[go: up one dir, main page]

CN106534040A - Method and device for identifying subscriber identity of terminal equipment - Google Patents

Method and device for identifying subscriber identity of terminal equipment Download PDF

Info

Publication number
CN106534040A
CN106534040A CN201510570314.XA CN201510570314A CN106534040A CN 106534040 A CN106534040 A CN 106534040A CN 201510570314 A CN201510570314 A CN 201510570314A CN 106534040 A CN106534040 A CN 106534040A
Authority
CN
China
Prior art keywords
user identity
user
identity information
terminal device
identity
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
CN201510570314.XA
Other languages
Chinese (zh)
Inventor
周朝阳
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
ZTE Corp
Original Assignee
ZTE Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by ZTE Corp filed Critical ZTE Corp
Priority to CN201510570314.XA priority Critical patent/CN106534040A/en
Priority to PCT/CN2016/086028 priority patent/WO2017041562A1/en
Publication of CN106534040A publication Critical patent/CN106534040A/en
Withdrawn legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/40Network security protocols
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0853Network architectures or network communication protocols for network security for authentication of entities using an additional device, e.g. smartcard, SIM or a different communication terminal
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Power Engineering (AREA)
  • Mobile Radio Communication Systems (AREA)
  • Telephonic Communication Services (AREA)

Abstract

本发明公开了一种识别终端设备用户身份的方法和装置,涉及移动通信领域。本发明公开的方法包括:接收到第三方针对终端设备发起的用户身份识别请求时,根据用户身份识别请求生成用户身份查询请求,将所生成的用户身份查询请求发送给核心网PCRF,其中,用户身份查询请求中携带终端设备的IP地址,以指示PCRF根据身份查询请求消息中的IP地址,返回该IP地址所对应的用户身份信息;当收到PCRF反馈的用户身份信息时,将收到的用户身份信息反馈给的第三方。本发明还公开了识别终端设备用户身份的装置。本申请技术方案将运营商用户的身份标志(MSISDN和IMSI)拓展到第三方各种APP、内容中,可在各种大数据场景下,发挥重要的作用。

The invention discloses a method and a device for identifying the user identity of terminal equipment, which relate to the field of mobile communication. The method disclosed in the present invention includes: when receiving a user identity identification request initiated by a third party for a terminal device, generating a user identity query request according to the user identity identification request, and sending the generated user identity query request to the core network PCRF, wherein the user The IP address of the terminal device is carried in the identity query request to instruct the PCRF to return the user identity information corresponding to the IP address according to the IP address in the identity query request message; when receiving the user identity information fed back by the PCRF, the received Third parties to whom user identity information is fed back. The invention also discloses a device for identifying the user identity of the terminal equipment. The technical solution of the present application extends the identity marks (MSISDN and IMSI) of operator users to various third-party APPs and contents, which can play an important role in various big data scenarios.

Description

一种识别终端设备用户身份的方法和装置Method and device for identifying user identity of terminal equipment

技术领域technical field

本发明涉及移动通信领域,尤其涉及一种识别终端设备用户身份的方法和装置。The present invention relates to the field of mobile communication, in particular to a method and device for identifying the user identity of terminal equipment.

背景技术Background technique

在移动互联网时代,用户身份信息以及用户账号信息是非常重要和具有战略价值的资源,Facebook在全球拥有11.6亿活跃用户,Youtube紧随其后,活跃用户10亿,国内最大的社交媒体网络QQ空间有7.12亿,WhatsAPP和Twitter也有3.6亿用户,这些互联网公司的APP的最大价值在于其拥有庞大的用户,而其动辄百亿、千亿美金级别的市值的基础就是其上亿计的注册用户或在线用户,互联网公司就是依靠这庞大的用户基数、用户访问量进行赢利。同时,各个互联网公司为了使其账号具有更大的价值,纷纷将其用户账号对外开放,意图使其账号在移动互联网领域成为一个通用的身份号码。比如,用户的Facebook账号就可以用于登录国外大部分主流的互联网网站或移动互联网APP,其背后的决定性因素就在于Facebook将其用户账号及基于其账号的身份识别能力对第三方开放,任何符合其规则要求的第三方网站、APP都可以通过Facebook的用户身份识别能力,对用户身份进行识别。In the era of mobile Internet, user identity information and user account information are very important and strategically valuable resources. Facebook has 1.16 billion active users worldwide, followed by Youtube with 1 billion active users. QZone, the largest social media network in China There are 712 million users, WhatsAPP and Twitter also have 360 million users. The greatest value of the APP of these Internet companies lies in their huge number of users, and the basis of their market value of tens of billions or hundreds of billions of dollars is their hundreds of millions of registered users or Online users, Internet companies rely on this huge user base and user visits to make profits. At the same time, in order to make their accounts more valuable, various Internet companies have opened their user accounts to the outside world, intending to make their accounts a common identity number in the mobile Internet field. For example, a user's Facebook account can be used to log in to most mainstream foreign Internet websites or mobile Internet apps. The decisive factor behind this is that Facebook opens its user account and its identification capabilities based on its account to third parties. Third-party websites and apps required by its rules can identify users through Facebook's user identification capabilities.

而与之具有相当用户量级的运营商却远未发掘其用户群体及用户账号所带来的额外价值,特别是其拥有比互联网这种虚拟账号更具价值的MSISDN手机号码和IMSI号码,未有效地将MSISDN手机号码和IMSI号码信息这样极具战略意义的资源加以利用。好比一个钻石矿,仍然深埋地底下,等到发掘,等待一种有效的方法去发掘这种资源,并且能够帮助运营商将这种资源利用起来。However, operators with quite a large number of users are far from discovering the additional value brought by their user groups and user accounts. In particular, they have MSISDN mobile phone numbers and IMSI numbers that are more valuable than Internet virtual accounts. Effectively utilize strategically important resources such as MSISDN mobile phone numbers and IMSI number information. It's like a diamond mine, still buried deep underground, waiting to be discovered, waiting for an effective method to discover this resource, and to help operators utilize this resource.

发明内容Contents of the invention

本发明所要解决的技术问题是,提供一种识别终端设备用户身份的方法和装置,以解现有技术中第三方无法识别终端设备用户身份的问题。The technical problem to be solved by the present invention is to provide a method and device for identifying the user identity of the terminal equipment, so as to solve the problem in the prior art that a third party cannot identify the user identity of the terminal equipment.

为了解决上述技术问题,本发明公开了一种识别终端设备用户身份的方法,该方法包括:In order to solve the above technical problems, the present invention discloses a method for identifying the user identity of a terminal device, the method comprising:

接收到第三方针对终端设备发起的用户身份识别请求时,根据所述用户身份识别请求生成用户身份查询请求,将所生成的用户身份查询请求发送给核心网PCRF,其中,所述用户身份查询请求中携带所述终端设备的IP地址,以指示PCRF根据所述身份查询请求消息中的IP地址,返回该IP地址所对应的用户身份信息;When a user identity identification request initiated by a third party for the terminal device is received, a user identity query request is generated according to the user identity identification request, and the generated user identity query request is sent to the core network PCRF, wherein the user identity query request carrying the IP address of the terminal device in order to instruct PCRF to return the user identity information corresponding to the IP address according to the IP address in the identity query request message;

当收到所述PCRF反馈的用户身份信息时,将收到的用户身份信息反馈给的所述第三方。When receiving the user identity information fed back by the PCRF, feed back the received user identity information to the third party.

可选地,上述方法中,所述用户身份信息至少包括移动用户国际号码MSISDN和国际移动用户识别码IMSI。Optionally, in the above method, the user identity information includes at least an international mobile subscriber number MSISDN and an international mobile subscriber identity IMSI.

可选地,上述方法中,所述用户身份查询请求为Rx接口消息。Optionally, in the above method, the user identity query request is an Rx interface message.

可选地,上述方法还包括:当收到所述PCRF反馈的用户身份信息时,根据所述PCRF反馈的用户身份信息识别出其他用户身份信息,将收到的用户身份信息及识别出的其他用户身份信息一起反馈给所述第三方;Optionally, the above method further includes: when receiving the user identity information fed back by the PCRF, identifying other user identity information according to the user identity information fed back by the PCRF, and combining the received user identity information and the identified other user identity information Feedback to the third party together with user identity information;

其中,所述其他用户身份信息至少包括用户地址、用户名称。Wherein, the other user identity information includes at least user address and user name.

可选地,上述方法还包括:保存终端设备的所有用户身份信息,并从运营商的客户关系管理系统获取并更新终端设备的用户身份信息,使保存的用户身份信息与运营商实际拥有的最新用户身份信息一致。Optionally, the above method further includes: saving all user identity information of the terminal equipment, and obtaining and updating the user identity information of the terminal equipment from the operator's customer relationship management system, so that the saved user identity information is the same as the latest one actually owned by the operator. The user identity information is consistent.

