CN104995891B - The method, apparatus and gateway of processing business message - Google Patents
The method, apparatus and gateway of processing business message Download PDFInfo
- Publication number
- CN104995891B CN104995891B CN201380072947.7A CN201380072947A CN104995891B CN 104995891 B CN104995891 B CN 104995891B CN 201380072947 A CN201380072947 A CN 201380072947A CN 104995891 B CN104995891 B CN 104995891B
- Authority
- CN
- China
- Prior art keywords
- application
- key
- service message
- message
- gateway
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L69/00—Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
- H04L69/22—Parsing or analysis of headers
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Mobile Radio Communication Systems (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The embodiment of the present invention provides method, user equipment and the gateway of a kind of processing business message.This method comprises: gateway receives service message, application identities are carried in the service message, which is used to indicate application belonging to the service message;The gateway identifies application belonging to the service message according to the application identities;The gateway executes the processing strategie to the service message according to the application pre-established and the corresponding relationship of processing strategie.In the embodiment of the present invention, by carrying application identities in service message, and the application identities are stored in advance in gateway, gateway can be according to the match cognization application of the application identities stored in the application identities and gateway carried in service message, to improve gateway to the discrimination of application.
Description
Technical field
The present embodiments relate to wireless communication fields, and more particularly, to a kind of method of processing business message,
Device and gateway.
Background technique
With the popularization of intelligent terminals, using (APP) using more and more extensive.Existing application is varied, mainly
Maintenance and management is carried out by respective OTT (on top, Over The Top) manufacturer.
Currently, the cooperation between the operator and OTT manufacturer of mobile network is more and more extensive.For example, Alibaba is to make
Free flow packet is provided with the user of the applications such as Taobao, day cat under it;Guangzhou connection, telecommunications release wechat flow packet together
Deng.
Using mobile network, the gateway of core net needs to identify service message institute in mobile network
Belong to application, could be directed to different using different processing strategies (such as charging policy and qos policy).
In the prior art, operator usually utilizes DPI (deep message detection, Deep Packet Inspection) to come
Identify the application type applied belonging to service message.But the identification method based on DPI needs at the gateway of core net
Establish feature database.Since the update of application is more frequent, the update in this feature library does not often catch up with the renewal speed of application, identification
Rate is lower.
Summary of the invention
The embodiment of the present invention provides the method, apparatus and gateway of a kind of processing business message, to improve gateway
To the discrimination applied belonging to service message.
In a first aspect, providing a kind of method of processing business message, comprising: gateway receives service message, the industry
Application identities are carried in business message, the application identities are used to indicate application belonging to the service message;The gateway
According to the application identities, application belonging to the service message is identified;The gateway described is answered according to what is pre-established
The processing strategie is executed to the service message with the corresponding relationship with processing strategie.
With reference to first aspect, in a kind of implementation of first aspect, the gateway is stored with the application mark
Know the corresponding relationship with application, it is described to identify the application according to the application identities, comprising: to be taken according in the service message
The application identities of band and the corresponding relationship of the application identities and application, the corresponding application of the application identities is true
It is set to application belonging to the service message.
With reference to first aspect or its above-mentioned implementation it is any, in another implementation of first aspect, institute
Check code also safe to carry in service message is stated, the safety check code is used to verify the safety of the service message, described
Gateway is also stored with the application identities, using the corresponding relationship with key, then described to be identified according to the application identities
The application, comprising: according to pair of the application identities and the application identities and key that are carried in the service message
It should be related to, determine the key;Benchmark check code is generated according to the key;When the benchmark check code and the safety check
When code matching, the corresponding application of the application identities is determined as application belonging to the service message.
With reference to first aspect or its above-mentioned implementation it is any, in another implementation of first aspect, institute
Stating key is the temporary key that key server is application generation, described according to carrying in the service message
The corresponding relationship of application identities and the application identities and key, before determining the key, the method also includes: to
The key server sends request message, and the request message is for requesting the key server to generate institute for the application
State temporary key;The response message that the key server is sent is received, carries the temporary key in the response message.
With reference to first aspect or its above-mentioned implementation it is any, in another implementation of first aspect, institute
The version number that the application is also carried in service message is stated, the gateway is also stored with the application identities, the version
Number and the key corresponding relationship, it is described according to the application identities and the application that are carried in the service message
Mark and the corresponding relationship of the key determine the key, comprising: according to the application mark carried in the service message
Know and the version number and the application identities, the version number, the key corresponding relationship, select the application mark
Know the key corresponding with the version number.
With reference to first aspect or its above-mentioned implementation it is any, in another implementation of first aspect, institute
It states and benchmark check code is generated according to the key, comprising: according to the key, the benchmark check code is generated based on MD5.
With reference to first aspect or its above-mentioned implementation it is any, in another implementation of first aspect, institute
State the charging policy that processing strategie is the application, the application and the corresponding relationship of processing strategie that the basis pre-establishes
The processing strategie is executed to the service message, comprising: charging is carried out to the service message according to the charging policy.
Second aspect provides a kind of method of processing business message, comprising: service message is generated, in the service message
Application identities are carried, the application identities are used to indicate application belonging to the service message;It is sent out to the gateway of core net
Send the service message.
In conjunction with second aspect, in a kind of implementation of second aspect, verification also safe to carry in the service message
Code, the safety check code is used to verify the safety of the service message, before the generation service message, further includes:
Obtain the corresponding key of the application;The safety check code is generated according to the key.
In conjunction with any of second aspect or its above-mentioned implementation, in another implementation of second aspect, institute
Stating key is the temporary key that key server is application generation, described to obtain the corresponding key of the application, comprising: to
The key server sends request message, and the request message is for requesting the key server to generate institute for the application
State temporary key;The response message that the key server is sent is received, carries the temporary key in the response message.
In conjunction with any of second aspect or its above-mentioned implementation, in another implementation of second aspect, institute
Stating key is the built-in key applied belonging to the service message, described to obtain the corresponding key of the application, comprising: to extract institute
State built-in key.
In conjunction with any of second aspect or its above-mentioned implementation, in another implementation of second aspect, institute
State the version number for also carrying in service message and generating the application of the service message.
In conjunction with any of second aspect or its above-mentioned implementation, in another implementation of second aspect, institute
It states and the safety check code is generated according to the key, comprising: generate the safety check according to the key, and based on MD5
Code.
The third aspect provides a kind of gateway, comprising: the first receiving unit, for receiving service message, the business
Application identities are carried in message, the application identities are used to indicate application belonging to the service message;Recognition unit is used for root
According to the application identities carried in the received service message of first receiving unit, identify belonging to the service message
Application;Execution unit, it is corresponding with processing strategie for the application according to the recognition unit identification pre-established
Relationship executes the processing strategie to the service message.
In conjunction with the third aspect, in a kind of implementation of the third aspect, the gateway is stored with the application mark
Know the corresponding relationship with application, the recognition unit be specifically used for according to the application identities that are carried in the service message with
The corresponding relationship of the application identities and the application identities and application that are stored in the gateway, by the application mark
Know corresponding application and is determined as application belonging to the service message.
