CN101119197A - A contract method and system - Google Patents
A contract method and system Download PDFInfo
- Publication number
- CN101119197A CN101119197A CNA2006101092186A CN200610109218A CN101119197A CN 101119197 A CN101119197 A CN 101119197A CN A2006101092186 A CNA2006101092186 A CN A2006101092186A CN 200610109218 A CN200610109218 A CN 200610109218A CN 101119197 A CN101119197 A CN 101119197A
- Authority
- CN
- China
- Prior art keywords
- signing
- party
- information
- bearer
- subscription
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Landscapes
- Mobile Radio Communication Systems (AREA)
Abstract
本发明提供了一种签约方法及系统,属于网络通讯领域。为了解决现有技术中签约非实时性、操作繁琐的问题,本发明提供了一种签约方法,所述方法包括发送签约请求、生成签约信息、保存签约信息以及对签约信息进行更新和撤销签约的步骤。本发明还提供了一种签约系统,所述系统包括承载方、被承载方和签约数据库,所述被承载方包括签约请求发送模块,承载方包括签约信息生成模块,签约数据库包括签约信息保存模块。采用本发明所述技术方案签约双方可以迅速、实时、在线的建立起签约关系,易于实现;当签约信息发生变化时,可以在线更新;当需要解除签约关系时,可以在线撤销签约关系,便于签约双方实时维护签约信息的正确性和有效性。
The invention provides a signing method and system, belonging to the field of network communication. In order to solve the problem of non-real-time signing and cumbersome operation in the prior art, the present invention provides a signing method, which includes sending a signing request, generating signing information, saving signing information, updating signing information and canceling signing step. The present invention also provides a signing system, the system includes a bearer, a bearer and a signing database, the bearer includes a signing request sending module, the bearer includes a signing information generating module, and the signing database includes a signing information saving module . By adopting the technical solution of the present invention, the contracting parties can quickly, real-time, and online establish the contracting relationship, which is easy to implement; when the contracting information changes, it can be updated online; when the contracting relationship needs to be terminated, the contracting relationship can be revoked online, which is convenient for signing Both parties maintain the correctness and validity of the signing information in real time.
Description
技术领域technical field
本发明涉及网络通讯领域,特别涉及一种签约方法及系统。The invention relates to the field of network communication, in particular to a signing method and system.
背景技术Background technique
端到端通信认证框架是一种适用于不同移动网络标准的通用鉴权框架,其作用在于为不同类型的实体之间建立相互信任关系,是一个真正意义上的通用鉴权框架,该框架的示意图参见图1。图中涉及到的网络元素除了2种业务实体:SS(Service Subscriber,业务签约者)(101)、SP(Service Provider,业务提供者)(102)以外,在运营商网络中,还应该存在一个EAC(Entity Authentication Center,实体认证中心)(103)和一个ESD(Entity SubscriptionDatabase,实体签约数据库)(104)。The end-to-end communication authentication framework is a general authentication framework applicable to different mobile network standards. Its function is to establish mutual trust relationship between different types of entities. See Figure 1 for a schematic diagram. In addition to the two types of business entities involved in the network elements in the figure: SS (Service Subscriber, business contractor) (101), SP (Service Provider, business provider) (102), there should also be a EAC (Entity Authentication Center, Entity Authentication Center) (103) and an ESD (Entity Subscription Database, Entity Subscription Database) (104).
业务提供者在能够向其它实体提供业务,或者业务签约者向其它实体请求业务之前,应该首先已经与网络存在签约关系,并将签约信息存放于ESD中。Before the service provider can provide services to other entities, or the service contractor requests services from other entities, it should first have a contract relationship with the network and store the contract information in the ESD.
现有技术中,移动用户(SS或SP)与移动网络的签约大多是通过UICC、SIM等智能卡实现的,智能卡是通过购买等方式获得的,因而是离线操作。第三方应用服务器(通常为SP)与移动网络的签约关系可能需要双方代表面对面签订一个书面合同或契约等。In the prior art, most of the mobile subscribers (SS or SP) sign with the mobile network through smart cards such as UICC and SIM, and the smart cards are obtained through purchasing and other means, so they are operated offline. The contracting relationship between the third-party application server (usually SP) and the mobile network may require representatives of both parties to sign a written contract or contract face to face.
现有技术的缺点是:The disadvantages of the prior art are:
1.移动用户与移动网络的签约方式不具有实时性,操作起来不方便,既费时又费力,不利于扩大移动网络的业务范围;1. The signing method between mobile users and the mobile network is not real-time, and the operation is inconvenient, time-consuming and laborious, which is not conducive to expanding the business scope of the mobile network;
2.第三方应用服务器与移动网络签约方法不统一,不便于签约双方迅速有效的建立签约关系。2. The contracting method between the third-party application server and the mobile network is not unified, which is not convenient for both contracting parties to quickly and effectively establish a contracting relationship.
发明内容Contents of the invention
本发明目的在于克服现有技术中签约方式的非实时性和签约方法不统一的问题,以便移动网络和更多的业务提供者建立签约关系。本发明提供了一种基于业务的自动签约方法。所述技术方案如下:The purpose of the present invention is to overcome the problems of non-real-time and inconsistent signing methods in the prior art, so that the mobile network can establish signing relationships with more service providers. The invention provides a service-based automatic signing method. Described technical scheme is as follows:
本发明提供了一种签约方法,所述方法包括以下步骤:The present invention provides a signing method, the method includes the following steps:
步骤A:被承载方向承载方发送签约请求消息,所述请求消息携带所述被承载方的身份信息和要提供的业务类型:Step A: The bearer sends a subscription request message to the bearer, and the request message carries the identity information of the bearer and the service type to be provided:
步骤B:所述承载方收到所述签约请求消息后,根据业务类型判断是否需要进行认证,如果需要,根据所述业务类型确定认证方式,所述承载方与被承载方根据所述认证方式进行认证;Step B: After receiving the subscription request message, the bearer determines whether authentication is required according to the service type, and if necessary, determines the authentication method according to the service type, and the bearer and the bearer to authenticate;
步骤C:承载方生成签约信息,并把所述签约信息发送给签约数据库;Step C: The bearer generates subscription information, and sends the subscription information to the subscription database;
步骤D:所述签约数据库收到所述签约信息后,保存签约信息,并把签约成功响应发送给被承载方或通过承载方发送给被承载方。Step D: After receiving the signing information, the signing database saves the signing information, and sends a successful signing response to the hosted party or through the hosting party to the hosted party.
所述步骤A中的签约请求消息中还携带业务提供能力信息、认证能力信息及认证要求;相应地,所述步骤B中承载方收到所述签约请求消息后,根据业务类型和认证要求判断是否需要进行认证,并根据所述认证能力信息、业务类型和认证要求确定认证方式。The subscription request message in step A also carries service provision capability information, authentication capability information, and authentication requirements; correspondingly, after receiving the subscription request message in step B, the bearer judges according to the service type and authentication requirements Whether authentication is required, and an authentication method is determined according to the authentication capability information, business type, and authentication requirements.
所述认证方式具体包括以下方式:The authentication methods specifically include the following methods:
根据本地策略进行认证;Authenticate according to local policy;
根据被承载方提供的公钥证书或属性证书进行认证;Authentication is performed according to the public key certificate or attribute certificate provided by the bearer;
根据向可信任的第三方进行查询认证。Authenticate based on query to a trusted third party.
所述步骤C还包括承载方与被承载方生成共享秘密的步骤;The step C also includes the step of generating a shared secret between the bearer and the bearer;
相应地,所述步骤D中签约数据库通过承载方发送签约成功响应给被承载方的步骤还包括:Correspondingly, in the step D, the step in which the subscription database sends a successful subscription response to the bearer through the bearer further includes:
签约数据库把签约成功响应发送给承载方,所述签约成功响应携带签约信息,承载方收到签约成功响应后,用所述共享秘密加密签约信息并发送给被承载方。The signing database sends a successful signing response to the bearer. The successful signing response carries signing information. After receiving the successful signing response, the bearer uses the shared secret to encrypt the signing information and sends it to the bearer.
当被承载方信息发生变化时,所述方法还包括对所述签约信息进行更新,具体包括以下步骤:When the bearer information changes, the method further includes updating the subscription information, specifically including the following steps:
步骤E:被承载方向承载方发送签约信息更新请求消息,所述请求消息携带更新原因和签约信息中的身份信息;Step E: The bearer sends a subscription information update request message to the bearer, and the request message carries the update reason and the identity information in the subscription information;
步骤F:承载方收到所述签约信息更新请求后,根据签约信息判断是否需要进行认证,如果需要,根据所述业务类型确定认证方式,所述承载方与被承载方根据所述认证方式进行认证;Step F: After receiving the subscription information update request, the bearer judges whether authentication is required according to the subscription information, and if necessary, determines the authentication method according to the service type, and the bearer and the bearer perform the authentication according to the authentication method certification;
步骤G:所述承载方发送更新请求消息给签约数据库,所述请求消息携带更新内容和被承载方的身份信息;Step G: The bearer sends an update request message to the subscription database, and the request message carries the update content and the identity information of the bearer;
步骤H:所述签约数据库收到所述请求消息后,根据消息中携带的被承载方身份信息查找数据库中被承载方的签约信息,查到后根据消息中携带的更新内容更新签约信息,并发送更新确认响应给被承载方,签约数据库查找订购所述承载方所提供业务的用户,向所述用户发送签约信息更新通知,或由被承载方向该业务相关用户发送签约信息更新通知。Step H: After the subscription database receives the request message, it searches for the subscription information of the bearer in the database according to the identity information of the bearer carried in the message, and updates the subscription information according to the update content carried in the message after finding it, and Send an update confirmation response to the bearer, the subscription database searches for users who subscribe to the service provided by the bearer, and sends a subscription information update notification to the user, or the bearer sends a subscription information update notification to the service-related user.
当被承载方要终止与承载方的签约关系时,所述方法还包括撤销签约的步骤,具体包括以下步骤:When the bearer wants to terminate the contract relationship with the bearer, the method further includes the step of canceling the contract, which specifically includes the following steps:
步骤J:所述被承载方向承载方发送撤销签约关系请求消息,所述撤销签约关系请求消息携带被承载方身份信息;Step J: The bearer sends a cancellation request message to the bearer, and the cancellation request message carries the identity information of the bearer;
步骤K:所述承载方收到所述撤销签约关系请求消息后,根据签约信息判断是否需要进行认证,如果需要,根据所述业务类型确定认证方式,所述承载方与被承载方根据所述认证方式进行认证;Step K: After the bearer receives the cancellation request message, it judges whether authentication is required according to the subscription information, and if so, determines the authentication method according to the service type, and the bearer and the bearer Authentication method for authentication;
步骤L:所述承载方发送撤销请求消息给签约数据库,所述撤销请求消息携带被承载方身份信息;Step L: The bearer sends a revocation request message to the subscription database, and the revocation request message carries the identity information of the bearer;
步骤M:签约数据库收到所述撤销请求消息后,根据消息中携带的被承载方身份信息查找数据库中被承载方的签约信息,查到后删除所述签约信息,并发送撤销确认响应给被承载方,签约数据库查找订购所述承载方所提供业务的用户,向所述用户发送签约信息撤销通知,或由被承载方向该业务相关用户发送签约信息撤销通知。Step M: After the subscription database receives the revocation request message, it searches for the subscription information of the bearer in the database according to the identity information of the bearer carried in the message, deletes the subscription information after finding it, and sends a revocation confirmation response to the bearer For the bearer, the subscription database searches the subscription database for users who have subscribed to the services provided by the bearer, and sends a subscription information revocation notice to the user, or the bearer sends a subscription information revocation notice to the service-related user.
当承载方要终止与被承载方的签约关系时,所述方法还包括撤销签约的步骤,具体包括以下步骤:When the bearer wants to terminate the contract relationship with the bearer, the method further includes the step of canceling the contract, which specifically includes the following steps:
步骤O:所述承载方向被承载方发送撤销签约关系请求消息;Step 0: The bearer sends a request message for canceling the subscription relationship to the bearer;
步骤P:所述被承载方收到所述撤销签约关系请求消息后,根据签约信息判断是否需要进行认证,如果需要,根据所述业务类型确定认证方式,所述承载方与被承载方根据所述认证方式进行认证;Step P: After the bearer receives the cancellation request message, it judges whether authentication is required according to the subscription information, and if so, determines the authentication method according to the service type, and the bearer and the bearer The above authentication method is used for authentication;
步骤Q:所述被承载方向承载方发送撤销确认响应;Step Q: The bearer sends a revocation confirmation response to the bearer;
步骤R:所述承载方收到所述撤销确认响应后,向签约数据库发送撤销请求消息,所述撤销请求消息中携带被承载方身份信息;Step R: After receiving the revocation confirmation response, the bearer sends a revocation request message to the subscription database, and the revocation request message carries the identity information of the bearer;
步骤S:所述签约数据库收到所述撤销请求后,根据消息中携带的被承载方身份信息查找数据库中被承载方的签约信息,查到后删除所述签约信息,并发送撤销确认响应给承载方,签约数据库查找订购所述承载方所提供业务的用户,向所述用户发送签约信息撤销通知,或由被承载方向该业务相关用户发送签约信息撤销通知。Step S: After receiving the revocation request, the subscription database searches for the subscription information of the bearer in the database according to the identity information of the bearer carried in the message, deletes the subscription information after finding it, and sends a revocation confirmation response to For the bearer, the subscription database searches the subscription database for users who have subscribed to the services provided by the bearer, and sends a subscription information revocation notice to the user, or the bearer sends a subscription information revocation notice to the service-related user.
所述的认证具体包括以下方法:The authentication specifically includes the following methods:
采用签约过程中使用的认证方式;Adopt the authentication method used in the contracting process;
直接采用签约过程的认证结果进行认证;Directly use the certification results of the signing process for certification;
采用被承载方与承载方统一的认证方法。A unified authentication method for the bearer and bearer is adopted.
本发明还提供了一种签约系统,所述系统包括被承载方、承载方和签约数据库,所述被承载方包括签约请求发送模块,承载方包括签约信息生成模块,签约数据库包括签约信息保存模块;The present invention also provides a signing system, the system includes a bearer, a bearer and a signing database, the bearer includes a signing request sending module, the bearer includes a signing information generating module, and the signing database includes a signing information saving module ;
所述签约请求发送模块用于被承载方向承载方发送签约请求消息,所述请求消息携带被承载方的身份信息和要提供的业务类型;The subscription request sending module is used for the bearer to send a subscription request message to the bearer, and the request message carries the identity information of the bearer and the service type to be provided;
所述签约信息生成模块用于承载方收到所述签约请求消息后,根据业务类型判断是否需要进行认证,如果需要,根据所述业务类型确定认证方式,所述承载方与被承载方根据所述认证方式进行认证;认证通过后,所述承载方生成签约信息,并把所述签约信息发送给签约数据库;The signing information generating module is used for the bearer to judge whether authentication is required according to the business type after receiving the signing request message, and if necessary, determine the authentication method according to the business type, and the bearer and the bearer according to the After the authentication is passed, the bearer generates the signing information and sends the signing information to the signing database;
所述签约信息保存模块用于所述签约数据库收到所述签约信息后,保存签约信息,并把签约成功响应发送给被承载方或通过承载方发送给被承载方。The contract information storage module is used for the contract database to store the contract information after receiving the contract information, and to send a successful contract response to the bearer or through the bearer to the bearer.
所述被承载方还包括更新请求模块,所述承载方还包括认证更新模块,所述签约数据库还包括签约信息更新模块;The bearer also includes an update request module, the bearer also includes an authentication update module, and the subscription database also includes a subscription information update module;
所述更新请求模块用于被承载方向承载方发送签约信息更新请求消息,所述请求消息携带更新原因和签约信息中的身份信息;The update request module is used for the bearer to send a subscription information update request message to the bearer, and the request message carries an update reason and identity information in the subscription information;
所述认证更新模块用于承载方收到所述签约信息更新请求后,根据签约信息判断是否需要进行认证,如果需要,根据所述业务类型确定认证方式,所述承载方与被承载方根据所述认证方式进行认证;认证通过后,承载方发送更新请求消息给签约数据库,所述请求消息携带更新内容和被承载方的身份信息;The authentication update module is used for the bearer to determine whether authentication is required according to the subscription information after receiving the subscription information update request, and if necessary, determine the authentication method according to the service type, and the bearer and the bearer The authentication method is used for authentication; after the authentication is passed, the bearer sends an update request message to the subscription database, and the request message carries the update content and the identity information of the bearer;
所述签约信息更新模块用于所述签约数据库收到所述请求消息后,根据消息中携带的被承载方身份信息查找数据库中被承载方的签约信息,查到后根据消息中携带的更新内容更新签约信息,并发送更新确认响应给被承载方,签约数据库查找订购所述承载方所提供业务的用户,向所述用户发送签约信息更新通知,或由被承载方向该业务相关用户发送签约信息更新通知。The subscription information update module is used to search the subscription information of the bearer in the database according to the identity information of the bearer carried in the message after the subscription database receives the request message, and after finding out, according to the update content carried in the message Update the subscription information, and send an update confirmation response to the bearer, the subscription database searches for users who subscribe to the services provided by the bearer, and sends a subscription information update notification to the user, or the bearer sends subscription information to the service-related user Update notification.
所述被承载方还包括撤销请求模块,所述承载方还包括认证撤销模块,所述签约数据库还包括签约信息删除模块;The bearer also includes a revocation request module, the bearer also includes an authentication revocation module, and the subscription database also includes a subscription information deletion module;
所述撤销请求模块用于被承载方向承载方发送撤销签约关系请求消息,所述撤销签约关系请求消息携带被承载方身份信息;The revocation request module is used for the bearer to send a revocation request message to the bearer, and the revocation request message carries the identity information of the bearer;
所述认证撤销模块用于承载方收到所述撤销签约关系请求消息后,根据签约信息判断是否需要进行认证,如果需要,根据所述业务类型确定认证方式,所述承载方与被承载方根据所述认证方式进行认证;认证通过后,承载方发送撤销请求消息给签约数据库,所述撤销请求消息携带被承载方身份信息;The authentication revocation module is used for the bearer to determine whether authentication is required according to the subscription information after receiving the request message for canceling the contract relationship, and if necessary, determine the authentication method according to the service type, and the bearer and the bearer according to The authentication method is used for authentication; after the authentication is passed, the bearer sends a revocation request message to the subscription database, and the revocation request message carries the identity information of the bearer;
所述签约信息删除模块用于签约数据库收到所述撤销请求消息后,根据消息中携带的被承载方身份信息查找数据库中被承载方的签约信息,查到后删除所述签约信息,并发送撤销确认响应给被承载方,签约数据库查找订购所述承载方所提供业务的用户,向所述用户发送签约信息撤销通知,或由被承载方向该业务相关用户发送签约信息撤销通知。The subscription information deletion module is used for the subscription database to search for the subscription information of the bearer in the database according to the bearer identity information carried in the message after the subscription database receives the cancellation request message, delete the subscription information after finding it, and send Revocation confirmation is responded to the bearer, and the subscription database searches for users who have subscribed to the service provided by the bearer, and sends a subscription cancellation notification to the user, or the bearer sends a subscription cancellation notification to the service-related user.
所述承载方还包括承载方撤销请求模块,所述被承载方还包括撤销确认响应发送模块,所述签约数据库还包括签约信息删除模块;The bearer further includes a bearer revocation request module, the bearer further includes a revocation confirmation response sending module, and the subscription database further includes a subscription information deletion module;
所述承载方撤销请求模块用于承载方向被承载方发送撤销签约关系请求消息;The bearer revocation request module is used for the bearer to send a cancellation request message to the bearer;
所述撤销确认响应发送模块用于被承载方收到所述撤销签约关系请求消息后,根据签约信息判断是否需要进行认证,如果需要,根据所述业务类型确定认证方式,所述承载方与被承载方根据所述认证方式进行认证;认证通过后,被承载方向承载方发送撤销确认响应;The revocation confirmation response sending module is used for the bearer to judge whether authentication needs to be performed according to the subscription information after receiving the request message for canceling the contract relationship, and if necessary, determine the authentication method according to the service type, the bearer and the bearer The bearer performs authentication according to the authentication method; after passing the authentication, the bearer sends a revocation confirmation response to the bearer;
所述承载方撤销请求模块还用于承载方收到所述撤销确认响应发送模块发送的撤销确认响应后,向签约数据库发送撤销请求消息,所述撤销签约关系请求消息中携带被承载方身份信息。The bearer revocation request module is also used for the bearer to send a revocation request message to the subscription database after receiving the revocation confirmation response sent by the revocation confirmation response sending module, and the revocation request message carries the identity information of the bearer .
所述签约信息删除模块用于签约数据库收到所述撤销请求消息后,根据消息中携带的被承载方身份信息查找数据库中被承载方的签约信息,查到后删除所述签约信息,并发送撤销确认响应给被承载方,签约数据库查找订购所述承载方所提供业务的用户,向所述用户发送签约信息撤销通知,或由被承载方向该业务相关用户发送签约信息撤销通知。The subscription information deletion module is used for the subscription database to search for the subscription information of the bearer in the database according to the bearer identity information carried in the message after the subscription database receives the cancellation request message, delete the subscription information after finding it, and send Revocation confirmation is responded to the bearer, and the subscription database searches for users who have subscribed to the service provided by the bearer, and sends a subscription cancellation notification to the user, or the bearer sends a subscription cancellation notification to the service-related user.
通过本发明提供的签约方法和系统带来的有益效果是:The beneficial effects brought by the signing method and system provided by the present invention are:
1.签约双方可以迅速、实时、在线的建立起签约关系,而且流程统一,易于实现;1. Both parties to the contract can quickly, real-time, and online establish a contract relationship, and the process is unified and easy to implement;
2.当签约信息发生变化时,可以在线更新;2. When the contract information changes, it can be updated online;
3.当需要解除签约关系时,可以在线撤销签约关系,便于签约双方实时维护签约信息的正确性和有效性。3. When the contract relationship needs to be terminated, the contract relationship can be revoked online, which is convenient for both parties to maintain the correctness and validity of the contract information in real time.
附图说明Description of drawings
图1是现有技术中的端到端通信认证框架示意图;FIG. 1 is a schematic diagram of an end-to-end communication authentication framework in the prior art;
图2是本发明实施例1提供的签约方法流程示意图;Fig. 2 is a schematic flow chart of the signing method provided by Embodiment 1 of the present invention;
图3是本发明实施例2提供的更新签约流程示意图;FIG. 3 is a schematic diagram of a renewal subscription process provided by Embodiment 2 of the present invention;
图4是本发明实施例3提供的删除签约关系流程示意图;FIG. 4 is a schematic diagram of a process for deleting a contract relationship provided by Embodiment 3 of the present invention;
图5是本发明实施例4提供的删除签约关系流程示意图;FIG. 5 is a schematic diagram of a process for deleting a contract relationship provided by Embodiment 4 of the present invention;
图6是本发明实施例5提供的签约系统示意图;Fig. 6 is a schematic diagram of the signing system provided by Embodiment 5 of the present invention;
图7是本发明实施例6提供的签约系统示意图;Fig. 7 is a schematic diagram of the signing system provided by Embodiment 6 of the present invention;
图8是本发明实施例7提供的签约系统示意图;Fig. 8 is a schematic diagram of the signing system provided by Embodiment 7 of the present invention;
图9是本发明实施例8提供的签约系统示意图。Fig. 9 is a schematic diagram of a subscription system provided by Embodiment 8 of the present invention.
具体实施方式Detailed ways
下面结合附图和具体实施例对本发明作进一步说明,但不作为对本发明的限定。The present invention will be further described below in conjunction with the accompanying drawings and specific embodiments, but not as a limitation of the present invention.
实施例1Example 1
本发明提供了一种签约方法,该方法的应用范围不仅限于端到端通信认证过程,只要是涉及承载方与被承载方就某一资源的提供和使用而进行的签约过程、签约信息的更新和签约关系撤销过程都适用。The present invention provides a signing method, the application scope of the method is not limited to the end-to-end communication authentication process, as long as it involves the signing process and the updating of signing information between the bearer and the bearer for the provision and use of a certain resource Both the contractual relationship cancellation process apply.
本实施例以SP作为被承载方,网络作为承载方,EAC作为网络方的签约代理,在确认对方身份和权限后生成签约信息,并将签约信息存储在ESD中。当SS不是移动用户,是第三方应用服务器的情况时,如果没有和移动网络建立签约关系,也可以使用本发明提供的签约方法执行签约过程。In this embodiment, the SP is used as the bearer, the network is used as the bearer, and the EAC is used as the signing agent of the network party. After confirming the identity and authority of the other party, the signing information is generated and stored in the ESD. When the SS is not a mobile user but a third-party application server, if the subscription relationship has not been established with the mobile network, the subscription method provided by the present invention can also be used to execute the subscription process.
参见图2,该签约方法具体步骤如下;Referring to Fig. 2, the specific steps of the signing method are as follows;
步骤201:SP向EAC发送签约请求消息,该请求消息携带SP的身份信息、要提供的业务类型、业务提供能力信息、认证能力信息以及认证要求等,其中身份信息和业务类型是签约请求中必须携带的,其它的都是可选信息。Step 201: The SP sends a subscription request message to the EAC. The request message carries the identity information of the SP, the service type to be provided, service provision capability information, authentication capability information, and authentication requirements, etc., where the identity information and service type are required in the subscription request. Carried, others are optional information.
其中,SP可以是应用服务器、移动终端等能够提供服务的实体。根据SP的具体类型,其身份信息可以是URL、IMSI、TMSI、IMPI或IMPU等,甚至是SP自己设定的假名。签约成功后,该信息作为签约信息的一部分存储在ESD中。Wherein, the SP may be an entity capable of providing services, such as an application server and a mobile terminal. According to the specific type of SP, its identity information can be URL, IMSI, TMSI, IMPI or IMPU, etc., or even a pseudonym set by the SP itself. After the signing is successful, this information is stored in the ESD as part of the signing information.
SP提供的业务类型可以是手机电子银行业务、移动梦网业务、邮件服务业务等,可以用标识码的格式发送给EAC,也可以直接发送业务名称,这里不作限制,只要EAC能够识别就可以。The service types provided by the SP can be mobile electronic banking services, Monternet services, mail service services, etc., and can be sent to the EAC in the format of an identification code, or directly send the service name. There is no limitation here, as long as the EAC can identify it.
业务提供能力信息指SP具体能够提供的业务类型和该业务类型的规模。Service provision capability information refers to the type of service that the SP can provide and the scale of the service type.
认证能力信息包含SP支持的认证方式、认证模型以及密码算法等,确认SP身份、能力和权限合法后,该认证能力信息作为签约信息的一部分存储在ESD中。The authentication capability information includes the authentication methods, authentication models, and cryptographic algorithms supported by the SP. After confirming that the SP identity, capability, and authority are legal, the authentication capability information is stored in the ESD as part of the contract information.
认证要求是指签约前SP要求与EAC采用何种方式(或者何种安全等级的认证方式)进行认证。例如,SP能够提供很多种认证方式,但是有些SP(如银行)可能对网络不够信任,签约前需要向EAC提出采用安全等级较高的方式来认证网络。The authentication requirement refers to the method (or the authentication method of the security level) that the SP requires to be authenticated with the EAC before signing the contract. For example, SPs can provide many authentication methods, but some SPs (such as banks) may not trust the network enough, and need to propose to EAC to use a method with a higher security level to authenticate the network before signing the contract.
步骤202:所述EAC收到签约请求消息后,确定二者是否需要进行认证,以及采用何种方式进行认证。具体如下:Step 202: After receiving the subscription request message, the EAC determines whether the two need to be authenticated, and in what way. details as follows:
EAC根据业务类型对应的安全等级确定是否需要进行认证,如果安全等级要求很低,或SP和EAC双方相互信任,则不需要认证,直接跳到步骤204。如果安全等级要求高,则SP和EAC需要进行认证。The EAC determines whether authentication is required according to the security level corresponding to the service type. If the security level requirement is very low, or the SP and the EAC both trust each other, no authentication is required, and the process directly skips to step 204 . If the security level is high, the SP and EAC need to be authenticated.
当SP发来的签约请求信息中包含了业务提供能力信息、认证能力信息以及认证要求等信息时,EAC也可以根据业务类型和认证要求确定是否需要进行认证,这样可以充分考虑被承载方的要求,当业务类型的安全要求比较低时,但是如果SP提出的认证要求的安全性比较高时,应该采用比较高的安全认证方式进行认证。When the signing request information sent by the SP contains information such as service provision capability information, authentication capability information, and authentication requirements, EAC can also determine whether authentication is required according to the service type and authentication requirements, so that the requirements of the bearer can be fully considered , when the security requirements of the business type are relatively low, but if the authentication requirements put forward by the SP are relatively high, a relatively high security authentication method should be used for authentication.
当SP和EAC需要进行认证时,EAC可以根据SP的业务类型确定认证方式,也可以综合SP的认证能力信息、业务类型、认证要求以及网络的认证能力信息等信息确定认证方式。EAC也可以无需选择认证方式而直接采用预设置的认证方式进行认证。When the SP and the EAC need to perform authentication, the EAC can determine the authentication method according to the service type of the SP, or can determine the authentication method based on information such as the SP's authentication capability information, service type, authentication requirements, and network authentication capability information. The EAC can also directly use a preset authentication method for authentication without selecting an authentication method.
少骤203A:EAC和SP根据确定的认证方式进行认证。Step 203A: The EAC and the SP perform authentication according to the determined authentication method.
EAC对SP进行认证,以便对SP的身份的合法性和提供某项业务的权限和/或能力进行确认。The EAC authenticates the SP so as to confirm the legitimacy of the SP's identity and the authority and/or ability to provide a certain service.
EAC本身对SP身份的合法性和提供某项业务的权限和/或能力进行确认的方法有:The methods used by EAC itself to confirm the legitimacy of the SP identity and the authority and/or ability to provide a certain service include:
(1)判断是否接受业务实体(SP)的签约请求。(1) Judging whether to accept the subscription request of the service entity (SP).
EAC依靠本地策略判断是否接受业务实体的签约请求,该本地策略包括对业务实体身份合法性和提供业务的权限和/或能力的要求。可以以列表的形式表示,表项可以包括接收的业务实体类型,提供业务的种类限制和/或业务提供能力要求等信息。本发明不限于用列表形式表示EAC是否接受签约请求的本地策略,只要包含上述思想内容的表达形式都可以,即本发明对此不做要求。The EAC judges whether to accept the subscription request of the service entity based on the local policy, and the local policy includes requirements on the legality of the identity of the service entity and the authority and/or ability to provide services. It can be expressed in the form of a list, and the entry can include information such as the type of service entity received, the type restriction of the service provided, and/or the service provision capability requirement. The present invention is not limited to the local policy that expresses whether the EAC accepts the subscription request in the form of a list, as long as the expression form contains the above-mentioned ideas, that is, the present invention does not require this.
(2)认证SP提供的公钥证书。(2) Authenticate the public key certificate provided by the SP.
当SP和EAC的认证方式是基于公钥证书或属性证书的认证,则SP向EAC出示的证书需要权威机构颁发,且能够对SP身份的合法性、业务提供能力等做出证明。业务提供能力信息可以放在PKI公钥证书的扩展信息中,或者SP向EAC出示能够证明其身份合法性和提供业务的权限和/或能力的PMI(Privilege Management Infrastructure,权限管理系统)属性证书。When the authentication method of SP and EAC is based on public key certificate or attribute certificate, the certificate presented by SP to EAC needs to be issued by an authority, and can prove the legitimacy of SP identity and service provision capability. Service provision capability information can be placed in the extended information of the PKI public key certificate, or the SP can present to the EAC a PMI (Privilege Management Infrastructure, rights management system) attribute certificate that can prove its identity legality and the authority and/or ability to provide services.
SP对EAC的认证具体有:SP通过EAC的公钥证书等方式判断EAC是否是移动运营商合法的实体认证中心。The authentication of the EAC by the SP specifically includes: the SP judges whether the EAC is a legal entity authentication center of the mobile operator through the public key certificate of the EAC or other means.
步骤203B:当EAC本身不能判定SP身份的合法性和提供业务的权限和/或能力的真实性时,需要向TTP(Trusted Third Party,可信任第三方)进行查询,即由EAC信任的第三方来代为完成对SP的身份和提供业务的权限和/或能力的验证。Step 203B: When the EAC itself cannot determine the legitimacy of the SP identity and the authenticity of the authority and/or ability to provide services, it needs to query the TTP (Trusted Third Party, a trusted third party), that is, a third party trusted by the EAC To complete the verification of the identity of the SP and the authority and/or ability to provide services on its behalf.
在EAC和SP的认证过程中,如果业务的安全要求高,认证过程中生成二者的共享秘密信息;如果业务的安全要求比较低,也可以不生成共享秘密信息。During the authentication process of the EAC and the SP, if the security requirement of the service is high, the shared secret information of the two is generated during the authentication process; if the security requirement of the service is relatively low, the shared secret information may not be generated.
步骤204:经过认证,如果EAC确认SP身份、能力、权限合法,生成签约信息。Step 204: After authentication, if the EAC confirms that the SP's identity, capability, and authority are legal, then generate contract information.
最基本的签约信息为:SP的身份信息和实体业务允许标志,实体业务允许标志表示SP是否有权提供某项业务,对能够提供的业务在签约信息中设置该业务的允许标志为“1”,如果以后SP不再提供该业务,则设为“0”。The most basic signing information is: SP’s identity information and entity business permission flag. The entity business permission flag indicates whether the SP has the right to provide a certain service. For the service that can be provided, set the service permission flag to “1” in the contract information , if the SP will no longer provide this service in the future, set it to "0".
签约信息的内容还可以包括:SP和EAC的共享秘密信息,密钥有效期(提前设置交易过程中密钥的使用时间)以及该实体的认证能力信息,还有该实体对应于某项业务的认证要求信息等。EAC对密钥(用于端到端认证过程)设定有效期,如果不设定则有效期视为默认值。The content of the signing information can also include: the shared secret information of SP and EAC, the validity period of the key (set the use time of the key in the transaction process in advance), and the authentication capability information of the entity, as well as the authentication of the entity corresponding to a certain business request information, etc. EAC sets the validity period for the key (used in the end-to-end authentication process), if not set, the validity period is regarded as the default value.
如果SP身份、能力、权限有不合法的信息则返回错误响应,并终止该过程。If the SP identity, capability, and authority have illegal information, an error response will be returned and the process will be terminated.
步骤205:EAC将签约信息发送给ESD。Step 205: EAC sends the subscription information to ESD.
步骤206:ESD收到签约信息后,签约信息保存在数据库中。Step 206: After the ESD receives the signing information, the signing information is stored in the database.
步骤207:ESD发送签约成功响应给SP。该签约成功响应可以携带签约信息,也可以不携带签约信息。Step 207: The ESD sends a subscription success response to the SP. The subscription success response may or may not carry subscription information.
根据网络的具体设置该响应可以直接返回到SP,也可以返回给EAC,再由EAC返回给SP。According to the specific setting of the network, the response can be directly returned to the SP, or returned to the EAC, and then returned to the SP by the EAC.
如果通过EAC返回响应给SP,并且响应中包括签约信息,则EAC可以利用其与SP的共享秘密加密签约信息,并返回给SP,达到确认签约成功和防止重访攻击的目的。根据网络的具体设置也可以不返回签约信息。If the EAC returns a response to the SP, and the response includes the subscription information, the EAC can use its shared secret with the SP to encrypt the subscription information and return it to the SP to confirm the success of the subscription and prevent revisit attacks. According to the specific setting of the network, the subscription information may not be returned.
步骤208:SP收到签约成功响应后,签约信息可以保存在本地或者在本地不进行保存,签约结束。Step 208: After the SP receives the subscription success response, the subscription information can be stored locally or not stored locally, and the subscription is completed.
实施例2Example 2
对于被承载方与承载方已经签约,当被承载方需要更新签约信息时,进行签约更新过程。本实施例的被承载方与承载方同实施例1相同,即SP作为被承载方,网络作为承载方,EAC作为网络方的签约代理,SS作为订购被承载方所提供业务的用户。If the bearer party has signed a contract with the bearer party, when the bearer party needs to update the subscription information, the contract update process is performed. The carried party and the bearer in this embodiment are the same as those in Embodiment 1, that is, the SP acts as the carried party, the network acts as the bearer, the EAC acts as the signing agent of the network party, and the SS serves as the user who subscribes to the services provided by the carried party.
参见图3,更新签约具体包括以下步骤:Referring to Figure 3, updating the contract specifically includes the following steps:
步骤301:SP向EAC发送签约信息更新请求消息,请求消息中携带更新原因,以及其签约信息中的身份标识,便于网络查找该SP的签约信息。这里的更新原因至少为以下情况之一:Step 301: The SP sends a subscription information update request message to the EAC. The request message carries the update reason and the identity in the subscription information, so that the network can find the subscription information of the SP. The reason for updating here is at least one of the following:
1)SP提供的业务类型发生变化;1) The type of service provided by the SP changes;
2)存储的共享秘密泄露;2) Leakage of stored shared secrets;
3)SP认证能力升级或发生改变;3) The SP certification ability is upgraded or changed;
4)SP的身份标识信息发生变化;4) The identity information of the SP changes;
5)SP对应某项业务的认证要求信息发生了变化;5) The certification requirement information of an SP corresponding to a certain business has changed;
6)签约信息所涉及的内容发生上述各项以外的任何改变。6) Any changes other than those mentioned above occur in the content involved in the signing information.
如果后续的认证方法是基于签约过程所建立的认证结果的,则该更新请求消息中可能包含该认证结果,作为EAC认证SP的凭证。这里的认证结果具体指上次认证成功后生成的信任状。If the subsequent authentication method is based on the authentication result established in the signing process, the update request message may contain the authentication result as a credential for the EAC authentication SP. The authentication result here specifically refers to the credential generated after the last successful authentication.
步骤302:EAC收到更新请求消息后,根据签约信息判断是否需要进行认证,以及采用何种方式进行认证。Step 302: After receiving the update request message, the EAC judges whether authentication is required and what method to use for authentication according to the subscription information.
根据签约信息判断是否需要进行认证,就是查看签约信息中是否有认证要求等信息,如果有,就根据认证要求等信息确定他们之间是否需要进行认证,如果没有就看签约信息中的业务类型具体是什么,根据该业务类型确定是否需要进行认证。当业务安全要求很低,或SP和EAC双方相互信任,则可能不需要认证,直接跳到步骤303。Judging whether authentication is required based on the signing information is to check whether there are authentication requirements and other information in the signing information. If so, determine whether authentication is required between them according to the authentication requirements and other information. If not, check the specific business type in the signing information. What is it? Determine whether authentication is required according to the type of business. When the service security requirement is very low, or the SP and the EAC both trust each other, authentication may not be required, and the process directly skips to step 303 .
如果需要进行认证分为以下两种情况:If authentication is required, there are two situations:
步骤302A:EAC与SP进行互认证,认证过程可以采用签约过程中使用的互认证方法;或者基于签约过程的认证结果(上次生成的信任状)进行认证,也可以统一采用一种简单通用的认证方法;Step 302A: The EAC and the SP perform mutual authentication. The authentication process can adopt the mutual authentication method used in the signing process; or perform authentication based on the authentication result of the signing process (credentials generated last time), or use a simple and common method uniformly. authentication method;
SP和EAC的认证过程可以包括EAC对SP身份是否合法和提供某项业务的权限和/或能力的确认。The authentication process of the SP and the EAC may include the confirmation by the EAC of whether the identity of the SP is legal and the authority and/or ability to provide a certain service.
步骤302B:当EAC本身不能判定一个业务提供者身份的合法性和/或业务提供能力的真实性时,EAC向可信任第三方TTP进行查询的,即由EAC信任的第三方来代为完成对签约请求者的身份和/或业务提供能力的验证。Step 302B: When the EAC itself cannot determine the legitimacy of a service provider's identity and/or the authenticity of the service provision capability, the EAC will inquire about the trusted third party TTP, that is, the third party trusted by the EAC will complete the contract on its behalf Verification of the requester's identity and/or service offering capabilities.
步骤303:经过互认证如果确认SP身份、能力、权限合法,EAC将更新请求发送给ESD,携带相应的更新内容和SP的身份标识信息;否则返回错误响应,并终止该更新过程。Step 303: After mutual authentication, if the identity, capability, and authority of the SP are confirmed to be valid, the EAC sends an update request to the ESD, carrying the corresponding update content and the identity information of the SP; otherwise, an error response is returned and the update process is terminated.
步骤304:ESD收到更新请求后,更新签约信息相应内容。例如,如果是添加或更改业务,则需要添加或更改业务允许标志。Step 304: After receiving the update request, the ESD updates the corresponding content of the subscription information. For example, if you are adding or changing a business, you need to add or change the business permission flag.
步骤305:ESD发送更新确认响应给SP。Step 305: the ESD sends an update confirmation response to the SP.
步骤306:ESD查找订购该SP所提供业务的SS,并向其发送签约信息变更的相关信息。Step 306: The ESD searches for the SS that subscribes to the service provided by the SP, and sends relevant information about the change of subscription information to it.
实施例3Example 3
对于被承载方与承载方已经签约,当被承载方要终止与承载方的签约关系时,需要撤销签约。本实施例的被承载方与承载方同实施例1相同,即SP作为被承载方,网络作为承载方,EAC作为网络方的签约代理,SS作为订购被承载方所提供业务的用户。If the bearer party has already signed a contract with the bearer party, when the bearer party wants to terminate the contract relationship with the bearer party, it needs to cancel the contract. The carried party and the bearer in this embodiment are the same as those in Embodiment 1, that is, the SP acts as the carried party, the network acts as the bearer, the EAC acts as the signing agent of the network party, and the SS serves as the user who subscribes to the services provided by the carried party.
参见图4,撤销签约具体包括以下步骤:Referring to Figure 4, the cancellation of the contract specifically includes the following steps:
步骤401:SP向EAC发送撤销签约关系请求消息,该请求消息中携带着其签约信息中的身份标识信息,便于网络查找该SP的签约信息。Step 401: The SP sends a request message for revoking the subscription relationship to the EAC. The request message carries the identity information in its subscription information, so that the network can find the subscription information of the SP.
步骤402:EAC收到撤销签约关系请求消息后,根据签约信息判断是否需要进行认证,以及采用何种方式进行认证。如果业务安全要求很低,或SP和EAC双方相互信任,则可能不需要认证,直接跳到步骤403。Step 402: After receiving the request message for canceling the contract relationship, the EAC judges whether authentication is required and what method to use for authentication according to the subscription information. If the service security requirements are very low, or if the SP and the EAC both trust each other, authentication may not be required, and step 403 may be skipped directly.
如果需要进行认证具体分为以下两种情况:If certification is required, it can be divided into the following two situations:
步骤402A:EAC与SP进行互认证,认证过程可以采用签约过程中使用的互认证方法;或者基于签约过程的认证结果进行认证;也可以采用一种简单通用的认证方法,即双方统一的认证方法。Step 402A: EAC and SP perform mutual authentication. The authentication process can adopt the mutual authentication method used in the signing process; or perform authentication based on the authentication result of the signing process; or use a simple and common authentication method, that is, a unified authentication method for both parties .
SP和EAC的认证过程可以包括EAC对SP身份的合法性和提供某项业务的权限或能力的确认。The authentication process of the SP and the EAC may include the confirmation by the EAC of the legitimacy of the identity of the SP and the authority or ability to provide a certain service.
步骤402B:当EAC本身不能判定一个业务提供者身份的合法性和/或业务提供能力的真实性时,向可信任第三方TTP进行查询,即由EAC信任的第三方来代为完成对签约请求者的身份和/或业务提供能力的验证。Step 402B: When the EAC itself cannot determine the legitimacy of a service provider's identity and/or the authenticity of the service provision capability, it queries the trusted third party TTP, that is, the third party trusted by the EAC completes the signing requester's Verification of identity and/or business offering capabilities.
步骤403:确认SP身份、能力、权限合法后,EAC发送撤销请求消息给ESD,该撤销请求消息携带着SP的身份标识信息;否则返回错误响应,并终止该过程。Step 403: After confirming that the SP's identity, capability, and authority are valid, the EAC sends a revocation request message to the ESD. The revocation request message carries the SP's identity information; otherwise, an error response is returned and the process is terminated.
步骤404:ESD收到撤销请求后,根据身份标志信息查找数据库中对应的签约信息,找到后删除相应的签约信息。Step 404: After receiving the revocation request, the ESD searches the corresponding subscription information in the database according to the identity information, and deletes the corresponding subscription information after finding it.
步骤405:ESD发送撤销确认响应给SP。Step 405: The ESD sends a revocation confirmation response to the SP.
步骤406:ESD查找订购该SP所提供业务的SS,并向其发送签约信息撤销的相关信息。Step 406: The ESD searches for the SS that has subscribed to the service provided by the SP, and sends relevant information about revocation of subscription information to it.
实施例4Example 4
对于被承载方与承载方已经签约,当承载方要终止与被承载方的签约关系时,需要撤销签约。本实施例的被承载方与承载方同实施例1相同,即SP作为被承载方,网络作为承载方,EAC作为网络方的签约代理,SS作为订购被承载方所提供业务的用户。If the bearer has signed a contract with the bearer, when the bearer wants to terminate the contract relationship with the bearer, it needs to cancel the contract. The carried party and the bearer in this embodiment are the same as those in Embodiment 1, that is, the SP acts as the carried party, the network acts as the bearer, the EAC acts as the signing agent of the network party, and the SS serves as the user who subscribes to the services provided by the carried party.
参见图5,撤销签约具体包括以下步骤:Referring to Figure 5, the cancellation of the contract specifically includes the following steps:
步骤501:EAC向SP发送撤销签约关系请求消息;Step 501: EAC sends a request message for revocation of subscription relationship to SP;
步骤502:SP收到撤销签约关系请求消息后,根据签约信息判断是否需要进行认证,以及采用何种方式进行认证。如果业务安全要求很低,或SP和EAC双方相互信任,则可能不需要认证,直接跳到步骤503。Step 502: After receiving the request message for canceling the contract relationship, the SP judges whether authentication is required and what method to use for authentication according to the subscription information. If the service security requirements are very low, or if the SP and the EAC both trust each other, authentication may not be required, and step 503 may be skipped directly.
认证过程可以采用签约过程中使用的认证方法;或者基于签约过程的认证结果进行认证;也可以统一采用一种简单通用的认证方法。The authentication process can adopt the authentication method used in the signing process; or conduct authentication based on the authentication result of the signing process; or uniformly adopt a simple and common authentication method.
步骤503:确认EAC身份、能力、权限合法后,SP向EAC发送撤销确认响应,表示同意撤销签约信息;否则返回错误响应,并终止该过程。Step 503: After confirming that the EAC's identity, capability, and authority are legal, the SP sends a revocation confirmation response to the EAC, indicating that it agrees to revoke the subscription information; otherwise, an error response is returned, and the process is terminated.
步骤504:EAC收到撤销确认响应后,向ESD发送撤销请求,携带者SP的身份信息。Step 504: After receiving the revocation confirmation response, the EAC sends a revocation request to the ESD, carrying the identity information of the SP.
步骤505:ESD收到撤销请求后,根据身份标志信息查找数据库中对应的签约信息,找到后删除相应的签约信息。Step 505: After receiving the revocation request, the ESD searches the corresponding subscription information in the database according to the identity information, and deletes the corresponding subscription information after finding it.
步骤506:ESD发送撤销确认响应给EAC,告诉EAC已经完成了该签约信息的撤销。Step 506: The ESD sends a revocation confirmation response to the EAC, telling the EAC that the revocation of the subscription information has been completed.
步骤507:ESD查找订购该SP所提供业务的SS,并向其发送签约信息撤销的相关信息。Step 507: The ESD searches for the SS that has subscribed to the service provided by the SP, and sends relevant information about revocation of subscription information to it.
实施例5Example 5
参见图6,本发明还提供了一种签约系统,该系统包括被承载方601、承载方602和签约数据库603,被承载方601包括签约请求发送模块604,承载方602包括签约信息生成模块605,该签约数据库603包括签约信息保存模块606;其中,Referring to Fig. 6, the present invention also provides a signing system, the system includes a
签约请求发送模块604用于被承载方向承载方发送签约请求消息,所述请求消息携带被承载方的身份信息和要提供的业务类型;The subscription
签约信息生成模块605用于承载方收到签约请求发送模块604的签约请求消息后,根据业务类型判断是否需要进行认证,如果需要,根据业务类型确定认证方式,承载方与被承载方根据认证方式进行认证;认证通过后,承载方生成签约信息,并把签约信息发送给签约数据库;The subscription
签约信息保存模块606用于签约数据库收到签约信息生成模块605的签约信息后,保存签约信息,并把签约成功响应发送给被承载方或通过承载方发送给被承载方。The contract
实施例6Example 6
参见图7,被承载方601还包括更新请求模块701,承载方602还包括认证更新模块702,签约数据库603还包括签约信息更新模块703;Referring to Fig. 7, the hosted
更新请求模块701用于被承载方向承载方发送签约信息更新请求消息,所述请求消息携带更新原因和签约信息中的身份信息;The
认证更新模块702用于承载方收到更新请求模块701的签约信息更新请求后,根据签约信息判断是否需要进行认证,如果需要,根据业务类型确定认证方式,承载方与被承载方根据认证方式进行认证;认证通过后,承载方发送更新请求消息给签约数据库,请求消息携带更新内容和被承载方的身份信息;The
签约信息更新模块703用于签约数据库收到认证更新模块702的请求消息后,根据消息中携带的被承载方身份信息查找数据库中被承载方的签约信息,查到后根据消息中携带的更新内容更新签约信息,并发送更新确认响应给被承载方,签约数据库查找订购承载方所提供业务的用户,向这些用户发送签约信息更新通知,或由被承载方向该业务相关用户发送签约信息更新通知。The subscription
实施例7Example 7
参见图8,被承载方601还包括撤销请求模块801,承载方602还包括认证撤销模块802,签约数据库603还包括签约信息删除模块803;Referring to FIG. 8, the
撤销请求模块801用于被承载方向承载方发送撤销签约关系请求消息,撤销签约关系请求消息携带被承载方身份信息;The
认证撤销模块802用于承载方收到撤销请求模块801的撤销签约关系请求消息后,根据签约信息判断是否需要进行认证,如果需要,根据业务类型确定认证方式,承载方与被承载方根据认证方式进行认证;认证通过后,承载方发送撤销请求消息给签约数据库,撤销请求消息携带被承载方身份信息;The
签约信息删除模块803用于签约数据库收到认证撤销模块802的撤销请求消息后,根据消息中携带的被承载方身份信息查找数据库中被承载方的签约信息,查到后删除该签约信息,并发送撤销确认响应给被承载方,签约数据库查找订购承载方所提供业务的用户,向这些用户发送签约信息撤销通知,或由被承载方向该业务相关用户发送签约信息撤销通知。The contract
实施例8Example 8
参见图9,另外该系统的承载方也可以主动向被承载方发送撤销签约关系的请求信息,这时在承载方602还包括承载方撤销请求模块901,被承载方601还包括撤销确认响应发送模块902,签约数据库还包括签约信息删除模块903;Referring to FIG. 9 , in addition, the bearer of the system can also actively send request information for canceling the contract relationship to the bearer. At this time, the
承载方撤销请求模块901用于承载方向被承载方发送撤销签约关系请求消息;The bearer
撤销确认响应发送模块902用于被承载方收到承载方撤销请求模块901的撤销签约关系请求消息后,根据签约信息判断是否需要进行认证,如果需要,根据业务类型确定认证方式,承载方与被承载方根据认证方式进行认证;认证通过后,被承载方向承载方发送撤销确认响应;The revocation confirmation
承载方撤销请求模块901还用于承载方收到撤销确认响应发送模块902发送的撤销确认响应后,向签约数据库发送撤销请求消息,撤销签约关系请求消息中携带被承载方身份信息。The bearer
签约信息删除模块903用于签约数据库收到承载方撤销请求模块901的撤销请求消息后,根据消息中携带的被承载方身份信息查找数据库中被承载方的签约信息,查到后删除该签约信息,并发送撤销确认响应给被承载方,签约数据库查找订购承载方所提供业务的用户,向这些用户发送签约信息撤销通知,或由被承载方向该业务相关用户发送签约信息撤销通知。The subscription
以上所述的实施例,只是本发明较优选的具体实施方式的一种,本领域的技术人员在本发明技术方案范围内进行的通常变化和替换都应包含在本发明的保护范围内。The embodiments described above are only one of the more preferred specific implementations of the present invention, and the usual changes and replacements performed by those skilled in the art within the scope of the technical solutions of the present invention should be included in the protection scope of the present invention.
Claims (12)
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2006101092186A CN101119197B (en) | 2006-08-04 | 2006-08-04 | A contract method and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2006101092186A CN101119197B (en) | 2006-08-04 | 2006-08-04 | A contract method and system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN101119197A true CN101119197A (en) | 2008-02-06 |
| CN101119197B CN101119197B (en) | 2011-10-05 |
Family
ID=39055153
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2006101092186A Expired - Fee Related CN101119197B (en) | 2006-08-04 | 2006-08-04 | A contract method and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101119197B (en) |
Cited By (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2009111961A1 (en) * | 2008-03-13 | 2009-09-17 | 华为技术有限公司 | A method for processing the bearing and a mobile managing device |
| WO2010135931A1 (en) * | 2009-05-26 | 2010-12-02 | 中兴通讯股份有限公司 | Method and system for enabling making service charging policy |
| WO2014059941A1 (en) * | 2012-10-19 | 2014-04-24 | 华为终端有限公司 | Terminal subscription termination method and device |
| CN107040512A (en) * | 2016-12-01 | 2017-08-11 | 阿里巴巴集团控股有限公司 | The modification method and device of a kind of Information Authentication |
| CN107154900A (en) * | 2016-03-02 | 2017-09-12 | 阿里巴巴集团控股有限公司 | A kind of message processing method and device |
| CN107767317A (en) * | 2017-10-18 | 2018-03-06 | 杭州三盛绿域科技有限公司 | One kind label cure online interrogation system |
| CN109711806A (en) * | 2018-12-26 | 2019-05-03 | 上海连尚网络科技有限公司 | A kind of contracting method, equipment and computer-readable medium |
| WO2021134364A1 (en) * | 2019-12-30 | 2021-07-08 | 华为技术有限公司 | Online subscription method and apparatus |
Family Cites Families (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CA2287094C (en) * | 1998-10-22 | 2006-12-12 | At&T Corp. | Method and apparatus for providing a process for registering with a plurality of independent services |
| US6795711B1 (en) * | 1999-10-07 | 2004-09-21 | Nokia Mobile Phones Ltd | Multimedia message content adaptation |
| CN1265580C (en) * | 2002-12-26 | 2006-07-19 | 华为技术有限公司 | Identification and business management for network user |
| CN1556488A (en) * | 2004-01-05 | 2004-12-22 | 中国建设银行 | Network bank system based on self signing and cipher resetting |
-
2006
- 2006-08-04 CN CN2006101092186A patent/CN101119197B/en not_active Expired - Fee Related
Cited By (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2009111961A1 (en) * | 2008-03-13 | 2009-09-17 | 华为技术有限公司 | A method for processing the bearing and a mobile managing device |
| US8837355B2 (en) | 2008-03-13 | 2014-09-16 | Huawei Technologies Co., Ltd. | Bearer processing method and mobile management device |
| WO2010135931A1 (en) * | 2009-05-26 | 2010-12-02 | 中兴通讯股份有限公司 | Method and system for enabling making service charging policy |
| CN101729978B (en) * | 2009-05-26 | 2013-06-12 | 中兴通讯股份有限公司 | Method and system for realizing established service charging policy |
| WO2014059941A1 (en) * | 2012-10-19 | 2014-04-24 | 华为终端有限公司 | Terminal subscription termination method and device |
| CN107154900A (en) * | 2016-03-02 | 2017-09-12 | 阿里巴巴集团控股有限公司 | A kind of message processing method and device |
| CN107040512A (en) * | 2016-12-01 | 2017-08-11 | 阿里巴巴集团控股有限公司 | The modification method and device of a kind of Information Authentication |
| CN107040512B (en) * | 2016-12-01 | 2020-04-14 | 阿里巴巴集团控股有限公司 | Information verification correction method and device |
| CN107767317A (en) * | 2017-10-18 | 2018-03-06 | 杭州三盛绿域科技有限公司 | One kind label cure online interrogation system |
| CN109711806A (en) * | 2018-12-26 | 2019-05-03 | 上海连尚网络科技有限公司 | A kind of contracting method, equipment and computer-readable medium |
| WO2021134364A1 (en) * | 2019-12-30 | 2021-07-08 | 华为技术有限公司 | Online subscription method and apparatus |
Also Published As
| Publication number | Publication date |
|---|---|
| CN101119197B (en) | 2011-10-05 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11218481B2 (en) | Personal identity system | |
| CN101119197B (en) | A contract method and system | |
| CN100592827C (en) | Systems, methods and apparatus for federated single sign-on services | |
| US7941121B2 (en) | Method for verifying the validity of a user | |
| EP2039050B1 (en) | Method and arrangement for authentication procedures in a communication network | |
| CN106487763B (en) | Data access method based on cloud computing platform and user terminal | |
| US9088565B2 (en) | Use of a public key key pair in the terminal for authentication and authorization of the telecommunication user with the network operator and business partners | |
| US20030079124A1 (en) | Secure method for getting on-line status, authentication, verification, authorization, communication and transaction services for web-enabled hardware and software, based on uniform telephone address | |
| HK1080658B (en) | System, method and apparatus for federated single sign-on services | |
| CN109525983B (en) | Information processing method and device, and storage medium | |
| CN1859097B (en) | An authentication method and system based on a general authentication framework | |
| WO2007079698A1 (en) | An entity authentication method and system, an authentication method and system of end to end and an authentication center | |
| US20050144144A1 (en) | System and method for authenticating a terminal based upon at least one characteristic of the terminal located at a position within an organization | |
| EP1611725B1 (en) | Method and apparatuses for provisioning network access | |
| CN1795656B (en) | Method for safely initializing user and confidential data | |
| US20050149724A1 (en) | System and method for authenticating a terminal based upon a position of the terminal within an organization | |
| CN109673010B (en) | Block chain-based number portability method and device and storage medium | |
| WO2023231782A1 (en) | Data integrity verification system | |
| CN111885586B (en) | Blockchain-based roaming management method and network access node | |
| CN101453694B (en) | A method and system for value-added services to invoke Internet service capabilities | |
| CN107295510B (en) | Method, equipment and system for realizing access control of home base station based on OCSP (online charging protocol) | |
| CN113676855B (en) | Number portability method, number portability server and operator server | |
| CN100563159C (en) | Universal authentication system and method for accessing network service applications in the system | |
| CN112988412B (en) | Edge caching method, base station and system based on block chain network | |
| CN110337100A (en) | Block chain-based method, terminal and system for adding secondary cards for No. 1 multi-card business |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20111005 |