可选地,上述方法中,接收到第三方针对终端设备发起的用户身份识别请求时,所述方法还包括:Optionally, in the above method, when receiving a user identification request initiated by a third party for the terminal device, the method further includes:

对所述终端设备的客户端进行接入认证及用户授权;Perform access authentication and user authorization on the client of the terminal device;

当所述终端设备的客户端通过接入认证和用户授权时,再根据所述用户身份识别请求生成用户身份查询请求,并将所生成的用户身份查询请求发送给所述PCRF。When the client of the terminal device passes the access authentication and user authorization, it generates a user identity query request according to the user identity identification request, and sends the generated user identity query request to the PCRF.

本发明还公开了一种识别终端设备用户身份的装置,该装置至少包括应用交互模块、身份识别模块和网络交互模块,其中:The present invention also discloses a device for identifying the user identity of a terminal device, the device at least includes an application interaction module, an identity recognition module and a network interaction module, wherein:

所述应用交互模块,对第三方开放身份识别接口,接收第三方针对终端设备发起的身份识别请求消息,以及向所述第三方反馈身份识别请求消息所查询的终端设备的用户身份信息;The application interaction module opens an identity recognition interface to a third party, receives an identity recognition request message initiated by a third party for the terminal device, and feeds back to the third party the user identity information of the terminal device queried by the identity recognition request message;

所述身份识别模块,根据所接收到的身份识别请求消息生成用户身份查询请求,其中,所述用户身份查询请求中携带所述终端设备的IP地址,以指示PCRF根据所述身份查询请求消息中的IP地址,返回该IP地址所对应的用户身份信息,以及从接收到的用户身份查询请求的响应中获取所述第三方所查询的终端设备的用户身份信息并发送给所述应用交互模块;The identity recognition module generates a user identity query request according to the received identity recognition request message, wherein the user identity query request carries the IP address of the terminal device to instruct PCRF to IP address, return the user identity information corresponding to the IP address, and obtain the user identity information of the terminal device queried by the third party from the received response to the user identity query request and send it to the application interaction module;

所述网络交互模块,将所生成的用户身份查询请求发送给核心网PCRF,并接收PCRF返回的用户身份查询请求的响应,将所述用户身份查询请求的响应返回给所述身份识别模块。The network interaction module sends the generated user identity query request to core network PCRF, receives the response of the user identity query request returned by PCRF, and returns the response of the user identity query request to the identity recognition module.

可选地,上述装置中,所述用户身份信息至少包括移动用户国际号码MSISDN和国际移动用户识别码IMSI。Optionally, in the above device, the user identity information includes at least an international mobile subscriber number MSISDN and an international mobile subscriber identity IMSI.

可选地,上述装置中,所述用户身份查询请求为Rx接口消息。Optionally, in the above device, the user identity query request is an Rx interface message.

可选地,上述装置中,所述身份识别模块,还根据用户身份查询请求的响应中的用户身份信息识别出其他用户身份信息,将收到的用户身份信息及识别出的其他用户身份信息一起反馈给所述应用交互模块,其中,所述其他用户身份信息至少包括用户地址、用户名称;Optionally, in the above device, the identity identification module further identifies other user identity information according to the user identity information in the response to the user identity query request, and combines the received user identity information with the identified other user identity information Feedback to the application interaction module, wherein the other user identity information includes at least user address and user name;

所述应用交互模块,将所述身份识别模块发送的所有用户身份信息一起反馈给所述第三方。The application interaction module feeds back all user identity information sent by the identity recognition module to the third party.

可选地,上述装置还包括:Optionally, the above-mentioned device also includes:

身份信息模块,保存终端设备的所有用户身份信息,并从运营商的客户关系管理系统获取并更新终端设备的用户身份信息,使保存的用户身份信息与运营商实际拥有的最新用户身份信息一致。The identity information module saves all user identity information of the terminal equipment, and obtains and updates the user identity information of the terminal equipment from the operator's customer relationship management system, so that the stored user identity information is consistent with the latest user identity information actually owned by the operator.

可选地,上述装置还包括:Optionally, the above-mentioned device also includes:

接入认证模块,在所述应用交互模块接收到第三方针对终端设备发起的用户身份识别请求时,对所述终端设备的客户端进行接入认证及用户授权;The access authentication module performs access authentication and user authorization on the client of the terminal device when the application interaction module receives a user identification request initiated by a third party for the terminal device;

所述身识别模块,仅在所述终端设备的客户端通过接入认证和用户授权时,才生成所述用户身份查询请求。The identity identification module generates the user identity query request only when the client of the terminal device passes the access authentication and user authorization.

本发明还公开了一种识别终端设备用户身份的装置,该装置至少包括:The present invention also discloses a device for identifying the user identity of a terminal device, the device at least includes:

第一模块,接收到仅携带终端设备IP地址的Rx接口消息时,确定所述Rx接口消息为身份查询请求消息,根据所述身份查询请求消息中的IP地址,查询该IP地址所对应的用户身份信息;The first module, when receiving the Rx interface message carrying only the IP address of the terminal device, determines that the Rx interface message is an identity query request message, and queries the user corresponding to the IP address according to the IP address in the identity query request message Identity Information;

第二模块,将所查询到的用户身份信息反馈给终端。The second module feeds back the queried user identity information to the terminal.

可选地,上述装置中,所述用户身份信息至少包括移动用户国际号码MSISDN和国际移动用户识别码IMSI。Optionally, in the above device, the user identity information includes at least an international mobile subscriber number MSISDN and an international mobile subscriber identity IMSI.

本申请技术方案提供一种识别终端设备用户身份的方法及其对应的装置,将运营商的用户身份识别能力对第三方APP开放,第三方APP可以通过对运营商的用户身份识别能力API进行调用,即可以实现用户识别和用户认证功能。通过本申请技术方案,一方面,可以将运营商用户的身份标志(MSISDN手机号码和IMSI号码)拓展到第三方各种APP、内容中,可在各种大数据场景下,发挥重要的作用;另一方面,可以将运营商用户的身份标志应用于各种移动互联网场景下的用户身份识别、用户认证授权等场景,使得APP可以直接通过网络获得用户的MSISDN手机号码和IMSI号码,将运营商用户账号发展成为跨移动网络和互联网络通用的身份号码,渗透到各种移动互联网应用,可以无限放大运营商所管理的MSISDN手机号码和IMSI号码的价值,使之成为与超级互联网APP匹敌,甚至超越超级互联网APP的杀手级战略资源。The technical solution of this application provides a method for identifying the user identity of a terminal device and its corresponding device, which opens the operator's user identity identification capability to a third-party APP, and the third-party APP can call the operator's user identity identification capability API , which can realize user identification and user authentication functions. Through the technical solution of this application, on the one hand, the identity mark (MSISDN mobile phone number and IMSI number) of the operator user can be extended to various APPs and contents of the third party, which can play an important role in various big data scenarios; On the other hand, the identity mark of the operator user can be applied to user identity identification, user authentication and authorization in various mobile Internet scenarios, so that the APP can directly obtain the user's MSISDN mobile phone number and IMSI number through the network, and the operator The user account has developed into a common identity number across mobile networks and the Internet, and penetrates into various mobile Internet applications, which can infinitely amplify the value of MSISDN mobile phone numbers and IMSI numbers managed by operators, making them comparable to super Internet APPs, even A killer strategic resource beyond the super Internet APP.

附图说明Description of drawings

图1为本实施例中一种识别终端设备用户身份的装置结构示意图;FIG. 1 is a schematic structural diagram of an apparatus for identifying a user identity of a terminal device in this embodiment;

图2为本实施例中一种识别终端设备用户身份装置的网络位置图;FIG. 2 is a network location diagram of a device for identifying a user identity of a terminal device in this embodiment;

图3为本实施例中一种识别终端设备用户身份的工作原理图;FIG. 3 is a working principle diagram of identifying the identity of a terminal device user in this embodiment;

图4为本实施例中一种识别终端设备用户身份信息的业务流程图;FIG. 4 is a business flow chart for identifying user identity information of a terminal device in this embodiment;

图5为本实施例中一种识别终端设备用户详细的身份信息的业务流程图。FIG. 5 is a flow chart of a service for identifying detailed identity information of a terminal device user in this embodiment.

具体实施方式detailed description

为使本发明的目的、技术方案和优点更加清楚明白,下文将结合附图对本发明技术方案作进一步详细说明。需要说明的是,在不冲突的情况下,本申请的实施例和实施例中的特征可以任意相互组合。In order to make the purpose, technical solution and advantages of the present invention clearer, the technical solution of the present invention will be further described in detail below in conjunction with the accompanying drawings. It should be noted that, in the case of no conflict, the embodiments of the present application and the features in the embodiments can be combined with each other arbitrarily.

