[go: up one dir, main page]
More Web Proxy on the site http://driver.im/

CN109451096B - IP distribution method, device and IP authentication method, device and system - Google Patents

IP distribution method, device and IP authentication method, device and system Download PDF

Info

Publication number
CN109451096B
CN109451096B CN201811626001.1A CN201811626001A CN109451096B CN 109451096 B CN109451096 B CN 109451096B CN 201811626001 A CN201811626001 A CN 201811626001A CN 109451096 B CN109451096 B CN 109451096B
Authority
CN
China
Prior art keywords
terminal
allocated
sbc
user number
call request
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201811626001.1A
Other languages
Chinese (zh)
Other versions
CN109451096A (en
Inventor
杨进
张峻
冒蓉
操振宇
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China Mobile Communications Group Co Ltd
China Mobile Group Jiangsu Co Ltd
Original Assignee
China Mobile Communications Group Co Ltd
China Mobile Group Jiangsu Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China Mobile Communications Group Co Ltd, China Mobile Group Jiangsu Co Ltd filed Critical China Mobile Communications Group Co Ltd
Priority to CN201811626001.1A priority Critical patent/CN109451096B/en
Publication of CN109451096A publication Critical patent/CN109451096A/en
Application granted granted Critical
Publication of CN109451096B publication Critical patent/CN109451096B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/50Address allocation
    • H04L61/5007Internet protocol [IP] addresses
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Telephonic Communication Services (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The embodiment of the invention provides an IP distribution method, an IP distribution device, an IP authentication method, an IP authentication device and an IP authentication system. The IP allocation method comprises the following steps: judging whether the IP of the Internet protocol address of the terminal needs to be updated or not; sending an IP to be allocated and a user number corresponding to the IP to be allocated to a Session Border Controller (SBC) under the condition that the IP of the terminal needs to be updated; and receiving confirmation information generated by the SBC based on the IP to be allocated and the user number, and allocating the IP to be allocated to the terminal based on the confirmation information. The embodiment of the invention can dynamically update the IP and store the updated IP into the SBC, so as to accurately authenticate the terminal and prevent the terminal IP from being cracked violently.