In conjunction with any of the third aspect or its above-mentioned implementation, in another implementation of the third aspect, institute
Check code also safe to carry in service message is stated, the safety check code is used to verify the safety of the service message, described
Gateway is also stored with the application identities, using the corresponding relationship with key, and the recognition unit is specifically used for according to institute
The corresponding relationship for stating the application identities and the application identities and key that carry in service message, determines the key;
Benchmark check code is generated according to the key;When the benchmark check code is matched with the safety check code, by the application
It identifies corresponding application and is determined as application belonging to the service message.
In conjunction with any of the third aspect or its above-mentioned implementation, in another implementation of the third aspect, institute
State key be key server be the application generate temporary key, the gateway further include: transmission unit, for
The key server sends request message, and the request message is for requesting the key server to generate institute for the application
State temporary key;Second receiving unit is taken in the response message for receiving the response message of the key server transmission
With the temporary key.
In conjunction with any of the third aspect or its above-mentioned implementation, in another implementation of the third aspect, institute
The version number that the application is also carried in service message is stated, the gateway is also stored with the application identities, the version
Number and the key corresponding relationship, the recognition unit be specifically used for according to the application mark carried in the service message
Know the corresponding relationship with the version number and the application identities, the version number and the key, selects the application mark
Know the key corresponding with the version number.
In conjunction with any of the third aspect or its above-mentioned implementation, in another implementation of the third aspect, institute
It states recognition unit to be specifically used for according to the key, the benchmark check code is generated based on MD5.
In conjunction with any of the third aspect or its above-mentioned implementation, in another implementation of the third aspect, institute
Execution unit is stated to be specifically used for carrying out charging to the service message according to the charging policy.
Fourth aspect provides a kind of device of processing business message, comprising: the first generation unit, for generating business report
Text carries application identities in the service message, and the application identities are used to indicate application belonging to the service message;It sends
Unit, for sending the service message that first generation unit generates to the gateway of core net.
In conjunction with fourth aspect, in a kind of implementation of fourth aspect, verification also safe to carry in the service message
Code, the safety check code are used to verify the safety of the service message, described device further include: acquiring unit, for obtaining
Take the corresponding key of the application;Second generation unit, for generating the safety check code according to the key.
In conjunction with any of fourth aspect or its above-mentioned implementation, in another implementation of fourth aspect, institute
Stating key is the temporary key that key server is application generation, and the acquiring unit is specifically used for the cipher key service
Device sends request message, and the request message is that the application generates the temporary key for requesting the key server;
The response message that the key server is sent is received, carries the temporary key in the response message.
In conjunction with any of fourth aspect or its above-mentioned implementation, in another implementation of fourth aspect, institute
Stating key is the built-in key applied belonging to the service message, and the acquiring unit is specifically used for extracting the built-in key.
In conjunction with any of fourth aspect or its above-mentioned implementation, in another implementation of fourth aspect, institute
State the version number for also carrying in service message and generating the application of the service message.
In conjunction with any of fourth aspect or its above-mentioned implementation, in another implementation of fourth aspect, institute
It states the second generation unit to be specifically used for according to the key, and the safety check code is generated based on Message Digest 5 MD5.
In the embodiment of the present invention, by carrying application identities in service message, and this is stored in advance in gateway and answers
With mark, gateway can be according to of the application identities stored in the application identities and gateway carried in service message
It is applied with identification, to improve gateway to the discrimination of application.
Detailed description of the invention
In order to illustrate the technical solution of the embodiments of the present invention more clearly, will make below to required in the embodiment of the present invention
Attached drawing is briefly described, it should be apparent that, drawings described below is only some embodiments of the present invention, for
For those of ordinary skill in the art, without creative efforts, it can also be obtained according to these attached drawings other
Attached drawing.
Fig. 1 is the schematic flow chart of the method for processing business message according to an embodiment of the present invention.
Fig. 2 is the schematic flow chart of the method for processing business message according to an embodiment of the present invention.
Fig. 3 is group-network construction figure according to an embodiment of the present invention.
Fig. 4 is flow chart of the method for processing business message according to an embodiment of the present invention under Fig. 3 group-network construction.
Fig. 5 is the flow chart of the method for the processing business message of the embodiment of the present invention.
Fig. 6 is the schematic block diagram of gateway according to an embodiment of the present invention.
Fig. 7 is the schematic block diagram of the device of processing business message according to an embodiment of the present invention.
Fig. 8 is the schematic block diagram of gateway according to an embodiment of the present invention.
Fig. 9 is the schematic block diagram of the device of processing business message according to an embodiment of the present invention.
Specific embodiment
Following will be combined with the drawings in the embodiments of the present invention, and technical solution in the embodiment of the present invention carries out clear, complete
Site preparation description, it is clear that described embodiment is a part of the embodiments of the present invention, rather than whole embodiments.Based on this hair
Embodiment in bright, those of ordinary skill in the art's every other reality obtained without making creative work
Example is applied, all should belong to the scope of protection of the invention.
In order to solve the problems, such as that gateway is low to the discrimination applied belonging to service message in the prior art, the present invention is real
It applies in example, application identities is added in service message.The application identities can by OTT manufacturer and the operator of mobile network it
Between the mode cooperated, a corresponding application identities are generated for each application, to identify the application.Operator can be in net
Close the application identities that application of having contracted is stored in equipment.It applies when generating service message, this can be added in the message and answer
Application identities.When the service message is by above-mentioned gateway, which can extract takes in the service message
The application identities of band, and matched with the application identities of storage, achieve the purpose that identify the application.
It should be understood that technical solution of the present invention can be applied to various communication systems, such as: GSM (global system for mobile telecommunications,
Global System of Mobile communication) system, CDMA (CDMA, Code Division
Multiple Access) system, WCDMA (wideband code division multiple access, Wideband Code Division Multiple
Access) system, GPRS (General Packet Radio Service, General Packet Radio Service), LTE (long term evolution,
Long Term Evolution) system, LTE-A (advanced long term evolution, Advanced long term evolution) system
System, UMTS (Universal Mobile Communication System, Universal Mobile Telecommunication System) etc..
It should also be understood that in embodiments of the present invention, UE (user equipment, User Equipment) includes but is not limited to MS
(mobile station, Mobile Station), mobile terminal (Mobile Terminal), mobile phone (Mobile Telephone),
Mobile phone (handset) and portable equipment (portable equipment) etc., the user equipment can through RAN (wireless access network,
Radio Access Network) it is communicated with one or more core nets, for example, user equipment can be mobile phone
(or be " honeycomb " phone), computer with wireless communication function etc., user equipment can also be portable, pocket,
Hand-held, built-in computer or vehicle-mounted mobile device.
It should be understood that above-mentioned gateway is related with the type for the mobile network that terminal uses.Such as it can be GPRS network
In GGSN (Gateway GPRS Support Node, Gateway GPRS Support Node);PGW (the grouping being also possible in LTE
Data network gateway, Packet Data Network-Gateway);It can also be the PDSN (packet data in CDMA 2000
Service node, Packet Data Serving Node) etc., the present invention is not especially limit this.
Fig. 1 is the schematic flow chart of the method for processing business message according to an embodiment of the present invention.This method can be by
The gateway of core net executes, such as can be GGSN/PGW.The method of Fig. 1 includes:
110, gateway receives service message, carries application identities in service message, application identities are used to indicate business
Application belonging to message.
Above-mentioned service message can be generated by the application (for example, it may be client of application) on UE or UE.The UE or
The application of UE is by SP Server from above-mentioned gateway to application (Service Provider Server, service provider
Server) send the message.
Above-mentioned service message can also be generated by SP Server.For example, the SP Server is sent out by gateway to UE
Send service message.The embodiment of the present invention generates service message with UE, forwards the service message to SP Server by gateway
For be illustrated.SP Server generates service message, and to gateway send the concrete mode of the service message with
The side UE is corresponding, to avoid repeating, no longer narration in detail.
Above-mentioned application identities can be the application ID specially established to identify application, and application and between application ID one
One is corresponding, and gateway is allowed to accurately identify application according to application ID.Specifically, can by Mobile Network Operator with
The mode negotiated between OTT manufacturer establishes application ID.For example, before Mobile Network Operator may be required in using listing, OTT factory
Quotient needs for the special application ID of each application configuration, and records the application ID in gateway.
Above-mentioned application identities can also use existing identification information, as long as the identification information can accurately distinguish difference and answer
With.Such as the application name of each application;Or application name adds the combination etc. of version number, the embodiment of the present invention does not make this to have
Body limits.The operator of mobile network can be in the identification information of the pre-recorded each signing application of gateway.Answering on UE
Used in when generating service message, which can be embedded in the service message, so as to gateway identification.
120, gateway identifies application belonging to service message according to application identities.
It should be understood that step 120 can include: gateway extracts the application identities from service message;According to being somebody's turn to do for extraction
Application identities identify the application.
Mobile Network Operator can make an appointment insertion position of the application identities in service message with OTT manufacturer.Example
Such as, it can be inserted after the URL of service message HTTP request, or scheduled any other position in advance.Gateway receives industry
It is engaged in after message, is taken from preparatory scheduled position and extract the application identities.It should be understood that the above-mentioned mode made an appointment is only
One citing, in practice, gateway also can use DPI oneself and go discovery application identities, and the embodiment of the present invention does not make this
It is specific to limit.
It should be noted that the application identities of signing application can be stored in advance in gateway, then pass through matching business
Application identities in message and the application identities of above-mentioned storage identify application.
It should be noted that the identification application in step 120 can be only the identification on logical meaning.For example,
When the application identities in service message are matched with some pre-stored application identities of gateway, i.e., it is believed that gateway
It identifies and is applied described in the service message.
130, gateway executes processing to service message according to the corresponding relationship of the application and processing strategie that pre-establish
Strategy.
Optionally, above-mentioned processing strategie can be the charging policy of application, step 130 can include: according to the meter of the application
Take strategy and charging is carried out to service message.
For example, the charging policy for the flow that different application generates is different.Application and charging policy are established in gateway
Corresponding relationship, when identify this in application, according to this using corresponding charging policy carry out charging.
Certainly, above-mentioned processing strategie can also be other control strategies, for example, different application data service priority
Difference executes different QoS, congestion control or bandwidth according to the priority of different data business and controls.
In the embodiment of the present invention, by carrying application identities in service message, since the application identities are for identifying this
Application, gateway belonging to service message can identify the application according to the application identities, so that it is corresponding to improve gateway
Discrimination.
Optionally, as one embodiment, gateway is stored with the corresponding relationship of application identities and application, step 120
Can include: according to the corresponding relationship of the application identities and application identities and application that are carried in service message, by application identities pair
The application answered is determined as application belonging to service message.
In the embodiment of the present invention, by carrying application identities in service message, and this is stored in advance in gateway and answers
With mark, gateway can be according to of the application identities stored in the application identities and gateway carried in service message
It is applied with identification, to improve gateway to the discrimination of application.
Specifically, gateway can pre-establish the application identities list of signing application.For example, the list first three items point
It is not " application identities 1- Apply Names 1 ", " application identities 2- Apply Names 2 " and " application identities 3- Apply Names 3 ";Above-mentioned industry
The application identities carried in business message are application identities 2;Gateway passes through the Section 2 in search discovery application identities list
Match with application identities 2, then the corresponding application of application identities 2 (i.e. the application of the instruction of Apply Names 2) is determined as the business
Application belonging to message.
In the prior art, gateway is matched based on the feature in DPI detection messages with the feature in feature database,
Achieve the purpose that using identification.But such message is easy to be forged, and it is not safe enough, it will lead to operator and the loss of user.
Optionally, as another embodiment, check code also safe to carry in above-mentioned service message, safety check code is used for
The safety of service message is verified, gateway is also stored with application identities, using the corresponding relationship with key, and step 120 can
It include: to be closed according to the application identities stored in the application identities and gateway carried in service message are corresponding with key
System, determines key;Benchmark check code is generated according to key;When benchmark check code is matched with safety check code, by application identities
Corresponding application is determined as application belonging to service message.
In the embodiment of the present invention, by check code safe to carry in service message, gateway is according to the safety check
Code verifies the service message, so as to avoid the forgery of service message, improves the safety of business transmission.
It should be noted that above-mentioned safety check code can be generated based on this using corresponding key by the application in UE.
It on this basis, can be by way of making an appointment or signaling, to guarantee when the service message by safety using (such as
Legal copy application) when generating, used key and cipher mode when the side UE generates above-mentioned safety check code are raw with gateway
Used key and cipher mode are identical when at said reference check code.
Specifically, it can make an appointment the side UE and to be all made of identical plaintext, key and cipher mode raw for gateway side
At check code, this can be the URL or arbitrary string of the title of application, the application in plain text.Therefore, when service message is peace
When full service message, above-mentioned safety check code is identical as said reference check code;When service message is the service message forged
When, since the message of forgery can not obtain the plaintext or key of above-mentioned agreement, above-mentioned safety check code and said reference are verified
Code is different.
Optionally, above-mentioned that benchmark check code is generated according to key can include: according to key, to be based on MD5 (Message Digest 5
5, Message Digest Algorithm 5) generate benchmark check code.Since the MD5 check code obtained is reversely to calculate
The algorithm based on character string, so avoiding the possibility for cracking out agreement character string, and Internet enterprises largely use
MD5, for CP (content supplier, Content Provider) and SP (service provider, Service Provider)
Technology and cost input threshold are all very low.
It should be noted that the side UE and gateway side obtain key mode can there are many, be given below two kinds and obtain
Take the concrete mode of key.
Optionally, as one embodiment, key is that the key server disposed in advance is temporary key using generation,
According to the corresponding relationship of the application identities and key stored in the application identities and gateway carried in service message, really
Before determining key, Fig. 1 method, which may also include that key server, sends request message, and request message is for requesting cipher key service
Device is that the application generates temporary key;The response message that key server is sent is received, carries temporary key in response message.
Specifically, applied to achieve the purpose that accurately identify belonging to service message, OTT manufacturer can to APP apply into
Row transformation disposes key server in network side.UE can be requested facing for the application in application starting to the key server
When key;Gateway side periodically can send request message to the key server, request the signing application in gateway
Application identities and temporary key, belonging to the above-mentioned service message using for the signing using a period of time, which is used for
Requesting key server is that the application generates temporary key.Certainly, when key server can also fail for temporary key setting
Between, when reaching the out-of-service time, need to re-request.
