CN105592449A - Service identification method and system - Google Patents
Service identification method and system Download PDFInfo
- Publication number
- CN105592449A CN105592449A CN201410557898.2A CN201410557898A CN105592449A CN 105592449 A CN105592449 A CN 105592449A CN 201410557898 A CN201410557898 A CN 201410557898A CN 105592449 A CN105592449 A CN 105592449A
- Authority
- CN
- China
- Prior art keywords
- business
- address
- service
- authorization code
- applying unit
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
The embodiment of the invention discloses a service identification method and system. The method includes the following steps that: an application unit encrypts a service authorization code and a user identifier so as to generate an encrypted character string; the first service stream data packet which is sent to a service platform carries the encrypted character string, the user identifier, a destination IP address and a destination port number; a service identification system performs decryption to obtain the user identifier, and judges whether the user identifier which is obtained through decryption is consistent with the directly-carried user identifier through comparison; if the user identifier which is obtained through decryption is consistent with the directly-carried user identifier, a service type corresponding to a service stream is indentified according to the service authorization code which is obtained through decryption, and corresponding relationships among the destination IP address, the destination port number and the service type are established and are stored; and service identification of service streams can be realized through matching IP addresses and port numbers in service stream data packets with the destination IP address and the destination port number in the corresponding relationships subsequently. With the service identification method and system provided by the embodiment of the invention, accurate and effective service identification can be realized, and the configuration of a large number of service identification rules can be avoided.
Description
Technical field
The present invention relates to the communication technology, especially a kind of business recognition method and system.
Background technology
At present, the class of business that content supplier (CP) provides is abundant gradually, every business itBetween also difference to some extent of charge, cause directed flow operation (or being called: content charging) businessIncrease gradually, this just need to carry out the identification of flow or content. At present, main dependence carried out industryThe information such as IP address or URL (URL) of the business platform of business service is carried outTraffic identification.
Realizing in process of the present invention, inventor finds that existing business recognition method at least existsFollowing problem:
Because the variations such as business platform IP address, URL information are comparatively frequent, after variation, can makeOne-tenth business None-identified, causes customer complaint;
The backward flow partner of operator, such as Tengxun, 360, securities broker company etc., operatorThe network traffics that user is accessed to its content reduce or remit, pay corresponding by backward flow partnerCampus network. The a large number of services platform IP that backward flow partner provides is insincere, and operator needsA large amount of testing authentications is carried out in the IP address that will provide for it, and slow business is reached the standard grade the cycle;
The mechanism of carrying out traffic identification according to the IP address of business platform, needs business identifying systemConfigure a large amount of traffic identification rules, larger to business identifying system performance consumption.
Summary of the invention
An embodiment of the present invention technical problem to be solved is: a kind of business recognition method is providedAnd system, to realize accurate and effective traffic identification, and avoid configuring a large amount of traffic identification rule.
A kind of business recognition method that the embodiment of the present invention provides, comprising:
Applying unit in user terminal adopts the first AES and the first key that set in advance,The service authorization code obtaining from business platform in advance and the ID of this user terminal are addedClose, generate encrypted characters string; A kind of business of described service authorization code unique identification;
Applying unit carries described encrypted word in the first traffic data bag sending to business platformSymbol string, described ID, object IP address and destination slogan;
Business identifying system adopts the first AES and the first key that set in advance, adds describedClose character string is decrypted, and obtains ID, and ID and described head that deciphering is obtainedThe ID of directly carrying in individual traffic data bag compares;
If the ID of directly carrying in the ID that deciphering obtains and first traffic data bagUnanimously, described ID is by checking, and business identifying system is according to the described business of deciphering acquisitionAuthorization code is identified the type of service that described Business Stream is corresponding, and sets up object IP address, destinationCorresponding relation between slogan and type of service storage;
Object in all uplink service stream packets that business identifying system extraction applying unit sendsIn all downlink business stream packets that IP address and destination slogan and business platform sendSource IP address and source port number, and by object IP address and order in uplink service stream packetsPort numbers and described corresponding relation in mating between object IP address, destination slogan, withAnd object in source IP address in downlink business stream packets and source port number and described corresponding relationCoupling between IP address, destination slogan, realizes the traffic identification to Business Stream.
In another embodiment based on said method, also comprise:
Described applying unit, before sending Business Stream first, obtains to business platform service authorization codeRequest;
Business platform adopts the second AES and the second key that set in advance, and operator is distributedDescribed service authorization code return to described applying unit after being encrypted;
Described applying unit adopts the second AES and the second key that obtain in advance, to what encryptService authorization code is decrypted, and obtains described service authorization code.
In another embodiment based on said method, described the second AES and the second key are in advanceBe configured in described applying unit, or obtained from described business platform in advance by described applying unitGet.
In another embodiment based on said method, described ID comprises international mobile subscriber knowledgeOther code IMSI.
In another embodiment based on said method, described applying unit to business platform sendIn first traffic data bag, carrying described encrypted characters string comprises:
Described encrypted characters string is write predeterminated position or the system in user agent UA by applying unitPredeterminated position in one URLs URL;
Applying unit to business platform send first traffic data bag comprise described UA orDescribed URL.
In another embodiment based on said method, service authorization code and ID are encryptedComprise: by described service authorization code and described ID according to default sequencing sequence andThe mode that separator is set between described service authorization code and described ID arranges, and to according toDefault sequencing also arranges the character string that separator obtains and is encrypted.
A kind of business identifying system that the embodiment of the present invention provides, comprising:
Business platform, for storing the service authorization code being distributed by operator, described service authorization codeA kind of business of unique identification; And provide business service to applying unit, under sending to applying unitIndustry business stream packets, this downlink business stream packets comprises expression this business platform IP addressSource IP address and source port number with port;
Applying unit, is arranged in user terminal, for adopting the first AES setting in advanceWith the first key, to the service authorization code obtaining from business platform in advance and the user of this user terminalMark is encrypted, and generates encrypted characters string; And the first business fluxion sending to business platformAccording to carrying described encrypted characters string, described ID, object IP address and destination interface in bagNumber; And send uplink service stream packets to business platform, in this uplink service stream packets, wrapDraw together object IP address and destination slogan; Described object IP address and destination slogan represent this industryIP address and the port of business platform;
Business identifying system, for adopting the first AES and the first key that set in advance, rightDescribed encrypted characters string is decrypted, obtain ID, and by deciphering obtain ID withThe ID of directly carrying in described first traffic data bag compares; If deciphering obtainsID is consistent with the ID of directly carrying in first traffic data bag, described user's markKnow by checking, the described service authorization code obtaining according to deciphering is identified the industry that described Business Stream is correspondingBusiness type, sets up corresponding relation between object IP address, destination slogan and type of service alsoStorage; Extract applying unit send all uplink service stream packets in object IP address andSource IP ground in all downlink business stream packets that destination slogan and business platform sendLocation and source port number, and by object IP address and destination interface in uplink service stream packetsNumber and described corresponding relation between object IP address, destination slogan mate and descendingObject IP ground in source IP address in traffic data bag and source port number and described corresponding relationCoupling between location, destination slogan, realizes the traffic identification to Business Stream.
In another embodiment based on said system, described applying unit, also for sending firstBefore Business Stream, obtain request to business platform service authorization code; And adopt obtain in advance theTwo AESs and the second key, the service authorization code of the encryption that business platform is returned is separatedClose, obtain described service authorization code;
Described business platform, also for adopting the second AES and the second key that set in advance,After being encrypted, the described service authorization code that operator is distributed returns to described applying unit.
In another embodiment based on said system, described applying unit is also for storing described secondAES and the second key, or obtain described the second AES from described business platform in advanceWith the second key.
In another embodiment based on said system, described ID comprises IMSI.
In another embodiment based on said system, described applying unit, specifically by described encrypted wordSymbol string writes the predeterminated position in predeterminated position or the URL in UA, described first Business StreamPacket comprises described UA or described URL.
In another embodiment based on said system, described applying unit is to service authorization code and userMark is while being encrypted, specifically by described service authorization code with described ID according to default priorityOrder sequence also arranges the mode of separator between described service authorization code and described IDArrange, and to according to default sequencing and the character string that separator obtains is set is encrypted.
The business recognition method providing based on the above embodiment of the present invention and system, in user terminalApplying unit (APP) adopts the first AES and the first key that set in advance, in advance fromThe service authorization code that business platform obtains and the ID of this user terminal are encrypted, and generation addsClose character string, and carry this encrypted characters in the first traffic data bag sending to business platformString, ID, object IP address and destination slogan. Business identifying system deciphering obtains to be usedFamily mark and with first traffic data bag in the ID of directly carrying compare, if the twoUnanimously, ID is by checking, and the service authorization code that business identifying system obtains according to deciphering is knownVarious-service flows corresponding type of service, and sets up object IP address, destination slogan and service classCorresponding relation between type storage, it is all that follow-up business recognition system sends according to applying unitObject IP address in uplink service stream packets and destination slogan and downlink business fluxionAccording to source IP address and source port number in bag, all downlink business flow datas that business platform sendsSource IP address in bag and source port number, with object IP address, destination slogan in corresponding relationBetween coupling, realize traffic identification to Business Stream. Due to the IP without relying on business platformAddress or URL information are carried out traffic identification, compared with prior art, and without business identifying systemConfigure a large amount of traffic identification rules, strengthened traffic identification accuracy and validity, it is right to have shieldedThe dependence that business platform IP address is upgraded, and enter for the IP address of business platform without operatorThe testing authentication that row is a large amount of.
Below by drawings and Examples, technical scheme of the present invention is done further and retouched in detailState.
Brief description of the drawings
The accompanying drawing that forms a part for description has been described embodiments of the invention, and together with descriptionOne is used from explanation principle of the present invention.
With reference to accompanying drawing, according to detailed description below, can more be expressly understood the present invention, itsIn:
Fig. 1 is the flow chart of an embodiment of business recognition method of the present invention.
Fig. 2 is the flow chart of another embodiment of business recognition method of the present invention.
Fig. 3 is a format sample of UA in the embodiment of the present invention.
Fig. 4 is the flow chart of an Application Example of business recognition method of the present invention.
Fig. 5 is the structural representation of an embodiment of business identifying system of the present invention.
Detailed description of the invention
Describe various exemplary embodiment of the present invention in detail now with reference to accompanying drawing. Should noteTo: unless illustrate in addition, the parts of setting forth in these embodiments and step is relativeLayout, numeral expression formula and numerical value do not limit the scope of the invention.
, it should be understood that for convenience of description the size of the various piece shown in accompanying drawing meanwhileBe not to draw according to actual proportionate relationship.
Illustrative to the description only actually of at least one exemplary embodiment below, neverAs any restriction to the present invention and application or use.
May not do in detail for the known technology of person of ordinary skill in the relevant, method and apparatusDiscuss, but in suitable situation, described technology, method and apparatus should be regarded as one of descriptionPart.
In all examples with discussing shown here, any occurrence should be construed as merely and showExample, instead of as restriction. Therefore, other example of exemplary embodiment can have notSame value.
It should be noted that: in similar label and letter accompanying drawing below, represent similar terms, therefore,Once be defined in an a certain Xiang Yi accompanying drawing, do not need it to enter in accompanying drawing subsequentlyOne step discussion.
Fig. 1 is the flow chart of an embodiment of business recognition method of the present invention. As shown in Figure 1, shouldThe business recognition method of embodiment comprises:
110, the applying unit (APP, also referred to as application program) in user terminal adopts in advanceThe first AES and the first key that arrange, to the service authorization code obtaining from business platform in advanceBe encrypted with the ID of this user terminal, generate encrypted characters string.
A kind of business of service authorization code unique identification wherein, can represent certain oriented flow with itAmount or content, for example, represent Tencent QQ with service authorization code 1000, service authorization code1001 represent day wing video signal etc. Business identifying system recognizes after QQ business, just to its mark1000 label, passes to charge system by its service traffics, and charge system is based on this label 1000Can know that it is QQ business, thereby carry out corresponding wholesale price, charging.
120, applying unit carries encryption in the first traffic data bag sending to business platformCharacter string, ID, object IP address and destination slogan.
User terminal user of ID unique identification wherein. Applying unit is flat to businessObject IP address in the packet that platform sends and destination slogan are the IP address of business platformAnd port.
It is exactly individual character that service authorization code is encrypted to the encrypted characters string obtaining together with IDChange, can prevent that other service providers from intercepting and capturing this and serially adding after close character string, also put into own clientUA in, thereby avoid business counterfeit.
130, business identifying system adopts the first AES and the first key that set in advance, rightThe encrypted characters string carrying in first traffic data bag is decrypted, and obtains ID, and willThe ID of directly carrying in ID and first traffic data bag that deciphering obtains compares.
If the ID of directly carrying in the ID that deciphering obtains and first traffic data bagUnanimously, ID, by checking, is carried out 140 operation. Otherwise, do not carry out the present embodimentFollow-up flow process.
By relatively deciphering the use of directly carrying in the ID of acquisition and first traffic data bagWhether family mark is consistent, can reduce business counterfeit, ensures the safety of flow identification.
140, the service authorization code that business identifying system obtains according to deciphering is identified this Business Stream correspondenceType of service, set up the corresponding pass between object IP address, destination slogan and type of serviceBe and store.
150, business identifying system extracts all uplink service flow datas that subsequent applications unit sendsAll downlink business that object IP address in bag and destination slogan and business platform sendSource IP address in stream packets and source port number, by the object in uplink service stream packetsIn IP address and destination slogan and corresponding relation between object IP address, destination sloganJoin and downlink business stream packets in source IP address and source port number and corresponding relation in orderIP address, destination slogan between coupling, realize the traffic identification to whole Business Streams.
The business recognition method providing based on the above embodiment of the present invention, has realized the industry to Business StreamBusiness identification, and configure a large amount of traffic identification rules without business identifying system, strengthen business knowledgeOther accuracy and validity, shielded the dependence that business platform IP address is upgraded, and without fortuneThe business of battalion carries out a large amount of testing authentications for the IP address of business platform.
Fig. 2 is the flow chart of another embodiment of business recognition method of the present invention. With described in Fig. 1Embodiment compares, and this embodiment, before flow process embodiment illustrated in fig. 1, also comprises:
210, applying unit, before sending Business Stream first, obtains to business platform service authorization codeGet request.
220, business platform adopts the second AES and the second key that set in advance, to operationAfter being encrypted, the service authorization code that business distributes returns to applying unit.
230, applying unit adopts the second AES and the second key that obtain in advance, to businessThe service authorization code of the encryption that platform returns is decrypted, and obtains service authorization code.
The second AES wherein and the obtain manner of the second key have multiple, for example, and can be pre-First be configured in applying unit, or initiate Business Stream before in advance from business platform by applying unitObtain.
As a concrete example of said method embodiment of the present invention, ID wherein canInternational mobile subscriber identity (IMSI).
As another concrete example of said method embodiment of the present invention, applying unit is to businessIn the first traffic data bag that platform sends, carry encrypted characters string, specifically can pass through as belowFormula realizes:
Applying unit by encrypted characters string write user agent in HTTP request (UserAgent,UA) predeterminated position in the predeterminated position in or URL (URL);
Applying unit to business platform send first traffic data bag comprise above-mentioned UA orURL。
As another concrete example of said method embodiment of the present invention, in the various embodiments described aboveIn operation 110, when applying unit is encrypted service authorization code and ID, specifically canBy service authorization code and ID according to default sequencing sequence and in service authorization code and useThe mode that separator is set between family mark arranges, and to according to default sequencing and separation is setThe character string that symbol obtains is encrypted. Separator wherein can be for example default branch or itsIts punctuation mark, as long as can cut apart service authorization code and ID, traffic identification systemSystem can therefrom identify service authorization code and ID.
As shown in Figure 3, for a format sample of UA in the embodiment of the present invention, in this UA, writeEnter by service authorization code and IMSI and encrypted the encrypted characters string obtaining.
Fig. 4 is the flow chart of an Application Example of business recognition method of the present invention. This application is implementedExample, to carry encrypted characters string by UA as example, is carried out exemplary illustration to application of the present invention.As shown in Figure 3, this Application Example comprises:
310, the applying unit in user terminal is before initiation Business Stream connects, to business platform industryBusiness authorization code obtains request.
320, the up-to-date service authorization code that business platform inquiry operator distributes, and adopt in advanceThe second AES and the second key that arrange, return to application after this service authorization code is encryptedUnit. A kind of business of service authorization code unique identification wherein.
330, applying unit adopts the second AES and the second key, and business platform is returnedThe service authorization code of encrypting is decrypted, and obtains service authorization code.
This second AES and the second key can write in applying unit in advance, or, also canTo be obtained from business platform in advance by applying unit.
340, applying unit obtains user's IMSI from the subscriber identification card of user terminal,Service authorization code and IMSI are bound, that is: according to default sequencing sequence and in industryBetween business authorization code and ID, separator is set, obtains a character string, employing sets in advanceThe first AES and the first key, this character string is encrypted, generate encrypted characters string,And this close character string is write in UserAgent.
Service authorization code and IMSI are bound to encrypt the encrypted characters string obtaining be exactly personalization, can prevent that other service providers from intercepting and capturing this and serially adding after close character string, also put into own clientIn UA, thereby avoid business counterfeit.
350, applying unit carries User in the first traffic data bag sending to business platformAgent information, IMSI, object IP address and destination slogan.
Wherein object IP address and destination slogan are IP address and the port of business platform.
360, business identifying system adopts the first AES and the first key, to first Business StreamThe encrypted characters string that in packet, UserAgent carries is decrypted, and obtains IMSI, and relativelyWhether the IMSI that deciphering obtains is consistent with the IMSI directly carrying in first traffic data bag.
If the two is consistent, IMSI, by checking, carries out 370 operation. Otherwise, do not carry out thisThe follow-up flow process of embodiment.
370, the service authorization code that business identifying system obtains according to deciphering is identified this Business Stream correspondenceType of service, set up object IP address in first traffic data bag, destination slogan with shouldCorresponding relation between type of service storage, and forward this traffic data bag to business platform.
380, business identifying system is follow-up receives industry round between applying unit and business platformAfter business stream, according to the object IP address in corresponding relation and destination slogan, to these Business StreamsCarry out association, then by object IP address and destination slogan corresponding business in corresponding relationType, realizes associated between Business Stream and type of service, thus the business that identification user uses,And forwarding service flows between applying unit and business platform.
That is: applying unit is sent to the Business Stream of business platform be called uplink service stream, whereinObject IP address and destination slogan are IP address and the port numbers of business platform; Business is flatPlatform sends to the Business Stream of applying unit to be called downstream service flow, source IP address wherein and sourceSlogan is IP address and the port numbers of business platform. Business identifying system is follow-up receive upAfter traffic data bag, divide object IP address wherein and destination slogan and traffic identification systemObject IP address and destination slogan in system in corresponding relation mate, object IP address andThe corresponding identical Business Stream of destination slogan belongs to the Business Stream of same business, thus the business of realizationAssociation between stream, then from business identifying system, in corresponding relation, this object IP is obtained in inquiryAddress and traffic type information corresponding to destination slogan, this type of service is these uplink servicesFlow corresponding business, thereby realize the traffic identification to uplink service stream. Business identifying system is follow-upReceive after downlink business stream packets, divide source IP address wherein and source port number and businessObject IP address and destination slogan in recognition system in corresponding relation mate, IP addressBelong to the Business Stream of same business with the corresponding identical Business Stream of port numbers, thereby realize Business StreamBetween association, then from business identifying system, in corresponding relation, this object IP ground is obtained in inquiryLocation and traffic type information corresponding to destination slogan, this type of service is these lower uplink servicesFlow corresponding business, thereby realize the traffic identification to downstream service flow, and then realized allThe traffic identification of Business Stream.
Further, in business identifying system, can also dispose service authorization code and corresponding meter thereofTake mode information, business identifying system identifies after the Business Stream of business, can be based on its correspondenceCharging way information realization is to the permitting a leave of business, charging.
Fig. 5 is the structural representation of an embodiment of business identifying system of the present invention. This embodiment'sBusiness identifying system can be used in the present invention the flow process of above-mentioned each business recognition method embodiment. AsShown in Fig. 5, the business identifying system of this embodiment comprises business platform, applying unit and business knowledgeOther system. Wherein:
Business platform, for storing the service authorization code being distributed by operator, this service authorization code onlyA kind of business of one mark; And provide business service to applying unit, send descending to applying unitTraffic data bag, this downlink business stream packets comprise represent this business platform IP address andThe source IP address of port and source port number.
Applying unit, is arranged in user terminal, for adopting the first AES setting in advanceWith the first key, to the service authorization code obtaining from business platform in advance and the user of this user terminalMark (for example IMSI) is encrypted, and generates encrypted characters string; The head sending to business platformIn individual traffic data bag, carry encrypted characters string, ID, object IP address and destinationSlogan; And send uplink service stream packets to business platform, in this uplink service stream packetsComprise object IP address and destination slogan; Object IP address and destination slogan represent this businessIP address and the port of platform.
Business identifying system, for adopting the first AES and the first key that set in advance, rightEncrypted characters string is decrypted, and obtains ID, and the ID that deciphering is obtained and firstThe ID of directly carrying in traffic data bag compares; If the ID that deciphering obtainsConsistent with the ID of directly carrying in first traffic data bag, ID is passed through checking,The service authorization code identification services obtaining according to deciphering flows corresponding type of service, sets up object IPCorresponding relation between address, destination slogan and type of service storage; Extraction applying unit is sent outObject IP address and destination slogan and business in all uplink service stream packets of sendingSource IP address and source port number in all downlink business stream packets that platform sends, and pass throughObject IP in object IP address in uplink service stream packets and destination slogan and corresponding relationSource IP address in coupling and downlink business stream packets between address, destination sloganAnd mating between object IP address, destination slogan in source port number and corresponding relation, realizeTo the traffic identification of Business Stream.
In another embodiment of business identifying system of the present invention, applying unit, also at headBefore inferior transmission Business Stream, obtain request to business platform service authorization code; And employing obtains in advanceThe second AES of getting and the second key, the service authorization code of the encryption that business platform is returned entersRow deciphering, obtains service authorization code. Correspondingly, business platform, also sets in advance for adoptingThe second AES and the second key, return after the service authorization code that operator is distributed is encryptedApplying unit.
In another embodiment of business identifying system of the present invention, applying unit is also for storingTwo AESs and the second key, or obtain the second AES and second from business platform in advanceKey.
Said system embodiment concrete example according to the present invention and unrestricted, applying unit toolBody can write encrypted characters string the predeterminated position in predeterminated position or the URL in UA,Comprise this UA or URL at first traffic data bag.
Said system embodiment concrete example according to the present invention and unrestricted, applying unit pairWhen service authorization code and ID are encrypted, specifically can be by service authorization code and IDAccording to default sequencing sequence and separator is set between service authorization code and IDMode arranges, and to according to default sequencing and the character string that separator obtains is set addsClose.
One of ordinary skill in the art will appreciate that: realize all or part of of said method embodimentStep can complete by the relevant hardware of programmed instruction, and aforesaid program can be stored in oneIn calculation machine read/write memory medium, this program, in the time carrying out, is carried out and is comprised said method embodiment'sStep; And aforesaid storage medium comprises: ROM, RAM, magnetic disc or CD etc. are various canWith program code stored medium.
In this description, each embodiment all adopts the mode of going forward one by one to describe, and each embodiment emphasis is saidBright is all and the difference of other embodiment, same or analogous part between each embodimentCross-references. For system embodiment, because it is substantially corresponding with embodiment of the method,So that describes is fairly simple, relevant part is referring to the part explanation of embodiment of the method.
May realize in many ways method of the present invention, system. For example, can pass through software,Any combination of hardware, firmware or software, hardware, firmware realizes method of the present invention and isSystem. The said sequence that is used for the step of described method is only in order to describe, method of the present inventionStep be not limited to above specifically described order, unless otherwise special instruction. In addition,In certain embodiments, can be also the program being recorded in recording medium by the invention process, theseProgram comprises the machine readable instructions for realizing the method according to this invention. Thereby the present invention alsoCover the recording medium that storage is used for the program of carrying out the method according to this invention.
Description of the invention provides for example with for the purpose of describing, and is not exhaustivelyOr limit the invention to disclosed form. Many modifications and variations are for the common skill of this areaArt personnel are obvious. Selecting and describing embodiment is for better explanation principle of the present inventionAnd practical application, thereby and to make those of ordinary skill in the art can understand the present invention design suitableIn the various embodiment with various amendments of special-purpose.
Claims (12)
1. a business recognition method, is characterized in that, comprising:
Applying unit in user terminal adopts the first AES and the first key that set in advance,The service authorization code obtaining from business platform in advance and the ID of this user terminal are addedClose, generate encrypted characters string; A kind of business of described service authorization code unique identification;
Applying unit carries described encrypted word in the first traffic data bag sending to business platformSymbol string, described ID, object IP address and destination slogan;
Business identifying system adopts the first AES and the first key that set in advance, adds describedClose character string is decrypted, and obtains ID, and ID and described head that deciphering is obtainedThe ID of directly carrying in individual traffic data bag compares;
If the ID of directly carrying in the ID that deciphering obtains and first traffic data bagUnanimously, described ID is by checking, and business identifying system is according to the described business of deciphering acquisitionAuthorization code is identified the type of service that described Business Stream is corresponding, and sets up object IP address, destinationCorresponding relation between slogan and type of service storage;
Object in all uplink service stream packets that business identifying system extraction applying unit sendsIn all downlink business stream packets that IP address and destination slogan and business platform sendSource IP address and source port number, and by object IP address and order in uplink service stream packetsPort numbers and described corresponding relation in mating between object IP address, destination slogan, withAnd object in source IP address in downlink business stream packets and source port number and described corresponding relationCoupling between IP address, destination slogan, realizes the traffic identification to Business Stream.
2. method according to claim 1, is characterized in that, also comprises:
Described applying unit, before sending Business Stream first, obtains to business platform service authorization codeRequest;
Business platform adopts the second AES and the second key that set in advance, and operator is distributedDescribed service authorization code return to described applying unit after being encrypted;
Described applying unit adopts the second AES and the second key that obtain in advance, to what encryptService authorization code is decrypted, and obtains described service authorization code.
3. method according to claim 2, is characterized in that, described the second AESBe pre-configured in described applying unit with the second key, or by described applying unit in advance from instituteStating business platform obtains.
4. according to the method described in claims 1 to 3 any one, it is characterized in that, described inID comprises international mobile subscriber identity IMSI.
5. method according to claim 4, is characterized in that, described applying unit toIn the first traffic data bag that business platform sends, carrying described encrypted characters string comprises:
Described encrypted characters string is write predeterminated position or the system in user agent UA by applying unitPredeterminated position in one URLs URL;
Applying unit to business platform send first traffic data bag comprise described UA orDescribed URL.
6. method according to claim 4, is characterized in that, to service authorization code and useFamily mark is encrypted and comprises: by described service authorization code with described ID according to default priorityOrder sequence also arranges the mode of separator between described service authorization code and described IDArrange, and to according to default sequencing and the character string that separator obtains is set is encrypted.