Description

IP distribution method, device and IP authentication method, device and system
Technical Field
The present invention relates to the field of core network technologies, and in particular, to an IP allocation method, an IP allocation apparatus, an IP authentication method, an IP authentication apparatus, and an IP authentication system
Background
Authentication of Internet Protocol (IP) addresses is one of the precautions to prevent fixed-line misappropriation of IP Multimedia Subsystem (IMS).
Generally, to prevent IMS curing from being pirated, the following two approaches are used: firstly, aiming at each province, configuring a fixed telephone IP address field of an operator of the province on a Session Border Controller (SBC), and registering by limiting addresses except the address field by the SBC; secondly, a 'local city-IP section' list with smaller granularity (for example, refined to the local city) is established through a Home Subscriber Server (HSS), before each calling call, a fixed number needs to carry a number, the IP of the terminal of the fixed number initiates authentication to an SBC, the SBC searches the Home city and a corresponding IP address section of the number in the HSS, whether the IP of the terminal is in the corresponding address section of the Home city is checked, if the IP of the terminal is in the corresponding address section of the Home city, the fixed number is considered to be legal, the fixed number is allowed to be called, and if the IP of the terminal is not in the corresponding address section, the fixed number is considered to be illegal, and the call is rejected.
In summary, when the SBC terminal IP authenticates in the above two manners, the range is wide, and the authentication manner is static and is easily cracked by violence.
Disclosure of Invention
The embodiment of the invention provides an IP allocation method, an IP allocation device, an IP authentication method, an IP authentication device and an IP authentication system, which can dynamically update an IP, store the updated IP into an SBC, further accurately authenticate a terminal and cannot brute the IP of the terminal.
In a first aspect, an embodiment of the present invention provides an IP allocation method, where the method includes:
judging whether the IP of the Internet protocol address of the terminal needs to be updated or not;
sending an IP to be allocated and a user number corresponding to the IP to be allocated to a Session Border Controller (SBC) under the condition that the IP of the terminal needs to be updated;
and receiving confirmation information generated by the SBC based on the IP to be allocated and the user number, and allocating the IP to be allocated to the terminal based on the confirmation information.
In a second aspect, an embodiment of the present invention provides an IP authentication method, where the method includes:
receiving a call request of a terminal, wherein the call request carries a user number and a terminal IP;
calling an IP corresponding to the user number in an IP library according to the user number; the IP in the IP library is the IP to be allocated according to any one of the claims 1 to 6;
when the IP is consistent with the terminal IP, the call request is accepted;
and when the IP is not consistent with the terminal IP, rejecting the call request.
In a third aspect, an embodiment of the present invention provides an IP allocation apparatus, where the apparatus includes:
the judging module is used for judging whether the IP of the Internet protocol address of the terminal needs to be updated or not;
a sending module, configured to send an IP to be allocated and a subscriber number corresponding to the IP to be allocated to a session border controller SBC when the IP of the terminal needs to be updated;
and the allocation module is used for receiving confirmation information which is fed back by the SBC and generated based on the IP to be allocated and the user number, and allocating the IP to be allocated to the corresponding terminal based on the confirmation information.
In a fourth aspect, an embodiment of the present invention provides an IP authentication apparatus, where the apparatus includes:
the system comprises a receiving module, a sending module and a receiving module, wherein the receiving module is used for receiving a call request of a terminal, and the call request carries a user number and a terminal IP;
the calling module is used for calling the IP corresponding to the user number in the IP library according to the user number; the IP in the IP library is the IP to be allocated according to any one of the claims 1 to 6;
an IP judging module, which is used for receiving the call request when the IP is consistent with the terminal IP; and when the IP is not consistent with the terminal IP, rejecting the call request.
In a fifth aspect, the embodiment of the present invention provides an IP authentication system, where the system includes a broadband access server BRAS and an SBC;
the BRAS is configured to determine whether the IP of the terminal needs to be updated, and send the IP to be allocated and the subscriber number corresponding to the IP to be allocated to the SBC when the IP of the terminal needs to be updated; receiving confirmation information which is fed back by the SBC and generated based on the IP to be allocated and the user number, and allocating the IP to be allocated to the corresponding terminal based on the confirmation information;
and the SBC is used for generating confirmation information based on the received user number corresponding to the IP to be allocated and sending the confirmation information to the BRAS.
In a sixth aspect, an embodiment of the present invention provides an IP allocation apparatus, including: at least one processor, at least one memory, and computer program instructions stored in the memory, which when executed by the processor, implement the method of the first aspect and/or the second aspect of the embodiments described above.
In a seventh aspect, an embodiment of the present invention provides a computer-readable storage medium, on which computer program instructions are stored, and when the computer program instructions are executed by a processor, the method of the first aspect and/or the second aspect in the foregoing embodiments is implemented. .
According to the IP allocation method, the IP allocation device, the IP authentication method, the IP authentication device and the IP authentication system, when the IP is allocated and the IP of the terminal needs to be updated, the IP to be allocated and the user number corresponding to the IP to be allocated are sent to the SBC, and after the confirmation information generated by the SBC based on the IP to be allocated is received, the IP to be allocated is allocated to the terminal. When the IP authentication is performed, after the SBC receives a call request from the terminal, it calls an IP corresponding to the user number in the IP library according to the user number carried in the call request, compares the called IP with the terminal IP, receives the call request when the called IP is consistent with the terminal IP, and rejects the call request if the called IP is not consistent with the terminal IP. The embodiment of the invention can dynamically update the IP and store the updated IP into the SBC, so as to accurately authenticate the terminal and prevent the terminal IP from being cracked violently.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings required to be used in the embodiments of the present invention will be briefly described below, and for those skilled in the art, other drawings can be obtained according to the drawings without creative efforts.