Above-mentioned signing application specifically can refer to the application recorded in the GGSN/PGW.For example, when the service of some application mentions
When providing some for quotient and applying the free flow packet under mobile network, need to contract with the operator of mobile network, with
Just GGSN/PGW records the corresponding relationship of the application and the application and free traffic policy.
Optionally, above-mentioned application identities are also possible to interim application identities, and the application or GGSN/PGW on UE are to close
When key server sends request message, key server can also generate interim application identities.Similarly, or this is interim
Application identities be arranged the out-of-service time.
Optionally, as another embodiment, can built-in application mark, version number and key in the application, above-mentioned industry
The version number of application is also carried in business message, gateway is also stored with the corresponding relationship of application identities, version number and key, on
It states true according to the corresponding relationship of the application identities and key that are stored in the application identities and gateway carried in service message
Determine key can include: mark according to the application stored in the application identities and version number and gateway carried in service message
Know, the corresponding relationship of version number and key, selects key corresponding with the application identities and the version number.
Specifically, the side UE is when generating service message, extracted from application this using built-in application identities, version number and
Key;Gateway side can extract each application identities, version number and key from signing application, and establish corresponding relationship column
Table.
Above in conjunction with Fig. 1, processing business report according to an embodiment of the present invention is described in detail from the angle of gateway
The method of text describes the side of processing business message according to an embodiment of the present invention below in conjunction with Fig. 2 from the angle of user equipment
Method.
It should be understood that the UE of the side UE description and the interaction of gateway and correlation properties, function etc. and gateway side are retouched
It states accordingly, for sake of simplicity, suitably omitting repetitive description.
Fig. 2 is the schematic flow chart of the method for processing business message according to an embodiment of the present invention.The method of Fig. 2 can be with
It is executed by the device of processing business message, for example, it may be the application execution on UE or UE, is also possible to SP Server.Fig. 2
Method include:
210, service message is generated, carries application identities in service message, application identities are used to indicate belonging to service message
Using;
220, service message is sent to the gateway of core net.
It should be understood that sending service message to gateway in step 220, the hair using gateway as destination can be
It send, is also possible to the forwarding by gateway to other purposes ground.
Specifically, when the method for Fig. 2 is executed by UE, step 220 can include: UE passes through gateway to service message institute
The SP Server for belonging to application forwards the service message.
When the method for Fig. 2 by SP Server execute when, step 220 can include: SP Server by gateway server to
The service message can be forwarded to UE.
In the embodiment of the present invention, by carrying application identities in service message, since the application identities are for identifying this
Application, gateway belonging to service message can identify the application according to the application identities, so that it is corresponding to improve gateway
Discrimination.
Optionally, as one embodiment, check code also safe to carry in service message, safety check code is for verifying industry
The safety of business message, before step 210, Fig. 2 method may also include that corresponding key is applied in acquisition;It is generated according to key
Safety check code.
Optionally, as another embodiment, key is that the key server disposed in advance is using the interim close of generation
Corresponding key is applied in key, above-mentioned acquisition can include: sends request message to key server, request message is for requesting key
Server is that application generates temporary key;The response message that key server is sent is received, carries temporary key in response message.
Optionally, as another embodiment, key is the built-in key applied belonging to service message, above-mentioned acquisition application
Corresponding key can include: extract built-in key from applying belonging to service message.
Optionally, as another embodiment, the version number for generating the application of service message is also carried in service message.
Optionally, as another embodiment, safety check code is generated according to key, comprising: according to key, and be based on
MD5 generates safety check code.
Below with reference to specific example, it is described more fully the embodiment of the present invention.It should be noted that the example of Fig. 3 to Fig. 4 is only
It is to help those skilled in the art understand that the embodiment of the present invention, and it is specific illustrated by the embodiment of the present invention have to being limited to
Numerical value or concrete scene.Those skilled in the art are according to the example of given Fig. 3 to Fig. 5, it is clear that can carry out various equivalences
Modification or variation, it is such modification or variation also fall into the range of the embodiment of the present invention.
Fig. 3 is group-network construction figure according to an embodiment of the present invention.In the fig. 3 embodiment, the application mark applied in the side UE
Know and key is obtained in the public key server that network side is disposed from OTT manufacturer;Application mark in gateway
Know and the corresponding relationship of key is also to obtain from the key server.
In addition, above-mentioned gateway is by taking GGSN/PGW as an example, and GGSN/PGW be provided with for different applications it is different
Charging policy, by PCRF (strategy and charging rule functions, Policy and Charging Rules Function) entity and
OCS (online charging system, Online Charging System) control.
Specifically, when UE is interacted with SP Server in a mobile network, service message can be by RAN, such as can be
UMTS or LTE, core network access;And it passes sequentially through SGSN/SGW, GGSN/PGW in core net and reaches SP Server.
Fig. 4 is flow chart of the method for processing business message according to an embodiment of the present invention under Fig. 3 group-network construction.The party
Method can be executed by UE, can also be by the application execution on UE.
401, using the address the domain name or IP of built-in key server (Internet protocol, Internet Protocol).
Using on UE, it is ensured that obtained when each UE runs the application or when key fails from key server interim close
Key.
The key server pre-establishes, and the key server can be located at network side, referring specifically in Fig. 3
Key server.
402, in the case where UE access mobile network, when using operation, request message is sent to key server, and ask
Seek temporary key.
Specifically, sending request message to key server using according to the domain name or IP of key server, which can
To be carried on HTTPS (hypertext transfer protocol on Secure Socket Layer, Hypertext Transfer Protocol over
Secure Socket Layer) on, completed by way of encryption with the authentication of key server and key application, avoid close
Key is intercepted and captured by intermediate equipment.
Portable application title or application ID in the request message, so that key server knows answering for request temporary key
With, and this is generated using corresponding temporary key.
Further, username and password needed for logging in the key server can be carried in the request message, so as to
Key server is authenticated according to the username and password.
403, the request of GGSN/PGW forwarding application.
When GGSN/PGW forwards the request, the strategy freely passed through can be configured, it is ensured that the application of UE can be accessed normally
Key server realizes the initial authentication and key application of application.
404, key server determines the temporary key of the application.
Optionally, key server can specifically can refer to examine the legitimacy and validity of application to weight discriminating
It looks into.The authentication mode of application can be the authentication that the application is completed according to the username and password of agreement.Specifically, it applies upper
It states and carries username and password in request message, key server authenticates the safety of the application according to the username and password.
Optionally, the application identities of the application are also possible to the temporary identifier of key server offer, at this point, key takes
When business device determines the temporary key of the application, the temporary identifier of the application is also determined.Further, it is also possible to determine the application identities and
The out-of-service time of temporary key.
405, key server sends response message to application, carries authenticating result and temporary key in the response message.
Optionally, the out-of-service time of interim application identities and/or temporary key can also be carried.
406, the address of GGSN/PGW configuring cipher key server.
GGSN/PGW can respectively contract according to the timing of the address of the key server to key server application answering of applying
With mark and temporary key.
407, GGSN/PGW is based on preconfigured key server address please draw lots before idols to key server request message
The application identities and temporary key about applied.