实施例1Example 1

本实施例提供一种识别终端设备用户身份的方法,只需提供终端设备接入移动网络时被分配的私网IP(Private Internet protocol)地址,即可获得使用该IP地址的终端设备在运营商处注册的MSISDN(即手机号码,全称Mobile Subscriber International ISDN,其中ISDN即是综合业务数字网,是Integrated Service Digital Network的简称)和IMSI(International MobileSubscriber Identification Number,即国际移动用户识别码,存储在手机SIM卡中,在全网和全球唯一)以及更为详细的用户身份信息,达到识别终端设备用户身份的目的。This embodiment provides a method for identifying the user identity of a terminal device. It only needs to provide the private network IP (Private Internet protocol) address assigned when the terminal device accesses the mobile network, and then the terminal device using this IP address can be obtained. Registered MSISDN (mobile phone number, full name Mobile Subscriber International ISDN, where ISDN is Integrated Services Digital Network, short for Integrated Service Digital Network) and IMSI (International Mobile Subscriber Identification Number, International Mobile Subscriber Identification Number, stored in the mobile phone SIM card, which is unique in the entire network and the world) and more detailed user identity information to achieve the purpose of identifying the user identity of the terminal device.

具体地,上述方法包括如下操作:Specifically, the above method includes the following operations:

步骤100:接收到第三方针对终端设备发起的用户身份识别请求时,根据该用户身份识别请求生成用户身份查询请求,将所生成的用户身份查询请求发送给PCRF;Step 100: When receiving a user identity identification request initiated by a third party for the terminal device, generate a user identity query request according to the user identity identification request, and send the generated user identity query request to the PCRF;

其中,所生成的用户身份查询请求中仅携带所述终端设备的IP地址,以指示PCRF根据身份查询请求消息中的IP地址,返回该IP地址所对应的用户身份信息即可。Wherein, the generated user identity query request only carries the IP address of the terminal device, so as to instruct PCRF to return the user identity information corresponding to the IP address according to the IP address in the identity query request message.

具体地,此用户身份查询请求可以是Rx接口消息,要说明的是,此Rx接口消息中只携带终端设备的私网IP地址,而不携带业务和媒体信息,这样,PCRF就会识别此Rx接口消息为用户身份查询请求,而不是一次普通的计费或策略请求消息。Specifically, the user identity query request may be an Rx interface message. It should be noted that the Rx interface message only carries the private network IP address of the terminal device, and does not carry service and media information. In this way, the PCRF will identify the Rx The interface message is a user identity query request, not an ordinary charging or policy request message.

步骤200:当收到PCRF反馈的用户身份信息时,将收到的用户身份信息反馈给的第三方。Step 200: When receiving the user identity information fed back by the PCRF, feed back the received user identity information to the third party.

该步骤中,PCRF反馈的用户身份信息至少包括MSISDN和IMSI。In this step, the user identity information fed back by the PCRF includes at least MSISDN and IMSI.

一些方案还提出,除了PCRF反馈的用户身份信息外,还可以查询获取到其他用户身份信息,例如用户名称、用户地址等信息,此时,可以将PCRF反馈的用户身份信息以及后续获取的其他用户身份信息一并反馈给第三方即可。Some schemes also propose that in addition to the user identity information fed back by the PCRF, other user identity information can also be obtained by querying, such as user name, user address and other information. The identity information can be fed back to the third party.

其中,上面提到的“其他用户身份信息”可以实时从运营商的客户关系管理系统获取并更新,从而确保本专利所涉及的“其他用户身份信息”与实际用户信息的同步。Among them, the "other user identity information" mentioned above can be obtained and updated from the operator's customer relationship management system in real time, so as to ensure the synchronization between the "other user identity information" involved in this patent and the actual user information.

还要说明的是,考虑到用户身份信息的安全,故在接收到第三方针对终端设备发起的用户身份识别请求时,可以对此终端设备的客户端进行接入认证及用户授权,仅当终端设备的客户端通过了接入认证和用户授权时,再根据用户身份识别请求生成用户身份查询请求,并将所生成的用户身份查询请求发送给PCRF。It should also be noted that, considering the security of user identity information, when receiving a user identity identification request initiated by a third party for a terminal device, the client of the terminal device can perform access authentication and user authorization. When the client side of the device has passed the access authentication and user authorization, it generates a user identity query request according to the user identity identification request, and sends the generated user identity query request to the PCRF.

实施例2Example 2

本实施例提供一种识别终端设备用户身份的装置,其基于PCC架构(PCC架构在3GPP TS 23.203规范中进行了定义,其全称为:Policy andcharging control architecture),充分利用运营商核心网PCC架构的PCRF网元对业务层提供的计费及策略控制接口(即3GPP TS 29.214规范定义的Rx接口,以下统称为Rx接口)功能,通过对Rx接口在运用方式上进行扩展,即在发给核心网PCRF的Rx请求消息中只携带终端设备的私网IP地址等信息,不携带业务和媒体信息,以便让核心网PCRF知道这不是一次普通的计费或策略请求消息,而是要其根据请求消息中私网IP地址,返回该私网IP地址所对应的终端设备用户的MSISDN和IMSI信息。同时,本发明所实现的识别终端设备用户身份的装置对第三方APP提供身份识别接口,接收第三方APP发起的终端设备用户身份识别请求,提取出请求消息中的私网IP地址,并按照请求消息中要求进行基础身份信息识别,还是详细身份信息识别,在通过核心网PCRF获得终端设备用户的MSISDN和IMSI信息后,针对性地进行身份识别响应,返回对应的基础身份信息(MSISDN和IMSI信息)或详细身份信息(除MSISDN和IMSI信息之外,用户地址、用户名称等),实现对终端设备的身份识别功能。This embodiment provides a device for identifying the user identity of a terminal device, which is based on the PCC architecture (the PCC architecture is defined in the 3GPP TS 23.203 specification, and its full name is: Policy and charging control architecture), making full use of the core network PCC architecture of the operator. The charging and policy control interface (that is, the Rx interface defined in the 3GPP TS 29.214 specification, hereinafter collectively referred to as the Rx interface) function provided by the PCRF network element to the service layer, through the expansion of the use of the Rx interface, is sent to the core network The Rx request message of PCRF only carries information such as the private network IP address of the terminal device, and does not carry service and media information, so that the PCRF of the core network knows that this is not an ordinary billing or policy request message, but requires it to be based on the request message In the private network IP address, return the MSISDN and IMSI information of the terminal device user corresponding to the private network IP address. At the same time, the device for identifying the user identity of the terminal device realized by the present invention provides an identity recognition interface for the third-party APP, receives the request for identifying the user identity of the terminal device initiated by the third-party APP, extracts the private network IP address in the request message, and follows the request The message requires basic identity information identification or detailed identity information identification. After obtaining the MSISDN and IMSI information of the terminal device user through the core network PCRF, a targeted identity identification response is performed and the corresponding basic identity information (MSISDN and IMSI information ) or detailed identity information (except MSISDN and IMSI information, user address, user name, etc.), to realize the identity recognition function of the terminal device.

其中,所涉及的终端设备可以是各种放置了运营商SIM(subscriberidentity module)卡或类似的用户账户卡的固定或移动的电子设备。具体地,本实施例提供的装置至少包括应用交互模块、身份识别模块和网络交互模块。Wherein, the involved terminal devices may be various fixed or mobile electronic devices in which a SIM (subscriber identity module) card of an operator or a similar user account card is placed. Specifically, the device provided in this embodiment includes at least an application interaction module, an identity identification module, and a network interaction module.

应用交互模块,对第三方开放身份识别接口,接收来自包括位于终端设备上安装的客户端应用发起的身份识别请求或者外部服务器后台系统发起的身份识别请求消息,对身份识别请求消息进行处理后,发送给身份识别模块,以及向所述第三方反馈身份识别请求消息所查询的终端设备的用户身份信息。The application interaction module opens the identity recognition interface to the third party, receives the identity recognition request initiated by the client application installed on the terminal device or the identity recognition request message initiated by the background system of the external server, and after processing the identity recognition request message, Send to the identity recognition module, and feed back the user identity information of the terminal device queried by the identity recognition request message to the third party.