FIG. 1 illustrates a flow chart of a method of IP allocation provided in accordance with some embodiments of the invention;
FIG. 2 illustrates a flow diagram of a method of IP authentication provided in accordance with some embodiments of the invention;
fig. 3 illustrates a block diagram of an IP distribution apparatus provided in accordance with some embodiments of the present invention;
fig. 4 illustrates a block diagram of an IP authentication device provided in accordance with some embodiments of the present invention;
FIG. 5 illustrates a block diagram of an IP authentication system provided in accordance with some embodiments of the invention;
fig. 6 illustrates a flow diagram of the operation of an IP authentication system provided in accordance with some embodiments of the present invention;
FIG. 7 illustrates a flow diagram of the operation of another IP authentication system provided in accordance with some embodiments of the invention;
FIG. 8 illustrates a block diagram of an electronic device provided in accordance with some embodiments of the present invention.
Detailed Description
Features and exemplary embodiments of various aspects of the present invention will be described in detail below, and in order to make objects, technical solutions and advantages of the present invention more apparent, the present invention will be further described in detail below with reference to the accompanying drawings and embodiments. It should be understood that the specific embodiments described herein are merely illustrative of the invention and are not to be construed as limiting the invention. It will be apparent to one skilled in the art that the present invention may be practiced without some of these specific details. The following description of the embodiments is merely intended to provide a better understanding of the present invention by illustrating examples of the present invention.
It is noted that, herein, relational terms such as first and second, and the like may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising … …" does not exclude the presence of other identical elements in a process, method, article, or apparatus that comprises the element.
Currently, the authentication of the IP is one of the precautionary measures to prevent the pirating of the IMS fixed line.
Generally, to prevent IMS curing from being pirated, the following two approaches are used: firstly, aiming at each province, configuring a fixed telephone IP address field of an operator of the province on an SBC, and limiting addresses except the address field by the SBC to register; secondly, a 'local city-IP section' list with smaller granularity (for example, refining to the local city) is established by the HSS, before each calling call, a fixed number needs to carry a number, the IP of the terminal which belongs to initiates authentication to the SBC, the SBC searches the HSS for the home city of the number and a corresponding IP address section, checks whether the IP of the terminal is in the corresponding address section of the home city, if so, considers that the fixed number is legal, allows the fixed number to call, and if not, considers that the fixed number is illegal, and rejects the call.
The above-mentioned mode for preventing IMS fixed telephone from being stolen has two problems, firstly, the authenticated address field has larger grain, and is at least to the grade of the local city, if the stolen identity is accessed to the network through the local city, the technology is invalid; the second is that the authentication is mainly through static address field, the rough range of the list of the authentication IP address field can be found out by the pirate and many times of trial, and the prevention can be broken through by simulating a network address. Based on this, the IP allocation method, the IP allocation device, the IP authentication method, the IP authentication device, and the IP authentication system provided in the embodiments of the present invention can dynamically update the IP, store the updated IP in the SBC, and further perform accurate authentication on the terminal, so that brute force cracking of the terminal IP cannot be performed.
The following describes the embodiment of the present invention in detail by using the execution main body of the IP allocation method as the BARS and the execution main body of the IP authentication method as the SBC.
Referring to fig. 1, a flowchart of a method for IP allocation provided in an embodiment of the present invention includes the following steps S101 to S103:
s101: and judging whether the IP address of the terminal needs to be updated or not.
In specific implementation, the terminal may be an IMS fixed-line terminal, for example, a Home Gateway Unit (HGU) and an Intelligent Gateway (IHGU), and the BARS may determine that the IP address of the terminal is updated in the following two ways:
firstly, when the terminal is on line, an IP acquisition request is sent.
When the BARS receives the IP acquisition request, the terminal is proved to need to update the IP, wherein the IP acquisition request carries the user number,
secondly, whether the current IP of the terminal is expired is judged through a preset time threshold, for example, a BARS sets a 24-hour IP address aging mechanism or a 48-hour IP address aging mechanism for the terminal, when the current IP using time of the terminal reaches the preset time threshold, the IP is allocated to the terminal, and when the current IP of the terminal is judged to be in the past, the user number of the terminal is acquired.
S102: and under the condition that the IP of the terminal needs to be updated, sending the IP to be allocated and the user number corresponding to the IP to be allocated to the SBC.
In specific implementation, when the BARS judges that the terminal needs to update the IP, the IP to be allocated is matched for the terminal in the IP address pool, and when the IP to be allocated of the terminal is matched, the matching is performed corresponding to the user number of the terminal, that is, the IP to be allocated is associated corresponding to the user number, so that the IP allocated to each terminal can be ensured to be the unique IP.
The BARS and the SBC are communicated in real time, after the IP to be allocated of the terminal is obtained, the user number corresponding to the IP to be allocated is sent to the SBC at the same time, and when the BARS and the SBC are communicated, the communication is carried out in a Socket interface and message queue mode, for example, the IP to be allocated and the corresponding user number are sent to the SBC in a list mode through the Socket interface.