The application name or application ID that signing application can be carried in the message, know so as to key server and need for which
Corresponding temporary key is generated using generation temporary key, and for each signing application.
The message can be by being arranged with key server, privately owned custom interface protocol type and request message lattice
Formula.Such as Radius message is extended.
Above-mentioned signing application specifically can refer to the application recorded in the GGSN/PGW.For example, when the service of some application mentions
When providing some for quotient and applying the free flow packet under mobile network, need to contract with the operator of mobile network, with
Just GGSN/PGW records the corresponding relationship of the application and the application and free traffic policy.
It should be noted that step 401, step 406 and step 407 are optional step.Specifically, GGSN/PGW can be pre-configured with
The address of key server, and the application identities and temporary key of signing application are periodically requested to key server.
408, key server encapsulates the application identities of signing application and temporary key in the response message.
409, key server replys response message, and the application identities of types of applications and interim close are carried in the response message
Key.
410, GGSN/PGW resolution response message content saves application identities and temporary key in response message.
411, safety check code is generated according to the Encryption Algorithm of agreement using based on temporary key.
MD5 algorithm can be used in the algorithm.Using the character string that can be made an appointment with gateway for encryption, example
Such as, the name of application, URL of application server etc. be can be, the present invention is not especially limit this.
412, when applied business accesses, application identities and safety check code are added in service message
Specifically, the character string of format is arranged in appointed position insertion in service message.The wherein character of the agreement format
String may include application identities and safety check code, can also include the source string of OTT and GGSN/PGW agreement.For example, can be with
Using following agreement format: APP ID+APPname+md5 (APP name).Wherein, APP ID represents application identities, APP
Name is source string, and md5 (APP name) is the safe school calculated with source string and key by md5 encryption algorithm
Test code.The character string of the agreement format is inserted into appointed position, for example, the position of insertion be HTTP request URL after.
413, GGSN/PGW detects the service message received, is applied belonging to the service message with identifying.
GGSN/PGW obtains character string from appointed position, and whether confirmation character string meets agreement format.Specifically, work as use
When APP ID+APP name+md5 (APP name) format, if meeting agreement format, APP ID (application mark is therefrom obtained
Know), APP name (source string) and the APP name after MD5 is calculated, i.e. safety check code.GGSN/PGW is according to report
APP ID in text finds the pre-stored corresponding key of APP ID.Then it is calculated with APP name and the key by MD5
Method calculates benchmark check code.If benchmark check code is identical as the safety check code in the service message, success is verified, it will
The corresponding application of the pre-stored application identities is determined as application belonging to the service message.Then, it is bound based on the user
Charging and control strategy matched, determine the charging and control mode of the business data flow of the application.
414, it applies and re-initiates authentication request and key application process, i.e. step 402 to 405 after key failure, with
Update temporary key.
415, GGSN/PGW reacquires the application identities and temporary key of different types of application after key failure.
It should be noted that step 414 and step 415 are optional step, answered when key server has been preset
When with the out-of-service time of mark and/or temporary key, above-mentioned two step can be executed.Otherwise, it is convenient to omit step 414 and step
Rapid 415.
In the embodiment of the present invention, by carrying application identities in service message, and with gateway is pre-stored answers
It is matched with mark, improves the discrimination of application.
In addition, establishing key server in network side, it is interim close that UE passes through key server acquisition with gateway
Key, and the verification to service message safety is completed using the temporary key, improve the safety of business transmission.
Fig. 5 is the flow chart of the method for the processing business message of the embodiment of the present invention.In the 5 embodiment of figure 5, key is
Version fixed allocation based on application.In other words, a built-in key in the different editions of each application.Therefore, it answers
Application identities, application version number and safety check code can be carried in service message.The method of Fig. 5 can be executed by UE,
It can be by the application execution on UE.Detailed process is as follows:
510, using built-in application mark, version number and corresponding key.
520, GGSN/PGW configures application identities, version number and corresponding key.
For example, it may be applying in signing, application identities, version number and the corresponding key of the application are reported.
It should be noted that step 510 and 520 can be completed by preconfigured mode.
530, safety check code is generated according to the Encryption Algorithm of agreement using based on built-in key.
The specific mode for generating safety check code is similar with Fig. 4 embodiment, and details are not described herein again.
540, the character string in the appointed position insertion agreement format of service message is applied.
For example, following format: APP ID+APP version+APP name+md5 (APP name) can be used.With Fig. 4
Format in embodiment is compared, more application versions number, i.e. APP version.
550, GGSN/PGW detects message, is applied belonging to the service message with identifying.
Specifically, it can confirm whether character string meets the message format of agreement from the position acquisition character string of agreement, such as
It is no to use following format: APP ID+APP version+APP name+md5 (APP name).If meeting agreement format,
Therefrom obtain APP ID, APP version, APP name and the APP name after MD5 is calculated, i.e. safety check code.
GGSN/PGW finds pre-stored and APP ID and the APP version according to APP ID and the APP version in message
Corresponding key.Then, benchmark check code is calculated by MD5 algorithm with APP name and the key.If benchmark check code
It is identical as the safety check code in the safety service message, then verify success.After verifying successfully, the charging based on user binding
It is matched with control strategy, determines the charging and control mode of the business data flow of the application.
560, more new key after application upgrade.
Specifically, after application upgrade, UE can download the upgrade package of the application from SP Server.In the upgrade package
Carry the new version using corresponding new key, the old key that utilizes new key replacement original.
570, GGSN/PGW is that application identities, the version number of application and key are established in updated application or newly-increased application
Corresponding relationship.
The implementation of step 570 can there are many, for example, can also can will be increased newly by SPServer with human configuration
Or update after apply application identities, application version number and key report to GGSN/PGW, so as to GGSN/PGW update instruction
The list of above-mentioned corresponding relationship.
In the embodiment of the present invention, by carrying application identities in service message, and with gateway is pre-stored answers
It is matched with mark, improves the discrimination of application.
Further, built-in application mark, the version number of application and key in each application, application and net on UE
It closes equipment and passes through the verification of the built-in key completion to service message safety, improve the safety of business transmission.
Fig. 6 is the schematic block diagram of gateway according to an embodiment of the present invention.The gateway 600 of Fig. 6 includes: first
Receiving unit 610, recognition unit 620 and execution unit 630.
First receiving unit 610 carries application identities, application identities are used for for receiving service message in service message
Indicate application belonging to service message;
Recognition unit 620, for knowing according to the application identities carried in the received service message of the first receiving unit 610
Application belonging to various-service message;
Execution unit 630, the application pass corresponding with processing strategie for being identified according to the recognition unit 620 pre-established
System executes processing strategie to service message.
In the embodiment of the present invention, by carrying application identities in service message, and this is stored in advance in gateway and answers
With mark, gateway can be according to of the application identities stored in the application identities and gateway carried in service message
It is applied with identification, to improve gateway to the discrimination of application.
Optionally, as one embodiment, gateway 600 is stored with the corresponding relationship of application identities and application, identification
Unit 620 is specifically used for according to the application identities and application stored in the application identities and gateway carried in service message
The corresponding relationship of mark and application, is determined as application belonging to service message for the corresponding application of application identities.