身份识别模块,基于客户端提供的终端设备的IP地址,并根据运营商核心网PCRF系统的Rx接口的AA-Request命令特点,组织身份查询请求消息,通过网络交互模块与核心网PCRF对接,发起身份查询请求,指示PCRF根据AA-Request请求消息中提供的IP地址,返回该IP地址所对应的用户身份信息(至少包括MSISDN和IMSI信息),以及从接收到的用户身份查询请求的响应中获取所述第三方所查询的终端设备的用户身份信息并发送给所述应用交互模块。The identity identification module, based on the IP address of the terminal device provided by the client, and according to the characteristics of the AA-Request command of the Rx interface of the operator's core network PCRF system, organizes the identity query request message, connects with the core network PCRF through the network interaction module, and initiates Identity query request, instructing PCRF to return the user identity information (including at least MSISDN and IMSI information) corresponding to the IP address according to the IP address provided in the AA-Request request message, and to obtain from the received response to the user identity query request The user identity information of the terminal device queried by the third party is sent to the application interaction module.

其中,终端设备的IP地址是具体终端设备通过无线网络上网时,核心网为其分配的,核心网保存了所分配的终端设备IP地址及其对应的MSISDN和IMSI信息。Wherein, the IP address of the terminal device is assigned by the core network when the specific terminal device accesses the Internet through the wireless network, and the core network stores the assigned IP address of the terminal device and its corresponding MSISDN and IMSI information.

网络交互模块,接收身份识别模块的请求消息,适配核心网PCRF基于Diameter协议的Rx接口消息,将该请求消息发给PCRF,同时,接收PCRF返回的用户身份查询请求的响应消息,并向身份识别模块返回对应的响应消息。The network interaction module receives the request message of the identity identification module, adapts the Rx interface message of the core network PCRF based on the Diameter protocol, sends the request message to the PCRF, and at the same time receives the response message of the user identity query request returned by the PCRF, and sends the identity The identification module returns a corresponding response message.

优选地,上述身份识别模块,还可以根据用户身份查询请求的响应中的用户身份信息识别出其他用户身份信息(例如用户地址、用户名称等等),并将收到的用户身份信息及识别出的其他用户身份信息一起反馈给所述应用交互模块。此时,应用交互模块,将身份识别模块发送的所有用户身份信息一起反馈给第三方。Preferably, the above-mentioned identity recognition module can also identify other user identity information (such as user address, user name, etc.) according to the user identity information in the response to the user identity query request, and identify the received user identity information and Feedback to the application interaction module together with other user identity information. At this time, the application interaction module feeds back all the user identity information sent by the identity recognition module to the third party.

另外,上述装置还包括身份信息模块,保存终端设备的所有用户身份信息,以及从运营商的客户关系管理系统获取并更新终端设备的用户身份信息,使身份信息模块中的用户身份信息与运营商实际拥有的最新用户身份信息一致。In addition, the above-mentioned device also includes an identity information module, which saves all user identity information of the terminal equipment, and obtains and updates the user identity information of the terminal equipment from the operator's customer relationship management system, so that the user identity information in the identity information module is consistent with the operator's identity information. The latest user identity information actually owned is consistent.

上述装置还可以包括接入认证模块,此时,身识别模块,根据发起身份识别请求的客户端(包括客户端应用和外部系统)信息,调用接入认证模块的接口,对客户端进行接入认证,并接收接入认证模块返回的认证结果。若接入认证模块返回结果显示认证通过,则身份识别模块才发起后续身份识别操作。The above-mentioned device may also include an access authentication module. At this time, the identity identification module calls the interface of the access authentication module according to the information of the client (including the client application and the external system) that initiates the identity identification request, and accesses the client. Authentication, and receive the authentication result returned by the access authentication module. If the result returned by the access authentication module shows that the authentication is passed, the identity recognition module initiates a subsequent identity recognition operation.

接入认证模块,接收身份识别模块发出的接入认证请求,根据请求消息中提供的身份识别请求消息的客户端信息,判断是否为合法的客户端以及是否为合法客户端发出的符合规则要求的请求消息,接下来根据客户端情况,确定是否要对此次身份识别请求,发起终端设备用户授权,即,接入认证模块发起与用户授权交互,征得用户同意后,才可以向身份识别模块返回接入认证成功。上述针对客户端的接入认证和用户授权都成功完成后,向身份识别模块返回接入认证响应,确认结果为成功或失败。The access authentication module receives the access authentication request sent by the identity recognition module, and judges whether it is a legitimate client and whether it is a legal client and whether it is a legal client that meets the requirements of the rules according to the client information of the identity recognition request message provided in the request message. request message, and then determine whether to initiate the terminal device user authorization for this identity recognition request according to the client's situation, that is, the access authentication module initiates an interaction with the user authorization, and the identity recognition module can only send the request after obtaining the user's consent. Returns access authentication success. After the above-mentioned access authentication and user authorization for the client are successfully completed, an access authentication response is returned to the identity recognition module, and the confirmation result is success or failure.

下面结合附图说明上述装置的具体实施。The specific implementation of the above-mentioned device will be described below in conjunction with the accompanying drawings.

图1所示为优先方案中提供的识别终端设备用户身份的装置,其主要由包括应用交互模块、身份识别模块、身份信息模块、接入认证模块和网络交互模块共5个模块组成。Figure 1 shows the device for identifying the user identity of terminal equipment provided in the priority scheme, which is mainly composed of five modules including an application interaction module, an identity identification module, an identity information module, an access authentication module and a network interaction module.

应用交互模块,对第三方开放身份识别接口,接收包括来自终端设备上的客户端应用或者外部服务器后台系统在内的客户端发起的终端设备用户身份识别请求,提取出请求消息中用于进行接入认证的客户端信息和用于进行身份识别的终端设备IP地址信息,校验请求消息中的客户端信息格式和IP地址格式,格式校验通过后,发送身份识别请求消息给身份识别模块。The application interaction module opens the identification interface to the third party, receives the terminal device user identification request initiated by the client including the client application on the terminal device or the background system of the external server, and extracts the request message for receiving Enter the client information for authentication and the terminal device IP address information for identification, verify the client information format and IP address format in the request message, and send the identification request message to the identification module after the format verification is passed.

身份识别模块,接收来自应用交互模块的身份识别请求消息,并根据身份识别请求消息中发起该请求消息的客户端信息,调用接入认证模块的接口,对客户端进行接入认证,并接收接入认证模块返回的认证结果。若接入认证模块返回结果显示认证通过,则身份识别模块进一步判断客户端提供的终端设备IP地址,判断IP地址类型为IPV4地址类型还是IPV6地址类型,并根据运营商核心网PCRF系统的Rx接口的AA-Request命令填写要求,相应的填写身份查询请求消息,通过网络交互模块与核心网PCRF对接,发起身份查询请求,指示PCRF根据AA-Request请求消息中提供的IP地址,返回终端设备用户的身份信息,包括终端设备的MSISDN和IMSI信息。由于,每台终端设备接入无线网络,进行上网时,核心网将为每台终端设备分配其在无线网络中的IP地址,而核心网同时保存了每台终端设备的MSISDN和IMSI信息,因此,核心网PCRF可以在响应消息中返回IP地址及其对应的终端设备的MSISDN和IMSI信息,身份识别模块通过获得终端设备的上述IP地址、MSISDN和IMSI信息后,向请求的客户端,根据请求消息的要求,返回MSISDN或IMSI或者同时返回MSISDN和IMSI。优选地,,可以借助身份信息模块,返回详细的其他用户身份信息(例如用户名称、用户地址等信息),完成终端设备在其所对应的运营商中登记的身份信息的识别。The identity recognition module receives the identity recognition request message from the application interaction module, and calls the interface of the access authentication module according to the information of the client that initiated the request message in the identity recognition request message, performs access authentication on the client, and receives the Enter the authentication result returned by the authentication module. If the result returned by the access authentication module shows that the authentication is passed, the identity recognition module further judges the IP address of the terminal device provided by the client, and judges whether the IP address type is an IPV4 address type or an IPV6 address type, and according to the Rx interface of the PCRF system of the operator's core network The AA-Request command fills in the requirements, correspondingly fills in the identity query request message, connects with the PCRF of the core network through the network interaction module, initiates an identity query request, and instructs the PCRF to return the terminal device user’s ID according to the IP address provided in the AA-Request message. Identity information, including the MSISDN and IMSI information of the terminal device. Because each terminal device accesses the wireless network, when going online, the core network will assign each terminal device its IP address in the wireless network, and the core network also saves the MSISDN and IMSI information of each terminal device, so , the core network PCRF can return the IP address and the corresponding MSISDN and IMSI information of the terminal device in the response message. After obtaining the above-mentioned IP address, MSISDN and IMSI information of the terminal device, the identity recognition module sends the Message request, return MSISDN or IMSI or return both MSISDN and IMSI. Preferably, other detailed user identity information (such as user name, user address, etc.) can be returned by means of the identity information module to complete the identification of the identity information registered by the terminal device in its corresponding operator.

身份信息模块,保存终端设备用户的身份信息,并支持从运营商的客户关系管理系统更新获取最新的终端设备用户身份信息,确保系统信息与实际用户信息一致。The identity information module saves the identity information of terminal equipment users, and supports updating and obtaining the latest terminal equipment user identity information from the operator's customer relationship management system to ensure that the system information is consistent with the actual user information.

接入认证模块,接收身份识别模块发出的接入认证请求,根据请求消息中提供的身份识别请求消息的客户端信息,判断是否为合法的客户端以及是否为合法客户端发出的符合规则要求的请求消息,接下来根据客户端情况,确定是否要对此次身份识别请求,发起终端设备用户授权,即,接入认证模块发起与用户授权交互,征得用户同意后,才可以向身份识别模块返回接入认证成功。上述针对客户端的接入认证和用户授权都成功完成后,向身份识别模块返回接入认证响应,确认结果为成功或失败。The access authentication module receives the access authentication request sent by the identity recognition module, and judges whether it is a legitimate client and whether it is a legal client and whether it is a legal client that meets the requirements of the rules according to the client information of the identity recognition request message provided in the request message. request message, and then determine whether to initiate the terminal device user authorization for this identity recognition request according to the client's situation, that is, the access authentication module initiates an interaction with the user authorization, and the identity recognition module can only send the request after obtaining the user's consent. Returns access authentication success. After the above-mentioned access authentication and user authorization for the client are successfully completed, an access authentication response is returned to the identity recognition module, and the confirmation result is success or failure.

网络交互模块,支持对内部身份识别模块接口协议和外部核心网PCRF系统的接口协议进行适配,将接收到的身份识别模块的身份识别请求消息,转换成PCRF系统所支持的、基于Diameter协议的Rx接口消息,同时,将核心网PCRF返回Rx接口响应消息或发起的Rx接口通知消息,转换成内部身份识别模块所支持的接口协议,实现内外部系统间的消息交互。The network interaction module supports the adaptation of the interface protocol of the internal identification module and the interface protocol of the PCRF system of the external core network, and converts the received identification request message of the identification module into a Diameter-based protocol supported by the PCRF system. At the same time, the Rx interface response message returned by the PCRF of the core network or the Rx interface notification message initiated is converted into an interface protocol supported by the internal identity recognition module to realize message interaction between internal and external systems.

图2所示为识别终端设备用户身份的装置置于网络中的位置。201,位于终端设备的客户端应用通过无线网络和互联网与终端设备用户身份识别装置之间的用户身份识别请求和响应消息交互;202,位于服务器内的后台系统通过互联网与终端设备用户身份识别装置之间的用户身份识别请求和响应消息交互;203,终端设备用户身份识别装置通过运营商内部网络与核心网PCRF之间的用户身份识别请求和响应消息交互;204,终端设备用户身份识别装置通过运营商内部网络与运营商的客户关系管理系统交互。Figure 2 shows where the device for identifying the user identity of the terminal equipment is placed in the network. 201, the client application located in the terminal device interacts with the user identity recognition device of the terminal device through the wireless network and the Internet and the user identity recognition request and response message; 202, the background system located in the server communicates with the user identity recognition device of the terminal device through the Internet 203, the user identity recognition device of the terminal device passes through the user identity recognition request and response message interaction between the operator's internal network and the core network PCRF; 204, the user identity recognition device of the terminal device passes through The operator's internal network interacts with the operator's customer relationship management system.

图3为所示识别终端设备用户身份的装置的工作原理图。Fig. 3 is a working principle diagram of the device for identifying the user identity of the terminal device.

301,识别终端设备用户身份的装置的应用交互模块对外开放身份识别接口,同时支持Restful协议和SOAP协议两类接口。位于终端设备的客户端应用调用应用交互模块对外开放身份识别Restful协议接口,请求识别终端设备用户身份的装置对终端设备用户的身份进行识别,并获得身份识别结果信息。301. The application interaction module of the device for identifying the user identity of the terminal device opens an identity identification interface to the outside world, and supports two types of interfaces, the Restful protocol and the SOAP protocol. The client application located in the terminal device invokes the application interaction module to open the identity recognition Restful protocol interface to the outside world, requests the device for identifying the identity of the terminal device user to identify the identity of the terminal device user, and obtains identification result information.

301’,识别终端设备用户身份的装置的应用交互模块对外开放身份识别接口,同时支持Restful协议和SOAP协议两类接口。位于外部服务器的后台系统调用应用交互模块对外开放身份识别Restful协议或SOAP协议接口,请求识别终端设备用户身份的装置对终端设备用户的身份进行识别,并获得身份识别结果信息。301', the application interaction module of the device for identifying the user identity of the terminal device opens an identity identification interface to the outside world, and supports two types of interfaces, the Restful protocol and the SOAP protocol. The background system located on the external server calls the application interaction module to open the identity recognition Restful protocol or SOAP protocol interface to the outside world, requests the device for identifying the identity of the terminal device user to identify the identity of the terminal device user, and obtains the identification result information.

302,应用交互模块接收到客户端发起的用户身份识别请求后,执行本模块定义的相应逻辑处理,然后与身份识别模块之间的身份识别接口进行交互,应用交互模块通过与身份识别模块之间的身份识别接口进行交互,向身份识别模块发出身份进行识别请求。302. After receiving the user identification request initiated by the client, the application interaction module executes the corresponding logical processing defined by this module, and then interacts with the identification interface between the identification modules. The application interaction module communicates with the identification module The identity recognition interface interacts and sends an identity recognition request to the identity recognition module.

303,身份识别模块在执行完本模块定义的相应逻辑处理后,通过与接入认证模块暴露的接入认证接口进行对接,针对客户端的此次身份识别请求进行接入认证,接入认证模块完成本模块定义的相应逻辑处理后,向身份识别模块返回认证结果。303. After executing the corresponding logical processing defined by this module, the identity recognition module connects with the access authentication interface exposed by the access authentication module, and performs access authentication for the identity recognition request of the client, and the access authentication module completes After processing the corresponding logic defined by this module, return the authentication result to the identity recognition module.

304,身份识别模块通过与网络交互模块之间的消息传递接口,向核心网PCRF发起身份识别请求。身份识别模块按照此内部接口定义,将终端设备用户身份识别消息传递给网络交互模块,并由网络交互模块在收到核心网PCRF返回的身份识别响应后,通过此接口将身份识别结果返回给身份识别模块。304. The identity identification module initiates an identity identification request to the PCRF of the core network through a message transfer interface with the network interaction module. According to the definition of this internal interface, the identity recognition module transmits the terminal device user identity recognition message to the network interaction module, and the network interaction module returns the identity recognition result to the identity through this interface after receiving the identity recognition response returned by the core network PCRF Identification module.

305,网络交互模块与核心网PCRF之间的Rx接口,网络交互模块通过此接口,适配对接核心网PCRF的Diameter协议的Rx接口,进行内外部系统的协议适配转换,向核心网PCRF请求身份识别,并接收核心网PCRF返回的身份识别响应消息。305, the Rx interface between the network interaction module and the core network PCRF, through this interface, the network interaction module adapts to the Rx interface of the Diameter protocol of the core network PCRF, performs protocol adaptation and conversion of internal and external systems, and requests the core network PCRF Identify the identity, and receive the identity identification response message returned by the PCRF of the core network.

306,身份识别模块根据终端设备用户身份识别请求的具体要求(PCRF反馈的用户身份信息,或者其他用户身份信息),确定是否与身份信息模块进行交互,通过MSISDN,从身份信息模块获得终端设备用户的详细身份信息。306. The identity recognition module determines whether to interact with the identity information module according to the specific requirements of the terminal device user identity recognition request (user identity information fed back by PCRF, or other user identity information), and obtains the terminal device user from the identity information module through MSISDN detailed identity information.

307,身份信息模块通过与客户关系管理系统之间的接口,从客户关系管理系统获取终端设备用户详细身份信息。307. The identity information module acquires detailed identity information of the terminal device user from the customer relationship management system through an interface with the customer relationship management system.

图4所示为识别终端设备用户身份信息的业务流程。Fig. 4 shows a business process for identifying user identity information of a terminal device.

401,终端设备用户在注册或使用位于终端设备上的客户端应用或者位于后台服务器上的外部系统时,客户端应用或外部系统需要在无需用户手工输入提供手机号码,获得终端设备的手机号码MSISDN以及IMSI,以确认用户身份,因此客户端应用或外部系统向终端设备身份识别装置发起对终端设备用户身份识别的请求。请求消息中携带客户端应用或外部系统从终端设备上获得的、由终端设备接入无线网络所分配的私网IP地址及客户端应用或外部系统的信息,请求返回该IP地址所对应的终端设备的MSISDN和IMSI;401. When a terminal device user registers or uses a client application located on the terminal device or an external system located on the background server, the client application or the external system needs to provide the mobile phone number without the user manually inputting the mobile phone number MSISDN of the terminal device. and the IMSI to confirm the user identity, so the client application or the external system initiates a request for terminal device user identity recognition to the terminal device identity recognition device. The request message carries the private network IP address obtained by the client application or the external system from the terminal device, which is assigned by the terminal device to access the wireless network, and the information of the client application or the external system, and requests to return the terminal corresponding to the IP address. MSISDN and IMSI of the device;

402,终端设备身份识别装置按照内部各模块的分工,完成相应的处理后,向PCRF发起终端设备身份识别请求,请求消息中携带终端设备的私网IP地址,不携带业务、媒体信息,以便核心网PCRF能知道这不是一次普通的计费或策略请求消息。若核心网为终端设备所分配的私网IP地址存在重复的情况,再携带IP地址域信息,确保让核心网PCRF能够通过私网IP地址以及IP地址域,唯一确定所要识别的终端设备身份;402. The terminal device identity recognition device initiates a terminal device identity recognition request to the PCRF after completing the corresponding processing according to the division of labor of each internal module, and the request message carries the private network IP address of the terminal device, and does not carry business and media information, so that the core The network PCRF can know that this is not an ordinary charging or policy request message. If the private network IP address assigned by the core network to the terminal device is duplicated, then carry the IP address field information to ensure that the core network PCRF can uniquely determine the identity of the terminal device to be identified through the private network IP address and the IP address field;

403,核心网PCRF根据终端设备身份识别装置发出的请求消息,在响应消息中返回MSISDN和IMSI号码;403. The PCRF of the core network returns the MSISDN and the IMSI number in the response message according to the request message sent by the terminal equipment identification device;

404,终端设备身份识别装置向客户端应用或外部系统返回终端设备身份识别响应消息。404. The terminal device identity recognition device returns a terminal device identity recognition response message to the client application or the external system.

其中响应消息是根据客户端应用或外部系统的具体属性及其请求要求,可包含MSISDN,或者IMSI,或者MSISDN和IMSI,或者MSISDN和IMSI以及用户详细身份信息。The response message may include MSISDN, or IMSI, or MSISDN and IMSI, or MSISDN and IMSI, and user detailed identity information according to the specific attributes and request requirements of the client application or external system.

图5所示为识别终端设备用户其他身份信息的业务流程。Fig. 5 shows a business process for identifying other identity information of a terminal device user.

501,终端设备用户在注册或使用位于终端设备上的客户端应用或者位于后台服务器上的外部系统时,客户端应用或外部系统根据具体场景,需要核实终端设备所属用户的手机号码MSISDN以及获取终端设备用户在运营商所注册的详细身份信息,向终端设备身份识别装置发起对终端设备用户身份识别的请求。请求消息中携带客户端应用或外部系统从终端设备上获得的、由终端设备接入无线网络所分配的IP地址及客户端应用或外部系统的信息,请求返回该IP地址所对应的终端设备的MSISDN、IMSI及终端设备用户在运营商所注册的详细身份信息;501. When a terminal device user registers or uses a client application on the terminal device or an external system on the background server, the client application or the external system needs to verify the mobile phone number MSISDN of the user to which the terminal device belongs and obtain the terminal The detailed identity information registered by the device user with the operator initiates a request for terminal device user identity recognition to the terminal device identity recognition device. The request message carries the IP address obtained from the terminal device by the client application or the external system, the IP address assigned by the terminal device to access the wireless network, and the information of the client application or the external system, and requests to return the information of the terminal device corresponding to the IP address. MSISDN, IMSI and detailed identity information registered by the terminal device user with the operator;

502,终端设备身份识别装置内部的各模块完成相应的处理后,向PCRF发起终端设备身份识别请求,请求消息中携带终端设备的私网IP地址,不携带业务、媒体信息,以便核心网PCRF能知道这不是一次普通的计费或策略请求消息。若核心网为终端设备所分配的私网IP地址存在重复的情况,再携带IP地址域信息,确保核心网PCRF能够通过私网IP地址以及IP地址域,唯一确定所要识别的终端设备身份;502. After completing the corresponding processing, each module inside the terminal equipment identification device initiates a terminal equipment identification request to the PCRF, and the request message carries the private network IP address of the terminal equipment and does not carry service and media information, so that the core network PCRF can Know that this is not an ordinary accounting or policy request message. If the private network IP address assigned by the core network to the terminal device is duplicated, then carry the IP address field information to ensure that the core network PCRF can uniquely determine the identity of the terminal device to be identified through the private network IP address and the IP address field;

503,核心网PCRF根据终端设备身份识别装置发出的请求消息,在响应消息中返回MSISDN和IMSI。终端设备身份识别装置通过核心网返回的MSISDN,查询其从客户关系管理系统中获取的用户详细信息。若未查到,则转向步骤504;若查到了用户详细信息,则转向步骤506;503. The PCRF of the core network returns the MSISDN and the IMSI in the response message according to the request message sent by the terminal equipment identification device. Through the MSISDN returned by the core network, the terminal device identity recognition device queries the detailed user information obtained from the customer relationship management system. If not found, then turn to step 504; if found user detailed information, then turn to step 506;

504,终端设备身份识别装置根据所获得的MSISDN信息,从客户关系管理系统查询该用户的详细身份信息;504. The terminal equipment identity recognition device queries the detailed identity information of the user from the customer relationship management system according to the obtained MSISDN information;

505,客户关系管理系统向终端设备身份识别装置返回MSISDN对应的用户身份信息;505. The customer relationship management system returns the user identity information corresponding to the MSISDN to the terminal device identity recognition device;

506,终端设备身份识别装置向客户端应用或外部系统返回终端设备身份识别响应消息,包含MSISDN和IMSI号码及其他的用户身份信息,其他用户身份信息可包括用户的身份证或社保号信息、套餐消费信息等。506. The terminal device identification device returns a terminal device identification response message to the client application or the external system, including the MSISDN, IMSI number and other user identity information. Other user identity information may include the user's ID card or social security number information, package consumer information, etc.

实施例3Example 3

本实施例提供一种识别终端设备用户身份的装置,其可置于核心网PCRF侧,其与上述实施例2中的装置结合使用,可识别终端设备的用户身份。其至少包括如下两个模块。This embodiment provides a device for identifying the user identity of a terminal device, which can be placed on the PCRF side of the core network, and used in combination with the device in Embodiment 2 above, to identify the user identity of the terminal device. It includes at least the following two modules.

第一模块,接收到仅携带终端设备IP地址的Rx接口消息时,确定Rx接口消息为身份查询请求消息,根据身份查询请求消息中的IP地址,查询该IP地址所对应的用户身份信息;The first module, when receiving the Rx interface message that only carries the IP address of the terminal device, determines that the Rx interface message is an identity query request message, and queries the user identity information corresponding to the IP address according to the IP address in the identity query request message;

其中,由于目前的Rx接口消息一般包含有终端设备的私网IP地址,及业务和媒体信息,而本实施例中的Rx接口消息中只携带终端设备的私网IP地址,而不携带业务和媒体信息时,即可确定此Rx接口消息是用户身份查询请求。Wherein, because the current Rx interface message generally includes the private network IP address of the terminal device, and business and media information, and the Rx interface message in this embodiment only carries the private network IP address of the terminal device, and does not carry the business and media information. When receiving media information, it can be determined that the Rx interface message is a user identity query request.

第二模块,将所查询到的用户身份信息反馈给终端。The second module feeds back the queried user identity information to the terminal.

其中,所查询到的用户身份信息至少包括MSISDN和IMSI。Wherein, the queried user identity information includes at least MSISDN and IMSI.

从上述实施例可以看出,本申请技术方案创造性地利用运营商核心网PCRF网元对业务层提供的Rx接口消息所提供的功能,通过对Rx接口在运用方式上进行扩展,即在发给核心网PCRF的Rx请求消息中携带终端设备的私网IP地址,不携带业务、媒体信息,以便让核心网PCRF能知道这不是一次普通的计费或策略请求消息,而是只要返回终端设备的私网IP所对应的终端设备用户的身份信息。通过本发明提供的方法和装置,客户端应用或外部系统在用户注册或使用其业务时,若需要确认或提供用户手机号码MSISDN,就可以自动获取终端设备的身份信息,避免用户手工输入手机号码MSISDN,减少了交互步骤的情况,有效地提升了当前移动互联网应用在开展业务的友好性和易用性,改善用户使用应用的交互体验,同时,也有效地将运营商的用户帐号作为移动互联网生态系统中的一种重要身份帐号,提升运营商在移动互联网价值链中的话语权。It can be seen from the above embodiments that the technical solution of this application creatively utilizes the functions provided by the PCRF network element of the operator's core network to the Rx interface message provided by the service layer, and expands the operation mode of the Rx interface, that is, when sending The Rx request message of the core network PCRF carries the private network IP address of the terminal device, but does not carry service and media information, so that the core network PCRF can know that this is not an ordinary billing or policy request message, but only returns the terminal device's The identity information of the terminal device user corresponding to the private network IP. Through the method and device provided by the present invention, if the client application or external system needs to confirm or provide the user's mobile phone number MSISDN when the user registers or uses its service, it can automatically obtain the identity information of the terminal device, avoiding the user from manually inputting the mobile phone number MSISDN reduces the number of interaction steps, effectively improves the friendliness and ease of use of current mobile Internet applications, improves the interactive experience of users using applications, and effectively uses the operator's user account as a mobile Internet application. An important identity account in the ecosystem, which enhances the operator's voice in the mobile Internet value chain.

更重要的是,通过本申请提供的装置,可以将运营商用户账号发展成为跨移动网络和互联网络通用的身份号码,渗透到各种移动互联网应用,可以无限放大运营商所管理的MSISDN手机号码和IMSI号码的价值,使之成为与超级互联网APP匹敌,甚至超越超级互联网APP的杀手级战略资源。可以极大地增强用户体验,最大限度地发挥网络价值,创造利润,增强运营商的市场竞争力。More importantly, through the device provided by this application, the operator's user account can be developed into a universal identity number across mobile networks and the Internet, penetrate into various mobile Internet applications, and can infinitely enlarge the MSISDN mobile phone number managed by the operator And the value of the IMSI number makes it a killer strategic resource that rivals or even surpasses super Internet APPs. It can greatly enhance the user experience, maximize the value of the network, create profits, and enhance the market competitiveness of operators.

本领域普通技术人员可以理解上述方法中的全部或部分步骤可通过程序来指令相关硬件完成,所述程序可以存储于计算机可读存储介质中,如只读存储器、磁盘或光盘等。可选地,上述实施例的全部或部分步骤也可以使用一个或多个集成电路来实现。相应地,上述实施例中的各模块/单元可以采用硬件的形式实现,也可以采用软件功能模块的形式实现。本申请不限制于任何特定形式的硬件和软件的结合。Those skilled in the art can understand that all or part of the steps in the above method can be completed by instructing relevant hardware through a program, and the program can be stored in a computer-readable storage medium, such as a read-only memory, a magnetic disk or an optical disk, and the like. Optionally, all or part of the steps in the foregoing embodiments may also be implemented using one or more integrated circuits. Correspondingly, each module/unit in the foregoing embodiments may be implemented in the form of hardware, or may be implemented in the form of software function modules. This application is not limited to any specific form of combination of hardware and software.

以上所述,仅为本发明的较佳实例而已,并非用于限定本发明的保护范围。凡在本发明的精神和原则之内,所做的任何修改、等同替换、改进等,均应包含在本发明的保护范围之内。The above descriptions are only preferred examples of the present invention, and are not intended to limit the protection scope of the present invention. Any modifications, equivalent replacements, improvements, etc. made within the spirit and principles of the present invention shall be included within the protection scope of the present invention.

Claims (14)

1.一种识别终端设备用户身份的方法,其特征在,该方法包括:1. A method for identifying a terminal device user identity, characterized in that the method comprises: 接收到第三方针对终端设备发起的用户身份识别请求时,根据所述用户身份识别请求生成用户身份查询请求,将所生成的用户身份查询请求发送给核心网PCRF,其中,所述用户身份查询请求中携带所述终端设备的IP地址,以指示PCRF根据所述身份查询请求消息中的IP地址,返回该IP地址所对应的用户身份信息;When a user identity identification request initiated by a third party for the terminal device is received, a user identity query request is generated according to the user identity identification request, and the generated user identity query request is sent to the core network PCRF, wherein the user identity query request carrying the IP address of the terminal device in order to instruct PCRF to return the user identity information corresponding to the IP address according to the IP address in the identity query request message; 当收到所述PCRF反馈的用户身份信息时,将收到的用户身份信息反馈给的所述第三方。When receiving the user identity information fed back by the PCRF, feed back the received user identity information to the third party. 2.如权利要求1所述的方法,其特征在于,2. The method of claim 1, wherein 所述用户身份信息至少包括移动用户国际号码MSISDN和国际移动用户识别码IMSI。The user identity information includes at least an international mobile subscriber number MSISDN and an international mobile subscriber identity IMSI. 3.如权利要求1所述的方法,其特征在于,3. The method of claim 1, wherein, 所述用户身份查询请求为Rx接口消息。The user identity query request is an Rx interface message. 4.如权利要求1至3任一项所述的方法,其特征在于,所述方法还包括:4. The method according to any one of claims 1 to 3, wherein the method further comprises: 当收到所述PCRF反馈的用户身份信息时,根据所述PCRF反馈的用户身份信息识别出其他用户身份信息,将收到的用户身份信息及识别出的其他用户身份信息一起反馈给所述第三方;When receiving the user identity information fed back by the PCRF, identify other user identity information according to the user identity information fed back by the PCRF, and feed back the received user identity information and other identified user identity information to the first Three parties; 其中,所述其他用户身份信息至少包括用户地址、用户名称。Wherein, the other user identity information includes at least user address and user name. 5.如权利要求4所述的方法,其特征在于,所述方法还包括:保存终端设备的所有用户身份信息,并从运营商的客户关系管理系统获取并更新终端设备的用户身份信息,使保存的用户身份信息与运营商实际拥有的最新用户身份信息一致。5. The method according to claim 4, further comprising: saving all user identity information of the terminal equipment, and obtaining and updating the user identity information of the terminal equipment from the customer relationship management system of the operator, so that The stored user identity information is consistent with the latest user identity information actually owned by the operator. 6.如权利要求4所述的方法,其特征在于,接收到第三方针对终端设备发起的用户身份识别请求时,所述方法还包括:6. The method according to claim 4, characterized in that, when receiving a user identification request initiated by a third party for the terminal device, the method further comprises: 对所述终端设备的客户端进行接入认证及用户授权;Perform access authentication and user authorization on the client of the terminal device; 当所述终端设备的客户端通过接入认证和用户授权时,再根据所述用户身份识别请求生成用户身份查询请求,并将所生成的用户身份查询请求发送给所述PCRF。When the client of the terminal device passes the access authentication and user authorization, it generates a user identity query request according to the user identity identification request, and sends the generated user identity query request to the PCRF. 7.一种识别终端设备用户身份的装置,其特征在于,该装置至少包括应用交互模块、身份识别模块和网络交互模块,其中:7. A device for identifying the identity of a terminal device user, characterized in that the device at least includes an application interaction module, an identity recognition module and a network interaction module, wherein: 所述应用交互模块,对第三方开放身份识别接口,接收第三方针对终端设备发起的身份识别请求消息,以及向所述第三方反馈身份识别请求消息所查询的终端设备的用户身份信息;The application interaction module opens an identity recognition interface to a third party, receives an identity recognition request message initiated by a third party for the terminal device, and feeds back to the third party the user identity information of the terminal device queried by the identity recognition request message; 所述身份识别模块,根据所接收到的身份识别请求消息生成用户身份查询请求,其中,所述用户身份查询请求中携带所述终端设备的IP地址,以指示PCRF根据所述身份查询请求消息中的IP地址,返回该IP地址所对应的用户身份信息,以及从接收到的用户身份查询请求的响应中获取所述第三方所查询的终端设备的用户身份信息并发送给所述应用交互模块;The identity recognition module generates a user identity query request according to the received identity recognition request message, wherein the user identity query request carries the IP address of the terminal device to instruct PCRF to IP address, return the user identity information corresponding to the IP address, and obtain the user identity information of the terminal device queried by the third party from the received response to the user identity query request and send it to the application interaction module; 所述网络交互模块,将所生成的用户身份查询请求发送给核心网PCRF,并接收PCRF返回的用户身份查询请求的响应,将所述用户身份查询请求的响应返回给所述身份识别模块。The network interaction module sends the generated user identity query request to core network PCRF, receives the response of the user identity query request returned by PCRF, and returns the response of the user identity query request to the identity recognition module. 8.如权利要求7所述的装置,其特征在于,8. The apparatus of claim 7, wherein 所述用户身份信息至少包括移动用户国际号码MSISDN和国际移动用户识别码IMSI。The user identity information includes at least an international mobile subscriber number MSISDN and an international mobile subscriber identity IMSI. 9.如权利要求7所述的装置,其特征在于,9. The apparatus of claim 7, wherein 所述用户身份查询请求为Rx接口消息。The user identity query request is an Rx interface message. 10.如权利要求7至9任一项所述的装置,其特征在于,10. Apparatus according to any one of claims 7 to 9, wherein 所述身份识别模块,还根据用户身份查询请求的响应中的用户身份信息识别出其他用户身份信息,将收到的用户身份信息及识别出的其他用户身份信息一起反馈给所述应用交互模块,其中,所述其他用户身份信息至少包括用户地址、用户名称;The identity identification module also identifies other user identity information according to the user identity information in the response to the user identity query request, and feeds back the received user identity information and other identified user identity information to the application interaction module, Wherein, the other user identity information includes at least user address and user name; 所述应用交互模块,将所述身份识别模块发送的所有用户身份信息一起反馈给所述第三方。The application interaction module feeds back all user identity information sent by the identity recognition module to the third party. 11.如权利要求10所述的装置,其特征在于,所述装置还包括:11. The device of claim 10, further comprising: 身份信息模块,保存终端设备的所有用户身份信息,并从运营商的客户关系管理系统获取并更新终端设备的用户身份信息,使保存的用户身份信息与运营商实际拥有的最新用户身份信息一致。The identity information module saves all user identity information of the terminal equipment, and obtains and updates the user identity information of the terminal equipment from the operator's customer relationship management system, so that the stored user identity information is consistent with the latest user identity information actually owned by the operator. 12.如权利要求10所述的装置,其特征在于,所述装置还包括:12. The device of claim 10, further comprising: 接入认证模块,在所述应用交互模块接收到第三方针对终端设备发起的用户身份识别请求时,对所述终端设备的客户端进行接入认证及用户授权;The access authentication module performs access authentication and user authorization on the client of the terminal device when the application interaction module receives a user identification request initiated by a third party for the terminal device; 所述身识别模块,仅在所述终端设备的客户端通过接入认证和用户授权时,才生成所述用户身份查询请求。The identity identification module generates the user identity query request only when the client of the terminal device passes the access authentication and user authorization. 13.一种识别终端设备用户身份的装置,其特征在于,该装置至少包括:13. A device for identifying the identity of a terminal device user, characterized in that the device at least includes: 第一模块,接收到仅携带终端设备IP地址的Rx接口消息时,确定所述Rx接口消息为身份查询请求消息,根据所述身份查询请求消息中的IP地址,查询该IP地址所对应的用户身份信息;The first module, when receiving the Rx interface message carrying only the IP address of the terminal device, determines that the Rx interface message is an identity query request message, and queries the user corresponding to the IP address according to the IP address in the identity query request message Identity Information; 第二模块,将所查询到的用户身份信息反馈给终端。The second module feeds back the queried user identity information to the terminal. 14.如权利要求13所述的装置,其特征在于,所述用户身份信息至少包括移动用户国际号码MSISDN和国际移动用户识别码IMSI。14. The device according to claim 13, wherein the user identity information includes at least an International Mobile Subscriber Number (MSISDN) and an International Mobile Subscriber Identity (IMSI).
CN201510570314.XA 2015-09-09 2015-09-09 Method and device for identifying subscriber identity of terminal equipment Withdrawn CN106534040A (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CN201510570314.XA CN106534040A (en) 2015-09-09 2015-09-09 Method and device for identifying subscriber identity of terminal equipment
PCT/CN2016/086028 WO2017041562A1 (en) 2015-09-09 2016-06-16 Method and device for identifying user identity of terminal device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201510570314.XA CN106534040A (en) 2015-09-09 2015-09-09 Method and device for identifying subscriber identity of terminal equipment

Publications (1)

Publication Number Publication Date
CN106534040A true CN106534040A (en) 2017-03-22

Family

ID=58239843

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201510570314.XA Withdrawn CN106534040A (en) 2015-09-09 2015-09-09 Method and device for identifying subscriber identity of terminal equipment

Country Status (2)

Country Link
CN (1) CN106534040A (en)
WO (1) WO2017041562A1 (en)

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106921957A (en) * 2017-03-23 2017-07-04 中国联合网络通信集团有限公司 The recognition methods of secondary number of distributing telephone numbers and device
CN109768947A (en) * 2017-11-09 2019-05-17 中国移动通信有限公司研究院 A user identity authentication method, device and medium
CN110049106A (en) * 2019-03-22 2019-07-23 口碑(上海)信息技术有限公司 Service request processing system and method
CN110856164A (en) * 2018-08-21 2020-02-28 中国电信股份有限公司 User identification method, server and system
CN111132122A (en) * 2019-12-18 2020-05-08 南京熊猫电子股份有限公司 Method for recognizing multi-system terminal user information based on short distance and mobile terminal sensing system

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP3402238A1 (en) 2017-05-09 2018-11-14 Giesecke+Devrient Mobile Security GmbH Efficient user authentications
CN107798601A (en) * 2017-12-08 2018-03-13 四川安亮科技有限公司 A kind of financial information inquiry terminating machine
CN112565053B (en) * 2020-12-01 2022-06-10 武汉绿色网络信息服务有限责任公司 Method, device, service system and storage medium for identifying private network users
US11991525B2 (en) 2021-12-02 2024-05-21 T-Mobile Usa, Inc. Wireless device access and subsidy control

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102857485A (en) * 2012-03-22 2013-01-02 孙银海 System and method capable of showing authentication success of website
CN103107976A (en) * 2011-11-10 2013-05-15 中国电信股份有限公司 Content provider/service provider (CP/SP) user identification authentication method and system and authentication support device
CN103812836A (en) * 2012-11-12 2014-05-21 孙银海 System and method for website to send user reserved information

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2006016009A1 (en) * 2004-07-07 2006-02-16 France Telecom Method and device for processing a domain name translation request
WO2008092358A1 (en) * 2007-01-29 2008-08-07 Huawei Technologies Co., Ltd. A strategy performing method, system and network element

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103107976A (en) * 2011-11-10 2013-05-15 中国电信股份有限公司 Content provider/service provider (CP/SP) user identification authentication method and system and authentication support device
CN102857485A (en) * 2012-03-22 2013-01-02 孙银海 System and method capable of showing authentication success of website
CN103812836A (en) * 2012-11-12 2014-05-21 孙银海 System and method for website to send user reserved information

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106921957A (en) * 2017-03-23 2017-07-04 中国联合网络通信集团有限公司 The recognition methods of secondary number of distributing telephone numbers and device
CN106921957B (en) * 2017-03-23 2019-10-18 中国联合网络通信集团有限公司 Recognition method and device for secondary number allocation
CN109768947A (en) * 2017-11-09 2019-05-17 中国移动通信有限公司研究院 A user identity authentication method, device and medium
CN110856164A (en) * 2018-08-21 2020-02-28 中国电信股份有限公司 User identification method, server and system
CN110856164B (en) * 2018-08-21 2022-08-30 中国电信股份有限公司 User identification method, server and system
CN110049106A (en) * 2019-03-22 2019-07-23 口碑(上海)信息技术有限公司 Service request processing system and method
CN111132122A (en) * 2019-12-18 2020-05-08 南京熊猫电子股份有限公司 Method for recognizing multi-system terminal user information based on short distance and mobile terminal sensing system

Also Published As

Publication number Publication date
WO2017041562A1 (en) 2017-03-16

Similar Documents

Publication Publication Date Title
CN106534040A (en) Method and device for identifying subscriber identity of terminal equipment
CN110800331B (en) Network verification method, related equipment and system
CN104767715B (en) Access control method and equipment
US10555172B2 (en) Untrusted device access to services over a cellular network
CN104335641B (en) Data service handling method, device and system under roaming scence
CN105451214B (en) Card application access method and apparatus
CN107580360A (en) Method, device and network architecture for network slice selection
CN104144402A (en) Method and related device for realizing localized roaming of mobile terminal
CN109246688A (en) Equipment cut-in method, equipment and system
CN110944319B (en) 5G communication identity verification method, equipment and storage medium
CN103547333A (en) Advertisement push method, device and system
CN113206753A (en) Information configuration method and management unit
US10390226B1 (en) Mobile identification method based on SIM card and device-related parameters
CN106921957A (en) The recognition methods of secondary number of distributing telephone numbers and device
CN104735027A (en) Safety authentication method and authentication certification server
WO2017107653A1 (en) Mobile payment method, related device and system
CN108632325A (en) A kind of call method and device of application
CN108243631B (en) A method and device for accessing a network
US20230300622A1 (en) Communication system, communication method, and communication apparatus
CN109510906B (en) Method, device, system and storage medium for realizing Internet service
CN103249044A (en) Method, system and device for accessing self-hold business to terminal through MiFi
JP6508660B2 (en) Charge control device, method and system
CN103634421A (en) Address distribution method and server
CN117062075A (en) Private network security authentication method, device and system
CN105392112A (en) MTC device information protection method, device and system

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
WW01 Invention patent application withdrawn after publication

Application publication date: 20170322

WW01 Invention patent application withdrawn after publication