In addition, when the BARS communicates with the SBC, a message waiting and retransmitting mechanism is provided, for example, after the BARS sends the IP to be allocated and the corresponding subscriber number to the SBC, the BARS may wait for the acknowledgement information fed back by the SBC, and may send the IP to be allocated and the corresponding subscriber number to the SBC multiple times within a preset time period, and if the acknowledgement information of the SBC is not received within the preset time period, stop sending the IP to be allocated to the terminal, for example, send the IP to be allocated and the corresponding subscriber number to the SBC 3 times within 1 minute. And after the acknowledgement information fed back by the SBC is not received within the preset time period, a network interruption alarm is also initiated.
In some embodiments, when the two manners in step S101 are used to determine whether the IP of the terminal needs to be updated, the manner may be to send an IP acquisition request when the terminal is online, the BARS may immediately notify the SBC, and the terminal needs to update the IP, that is, the BARS updates the IP of a single terminal, and determines whether the terminal needs to be updated by determining whether the current IP of the terminal is expired according to a preset time threshold, or the BARS continuously collects a terminal set that has expired in a current IP allocation time slice, and then allocates an IP to each terminal, that is, the BARS performs IP matching on terminals in batches.
In some embodiments, when the BARS performs IP matching on batch terminals, when matching the to-be-allocated IP for the terminals, the to-be-matched IP is in one-to-one correspondence with the user number of the terminal, so that the BARS can count the number of the terminals, acquire the number of the IP in the IP address pool, and stop updating the terminal IP when the number of the IP does not satisfy the number of the terminals.
In some embodiments, the BARS may also obtain the number of IPs in the IP address pool in real time, and initiate an IP insufficiency alarm when the number of IPs in the IP address pool decreases to a preset number threshold. Or recording the consumed quantity of the IP, and when the consumed quantity of the IP reaches a preset percentage in the IP address pool, for example, when the consumed quantity of the IP reaches 85% in the IP address pool, initiating an IP insufficiency alarm, and further notifying a system administrator to add an IP address field to the IP address pool.
S103: and receiving confirmation information generated by the SBC based on the IP to be allocated and the user number, and allocating the IP to be allocated to the terminal based on the confirmation information.
In the specific implementation, the confirmation information may be indication information that the SBC notifies the BARS that the to-be-allocated IP and the corresponding subscriber number have been successfully stored, and the indication information can be similar to the indication information that the terminal is to-be-allocated with the IP. When receiving the to-be-allocated IP and the corresponding subscriber number sent by the BARS, the SBC stores the to-be-allocated IP and the subscriber number corresponding to the to-be-allocated IP in the IP library of the SBC, so that the terminal is authenticated when the terminal initiates a call request. After the SBC successfully stores the to-be-allocated IP and the subscriber number corresponding to the to-be-allocated IP, it generates an acknowledgment message based on the to-be-allocated IP and the subscriber number corresponding to the to-be-allocated IP, and notifies the subscriber number that the to-be-allocated IP of the terminal corresponding to the subscriber number is stored, so that the to-be-allocated IP can be allocated to the terminal.
Referring to fig. 2, a flowchart of an IP authentication method provided in the embodiment of the present invention includes the following steps S201 to S202:
s201: receiving a call request of a terminal, wherein the call request carries a user number and a terminal IP.
S202: calling an IP corresponding to the user number in an IP library according to the user number; the IP in the IP base is the IP to be allocated according to the embodiment corresponding to the IP allocation method.
S203: when the IP is consistent with the terminal IP, the call request is accepted; and when the IP is not consistent with the terminal IP, rejecting the call request.
In specific implementation, the call request refers to a request that a terminal requests to initiate a call to another terminal, when the terminal initiates the call request, the SBC sends a subscriber number and a terminal IP of the terminal to the SBC, after receiving the call request, the SBC identifies the subscriber number and the terminal IP in the call request, and calls an IP corresponding to the subscriber number from an IP library according to the subscriber number, where the IP in the IP library is an IP to be allocated in an embodiment corresponding to the IP allocation method, that is, when the BARS sends the IP to be allocated to the SBC, the SBC stores the IP to be allocated into the IP library. Comparing the called IP corresponding to the user number with the terminal IP, when the called IP corresponding to the user number is consistent with the terminal IP, accepting the call request of the terminal, if not, rejecting the call request of the terminal, under the condition that the authentication level reaches the IP complete consistency, no matter whether the pirate molecule initiates a call from the local city access network or initiates a call through a certain address in the analog local number segment, the authentication can not be passed.
According to the IP allocation method, the IP allocation device, the IP authentication method, the IP allocation device and the IP authentication system, when IP allocation is performed, when the IP of the terminal needs to be updated through judgment, the IP to be allocated and the user number corresponding to the IP to be allocated are sent to the SBC, and after confirmation information generated by the SBC based on the IP to be allocated is received, the IP to be allocated is allocated to the terminal. When the IP authentication is performed, after the SBC receives a call request from the terminal, it calls an IP corresponding to the user number in the IP library according to the user number carried in the call request, compares the called IP with the terminal IP, receives the call request when the called IP is consistent with the terminal IP, and rejects the call request if the called IP is not consistent with the terminal IP. The embodiment of the invention can dynamically update the IP and store the updated IP into the SBC, so as to accurately authenticate the terminal and prevent the terminal IP from being cracked violently.
Based on the same inventive concept, the embodiment of the present invention further provides an IP allocation apparatus, wherein the detailed embodiment of the IP allocation apparatus corresponds to the embodiment of the IP allocation method described above, and the detailed content of the embodiment of the IP allocation method can be seen, and is not set forth herein.
Referring to fig. 3, an embodiment of the present invention further provides an IP allocation apparatus, where the apparatus includes: determination module 301, sending module 302, allocation module 303:
the judging module is used for judging whether the IP of the Internet protocol address of the terminal needs to be updated or not;
a sending module, configured to send an IP to be allocated and a subscriber number corresponding to the IP to be allocated to a session border controller SBC when the IP of the terminal needs to be updated;
and the allocation module is used for receiving confirmation information which is fed back by the SBC and generated based on the IP to be allocated and the user number, and allocating the IP to be allocated to the corresponding terminal based on the confirmation information.
In some embodiments, the determining module 301, configured to determine whether the IP of the terminal needs to be updated by using the following method includes:
and receiving an IP acquisition request initiated by the terminal.
In some embodiments, the determining module 301, configured to determine whether the IP of the terminal needs to be updated by using the following method further includes:
and judging whether the current IP allocation time of the terminal is due or not according to a preset time threshold.
In some embodiments, the sending module 302 is further configured to obtain the number of IPs in an IP address pool when the IP of the terminal needs to be updated; and if the IP number does not meet the number of the terminals, stopping updating the IP of the terminals.
In some embodiments, the apparatus further comprises a detecting module 304, and the detecting module 304 is configured to detect the number of IPs in the IP address pool, and initiate an IP under-alarm when the number of IPs in the IP address pool decreases to a preset number threshold.
In some embodiments, the sending module 303 is further configured to send, to the SBC, the to-be-allocated IP and the subscriber number corresponding to the to-be-allocated IP multiple times within a preset time period; and when the acknowledgement message sent by the SBC is not received within the preset time period, stopping sending the IP to be allocated to the terminal, and initiating a network interruption alarm.
Based on the same invention concept, the embodiment of the present invention further provides an IP authentication apparatus, wherein the detailed embodiment of the IP authentication apparatus corresponds to the embodiment of the IP authentication method, and the detailed content of the embodiment of the IP authentication method is not described herein.
Referring to fig. 4, an embodiment of the present invention further provides an IP authentication apparatus, where the apparatus includes:
a receiving module 401, configured to receive a call request of a terminal, where the call request carries a user number and a terminal IP;
a calling module 402, configured to call, according to the user number, an IP in the IP library corresponding to the user number;
an IP determining module 403, configured to accept the call request when the IP is consistent with the terminal IP; and when the IP is not consistent with the terminal IP, rejecting the call request.
Referring to fig. 5, an embodiment of the present invention further provides an IP authentication system, where the system includes a BRAS501 and an SBC 502;
the BRAS501 is configured to determine whether the IP of the terminal needs to be updated, and send the IP to be allocated and the subscriber number corresponding to the IP to be allocated to the SBC502 when the IP of the terminal needs to be updated; receiving confirmation information which is fed back by the SBC502 and generated based on the IP to be allocated and the user number, and allocating the IP to be allocated to a corresponding terminal based on the confirmation information;
the SBC502 is configured to generate acknowledgement information based on the received subscriber number corresponding to the IP to be allocated, and send the acknowledgement information to the BRAS 501.
In some embodiments, the SBC502 is further configured to authenticate the terminal IP by:
receiving a call request of the terminal, wherein the call request carries a user number and a terminal IP;
calling an IP corresponding to the user number in an IP library according to the user number;
when the IP is consistent with the terminal IP, receiving the call request;
and when the IP is not consistent with the terminal IP, rejecting the call request.
In specific implementation, the BARS501 determines whether the terminal needs to update the IP, and divides the IP into two cases, one of which is that when the terminal is online, the terminal sends an IP acquisition request, and the other one determines whether the current IP of the terminal is expired through a preset time threshold.
Referring to fig. 6, when the terminal is online, an IP acquisition request is sent, and the working flow of the IP authentication system is as follows:
s601: and when the terminal is on line, sending an IP acquisition request.
S602: the BARS matches the IP to be allocated for the terminal, and sends the user number and the IP to be allocated corresponding to the user number to the SBC.
S603: after receiving the subscriber number and the to-be-allocated IP, the SBC correspondingly stores the subscriber number and the to-be-allocated IP, and generates the confirmation information based on the subscriber number and the corresponding to-be-allocated IP.
S604: the BARS sends the IP to be allocated to the terminal.
S605: the terminal initiates a call request to the CBS, wherein the call request carries the user number and the terminal IP.
S606: the SBC calls an IP corresponding to the user number in the IP library according to the user number carried in the call request; and comparing the IP with the terminal IP, and receiving the call request if the IP is consistent with the terminal IP.
Referring to fig. 7, for determining whether the current IP of the terminal is expired through the preset time threshold, the working flow of the IP authentication system is as follows:
s701: the BARS continuously collects the terminal set of which the IP has expired in the current IP allocation time period, and allocates the IP to be allocated to each terminal.
S702: and sending each user number and the IP to be allocated corresponding to each user number to the SBC.
S703: after receiving the subscriber number and the to-be-allocated IP, the SBC correspondingly stores the subscriber number and the to-be-allocated IP, and generates the confirmation information based on the subscriber number and the corresponding to-be-allocated IP.