Optionally, as another embodiment, check code also safe to carry in service message, safety check code is for verifying
The safety of service message, gateway 600 are also stored with application identities, using the corresponding relationship with key, recognition unit 620
Specifically for corresponding with key according to the application identities stored in the application identities and gateway carried in service message
Relationship determines key;Benchmark check code is generated according to key;It, will be using mark when benchmark check code is matched with safety check code
Know corresponding application and is determined as application belonging to service message.
Optionally, as another embodiment, key is that key server is using the temporary key generated, gateway
600 further include: transmission unit, for sending request message to key server, request message is for requesting key server
The application of gateway storage generates temporary key;Second receiving unit, for receiving the response message of key server transmission,
Temporary key is carried in response message.
Optionally, as another embodiment, the version number of application is also carried in service message, gateway 600 is also deposited
The corresponding relationship of application identities, version number and key is contained, recognition unit 620 is specifically used for answering according to what is carried in service message
With mark and version number and the corresponding relationship of application identities, version number and key, select corresponding with application identities and version number
Key.
Optionally, as another embodiment, recognition unit 620 is specifically used for according to key, generates benchmark school based on MD5
Test code.
Optionally, as another embodiment, execution unit 630 is specifically used for carrying out service message according to charging policy
Charging.
Fig. 7 is the schematic block diagram of the device of processing business message according to an embodiment of the present invention.The processing business report of Fig. 7
The device 700 of text can be UE, be also possible to SP Server.Device 700 includes: the first generation unit 710 and transmission unit
720。
First generation unit 710 carries application identities, application identities are used for for generating service message in service message
Indicate application belonging to service message;
Transmission unit 720, for sending the service message that the first generation unit 710 generates to the gateway of core net.
In the embodiment of the present invention, by carrying application identities in service message, and this is stored in advance in gateway and answers
With mark, gateway can be according to of the application identities stored in the application identities and gateway carried in service message
It is applied with identification, to improve gateway to the discrimination of application.
Optionally, as one embodiment, check code also safe to carry in service message, safety check code is for verifying industry
The safety of business message, device 700 further include: acquiring unit 730 applies corresponding key for obtaining;Second generation unit
740, for generating safety check code according to key.
Optionally, as another embodiment, key is that key server is using the temporary key generated, acquiring unit
730 are specifically used for sending request message to key server, and request message is interim using generating for requesting key server
Key;The response message that key server is sent is received, carries temporary key in response message.
Optionally, as another embodiment, key is the built-in key applied belonging to service message, acquiring unit 730
Specifically for extracting built-in key.
Optionally, as another embodiment, the version number for generating the application of service message is also carried in service message.
Optionally, as another embodiment, the second generation unit 740 is specifically used for according to key, and is generated based on MD5
Safety check code.
Fig. 8 is the schematic block diagram of gateway according to an embodiment of the present invention.The gateway 800 of Fig. 8 includes: to receive
Device 810 and processor 820.
Receiver 810 carries application identities, application identities are used to indicate industry for receiving service message in service message
Application belonging to business message;
Processor 820, for identifying business report according to the application identities carried in the received service message of receiver 810
Application belonging to text;Processing strategie is executed to service message according to the application pre-established and the corresponding relationship of processing strategie.
In the embodiment of the present invention, by carrying application identities in service message, and this is stored in advance in gateway and answers
With mark, gateway can be according to of the application identities stored in the application identities and gateway carried in service message
It is applied with identification, to improve gateway to the discrimination of application.
Optionally, as one embodiment, gateway 800 is stored with the corresponding relationship of application identities and application, processing
Device 820 is specifically used for the corresponding relationship according to the application identities and application identities and application that carry in service message, will apply
It identifies corresponding application and is determined as application belonging to service message.
Optionally, as another embodiment, check code also safe to carry in service message, safety check code is for verifying
The safety of service message, gateway 800 are also stored with application identities, using the corresponding relationship with key, and processor 820 has
Body is used for the corresponding relationship according to the application identities and application identities and key that carry in service message, determines key;According to
Key generates benchmark check code;When benchmark check code is matched with safety check code, the corresponding application of application identities is determined as
Application belonging to service message.
Optionally, as another embodiment, key is that key server is using the temporary key generated, gateway
800 further include: transmitter, for sending request message to key server, request message is net for requesting key server
The application for closing equipment storage generates temporary key;Receiver 810 is also used to receive the response message of key server transmission, response
Temporary key is carried in message.
Optionally, as another embodiment, the version number of application is also carried in service message, gateway 800 is also deposited
The corresponding relationship of application identities, version number and key is contained, processor 820 is specifically used for according to the application carried in service message
The corresponding relationship of mark and version number and application identities, version number and key selects corresponding with application identities, version number
Key.
Optionally, as another embodiment, processor 820 is specifically used for according to key, generates benchmark verification based on MD5
Code.
Optionally, as another embodiment, processor 820 is specifically used for counting service message according to charging policy
Take.
Fig. 9 is the schematic block diagram of the device of processing business message according to an embodiment of the present invention.The device 900 of Fig. 9 can
To be UE, it is also possible to SP Server.The device 900 includes: processor 910 and transmitter 920.
Processor 910 carries application identities, application identities are used to indicate industry for generating service message in service message
Application belonging to business message;
Transmitter 920, for sending the service message that processor 910 generates to the gateway of core net.
In the embodiment of the present invention, by carrying application identities in service message, and this is stored in advance in gateway and answers
With mark, gateway can be according to of the application identities stored in the application identities and gateway carried in service message
It is applied with identification, to improve gateway to the discrimination of application.
Optionally, as one embodiment, check code also safe to carry in service message, safety check code is for verifying industry
The safety of business message, processor 910 are also used to obtain using corresponding key;Safety check code is generated according to key.
Optionally, as another embodiment, key is that key server is using the temporary key generated, processor
910 are specifically used for sending request message to key server, and request message is interim using generating for requesting key server
Key;The response message that key server is sent is received, carries temporary key in response message.
Optionally, as another embodiment, key is the built-in key applied belonging to service message, and processor 910 has
Body is for extracting built-in key.
Optionally, as another embodiment, the version number for generating the application of service message is also carried in service message.
Optionally, as another embodiment, processor 910 is specifically used for according to key, and generates safe school based on MD5
Test code.
Those of ordinary skill in the art may be aware that list described in conjunction with the examples disclosed in the embodiments of the present disclosure
Member and algorithm steps can be realized with the combination of electronic hardware or computer software and electronic hardware.These functions are actually
It is implemented in hardware or software, the specific application and design constraint depending on technical solution.Professional technician
Each specific application can be used different methods to achieve the described function, but this realization is it is not considered that exceed
The scope of the present invention.
It is apparent to those skilled in the art that for convenience and simplicity of description, the system of foregoing description,
The specific work process of device and unit, can refer to corresponding processes in the foregoing method embodiment, and details are not described herein.
In several embodiments provided herein, it should be understood that disclosed systems, devices and methods, it can be with
It realizes by another way.For example, the apparatus embodiments described above are merely exemplary, for example, the unit
It divides, only a kind of logical function partition, there may be another division manner in actual implementation, such as multiple units or components
It can be combined or can be integrated into another system, or some features can be ignored or not executed.Another point, it is shown or
The mutual coupling, direct-coupling or communication connection discussed can be through some interfaces, the indirect coupling of device or unit
It closes or communicates to connect, can be electrical property, mechanical or other forms.
The unit as illustrated by the separation member may or may not be physically separated, aobvious as unit
The component shown may or may not be physical unit, it can and it is in one place, or may be distributed over multiple
In network unit.It can select some or all of unit therein according to the actual needs to realize the mesh of this embodiment scheme
's.
It, can also be in addition, the functional units in various embodiments of the present invention may be integrated into one processing unit
It is that each unit physically exists alone, can also be integrated in one unit with two or more units.
It, can be with if the function is realized in the form of SFU software functional unit and when sold or used as an independent product
It is stored in a computer readable storage medium.Based on this understanding, technical solution of the present invention is substantially in other words
The part of the part that contributes to existing technology or the technical solution can be embodied in the form of software products, the meter
Calculation machine software product is stored in a storage medium, including some instructions are used so that a computer equipment (can be a
People's computer, server or network equipment etc.) it performs all or part of the steps of the method described in the various embodiments of the present invention.
And storage medium above-mentioned includes: that USB flash disk, mobile hard disk, read-only memory (ROM, Read-Only Memory), arbitrary access are deposited
The various media that can store program code such as reservoir (RAM, Random Access Memory), magnetic or disk.
The above description is merely a specific embodiment, but scope of protection of the present invention is not limited thereto, any
Those familiar with the art in the technical scope disclosed by the present invention, can easily think of the change or the replacement, and should all contain
Lid is within protection scope of the present invention.Therefore, the protection scope of the present invention shall be subject to the protection scope of the claims.
Claims (24)
1. a kind of method of processing business message characterized by comprising
Gateway receives the service message that user equipment (UE) generates, and carries application identities, the application in the service message
Mark is used to indicate application belonging to the service message;
The gateway is according to the application identities and the application identities and application carried in the service message
The corresponding application of the application identities is determined as application belonging to the service message, wherein the gateway is set by corresponding relationship
The standby corresponding relationship for being stored with the application identities and application;
The gateway executes the service message according to the application pre-established and the corresponding relationship of processing strategie
The processing strategie.
2. the method as described in claim 1, which is characterized in that check code also safe to carry, the peace in the service message
Full check code is used to verify the safety of the service message, the gateway be also stored with the application identities, using with
The corresponding relationship of key,
It is then described to identify the application according to the application identities, comprising:
According to the corresponding relationship of the application identities and the application identities and key that are carried in the service message, really
The fixed key;
Benchmark check code is generated according to the key;
When the benchmark check code is matched with the safety check code, the corresponding application of the application identities is determined as described
Application belonging to service message.
3. method according to claim 2, which is characterized in that the key is that key server is facing for application generation
When key,
It is closed described according to the application identities carried in the service message and the application identities are corresponding with key
System, before determining the key, the method also includes:
Request message is sent to the key server, the request message is the application for requesting the key server
Generate the temporary key;
The response message that the key server is sent is received, carries the temporary key in the response message.
4. method according to claim 2, which is characterized in that the version number of the application is also carried in the service message,
The gateway is also stored with the corresponding relationship of the application identities, the version number and the key,
It is described corresponding with the key according to the application identities carried in the service message and the application identities
Relationship determines the key, comprising:
According to the application identities and the version number that are carried in the service message and the application identities, the version
This number corresponding relationship with the key, the selection key corresponding with the application identities and the version number.
5. the method as described in any one of claim 2-4, which is characterized in that
It is described that benchmark check code is generated according to the key, comprising:
According to the key, the benchmark check code is generated based on Message Digest 5 MD5.
6. such as method of any of claims 1-4, which is characterized in that the processing strategie is the charging of the application
Strategy,
The application that the basis pre-establishes and the corresponding relationship of processing strategie execute the processing to the service message
Strategy, comprising:
Charging is carried out to the service message according to the charging policy.
7. a kind of method of processing business message characterized by comprising
User equipment (UE) generates service message, carries application identities in the service message, the application identities are used to indicate institute
State application belonging to service message;
The UE sends the service message to the gateway of core net, wherein the application identities are set for the gateway
It is standby according to the corresponding relationship of the application identities of storage and application identify the service message belonging to application.
8. the method for claim 7, which is characterized in that check code also safe to carry, the peace in the service message
Full check code is used to verify the safety of the service message,
Before the generation service message, further includes:
Obtain the corresponding key of the application;
The safety check code is generated according to the key.
9. method according to claim 8, which is characterized in that the key is that key server is facing for application generation
When key,
It is described to obtain the corresponding key of the application, comprising:
Request message is sent to the key server, the request message is the application for requesting the key server
Generate the temporary key;
The response message that the key server is sent is received, carries the temporary key in the response message.
10. method according to claim 8, which is characterized in that the key is the built-in of application belonging to the service message
Key,
It is described to obtain the corresponding key of the application, comprising: to extract the built-in key.
11. method as claimed in claim 10, which is characterized in that also carried in the service message and generate the service message
Application version number.
12. the method as described in any one of claim 8-11, which is characterized in that described to generate the peace according to the key
Full check code, comprising:
The safety check code is generated according to the key, and based on Message Digest 5 MD5.
13. a kind of gateway characterized by comprising
First receiving unit carries application identities for receiving the service message of user equipment (UE) generation, in the service message,
The application identities are used to indicate application belonging to the service message;
Recognition unit, for according to the application identities and the application identities and application carried in the service message
The corresponding application of the application identities is determined as application belonging to the service message, wherein the gateway is set by corresponding relationship
The standby corresponding relationship for being stored with the application identities and application;
Execution unit, the application and the corresponding relationship of processing strategie for being identified according to the recognition unit pre-established
The processing strategie is executed to the service message.
14. gateway as claimed in claim 13, which is characterized in that check code also safe to carry in the service message,
The safety check code is used to verify the safety of the service message, the gateway be also stored with the application identities,
Using the corresponding relationship with key, the recognition unit is specifically used for according to the application mark carried in the service message
The corresponding relationship of knowledge and the application identities and key, determines the key;Benchmark check code is generated according to the key;
When the benchmark check code is matched with the safety check code, the corresponding application of the application identities is determined as the business
Application belonging to message.
15. gateway as claimed in claim 14, which is characterized in that the key is that key server is raw for the application
At temporary key, the gateway further include:
Transmission unit, for sending request message to the key server, the request message is for requesting the key to take
Device be engaged in as the application generation temporary key;
Second receiving unit, for receiving the response message of the key server transmission, in the response message described in carrying
Temporary key.
16. gateway as claimed in claim 14, which is characterized in that also carry the version of the application in the service message
This number, the gateway is also stored with the corresponding relationship of the application identities, the version number and the key, the identification
Unit is specifically used for according to the application identities and the version number and the application mark carried in the service message
Know, the corresponding relationship of the version number and the key, selects the corresponding key of the application identities and the version number.
17. the gateway as described in any one of claim 14-16, which is characterized in that
The recognition unit is specifically used for according to the key, generates the benchmark check code based on Message Digest 5 MD5.
