CN1553660A - Authentication for wireless package domain lateral activation - Google Patents
Authentication for wireless package domain lateral activation Download PDFInfo
- Publication number
- CN1553660A CN1553660A CNA031363083A CN03136308A CN1553660A CN 1553660 A CN1553660 A CN 1553660A CN A031363083 A CNA031363083 A CN A031363083A CN 03136308 A CN03136308 A CN 03136308A CN 1553660 A CN1553660 A CN 1553660A
- Authority
- CN
- China
- Prior art keywords
- mobile device
- target mobile
- authentication
- server
- user name
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Landscapes
- Mobile Radio Communication Systems (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
This invention discloses a method for enabling the authentication at the side of wireless packet domain network. It includes following steps: the user's device sends request for building the communication with the target mobile device, after receiving the request the server make authentication to the target mobile device; if the authentication is succeeded, through the packet gateway device sends the message for enabling the side of the target mobile device network to the target mobile device; if the authentication is failure, then sends the deny message to the target mobile device. The invention solves the problems that are some user's device can make baleful attack and packet vicious calling.
Description
Technical field
The present invention relates to a kind of method for authenticating of wireless network, the method for authenticating that particularly a kind of packet radio domain network side activates.
Background technology
Use mobile network's mobile subscriber equipment or use the fixed user equipment of fixed network to link to each other by the mobile core network packet domain of local network with target mobile device place, mobile subscriber equipment or fixed user equipment activate calling to the network side of target mobile device, the direct communication of realization and target mobile device.
When mobile subscriber equipment or fixed user equipment activate when calling out the network side of target mobile device, directly set up the link of mobile subscriber or fixed user equipment and target mobile user, the fail safe to the targeted customer does not take in, therefore, certain user's equipment might carry out the grouping harassing and wrecking calling and the malicious attack of malice to the target mobile device, causes the waste of wireless network resource and target mobile device can't carry out the use of normal packets business.
Summary of the invention
The invention provides the method for authenticating that a kind of packet radio domain network side activates, this method has solved certain user's equipment might carry out the grouping harassing and wrecking calling of malice and the problem of malicious attack to the target mobile device.
According to above-mentioned purpose, technical scheme of the present invention is achieved in that
The method for authenticating that a kind of packet radio domain network side activates, this method comprises:
The subscriber equipment request of sending is set up communication information with the target mobile device, server receives that the authentication of carrying out this target mobile device behind the communication information judges, if authentication success, by mobile packet gateway equipment send activate target mobile device network side message to the target mobile device, set up communicating by letter of subscriber equipment and target mobile device; If authentication is unsuccessful, then send target mobile device refuse information to subscriber equipment, subscriber equipment and target mobile device communication are set up failure.
The described authentication judgement of carrying out this target mobile device further comprises:
A1, target mobile device authorization data structure is set in server, this authorization data structure comprises the user name of target mobile device and allows the Subscriber Number or the user name of incoming call, wherein, the user name of a target mobile device is corresponding with the Subscriber Number or the user name of permission incoming call more than;
B1, in the Subscriber Number in the communication information or user name and this target mobile device authorization data structure one of them allow the Subscriber Number or the user name of incoming call identical, then authentication success, otherwise, failed authentication.
The described authentication judgement of carrying out this target mobile device further comprises:
A2, target mobile device authorization data structure is set in server, this authorization data structure comprises the user name of target mobile device and does not allow the Subscriber Number or the user name of incoming call, wherein, the user name of a target mobile device with do not allow the Subscriber Number of incoming call or user name corresponding more than one;
B2, in the Subscriber Number in the communication information or user name and this target mobile device authorization data structure one of them do not allow the Subscriber Number of incoming call or user name identical, failed authentication then, otherwise, the authentication success.
Described server comprises two servers, the log-on message of one of them server stores subscriber equipment and target mobile device, send the activation authentication request message of target mobile device, the authentication message of another server stores target mobile device and the subscriber equipment of request and the communication of target mobile device carried out authentication.
The activation authentication request message server of described transmission target mobile device is a mobile access server.
Described subscriber equipment is for using mobile network's mobile subscriber equipment.
Described subscriber equipment is for using the subscriber equipment of fixed network.
The method for authenticating that the present invention provides a kind of target device network side to activate on the basis of target device calling system, work as subscriber equipment, this subscriber equipment comprises fixed user equipment or mobile device, during call targets equipment, and the needed authentication password of input target mobile device, server in the target mobile device authentication calling system is judged the correctness of this authentication password, if this password is correct, communicating by letter of subscriber equipment and target mobile device set up in authentication success, otherwise, failed authentication.Therefore, the invention solves certain user's equipment and might carry out the grouping harassing and wrecking calling of malice and the problem of malicious attack the target mobile device, little to mobile packet gateway equipment influence, need not change the existing agreement flow process of target mobile core network equipment, improved the system compatibility of mobile packet network equipment, be convenient to network side and activate carrying out of mobile Packet Service.
Description of drawings
Fig. 1 realizes an embodiment flow chart of target mobile device network side authentication functions for the present invention.
Fig. 2 is a kind of embodiment authorization data structure chart in the server 2.
Fig. 3 is the another kind of embodiment authorization data structure chart in the server 2.
Fig. 4 realizes another embodiment flow chart of target mobile device network side authentication functions for the present invention.
Embodiment
In order to make the purpose, technical solutions and advantages of the present invention clearer, by the following examples and with reference to accompanying drawing, the present invention is described in more detail.
When the fixed user equipment of mobile subscriber equipment that uses the mobile network and use fixed network activates calling to target mobile device network side, in order to prevent certain user's equipment the grouping harassing and wrecking that the target mobile device carries out malice are called out and malicious attack, must activate network side and carry out authentication, therefore, the present invention carries out authentication to packet call outside wireless network, having reduced grouping harassing and wrecking and grouping and attacked the taking of mobile network resource, is a kind of prioritization scheme of realizing the called target mobile device of terminal network side activating.
Below lift specific embodiment technical scheme of the present invention be described:
The system that is made up of subscriber equipment, server 1, server 2, mobile packet gateway and target mobile device can realize target mobile device network side authentication functions, wherein,
Subscriber equipment is for mobile subscriber equipment that uses the mobile network or the fixed user equipment of using fixed network, and as moving target mobile device or computer, subscriber equipment mainly carries out registration of subscriber equipment relevant information and acquisition request target mobile device information;
The target mobile device is according to the mobile packet communication agreement network enabled side activating function and the grouping incoming call audit function of standard, and subscription data allows to carry out network side and activates;
Server 1 major function is: registration, storage and the service response function of finishing the subscriber equipment relevant information, when the target mobile device is unregistered, the activation authentication request message of target mobile device is carried out in transmission, when receiving the authentication success message, to mobile packet gateway equipment, send and activate the request of target mobile device, finish network side and activate agent functionality;
The major function of server 2 is the relevant authentication information of storage target mobile device, this authentication information comprises the user equipment information that allows or do not allow to activate this target mobile device, allow the configuration information of the signatory target mobile device of network side activation, when receiving the request that activates the target mobile device, carry out authentication, accept the target mobile device user and safeguard authentication information;
The major function of mobile packet gateway is: when receiving the request of activation target mobile device, initiate the network side activation process to the target mobile device; When network side activates successfully, send response message to associated server, carry out the registration of target mobile device relevant information.
This system realizes the authentication of target mobile device network side in server 1 and server 2, and need in mobile packet gateway, not realize the authentication of target mobile device network side, reduced the influence of authentication, made authentication process not take the resource of mobile packet gateway equipment mobile packet gateway.2 of server 1 and servers are according to different networks and difference can be mobile access server (MAS) as server in fixed network 1, as long as this server can have authentication and communication function.Mobile packet gateway equipment is according to the difference of network and difference is GGSN as mobile packet gateway equipment in CDMA network, as long as realize the communication between calling subscriber and the called subscriber.
Use the authentication that this system realizes target mobile device network side, as shown in Figure 1, Fig. 1 realizes an embodiment flow chart of target mobile device network side authentication functions for the present invention, and its concrete steps are:
Step 100, subscriber equipment sends registration information to server 1, and this registration information makes other subscriber equipmenies can inquire the relevant information of this subscriber equipment;
Step 101, server 1 returns to succeed in registration and replys;
Step 102, subscriber equipment sends the message that requires with the target mobile device communication, the relevant information of acquisition request target mobile device to server 1;
Step 103,104, server 1 is searched relevant log-on data library information, if search failure, then send requesting activation target mobile device authentication message to server 2, this authentication message has subscriber equipment or user's relevant information, the password of target mobile device; Search successfully, return the information such as IP address of target mobile device to subscriber equipment;
Step 105,106,107, after server 2 is received requesting activation target mobile device authentication message, search the authorization data storehouse authentication is carried out in this request, if authentication success, the message of requesting activation target mobile device authentication success is sent to mobile packet gateway equipment, server 2 finds the signatory IP address of target mobile device according to the MSISDN of target mobile device, and the mobile gateway information at the IP address of this target mobile device, place is included in returns to server 1 in the authentication success message; If authentication is unsuccessful, return failed authentication message to server 1, server 1 returns the target mobile user refuse information to subscriber equipment;
Step 108, server 1 use the IP address of this target mobile device to initiate the request that network side activates this target mobile device to mobile packet gateway equipment after receiving the authentication success message;
Step 109, the flow process of mobile packet gateway equipment use agreement regulation are initiated network side to the target mobile device and are activated;
Step 110,111,112,113, whether the inspection of target mobile device allows target mobile device network side to activate, if allow, the target mobile device sends the message that target mobile device network side activates to mobile gateway, otherwise, the user of target mobile device can activate request by manual operation refusal network side, and refusal activates request and sends to subscriber equipment by mobile packet gateway equipment, server 1;
Step 114 after the mobile packet gateway device activation success, returns packet gateway device activation success message for the target mobile device;
Step 115, mobile packet gateway device-to-server 1 are initiated registration target mobile device request-related information, and expression activates successful respond, and this registration message comprises the IP address of target mobile device, mobile packet gateway information etc.;
Step 116, server 1 increase after receiving registration message, the registration updating database, return the message that succeeds in registration for mobile packet gateway;
Step 117 sends to subscriber equipment to the information such as IP address of target mobile device;
Step 118,119 after subscriber equipment obtains the IP address of target mobile device, sends the application data bag to the target mobile device, carries out normal packet communications with the target mobile device.
Described step 100 of this method and step 101 are optional step, and subscriber equipment also can ask to communicate by letter with the foundation of target mobile device without registration.
After server 2 is received requesting activation target mobile device authentication message, to search the authorization data storehouse authentication is carried out in this request, the method for authentication has two kinds:
One, one user name of method for authenticating, i.e. corresponding a plurality of cryptographic consumer equipment numbers of the MSISDN of target mobile device or user name, as long as the password in the request message conforms to one of them password, then the match is successful.If the match is successful, return the authentication success; Otherwise return failed authentication message to server 1, server 1 returns the target mobile user refuse information to subscriber equipment.
Server 2 authorization data structures as shown in Figure 2, Fig. 2 is a kind of embodiment authorization data structure chart in the server 2, its specific descriptions are: the authorization data structure of target mobile device is made up of username and password, promptly form by the MSISDN of target device and the Subscriber Number or the user name of permission incoming call, the value of supposing MAISDN is 13641091700, when the password of subscriber equipment input target mobile device is 13641091737, data structure by the query aim mobile device, judge that this password is user name 13641091700 one of them password, this target mobile device authentication success.Server 2 also can be provided with other password for same MAISDN.
Method for authenticating two, the stored target mobile device is forbidden the one or more Subscriber Numbers or the user name of packet radio incoming call in this database password territory.As long as the password in the authentication request message conforms to one of them password, then return failed authentication message to server 1, server 1 returns target mobile device refuse information to subscriber equipment; Otherwise return the authentication success.
Server 2 authorization data structures as shown in Figure 3, Fig. 3 is the another kind of embodiment authorization data structure chart in the server 2, its specific descriptions are: the authorization data structure of target mobile device is made up of username and password, promptly by the MSISDN of target mobile device with do not allow the Subscriber Number of incoming call or user name to form, the value of supposing MAISDN is 13641091700, when the password of subscriber equipment input target mobile device is 13641091737, data structure by the query aim mobile device, judge that this password is user name 13641091700 one of them password, this target mobile device failed authentication.Server 2 also can be provided with other password for same MAISDN.
The present invention can also be merged into a server 1 with server 1 and server 2, this server combines all functions of two servers, realize the authentication functions of target mobile device network side, as shown in Figure 4, Fig. 4 realizes another embodiment flow chart of target mobile device network side authentication functions for the present invention, and the system of this realization target mobile device network authentication function forms its concrete steps by subscriber equipment, server 1, mobile packet gateway and target mobile device and is:
Step 400, subscriber equipment sends registration information to server 1, and this registration information makes other subscriber equipmenies can inquire the relevant information of this subscriber equipment;
Step 401, server 1 returns to succeed in registration and replys;
Step 402, subscriber equipment sends the message that requires with the target mobile device communication, the relevant information of acquisition request target mobile device to server 1;
Step 403, server 1 are searched relevant log-on data library information, if search successfully, return the information such as IP address of target mobile device to subscriber equipment, if search unsuccessfully, change step 404 over to;
Step 404,405, server 1 are searched the authorization data storehouse and are carried out authentication, if the authentication success, requesting activation target mobile device authentication success message sends to mobile packet gateway equipment; If authentication is unsuccessful, server 1 returns target mobile device refuse information to subscriber equipment;
Step 406, mobile packet gateway equipment are initiated network side according to the flow process of agreement regulation to the target mobile device and are activated;
Step 407,408,409,410, whether the inspection of target mobile device allows target mobile device network side to activate, if allow, the target mobile device sends the message that target mobile device network side activates to mobile gateway, otherwise, the user of target mobile device can activate request by manual operation refusal network side, and refusal activates request and sends to subscriber equipment by mobile packet gateway equipment, server 1;
Step 411 after the mobile packet gateway device activation success, returns packet gateway device activation success message for the target mobile device;
Step 412, mobile packet gateway device-to-server 1 are initiated registration target mobile device request-related information, and expression activates successful respond, and this registration message comprises the IP address of target mobile device, mobile packet gateway information etc.;
Step 413, server 1 increase after receiving registration message, the registration updating database, return the message that succeeds in registration for mobile packet gateway;
Step 414 sends to subscriber equipment to the IP address information of target mobile device;
Step 415,416 after subscriber equipment obtains the IP address of target mobile device, sends the application data bag to the target mobile device, carries out normal packet communications with the target mobile device.
Described step 400 of this method and step 401 are optional step, if subscriber equipment passes through without the registration authentication, also can ask to communicate by letter with the foundation of target mobile device.
The above only is preferred embodiment of the present invention, not in order to restriction the present invention, all any modifications of being made within the spirit and principles in the present invention, is equal to and replaces and improvement etc., all should be included within protection scope of the present invention.
Claims (7)
1, a kind of method for authenticating of packet radio domain network side activation is characterized in that this method comprises:
The subscriber equipment request of sending is set up communication information with the target mobile device, server receives that the authentication of carrying out this target mobile device behind this communication information judges, if authentication success, by mobile packet gateway equipment send activate target mobile device network side message to the target mobile device, set up communicating by letter of subscriber equipment and target mobile device; If authentication is unsuccessful, then send target mobile device refuse information to subscriber equipment, subscriber equipment and target mobile device communication are set up failure.
2, the method for claim 1 is characterized in that, the described authentication judgement of carrying out this target mobile device further comprises:
A1, target mobile device authorization data structure is set in server, this authorization data structure comprises the user name of target mobile device and allows the Subscriber Number or the user name of incoming call, wherein, the user name of a target mobile device is corresponding with the Subscriber Number or the user name of permission incoming call more than;
B1, in the Subscriber Number in the communication information or user name and this target mobile device authorization data structure one of them allow the Subscriber Number or the user name of incoming call identical, then authentication success, otherwise, failed authentication.
3, the method for claim 1 is characterized in that, the described authentication judgement of carrying out this target mobile device further comprises:
A2, target mobile device authorization data structure is set in server, this authorization data structure comprises the user name of target mobile device and does not allow the Subscriber Number or the user name of incoming call, wherein, the user name of a target mobile device with do not allow the Subscriber Number of incoming call or user name corresponding more than one;
B2, in the Subscriber Number in the communication information or user name and this target mobile device authorization data structure one of them do not allow the Subscriber Number of incoming call or user name identical, failed authentication then, otherwise, the authentication success.
4, the method for claim 1, it is characterized in that, described server comprises two servers, the log-on message of one of them server stores subscriber equipment and target mobile device, send the activation authentication request message of target mobile device, the authentication message of another server stores target mobile device and the subscriber equipment of request and the communication of target mobile device carried out authentication.
5, the method for claim 1 is characterized in that, the activation authentication request message server of described transmission target mobile device is a mobile access server.
6, the method for claim 1 is characterized in that, described subscriber equipment is for using mobile network's mobile subscriber equipment.
7, the method for claim 1 is characterized in that, described subscriber equipment is for using the subscriber equipment of fixed network.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNB031363083A CN100337451C (en) | 2003-05-26 | 2003-05-26 | Authentication for wireless package domain lateral activation |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNB031363083A CN100337451C (en) | 2003-05-26 | 2003-05-26 | Authentication for wireless package domain lateral activation |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN1553660A true CN1553660A (en) | 2004-12-08 |
| CN100337451C CN100337451C (en) | 2007-09-12 |
Family
ID=34323287
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CNB031363083A Expired - Fee Related CN100337451C (en) | 2003-05-26 | 2003-05-26 | Authentication for wireless package domain lateral activation |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN100337451C (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2009124475A1 (en) * | 2008-04-08 | 2009-10-15 | 深圳华为通信技术有限公司 | A method, a system and a terminal of supporting working in a power-saving mode |
| CN1815956B (en) * | 2005-02-05 | 2010-08-25 | 华为技术有限公司 | Method for identifying authority in wireless group business |
| CN1815955B (en) * | 2005-02-05 | 2012-03-21 | 华为技术有限公司 | Method for identifying authority of user |
Family Cites Families (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| KR19990028500A (en) * | 1996-04-29 | 1999-04-15 | 엠. 제이. 엠. 반캄 | Limited access to telecommunications networks and units for telecommunications systems and such systems |
| JP2001036636A (en) * | 1999-07-19 | 2001-02-09 | Aiwa Co Ltd | Communication control method and communication terminal |
| JP3414345B2 (en) * | 1999-12-10 | 2003-06-09 | 日本電気株式会社 | Recording medium recording call-out / call-in control system, call-in / out control method, call-out control program |
| JP2001237962A (en) * | 2000-02-22 | 2001-08-31 | Kansai Nippon Denki Tsushin System Kk | Exchange having evil call incoming discrimination service function and its discrimination method |
| CN1181663C (en) * | 2000-10-09 | 2004-12-22 | 高勇 | Device for called user to resist harassing call positively |
-
2003
- 2003-05-26 CN CNB031363083A patent/CN100337451C/en not_active Expired - Fee Related
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1815956B (en) * | 2005-02-05 | 2010-08-25 | 华为技术有限公司 | Method for identifying authority in wireless group business |
| CN1815955B (en) * | 2005-02-05 | 2012-03-21 | 华为技术有限公司 | Method for identifying authority of user |
| WO2009124475A1 (en) * | 2008-04-08 | 2009-10-15 | 深圳华为通信技术有限公司 | A method, a system and a terminal of supporting working in a power-saving mode |
| CN101557330B (en) * | 2008-04-08 | 2012-08-15 | 华为终端有限公司 | Method, system and terminals supporting power saving mode |
Also Published As
| Publication number | Publication date |
|---|---|
| CN100337451C (en) | 2007-09-12 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN1246773A (en) | Method and device for providing access control for cocal service of moving device | |
| CN1706167A (en) | Configuration of enterprise gateways | |
| CN1656771A (en) | Key updates in a mobile wireless system | |
| CN1627842A (en) | Method of selecting gateway of data packets by users in wireless local area network | |
| CN101064714A (en) | Service dispensing method | |
| CN1874595A (en) | Control system and control method for terminal to use network | |
| CN1441569A (en) | Concentrated network equipment managing method | |
| CN1968117A (en) | Method for adding LAN subscriber into group communication in instant communication | |
| CN1713629A (en) | Realization of user login name and IP address binding | |
| CN1921682A (en) | Method for enhancing key negotiation in universal identifying framework | |
| CN1870551A (en) | Distribution type group communication management system and method for setting group | |
| CN1456009A (en) | Method and device for limiting call accompanying execution of application | |
| CN101039213A (en) | Method for controlling user access in communication network | |
| CN1578487A (en) | Method for mobile terminal switching in packet network | |
| CN1279551A (en) | Communication network and management for immigration of mobile agents | |
| CN1909524A (en) | Automatic configuration method and system for digital household terminal | |
| CN1845600A (en) | Method and system for realizing user key arrangement in mobile broadcast television service | |
| CN1795656A (en) | Secure traffic redirection in a mobile communication system | |
| CN101051967A (en) | Communication system and its method for user's device in user's network | |
| CN1852595A (en) | Method for authent ation of access of wireless communication terminal | |
| CN1968507A (en) | Mobile terminal positioning method and system | |
| CN1176540C (en) | Method for realizing switch in with mixed multiple users'types in Ethernet network switch in devices | |
| CN1849003A (en) | Method for right discrimination to user | |
| CN1225864C (en) | Safety management method of network comprehensive switch on equipment | |
| CN100337451C (en) | Authentication for wireless package domain lateral activation |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CF01 | Termination of patent right due to non-payment of annual fee | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20070912 Termination date: 20200526 |