02-02 2013-08-14 中国移动通信集团公司 一种业务平台获取用户手机号码的方法、系统和业务平台
EP2785004A1 (fr) * 2013-03-28 2014-10-01 Nokia Solutions and Networks Oy Interception légale à base IMEI sur un sous-système multimédia IP

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1859387B (zh) * 2005-12-31 2010-12-22 华为技术有限公司 一种终端用户代理系统及其订阅与使用业务的方法
KR101834937B1 (ko) * 2011-07-06 2018-03-06 삼성전자 주식회사 통신 시스템에서 사용자 단말기의 정보 획득 방법 및 장치
CN104066114A (zh) * 2013-03-20 2014-09-24 中兴通讯股份有限公司 融合网络中的策略控制方法、系统及装置

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101420338A (zh) * 2007-10-26 2009-04-29 华为技术有限公司 Pcc架构中的信息查询方法、装置及系统
CN103249023A (zh) * 2012-02-02 2013-08-14 中国移动通信集团公司 一种业务平台获取用户手机号码的方法、系统和业务平台
CN102638783A (zh) * 2012-03-21 2012-08-15 中兴通讯股份有限公司 一种获取ue接入位置信息的方法及系统
EP2785004A1 (fr) * 2013-03-28 2014-10-01 Nokia Solutions and Networks Oy Interception légale à base IMEI sur un sous-système multimédia IP

Also Published As

Publication number Publication date
CN105791256A (zh) 2016-07-20
CN105791256B (zh) 2019-06-21

Similar Documents

Publication Publication Date Title
KR101838872B1 (ko) 애플리케이션-특정적 네트워크 액세스 크리덴셜들을 이용한 무선 네트워크들에 대한 후원된 접속을 위한 장치 및 방법
CN112910969B (zh) 一种业务管理方法及其装置
CN107409125B (zh) 用于服务-用户平面方法的使用网络令牌的高效策略实施
US9800563B2 (en) Method and device for processing data security channel
US20190037407A1 (en) Secure short message service over non-access stratum
EP3284276B1 (fr) Améliorations de la sécurité dans un réseau cellulaire
CN102355657B (zh) 业务访问控制方法、装置和系统
CN102143487B (zh) 一种端对端会话密钥协商方法和系统
WO2011035684A1 (fr) Procédé de sélection de réseau sur la base de plusieurs liens et dispositif associé
KR20170110157A (ko) 애플리케이션-특정적 네트워크 액세스 크리덴셜들을 이용한 무선 네트워크들에 대한 후원된 접속을 위한 장치 및 방법
CN101335675B (zh) 一种策略控制方法
US10218698B2 (en) Using a mobile device number (MDN) service in multifactor authentication
TW201505464A (zh) 無線上網流量共用控制方法及系統
CN106789834A (zh) 用于识别用户身份的方法、网关、pcrf网元和系统
CN107006052A (zh) 使用ott服务的基于基础设施的d2d连接建立
WO2015100615A1 (fr) Procédé et appareil pour traiter un paquet de service, et dispositif de passerelle
CN107852603A (zh) 终端认证的方法及设备
WO2016101784A1 (fr) Procédé, dispositif et système d'acquisition d'informations d'utilisateur
JP6508660B2 (ja) 課金制御装置、方法、およびシステム
KR102209289B1 (ko) 이동 통신 시스템 환경에서 프록시미티 기반 서비스를 위한 보안 및 정보 지원 방법 및 시스템
WO2018112796A1 (fr) Procédé de commande de politique de données de service, dispositif opérateur et serveur
US10271270B2 (en) Reducing fraudulent activity associated with mobile networks
US9942767B2 (en) Reducing fraudulent activity associated with mobile networks
KR20190140786A (ko) 어플리케이션 별 과금 정책 분리 방법, 그리고 이를 구현하기 위한 통신 시스템 및 사용자 단말
WO2022270228A1 (fr) Dispositif et procédé pour fournir un service de communication pour accéder à un réseau ip et programme associé

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 15871853

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 15871853

Country of ref document: EP

Kind code of ref document: A1