18. the gateway as described in any one of claim 13-16, which is characterized in that the processing strategie is described answers
Charging policy, the execution unit are specifically used for carrying out charging to the service message according to the charging policy.
19. a kind of device of processing business message characterized by comprising
First generation unit carries application identities, the application identities are used for for generating service message in the service message
Indicate application belonging to the service message;
Transmission unit, for sending the service message that first generation unit generates to the gateway of core net,
In, the application identities identify the business according to the application identities of storage and the corresponding relationship of application for the gateway
Application belonging to message.
20. device as claimed in claim 19, which is characterized in that check code also safe to carry in the service message, it is described
Safety check code is used to verify the safety of the service message, described device further include:
Acquiring unit, for obtaining the corresponding key of the application;
Second generation unit, for generating the safety check code according to the key.
21. device as claimed in claim 20, which is characterized in that the key is that key server generates for the application
Temporary key,
The acquiring unit is specifically used for sending request message to the key server, and the request message is described for requesting
Key server is that the application generates the temporary key;Receive the response message that the key server is sent, the sound
It answers and carries the temporary key in message.
22. device as claimed in claim 20, which is characterized in that the key is the built-in of application belonging to the service message
Key,
The acquiring unit is specifically used for extracting the built-in key.
23. device as claimed in claim 22, which is characterized in that also carried in the service message and generate the service message
Application version number.
24. the device as described in any one of claim 20-23, which is characterized in that second generation unit is specifically used for
The safety check code is generated according to the key, and based on Message Digest 5 MD5.
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| PCT/CN2013/091111 WO2015100615A1 (en) | 2013-12-31 | 2013-12-31 | Method and apparatus for processing service packet, and gateway device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN104995891A CN104995891A (en) | 2015-10-21 |
| CN104995891B true CN104995891B (en) | 2018-12-25 |
Family
ID=53492966
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201380072947.7A Active CN104995891B (en) | 2013-12-31 | 2013-12-31 | The method, apparatus and gateway of processing business message |
Country Status (2)
| Country | Link |
|---|---|
| CN (1) | CN104995891B (en) |
| WO (1) | WO2015100615A1 (en) |
Families Citing this family (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108400879A (en) * | 2017-02-06 | 2018-08-14 | 北京上元信安技术有限公司 | The discovery method and system of information assets based on gateway |
| CN107241310B (en) * | 2017-05-04 | 2020-11-06 | 北京潘达互娱科技有限公司 | Client identity verification method and device |
| CN109388499A (en) * | 2017-08-04 | 2019-02-26 | 东软集团股份有限公司 | Message forwarding method and device, computer readable storage medium, electronic equipment |
| CN110580256B (en) * | 2018-05-22 | 2022-06-10 | 华为技术有限公司 | Method, device and system for identifying application identification |
| CN111431839B (en) * | 2019-01-09 | 2024-03-19 | 中兴通讯股份有限公司 | Processing method and device for hiding user identification |
| CN114915585A (en) * | 2019-03-11 | 2022-08-16 | 华为技术有限公司 | Message processing method, device, equipment and system |
| CN114024917B (en) * | 2020-07-15 | 2024-04-09 | ***通信集团终端有限公司 | Method, device, equipment and storage medium for guaranteeing internet service bandwidth |
| CN113949645A (en) * | 2020-07-15 | 2022-01-18 | 华为技术有限公司 | Service processing method, device, equipment and system |
| CN116095016A (en) * | 2021-11-05 | 2023-05-09 | ***通信有限公司研究院 | Information processing method, device, equipment and readable storage medium |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101309195A (en) * | 2008-06-18 | 2008-11-19 | 华为技术有限公司 | Method and apparatus for guarantee quality of service of secure socket layer of virtual private network |
| CN101827084A (en) * | 2009-01-28 | 2010-09-08 | 丛林网络公司 | The application identification efficiently of the network equipment |
| CN101978677A (en) * | 2008-03-21 | 2011-02-16 | 阿尔卡特朗讯公司 | In-band dpi application awareness propagation enhancements |
Family Cites Families (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101572718B (en) * | 2008-04-30 | 2012-07-11 | 张文 | IP QoS unified strategic system based on oriented application and method thereof |
| CN101873640B (en) * | 2010-05-27 | 2013-04-24 | 华为终端有限公司 | Flow processing method, device and mobile terminal |
| CN102035748B (en) * | 2010-12-31 | 2014-07-30 | 深圳市深信服电子科技有限公司 | Application-based traffic control method and controller |
-
2013
- 2013-12-31 WO PCT/CN2013/091111 patent/WO2015100615A1/en active Application Filing
- 2013-12-31 CN CN201380072947.7A patent/CN104995891B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101978677A (en) * | 2008-03-21 | 2011-02-16 | 阿尔卡特朗讯公司 | In-band dpi application awareness propagation enhancements |
| CN101309195A (en) * | 2008-06-18 | 2008-11-19 | 华为技术有限公司 | Method and apparatus for guarantee quality of service of secure socket layer of virtual private network |
| CN101827084A (en) * | 2009-01-28 | 2010-09-08 | 丛林网络公司 | The application identification efficiently of the network equipment |
Also Published As
| Publication number | Publication date |
|---|---|
| CN104995891A (en) | 2015-10-21 |
| WO2015100615A1 (en) | 2015-07-09 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN104995891B (en) | The method, apparatus and gateway of processing business message | |
| US10285050B2 (en) | Method and apparatus for managing a profile of a terminal in a wireless communication system | |
| EP3284274B1 (en) | Method and apparatus for managing a profile of a terminal in a wireless communication system | |
| EP2719202B1 (en) | Methods, apparatuses and computer program products for identity management in a multi-network system | |
| EP2456246A1 (en) | Network selection method based on multi-link and apparatus thereof | |
| CN103124267B (en) | The method, system and the cloud server that log in/register is carried out by mobile terminal | |
| CN108141745A (en) | The method and apparatus of download profile in mobile communication system | |
| CN109417696A (en) | Method and entity for terminating to subscribe to | |
| US11838752B2 (en) | Method and apparatus for managing a profile of a terminal in a wireless communication system | |
| EP3162104B1 (en) | A method to authenticate calls in a telecommunication system | |
| CN105228126B (en) | A kind of method and system of network access point trustship | |
| CN106302391A (en) | A kind of enciphered data transmission method and proxy server | |
| CN103493457A (en) | Account linkage in machine-to-machine scenarios | |
| CN103905399A (en) | Account registration management method and apparatus | |
| CN105228121A (en) | Use the subscriber management of REST formula interface | |
| WO2016165505A1 (en) | Connection control method and apparatus | |
| CN108055238A (en) | A kind of account verification method and system | |
| CN108632325A (en) | A kind of call method and device of application | |
| EP2905979A1 (en) | Charge control method, device and system for roaming user data service | |
| CN103581881B (en) | Comprehensive number-obtaining device as well as system and method for obtaining cell phone number of user on network side | |
| CN108235823A (en) | Agency is without roaming cellular | |
| CN104936177B (en) | A kind of access authentication method and access authentication system | |
| CN104253787A (en) | Service authentication method and system | |
| CN105357771B (en) | Connect method for building up and user terminal | |
| CN105409259B (en) | Telephone service is provided by WIFI for non-cellular |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |