CN100349495C - Adaptive hierarchical discrimination algorithm in LCS system - Google Patents
Adaptive hierarchical discrimination algorithm in LCS system Download PDFInfo
- Publication number
- CN100349495C CN100349495C CNB2005100184580A CN200510018458A CN100349495C CN 100349495 C CN100349495 C CN 100349495C CN B2005100184580 A CNB2005100184580 A CN B2005100184580A CN 200510018458 A CN200510018458 A CN 200510018458A CN 100349495 C CN100349495 C CN 100349495C
- Authority
- CN
- China
- Prior art keywords
- authentication
- client
- targeted customer
- present
- user
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Images
Landscapes
- Mobile Radio Communication Systems (AREA)
Abstract
The present invention relates to an adaptive graded authentication algorithm in an LCS system, and is mainly used for gateway apparatuses (GMLC) at the mobile position center. The present invention is based on classification and adaptive ideas. The present invention firstly carries out graded authentication to a client terminal after the GMLC receives positioning request sent by the external LCS client terminal. The present invention carries out further authentication to initiators and the request frequency of the client terminal according to the category of service and the client terminal after regular client terminal authentication is successful. The present invention carries out target client authentication after client terminal authentication is successful. The present invention switches to a relevant state according to authentication results after each client authentication is finished in the process of multiple target client authentication, and carries out next target client authentication until the present invention completes the positioning request authentication of all target client authentication. The present invention stratifies the process of positioning authentication, simplifies processing procedure, enhances the efficiency of system authentication, greatly ensures the security of the position information of mobile clients, and enhances system performance and security.
Description
Technical field
What the present invention relates to is a kind of authentication arithmetic that is applied to GMLC (GMLC) equipment in the business of third generation shift position, adaptive hierarchical discrimination algorithm in a kind of specifically LCS (location-based service) system.
Background technology
The LCS system provides location service to insert and management function to outside LCS client, be responsible for the mobile subscriber is transmitted to the SGSN/MSC (VMSC) of target mobile user current service by the Location Request of outside LCS client, after the positional information that obtains network calculations, the result returned to outside LCS client.
In order to satisfy mobile subscriber's fail safe and private requirement, guarantee that positional information of mobile subscriber neither can be lost, destroy, can do not used by other undelegated third parties yet, the LCS system receives after the position requests of outside LCS client, before handling Location Request, need verify to authority and the identity of initiating requesting client earlier that after checking was passed through, the secret attribute that the targeted customer determines in the time of can contracting with oneself according to type of service carried out the authority restriction to Location Request.
At present general LCS system carries out client authentication and targeted customer's authentication side by side, and different types of service adopts identical authentication process with client type, the authentication principle that then adopts username and password to be complementary for the client authentication.This method for authenticating is fairly simple, be easy to realize, but the LCS system can distribute an independently memory block (user's context) for each targeted customer in common system flow, preserve targeted customer's subscription data and the information that the localization process requirements of process is deposited.This client and targeted customer be the method for authentication simultaneously, if after authentication, set up user's context, need in the authentication process so request message is decomposed checking, client and targeted customer be after all authentication is passed through, and Location Request handled carry out a solicited message in the process of setting up user's context again and decompose to obtain solicited message and targeted customer's information; If just set up context in beginning, so under the situation of client failed authentication, recovery system resource (user's context) again in the time of the refusal client, can make like this occur on the system handles redundant, cause systematic function to descend and the wasting of resources, especially to the multiple target user positioning request.In addition, this authentication arithmetic lacks adaptive ability in the positioning service of multiple client type and type of service.At last, user cipher is easy to be stolen in the authentication principle of user's name and password coupling, can cause customer position information by illegal leakage and use, has reduced the fail safe of system.
Summary of the invention
The technical problem to be solved in the present invention is: adaptive hierarchical discrimination algorithm in a kind of LCS system is provided, method is adaptive to client type, type of service, request target number of users, targeted customer's CAMEL-Subscription-Information and privacy on the basis of multilayer classifying.
The technical scheme that the present invention solves the problems of the technologies described above is: adaptive hierarchical method for authenticating in a kind of LCS system is characterized in that the authentication in the one-time positioning request is divided into two-stage: client authentication and targeted customer's authentication; In targeted customer's authentication, be further divided into user signing contract information and private two-stage authentication again;
After the LCS system receives Location Request, at first carry out the client authentication; As the client failed authentication, system directly sends refuse information, end process to client; Pass through as the client authentication, then set up context, carry out targeted customer's authentication for each client;
Client method for authenticating: at different client types, comprise value-added service type client and other types client, carry out different processing; For value-added service type client, after having passed through general client authentication, more further to request frequency and promoter's authentication; For the other types client, then only need carry out general client authentication, promptly consistency, three parts of location authority of the access rights in the client essential information, user name and password are carried out authentication;
Targeted customer's method for authenticating: in targeted customer's authentication process, processing respectively is set at different user signing contract informations and privacy; If the targeted customer does not enable authorization function, be defaulted as the targeted customer to all consumer positioning mandates; If the targeted customer enables authorization function, the authority of consumer positioning is set according to grant column list; At the consumer positioning of having authorized,, then be defaulted as the user to all consumer positioning mandates if the targeted customer does not enable blocking function; If the targeted customer enables blocking function, then refuse the authority of part consumer positioning according to block list;
Multiple target user anthority identifying method:, the targeted customer is carried out authentication one by one successively for the multiple target subscription authentication; After each subscription authentication is finished, change corresponding state over to according to authenticating result, carry out next targeted customer's authentication, finish up to all targeted customer's authentications, the Location Request authentication finishes.
Principle of the present invention:
The present invention carries out outside LCS client authentication and the classification of targeted customer's authentication, earlier client is carried out authentication, and authentication comprises access rights, state and the CAMEL-Subscription-Information of client.The client authentication can be adaptive to multiple client type and multiple business type, in the value-added service authentication also with the part of flow control as the client authentication.If client failed authentication, GMLC directly replys refusal information to client, do not need to position processing, if client authentication success, system is to Location Request distributing user context, the targeted customer is carried out authentication, and CAMEL-Subscription-Information and privacy that authentication process is adaptive to the targeted customer are provided with.Respectively each targeted customer is carried out authentication for this algorithm of multiple target user in conjunction with context, user profile is filled up to the context of targeted customer's correspondence, the user of failed authentication stamps failure flags and changes corresponding status of fail in context, the user of authentication success changes armed statees such as corresponding over to, positions processing.So just realized the safety of Location Request and authentication efficiently.
Description of drawings
Fig. 1 is the navigation system structure chart of the embodiment of the invention.
Fig. 2 is the adaptive hierarchical discrimination algorithm structure chart of the embodiment of the invention
Fig. 3 is the client authorizing procedure figure of the embodiment of the invention.
Fig. 4 is targeted customer's authorizing procedure figure of the embodiment of the invention.
Embodiment
Below in conjunction with accompanying drawing adaptive hierarchical discrimination algorithm of the present invention is elaborated.
Fig. 1 is the navigation system structure chart that the present invention relates to.System is made up of outside LCS client (External LCS Client) 101, mobile location centre Chinese gateway (GMLC) 102, attaching position register (HLR) 103, GPRS serving GPRS support node (SGSN) 104, mobile switching centre (MSC) 105, Le interface 106, Lh interface 107, Lg interface 108.
Send Location Request by Le interface 106 to mobile location centre Chinese gateway 102 corresponding to outside LCS client 101, what Le interface 106 carried is the mlp agreement; 102 pairs of location request message that receive of mobile location centre Chinese gateway are decomposed, at first obtain client-side information and check that whether client is the legal contracted user of this mobile location centre Chinese gateway 102, if not just refusing Location Request, otherwise just obtain corresponding subscription data and carry out authentication from mobile location centre Chinese gateway 102 databases, the client authentication by after obtain targeted customer's information, the targeted customer distributes corresponding context respectively according to being positioned, authority and privacy checking to each targeted customer, fill in context, after authentication is general, GMLC102 obtains targeted customer's routing iinformation to attaching position register 103 by Lh interface 107,107 carryings of Lh interface be the map agreement; Send Location Request by Lg interface 108 to the SGSN104/MSC of correspondence (VMSC) 105 according to routing iinformation, what Lg interface 108 carried also is the map agreement.
Outside LCS client 101 has four kinds of types of service among the present invention: value-added service type, urgency traffic type, Operator Specific Service type and legal monitoring business type.
Fig. 2 is the adaptive hierarchical discrimination algorithm structure chart.Whole Location Request authentication process 200 is mainly undertaken by client authentication 201 and 202 two processes of targeted customer's authentication classification successively, also be to adopt classification mechanism in client authentication 201 and targeted customer's authentication 202, the client authentication comprise general client-side information authentication with according to different client types and positioning service self adaptation authentication 210 two-stages.General client authentication comprises the checking to client access authority 203, client user's title and password 204 and client location authority 205 several aspects, when client type is the non-value-added service type of urgency traffic, Operator Specific Service and legal monitoring business three classes, client is only carried out general client authentication, has just finished the authentication process of non-value-added service type client after the consistency 204 of the access rights 203 in having satisfied general client authentication, client user's title and password and the checking of client location authority 205.And work as client is the value-added service type, will proceed self adaptation authentication 210, adopt different authentication principles according to type of service, comprise request frequency control 206 and promoter's authentication 207 two-stages, promoter's authentication 207 utilizes authorization list and the blocked list in the GMLC102 subscribed database to carry out the checking 208 of promoter's grant column list and promoter's block list checking 209.Any one failed authentication then stops current authentication process and returns refusal information to client and do not continue downward operation in the superincumbent authentication process.
After the success of client authentication, system distributes context for the targeted customer, carry out targeted customer's authentication, it comprises: whether checking call/session correlation number legitimacy 211 (if it is relevant to have call/session in the request), adaptive checking targeted customer signatory positioning service (212) and targeted customer's privacy check 215 (mainly being to check the white box tabulation 213 of contracted user and check that contracted user's black box tabulates 214 in the GMLC102 subscribed database).In targeted customer's authentication process if the single goal user positioning request then changes corresponding state over to, if failed authentication sends to external client 101 with refuse information, if authentication successfully can position processing, if the multiple target user positioning request changes state in the current goal user's context over to corresponding state so, proceed next targeted customer's authentication, finishing up to all targeted customer's authentications positions processing then.
Fig. 3 is the client authentication arithmetic flow chart that relates among the present invention.
Just as discussed above, when receiving outside LCS client 101 Location Requests, mobile location centre Chinese gateway 102 just at first carries out the client authentication process.Flow process starts from 301, step 302, resolve Location Request message IE, check whether have the log-on message (generally comprising client id and password) of initiating the Location Request client in the message, obtain client-side information.The client id that utilization is obtained in 302 steps, step 303 check whether client is the registered user of this mobile location centre Chinese, if step 304 is obtained the subscription data of this client in local GMLC database.Subscription data has coordinate system and the position shape of corresponding ID, password, type of service, request type, priority, state, effective time, trigger event, the support of client, some data, promoter grant column list and the block list etc. relevant with request frequency.Step 305 compares the password that lands in password and the CAMEL-Subscription-Information that carries in the Location Request, if the inconsistent authentication so of password finishes 318, if password unanimity, algorithm think that the outside LCS client of initiating Location Request has the authority of the current GMLC of visit.The location authority of checking client in step 306 and 307, outside LCS client has 3 signatory states in GMLC: the one, and contracted and still do not opened positioning service, the 2nd, signatory and opened positioning service, the 3rd, signatory but positioning service surpasses the term of validity.Step 306 is checked the state of client, only allows to be in client signatory and unlatching scope of business state and positions, and step 307 compares the validity of checking client request with current system time and effective time.Just finished the generic authentication process of client this moment.Step 308 is obtained the signatory type of service of client, and step 309 is checked, if client is non-value-added service type, has just finished the authentication of client so this moment.If the value-added service client, step 310 is according to the signature data verification request frequency, and step 311 checks whether the promoter of Location Request is the cellphone subscriber, if not then finishing the client authentication, otherwise begins the authentication to the promoter.
The at first grant column list setting in the adaptive inspection client subscription data in step 312 of promoter's authentication, if client is not provided with grant column list or the grant column list function is not enabled, algorithm is thought client to all promoters' mandates, otherwise step 315 is checked client authorization user list record.If the promoter does not pass through to authorize in step 315, enter step 317 failed authentication, if the promoter passes through authentication in step 315, continuing the adaptive inspection client of step 314 block list is provided with, if block list is not set same client or the block list function is not enabled, algorithm thinks that client do not block all promoters.Enabling under the situation of blocking function, step 315 checks whether the promoter is blocked by client, if client allows, authentication completes successfully the client authentication, if client refusal promoter initiates the location, algorithm just enters step 317 failed authentication, and GMLC sends refuse information to client, finishes whole positioning flow.
Fig. 4 is the targeted customer's authorizing procedure figure that relates among the present invention.
In the algorithm only after client authentication success, system begins to distribute context for each targeted customer, and the information in the localization message is filled up to (step 401) in the context, carry out targeted customer's authentication then, step 402 and step 403 sign in based on context determines that whether the location is to call out relevant or session relevant, calls out the number APN relevant with session that is correlated with if then verify respectively according to the database of system's correspondence.After checking was passed through, step 406 was obtained targeted customer's subscription data at local data base, and subscription data comprises that targeted customer's sign, service condition and privacy are provided with etc.Service condition is divided into the signatory positioning service and two kinds of the positioning services of contracting, step 407, allow signatory targeted customer to pass through authentication, step 408, check that user's privacy is provided with, if privacy is masked as " refusal ", step 409 is further checked client POI value, have only the POI value when client just to allow to position for " ignoring (OVERRIDE) ", the targeted customer who is masked as " not refusing " for privacy does not need to check client POI value.Step 410 is obtained targeted customer's white box tabulation configuration information, adopt the self adaptation principle: if white box listing function is not enabled, this algorithm thinks that the targeted customer allows anyone that oneself own positioned, otherwise, step 411 checks that consumer positioning is whether in the allowed band of white box, if not in white box tabulation, then do not allow this targeted customer location, authentication process failure (414), in this targeted customer's context, fill in failure flags, if after white box allowed band, step 412 inspection is obtained the tabulation of targeted customer's black box and is provided with, the same self adaptation principle that adopts: do not think that the targeted customer does not limit anyone location if the black box listing function is enabled this algorithm, otherwise, step 413 is traversal in the black box tabulation, if find this location initiator, illustrate that the targeted customer does not allow the promoter that oneself is positioned, enter step 414 failed authentication, fill in failure flags in simultaneously about this targeted customer, if black box allows the location initiator location, single target subscription authentication success, context changes corresponding state over to and waits for localization process, this user's authentication success (415).
Discussed above is single goal subscription authentication process, in multiple target subscription authentication process, the targeted customer is carried out authentication one by one successively, each targeted customer's authorizing procedure is identical with process discussed above, be that success or failure all will check whether be last user after targeted customer's authentication is finished in step 417, if not, algorithm continues to take out next targeted customer's context, carry out authentication and all finish up to all targeted customer's authentications, whole Location Request authentication finishes.
Above the invention has been described in conjunction with example, should point out, those skilled in the art can make the change on various forms of and the details, and do not depart from by the determined the spirit and scope of the present invention of claims.
Claims (1)
1, adaptive hierarchical method for authenticating in a kind of LCS system is characterized in that the authentication in the one-time positioning request is divided into two-stage: client authentication and targeted customer's authentication; In targeted customer's authentication, be further divided into user signing contract information and private two-stage authentication again;
After the LCS system receives Location Request, at first carry out the client authentication; As the client failed authentication, system directly sends refuse information, end process to client; Pass through as the client authentication, then set up context, carry out targeted customer's authentication for each client;
Client method for authenticating: at different client types, comprise value-added service type client and other types client, carry out different processing; For value-added service type client, after having passed through general client authentication, more further to request frequency and promoter's authentication; For the other types client, then only need carry out general client authentication, promptly consistency, three parts of location authority of the access rights in the client essential information, user name and password are carried out authentication;
Targeted customer's method for authenticating: in targeted customer's authentication process, processing respectively is set at different user signing contract informations and privacy; If the targeted customer does not enable authorization function, be defaulted as the targeted customer to all consumer positioning mandates; If the targeted customer enables authorization function, the authority of consumer positioning is set according to grant column list; At the consumer positioning of having authorized,, then be defaulted as the user to all consumer positioning mandates if the targeted customer does not enable blocking function; If the targeted customer enables blocking function, then refuse the authority of part consumer positioning according to block list;
Multiple target user anthority identifying method:, the targeted customer is carried out authentication one by one successively for the multiple target subscription authentication; After each subscription authentication is finished, change corresponding state over to according to authenticating result, carry out next targeted customer's authentication, finish up to all targeted customer's authentications, the Location Request authentication finishes.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNB2005100184580A CN100349495C (en) | 2005-03-25 | 2005-03-25 | Adaptive hierarchical discrimination algorithm in LCS system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNB2005100184580A CN100349495C (en) | 2005-03-25 | 2005-03-25 | Adaptive hierarchical discrimination algorithm in LCS system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN1658703A CN1658703A (en) | 2005-08-24 |
| CN100349495C true CN100349495C (en) | 2007-11-14 |
Family
ID=35007906
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CNB2005100184580A Expired - Fee Related CN100349495C (en) | 2005-03-25 | 2005-03-25 | Adaptive hierarchical discrimination algorithm in LCS system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN100349495C (en) |
Families Citing this family (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101132279B (en) * | 2006-08-24 | 2011-05-11 | 华为技术有限公司 | Authentication method and authentication system |
| CN103096241A (en) * | 2011-11-02 | 2013-05-08 | 上海贝尔股份有限公司 | Method and device used for offering position information |
| CN103813264B (en) * | 2012-11-12 | 2018-07-03 | 中国电信股份有限公司 | Handle method, system and the mobile switch of Location Request |
| CN108363081A (en) * | 2018-02-13 | 2018-08-03 | 山东顺国电子科技有限公司 | Location information method for visualizing, system, device and server based on GIS |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1256848A (en) * | 1997-05-16 | 2000-06-14 | 艾利森电话股份有限公司 | Integrity protection in telecommunications system |
| CN1284247A (en) * | 1997-11-26 | 2001-02-14 | 艾利森公司 | System and method for authorization of location services |
| WO2002017656A2 (en) * | 2000-08-22 | 2002-02-28 | Ericsson Inc | Methods, mobile user terminal and system for controlling access to mobile user terminal location information |
| CN1572121A (en) * | 2001-10-17 | 2005-01-26 | 诺基亚公司 | Method for the provision of location information |
-
2005
- 2005-03-25 CN CNB2005100184580A patent/CN100349495C/en not_active Expired - Fee Related
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1256848A (en) * | 1997-05-16 | 2000-06-14 | 艾利森电话股份有限公司 | Integrity protection in telecommunications system |
| CN1284247A (en) * | 1997-11-26 | 2001-02-14 | 艾利森公司 | System and method for authorization of location services |
| WO2002017656A2 (en) * | 2000-08-22 | 2002-02-28 | Ericsson Inc | Methods, mobile user terminal and system for controlling access to mobile user terminal location information |
| CN1572121A (en) * | 2001-10-17 | 2005-01-26 | 诺基亚公司 | Method for the provision of location information |
Also Published As
| Publication number | Publication date |
|---|---|
| CN1658703A (en) | 2005-08-24 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109511115B (en) | Authorization method and network element | |
| US8275355B2 (en) | Method for roaming user to establish security association with visited network application server | |
| US9197639B2 (en) | Method for sharing data of device in M2M communication and system therefor | |
| US7224800B1 (en) | System and method for authentication of a roaming subscriber | |
| WO2019062384A1 (en) | Method and device for public network user accessing private network | |
| US11917404B2 (en) | Cellular network authentication utilizing unlinkable anonymous credentials | |
| CN100459799C (en) | Control system and control method for terminal to use network | |
| CN1325242A (en) | Method for processing position information of terminals connected to group data network through honeycom network | |
| CN111385274B (en) | Cross-network service calling method and device, feature gateway and identity recognition system | |
| EP2477371A2 (en) | System for the definition and application of securely accessible geographical areas | |
| WO2011098660A9 (en) | Method and apparatus for redirecting data traffic | |
| WO2019056971A1 (en) | Authentication method and device | |
| CN100349495C (en) | Adaptive hierarchical discrimination algorithm in LCS system | |
| US20180145984A1 (en) | System and method for providing security solutions to protect enterprise critical assets | |
| KR101133167B1 (en) | Method and apparatus for user verifing process with enhanced security | |
| GB2520938A (en) | Mobile device location | |
| CN101087326B (en) | A communication terminal registration method and system | |
| CN106576245B (en) | User equipment proximity request authentication | |
| CN106487776A (en) | A kind of method of protection equipment for machine type communication, network entity and system | |
| CN103036858B (en) | System, implementation method, ACF and the PAG of user Internet access | |
| EP3968590B1 (en) | Communication network component and method | |
| CN105635098A (en) | IMS network registration method and system | |
| KR20070093274A (en) | System and method for emergency service using supl | |
| CN116015733A (en) | Access control system and method based on authentication and resource access control | |
| CN117216807A (en) | Service calling method, device, equipment, medium and product based on block chain |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| C17 | Cessation of patent right | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20071114 |