S704: the BARS sends the IP to be allocated to the terminal.
S705: the terminal initiates a call request to the CBS, wherein the call request carries the user number and the terminal IP.
S706: the SBC calls an IP corresponding to the user number in the IP library according to the user number carried in the call request; and comparing the IP with the terminal IP, and receiving the call request if the IP is consistent with the terminal IP.
In addition, the IP allocation method according to the embodiment of the present invention described in conjunction with fig. 1 or the IP authentication method according to the embodiment of the present invention described in conjunction with fig. 2 may be implemented by an electronic device. Fig. 8 is a schematic diagram illustrating a hardware structure of an electronic device according to an embodiment of the present invention.
The electronic device may include a processor 801 and a memory 802 that stores computer program instructions.
Specifically, the processor 801 may include a Central Processing Unit (CPU), or an Application Specific Integrated Circuit (ASIC), or may be configured as one or more Integrated circuits implementing embodiments of the present invention.
Memory 802 may include mass storage for data or instructions. By way of example, and not limitation, memory 802 may include a Hard Disk Drive (HDD), a floppy Disk Drive, flash memory, an optical Disk, a magneto-optical Disk, a tape, or a Universal Serial Bus (USB) Drive or a combination of two or more of these. Memory 802 may include removable or non-removable (or fixed) media, where appropriate. The memory 802 may be internal or external to the data processing apparatus, where appropriate. In a particular embodiment, the memory 802 is a non-volatile solid-state memory. In a particular embodiment, the memory 802 includes Read Only Memory (ROM). Where appropriate, the ROM may be mask-programmed ROM, Programmable ROM (PROM), Erasable PROM (EPROM), Electrically Erasable PROM (EEPROM), electrically rewritable ROM (EAROM), or flash memory or a combination of two or more of these.
The processor 801 reads and executes computer program instructions stored in the memory 802 to implement any one of the IP allocation methods or the IP authentication methods in the above embodiments.
In one example, the electronic device can also include a communication interface 803 and a bus 810. As shown in fig. 8, the processor 801, the memory 802, and the communication interface 803 are connected via a bus 810 to complete communication therebetween.
The communication interface 803 is mainly used for implementing communication between modules, apparatuses, units and/or devices in the embodiments of the present invention.
The bus 810 includes hardware, software, or both to couple the components of the electronic device to one another. By way of example, and not limitation, a bus may include an Accelerated Graphics Port (AGP) or other graphics bus, an Enhanced Industry Standard Architecture (EISA) bus, a Front Side Bus (FSB), a Hypertransport (HT) interconnect, an Industry Standard Architecture (ISA) bus, an infiniband interconnect, a Low Pin Count (LPC) bus, a memory bus, a Micro Channel Architecture (MCA) bus, a Peripheral Component Interconnect (PCI) bus, a PCI-Express (PCI-X) bus, a Serial Advanced Technology Attachment (SATA) bus, a video electronics standards association local (VLB) bus, or other suitable bus or a combination of two or more of these. Bus 810 may include one or more buses, where appropriate. Although specific buses have been described and shown in the embodiments of the invention, any suitable buses or interconnects are contemplated by the invention.
In addition, in combination with the IP allocation method or the IP authentication method in the foregoing embodiments, the embodiments of the present invention may provide a computer-readable storage medium to implement the IP allocation method or the IP authentication method. The computer readable storage medium having stored thereon computer program instructions; the computer program instructions, when executed by a processor, implement any one of the IP allocation methods or IP authentication methods described in the embodiments above.
It is to be understood that the invention is not limited to the specific arrangements and instrumentality described above and shown in the drawings. A detailed description of known methods is omitted herein for the sake of brevity. In the above embodiments, several specific steps are described and shown as examples. However, the method processes of the present invention are not limited to the specific steps described and illustrated, and those skilled in the art can make various changes, modifications and additions or change the order between the steps after comprehending the spirit of the present invention.
The functional blocks shown in the above-described structural block diagrams may be implemented as hardware, software, firmware, or a combination thereof. When implemented in hardware, it may be, for example, an electronic circuit, an Application Specific Integrated Circuit (ASIC), suitable firmware, plug-in, function card, or the like. When implemented in software, the elements of the invention are the programs or code segments used to perform the required tasks. The program or code segments may be stored in a machine-readable medium or transmitted by a data signal carried in a carrier wave over a transmission medium or a communication link. A "machine-readable medium" may include any medium that can store or transfer information. Examples of a machine-readable medium include electronic circuits, semiconductor memory devices, ROM, flash memory, Erasable ROM (EROM), floppy disks, CD-ROMs, optical disks, hard disks, fiber optic media, Radio Frequency (RF) links, and so forth. The code segments may be downloaded via computer networks such as the internet, intranet, etc.
It should also be noted that the exemplary embodiments mentioned in this patent describe some methods or systems based on a series of steps or devices. However, the present invention is not limited to the order of the above-described steps, that is, the steps may be performed in the order mentioned in the embodiments, may be performed in an order different from the order in the embodiments, or may be performed simultaneously.
As described above, only the specific embodiments of the present invention are provided, and it can be clearly understood by those skilled in the art that, for convenience and brevity of description, the specific working processes of the system, the module and the unit described above may refer to the corresponding processes in the foregoing method embodiments, and are not described herein again. It should be understood that the scope of the present invention is not limited thereto, and any person skilled in the art can easily conceive various equivalent modifications or substitutions within the technical scope of the present invention, and these modifications or substitutions should be covered within the scope of the present invention.

Claims (12)

1. An IP allocation method, wherein the execution subject of the method is BARS, and the method comprises:
judging whether the IP of the Internet protocol address of the terminal needs to be updated or not;
under the condition that the IP of the terminal needs to be updated, sending the IP to be allocated and the user number corresponding to the IP to be allocated to a Session Border Controller (SBC), so that the SBC correspondingly stores the IP to be allocated and the corresponding user number into an IP library;
and receiving confirmation information generated by the SBC based on the IP to be allocated and the user number, and allocating the IP to be allocated to the terminal based on the confirmation information.
2. The method of claim 1, wherein the determining whether the IP of the terminal needs to be updated comprises:
and receiving an IP acquisition request initiated by the terminal.
3. The method of claim 1, wherein the determining whether the IP address of the terminal needs to be updated further comprises:
and judging whether the current IP allocation time of the terminal is due or not according to a preset time threshold.
4. The method of claim 1, further comprising:
when the IP of the terminal needs to be updated, acquiring the number of the IP in an IP address pool;
and if the IP number does not meet the number of the terminals, stopping updating the IP of the terminals.
5. The method of claim 1, further comprising: and detecting the number of the IPs in the IP address pool, and when the number of the IPs in the IP address pool is reduced to a preset number threshold, initiating an insufficient IP alarm.
6. The method of claim 1, further comprising:
within a preset time period, the IP to be allocated and the user number corresponding to the IP to be allocated are sent to the SBC for multiple times;
and when the acknowledgement message sent by the SBC is not received within the preset time period, stopping sending the IP to be allocated to the terminal, and initiating a network interruption alarm.
7. An IP authentication method, wherein the execution body of the method is an SBC, and wherein the method comprises:
receiving a call request of a terminal, wherein the call request carries a user number and a terminal IP;
calling an IP corresponding to the user number in an IP library according to the user number; the IP in the IP library is the IP to be allocated according to any one of the claims 1 to 6;
when the IP is consistent with the terminal IP, the call request is accepted;
and when the IP is not consistent with the terminal IP, rejecting the call request.
8. An IP allocation apparatus, wherein the apparatus is applied to a BARS, the apparatus comprising:
the judging module is used for judging whether the IP of the Internet protocol address of the terminal needs to be updated or not;
a sending module, configured to send an IP to be allocated and a subscriber number corresponding to the IP to be allocated to a session border controller SBC when the IP of the terminal needs to be updated, so that the SBC correspondingly stores the IP to be allocated and the corresponding subscriber number in an IP library;
and the allocation module is used for receiving confirmation information which is fed back by the SBC and generated based on the IP to be allocated and the user number, and allocating the IP to be allocated to the corresponding terminal based on the confirmation information.
9. An IP authentication apparatus, wherein the apparatus is applied to an SBC, and the apparatus comprises:
the system comprises a receiving module, a sending module and a receiving module, wherein the receiving module is used for receiving a call request of a terminal, and the call request carries a user number and a terminal IP;
the calling module is used for calling the IP corresponding to the user number in the IP library according to the user number; the IP in the IP library is the IP to be allocated according to any one of the claims 1 to 6;
an IP judging module, which is used for receiving the call request when the IP is consistent with the terminal IP; and when the IP is not consistent with the terminal IP, rejecting the call request.
10. An IP authentication system is characterized in that the system comprises a broadband access server BRAS and an SBC;
the BRAS is configured to determine whether the IP of the terminal needs to be updated, and send the IP to be allocated and the subscriber number corresponding to the IP to be allocated to the SBC when the IP of the terminal needs to be updated, so that the SBC correspondingly stores the IP to be allocated and the corresponding subscriber number in an IP library; receiving confirmation information which is fed back by the SBC and generated based on the IP to be allocated and the user number, and allocating the IP to be allocated to the corresponding terminal based on the confirmation information;
the SBC is used for generating confirmation information based on the received user number corresponding to the IP to be allocated and sending the confirmation information to the BRAS;
the SBC is further configured to authenticate the terminal IP in the following manner:
receiving a call request of the terminal, wherein the call request carries a user number and a terminal IP;
calling an IP corresponding to the user number in an IP library according to the user number;
when the IP is consistent with the terminal IP, receiving the call request;
and when the IP is not consistent with the terminal IP, rejecting the call request.
11. An IP distribution apparatus, comprising: at least one processor, at least one memory, and computer program instructions stored in the memory that, when executed by the processor, implement the method of any of claims 1-6.
12. A computer-readable storage medium having computer program instructions stored thereon, which when executed by a processor implement the method of any one of claims 1-6.
CN201811626001.1A 2018-12-28 2018-12-28 IP distribution method, device and IP authentication method, device and system Active CN109451096B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201811626001.1A CN109451096B (en) 2018-12-28 2018-12-28 IP distribution method, device and IP authentication method, device and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201811626001.1A CN109451096B (en) 2018-12-28 2018-12-28 IP distribution method, device and IP authentication method, device and system

Publications (2)

Publication Number Publication Date
CN109451096A CN109451096A (en) 2019-03-08
CN109451096B true CN109451096B (en) 2021-11-23

Family

ID=65539715

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201811626001.1A Active CN109451096B (en) 2018-12-28 2018-12-28 IP distribution method, device and IP authentication method, device and system

Country Status (1)

Country Link
CN (1) CN109451096B (en)

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1777322A (en) * 2004-11-15 2006-05-24 华为技术有限公司 Method for treating user of updating IP address at network side
CN101212356A (en) * 2006-12-31 2008-07-02 华为技术有限公司 Session border controller, home user server, communication system and listening method
CN101647247A (en) * 2005-11-04 2010-02-10 布罗迪索夫特M6有限责任公司 Emergency services directory number registration assistance for the user who uses portable network agreement (IP) communication equipment
CN102958046A (en) * 2011-08-22 2013-03-06 中兴通讯股份有限公司 Method and system for controlling mobile terminal access services and DRA (diameter routing agent)
CN103888415A (en) * 2012-12-20 2014-06-25 中国移动通信集团公司 IMS subscriber nomadism control method and device
CN104066109A (en) * 2014-06-30 2014-09-24 中国联合网络通信集团有限公司 Method, device and system for registration management of IMS network
CN104519012A (en) * 2013-09-27 2015-04-15 上海信擎信息技术有限公司 SIP-protocol-based method and system for detecting communication network attack

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8553685B2 (en) * 2009-10-28 2013-10-08 Verizon Patent And Licensing Inc. Session border control migration
CN102546568B (en) * 2010-12-31 2015-04-08 华为技术有限公司 Method and device for Internet protocol (IP) terminal being accessed into network
CN105376340A (en) * 2014-09-02 2016-03-02 中国电信股份有限公司 Method of distributing IP addresses in differentiation mode and system thereof

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1777322A (en) * 2004-11-15 2006-05-24 华为技术有限公司 Method for treating user of updating IP address at network side
CN101647247A (en) * 2005-11-04 2010-02-10 布罗迪索夫特M6有限责任公司 Emergency services directory number registration assistance for the user who uses portable network agreement (IP) communication equipment
CN101212356A (en) * 2006-12-31 2008-07-02 华为技术有限公司 Session border controller, home user server, communication system and listening method
CN102958046A (en) * 2011-08-22 2013-03-06 中兴通讯股份有限公司 Method and system for controlling mobile terminal access services and DRA (diameter routing agent)
CN103888415A (en) * 2012-12-20 2014-06-25 中国移动通信集团公司 IMS subscriber nomadism control method and device
CN104519012A (en) * 2013-09-27 2015-04-15 上海信擎信息技术有限公司 SIP-protocol-based method and system for detecting communication network attack
CN104066109A (en) * 2014-06-30 2014-09-24 中国联合网络通信集团有限公司 Method, device and system for registration management of IMS network

Also Published As

Publication number Publication date
CN109451096A (en) 2019-03-08

Similar Documents

Publication Publication Date Title
KR100578685B1 (en) Method and system for verifying the authenticity of a first communication participants in a communications network
CN112069493B (en) Authentication system and authentication method
CN108462687B (en) Anti-swipe login method and device, terminal device and storage medium
KR20040028597A (en) Test enabled application execution
WO2018000568A1 (en) Virtual sim card management method, management device, server and terminal
CN108667828A (en) Risk control method and device and storage medium
CN110545272B (en) Identity authentication method, authority authentication method, device, user management system and storage medium
CN112583607A (en) Equipment access management method, device, system and storage medium
CN105681258A (en) Session method and session device based on third-party server
CN110247897B (en) System login method, device, gateway and computer readable storage medium
CN111259084A (en) Management method, device, equipment and storage medium for accounting node of alliance chain
CN105681047A (en) CA certificate issuance method and system
CN105682233A (en) Wireless fidelity WI-FI sharing method and device
CN109451096B (en) IP distribution method, device and IP authentication method, device and system
CN106911727B (en) Application program log-in control method, device and intelligent terminal
TW202338687A (en) Payment method, user terminal, device, equipment, system and medium
CN109858235B (en) Portable equipment and password obtaining method and device thereof
CN104301893B (en) A kind of method for authenticating, mobile communication authentication platform and equipment
CN111385256A (en) Method, device, equipment and medium for migrating batch applications
CN110011992B (en) System login method and electronic equipment
CN111314348A (en) Method and device for establishing trust degree model, trust evaluation and equipment authentication
WO2023142437A1 (en) Identity authentication method and apparatus, device, and computer readable storage medium
CN102055728B (en) System login method for avoiding account number from being falsely used
CN111385279A (en) Service access authority system and method
CN112235317B (en) Third-party application login system and method based on big data

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant