WO2017041562A1 - Method and device for identifying user identity of terminal device - Google Patents

Method and device for identifying user identity of terminal device Download PDF

Info

Publication number
WO2017041562A1
WO2017041562A1 PCT/CN2016/086028 CN2016086028W WO2017041562A1 WO 2017041562 A1 WO2017041562 A1 WO 2017041562A1 CN 2016086028 W CN2016086028 W CN 2016086028W WO 2017041562 A1 WO2017041562 A1 WO 2017041562A1
Authority
WO
WIPO (PCT)
Prior art keywords
user identity
terminal device
user
identity information
query request
Prior art date
Application number
PCT/CN2016/086028
Other languages
French (fr)
Chinese (zh)
Inventor
周朝阳
Original Assignee
中兴通讯股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 中兴通讯股份有限公司 filed Critical 中兴通讯股份有限公司
Publication of WO2017041562A1 publication Critical patent/WO2017041562A1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/40Network security protocols
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0853Network architectures or network communication protocols for network security for authentication of entities using an additional device, e.g. smartcard, SIM or a different communication terminal
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint

Definitions

  • the present application relates to, but is not limited to, the field of mobile communications, and in particular, to a method and apparatus for identifying a user identity of a terminal device.
  • the user's Facebook account can be used to log in to most foreign Internet websites or mobile Internet apps.
  • the decisive factor behind it is that Facebook will open its user account and its account-based identity to third parties.
  • the third-party websites and APPs required by the rules can identify the user's identity through Facebook's user identification capability.
  • MSISDN Mobile Subscriber International ISDN
  • IMSI International Mobile Subscriber Identification Number
  • the embodiment of the invention provides a method and a device for identifying a user identity of a terminal device, so as to solve the problem that the third party cannot identify the identity of the user of the terminal device in the related art.
  • the embodiment of the invention discloses a method for identifying a user identity of a terminal device, the method comprising:
  • the received user identity information is fed back to the third party.
  • the user identity information includes at least a Mobile Subscriber International Number (MSISDN) and an International Mobile Subscriber Identity (IMSI).
  • MSISDN Mobile Subscriber International Number
  • IMSI International Mobile Subscriber Identity
  • the user identity query request is an Rx interface message.
  • the method further includes: when receiving the user identity information fed back by the PCRF, identifying other user identity information according to the user identity information fed back by the PCRF, and receiving the user identity information and other identified User identity information is fed back to the third party;
  • the other user identity information includes at least a user address and a user name.
  • the method further includes: saving all user identity information of the terminal device, and acquiring and updating the user identity information of the terminal device from the operator relationship management system of the operator, so that the saved user identity information and the operator actually have the latest information. User identity information is consistent.
  • the method when receiving a user identity request initiated by a third party for the terminal device, the method further includes:
  • the client of the terminal device passes the access authentication and the user authorization, the user identity query request is generated according to the user identity identification request, and the generated user identity query request is sent to the PCRF.
  • the embodiment of the invention further discloses an apparatus for identifying a user identity of a terminal device, the device comprising at least an application interaction module, an identity recognition module and a network interaction module, wherein:
  • the application interaction module is configured to: open an identity recognition interface to a third party, receive a user identity request initiated by the third party for the terminal device, and feed back the user identity information of the terminal device that is queried by the third party to the third party. ;
  • the identity identification module is configured to generate a user identity query request according to the received user identity request, where the user identity query request carries an IP address of the terminal device, to instruct the PCRF to query according to the user identity
  • the IP address in the request, the user identity information corresponding to the IP address is returned, and the user identity information of the terminal device queried by the third party is obtained from the response of the received user identity query request and sent to the application interaction.
  • the network interaction module is configured to send the user identity query request generated by the identity recognition module to the core network PCRF, and receive a response of the user identity query request returned by the PCRF, and return the response of the user identity query request to the The identity recognition module.
  • the user identity information includes at least a Mobile Subscriber International Number (MSISDN) and an International Mobile Subscriber Identity (IMSI).
  • MSISDN Mobile Subscriber International Number
  • IMSI International Mobile Subscriber Identity
  • the user identity query request is an Rx interface message.
  • the identity recognition module is further configured to: identify other user identity information according to the user identity information in the response of the user identity query request, and the received user identity information and the identified other user identity. The information is fed back to the application interaction module, where the other user identity information includes at least a user address and a user name; the application interaction module is further configured to feed back all user identity information sent by the identity recognition module The third party.
  • the foregoing apparatus further includes: an identity information module, configured to save all user identity information of the terminal device, and obtain and update user identity information of the terminal device from the operator relationship management system of the operator, so that the saved user identity information and The latest user identity information actually owned by the operator is consistent.
  • an identity information module configured to save all user identity information of the terminal device, and obtain and update user identity information of the terminal device from the operator relationship management system of the operator, so that the saved user identity information and The latest user identity information actually owned by the operator is consistent.
  • the device further includes: an access authentication module, configured to perform access authentication on the client of the terminal device when the application interaction module receives a user identity request initiated by the third party for the terminal device User authorization; the identity recognition module is set to be only in the terminal The user identity query request is generated only when the client of the device accesses the authentication and the user authorization.
  • an access authentication module configured to perform access authentication on the client of the terminal device when the application interaction module receives a user identity request initiated by the third party for the terminal device User authorization
  • the identity recognition module is set to be only in the terminal
  • the user identity query request is generated only when the client of the device accesses the authentication and the user authorization.
  • the embodiment of the present invention further discloses an apparatus for identifying a user identity of a terminal device, the apparatus at least comprising: a first module, configured to: when receiving an Rx interface message carrying only an IP address of the terminal device, determining that the Rx interface message is The user identity query request is used to query the user identity information corresponding to the IP address according to the IP address in the user identity query request.
  • the second module is configured to feed back the queried user identity information to the terminal device.
  • the user identity information includes at least a Mobile Subscriber International Number (MSISDN) and an International Mobile Subscriber Identity (IMSI).
  • MSISDN Mobile Subscriber International Number
  • IMSI International Mobile Subscriber Identity
  • an embodiment of the present invention further provides a computer readable storage medium storing computer executable instructions, where the computer executable instructions are implemented to implement the method for identifying a user identity of a terminal device.
  • the technical solution of the present application provides a method for identifying a user identity of a terminal device and a corresponding device thereof, and the user identity recognition capability of the operator is opened to a third-party APP, and the third-party APP can pass the user identity recognition capability API of the operator (Application)
  • the Programming Interface application programming interface
  • the identity identifier (MSISDN mobile phone number and IMSI number) of the operator user can be extended to various third-party APPs and contents, and can play an important role in various big data scenarios;
  • the identity of the operator user can be applied to scenarios such as user identification and user authentication and authorization in various mobile Internet scenarios, so that the APP can directly obtain the MSISDN mobile phone number and IMSI number of the user through the network, and the operator
  • the user account has developed into an identity number that is common across mobile networks and the Internet. It penetrates into various mobile Internet applications and can infinitely amplify the value of the MSISDN mobile phone number and IMSI number managed by the operator, making it a rival to the super Internet APP. Beyond the killer-level strategic resources of the Super Internet App.
  • FIG. 1 is a schematic structural diagram of an apparatus for identifying a user identity of a terminal device in Embodiment 2;
  • FIG. 2 is a network location diagram of an apparatus for identifying a user identity of a terminal device in Embodiment 2;
  • FIG. 3 is a schematic diagram showing the working principle of identifying a user identity of a terminal device in Embodiment 2;
  • FIG. 4 is a service flow diagram of identifying a user identity of a terminal device in Embodiment 2;
  • FIG. 5 is a flow chart showing another service for identifying a user identity of a terminal device in Embodiment 2;
  • FIG. 6 is a schematic structural diagram of an apparatus for identifying a user identity of a terminal device in Embodiment 3;
  • FIG. 7 is a schematic diagram of a method for identifying a user identity of a terminal device in Embodiment 1.
  • the embodiment provides a method for identifying the identity of the user of the terminal device, and only needs to provide the private Internet IP address (Private Internet Protocol) address that is allocated when the terminal device accesses the mobile network, and the terminal device that uses the IP address is obtained at the operator.
  • the registered MSISDN ie, the mobile subscriber international number, the full name of the Mobile Subscriber International ISDN, where ISDN is the Integrated Services Digital Network, short for the Integrated Service Digital Network
  • IMSI International Mobile Subscriber Identification Number
  • the above method includes the following operations:
  • Step 100 When receiving a user identity request initiated by the third party for the terminal device, generate a user identity query request according to the user identity request, and send the generated user identity query request to the PCRF (Policy and Charging Rules Function, policy and Billing rule function unit);
  • PCRF Policy and Charging Rules Function, policy and Billing rule function unit
  • the generated user identity query request only carries the IP address of the terminal device, to instruct the PCRF to query the IP address in the request according to the user identity, and return the user identity information corresponding to the IP address.
  • the user identity query request may be an Rx interface message.
  • the Rx interface message carries only the private network IP address of the terminal device, and does not carry service and media information.
  • the PCRF will recognize this Rx interface message as a user identity query request instead of a normal accounting or policy request message.
  • Step 200 When receiving the user identity information fed back by the PCRF, the received user identity information is fed back to the third party.
  • the user identity information fed back by the PCRF includes at least an MSISDN and an IMSI.
  • Some schemes also propose that, in addition to the user identity information fed back by the PCRF, the user identity information, such as the user name and the user address, may be queried, and the user identity information fed back by the PCRF and other users acquired subsequently may be obtained. The identity information is fed back to the third party.
  • the user identity information such as the user name and the user address
  • the “other user identity information” mentioned above can be obtained and updated in real time from the operator's customer relationship management system, thereby ensuring synchronization of the “other user identity information” involved in the present application with the actual user information.
  • the client of the terminal device when receiving a user identity request initiated by the third party for the terminal device, the client of the terminal device can perform access authentication and user authorization, only when the terminal When the client of the device passes the access authentication and the user authorization, the user identity query request is generated according to the user identity request, and the generated user identity query request is sent to the PCRF.
  • This embodiment provides an apparatus for identifying a user identity of a terminal device, which is based on a PCC architecture (the PCC architecture is defined in the 3GPP TS 23.203 specification, which is referred to as a Policy and charging control architecture), and fully utilizes the PCC architecture of the carrier core network.
  • the PCRF network element provides the charging and policy control interface provided by the service layer (that is, the Rx interface defined by the 3GPP TS 29.214 specification, hereinafter referred to as the Rx interface), and expands the operation mode of the Rx interface, that is, sends the core to the core.
  • the Rx request message of the network PCRF only carries information such as the private network IP address of the terminal device, and does not carry service and media information, so that the core network PCRF knows that this is not an ordinary charging or policy request message, but requests it according to the request.
  • the private network IP address in the message returns the MSISDN and IMSI information of the terminal device user corresponding to the private network IP address.
  • the device for identifying the user identity of the terminal device implemented by the present application provides an identity identification interface to the third-party APP, receives the user identity identification request of the terminal device initiated by the third-party APP, extracts the private network IP address in the request message, and according to The request message requires basic identity information identification or detailed identity information identification.
  • the identity response is performed in a targeted manner, and the corresponding basic identity information (MSISDN and IMSI information) or detailed identity information (in addition to the MSISDN and IMSI information, Including user address, user name, etc., to realize the identity recognition function of the terminal device.
  • MSISDN and IMSI information basic identity information
  • detailed identity information in addition to the MSISDN and IMSI information, Including user address, user name, etc.
  • the terminal device involved may be a fixed or mobile electronic device in which various SIM (subscriber identity module) cards or similar user account cards are placed.
  • the apparatus provided in this embodiment includes at least an application interaction module, an identity recognition module, and a network interaction module.
  • the application interaction module is configured to: open an identity recognition interface to a third party, and receive an identity identification request initiated by a client application installed on the terminal device or an identity identification request message initiated by an external server backend system, and perform an identity identification request message After processing, the method is sent to the identity recognition module, and the user identity information of the terminal device that is queried by the identity identification request message is fed back to the third party.
  • the identity recognition module is configured to: according to the IP address of the terminal device provided by the client, and organize the identity query request message according to the AA-Request command feature of the Rx interface of the PCRF system of the operator core, through the network interaction module and the core network PCRF Docking, initiating an identity query request, instructing the PCRF to return the user identity information (including at least the MSISDN and IMSI information) corresponding to the IP address according to the IP address provided in the AA-Request request message, and requesting the user identity query from the received
  • the user identity information of the terminal device queried by the third party is obtained in response and sent to the application interaction module.
  • the IP address of the terminal device is allocated by the core network when the terminal device accesses the Internet through the wireless network, and the core network stores the allocated terminal device IP address and its corresponding MSISDN and IMSI information.
  • the network interaction module is configured to receive the request message of the identity module, and the adaptation core network PCRF sends the request message to the PCRF based on the Rx interface message of the Diameter protocol, and receives the response message of the user identity query request returned by the PCRF, and A corresponding response message is returned to the identity module.
  • the foregoing identity recognition module is further configured to: identify other user identity information (such as a user address, a user name, and the like) according to the user identity information in the response of the user identity query request.
  • the received user identity information and the identified other user identity information are fed back to the application interaction module.
  • the application interaction module is configured to feed back all the user identity information sent by the identity module to the third party.
  • the foregoing apparatus further includes an identity information module, configured to save all user identity information of the terminal device, and obtain and update user identity information of the terminal device from the operator relationship management system of the operator, so that the user identity information in the identity information module is The latest user identity information actually owned by the operator is consistent.
  • an identity information module configured to save all user identity information of the terminal device, and obtain and update user identity information of the terminal device from the operator relationship management system of the operator, so that the user identity information in the identity information module is The latest user identity information actually owned by the operator is consistent.
  • the device may further include an access authentication module.
  • the identity recognition module invokes an interface of the access authentication module according to the information of the client (including the client application and the external system) that initiates the identity identification request, and accesses the client. Authenticate and receive the authentication result returned by the access authentication module. If the access authentication module returns a result indicating that the authentication is passed, the identity recognition module initiates a subsequent identity recognition operation.
  • the access authentication module is configured to receive an access authentication request sent by the identity module, and determine, according to the client information of the identity identification request message provided in the request message, whether the client is a legitimate client and whether the rule is a legitimate client.
  • the requested message is requested, and then according to the client situation, it is determined whether the identity request is to be initiated, and the terminal device user is authorized. That is, the access authentication module initiates interaction with the user authorization, and the user can obtain the identity.
  • the identification module returns the access authentication successfully. After the above-mentioned access authentication and user authorization for the client are successfully completed, the access authentication response is returned to the identity module, and the confirmation result is success or failure.
  • FIG. 1 is a schematic diagram of an apparatus for identifying a user identity of a terminal device provided by a priority solution, which is mainly composed of five modules including an application interaction module, an identity recognition module, an identity information module, an access authentication module, and a network interaction module.
  • the application interaction module is configured to: open an identity recognition interface to a third party, and receive a terminal device user identity request initiated by a client, including a client application from the terminal device or an external server background system, and extract the request message.
  • the client information of the access authentication and the IP address information of the terminal device for performing identity verification verify the client information format and the IP address format in the request message, and after the format verification is passed, send the user identity request to the identity Identify the module.
  • An identity module configured to receive a user identification request from an application interaction module, and According to the client information that initiates the request in the user identity request, the interface of the access authentication module is invoked to perform access authentication on the client, and the authentication result returned by the access authentication module is received. If the access authentication module returns a result indicating that the authentication is passed, the identity module further determines the IP address of the terminal device provided by the client, determines whether the IP address type is an IPV4 address type or an IPV6 address type, and is based on the Rx interface of the PCRF system of the carrier core network.
  • the AA-Request command fills in the request, fills in the user identity query request, and connects to the core network PCRF through the network interaction module to initiate a user identity query request, instructing the PCRF to return the terminal device according to the IP address provided in the AA-Request request message.
  • User identity information including MSISDN and IMSI information of the terminal device.
  • the core network Since each terminal device accesses the wireless network and accesses the Internet, the core network allocates each terminal device its IP address in the wireless network, and the core network simultaneously stores the MSISDN and IMSI information of each terminal device, The core network PCRF may return the IP address and the MSISDN and IMSI information of the corresponding terminal device in the response message, and the identity identification module obtains the above IP address, MSISDN and IMSI information of the terminal device, and then requests the client according to the request. The message request returns MSISDN or IMSI or both MSISDN and IMSI.
  • the identity information module may be used to return detailed user identity information (such as a user name, a user address, and the like) to complete identification of the identity information registered by the terminal device in the corresponding operator.
  • the identity information module is configured to save the user identity information of the terminal device, and supports updating the user identity information of the latest terminal device from the operator's customer relationship management system to ensure that the system information is consistent with the actual user information.
  • the access authentication module is configured to receive an access authentication request sent by the identity module, and determine, according to the client information of the user identity request provided in the request message, whether the client is a legitimate client and whether the rule is a legitimate client.
  • the requested request is then determined according to the client situation whether the user identification request is to be initiated, and the terminal device user authorization is initiated, that is, the access authentication module initiates an interaction with the user authorization, and the user can obtain the identity before obtaining the identity.
  • the identification module returns the access authentication successfully. After the above-mentioned access authentication and user authorization for the client are successfully completed, the access authentication response is returned to the identity module, and the confirmation result is success or failure.
  • the network interaction module is configured to support the adaptation of the internal identity module interface protocol and the interface protocol of the external core network PCRF system, and convert the received identity recognition request message of the identity module into a support by the PCRF system based on the Diameter Protocol Rx interface message, same
  • the core network PCRF returns the Rx interface response message or the initiated Rx interface notification message, it is converted into an interface protocol supported by the internal identity recognition module to implement message interaction between the internal and external systems.
  • Figure 2 shows the location of the device that identifies the identity of the user of the terminal device in the network.
  • 201 denotes a user identity request and response message interaction between a client application of the terminal device and a terminal device user identification device via a wireless network and the Internet
  • 202 denotes a background system located in the server via the Internet and The user identity identification request and the response message interaction between the terminal device user identification devices
  • 203 indicates that the terminal device user identity identification device interacts with the user identity identification request and the response message between the operator internal network and the core network PCRF
  • 204 represents the terminal The device user identity device interacts with the operator's customer relationship management system through the operator's internal network.
  • Figure 3 is a diagram showing the operation of the apparatus for identifying the identity of a terminal device user.
  • the 301 denotes an application interaction module of the device for identifying the identity of the user of the terminal device to open the identity recognition interface, and supports both the Restful protocol and the SOAP protocol.
  • the client application located in the terminal device invokes the application interaction module to open the identification of the Restful protocol interface, and the device that requests the identity of the terminal device user identifies the identity of the terminal device user and obtains the identity recognition result information.
  • the application interaction module of the device that identifies the user identity of the terminal device opens the identity recognition interface, and supports both the Restful protocol and the SOAP protocol interface.
  • the background system located in the external server invokes the application interaction module to open the identification of the Restful protocol or the SOAP protocol interface, and the device that identifies the user identity of the terminal device identifies the identity of the terminal device user and obtains the identity recognition result information.
  • the application interaction module performs corresponding logic processing defined by the module, and then interacts with the identity recognition interface between the identity recognition module, and the application interaction module passes between the identity recognition module and the identity recognition module.
  • the identity interface interacts to issue an identity request to the identity module.
  • the identity recognition module performs the access authentication with the access authentication interface exposed by the access authentication module after performing the corresponding logical processing defined by the module, and performs access authentication for the identity identification request of the client, and the access authentication module completes After the corresponding logic defined by this module is processed, the authentication result is returned to the identity module.
  • the identity recognition module 304 indicates that the identity recognition module initiates an identity identification request to the core network PCRF through a messaging interface with the network interaction module.
  • the identity recognition module transmits the user identity request message of the terminal device to the network interaction module according to the definition of the internal interface, and the network interaction module returns the identity recognition result through the interface after receiving the identity response returned by the core network PCRF. Give the identity module.
  • the network interaction module adapts the Rx interface of the Diameter protocol of the PCRF of the core network through the interface, performs protocol adaptation conversion of the internal and external systems, and requests the core network PCRF. Identification and receiving an identity response message returned by the core network PCRF.
  • the identity recognition module determines, according to the specific requirement of the terminal device user identity request (user identity information fed back by the PCRF, or other user identity information), whether to interact with the identity information module, and obtain the terminal device user from the identity information module by using the MSISDN. Detailed identification information.
  • the identity information module acquires detailed identity information of the terminal device user from the customer relationship management system through an interface with the customer relationship management system.
  • Figure 4 shows the business process for identifying the identity information of the terminal device user. The process includes the following steps:
  • Step 401 When the terminal device user registers or uses the client application located on the terminal device or the external system located on the background server, the client application or the external system needs to obtain the mobile phone number without manually inputting the user, and obtain the mobile phone number of the terminal device.
  • the MSISDN and the IMSI are used to confirm the identity of the user, so the client application or the external system initiates a request for identity identification of the terminal device user to the terminal device identity device.
  • the request message carries the information of the private network IP address and the client application or the external system that the client application or the external system obtains from the terminal device and is accessed by the terminal device to access the wireless network, and requests to return the terminal corresponding to the IP address.
  • MSISDN and IMSI of the device are used to confirm the identity of the user, so the client application or the external system initiates a request for identity identification of the terminal device user to the terminal device identity device.
  • the request message carries the information of the private network IP address and the client application or the external system that the client application or the
  • Step 402 The terminal device identity identification device initiates the corresponding processing according to the division of the internal module, and initiates a terminal device identity identification request to the PCRF.
  • the request message carries the private network IP address of the terminal device, and does not carry the service and media information, so that the core
  • the network PCRF can know that this is not a normal charging or policy request message. If the core network has a private network IP address assigned to the terminal device, there is a heavy In the case of complex, the IP address domain information is carried again to ensure that the core network PCRF can uniquely determine the identity of the terminal device to be identified through the private network IP address and the IP address domain;
  • Step 403 The core network PCRF returns an MSISDN and an IMSI number in the response message according to the request message sent by the terminal device identity identification device.
  • Step 404 The terminal device identity identifying device returns a terminal device identity response message to the client application or the external system.
  • the response message is determined according to specific attributes of the client application or the external system and its request requirements, and may include an MSISDN, or an IMSI, or an MSISDN and an IMSI, or an MSISDN and an IMSI, and user detailed identity information.
  • Figure 5 shows the business process for identifying other identity information of the terminal device user. The process includes the following steps:
  • Step 501 When the terminal device user registers or uses the client application located on the terminal device or the external system located on the background server, the client application or the external system needs to verify the mobile phone number MSISDN of the user to which the terminal device belongs and acquire according to the specific scenario.
  • the terminal device user initiates a request for identity identification of the terminal device user to the terminal device identity identification device at the detailed identity information registered by the operator.
  • the request message carries the IP address assigned by the client application or the external system from the terminal device and accessed by the terminal device to the wireless network, and the information of the client application or the external system, and requests to return the terminal device corresponding to the IP address.
  • Step 502 After the module in the terminal device identity identification device completes the corresponding processing, the device sends a terminal device identity identification request to the PCRF.
  • the request message carries the private network IP address of the terminal device, and does not carry the service and media information, so that the core network PCRF can Know that this is not a normal billing or policy request message. If the private network IP address assigned to the terminal device is duplicated, the IP address domain information is carried, and the PCRF of the core network can determine the identity of the terminal device to be identified through the private network IP address and the IP address field.
  • Step 503 The core network PCRF returns the MSISDN and the IMSI in the response message according to the request message sent by the terminal device identity identification device.
  • the terminal device identification device queries the user detailed information acquired from the customer relationship management system through the MSISDN returned by the core network. If not found, then go to step 504; if the user details are found, then go to step 506;
  • Step 504 The terminal device identity identifying device queries the customer relationship management system for detailed identity information of the user according to the obtained MSISDN information.
  • Step 505 The customer relationship management system returns user identity information corresponding to the MSISDN to the terminal device identity identification device.
  • Step 506 The terminal device identity identification device returns a terminal device identity response message to the client application or the external system, including the MSISDN and the IMSI number and other user identity information, and the other user identity information may include the user's identity card or social security number information, Package consumption information, etc.
  • the embodiment provides a device for identifying the identity of the user of the terminal device, which can be placed on the PCRF side of the core network, and is used in combination with the device in the second embodiment to identify the user identity of the terminal device.
  • the apparatus of this embodiment includes at least two modules as follows.
  • the first module is configured to: when receiving the Rx interface message carrying only the IP address of the terminal device, determine that the Rx interface message is a user identity query request, query the IP address in the request according to the user identity, and query the user identity information corresponding to the IP address. ;
  • the current Rx interface message generally includes the private network IP address of the terminal device, and the service and the media information, and the Rx interface message in this embodiment only carries the private network IP address of the terminal device, and does not carry the service and When the media information is available, it can be determined that the Rx interface message is a user identity query request.
  • the second module is configured to feed back the queried user identity information to the terminal device.
  • the queried user identity information includes at least an MSISDN and an IMSI.
  • the technical solution of the present application utilizes the functions provided by the PCRF network element of the carrier core network to the Rx interface message provided by the service layer, and expands the operation mode of the Rx interface, that is, sends the core network to the core network.
  • the Rx request message of the PCRF carries the private network IP address of the terminal device, and does not carry service and media information, so that the core network PCRF can know that this is not an ordinary charging or policy request message, but only returns to the private network of the terminal device.
  • the identity information of the terminal device user corresponding to the IP.
  • the identity information of the terminal device can be automatically obtained, and the user can manually enter the mobile phone number. MSISDN, reduced
  • the situation of the interactive steps effectively improves the friendliness and ease of use of the current mobile Internet application, improves the interactive experience of the user using the application, and effectively uses the operator's user account as the mobile Internet ecosystem. An important identity account that enhances the operator's voice in the mobile Internet value chain.
  • the operator user account can be developed into an identity number that is common across mobile networks and the Internet, penetrates into various mobile Internet applications, and can infinitely enlarge the MSISDN mobile phone number managed by the operator.
  • the value of the IMSI number makes it a killer-level strategic resource that rivals the Super Internet App and even surpasses the Super Internet App. It can greatly enhance the user experience, maximize the value of the network, create profits, and enhance the market competitiveness of operators.
  • the embodiment of the present application further provides a computer readable storage medium storing computer executable instructions, where the computer executable instructions are implemented to implement the method for identifying a user identity of a terminal device.
  • each module/unit in the above embodiment may be implemented in the form of hardware, for example, by implementing an integrated circuit to implement its corresponding function, or may be implemented in the form of a software function module, for example, executing a program stored in the memory by a processor. / instruction to achieve its corresponding function.
  • This application is not limited to any specific combination of hardware and software.
  • the embodiment of the present invention provides a method and a device for identifying a user identity of a terminal device, which can extend an identity identifier (MSISDN mobile phone number and an IMSI number) of an operator user to various APPs and contents of a third party, and can be used in various big data. Under the scene, play an important role.
  • an identity identifier MSISDN mobile phone number and an IMSI number

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Power Engineering (AREA)
  • Mobile Radio Communication Systems (AREA)
  • Telephonic Communication Services (AREA)

Abstract

A method for identifying a user identity of a terminal device, comprising: when receiving a user identity identification request initiated by a third party with regard to a terminal device, generating a user identity query request according to the user identity identification request, and sending the generated user identity query request to a core network PCRF, wherein the user identity query request carries an IP address of the terminal device, so as to instruct the PCRF to return user identity information corresponding to the IP address according to the IP address in the user identity query request; and when receiving the user identity information fed back by the PCRF, feeding back the received user identity information to the third party. The technical solution expands identity identifiers (MSISDN and IMSI) of an operator user to various APPs and contents of a third party, which plays an important role in various big data scenarios.

Description

一种识别终端设备用户身份的方法和装置Method and device for identifying user identity of terminal device 技术领域Technical field
本申请涉及但不限于移动通信领域,尤其涉及一种识别终端设备用户身份的方法和装置。The present application relates to, but is not limited to, the field of mobile communications, and in particular, to a method and apparatus for identifying a user identity of a terminal device.
背景技术Background technique
在移动互联网时代,用户身份信息以及用户账号信息是非常重要和具有战略价值的资源,Facebook在全球拥有11.6亿活跃用户,Youtube紧随其后,活跃用户10亿,国内最大的社交媒体网络QQ空间有7.12亿,WhatsAPP和Twitter也有3.6亿用户,这些互联网公司的APP的最大价值在于其拥有庞大的用户,而其动辄百亿、千亿美金级别的市值的基础就是其上亿计的注册用户或在线用户,互联网公司就是依靠这庞大的用户基数、用户访问量进行赢利。同时,各个互联网公司为了使其账号具有更大的价值,纷纷将其用户账号对外开放,意图使其账号在移动互联网领域成为一个通用的身份号码。比如,用户的Facebook账号就可以用于登录国外大部分主流的互联网网站或移动互联网APP,其背后的决定性因素就在于Facebook将其用户账号及基于其账号的身份识别能力对第三方开放,任何符合其规则要求的第三方网站、APP都可以通过Facebook的用户身份识别能力,对用户身份进行识别。In the era of mobile Internet, user identity information and user account information are very important and strategically valuable resources. Facebook has 1.16 billion active users worldwide, followed by Youtube, with 1 billion active users, and the largest social media network in China. There are 712 million, WhatsAPP and Twitter also have 360 million users. The biggest value of these Internet companies' apps is that they have huge users, and their market value of tens of billions and billions of dollars is based on their hundreds of millions of registered users or For online users, Internet companies rely on this huge user base and user traffic to make profits. At the same time, in order to make their accounts more valuable, various Internet companies have opened their user accounts to the outside world, with the intention of making their accounts a universal identity number in the mobile Internet field. For example, the user's Facebook account can be used to log in to most foreign Internet websites or mobile Internet apps. The decisive factor behind it is that Facebook will open its user account and its account-based identity to third parties. The third-party websites and APPs required by the rules can identify the user's identity through Facebook's user identification capability.
而与之具有相当用户量级的运营商却远未发掘其用户群体及用户账号所带来的额外价值,特别是其拥有比互联网这种虚拟账号更具价值的MSISDN(Mobile Subscriber International ISDN,移动用户国际号码)手机号码和IMSI(International Mobile Subscriber Identification Number,国际移动用户识别码)号码,未有效地将MSISDN手机号码和IMSI号码信息这样极具战略意义的资源加以利用。好比一个钻石矿,仍然深埋地底下,等待发掘,等待一种有效的方法去发掘这种资源,并且能够帮助运营商将这种资源利用起来。Operators with comparable user-levels are far from discovering the added value of their user base and user accounts, especially their MSISDN (Mobile Subscriber International ISDN), which has more value than virtual accounts like the Internet. The user's international number) mobile number and IMSI (International Mobile Subscriber Identification Number) number are not effectively utilized for such strategic resources as MSISDN mobile number and IMSI number information. Like a diamond mine, it is still buried deep, waiting to be discovered, waiting for an effective way to explore this resource, and can help operators to use this resource.
发明内容Summary of the invention
以下是对本文详细描述的主题的概述。本概述并非是为了限制权利要求 的保护范围。The following is an overview of the topics detailed in this document. This summary is not intended to limit the claims The scope of protection.
本发明实施例提供一种识别终端设备用户身份的方法和装置,以解决相关技术中第三方无法识别终端设备用户身份的问题。The embodiment of the invention provides a method and a device for identifying a user identity of a terminal device, so as to solve the problem that the third party cannot identify the identity of the user of the terminal device in the related art.
本发明实施例公开了一种识别终端设备用户身份的方法,该方法包括:The embodiment of the invention discloses a method for identifying a user identity of a terminal device, the method comprising:
接收到第三方针对终端设备发起的用户身份识别请求时,根据所述用户身份识别请求生成用户身份查询请求,将所生成的用户身份查询请求发送给核心网PCRF,其中,所述用户身份查询请求中携带所述终端设备的IP地址,以指示PCRF根据所述用户身份查询请求中的IP地址,返回该IP地址所对应的用户身份信息;Receiving a user identity query request initiated by the third party for the terminal device, generating a user identity query request according to the user identity request, and sending the generated user identity query request to the core network PCRF, where the user identity query request Carrying the IP address of the terminal device to indicate that the PCRF queries the IP address in the request according to the user identity, and returns the user identity information corresponding to the IP address;
当收到所述PCRF反馈的用户身份信息时,将收到的用户身份信息反馈给所述第三方。When receiving the user identity information fed back by the PCRF, the received user identity information is fed back to the third party.
可选地,上述方法中,所述用户身份信息至少包括移动用户国际号码(MSISDN)和国际移动用户识别码(IMSI)。Optionally, in the above method, the user identity information includes at least a Mobile Subscriber International Number (MSISDN) and an International Mobile Subscriber Identity (IMSI).
可选地,上述方法中,所述用户身份查询请求为Rx接口消息。Optionally, in the above method, the user identity query request is an Rx interface message.
可选地,上述方法还包括:当收到所述PCRF反馈的用户身份信息时,根据所述PCRF反馈的用户身份信息识别出其他用户身份信息,将收到的用户身份信息及识别出的其他用户身份信息一起反馈给所述第三方;Optionally, the method further includes: when receiving the user identity information fed back by the PCRF, identifying other user identity information according to the user identity information fed back by the PCRF, and receiving the user identity information and other identified User identity information is fed back to the third party;
其中,所述其他用户身份信息至少包括用户地址、用户名称。The other user identity information includes at least a user address and a user name.
可选地,上述方法还包括:保存终端设备的所有用户身份信息,并从运营商的客户关系管理***获取并更新终端设备的用户身份信息,使保存的用户身份信息与运营商实际拥有的最新用户身份信息一致。Optionally, the method further includes: saving all user identity information of the terminal device, and acquiring and updating the user identity information of the terminal device from the operator relationship management system of the operator, so that the saved user identity information and the operator actually have the latest information. User identity information is consistent.
可选地,上述方法中,在接收到第三方针对终端设备发起的用户身份识别请求时,所述方法还包括:Optionally, in the foregoing method, when receiving a user identity request initiated by a third party for the terminal device, the method further includes:
对所述终端设备的客户端进行接入认证及用户授权;Performing access authentication and user authorization on the client of the terminal device;
当所述终端设备的客户端通过接入认证和用户授权时,根据所述用户身份识别请求生成用户身份查询请求,并将所生成的用户身份查询请求发送给所述PCRF。 When the client of the terminal device passes the access authentication and the user authorization, the user identity query request is generated according to the user identity identification request, and the generated user identity query request is sent to the PCRF.
本发明实施例还公开了一种识别终端设备用户身份的装置,该装置至少包括应用交互模块、身份识别模块和网络交互模块,其中:The embodiment of the invention further discloses an apparatus for identifying a user identity of a terminal device, the device comprising at least an application interaction module, an identity recognition module and a network interaction module, wherein:
所述应用交互模块,设置为:对第三方开放身份识别接口,接收第三方针对终端设备发起的用户身份识别请求,以及向所述第三方反馈用户身份识别请求所查询的终端设备的用户身份信息;The application interaction module is configured to: open an identity recognition interface to a third party, receive a user identity request initiated by the third party for the terminal device, and feed back the user identity information of the terminal device that is queried by the third party to the third party. ;
所述身份识别模块,设置为根据所接收到的用户身份识别请求生成用户身份查询请求,其中,所述用户身份查询请求中携带所述终端设备的IP地址,以指示PCRF根据所述用户身份查询请求中的IP地址,返回该IP地址所对应的用户身份信息,以及从接收到的用户身份查询请求的响应中获取所述第三方所查询的终端设备的用户身份信息并发送给所述应用交互模块;The identity identification module is configured to generate a user identity query request according to the received user identity request, where the user identity query request carries an IP address of the terminal device, to instruct the PCRF to query according to the user identity The IP address in the request, the user identity information corresponding to the IP address is returned, and the user identity information of the terminal device queried by the third party is obtained from the response of the received user identity query request and sent to the application interaction. Module
所述网络交互模块,设置为将所述身份识别模块所生成的用户身份查询请求发送给核心网PCRF,并接收PCRF返回的用户身份查询请求的响应,将所述用户身份查询请求的响应返回给所述身份识别模块。The network interaction module is configured to send the user identity query request generated by the identity recognition module to the core network PCRF, and receive a response of the user identity query request returned by the PCRF, and return the response of the user identity query request to the The identity recognition module.
可选地,上述装置中,所述用户身份信息至少包括移动用户国际号码(MSISDN)和国际移动用户识别码(IMSI)。Optionally, in the foregoing apparatus, the user identity information includes at least a Mobile Subscriber International Number (MSISDN) and an International Mobile Subscriber Identity (IMSI).
可选地,上述装置中,所述用户身份查询请求为Rx接口消息。Optionally, in the foregoing apparatus, the user identity query request is an Rx interface message.
可选地,上述装置中,所述身份识别模块,还设置为根据用户身份查询请求的响应中的用户身份信息识别出其他用户身份信息,将收到的用户身份信息及识别出的其他用户身份信息一起反馈给所述应用交互模块,其中,所述其他用户身份信息至少包括用户地址、用户名称;所述应用交互模块,还设置为将所述身份识别模块发送的所有用户身份信息一起反馈给所述第三方。Optionally, in the foregoing apparatus, the identity recognition module is further configured to: identify other user identity information according to the user identity information in the response of the user identity query request, and the received user identity information and the identified other user identity. The information is fed back to the application interaction module, where the other user identity information includes at least a user address and a user name; the application interaction module is further configured to feed back all user identity information sent by the identity recognition module The third party.
可选地,上述装置还包括:身份信息模块,设置为保存终端设备的所有用户身份信息,并从运营商的客户关系管理***获取并更新终端设备的用户身份信息,使保存的用户身份信息与运营商实际拥有的最新用户身份信息一致。Optionally, the foregoing apparatus further includes: an identity information module, configured to save all user identity information of the terminal device, and obtain and update user identity information of the terminal device from the operator relationship management system of the operator, so that the saved user identity information and The latest user identity information actually owned by the operator is consistent.
可选地,上述装置还包括:接入认证模块,设置为在所述应用交互模块接收到第三方针对终端设备发起的用户身份识别请求时,对所述终端设备的客户端进行接入认证及用户授权;所述身份识别模块,设置为仅在所述终端 设备的客户端通过接入认证和用户授权时,才生成所述用户身份查询请求。Optionally, the device further includes: an access authentication module, configured to perform access authentication on the client of the terminal device when the application interaction module receives a user identity request initiated by the third party for the terminal device User authorization; the identity recognition module is set to be only in the terminal The user identity query request is generated only when the client of the device accesses the authentication and the user authorization.
本发明实施例还公开了一种识别终端设备用户身份的装置,该装置至少包括:第一模块,设置为接收到仅携带终端设备的IP地址的Rx接口消息时,确定所述Rx接口消息为用户身份查询请求,根据所述用户身份查询请求中的IP地址,查询该IP地址所对应的用户身份信息;第二模块,设置为将所查询到的用户身份信息反馈给终端设备。The embodiment of the present invention further discloses an apparatus for identifying a user identity of a terminal device, the apparatus at least comprising: a first module, configured to: when receiving an Rx interface message carrying only an IP address of the terminal device, determining that the Rx interface message is The user identity query request is used to query the user identity information corresponding to the IP address according to the IP address in the user identity query request. The second module is configured to feed back the queried user identity information to the terminal device.
可选地,上述装置中,所述用户身份信息至少包括移动用户国际号码(MSISDN)和国际移动用户识别码(IMSI)。Optionally, in the foregoing apparatus, the user identity information includes at least a Mobile Subscriber International Number (MSISDN) and an International Mobile Subscriber Identity (IMSI).
此外,本发明实施例还提供一种计算机可读存储介质,存储有计算机可执行指令,所述计算机可执行指令被执行时实现上述识别终端设备用户身份的方法。In addition, an embodiment of the present invention further provides a computer readable storage medium storing computer executable instructions, where the computer executable instructions are implemented to implement the method for identifying a user identity of a terminal device.
本申请技术方案提供一种识别终端设备用户身份的方法及其对应的装置,将运营商的用户身份识别能力对第三方APP开放,第三方APP可以通过对运营商的用户身份识别能力API(Application Programming Interface,应用程序编程接口)进行调用,即可以实现用户识别和用户认证功能。通过本申请技术方案,一方面,可以将运营商用户的身份标志(MSISDN手机号码和IMSI号码)拓展到第三方各种APP、内容中,可在各种大数据场景下,发挥重要的作用;另一方面,可以将运营商用户的身份标志应用于各种移动互联网场景下的用户身份识别、用户认证授权等场景,使得APP可以直接通过网络获得用户的MSISDN手机号码和IMSI号码,将运营商用户账号发展成为跨移动网络和互联网络通用的身份号码,渗透到各种移动互联网应用,可以无限放大运营商所管理的MSISDN手机号码和IMSI号码的价值,使之成为与超级互联网APP匹敌,甚至超越超级互联网APP的杀手级战略资源。The technical solution of the present application provides a method for identifying a user identity of a terminal device and a corresponding device thereof, and the user identity recognition capability of the operator is opened to a third-party APP, and the third-party APP can pass the user identity recognition capability API of the operator (Application) The Programming Interface (application programming interface) makes calls for user identification and user authentication. Through the technical solution of the present application, on one hand, the identity identifier (MSISDN mobile phone number and IMSI number) of the operator user can be extended to various third-party APPs and contents, and can play an important role in various big data scenarios; On the other hand, the identity of the operator user can be applied to scenarios such as user identification and user authentication and authorization in various mobile Internet scenarios, so that the APP can directly obtain the MSISDN mobile phone number and IMSI number of the user through the network, and the operator The user account has developed into an identity number that is common across mobile networks and the Internet. It penetrates into various mobile Internet applications and can infinitely amplify the value of the MSISDN mobile phone number and IMSI number managed by the operator, making it a rival to the super Internet APP. Beyond the killer-level strategic resources of the Super Internet App.
在阅读并理解了附图和详细描述后,可以明白其他方面。Other aspects will be apparent upon reading and understanding the drawings and detailed description.
附图概述BRIEF abstract
图1为实施例二中一种识别终端设备用户身份的装置的结构示意图;1 is a schematic structural diagram of an apparatus for identifying a user identity of a terminal device in Embodiment 2;
图2为实施例二中一种识别终端设备用户身份的装置的网络位置图; 2 is a network location diagram of an apparatus for identifying a user identity of a terminal device in Embodiment 2;
图3为实施例二中一种识别终端设备用户身份的工作原理图;3 is a schematic diagram showing the working principle of identifying a user identity of a terminal device in Embodiment 2;
图4为实施例二中一种识别终端设备用户身份的业务流程图;4 is a service flow diagram of identifying a user identity of a terminal device in Embodiment 2;
图5为实施例二中另一种识别终端设备用户身份的业务流程图;FIG. 5 is a flow chart showing another service for identifying a user identity of a terminal device in Embodiment 2;
图6为实施例三中一种识别终端设备用户身份的装置的结构示意图;6 is a schematic structural diagram of an apparatus for identifying a user identity of a terminal device in Embodiment 3;
图7为实施例一中一种识别终端设备用户身份的方法的示意图。FIG. 7 is a schematic diagram of a method for identifying a user identity of a terminal device in Embodiment 1.
本发明的实施方式Embodiments of the invention
下文将结合附图对本申请技术方案作进一步详细说明。需要说明的是,在不冲突的情况下,本申请的实施例和实施例中的特征可以任意相互组合。The technical solutions of the present application will be further described in detail below with reference to the accompanying drawings. It should be noted that, in the case of no conflict, the features in the embodiments and the embodiments of the present application may be combined with each other arbitrarily.
实施例一Embodiment 1
本实施例提供一种识别终端设备用户身份的方法,只需提供终端设备接入移动网络时被分配的私网IP(Private Internet protocol)地址,即可获得使用该IP地址的终端设备在运营商处注册的MSISDN(即移动用户国际号码,全称Mobile Subscriber International ISDN,其中ISDN即是综合业务数字网,是Integrated Service Digital Network的简称)和IMSI(International Mobile Subscriber Identification Number,即国际移动用户识别码,存储在手机SIM卡中,在全网和全球唯一)以及更为详细的用户身份信息,达到识别终端设备用户身份的目的。The embodiment provides a method for identifying the identity of the user of the terminal device, and only needs to provide the private Internet IP address (Private Internet Protocol) address that is allocated when the terminal device accesses the mobile network, and the terminal device that uses the IP address is obtained at the operator. The registered MSISDN (ie, the mobile subscriber international number, the full name of the Mobile Subscriber International ISDN, where ISDN is the Integrated Services Digital Network, short for the Integrated Service Digital Network) and the IMSI (International Mobile Subscriber Identification Number). Stored in the SIM card of the mobile phone, unique in the whole network and globally) and more detailed user identity information, to achieve the purpose of identifying the user identity of the terminal device.
如图7所示,上述方法包括如下操作:As shown in FIG. 7, the above method includes the following operations:
步骤100:接收到第三方针对终端设备发起的用户身份识别请求时,根据该用户身份识别请求生成用户身份查询请求,将所生成的用户身份查询请求发送给PCRF(Policy and Charging Rules Function,策略与计费规则功能单元);Step 100: When receiving a user identity request initiated by the third party for the terminal device, generate a user identity query request according to the user identity request, and send the generated user identity query request to the PCRF (Policy and Charging Rules Function, policy and Billing rule function unit);
其中,所生成的用户身份查询请求中仅携带所述终端设备的IP地址,以指示PCRF根据用户身份查询请求中的IP地址,返回该IP地址所对应的用户身份信息。The generated user identity query request only carries the IP address of the terminal device, to instruct the PCRF to query the IP address in the request according to the user identity, and return the user identity information corresponding to the IP address.
可选地,此用户身份查询请求可以是Rx接口消息,要说明的是,此Rx接口消息中只携带终端设备的私网IP地址,而不携带业务和媒体信息,这样, PCRF就会识别此Rx接口消息为用户身份查询请求,而不是一次普通的计费或策略请求消息。Optionally, the user identity query request may be an Rx interface message. The Rx interface message carries only the private network IP address of the terminal device, and does not carry service and media information. The PCRF will recognize this Rx interface message as a user identity query request instead of a normal accounting or policy request message.
步骤200:当收到PCRF反馈的用户身份信息时,将收到的用户身份信息反馈给第三方。Step 200: When receiving the user identity information fed back by the PCRF, the received user identity information is fed back to the third party.
该步骤中,PCRF反馈的用户身份信息至少包括MSISDN和IMSI。In this step, the user identity information fed back by the PCRF includes at least an MSISDN and an IMSI.
一些方案还提出,除了PCRF反馈的用户身份信息外,还可以查询获取到其他用户身份信息,例如用户名称、用户地址等信息,此时,可以将PCRF反馈的用户身份信息以及后续获取的其他用户身份信息一并反馈给第三方。Some schemes also propose that, in addition to the user identity information fed back by the PCRF, the user identity information, such as the user name and the user address, may be queried, and the user identity information fed back by the PCRF and other users acquired subsequently may be obtained. The identity information is fed back to the third party.
其中,上面提到的“其他用户身份信息”可以实时从运营商的客户关系管理***获取并更新,从而确保本申请所涉及的“其他用户身份信息”与实际用户信息的同步。The “other user identity information” mentioned above can be obtained and updated in real time from the operator's customer relationship management system, thereby ensuring synchronization of the “other user identity information” involved in the present application with the actual user information.
还要说明的是,考虑到用户身份信息的安全,故在接收到第三方针对终端设备发起的用户身份识别请求时,可以对此终端设备的客户端进行接入认证及用户授权,仅当终端设备的客户端通过了接入认证和用户授权时,根据用户身份识别请求生成用户身份查询请求,并将所生成的用户身份查询请求发送给PCRF。It should be noted that, considering the security of the user identity information, when receiving a user identity request initiated by the third party for the terminal device, the client of the terminal device can perform access authentication and user authorization, only when the terminal When the client of the device passes the access authentication and the user authorization, the user identity query request is generated according to the user identity request, and the generated user identity query request is sent to the PCRF.
实施例二Embodiment 2
本实施例提供一种识别终端设备用户身份的装置,其基于PCC架构(PCC架构在3GPP TS 23.203规范中进行了定义,其全称为:Policy and charging control architecture),充分利用运营商核心网PCC架构的PCRF网元对业务层提供的计费及策略控制接口(即3GPP TS 29.214规范定义的Rx接口,以下统称为Rx接口)功能,通过对Rx接口在运用方式上进行扩展,即在发给核心网PCRF的Rx请求消息中只携带终端设备的私网IP地址等信息,不携带业务和媒体信息,以便让核心网PCRF知道这不是一次普通的计费或策略请求消息,而是要其根据请求消息中私网IP地址,返回该私网IP地址所对应的终端设备用户的MSISDN和IMSI信息。而且,本申请所实现的识别终端设备用户身份的装置对第三方APP提供身份识别接口,接收第三方APP发起的终端设备的用户身份识别请求,提取出请求消息中的私网IP地址,并按照请求消息中要求进行基础身份信息识别或者详细身份信息识别, 在通过核心网PCRF获得终端设备用户的MSISDN和IMSI信息后,针对性地进行身份识别响应,返回对应的基础身份信息(MSISDN和IMSI信息)或详细身份信息(除MSISDN和IMSI信息之外,还包括用户地址、用户名称等),实现对终端设备的身份识别功能。This embodiment provides an apparatus for identifying a user identity of a terminal device, which is based on a PCC architecture (the PCC architecture is defined in the 3GPP TS 23.203 specification, which is referred to as a Policy and charging control architecture), and fully utilizes the PCC architecture of the carrier core network. The PCRF network element provides the charging and policy control interface provided by the service layer (that is, the Rx interface defined by the 3GPP TS 29.214 specification, hereinafter referred to as the Rx interface), and expands the operation mode of the Rx interface, that is, sends the core to the core. The Rx request message of the network PCRF only carries information such as the private network IP address of the terminal device, and does not carry service and media information, so that the core network PCRF knows that this is not an ordinary charging or policy request message, but requests it according to the request. The private network IP address in the message returns the MSISDN and IMSI information of the terminal device user corresponding to the private network IP address. Moreover, the device for identifying the user identity of the terminal device implemented by the present application provides an identity identification interface to the third-party APP, receives the user identity identification request of the terminal device initiated by the third-party APP, extracts the private network IP address in the request message, and according to The request message requires basic identity information identification or detailed identity information identification. After obtaining the MSISDN and IMSI information of the terminal device user through the core network PCRF, the identity response is performed in a targeted manner, and the corresponding basic identity information (MSISDN and IMSI information) or detailed identity information (in addition to the MSISDN and IMSI information, Including user address, user name, etc., to realize the identity recognition function of the terminal device.
其中,所涉及的终端设备可以是各种放置了运营商SIM(subscriber identity module,客户识别模块)卡或类似的用户账户卡的固定或移动的电子设备。本实施例提供的装置至少包括应用交互模块、身份识别模块和网络交互模块。The terminal device involved may be a fixed or mobile electronic device in which various SIM (subscriber identity module) cards or similar user account cards are placed. The apparatus provided in this embodiment includes at least an application interaction module, an identity recognition module, and a network interaction module.
应用交互模块,设置为:对第三方开放身份识别接口,接收来自包括位于终端设备上安装的客户端应用发起的身份识别请求或者外部服务器后台***发起的身份识别请求消息,对身份识别请求消息进行处理后,发送给身份识别模块,以及向所述第三方反馈身份识别请求消息所查询的终端设备的用户身份信息。The application interaction module is configured to: open an identity recognition interface to a third party, and receive an identity identification request initiated by a client application installed on the terminal device or an identity identification request message initiated by an external server backend system, and perform an identity identification request message After processing, the method is sent to the identity recognition module, and the user identity information of the terminal device that is queried by the identity identification request message is fed back to the third party.
身份识别模块,设置为:基于客户端提供的终端设备的IP地址,并根据运营商核心网PCRF***的Rx接口的AA-Request命令特点,组织身份查询请求消息,通过网络交互模块与核心网PCRF对接,发起身份查询请求,指示PCRF根据AA-Request请求消息中提供的IP地址,返回该IP地址所对应的用户身份信息(至少包括MSISDN和IMSI信息),以及从接收到的用户身份查询请求的响应中获取所述第三方所查询的终端设备的用户身份信息并发送给所述应用交互模块。The identity recognition module is configured to: according to the IP address of the terminal device provided by the client, and organize the identity query request message according to the AA-Request command feature of the Rx interface of the PCRF system of the operator core, through the network interaction module and the core network PCRF Docking, initiating an identity query request, instructing the PCRF to return the user identity information (including at least the MSISDN and IMSI information) corresponding to the IP address according to the IP address provided in the AA-Request request message, and requesting the user identity query from the received The user identity information of the terminal device queried by the third party is obtained in response and sent to the application interaction module.
其中,终端设备的IP地址是终端设备通过无线网络上网时,核心网为其分配的,核心网保存了所分配的终端设备IP地址及其对应的MSISDN和IMSI信息。The IP address of the terminal device is allocated by the core network when the terminal device accesses the Internet through the wireless network, and the core network stores the allocated terminal device IP address and its corresponding MSISDN and IMSI information.
网络交互模块,设置为接收身份识别模块的请求消息,适配核心网PCRF基于Diameter协议的Rx接口消息,将该请求消息发给PCRF,并且,接收PCRF返回的用户身份查询请求的响应消息,并向身份识别模块返回对应的响应消息。The network interaction module is configured to receive the request message of the identity module, and the adaptation core network PCRF sends the request message to the PCRF based on the Rx interface message of the Diameter protocol, and receives the response message of the user identity query request returned by the PCRF, and A corresponding response message is returned to the identity module.
可选地,上述身份识别模块,还设置为根据用户身份查询请求的响应中的用户身份信息识别出其他用户身份信息(例如用户地址、用户名称等等), 并将收到的用户身份信息及识别出的其他用户身份信息一起反馈给所述应用交互模块。此时,应用交互模块,设置为将身份识别模块发送的所有用户身份信息一起反馈给第三方。Optionally, the foregoing identity recognition module is further configured to: identify other user identity information (such as a user address, a user name, and the like) according to the user identity information in the response of the user identity query request. The received user identity information and the identified other user identity information are fed back to the application interaction module. At this time, the application interaction module is configured to feed back all the user identity information sent by the identity module to the third party.
另外,上述装置还包括身份信息模块,设置为保存终端设备的所有用户身份信息,以及从运营商的客户关系管理***获取并更新终端设备的用户身份信息,使身份信息模块中的用户身份信息与运营商实际拥有的最新用户身份信息一致。In addition, the foregoing apparatus further includes an identity information module, configured to save all user identity information of the terminal device, and obtain and update user identity information of the terminal device from the operator relationship management system of the operator, so that the user identity information in the identity information module is The latest user identity information actually owned by the operator is consistent.
上述装置还可以包括接入认证模块,此时,身份识别模块,根据发起身份识别请求的客户端(包括客户端应用和外部***)信息,调用接入认证模块的接口,对客户端进行接入认证,并接收接入认证模块返回的认证结果。若接入认证模块返回结果显示认证通过,则身份识别模块才发起后续身份识别操作。The device may further include an access authentication module. In this case, the identity recognition module invokes an interface of the access authentication module according to the information of the client (including the client application and the external system) that initiates the identity identification request, and accesses the client. Authenticate and receive the authentication result returned by the access authentication module. If the access authentication module returns a result indicating that the authentication is passed, the identity recognition module initiates a subsequent identity recognition operation.
接入认证模块,设置为接收身份识别模块发出的接入认证请求,根据请求消息中提供的身份识别请求消息的客户端信息,判断是否为合法的客户端以及是否为合法客户端发出的符合规则要求的请求消息,接下来根据客户端情况,确定是否要对此次身份识别请求,发起终端设备用户授权,即,接入认证模块发起与用户授权交互,征得用户同意后,才可以向身份识别模块返回接入认证成功。上述针对客户端的接入认证和用户授权都成功完成后,向身份识别模块返回接入认证响应,确认结果为成功或失败。The access authentication module is configured to receive an access authentication request sent by the identity module, and determine, according to the client information of the identity identification request message provided in the request message, whether the client is a legitimate client and whether the rule is a legitimate client. The requested message is requested, and then according to the client situation, it is determined whether the identity request is to be initiated, and the terminal device user is authorized. That is, the access authentication module initiates interaction with the user authorization, and the user can obtain the identity. The identification module returns the access authentication successfully. After the above-mentioned access authentication and user authorization for the client are successfully completed, the access authentication response is returned to the identity module, and the confirmation result is success or failure.
下面结合附图说明上述装置的具体实施。The specific implementation of the above device will be described below with reference to the drawings.
图1所示为优先方案中提供的识别终端设备用户身份的装置,其主要由包括应用交互模块、身份识别模块、身份信息模块、接入认证模块和网络交互模块共五个模块组成。FIG. 1 is a schematic diagram of an apparatus for identifying a user identity of a terminal device provided by a priority solution, which is mainly composed of five modules including an application interaction module, an identity recognition module, an identity information module, an access authentication module, and a network interaction module.
应用交互模块,设置为:对第三方开放身份识别接口,接收包括来自终端设备上的客户端应用或者外部服务器后台***在内的客户端发起的终端设备用户身份识别请求,提取出请求消息中用于进行接入认证的客户端信息和用于进行身份识别的终端设备IP地址信息,校验请求消息中的客户端信息格式和IP地址格式,格式校验通过后,发送用户身份识别请求给身份识别模块。The application interaction module is configured to: open an identity recognition interface to a third party, and receive a terminal device user identity request initiated by a client, including a client application from the terminal device or an external server background system, and extract the request message. The client information of the access authentication and the IP address information of the terminal device for performing identity verification, verify the client information format and the IP address format in the request message, and after the format verification is passed, send the user identity request to the identity Identify the module.
身份识别模块,设置为接收来自应用交互模块的用户身份识别请求,并 根据用户身份识别请求中发起该请求的客户端信息,调用接入认证模块的接口,对客户端进行接入认证,并接收接入认证模块返回的认证结果。若接入认证模块返回结果显示认证通过,则身份识别模块进一步判断客户端提供的终端设备IP地址,判断IP地址类型为IPV4地址类型还是IPV6地址类型,并根据运营商核心网PCRF***的Rx接口的AA-Request命令填写要求,相应的填写用户身份查询请求,通过网络交互模块与核心网PCRF对接,发起用户身份查询请求,指示PCRF根据AA-Request请求消息中提供的IP地址,返回终端设备的用户身份信息,包括终端设备的MSISDN和IMSI信息。由于,每台终端设备接入无线网络,进行上网时,核心网将为每台终端设备分配其在无线网络中的IP地址,而核心网同时保存了每台终端设备的MSISDN和IMSI信息,因此,核心网PCRF可以在响应消息中返回IP地址及其对应的终端设备的MSISDN和IMSI信息,身份识别模块通过获得终端设备的上述IP地址、MSISDN和IMSI信息后,向请求的客户端,根据请求消息的要求,返回MSISDN或IMSI或者同时返回MSISDN和IMSI。可选地,可以借助身份信息模块,返回详细的其他用户身份信息(例如用户名称、用户地址等信息),完成终端设备在其所对应的运营商中登记的身份信息的识别。An identity module configured to receive a user identification request from an application interaction module, and According to the client information that initiates the request in the user identity request, the interface of the access authentication module is invoked to perform access authentication on the client, and the authentication result returned by the access authentication module is received. If the access authentication module returns a result indicating that the authentication is passed, the identity module further determines the IP address of the terminal device provided by the client, determines whether the IP address type is an IPV4 address type or an IPV6 address type, and is based on the Rx interface of the PCRF system of the carrier core network. The AA-Request command fills in the request, fills in the user identity query request, and connects to the core network PCRF through the network interaction module to initiate a user identity query request, instructing the PCRF to return the terminal device according to the IP address provided in the AA-Request request message. User identity information, including MSISDN and IMSI information of the terminal device. Since each terminal device accesses the wireless network and accesses the Internet, the core network allocates each terminal device its IP address in the wireless network, and the core network simultaneously stores the MSISDN and IMSI information of each terminal device, The core network PCRF may return the IP address and the MSISDN and IMSI information of the corresponding terminal device in the response message, and the identity identification module obtains the above IP address, MSISDN and IMSI information of the terminal device, and then requests the client according to the request. The message request returns MSISDN or IMSI or both MSISDN and IMSI. Optionally, the identity information module may be used to return detailed user identity information (such as a user name, a user address, and the like) to complete identification of the identity information registered by the terminal device in the corresponding operator.
身份信息模块,设置为保存终端设备的用户身份信息,并支持从运营商的客户关系管理***更新获取最新的终端设备的用户身份信息,确保***信息与实际用户信息一致。The identity information module is configured to save the user identity information of the terminal device, and supports updating the user identity information of the latest terminal device from the operator's customer relationship management system to ensure that the system information is consistent with the actual user information.
接入认证模块,设置为接收身份识别模块发出的接入认证请求,根据请求消息中提供的用户身份识别请求的客户端信息,判断是否为合法的客户端以及是否为合法客户端发出的符合规则要求的请求,接下来根据客户端情况,确定是否要对此次用户身份识别请求,发起终端设备用户授权,即,接入认证模块发起与用户授权交互,征得用户同意后,才可以向身份识别模块返回接入认证成功。上述针对客户端的接入认证和用户授权都成功完成后,向身份识别模块返回接入认证响应,确认结果为成功或失败。The access authentication module is configured to receive an access authentication request sent by the identity module, and determine, according to the client information of the user identity request provided in the request message, whether the client is a legitimate client and whether the rule is a legitimate client. The requested request is then determined according to the client situation whether the user identification request is to be initiated, and the terminal device user authorization is initiated, that is, the access authentication module initiates an interaction with the user authorization, and the user can obtain the identity before obtaining the identity. The identification module returns the access authentication successfully. After the above-mentioned access authentication and user authorization for the client are successfully completed, the access authentication response is returned to the identity module, and the confirmation result is success or failure.
网络交互模块,设置为支持对内部身份识别模块接口协议和外部核心网PCRF***的接口协议进行适配,将接收到的身份识别模块的身份识别请求消息,转换成PCRF***所支持的、基于Diameter协议的Rx接口消息,同 时,将核心网PCRF返回Rx接口响应消息或发起的Rx接口通知消息,转换成内部身份识别模块所支持的接口协议,实现内外部***间的消息交互。The network interaction module is configured to support the adaptation of the internal identity module interface protocol and the interface protocol of the external core network PCRF system, and convert the received identity recognition request message of the identity module into a support by the PCRF system based on the Diameter Protocol Rx interface message, same When the core network PCRF returns the Rx interface response message or the initiated Rx interface notification message, it is converted into an interface protocol supported by the internal identity recognition module to implement message interaction between the internal and external systems.
图2所示为识别终端设备用户身份的装置置于网络中的位置。如图2所示,201表示位于终端设备的客户端应用通过无线网络和互联网与终端设备用户身份识别装置之间的用户身份识别请求和响应消息交互;202表示位于服务器内的后台***通过互联网与终端设备用户身份识别装置之间的用户身份识别请求和响应消息交互;203表示终端设备用户身份识别装置通过运营商内部网络与核心网PCRF之间的用户身份识别请求和响应消息交互;204表示终端设备用户身份识别装置通过运营商内部网络与运营商的客户关系管理***交互。Figure 2 shows the location of the device that identifies the identity of the user of the terminal device in the network. As shown in FIG. 2, 201 denotes a user identity request and response message interaction between a client application of the terminal device and a terminal device user identification device via a wireless network and the Internet; 202 denotes a background system located in the server via the Internet and The user identity identification request and the response message interaction between the terminal device user identification devices; 203 indicates that the terminal device user identity identification device interacts with the user identity identification request and the response message between the operator internal network and the core network PCRF; 204 represents the terminal The device user identity device interacts with the operator's customer relationship management system through the operator's internal network.
图3为所示识别终端设备用户身份的装置的工作原理图。Figure 3 is a diagram showing the operation of the apparatus for identifying the identity of a terminal device user.
301表示识别终端设备用户身份的装置的应用交互模块对外开放身份识别接口,同时支持Restful协议和SOAP协议两类接口。位于终端设备的客户端应用调用应用交互模块对外开放身份识别Restful协议接口,请求识别终端设备用户身份的装置对终端设备用户的身份进行识别,并获得身份识别结果信息。301 denotes an application interaction module of the device for identifying the identity of the user of the terminal device to open the identity recognition interface, and supports both the Restful protocol and the SOAP protocol. The client application located in the terminal device invokes the application interaction module to open the identification of the Restful protocol interface, and the device that requests the identity of the terminal device user identifies the identity of the terminal device user and obtains the identity recognition result information.
301’表示识别终端设备用户身份的装置的应用交互模块对外开放身份识别接口,同时支持Restful协议和SOAP协议两类接口。位于外部服务器的后台***调用应用交互模块对外开放身份识别Restful协议或SOAP协议接口,请求识别终端设备用户身份的装置对终端设备用户的身份进行识别,并获得身份识别结果信息。301' indicates that the application interaction module of the device that identifies the user identity of the terminal device opens the identity recognition interface, and supports both the Restful protocol and the SOAP protocol interface. The background system located in the external server invokes the application interaction module to open the identification of the Restful protocol or the SOAP protocol interface, and the device that identifies the user identity of the terminal device identifies the identity of the terminal device user and obtains the identity recognition result information.
302表示应用交互模块接收到客户端发起的用户身份识别请求后,执行本模块定义的相应逻辑处理,然后与身份识别模块之间的身份识别接口进行交互,应用交互模块通过与身份识别模块之间的身份识别接口进行交互,向身份识别模块发出身份识别请求。302 indicates that after receiving the user identity request initiated by the client, the application interaction module performs corresponding logic processing defined by the module, and then interacts with the identity recognition interface between the identity recognition module, and the application interaction module passes between the identity recognition module and the identity recognition module. The identity interface interacts to issue an identity request to the identity module.
303表示身份识别模块在执行完本模块定义的相应逻辑处理后,通过与接入认证模块暴露的接入认证接口进行对接,针对客户端的此次身份识别请求进行接入认证,接入认证模块完成本模块定义的相应逻辑处理后,向身份识别模块返回认证结果。 303, the identity recognition module performs the access authentication with the access authentication interface exposed by the access authentication module after performing the corresponding logical processing defined by the module, and performs access authentication for the identity identification request of the client, and the access authentication module completes After the corresponding logic defined by this module is processed, the authentication result is returned to the identity module.
304表示身份识别模块通过与网络交互模块之间的消息传递接口,向核心网PCRF发起身份识别请求。身份识别模块按照此内部接口定义,将终端设备的用户身份识别请求消息传递给网络交互模块,并由网络交互模块在收到核心网PCRF返回的身份识别响应后,通过此接口将身份识别结果返回给身份识别模块。304 indicates that the identity recognition module initiates an identity identification request to the core network PCRF through a messaging interface with the network interaction module. The identity recognition module transmits the user identity request message of the terminal device to the network interaction module according to the definition of the internal interface, and the network interaction module returns the identity recognition result through the interface after receiving the identity response returned by the core network PCRF. Give the identity module.
305表示网络交互模块与核心网PCRF之间的Rx接口,网络交互模块通过此接口,适配对接核心网PCRF的Diameter协议的Rx接口,进行内外部***的协议适配转换,向核心网PCRF请求身份识别,并接收核心网PCRF返回的身份识别响应消息。305 denotes an Rx interface between the network interaction module and the core network PCRF. The network interaction module adapts the Rx interface of the Diameter protocol of the PCRF of the core network through the interface, performs protocol adaptation conversion of the internal and external systems, and requests the core network PCRF. Identification and receiving an identity response message returned by the core network PCRF.
306表示身份识别模块根据终端设备用户身份识别请求的具体要求(PCRF反馈的用户身份信息,或者其他用户身份信息),确定是否与身份信息模块进行交互,通过MSISDN,从身份信息模块获得终端设备用户的详细身份信息。306: The identity recognition module determines, according to the specific requirement of the terminal device user identity request (user identity information fed back by the PCRF, or other user identity information), whether to interact with the identity information module, and obtain the terminal device user from the identity information module by using the MSISDN. Detailed identification information.
307表示身份信息模块通过与客户关系管理***之间的接口,从客户关系管理***获取终端设备用户的详细身份信息。307 denotes that the identity information module acquires detailed identity information of the terminal device user from the customer relationship management system through an interface with the customer relationship management system.
图4所示为识别终端设备用户身份信息的业务流程。该流程包括以下步骤:Figure 4 shows the business process for identifying the identity information of the terminal device user. The process includes the following steps:
步骤401,终端设备用户在注册或使用位于终端设备上的客户端应用或者位于后台服务器上的外部***时,客户端应用或外部***需要在无需用户手工输入提供手机号码,获得终端设备的手机号码MSISDN以及IMSI,以确认用户身份,因此客户端应用或外部***向终端设备身份识别装置发起对终端设备用户身份识别的请求。请求消息中携带客户端应用或外部***从终端设备上获得的、由终端设备接入无线网络所分配的私网IP地址及客户端应用或外部***的信息,请求返回该IP地址所对应的终端设备的MSISDN和IMSI;Step 401: When the terminal device user registers or uses the client application located on the terminal device or the external system located on the background server, the client application or the external system needs to obtain the mobile phone number without manually inputting the user, and obtain the mobile phone number of the terminal device. The MSISDN and the IMSI are used to confirm the identity of the user, so the client application or the external system initiates a request for identity identification of the terminal device user to the terminal device identity device. The request message carries the information of the private network IP address and the client application or the external system that the client application or the external system obtains from the terminal device and is accessed by the terminal device to access the wireless network, and requests to return the terminal corresponding to the IP address. MSISDN and IMSI of the device;
步骤402,终端设备身份识别装置按照内部模块的分工,完成相应的处理后,向PCRF发起终端设备身份识别请求,请求消息中携带终端设备的私网IP地址,不携带业务、媒体信息,以便核心网PCRF能知道这不是一次普通的计费或策略请求消息。若核心网为终端设备所分配的私网IP地址存在重 复的情况,再携带IP地址域信息,确保让核心网PCRF能够通过私网IP地址以及IP地址域,唯一确定所要识别的终端设备身份;Step 402: The terminal device identity identification device initiates the corresponding processing according to the division of the internal module, and initiates a terminal device identity identification request to the PCRF. The request message carries the private network IP address of the terminal device, and does not carry the service and media information, so that the core The network PCRF can know that this is not a normal charging or policy request message. If the core network has a private network IP address assigned to the terminal device, there is a heavy In the case of complex, the IP address domain information is carried again to ensure that the core network PCRF can uniquely determine the identity of the terminal device to be identified through the private network IP address and the IP address domain;
步骤403,核心网PCRF根据终端设备身份识别装置发出的请求消息,在响应消息中返回MSISDN和IMSI号码;Step 403: The core network PCRF returns an MSISDN and an IMSI number in the response message according to the request message sent by the terminal device identity identification device.
步骤404,终端设备身份识别装置向客户端应用或外部***返回终端设备身份识别响应消息。Step 404: The terminal device identity identifying device returns a terminal device identity response message to the client application or the external system.
其中,响应消息是根据客户端应用或外部***的具体属性及其请求要求确定的,可包含MSISDN,或者IMSI,或者MSISDN和IMSI,或者MSISDN和IMSI以及用户详细身份信息。The response message is determined according to specific attributes of the client application or the external system and its request requirements, and may include an MSISDN, or an IMSI, or an MSISDN and an IMSI, or an MSISDN and an IMSI, and user detailed identity information.
图5所示为识别终端设备用户其他身份信息的业务流程。该流程包括以下步骤:Figure 5 shows the business process for identifying other identity information of the terminal device user. The process includes the following steps:
步骤501,终端设备用户在注册或使用位于终端设备上的客户端应用或者位于后台服务器上的外部***时,客户端应用或外部***根据具体场景,需要核实终端设备所属用户的手机号码MSISDN以及获取终端设备用户在运营商所注册的详细身份信息,向终端设备身份识别装置发起对终端设备用户身份识别的请求。请求消息中携带客户端应用或外部***从终端设备上获得的、由终端设备接入无线网络所分配的IP地址及客户端应用或外部***的信息,请求返回该IP地址所对应的终端设备的MSISDN、IMSI及终端设备用户在运营商所注册的详细身份信息;Step 501: When the terminal device user registers or uses the client application located on the terminal device or the external system located on the background server, the client application or the external system needs to verify the mobile phone number MSISDN of the user to which the terminal device belongs and acquire according to the specific scenario. The terminal device user initiates a request for identity identification of the terminal device user to the terminal device identity identification device at the detailed identity information registered by the operator. The request message carries the IP address assigned by the client application or the external system from the terminal device and accessed by the terminal device to the wireless network, and the information of the client application or the external system, and requests to return the terminal device corresponding to the IP address. Detailed identity information registered by the operator of the MSISDN, IMSI and terminal equipment;
步骤502,终端设备身份识别装置内部的模块完成相应的处理后,向PCRF发起终端设备身份识别请求,请求消息中携带终端设备的私网IP地址,不携带业务、媒体信息,以便核心网PCRF能知道这不是一次普通的计费或策略请求消息。若核心网为终端设备所分配的私网IP地址存在重复的情况,再携带IP地址域信息,确保核心网PCRF能够通过私网IP地址以及IP地址域,唯一确定所要识别的终端设备身份;Step 502: After the module in the terminal device identity identification device completes the corresponding processing, the device sends a terminal device identity identification request to the PCRF. The request message carries the private network IP address of the terminal device, and does not carry the service and media information, so that the core network PCRF can Know that this is not a normal billing or policy request message. If the private network IP address assigned to the terminal device is duplicated, the IP address domain information is carried, and the PCRF of the core network can determine the identity of the terminal device to be identified through the private network IP address and the IP address field.
步骤503,核心网PCRF根据终端设备身份识别装置发出的请求消息,在响应消息中返回MSISDN和IMSI。终端设备身份识别装置通过核心网返回的MSISDN,查询其从客户关系管理***中获取的用户详细信息。若未查到,则转向步骤504;若查到了用户详细信息,则转向步骤506; Step 503: The core network PCRF returns the MSISDN and the IMSI in the response message according to the request message sent by the terminal device identity identification device. The terminal device identification device queries the user detailed information acquired from the customer relationship management system through the MSISDN returned by the core network. If not found, then go to step 504; if the user details are found, then go to step 506;
步骤504,终端设备身份识别装置根据所获得的MSISDN信息,从客户关系管理***查询该用户的详细身份信息;Step 504: The terminal device identity identifying device queries the customer relationship management system for detailed identity information of the user according to the obtained MSISDN information.
步骤505,客户关系管理***向终端设备身份识别装置返回MSISDN对应的用户身份信息;Step 505: The customer relationship management system returns user identity information corresponding to the MSISDN to the terminal device identity identification device.
步骤506,终端设备身份识别装置向客户端应用或外部***返回终端设备身份识别响应消息,包含MSISDN和IMSI号码及其他的用户身份信息,其他用户身份信息可包括用户的身份证或社保号信息、套餐消费信息等。Step 506: The terminal device identity identification device returns a terminal device identity response message to the client application or the external system, including the MSISDN and the IMSI number and other user identity information, and the other user identity information may include the user's identity card or social security number information, Package consumption information, etc.
实施例三Embodiment 3
本实施例提供一种识别终端设备用户身份的装置,其可置于核心网PCRF侧,其与上述实施例二中的装置结合使用,可识别终端设备的用户身份。如图6所示,本实施例的装置至少包括如下两个模块。The embodiment provides a device for identifying the identity of the user of the terminal device, which can be placed on the PCRF side of the core network, and is used in combination with the device in the second embodiment to identify the user identity of the terminal device. As shown in FIG. 6, the apparatus of this embodiment includes at least two modules as follows.
第一模块,设置为接收到仅携带终端设备IP地址的Rx接口消息时,确定Rx接口消息为用户身份查询请求,根据用户身份查询请求中的IP地址,查询该IP地址所对应的用户身份信息;The first module is configured to: when receiving the Rx interface message carrying only the IP address of the terminal device, determine that the Rx interface message is a user identity query request, query the IP address in the request according to the user identity, and query the user identity information corresponding to the IP address. ;
其中,由于目前的Rx接口消息一般包含有终端设备的私网IP地址,及业务和媒体信息,而本实施例中的Rx接口消息中只携带终端设备的私网IP地址,而不携带业务和媒体信息时,即可确定此Rx接口消息是用户身份查询请求。The current Rx interface message generally includes the private network IP address of the terminal device, and the service and the media information, and the Rx interface message in this embodiment only carries the private network IP address of the terminal device, and does not carry the service and When the media information is available, it can be determined that the Rx interface message is a user identity query request.
第二模块,设置为将所查询到的用户身份信息反馈给终端设备。The second module is configured to feed back the queried user identity information to the terminal device.
其中,所查询到的用户身份信息至少包括MSISDN和IMSI。The queried user identity information includes at least an MSISDN and an IMSI.
从上述实施例可以看出,本申请技术方案利用运营商核心网PCRF网元对业务层提供的Rx接口消息所提供的功能,通过对Rx接口在运用方式上进行扩展,即在发给核心网PCRF的Rx请求消息中携带终端设备的私网IP地址,不携带业务、媒体信息,以便让核心网PCRF能知道这不是一次普通的计费或策略请求消息,而是只要返回终端设备的私网IP所对应的终端设备用户的身份信息。通过本申请提供的方法和装置,客户端应用或外部***在用户注册或使用其业务时,若需要确认或提供用户手机号码MSISDN,就可以自动获取终端设备的身份信息,避免用户手工输入手机号码MSISDN,减少 了交互步骤的情况,有效地提升了当前移动互联网应用在开展业务的友好性和易用性,改善用户使用应用的交互体验,而且,也有效地将运营商的用户帐号作为移动互联网生态***中的一种重要身份帐号,提升运营商在移动互联网价值链中的话语权。As can be seen from the foregoing embodiment, the technical solution of the present application utilizes the functions provided by the PCRF network element of the carrier core network to the Rx interface message provided by the service layer, and expands the operation mode of the Rx interface, that is, sends the core network to the core network. The Rx request message of the PCRF carries the private network IP address of the terminal device, and does not carry service and media information, so that the core network PCRF can know that this is not an ordinary charging or policy request message, but only returns to the private network of the terminal device. The identity information of the terminal device user corresponding to the IP. Through the method and device provided by the present application, when the user application or the external system needs to confirm or provide the user mobile phone number MSISDN when the user registers or uses the service, the identity information of the terminal device can be automatically obtained, and the user can manually enter the mobile phone number. MSISDN, reduced The situation of the interactive steps effectively improves the friendliness and ease of use of the current mobile Internet application, improves the interactive experience of the user using the application, and effectively uses the operator's user account as the mobile Internet ecosystem. An important identity account that enhances the operator's voice in the mobile Internet value chain.
更重要的是,通过本申请提供的装置,可以将运营商用户账号发展成为跨移动网络和互联网络通用的身份号码,渗透到各种移动互联网应用,可以无限放大运营商所管理的MSISDN手机号码和IMSI号码的价值,使之成为与超级互联网APP匹敌,甚至超越超级互联网APP的杀手级战略资源。可以极大地增强用户体验,最大限度地发挥网络价值,创造利润,增强运营商的市场竞争力。More importantly, through the device provided by the present application, the operator user account can be developed into an identity number that is common across mobile networks and the Internet, penetrates into various mobile Internet applications, and can infinitely enlarge the MSISDN mobile phone number managed by the operator. And the value of the IMSI number makes it a killer-level strategic resource that rivals the Super Internet App and even surpasses the Super Internet App. It can greatly enhance the user experience, maximize the value of the network, create profits, and enhance the market competitiveness of operators.
本申请实施例还提供一种计算机可读存储介质,存储有计算机可执行指令,所述计算机可执行指令被执行时实现上述识别终端设备用户身份的方法。The embodiment of the present application further provides a computer readable storage medium storing computer executable instructions, where the computer executable instructions are implemented to implement the method for identifying a user identity of a terminal device.
本领域普通技术人员可以理解上述方法中的全部或部分步骤可通过程序来指令相关硬件(例如处理器)完成,所述程序可以存储于计算机可读存储介质中,如只读存储器、磁盘或光盘等。可选地,上述实施例的全部或部分步骤也可以使用一个或多个集成电路来实现。相应地,上述实施例中的各模块/单元可以采用硬件的形式实现,例如通过集成电路来实现其相应功能,也可以采用软件功能模块的形式实现,例如通过处理器执行存储于存储器中的程序/指令来实现其相应功能。本申请不限制于任何特定形式的硬件和软件的结合。One of ordinary skill in the art will appreciate that all or a portion of the above steps may be performed by a program to instruct related hardware, such as a processor, which may be stored in a computer readable storage medium, such as a read only memory, disk or optical disk. Wait. Alternatively, all or part of the steps of the above embodiments may also be implemented using one or more integrated circuits. Correspondingly, each module/unit in the above embodiment may be implemented in the form of hardware, for example, by implementing an integrated circuit to implement its corresponding function, or may be implemented in the form of a software function module, for example, executing a program stored in the memory by a processor. / instruction to achieve its corresponding function. This application is not limited to any specific combination of hardware and software.
以上所述,仅为本申请的较佳实例而已,并非用于限定本申请的保护范围。凡在本申请的精神和原则之内,所做的任何修改、等同替换、改进等,均应包含在本申请的保护范围之内。The above descriptions are only preferred examples of the present application and are not intended to limit the scope of the present application. Any modifications, equivalent substitutions, improvements, etc. made within the spirit and principles of the present application are intended to be included within the scope of the present application.
工业实用性Industrial applicability
本申请实施例提供一种识别终端设备用户身份的方法及装置,可以将运营商用户的身份标志(MSISDN手机号码和IMSI号码)拓展到第三方各种APP、内容中,可在各种大数据场景下,发挥重要的作用。 The embodiment of the present invention provides a method and a device for identifying a user identity of a terminal device, which can extend an identity identifier (MSISDN mobile phone number and an IMSI number) of an operator user to various APPs and contents of a third party, and can be used in various big data. Under the scene, play an important role.

Claims (14)

  1. 一种识别终端设备用户身份的方法,包括:A method for identifying a user identity of a terminal device, comprising:
    接收到第三方针对终端设备发起的用户身份识别请求时,根据所述用户身份识别请求生成用户身份查询请求,将所生成的用户身份查询请求发送给核心网策略与计费规则功能单元PCRF,其中,所述用户身份查询请求中携带所述终端设备的网络协议IP地址,以指示PCRF根据所述用户身份查询请求中的IP地址,返回该IP地址所对应的用户身份信息;Receiving a user identity query request initiated by the third party for the terminal device, generating a user identity query request according to the user identity request, and sending the generated user identity query request to the core network policy and charging rule function unit PCRF, where The user identity query request carries the network protocol IP address of the terminal device, to instruct the PCRF to return the user identity information corresponding to the IP address according to the IP address in the user identity query request;
    当收到所述PCRF反馈的用户身份信息时,将收到的用户身份信息反馈给所述第三方。When receiving the user identity information fed back by the PCRF, the received user identity information is fed back to the third party.
  2. 如权利要求1所述的方法,其中,所述用户身份信息至少包括移动用户国际号码MSISDN和国际移动用户识别码IMSI。The method of claim 1 wherein said user identity information comprises at least a mobile subscriber international number MSISDN and an international mobile subscriber identity IMSI.
  3. 如权利要求1所述的方法,其中,所述用户身份查询请求为Rx接口消息。The method of claim 1 wherein the user identity query request is an Rx interface message.
  4. 如权利要求1至3任一项所述的方法,所述方法还包括:The method of any one of claims 1 to 3, the method further comprising:
    当收到所述PCRF反馈的用户身份信息时,根据所述PCRF反馈的用户身份信息识别出其他用户身份信息,将收到的用户身份信息及识别出的其他用户身份信息一起反馈给所述第三方;When receiving the user identity information fed back by the PCRF, identifying other user identity information according to the user identity information fed back by the PCRF, and feeding back the received user identity information and the identified other user identity information to the first Three parties;
    其中,所述其他用户身份信息至少包括用户地址、用户名称。The other user identity information includes at least a user address and a user name.
  5. 如权利要求4所述的方法,所述方法还包括:保存终端设备的所有用户身份信息,并从运营商的客户关系管理***获取并更新终端设备的用户身份信息,使保存的用户身份信息与运营商实际拥有的最新用户身份信息一致。The method according to claim 4, further comprising: saving all user identity information of the terminal device, and acquiring and updating user identity information of the terminal device from the operator relationship management system of the operator, so that the saved user identity information and The latest user identity information actually owned by the operator is consistent.
  6. 如权利要求4所述的方法,在接收到第三方针对终端设备发起的用户身份识别请求时,所述方法还包括:The method of claim 4, when receiving a user identity request initiated by a third party for the terminal device, the method further includes:
    对所述终端设备的客户端进行接入认证及用户授权;Performing access authentication and user authorization on the client of the terminal device;
    当所述终端设备的客户端通过接入认证和用户授权时,根据所述用户身份识别请求生成用户身份查询请求,并将所生成的用户身份查询请求发送给 所述PCRF。When the client of the terminal device passes the access authentication and the user authorization, generates a user identity query request according to the user identity identification request, and sends the generated user identity query request to the The PCRF.
  7. 一种识别终端设备用户身份的装置,包括应用交互模块、身份识别模块和网络交互模块,其中:An apparatus for identifying a user identity of a terminal device, comprising an application interaction module, an identity recognition module, and a network interaction module, wherein:
    所述应用交互模块,设置为:对第三方开放身份识别接口,接收第三方针对终端设备发起的用户身份识别请求,以及向所述第三方反馈用户身份识别请求所查询的终端设备的用户身份信息;The application interaction module is configured to: open an identity recognition interface to a third party, receive a user identity request initiated by the third party for the terminal device, and feed back the user identity information of the terminal device that is queried by the third party to the third party. ;
    所述身份识别模块,设置为根据所接收到的用户身份识别请求生成用户身份查询请求,其中,所述用户身份查询请求中携带所述终端设备的网络协议IP地址,以指示策略与计费规则功能单元PCRF根据所述用户身份查询请求中的IP地址,返回该IP地址所对应的用户身份信息,以及从接收到的用户身份查询请求的响应中获取所述第三方所查询的终端设备的用户身份信息并发送给所述应用交互模块;The identity identification module is configured to generate a user identity query request according to the received user identity request, where the user identity query request carries a network protocol IP address of the terminal device to indicate a policy and charging rule The function unit PCRF returns the user identity information corresponding to the IP address according to the IP address in the user identity query request, and obtains the user of the terminal device queried by the third party from the response of the received user identity query request. Identity information is sent to the application interaction module;
    所述网络交互模块,设置为将所述身份识别模块所生成的用户身份查询请求发送给核心网PCRF,并接收PCRF返回的用户身份查询请求的响应,将所述用户身份查询请求的响应返回给所述身份识别模块。The network interaction module is configured to send the user identity query request generated by the identity recognition module to the core network PCRF, and receive a response of the user identity query request returned by the PCRF, and return the response of the user identity query request to the The identity recognition module.
  8. 如权利要求7所述的装置,其中,所述用户身份信息至少包括移动用户国际号码MSISDN和国际移动用户识别码IMSI。The apparatus of claim 7, wherein said user identity information comprises at least a mobile subscriber international number MSISDN and an international mobile subscriber identity IMSI.
  9. 如权利要求7所述的装置,其中,所述用户身份查询请求为Rx接口消息。The apparatus of claim 7, wherein the user identity query request is an Rx interface message.
  10. 如权利要求7至9任一项所述的装置,其中,The apparatus according to any one of claims 7 to 9, wherein
    所述身份识别模块,还设置为根据用户身份查询请求的响应中的用户身份信息识别出其他用户身份信息,将收到的用户身份信息及识别出的其他用户身份信息一起反馈给所述应用交互模块,其中,所述其他用户身份信息至少包括用户地址、用户名称;The identity recognition module is further configured to: identify other user identity information according to the user identity information in the response of the user identity query request, and feed back the received user identity information and the identified other user identity information to the application interaction. a module, wherein the other user identity information includes at least a user address and a user name;
    所述应用交互模块,还设置为将所述身份识别模块发送的所有用户身份信息一起反馈给所述第三方。The application interaction module is further configured to feed back all the user identity information sent by the identity recognition module to the third party.
  11. 如权利要求10所述的装置,所述装置还包括:The device of claim 10, the device further comprising:
    身份信息模块,设置为保存终端设备的所有用户身份信息,并从运营商 的客户关系管理***获取并更新终端设备的用户身份信息,使保存的用户身份信息与运营商实际拥有的最新用户身份信息一致。Identity information module, set to save all user identity information of the terminal device, and from the operator The customer relationship management system acquires and updates the user identity information of the terminal device, so that the saved user identity information is consistent with the latest user identity information actually owned by the operator.
  12. 如权利要求10所述的装置,所述装置还包括:The device of claim 10, the device further comprising:
    接入认证模块,设置为在所述应用交互模块接收到第三方针对终端设备发起的用户身份识别请求时,对所述终端设备的客户端进行接入认证及用户授权;The access authentication module is configured to perform access authentication and user authorization on the client of the terminal device when the application interaction module receives the user identity request initiated by the third party for the terminal device;
    所述身份识别模块,设置为仅在所述终端设备的客户端通过接入认证和用户授权时,才生成所述用户身份查询请求。The identity recognition module is configured to generate the user identity query request only when the client of the terminal device passes the access authentication and the user authorization.
  13. 一种识别终端设备用户身份的装置,包括:A device for identifying a user identity of a terminal device, comprising:
    第一模块,设置为接收到仅携带终端设备的网络协议IP地址的Rx接口消息时,确定所述Rx接口消息为用户身份查询请求,根据所述用户身份查询请求中的IP地址,查询该IP地址所对应的用户身份信息;The first module is configured to: when receiving the Rx interface message that only carries the network protocol IP address of the terminal device, determine that the Rx interface message is a user identity query request, and query the IP address according to the IP address in the user identity query request. User identity information corresponding to the address;
    第二模块,设置为将所查询到的用户身份信息反馈给终端设备。The second module is configured to feed back the queried user identity information to the terminal device.
  14. 如权利要求13所述的装置,其中,所述用户身份信息至少包括移动用户国际号码MSISDN和国际移动用户识别码IMSI。 The apparatus of claim 13 wherein said user identity information comprises at least a mobile subscriber international number MSISDN and an International Mobile Subscriber Identity (IMSI).
PCT/CN2016/086028 2015-09-09 2016-06-16 Method and device for identifying user identity of terminal device WO2017041562A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201510570314.X 2015-09-09
CN201510570314.XA CN106534040A (en) 2015-09-09 2015-09-09 Method and device for identifying subscriber identity of terminal equipment

Publications (1)

Publication Number Publication Date
WO2017041562A1 true WO2017041562A1 (en) 2017-03-16

Family

ID=58239843

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2016/086028 WO2017041562A1 (en) 2015-09-09 2016-06-16 Method and device for identifying user identity of terminal device

Country Status (2)

Country Link
CN (1) CN106534040A (en)
WO (1) WO2017041562A1 (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107798601A (en) * 2017-12-08 2018-03-13 四川安亮科技有限公司 A kind of financial information inquiry terminating machine
EP3402238A1 (en) 2017-05-09 2018-11-14 Giesecke+Devrient Mobile Security GmbH Efficient user authentications
CN112565053A (en) * 2020-12-01 2021-03-26 武汉绿色网络信息服务有限责任公司 Method, device, service system and storage medium for identifying private network user
US11991525B2 (en) 2021-12-02 2024-05-21 T-Mobile Usa, Inc. Wireless device access and subsidy control

Families Citing this family (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106921957B (en) * 2017-03-23 2019-10-18 中国联合网络通信集团有限公司 The recognition methods of secondary number of distributing telephone numbers and device
CN109768947A (en) * 2017-11-09 2019-05-17 ***通信有限公司研究院 A kind of method for authenticating user identity, device and medium
CN110856164B (en) * 2018-08-21 2022-08-30 中国电信股份有限公司 User identification method, server and system
CN110049106B (en) * 2019-03-22 2022-02-08 口碑(上海)信息技术有限公司 Service request processing system and method
CN111132122B (en) * 2019-12-18 2023-01-17 南京熊猫电子股份有限公司 Method for identifying multi-system terminal user information based on short distance and mobile terminal sensing system

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2006016009A1 (en) * 2004-07-07 2006-02-16 France Telecom Method and device for processing a domain name translation request
WO2008092358A1 (en) * 2007-01-29 2008-08-07 Huawei Technologies Co., Ltd. A strategy performing method, system and network element
CN102857485A (en) * 2012-03-22 2013-01-02 孙银海 System and method capable of showing authentication success of website
CN103107976A (en) * 2011-11-10 2013-05-15 中国电信股份有限公司 Content provider/service provider (CP/SP) user identification authentication method and system and authentication support device
CN103812836A (en) * 2012-11-12 2014-05-21 孙银海 System and method for website to send user reserved information

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2006016009A1 (en) * 2004-07-07 2006-02-16 France Telecom Method and device for processing a domain name translation request
WO2008092358A1 (en) * 2007-01-29 2008-08-07 Huawei Technologies Co., Ltd. A strategy performing method, system and network element
CN103107976A (en) * 2011-11-10 2013-05-15 中国电信股份有限公司 Content provider/service provider (CP/SP) user identification authentication method and system and authentication support device
CN102857485A (en) * 2012-03-22 2013-01-02 孙银海 System and method capable of showing authentication success of website
CN103812836A (en) * 2012-11-12 2014-05-21 孙银海 System and method for website to send user reserved information

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP3402238A1 (en) 2017-05-09 2018-11-14 Giesecke+Devrient Mobile Security GmbH Efficient user authentications
CN107798601A (en) * 2017-12-08 2018-03-13 四川安亮科技有限公司 A kind of financial information inquiry terminating machine
CN112565053A (en) * 2020-12-01 2021-03-26 武汉绿色网络信息服务有限责任公司 Method, device, service system and storage medium for identifying private network user
WO2022116850A1 (en) * 2020-12-01 2022-06-09 武汉绿色网络信息服务有限责任公司 Method and device for identifying private network user, service system, and storage medium
US11991525B2 (en) 2021-12-02 2024-05-21 T-Mobile Usa, Inc. Wireless device access and subsidy control

Also Published As

Publication number Publication date
CN106534040A (en) 2017-03-22

Similar Documents

Publication Publication Date Title
WO2017041562A1 (en) Method and device for identifying user identity of terminal device
US8584231B2 (en) Service opening method and system, and service opening server
CN107209659B (en) Mobile authentication in mobile virtual networks
WO2021057889A1 (en) Data processing method and apparatus, electronic device, and storage medium
US9781255B1 (en) Authentication of phone call origination
EP2648392A1 (en) Application programming interface routing system and method of operating the same
US11658963B2 (en) Cooperative communication validation
WO2017036216A1 (en) Virtual number processing method and device
US20150207774A1 (en) Method and System of APP for Obtaining MAC Address of Terminal
CN110366159A (en) A kind of method and apparatus obtaining security strategy
US20210314156A1 (en) Authentication method, content delivery network cdn, and content server
CN110944319B (en) 5G communication identity verification method, equipment and storage medium
WO2017101186A1 (en) Method for establishing wireless connection for application of user equipment
CN111132305B (en) Method for 5G user terminal to access 5G network, user terminal equipment and medium
CN114025021A (en) Communication method, system, medium and electronic device across Kubernetes cluster
US10805780B1 (en) Mobile phone differentiated user set-up
US20160149854A1 (en) Framework for Application to Application Interworking in the M2M World
WO2017107653A1 (en) Mobile payment method, related device and system
US10129263B2 (en) Tokenization for network authorization routing
WO2013071836A1 (en) Method and apparatus for processing client application access authentication
CN114221959A (en) Service sharing method, device and system
US11595871B2 (en) Systems and methods for securely sharing context between MEC clusters
CN107770203B (en) Service request forwarding method, device and system
WO2015021842A1 (en) Method and apparatus of accessing ott application and method and apparatus of pushing message by server
EP4228303A1 (en) Communication system, communication method and communication apparatus

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 16843500

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 16843500

Country of ref document: EP

Kind code of ref document: A1