7. a business identifying system, is characterized in that, comprising:
Business platform, for storing the service authorization code being distributed by operator, described service authorization codeA kind of business of unique identification; And provide business service to applying unit, under sending to applying unitIndustry business stream packets, this downlink business stream packets comprises expression this business platform IP addressSource IP address and source port number with port;
Applying unit, is arranged in user terminal, for adopting the first AES setting in advanceWith the first key, to the service authorization code obtaining from business platform in advance and the user of this user terminalMark is encrypted, and generates encrypted characters string; And the first business fluxion sending to business platformAccording to carrying described encrypted characters string, described ID, object IP address and destination interface in bagNumber; And send uplink service stream packets to business platform, in this uplink service stream packets, wrapDraw together object IP address and destination slogan; Described object IP address and destination slogan represent this industryIP address and the port of business platform;
Business identifying system, for adopting the first AES and the first key that set in advance, rightDescribed encrypted characters string is decrypted, obtain ID, and by deciphering obtain ID withThe ID of directly carrying in described first traffic data bag compares; If deciphering obtainsID is consistent with the ID of directly carrying in first traffic data bag, described user's markKnow by checking, the described service authorization code obtaining according to deciphering is identified the industry that described Business Stream is correspondingBusiness type, sets up corresponding relation between object IP address, destination slogan and type of service alsoStorage; Extract applying unit send all uplink service stream packets in object IP address andSource IP ground in all downlink business stream packets that destination slogan and business platform sendLocation and source port number, and by object IP address and destination interface in uplink service stream packetsNumber and described corresponding relation between object IP address, destination slogan mate and descendingObject IP ground in source IP address in traffic data bag and source port number and described corresponding relationCoupling between location, destination slogan, realizes the traffic identification to Business Stream.
8. system according to claim 7, is characterized in that, described applying unit, alsoFor before sending Business Stream first, obtain request to business platform service authorization code; And adoptBy the second AES obtaining in advance and the second key, the business of the encryption that business platform is returnedAuthorization code is decrypted, and obtains described service authorization code;
Described business platform, also for adopting the second AES and the second key that set in advance,After being encrypted, the described service authorization code that operator is distributed returns to described applying unit.
9. system according to claim 8, is characterized in that, described applying unit is also usedIn described the second AES of storage and the second key, or obtain institute from described business platform in advanceState the second AES and the second key.
10. according to the system described in claim 7 to 9 any one, it is characterized in that, described inID comprises IMSI.
11. systems according to claim 10, is characterized in that, described applying unit,Specifically described encrypted characters string is write to the default position in predeterminated position or the URL in UAPut, described first traffic data bag comprises described UA or described URL.
12. systems according to claim 10, is characterized in that, described applying unit pairWhen service authorization code and ID are encrypted, specifically by described service authorization code and described userMark is according to default sequencing sequence and between described service authorization code and described IDThe mode that separator is set arranges, and to according to default sequencing and the word that separator obtains is setSymbol string is encrypted.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201410557898.2A CN105592449B (en) | 2014-10-20 | 2014-10-20 | Business recognition method and system |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201410557898.2A CN105592449B (en) | 2014-10-20 | 2014-10-20 | Business recognition method and system |
Publications (2)
Publication Number | Publication Date |
---|---|
CN105592449A true CN105592449A (en) | 2016-05-18 |
CN105592449B CN105592449B (en) | 2018-10-09 |
Family
ID=55931587
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201410557898.2A Active CN105592449B (en) | 2014-10-20 | 2014-10-20 | Business recognition method and system |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN105592449B (en) |
Cited By (10)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107707508A (en) * | 2016-08-09 | 2018-02-16 | 中兴通讯股份有限公司 | Applied business recognition methods and device |
CN107786348A (en) * | 2016-08-29 | 2018-03-09 | 中国电信股份有限公司 | Realize the method and system and PCRF of OTT business |
CN107787003A (en) * | 2016-08-24 | 2018-03-09 | 中兴通讯股份有限公司 | A kind of method and apparatus of flow detection |
CN109644428A (en) * | 2016-08-31 | 2019-04-16 | 华为技术有限公司 | A kind of transmission method of small data, relevant device and system |
CN110741613A (en) * | 2017-10-16 | 2020-01-31 | Oppo广东移动通信有限公司 | encrypted data stream identification method, device, storage medium and system |
CN110875902A (en) * | 2018-08-31 | 2020-03-10 | 阿里巴巴集团控股有限公司 | Communication method, device and system |
CN111147447A (en) * | 2019-12-03 | 2020-05-12 | 苏宁云计算有限公司 | Data protection method and system |
CN112261176A (en) * | 2020-12-24 | 2021-01-22 | 金锐同创(北京)科技股份有限公司 | Method for acquiring actual network access relationship and related equipment |
CN112291370A (en) * | 2020-12-28 | 2021-01-29 | 金锐同创(北京)科技股份有限公司 | Method for processing service access relation and related equipment |
WO2024119923A1 (en) * | 2022-12-05 | 2024-06-13 | 华为技术有限公司 | Application identification method and related device |
Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101808286A (en) * | 2010-03-16 | 2010-08-18 | 西安西电捷通无线网络通信股份有限公司 | Multicast key agreement method and system for clustered system |
US20120058779A1 (en) * | 2009-05-21 | 2012-03-08 | Zte Corporation | Method and system for implementing location service |
-
2014
- 2014-10-20 CN CN201410557898.2A patent/CN105592449B/en active Active
Patent Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20120058779A1 (en) * | 2009-05-21 | 2012-03-08 | Zte Corporation | Method and system for implementing location service |
CN101808286A (en) * | 2010-03-16 | 2010-08-18 | 西安西电捷通无线网络通信股份有限公司 | Multicast key agreement method and system for clustered system |
Non-Patent Citations (1)
Title |
---|
朱立君: "DPI技术应用在城域网的几点探讨", 《数据通信》 * |
Cited By (15)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107707508A (en) * | 2016-08-09 | 2018-02-16 | 中兴通讯股份有限公司 | Applied business recognition methods and device |
CN107787003A (en) * | 2016-08-24 | 2018-03-09 | 中兴通讯股份有限公司 | A kind of method and apparatus of flow detection |
CN107786348A (en) * | 2016-08-29 | 2018-03-09 | 中国电信股份有限公司 | Realize the method and system and PCRF of OTT business |
CN107786348B (en) * | 2016-08-29 | 2021-09-17 | 中国电信股份有限公司 | Method and system for realizing OTT service and PCRF |
US10925031B2 (en) | 2016-08-31 | 2021-02-16 | Huawei Technologies Co., Ltd. | Small data transmission method and related device and system |
CN109644428A (en) * | 2016-08-31 | 2019-04-16 | 华为技术有限公司 | A kind of transmission method of small data, relevant device and system |
CN110741613A (en) * | 2017-10-16 | 2020-01-31 | Oppo广东移动通信有限公司 | encrypted data stream identification method, device, storage medium and system |
CN110741613B (en) * | 2017-10-16 | 2021-01-12 | Oppo广东移动通信有限公司 | Method, device, storage medium and system for identifying encrypted data stream |
US11418951B2 (en) | 2017-10-16 | 2022-08-16 | Guangdong Oppo Mobile Telecommunications Corp., Ltd. | Method for identifying encrypted data stream, device, storage medium and system |
CN110875902A (en) * | 2018-08-31 | 2020-03-10 | 阿里巴巴集团控股有限公司 | Communication method, device and system |
CN111147447A (en) * | 2019-12-03 | 2020-05-12 | 苏宁云计算有限公司 | Data protection method and system |
CN112261176A (en) * | 2020-12-24 | 2021-01-22 | 金锐同创(北京)科技股份有限公司 | Method for acquiring actual network access relationship and related equipment |
CN112291370B (en) * | 2020-12-28 | 2021-03-23 | 金锐同创(北京)科技股份有限公司 | Method for processing service access relation and related equipment |
CN112291370A (en) * | 2020-12-28 | 2021-01-29 | 金锐同创(北京)科技股份有限公司 | Method for processing service access relation and related equipment |
WO2024119923A1 (en) * | 2022-12-05 | 2024-06-13 | 华为技术有限公司 | Application identification method and related device |
Also Published As
Publication number | Publication date |
---|---|
CN105592449B (en) | 2018-10-09 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN105592449A (en) | Service identification method and system | |
KR102477453B1 (en) | Transaction messaging | |
KR102553831B1 (en) | Back-end architectural method and system for aggregate payment, computer device and storage medium | |
CN105939239B (en) | Data transmission method and device of virtual network card | |
KR20180053302A (en) | Method and apparatus for facilitating electronic payments using wearable devices | |
CN104602238A (en) | Wireless network connecting method, device and system | |
CN105678365A (en) | Two-dimensional code e-ticket generation method and system, two-dimensional code e-ticket verification method and verification terminal | |
US20190207919A1 (en) | Digital credential with embedded authentication instructions | |
CN102866960A (en) | Method for realizing encryption in storage card, decrypting method and device | |
CN103745164A (en) | File secure storage method and system thereof based on environmental identification | |
CN109889469A (en) | Short-message verification method, apparatus, storage medium, short-message verification system and terminal | |
CN105376059A (en) | Method and system for performing application signature based on electronic key | |
CN116662941B (en) | Information encryption method, device, computer equipment and storage medium | |
CN108055585A (en) | Data processing method, set top box upgrading method, terminal and set-top box | |
WO2014197071A1 (en) | Secured embedded data encryption systems | |
US20160005036A1 (en) | Hce token secure delivery without data connectivity | |
CN114338527B (en) | IPv6 active identifier processing method and system | |
CN108234126B (en) | System and method for remote account opening | |
CN113179229A (en) | Verification method, verification device, storage medium and electronic equipment | |
CN104598782A (en) | Data packaging and analysis method and device | |
CN103650457A (en) | Detection method, device and terminal device of share access | |
CN113922972B (en) | Data forwarding method and device based on MD5 identification code | |
CN104836598B (en) | Method for processing business, apparatus and system based on near-field communication | |
CN103905624A (en) | Digital signature generation method and mobile phone terminal | |
CN104036773A (en) | Method and system for playing recorded text content through anti-counterfeiting identification device |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |