WO2024051742A1

WO2024051742A1 - Service processing method and apparatus, and network device and storage medium

Info

Publication number: WO2024051742A1
Application number: PCT/CN2023/117255
Authority: WO
Inventors: 白杰; 田野; 马洁; 粟栗
Original assignee: ***通信有限公司研究院; ***通信集团有限公司
Priority date: 2022-09-08
Filing date: 2023-09-06
Publication date: 2024-03-14
Also published as: CN117729539A

Abstract

The present disclosure belongs to the technical field of network security. Provided are a service processing method and apparatus, and a network device and a storage medium. The service processing method provided in the present disclosure comprises: receiving a first message sent by a first device; and determining the current processing stage according to the first message, or executing a first operation according to the first message.

Description

业务处理方法、装置、网络设备和存储介质Business processing methods, devices, network equipment and storage media

相关申请的交叉引用Cross-references to related applications

本申请主张在2022年9月8日在中国提交的中国专利申请号No.202211093563.0的优先权，其全部内容通过引用包含于此。This application claims priority to Chinese Patent Application No. 202211093563.0 filed in China on September 8, 2022, the entire content of which is incorporated herein by reference.

技术领域Technical field

本公开涉及网络安全技术领域，尤其涉及一种业务处理方法、装置、网络设备和存储介质。The present disclosure relates to the field of network security technology, and in particular, to a business processing method, device, network equipment and storage medium.

背景技术Background technique

通用引导架构(Generic Bootstrapping Architecture，GBA)是第三代合作伙伴计划(The 3rd Generation Partnership Project，3GPP)标准组织定义的一种基于第4代(the 4^th Generation，4G)/第5代(the 5^th Generation，5G)网络根密钥的通用认证架构。利用标准认证与密钥协商协议协议(Authentication and Key Agreement，AKA)的机制，GBA可在用户设备(User Equipment，UE)与网络之间实现双向身份认证及密钥共享。Generic Bootstrapping Architecture (GBA) is a 4th Generation ( ^4th Generation, 4G)/5th Generation (the A universal authentication architecture for root keys in ^5th Generation (5G) networks. Utilizing the standard Authentication and Key Agreement (AKA) mechanism, GBA can achieve two-way identity authentication and key sharing between user equipment (User Equipment, UE) and the network.

基于3GPP GBA规范，全球移动通信***协会(Global System for Mobile communications Association，GSMA)定义了一种增强型的GBA***及安全通信机制，使得运营商能够向终端及应用服务方提供开放的网络安全能力。其中，增强型GBA***以终端通用用户标识模块(Universal Subscriber Identity Module，USIM)卡与4G/5G网络间的共享密钥为信任根，无需预置任何其他安全凭证即可实现终端与应用服务器(Server)之间的相互认证，并协商、共享会话密钥，保障业务应用端到端通信安全。在增强型GBA流程中，网络应用功能(Network Application Function，NAF)/认证代理(Authentication Proxy，AP)网元部署在运营商网络侧，需要根据当前GBA流程所在的阶段，做出正确的处理。例如，在第三阶段，NAF/AP需要对接收到超文本传输协议(Hypertext Transfer Protocol，HTTP)消息做出直接响应；而在第四阶段，NAF/AP需要将HTTP消息转发给Server进行处理。 Based on the 3GPP GBA specification, the Global System for Mobile communications Association (GSMA) has defined an enhanced GBA system and secure communication mechanism to enable operators to provide open network security capabilities to terminals and application service providers. . Among them, the enhanced GBA system uses the shared key between the terminal's Universal Subscriber Identity Module (USIM) card and the 4G/5G network as the root of trust, and can realize the connection between the terminal and the application server ( Server), negotiate and share session keys to ensure end-to-end communication security of business applications. In the enhanced GBA process, the Network Application Function (NAF)/Authentication Proxy (AP) network element is deployed on the operator's network side, and correct processing needs to be made based on the current stage of the GBA process. For example, in the third stage, NAF/AP needs to respond directly to the received Hypertext Transfer Protocol (HTTP) message; while in the fourth stage, NAF/AP needs to forward the HTTP message to the server for processing.

但是，NAF/AP向Server转发的HTTP消息会导致Server将其作为异常情况来处理，返回HTTP 404错误响应，最终导致增强型GBA业务流程在第三阶段就被终止；二是造成增强型GBA机制在第四阶段的业务授权操作被绕过，带来安全问题。However, the HTTP message forwarded by NAF/AP to the server will cause the server to handle it as an exception and return an HTTP 404 error response, which will eventually cause the enhanced GBA business process to be terminated in the third stage; second, the enhanced GBA mechanism will be The business authorization operation in the fourth stage is bypassed, causing security issues.

同样，在3GPP应用层认证和密钥管理(Authentication and Key Management for Applications，AKMA)认证机制中也存在类似问题，AKMA的核心处理网元(如AAP、AF、AAnF等)无法根据当前AKMA认证流程所在的阶段做出正确的处理，导致AKMA认证机制出现异常情况。Similarly, there are similar problems in the 3GPP application layer authentication and key management (Authentication and Key Management for Applications, AKMA) authentication mechanism. AKMA’s core processing network elements (such as AAP, AF, AAnF, etc.) cannot be used according to the current AKMA authentication process. The correct processing was done at this stage, resulting in an abnormal situation in the AKMA authentication mechanism.

发明内容Contents of the invention

本公开提出了一种业务处理方法、装置、网络设备和存储介质，以解决相关技术中业务处理中的异常情况或安全问题。The present disclosure proposes a business processing method, device, network equipment and storage medium to solve abnormal situations or security issues in business processing in related technologies.

为了解决上述技术问题，本公开是这样实现的：In order to solve the above technical problems, the present disclosure is implemented as follows:

第一方面，本公开实施例提供了一种业务处理方法，所述方法包括：In a first aspect, embodiments of the present disclosure provide a business processing method, which includes:

接收第一设备发送的第一消息；receiving the first message sent by the first device;

根据所述第一消息确定当前的处理阶段，或根据所述第一消息执行第一操作。Determine the current processing stage according to the first message, or perform a first operation according to the first message.

可选的，所述第一消息包含指示当前的处理阶段的第一信息。Optionally, the first message includes first information indicating the current processing stage.

可选的，所述第一消息是HTTP请求消息，所述第一信息携带在所述HTTP请求消息的请求行、请求头以及消息体中的至少一处。Optionally, the first message is an HTTP request message, and the first information is carried in at least one of a request line, a request header, and a message body of the HTTP request message.

可选的，所述根据所述第一消息确定当前的处理阶段，或根据所述第一消息执行第一操作，包括：Optionally, determining the current processing stage based on the first message, or performing a first operation based on the first message includes:

根据第一消息中所述第一信息的取值确定当前的处理阶段，或，根据第一消息中所述第一信息的取值执行第一操作。Determine the current processing stage according to the value of the first information in the first message, or perform the first operation according to the value of the first information in the first message.

根据所述第一消息中包括第二信息或不包括第二信息，确定当前的处理阶段；Determine the current processing stage according to whether the first message includes the second information or does not include the second information;

或，根据所述第一消息中包括第二信息或不包括第二信息，执行第一操作。Or, perform the first operation according to whether the first message includes the second information or does not include the second information. do.

可选的，所述第一消息为HTTP请求消息，所述第二信息为HTTP请求消息的消息体。Optionally, the first message is an HTTP request message, and the second information is the message body of the HTTP request message.

可选的，所述第一消息为HTTP请求消息，所述第二信息为至少一个特定字段，所述至少一个特定字段位于所述HTTP请求消息的请求行、请求头以及消息体中的至少一处。Optionally, the first message is an HTTP request message, and the second information is at least one specific field. The at least one specific field is located in at least one of the request line, request header and message body of the HTTP request message. at.

可选的，所述根据所述第一消息确定当前的处理阶段，包括：Optionally, determining the current processing stage based on the first message includes:

根据所述第一消息确定当前的GBA处理阶段。The current GBA processing stage is determined based on the first message.

可选的，所述第一操作包括：Optionally, the first operation includes:

发送第二消息；Send a second message;

或发送第三消息；or send a third message;

或忽略所述第一消息不做处理。Or ignore the first message and do not process it.

可选的，所述发送第二消息包括：发送用于响应所述第一消息的第二消息。Optionally, sending the second message includes: sending a second message in response to the first message.

可选的，所述发送第三消息包括：向第二设备发送第三消息；Optionally, sending the third message includes: sending the third message to the second device;

其中，所述第三消息包括以下情形中的至少一种：Wherein, the third message includes at least one of the following situations:

第三消息为所述第一消息；The third message is the first message;

第三消息包括所述第一消息的部分或全部内容；The third message includes part or all of the content of the first message;

第三消息包括所述第一消息的部分或全部内容，还包括所述第二设备对应的第三信息。The third message includes part or all of the content of the first message, and also includes third information corresponding to the second device.

第二方面，本公开实施例提供了一种业务处理方法，所述方法包括：In a second aspect, embodiments of the present disclosure provide a business processing method, which method includes:

发送第一消息，以供第三设备根据所述第一消息确定当前的处理阶段，或根据所述第一消息执行第一操作。Send a first message for the third device to determine the current processing stage according to the first message, or to perform a first operation according to the first message.

可选的，所述第一消息中包括第二信息或不包括第二信息。Optionally, the first message includes the second information or does not include the second information.

可选的，所述第一消息为HTTP请求消息，所述第二信息为HTTP请求消息的消息体。 Optionally, the first message is an HTTP request message, and the second information is the message body of the HTTP request message.

第三方面，本公开实施例提供了一种业务处理装置，所述装置包括：In a third aspect, an embodiment of the present disclosure provides a business processing device, which includes:

接收模块，用于接收第一设备发送的第一消息；A receiving module, configured to receive the first message sent by the first device;

第一处理模块，用于根据所述第一消息确定当前的处理阶段，或根据所述第一消息执行第一操作。A first processing module, configured to determine the current processing stage according to the first message, or to perform a first operation according to the first message.

第四方面，本公开实施例提供了一种用户设备，包括：In a fourth aspect, embodiments of the present disclosure provide user equipment, including:

发送模块，用于发送第一消息，所述第一消息以供第三设备根据所述第一消息确定当前的处理阶段，或根据所述第一消息执行第一操作。A sending module, configured to send a first message for the third device to determine the current processing stage according to the first message, or to perform a first operation according to the first message.

第五方面，本公开实施例提供了一种网络设备，包括：处理器、存储器及存储在所述存储器上并可在所述处理器上运行的程序，所述程序被所述处理器执行时实现上述第一方面或第二方面的业务处理方法的步骤。In a fifth aspect, an embodiment of the present disclosure provides a network device, including: a processor, a memory, and a program stored on the memory and executable on the processor. When the program is executed by the processor Steps to implement the business processing method of the first aspect or the second aspect.

第六方面，本公开实施例提供了一种计算机可读存储介质，所述计算机可读存储介质上存储有计算机程序，所述计算机程序被处理器执行时实现上述第一方面或第二方面的业务处理方法的步骤。In a sixth aspect, embodiments of the present disclosure provide a computer-readable storage medium. A computer program is stored on the computer-readable storage medium. When the computer program is executed by a processor, the above-mentioned first or second aspects are implemented. The steps of the business process.

本公开实施例提供的技术方案带来的有益效果至少包括：通过接收第一设备发送的第一消息；根据所述第一消息确定当前的处理阶段，或根据所述第一消息执行第一操作；能够实现对处理阶段的确定，或者是执行第一次操作，以此避免处理过程中因处理阶段认知错误导致的异常情况或安全问题。The beneficial effects brought by the technical solutions provided by the embodiments of the present disclosure include at least: receiving the first message sent by the first device; determining the current processing stage according to the first message, or performing a first operation according to the first message. ; Able to determine the processing stage, or perform the first operation, so as to avoid abnormal situations or safety issues caused by cognitive errors in the processing stage during the processing.

附图说明Description of the drawings

通过阅读下文优选实施方式的详细描述，各种其他的优点和益处对于本领域普通技术人员将变得清楚明了。附图仅用于示出优选实施方式的目的，而并不认为是对本公开的限制。而且在整个附图中，用相同的参考符号表示相同的部件。在附图中：Various other advantages and benefits will become apparent to those of ordinary skill in the art upon reading the following detailed description of the preferred embodiments. The drawings are for the purpose of illustrating preferred embodiments only and are not to be considered limiting of the disclosure. Also throughout the drawings, the same reference characters are used to designate the same components. In the attached picture:

图1为本公开实施例提供的一种业务处理方法流程图；Figure 1 is a flow chart of a business processing method provided by an embodiment of the present disclosure;

图2为本公开实施例提供的一种GBA认证流程示意图；Figure 2 is a schematic diagram of a GBA authentication process provided by an embodiment of the present disclosure;

图3为本公开实施例提供的一种AKMA认证流程示意图； Figure 3 is a schematic diagram of an AKMA authentication process provided by an embodiment of the present disclosure;

图4为本公开实施例提供的一种HTTP请求报文格式的示意图；Figure 4 is a schematic diagram of an HTTP request message format provided by an embodiment of the present disclosure;

图5为本公开实施例提供的另一种业务处理方法流程图；Figure 5 is a flow chart of another business processing method provided by an embodiment of the present disclosure;

图6为本公开实施例提供的一种业务处理装置的结构示意图；Figure 6 is a schematic structural diagram of a business processing device provided by an embodiment of the present disclosure;

图7为本公开实施例提供的一种用户设备的结构示意图；Figure 7 is a schematic structural diagram of a user equipment provided by an embodiment of the present disclosure;

图8为本公开实施例提供的一种网络设备的结构示意图；Figure 8 is a schematic structural diagram of a network device provided by an embodiment of the present disclosure;

图9为本公开实施例提供的一种GBA认证流程阶段判定示意图。Figure 9 is a schematic diagram of stage determination of a GBA authentication process provided by an embodiment of the present disclosure.

具体实施方式Detailed ways

下面将结合本公开实施例中的附图，对本公开实施例中的技术方案进行清楚、完整地描述，显然，所描述的实施例是本公开一部分实施例，而不是全部的实施例。基于本公开中的实施例，本领域普通技术人员在没有作出创造性劳动前提下所获得的所有其他实施例，都属于本公开保护的范围。The technical solutions in the embodiments of the present disclosure will be clearly and completely described below with reference to the accompanying drawings in the embodiments of the present disclosure. Obviously, the described embodiments are part of the embodiments of the present disclosure, rather than all of the embodiments. Based on the embodiments in this disclosure, all other embodiments obtained by those of ordinary skill in the art without making creative efforts fall within the scope of protection of this disclosure.

为了方便理解本公开的技术方案，首先对实施例中出现的英文缩写专业术语进行介绍：In order to facilitate understanding of the technical solutions of the present disclosure, the English abbreviations and professional terms appearing in the embodiments are first introduced:

UE，User Equipment，用户设备；UE, User Equipment, user equipment;

Server，服务器；Server, server;

HTTP，Hypertext Transfer Protocol，超文本传输协议；HTTP, Hypertext Transfer Protocol, Hypertext Transfer Protocol;

BSF，Bootstrapping Server Function，通用服务功能；BSF, Bootstrapping Server Function, general service function;

HSS，Home Subscriber Server，归属签约用户服务器；HSS, Home Subscriber Server, belongs to the subscriber server;

NAF，Network Application Function，网络应用功能；NAF, Network Application Function, network application function;

AP，Authentication Proxy，认证代理；AP, Authentication Proxy, authentication proxy;

GBA，Generic Bootstrapping Architecture，通用引导架构；GBA, Generic Bootstrapping Architecture, general boot architecture;

AKA，Authentication and Key Agreement，认证与密钥协商协议；AKA, Authentication and Key Agreement, authentication and key agreement protocol;

AKMA，Authentication and Key Management for Applications，应用层认证和密钥管理；AKMA, Authentication and Key Management for Applications, application layer authentication and key management;

AF，Application Function，应用功能；AF, Application Function, application function;

AAP，AKMA Application Function Proxy，AKMA应用功能代理；AAP, AKMA Application Function Proxy, AKMA application function proxy;

AAnF，AKMA Anchor Function，AKMA锚点功能；AAnF, AKMA Anchor Function, AKMA anchor function;

A-KID，AKMA Key Identifier，AKMA密钥标识； A-KID, AKMA Key Identifier, AKMA key identification;

AF_ID，Application Function Identifier，应用功能标识。AF_ID, Application Function Identifier, application function identifier.

请参考图1，图1示出了本公开实施例提供的一种业务处理方法流程图，所述方法包括：Please refer to Figure 1, which shows a flow chart of a business processing method provided by an embodiment of the present disclosure. The method includes:

步骤11，接收第一设备发送的第一消息；Step 11: Receive the first message sent by the first device;

步骤12，根据所述第一消息确定当前的处理阶段，或根据所述第一消息执行第一操作。Step 12: Determine the current processing stage according to the first message, or perform a first operation according to the first message.

具体的，这里的处理阶段在不同的实施场景下可能对应不同的概念。Specifically, the processing stages here may correspond to different concepts in different implementation scenarios.

例如，图2示意了GBA认证流程中包括：第一阶段初始化、第二阶段引导、第三阶段引导安全关联使用、第四阶段应用安全关联使用。(Step I:Initiation of Bootstrapping；Step II:Bootstrapping；Step III:Bootstrapped Security Association Usage；Step IV:Application Security Association Usage)本公开实施例提供的方法可以根据第一消息确定当前处于第三阶段或第四阶段。For example, Figure 2 illustrates that the GBA authentication process includes: first-stage initialization, second-stage boot, third-stage boot security association use, and fourth-stage application security association use. (Step I: Initiation of Bootstrapping; Step II: Bootstrapping; Step III: Bootstrapped Security Association Usage; Step IV: Application Security Association Usage) The method provided by the embodiment of the present disclosure can determine that it is currently in the third stage or the fourth stage based on the first message stage.

再例如，图3示意了AKMA认证流程中包括：安全关联使用阶段(也可以被称为AKMA安全关联使用阶段，对应图3里的步骤1-5)、应用安全关联使用阶段(对应图3里的步骤6及步骤6的后续步骤)。这里的阶段的名字仅为示例，在实际应用中，本领域技术人员可根据不同情况对各个阶段有不同的称呼。本公开实施例提供的方法可以根据第一消息确定当前处于安全关联使用阶段或应用安全关联使用阶段。或者在实际应用中，本领域技术人员也可以不做阶段的划分，而是可以根据第一消息确定执行第一操作。As another example, Figure 3 illustrates the AKMA certification process including: security association usage phase (also called the AKMA security association usage phase, corresponding to steps 1-5 in Figure 3), application security association usage phase (corresponding to Figure 3 of step 6 and the subsequent steps of step 6). The names of the stages here are only examples. In actual applications, those skilled in the art may call each stage differently according to different situations. The method provided by the embodiment of the present disclosure can determine that the current state is in the security association use stage or the application security association use stage based on the first message. Or in practical applications, those skilled in the art may not divide the stages, but may determine to perform the first operation based on the first message.

示例性的，AKMA认证在前提条件阶段，UE和鉴权服务功能(Authentication Server Function，AUSF)、AAnF进行主认证并建立K_AKMA。Exemplarily, in the prerequisite phase of AKMA authentication, the UE and the Authentication Server Function (AUSF) and AAnF perform main authentication and establish _KAKMA .

在AKMA认证步骤6之后的后续步骤包括：Next steps after AKMA certification step 6 include:

1、UE发送应用层会话建立请求，在应用会话建立请求消息中包括导出的A-KID。1. The UE sends an application layer session establishment request, and includes the exported A-KID in the application session establishment request message.

2、如果AAP没有与A-KID相关联的活动上下文，则AAP选择AAnF，并将密钥请求消息发送给AAnF，请求消息中包括A-KID和AF_ID。2. If the AAP does not have an active context associated with A-KID, the AAP selects AAnF and sends a key request message to AAnF. The request message includes A-KID and AF_ID.

3、AAnF从K_AKMA中推导出密钥K_AF。3. AAnF derives the key K _AF from K _AKMA .

4、AAnF向AAP发送密钥响应消息，消息中包含密钥K_AF、A-KID和AF_ID。 4. AAnF sends a key response message to AAP, which contains the key K _AF , A-KID and AF_ID.

5、AAP向UE发送应用层会话建立响应消息。5. The AAP sends an application layer session establishment response message to the UE.

6、UE发送应用层会话建立请求，在应用会话建立请求消息中包括导出的A-KID。6. The UE sends an application layer session establishment request, and includes the exported A-KID in the application session establishment request message.

7、AAP根据密钥获取方式与AF交互，支持两种密钥获取方式：第一种是由AAP向AF主动推送密钥，第二种是由AF主动向AAP申请获取密钥。7. AAP interacts with AF according to the key acquisition method and supports two key acquisition methods: the first is for AAP to actively push the key to AF, and the second is for AF to actively apply to AAP for the key.

8、AAP与AF交互密钥后，向UE发送应用层会话建立响应消息。8. After exchanging keys with the AF, the AAP sends an application layer session establishment response message to the UE.

9、UE和AF之间进行后续业务数据的安全交互。9. Secure interaction of subsequent business data between UE and AF.

这里的阶段，也可以被称为是步骤、过程、流程等。The stages here can also be called steps, processes, processes, etc.

在一些实施例中，所述第一消息包含指示当前的处理阶段的第一信息。In some embodiments, the first message contains first information indicating the current processing stage.

具体的，第一信息也即为第一标识；可以通过第一标识确定当前的处理阶段、或根据第一表示执行第一操作，第一标识可以根据流程的不同，以及第一消息的种类，根据具体情况进行设置。Specifically, the first information is also the first identifier; the current processing stage can be determined through the first identifier, or the first operation can be performed according to the first representation. The first identifier can be based on different processes and the type of the first message. Set up accordingly.

在一些实施例中，所述第一消息是HTTP请求消息，所述第一信息携带在所述HTTP请求消息的请求行、请求头以及消息体中的至少一处。具体的，这里的HTTP请求消息的请求行也可以被称为request line等；In some embodiments, the first message is an HTTP request message, and the first information is carried in at least one of a request line, a request header, and a message body of the HTTP request message. Specifically, the request line of the HTTP request message here can also be called request line, etc.;

这里的HTTP请求消息的请求头也可以被称为header、message header等；The request header of the HTTP request message here can also be called header, message header, etc.;

这里的消息体也可以被称为是请求体、请求数据、body、Entity body等。The message body here can also be called request body, request data, body, Entity body, etc.

这里的第一信息可以携带在请求行、请求头以及请求体某一部分中。第一信息可以分为多个部分，可以分散在请求行、请求头以及请求体中某一部分或某几个部分中；也可以分散在请求行、请求头以及请求体中某一处的不连续的位置中。The first information here can be carried in the request line, request header, and a certain part of the request body. The first information can be divided into multiple parts, which can be scattered in one or more parts of the request line, request header, and request body; it can also be scattered in a discontinuous place somewhere in the request line, request header, and request body. in the position.

示例性的，在增强型GBA***中，在UE侧，通过在UE发送的HTTP请求消息中携带第一标识的方法使，参考图2中的“网络应用功能/认证代理，NAF/AP”知晓当前GBA流程所处的阶段，进而执行正确操作。Exemplarily, in the enhanced GBA system, on the UE side, the first identifier is carried in the HTTP request message sent by the UE, referring to the "Network Application Function/Authentication Agent, NAF/AP" in Figure 2. The current stage of the GBA process to perform the correct operation.

示例性的，参考图4示出了HTTP请求报文的格式，HTTP请求报文主要由请求行、请求头和请求体(即消息体)组成。其中，HTTP请求头中包含若干个头部字段，由关键字/值对组成，每行一对，关键字和值用英文冒号“:”分隔。典型的头部字段包括User-Agent、Accept、Host等。在HTTP消息的请求体中，会存放业务数据。 Exemplarily, reference is made to FIG. 4 , which shows the format of an HTTP request message. The HTTP request message mainly consists of a request line, a request header, and a request body (ie, message body). Among them, the HTTP request header contains several header fields, consisting of keyword/value pairs, one pair per line, and the keywords and values are separated by English colons ":". Typical header fields include User-Agent, Accept, Host, etc. Business data will be stored in the request body of the HTTP message.

在一些实施例中，所述根据所述第一消息确定当前的处理阶段，或根据所述第一消息执行第一操作，包括：In some embodiments, determining the current processing stage according to the first message, or performing a first operation according to the first message includes:

示例性的，如在使用HTTP请求消息中的请求行、或者请求头作为第一标识，用于指示流程的不同阶段时，以GBA认证流程为例，在符合取值规范要求的前提下，可选择请求行、或者请求头中的现有元素作为指示标识，指示方式包括：For example, when using the request line or request header in the HTTP request message as the first identifier to indicate different stages of the process, taking the GBA authentication process as an example, on the premise that the value specifications are met, the Select the request line or an existing element in the request header as the indication identifier. The indication methods include:

使用显式的数字来指示不同的阶段，如3表示第三阶段，4表示第四阶段；Use explicit numbers to indicate different stages, such as 3 for the third stage and 4 for the fourth stage;

使用显式的字符来指示不同的阶段，如stage3表示第三阶段，stage4表示第四阶段。Use explicit characters to indicate different stages, such as stage3 for the third stage and stage4 for the fourth stage.

或，根据所述第一消息中包括第二信息或不包括第二信息，执行第一操作。Or, perform the first operation according to whether the first message includes the second information or does not include the second information.

示例性的，如在使用HTTP请求消息中的请求行、或者请求头作为第一标识，用于指示流程的不同阶段时，以GBA认证流程为例：For example, when using the request line or request header in the HTTP request message as the first identifier to indicate different stages of the process, take the GBA authentication process as an example:

使用显式的标识(数字或字符)来指示第三阶段，使用隐式的标识(不带有指示标识)来指示第四阶段；使用显式的标识(数字或字符)来指示第四阶段，使用隐式的标识(不带有指示标识)来指示第三阶段。Use an explicit identifier (number or character) to indicate the third stage, use an implicit identifier (without an indicator) to indicate the fourth stage; use an explicit identifier (number or character) to indicate the fourth stage, Use implicit flags (without directive flags) to indicate the third phase.

示例性的，如在使用HTTP请求消息中的请求体指示流程的不同阶段时，以GBA认证流程为例，可通过是否携带消息体进行指示。For example, when using the request body in the HTTP request message to indicate different stages of the process, taking the GBA authentication process as an example, the indication can be made by whether the message body is carried.

通过是否携带消息体进行指示，具体的，在HTTP请求消息的消息体中，会存放业务数据。结合图2示意的GBA认证流程，当UE发送的HTTP请求消息中带有应用层业务数据时，说明该消息需要Server来收发处理，此时NAF/AP应将消息转发给Server。当UE发送的HTTP请求消息中不带有应用层业务数据时，说明该消息不需要Server来处理，则NAF/AP不应将消息转发给Server。The indication is given by whether to carry the message body. Specifically, the business data will be stored in the message body of the HTTP request message. Combined with the GBA authentication process shown in Figure 2, when the HTTP request message sent by the UE contains application layer service data, it means that the message needs to be sent and received by the Server. At this time, the NAF/AP should forward the message to the Server. When the HTTP request message sent by the UE does not contain application layer service data, it means that the message does not need to be processed by the server, and the NAF/AP should not forward the message. Sent to Server.

根据上述原则，UE在发送HTTP请求消息时，可根据不同的阶段决定是否携带消息体。例如，在第三阶段，UE发送的HTTP请求消息中不应带有消息体；在第四阶段，UE发送的HTTP请求消息中应带有消息体。由此NAF/AP可根据UE发送的HTTP请求消息中是否携带消息体来判断当前GBA认证流程所处的阶段。NAF/AP在收到UE发送的HTTP请求消息后，先使用GBA会话密钥对消息进行HTTP摘要(Digest)鉴权。鉴权通过后，NAF/AP增加判断机制，如果UE发送的HTTP请求消息中不带有消息体，表明当前处于第三阶段，NAF/AP应向UE回复HTTP 200 OK，同时不会将该消息转发给Server；如果UE发送的HTTP请求消息中带有消息体，当前处于第四阶段，NAF/AP应根据预先设置的Ks_NAF*密钥获取方式进行处理。According to the above principles, when sending an HTTP request message, the UE can decide whether to carry the message body according to different stages. For example, in the third phase, the HTTP request message sent by the UE should not contain a message body; in the fourth phase, the HTTP request message sent by the UE should contain a message body. Therefore, NAF/AP can determine the stage of the current GBA authentication process based on whether the HTTP request message sent by the UE carries a message body. After receiving the HTTP request message sent by the UE, the NAF/AP first uses the GBA session key to perform HTTP digest (Digest) authentication on the message. After the authentication is passed, NAF/AP adds a judgment mechanism. If the HTTP request message sent by the UE does not contain a message body, it indicates that it is currently in the third stage. NAF/AP should reply HTTP 200 OK to the UE and will not send the message Forwarded to the Server; if the HTTP request message sent by the UE contains a message body, it is currently in the fourth stage, and the NAF/AP should process it according to the preset Ks_NAF* key acquisition method.

在一些实施例中，所述第一消息为HTTP请求消息，所述第二信息为HTTP请求消息的消息体。In some embodiments, the first message is an HTTP request message, and the second information is the message body of the HTTP request message.

需要说明的是，目前的GBA认证流程中第三阶段和第四阶段的HTTP请求消息中都包含有消息体，导致NAF/AP无法区分当前所处的处理阶段，出现背景技术中提到的问题。本公开实施例提供的方法中：在GBA认证流程的第三阶段，由于该阶段无需传输业务数据，因此终端发送的HTTP请求消息不携带消息体；在GBA认证流程的第四阶段，由于需要传输业务数据，终端发送的HTTP请求消息携带消息体。通过是否携带有消息体，接收端即可简单的判断出当前所处的GBA认证流程。且这种方式对于终端来说，仅仅是选择是否携带消息体，实现简单，改造成本低；对于网络侧设备来说易于判断，具有较好的兼容性，易于大规模部署。It should be noted that the HTTP request messages in the third and fourth stages of the current GBA authentication process contain message bodies, causing NAF/AP to be unable to distinguish the current processing stage, resulting in the problems mentioned in the background technology. . In the method provided by the embodiment of the present disclosure: in the third stage of the GBA authentication process, since there is no need to transmit business data at this stage, the HTTP request message sent by the terminal does not carry the message body; in the fourth stage of the GBA authentication process, since it is necessary to transmit Business data, the HTTP request message sent by the terminal carries the message body. By whether it carries a message body, the receiving end can simply determine the current GBA authentication process. For the terminal, this method only needs to choose whether to carry the message body, which is simple to implement and has low transformation cost. It is easy to judge for network-side devices, has good compatibility, and is easy to deploy on a large scale.

在一些实施例中，所述第一消息为HTTP请求消息，所述第二信息为至少一个特定字段，所述至少一个特定字段位于所述HTTP请求消息的请求行、请求头以及消息体中的至少一处。In some embodiments, the first message is an HTTP request message, and the second information is at least one specific field. The at least one specific field is located in the request line, request header, and message body of the HTTP request message. At least one place.

示例性的，所述第二信息为一个字段，可以位于请求行、请求头以及消息体中的某一处；For example, the second information is a field, which can be located somewhere in the request line, request header, and message body;

或，第二信息为多个字段，可以位于请求行、请求头以及消息体中的某一处连续或不连续的位置；也可以分散在请求行、请求头以及消息体中的多处。 Or, the second information is multiple fields, which may be located at a continuous or discontinuous position in the request line, request header, and message body; or may be dispersed in multiple locations in the request line, request header, and message body.

示例性的，可以使用请求行中的统一资源定位***(Uniform Resource Locator，URL)，通过增加新的指示值作为指示标识，当URL为“URI；stage3”时，表示当前处于第三阶段；当URL为“URI；stage4”时，表示当前处于第四阶段，其中，URI为统一资源标识符(Uniform Resource Identifier)。NAF/AP在收到UE发送的HTTP请求消息后，先使用GBA会话密钥对消息进行HTTP Digest鉴权。鉴权通过后，NAF/AP增加判断机制，根据消息中URL来判断当前所处的GBA认证流程阶段。如果判断当前处于第三阶段，NAF/AP应向UE回复HTTP 200 OK，不将该消息转发给Server；如果判断当前处于第四阶段，NAF/AP应根据预先设置的Ks_NAF*密钥获取方式进行处理。For example, you can use the Uniform Resource Locator (URL) in the request line to add a new indication value as the indication identifier. When the URL is "URI; stage3", it means that it is currently in the third stage; when When the URL is "URI; stage4", it means that it is currently in the fourth stage, where URI is the Uniform Resource Identifier (Uniform Resource Identifier). After receiving the HTTP request message sent by the UE, the NAF/AP first uses the GBA session key to perform HTTP Digest authentication on the message. After the authentication is passed, NAF/AP adds a judgment mechanism to judge the current GBA authentication process stage based on the URL in the message. If it is determined that it is currently in the third stage, NAF/AP should reply HTTP 200 OK to the UE and not forward the message to the server; if it is determined that it is currently in the fourth stage, NAF/AP should obtain the Ks_NAF* key based on the preset method. deal with.

示例性的，通过请求头中的现有字段进行指示，如使用HTTP请求消息中的现有字段作为指示标识，用于指示GBA认证流程的不同阶段。例如，可以使用请求头中的Host字段，在字段值的后面增加新的指示值作为指示标识，当Host字段值为“ServerFQDN；stage3”时，表示当前处于第三阶段；当Host字段值为“ServerFQDN；stage4”时，表示当前处于第四阶段，其中，FQDN为完全限定域名(Fully Qualified Domain Name)。For example, the indication is made through existing fields in the request header, such as using existing fields in the HTTP request message as indication identifiers to indicate different stages of the GBA authentication process. For example, you can use the Host field in the request header and add a new indicator value after the field value as an indicator. When the Host field value is "ServerFQDN; stage3", it means that it is currently in the third stage; when the Host field value is " ServerFQDN; stage4" means that it is currently in the fourth stage, in which FQDN is a fully qualified domain name (Fully Qualified Domain Name).

示例性的，通过请求头中的新增字段进行指示，在HTTP请求消息的请求头中新增头部字段作为指示标识，用于指示GBA认证流程的不同阶段。例如，在请求头中新增名为“gba-stage”的头部字段，当字段值为“stage3”时，表示当前处于第三阶段；当字段值为“stage4”时，表示当前处于第四阶段。For example, the indication is provided through a new field in the request header, and a new header field is added as an indication mark in the request header of the HTTP request message to indicate different stages of the GBA authentication process. For example, add a header field named "gba-stage" to the request header. When the field value is "stage3", it means that the current stage is in the third stage; when the field value is "stage4", it means that the current stage is in the fourth stage. stage.

如通过以下字段实现：For example, through the following fields:

“GET/HTTP/1.1"GET/HTTP/1.1

Host:xxxxxxHost:xxxxxx

Accept:*/*Accept:*/*

User-Agent:3gpp-gbaUser-Agent:3gpp-gba

XxxxxxXxxxxxx

.........

gba-stage:stage3/stage4”。gba-stage:stage3/stage4".

示例性的，还可以通过另一种方式使用HTTP请求消息中的请求体来指示流程阶段，如UE在发送HTTP请求消息时，在第三阶段和第四阶段均可携带消息体，通过在消息体中新增字段作为指示标识，来指示当前GBA认证流程所处的阶段，实现方式以及处理流程与前述的其他实施方式相同。For example, the request body in the HTTP request message can also be used in another way to indicate the process stage. For example, when the UE sends the HTTP request message, it can be in the third stage or the fourth stage. The message body is carried, and a new field is added in the message body as an indicator to indicate the stage of the current GBA authentication process. The implementation method and processing flow are the same as the other aforementioned embodiments.

在一些实施例中，所述根据所述第一消息确定当前的处理阶段，包括：In some embodiments, determining the current processing stage according to the first message includes:

在一些实施例中，所述第一操作包括：In some embodiments, the first operation includes:

发送第二消息；Send second message;

或发送第三消息；or send a third message;

具体的，发送第二消息，如参考图2示出的GBA认证流程，发送第二消息对应于图2中第三阶段中的发送HTTP 200K；参考图3示出的AKAM认证流程，对应于图3中示出的步骤5“应用层会话建立响应”。Specifically, sending the second message, such as referring to the GBA authentication process shown in Figure 2, sending the second message corresponds to sending HTTP 200K in the third stage in Figure 2; referring to the AKAM authentication process shown in Figure 3, corresponding to Figure Step 5 "Application Layer Session Establishment Response" shown in 3.

具体的，发送第三消息，如参考图2示出的GBA认证流程，发送第三消息对应于图2中第四阶段中示出的步骤可选方式1或者可选方式2中的HTTP请求消息；参考图3示出的AKAM认证流程，对应于图3中示出的步骤可选方式1或者可选方式2中的HTTP请求消息。Specifically, sending the third message, for example, with reference to the GBA authentication process shown in Figure 2, sending the third message corresponds to the HTTP request message in optional mode 1 or optional mode 2 of the step shown in the fourth stage in Figure 2 ; Refer to the AKAM authentication process shown in Figure 3, which corresponds to the HTTP request message in the optional method 1 or optional method 2 of the steps shown in Figure 3.

以GBA认证流程为例，对于UE侧，UE发送HTTP请求消息时，由应用软件或调制解调器(Modem)对作为指示标识的值进行填充。对于NAF/AP侧，新增判断机制，根据HTTP消息中的指示标识来判断当前的GBA认证流程阶段，然后采取相应的处理方式。Taking the GBA authentication process as an example, on the UE side, when the UE sends an HTTP request message, the application software or modem fills in the value as the indication identifier. For the NAF/AP side, a new judgment mechanism is added to judge the current GBA authentication process stage based on the indication mark in the HTTP message, and then take corresponding processing methods.

此外，在第四阶段NAF/AP向Server转发UE的HTTP请求消息时，可以选择如下处理方式：In addition, when NAF/AP forwards the UE's HTTP request message to the server in the fourth phase, you can choose the following processing method:

保留消息中的指示标识；Retain the instruction mark in the message;

将消息中的指示标识删除后再转发给Server，避免在现有元素中增加的指示标识可能影响正常业务。Delete the indicator in the message before forwarding it to the server to avoid adding an indicator to existing elements that may affect normal business.

在一些实施例中，所述发送第二消息包括：发送用于响应所述第一消息的第二消息。In some embodiments, sending the second message includes sending a second message in response to the first message.

在一些实施例中，所述发送第三消息包括：向第二设备发送第三消息；In some embodiments, sending the third message includes: sending the third message to the second device;

第三消息为所述第一消息； The third message is the first message;

第三消息包括所述第一消息的部分或全部内容，还包括所述第二设备对应的第三信息。值得注意的是，这里的第三信息可以有多种情况。当本公开实施例应用于GBA流程中，所述第三信息为GBA应用层会话密钥。当本公开实施例应用于AKMA流程中，所述第三信息可以是为对应的Server(也即第二设备)提供的密钥。需要说明的是，以上两种仅为示例，在实际情况中，第三信息不仅限于密钥，还可以是供第二设备所用的其他信息。当然这里的第三消息还可以包括密钥生存期等其他信息。The third message includes part or all of the content of the first message, and also includes third information corresponding to the second device. It is worth noting that the third information here can have multiple situations. When the embodiment of the present disclosure is applied to the GBA process, the third information is the GBA application layer session key. When the embodiment of the present disclosure is applied to the AKMA process, the third information may be a key provided for the corresponding Server (that is, the second device). It should be noted that the above two are only examples. In actual situations, the third information is not limited to the key, but may also be other information used by the second device. Of course, the third message here may also include other information such as the key lifetime.

综上所述，本公开实施例提供的业务处理方法，能够实现以下技术效果：To sum up, the business processing method provided by the embodiments of the present disclosure can achieve the following technical effects:

能够在针对业务处理的各阶段，对通过第一消息明确流程的阶段，或者是执行第一操作，从而防止绕过流程阶段，提高业务***的安全性，并且能够提高业务处理***的兼容性，避免一些异常情况的发生。At each stage of business processing, the stage of the process can be clarified through the first message, or the first operation can be performed, thereby preventing bypassing of the process stage, improving the security of the business system, and improving the compatibility of the business processing system. Avoid some abnormal situations.

具体的，在GBA认证流程中，能够通过UE指示的方法，使得NAF/AP能够明确区分了增强型GBA认证流程的第三阶段和第四阶段，防止在第四阶段的业务授权操作被绕过，提高增强型GBA***的安全性；消除Server对异常情况处理返回的HTTP 404错误响应，避免增强型GBA业务流程被异常终止；降低对现有标准GBA处理机制的影响，避免终端Modem芯片改造，提高增强型GBA机制的兼容性和可实现性。Specifically, in the GBA authentication process, the NAF/AP can clearly distinguish the third and fourth stages of the enhanced GBA authentication process through the method indicated by the UE, preventing the business authorization operation in the fourth stage from being bypassed. , improve the security of the enhanced GBA system; eliminate the HTTP 404 error response returned by the server when handling abnormal situations, and prevent the enhanced GBA business process from being abnormally terminated; reduce the impact on the existing standard GBA processing mechanism, and avoid terminal Modem chip modification. Improve the compatibility and implementability of the enhanced GBA mechanism.

其次，在AKAM认证流程中，能够根据第一消息确定当前处于安全关联使用阶段或应用安全关联使用阶段，避免异常情况的发生，从而提高业务流程的安全性和兼容性。Secondly, in the AKAM authentication process, it can be determined based on the first message that it is currently in the security association use stage or the application security association use stage, so as to avoid abnormal situations and thereby improve the security and compatibility of the business process.

参考图9为本公开实施例提供的一种GBA认证流程阶段判断示意图，结合图9以及图2、图3对本公开实施例提供的业务处理方法做进一步说明：Referring to Figure 9, which is a schematic diagram of stage judgment of the GBA authentication process provided by the embodiment of the present disclosure, the business processing method provided by the embodiment of the present disclosure is further explained in conjunction with Figure 9, Figure 2, and Figure 3:

图9中示意了GBA认证流程中在NAF/AP收到UE发送的HTTP请求消息时，如何进行阶段判定，并进行对应的消息处理流程。图9中示意的阶段判定对应于图2中在第三或者第四阶段中的HTTP Digest验证后的阶段判定步骤，具体步骤如下：Figure 9 illustrates how the NAF/AP performs stage determination and performs the corresponding message processing process when receiving the HTTP request message sent by the UE in the GBA authentication process. The stage determination illustrated in Figure 9 corresponds to the stage determination steps after HTTP Digest verification in the third or fourth stage in Figure 2. The specific steps are as follows:

步骤901，NAF/AP收到UE发送的HTTP请求消息；Step 901, NAF/AP receives the HTTP request message sent by the UE;

步骤902，NAF/AP使用GBA会话密钥对收到的HTTP请求消息进行 HTTP Digest鉴权；Step 902: NAF/AP uses the GBA session key to process the received HTTP request message. HTTP Digest authentication;

步骤903，鉴权通过后，NAF/AP检查HTTP请求消息中的指示标识(请求行、请求头、消息体)所指示的阶段；Step 903: After the authentication is passed, NAF/AP checks the stage indicated by the indication identifier (request line, request header, message body) in the HTTP request message;

步骤904，当判定结果为HTTP请求处于第三阶段时，NAF/AP向UE回复HTTP 200 OK，不会将UE发送的HTTP请求消息转发给Server；Step 904, when the determination result is that the HTTP request is in the third stage, NAF/AP replies HTTP 200 OK to the UE and will not forward the HTTP request message sent by the UE to the server;

步骤905，当判定结果为HTTP请求处于第四阶段时，NAF/AP根据设置的密钥获取方式，采取相应的处理方式(处理方式包括：Server主动向NAF/AP申请，或者，NAF/AP主动向Server推送)；Step 905: When the determination result is that the HTTP request is in the fourth stage, NAF/AP takes corresponding processing methods according to the set key acquisition method (processing methods include: Server actively applies to NAF/AP, or NAF/AP actively push to Server);

步骤906，进行后续处理流程。Step 906, perform subsequent processing procedures.

在上述步骤901-906中，在GBA认证流程中加入了“阶段判定”步骤，参考图2，在GBA认证流程的第三或者第四阶段中的HTTP Digest验证后的阶段判定步骤，通过该“阶段判定”步骤实现对业务阶段的判断。In the above steps 901-906, a "stage determination" step is added to the GBA authentication process. Refer to Figure 2. In the third or fourth stage of the GBA authentication process, the stage determination step after HTTP Digest verification is passed. The "Stage Determination" step realizes the judgment of the business stage.

值得注意的是，参考图3中，在AKMA认证流程中的步骤“4.密钥响应消息”和“6.应用层会话建立请求(A-KID)”之后，都有新增的“阶段判定”步骤，新增的“阶段判定”步骤对应于本公开对业务流程处理中加入的阶段判定步骤，通过该“阶段判定”步骤实现对业务阶段的判断。It is worth noting that, referring to Figure 3, after the steps "4. Key response message" and "6. Application layer session establishment request (A-KID)" in the AKMA authentication process, there is a new "stage determination" " step, the newly added "stage determination" step corresponds to the stage determination step added to the business process processing in this disclosure, and the judgment of the business stage is realized through this "stage determination" step.

图5示出了本公开实施例提供的另一种业务处理方法，所述方法包括：Figure 5 shows another business processing method provided by an embodiment of the present disclosure. The method includes:

步骤51，发送第一消息，以供第三设备根据所述第一消息确定当前的处理阶段，或根据所述第一消息执行第一操作。Step 51: Send a first message for the third device to determine the current processing stage based on the first message, or to perform a first operation based on the first message.

具体的，图5中示出的业务处理方法应用于用户设备UE，用户设备UE能够通过该方法向其他设备发送消息或者请求。可选的，所述第一消息包含指示当前的处理阶段的第一信息。Specifically, the service processing method shown in Figure 5 is applied to the user equipment UE, and the user equipment UE can send messages or requests to other devices through this method. Optionally, the first message includes first information indicating the current processing stage.

可选的，所述第一消息为HTTP请求消息，所述第二信息为至少一个特定字段，所述至少一个特定字段位于所述HTTP请求消息的请求行、请求头以及消息体中的至少一处。Optionally, the first message is an HTTP request message, and the second information is at least one specific field. The at least one specific field is located in the request line and request header of the HTTP request message. and at least one place in the message body.

综上所述，本公开实施例提供的业务处理方法，能够与本公开第一方面提供的业务处理方法互相对应，以应用于业务处理方法对应的用户设备端，能够实现本公开第一方面提供的业务处理方法的全部技术效果，此处不再赘述。To sum up, the business processing method provided by the embodiment of the present disclosure can correspond to the business processing method provided by the first aspect of the present disclosure, and can be applied to the user equipment side corresponding to the business processing method, and can realize the business processing method provided by the first aspect of the present disclosure. All the technical effects of the business processing method will not be repeated here.

请参考图6，本公开实施例提供了一种业务处理装置60，所述装置60包括：Referring to Figure 6, an embodiment of the present disclosure provides a business processing device 60. The device 60 includes:

接收模块61，用于接收第一设备发送的第一消息；The receiving module 61 is used to receive the first message sent by the first device;

处理模块62，用于根据所述第一消息确定当前的处理阶段，或根据所述第一消息执行第一操作。The processing module 62 is configured to determine the current processing stage according to the first message, or to perform a first operation according to the first message.

可选的，所述处理模块62还用于：Optionally, the processing module 62 is also used to:

发送第二消息； Send second message;

或发送第三消息；or send a third message;

可选的，所述处理模块62还用于发送第二消息包括：发送用于响应所述第一消息的第二消息。Optionally, the processing module 62 is also configured to send a second message including: sending a second message in response to the first message.

可选的，所述处理模块62还用于发送第三消息包括：向第二设备发送第三消息；Optionally, the processing module 62 is also configured to send the third message including: sending the third message to the second device;

第三消息为所述第一消息；The third message is the first message;

本公开实施例提供了一种业务处理装置60，能够实现本公开实施例提供的一种业务处理方法，且能达到相同的技术效果，为避免重复，这里不再赘述。The embodiment of the present disclosure provides a business processing device 60, which can implement a business processing method provided by the embodiment of the present disclosure, and can achieve the same technical effect. To avoid duplication, the details will not be described here.

请参考图7，本公开实施例提供了一种用户设备70，所述用户设备包括：Referring to Figure 7, an embodiment of the present disclosure provides a user equipment 70, where the user equipment includes:

发送模块71，用于发送第一消息，所述第一消息以供第三设备根据所述第一消息确定当前的处理阶段，Sending module 71, configured to send a first message for the third device to determine the current processing stage based on the first message,

处理模块72，根据所述第一消息执行第一操作。The processing module 72 performs a first operation according to the first message.

本公开实施例提供了一种用户设备70，能够实现本公开实施例提供的另一种业务处理方法，且能达到相同的技术效果，为避免重复，这里不再赘述。 The embodiment of the present disclosure provides a user equipment 70 that can implement another service processing method provided by the embodiment of the present disclosure and can achieve the same technical effect. To avoid duplication, the details will not be described here.

请参考图8，本公开实施例还提供一种网络设备80，包括处理器81，存储器82，存储在存储器82上并可在所述处理器81上运行的计算机程序，该计算机程序被处理器81执行时实现上述业务处理方法实施例的各个过程，且能达到相同的技术效果，为避免重复，这里不再赘述。Please refer to Figure 8. This embodiment of the present disclosure also provides a network device 80, which includes a processor 81, a memory 82, and a computer program stored on the memory 82 and executable on the processor 81. The computer program is processed by the processor 81. 81 realizes each process of the above business processing method embodiment when executed, and can achieve the same technical effect. To avoid duplication, it will not be described again here.

本公开实施例还提供一种计算机可读存储介质，所述计算机可读存储介质上存储计算机程序，所述计算机程序被处理器执行时实现上述业务处理方法实施例的各个过程，且能达到相同的技术效果，为避免重复，这里不再赘述。其中，所述的计算机可读存储介质，如只读存储器(Read-Only Memory，ROM)、随机存取存储器(Random Access Memory，RAM)、磁碟或者光盘等。Embodiments of the present disclosure also provide a computer-readable storage medium. A computer program is stored on the computer-readable storage medium. When the computer program is executed by a processor, each process of the above business processing method embodiment is implemented, and the same can be achieved. The technical effects will not be repeated here to avoid repetition. Among them, the computer-readable storage medium is such as read-only memory (Read-Only Memory, ROM), random access memory (Random Access Memory, RAM), magnetic disk or optical disk, etc.

需要说明的是，在本文中，术语“包括”、“包含”或者其任何其他变体意在涵盖非排他性的包含，从而使得包括一系列要素的过程、方法、物品或者装置不仅包括那些要素，而且还包括没有明确列出的其他要素，或者是还包括为这种过程、方法、物品或者装置所固有的要素。在没有更多限制的情况下，由语句“包括一个……”限定的要素，并不排除在包括该要素的过程、方法、物品或者装置中还存在另外的相同要素。It should be noted that, in this document, the terms "comprising", "comprises" or any other variations thereof are intended to cover a non-exclusive inclusion, such that a process, method, article or device that includes a series of elements not only includes those elements, It also includes other elements not expressly listed or inherent in the process, method, article or apparatus. Without further limitation, an element defined by the statement "comprises a..." does not exclude the presence of additional identical elements in a process, method, article or apparatus that includes that element.

通过以上的实施方式的描述，本领域的技术人员可以清楚地了解到上述实施例方法可借助软件加必需的通用硬件平台的方式来实现，当然也可以通过硬件，但很多情况下前者是更佳的实施方式。基于这样的理解，本公开的技术方案本质上或者说对相关技术做出贡献的部分可以以软件产品的形式体现出来，该计算机软件产品存储在一个存储介质(如ROM/RAM、磁碟、光盘)中，包括若干指令用以使得一台终端(可以是手机，计算机，服务器，空调器，或者网络设备等)执行本公开各个实施例所述的方法。Through the above description of the embodiments, those skilled in the art can clearly understand that the methods of the above embodiments can be implemented by means of software plus the necessary general hardware platform. Of course, it can also be implemented by hardware, but in many cases the former is better. implementation. Based on this understanding, the technical solution of the present disclosure can be embodied in the form of a software product in essence or that contributes to related technologies. The computer software product is stored in a storage medium (such as ROM/RAM, magnetic disk, optical disk). ), includes several instructions to cause a terminal (which can be a mobile phone, computer, server, air conditioner, or network device, etc.) to execute the methods described in various embodiments of the present disclosure.

上面结合附图对本公开的实施例进行了描述，但是本公开并不局限于上述的具体实施方式，上述的具体实施方式仅仅是示意性的，而不是限制性的，本领域的普通技术人员在本公开的启示下，在不脱离本公开宗旨和权利要求所保护的范围情况下，还可做出很多形式，均属于本公开的保护之内。 The embodiments of the present disclosure have been described above in conjunction with the accompanying drawings. However, the present disclosure is not limited to the above-mentioned specific implementations. The above-mentioned specific implementations are only illustrative and not restrictive. Those of ordinary skill in the art will Inspired by this disclosure, many forms can be made without departing from the purpose of this disclosure and the scope protected by the claims, all of which fall within the protection of this disclosure.

Claims

一种业务处理方法，包括：A business processing method including:

接收第一设备发送的第一消息；receiving the first message sent by the first device;

根据所述第一消息确定当前的处理阶段，或根据所述第一消息执行第一操作。Determine the current processing stage according to the first message, or perform a first operation according to the first message.
根据权利要求1所述的业务处理方法，其中，所述第一消息包含指示当前的处理阶段的第一信息。The business processing method according to claim 1, wherein the first message contains first information indicating the current processing stage.
根据权利要求2所述的业务处理方法，其中，所述第一消息是超文本传输协议HTTP请求消息，所述第一信息携带在所述HTTP请求消息的请求行、请求头以及消息体中的至少一处。The business processing method according to claim 2, wherein the first message is a Hypertext Transfer Protocol HTTP request message, and the first information is carried in the request line, request header and message body of the HTTP request message. At least one place.
根据权利要求2所述的业务处理方法，其中，所述根据所述第一消息确定当前的处理阶段，或根据所述第一消息执行第一操作，包括：The business processing method according to claim 2, wherein determining the current processing stage according to the first message or performing a first operation according to the first message includes:

根据第一消息中所述第一信息的取值确定当前的处理阶段，或，根据第一消息中所述第一信息的取值执行第一操作。Determine the current processing stage according to the value of the first information in the first message, or perform the first operation according to the value of the first information in the first message.
根据权利要求1所述的业务处理方法，其中，所述根据所述第一消息确定当前的处理阶段，或根据所述第一消息执行第一操作，包括：The business processing method according to claim 1, wherein determining the current processing stage according to the first message or performing a first operation according to the first message includes:

根据所述第一消息中包括第二信息或不包括第二信息，确定当前的处理阶段；Determine the current processing stage according to whether the first message includes the second information or does not include the second information;

或，根据所述第一消息中包括第二信息或不包括第二信息，执行第一操作。Or, perform the first operation according to whether the first message includes the second information or does not include the second information.
根据权利要求5所述的业务处理方法，其中，所述第一消息为HTTP请求消息，所述第二信息为HTTP请求消息的消息体。The business processing method according to claim 5, wherein the first message is an HTTP request message, and the second information is a message body of the HTTP request message.
根据权利要求5所述的业务处理方法，其中，所述第一消息为HTTP请求消息，所述第二信息为至少一个特定字段，所述至少一个特定字段位于所述HTTP请求消息的请求行、请求头以及消息体中的至少一处。The business processing method according to claim 5, wherein the first message is an HTTP request message, the second information is at least one specific field, and the at least one specific field is located in the request line of the HTTP request message. At least one of the request headers and the message body.
根据权利要求1所述的业务处理方法，其中，所述根据所述第一消息确定当前的处理阶段，包括：The business processing method according to claim 1, wherein determining the current processing stage according to the first message includes:

根据所述第一消息确定当前的通用引导架构GBA处理阶段。 The current general boot architecture GBA processing stage is determined according to the first message.
根据权利要求1所述的业务处理方法，其中，所述第一操作包括：The business processing method according to claim 1, wherein the first operation includes:

发送第二消息；Send a second message;

或发送第三消息；or send a third message;

或忽略所述第一消息不做处理。Or ignore the first message and do not process it.
根据权利要求9所述的方法，其中，所述发送第二消息包括：发送用于响应所述第一消息的第二消息。The method of claim 9, wherein sending the second message includes sending a second message in response to the first message.
根据权利要求9所述的方法，其中，所述发送第三消息包括：向第二设备发送第三消息；The method of claim 9, wherein sending the third message includes: sending the third message to the second device;

其中，所述第三消息包括以下情形中的至少一种：Wherein, the third message includes at least one of the following situations:

第三消息为所述第一消息；The third message is the first message;

第三消息包括所述第一消息的部分或全部内容；The third message includes part or all of the content of the first message;

第三消息包括所述第一消息的部分或全部内容，还包括所述第二设备对应的第三信息。The third message includes part or all of the content of the first message, and also includes third information corresponding to the second device.
一种业务处理方法，包括：A business processing method including:

发送第一消息，以供第三设备根据所述第一消息确定当前的处理阶段，或根据所述第一消息执行第一操作。Send a first message for the third device to determine the current processing stage according to the first message, or to perform a first operation according to the first message.
根据权利要求12所述的方法，其中，所述第一消息包含指示当前的处理阶段的第一信息。The method of claim 12, wherein the first message contains first information indicating a current processing stage.
根据权利要求13所述的方法，其中，所述第一消息是HTTP请求消息，所述第一信息携带在所述HTTP请求消息的请求行、请求头以及消息体中的至少一处。The method of claim 13, wherein the first message is an HTTP request message, and the first information is carried in at least one of a request line, a request header, and a message body of the HTTP request message.
根据权利要求12所述的方法，其中，所述第一消息中包括第二信息或不包括第二信息。The method of claim 12, wherein the first message includes the second information or does not include the second information.
根据权利要求15所述的方法，其中，所述第一消息为HTTP请求消息，所述第二信息为HTTP请求消息的消息体。The method according to claim 15, wherein the first message is an HTTP request message, and the second information is a message body of the HTTP request message.
根据权利要求15所述的方法，其中，所述第一消息为HTTP请求消息，所述第二信息为至少一个特定字段，所述至少一个特定字段位于所述HTTP请求消息的请求行、请求头以及消息体中的至少一处。The method according to claim 15, wherein the first message is an HTTP request message, and the second information is at least one specific field, and the at least one specific field is located in the request line and request header of the HTTP request message. and at least one place in the message body.
一种业务处理装置，包括： A business processing device, including:

接收模块，用于接收第一设备发送的第一消息；A receiving module, configured to receive the first message sent by the first device;

第一处理模块，用于根据所述第一消息确定当前的处理阶段，或根据所述第一消息执行第一操作。A first processing module, configured to determine the current processing stage according to the first message, or to perform a first operation according to the first message.
一种用户设备，包括：A user device including:

发送模块，用于发送第一消息，所述第一消息以供第三设备根据所述第一消息确定当前的处理阶段，或根据所述第一消息执行第一操作。A sending module, configured to send a first message for the third device to determine the current processing stage according to the first message, or to perform a first operation according to the first message.
一种网络设备，包括：处理器、存储器及存储在所述存储器上并可在所述处理器上运行的程序，其中，所述程序被所述处理器执行时实现如权利要求1至11、或者12至17中任一项所述的业务处理方法的步骤。A network device, including: a processor, a memory, and a program stored on the memory and executable on the processor, wherein when the program is executed by the processor, it implements claims 1 to 11, Or the steps of the business processing method described in any one of 12 to 17.
一种计算机可读存储介质，所述计算机可读存储介质上存储有计算机程序，其中，所述计算机程序被处理器执行时实现如权利要求1至11、或者12至17中任一项所述的业务处理方法的步骤。 A computer-readable storage medium having a computer program stored on the computer-readable storage medium, wherein when the computer program is executed by a processor, the computer program implements any one of claims 1 to 11 or 12 to 17 steps of business processing methods.