CN101605333B - Method and system for protection against the unauthorised use of a terminal - Google Patents
Method and system for protection against the unauthorised use of a terminal Download PDFInfo
- Publication number
- CN101605333B CN101605333B CN200910147406.1A CN200910147406A CN101605333B CN 101605333 B CN101605333 B CN 101605333B CN 200910147406 A CN200910147406 A CN 200910147406A CN 101605333 B CN101605333 B CN 101605333B
- Authority
- CN
- China
- Prior art keywords
- terminal
- network
- stored
- temporary mark
- message
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/12—Detection or prevention of fraud
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W4/00—Services specially adapted for wireless communication networks; Facilities therefor
- H04W4/60—Subscription-based services using application servers or record carriers, e.g. SIM application toolkits
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/30—Network architectures or network communication protocols for network security for supporting lawful interception, monitoring or retaining of communications or communication related information
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/02—Protecting privacy or anonymity, e.g. protecting personally identifiable information [PII]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/08—Access security
- H04W12/082—Access security using revocation of authorisation
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/40—Security arrangements using identity modules
- H04W12/48—Security arrangements using identity modules using secure binding, e.g. securely binding identity modules to devices, services or applications
Abstract
The invention discloses a method and a system for protection against the unauthorised use of a terminal. A method and system for protecting against unauthorized use of a mobile terminal operating with a subscriber identity module (SIM) card is provided. The method for protecting against unauthorized use of a terminal operating with a subscriber identity module (SIM) card compares a secondary version of a temporary identity information stored in a storage unit and a primary version of the temporary identity information stored in the SIM card; sends a message containing a unique identity information to a network when the primary version and the secondary version of the temporary identity information differ from each other; and restricts operation of a function of the terminal when a registration reject message is received in response to the message containing the unique identity information.
Description
Technical field
Each aspect of the present invention relates to the protection that prevents that unauthorized terminal from using, and specifically, relates to a kind of for preventing that user's identification module (SIM) from blocking guard method and the system of the unauthorized use of the mobile terminal of operation.
Background technology
Conventionally, asynchronous communication system uses (comprising as the global system for mobile communications (GSM) of the second generation (2G) system, as the universal mobile telecommunications system (UMTS) of the third generation (3G) system and as the GPRS (GPRS) in the middle generation between 2G GSM technology and 3G UMTS technology) subscriber identification module (SIM) and the general SIM (USIM) of chip form.
Form with card (hereinafter referred to as SIM card) provides SIM or USIM chip, described card storage is for identifying user's information, thereby in the time being equipped with the mobile terminal of SIM card to attempt service that access communication system network provides, the information that network provides by SIM card is identified user.
Be stored in user totem information in SIM card and comprise Temporary Mobile Subscriber Identity (TMSI) and the grouping-Temporary Mobile Subscriber Identity (P-TMSI) of unique IMSI International Mobile Subscriber Identity (IMSI) and network allocation.
Be different from unique IMSI, by network allocation TMSI and P-TMSI, once and network identified user by IMSI, so using TMSI and P-TMSI instead of continue to use IMSI in the time that network request registered with rear.That is to say, IMSI is for initial network registration, and TMSI and P-TMSI are respectively used to receiving circuit Exchange Service and packet-switched services after completing initial network registration.
TMSI or P-TMSI are distributed to user by network by authorized user.Therefore, once distribute in SIM card and store TMSI or P-TMSI by general location registration process, the service that is equipped with so the mobile terminal of SIM card can use TMSI or P-TMSI accesses network to provide.That is to say, in the authorisation process of initial registration, use IMSI, after initial registration, use TMSI or P-TMSI to visit service, and do not need further user identification checking.
But, can revise (for example, attack or distort) for storing the TMSI that distributes by general location registration process or the SIM card of P-TMSI, use for unauthorized (illegally).
In the case of specific dedicated operator (carrier-dedicated) mobile terminal that only allows access operator network, the network code of mobile terminal check IMSI, and when being stored in the network code of the IMSI in SIM card when different from carrier network code, the access of restriction to network.Network code can be operator code, such as the mobile network code, MNC (MNC) of a part of composition IMSI.In addition, can use PLMN (PLMN) code.That is to say, the PLMN code that mobile terminal identification forms the PLMN code of a part that is stored in the IMSI in SIM card and receives from network, and in the time that these two PLMN codes are mutually the same, continue common boot program.Otherwise, mobile terminal limiting access network.
Conventionally, specific dedicated operator mobile terminal only allows unconfined accesses network in the time that the network code that is stored in the IMSI in SIM card is identical with carrier network code.But, when being stored in the network identification code of the IMSI in SIM card while being tampered (no unauthorized modifications), (for example, illegal) normally and unrestrictedly used the mobile terminal of having the SIM card of storing the IMSI distorting can on dedicated operator network, not need mandate.
Summary of the invention
Therefore, each aspect of the present invention provides a kind of guard method and system of the unauthorized use that prevents the mobile terminal of having the SIM card of distorting.
An aspect of of the present present invention comprises the guard method and the system that prevent from untiing in swindle mode the unauthorized use of the mobile terminal of SIM lock/network lock.
An aspect of of the present present invention comprises by making the rogue release ability not having network lock/SIM lock prevent guard method and the system that the unauthorized of mobile terminal uses.
To in ensuing description, part set forth other feature of the present invention, some will be clearly by description, or can learn through enforcement of the present invention.
The invention discloses the guard method that the unauthorized of the terminal of one (SIM) the card operation that prevents having subscriber identification module uses, comprising: the copy that is stored in the temporary mark information in memory cell is compared with the prototype version that is stored in the temporary mark information in SIM card; In the time that the prototype version of temporary mark information and the copy of temporary mark information differ from one another, the message that comprises unique identification information is sent to network; In the time that the message in response to comprising unique identification information receives registration reject message from network, the operation of the predetermined function of limiting terminal.
The invention also discloses the terminal that one has subscriber identification module (SIM) card, comprising: radio frequency unit, foundation is connected with network, to provide service to terminal; Memory cell, the copy of the temporary mark information that storage networking distributes; Control unit, described copy and the prototype version that is stored in the temporary mark information in SIM card are compared, in the time that differing from one another, the prototype version of temporary mark information and the copy of temporary mark information the message that comprises unique identification information is sent to network, the operation of the function of limiting terminal in the time that the message in response to comprising unique identification information receives registration reject message from network.
The invention also discloses a kind of system of the unauthorized use that prevents the terminal of utilizing the operation of subscriber identification module SIM card.Described system comprises: terminal, to be stored in the prototype version of the temporary mark information in SIM card and the copy of temporary mark information compares, in the time that the prototype version of temporary mark information and the copy of temporary mark information differ from one another, the message that comprises unique identification information is sent to network, in the time that the message in response to comprising unique identification information receives registration reject message from network, the operation of the function of limiting terminal; Network, checks the unique identification information comprising the message receiving from terminal, and in the time that unique identification information is invalid, registration reject message is sent to terminal.
Be appreciated that general description above and detailed description are below exemplary and explanat, object is to provide to further explanation of the present invention.
Brief description of the drawings
The accompanying drawing that is included to provide a further understanding of the present invention and is herein incorporated a part that forms specification illustrates embodiments of the invention, and accompanying drawing is together with the description for explaining principle of the present invention.
Fig. 1 is the diagram illustrating according to the configuration of the terminal with SIM card of exemplary embodiment of the present invention.
Fig. 2 is the diagram that the structure of the IMSI in the SIM card 100 that is stored in Fig. 1 is shown.
Fig. 3 is the flow chart that prevents the guard method that the unauthorized of mobile terminal is used illustrating according to exemplary embodiment of the present invention.
Fig. 4 is the message flow diagram illustrating when being attached to SIM card in the terminal step of the registration process of the guard method of Fig. 3 when invalid.
Fig. 5 is the message flow diagram that the step of the registration process of the guard method of Fig. 3 in the time that terminal is identified as effective terminal is shown.
Fig. 6 is the message flow diagram that the step of the common registration process of the guard method of Fig. 3 is shown.
Fig. 7 is the flow chart illustrating according to the guard method of the mobile terminal of another exemplary embodiment of the present invention.
Fig. 8 is the message flow diagram illustrating when being attached to SIM card in the terminal step of the registration process of the guard method of Fig. 7 when effective.
Fig. 9 is the message flow diagram illustrating when being attached to SIM card in the terminal step of the registration process of the guard method of Fig. 7 when invalid.
Embodiment
Describe more all sidedly exemplary embodiment of the present invention hereinafter with reference to accompanying drawing, wherein, embodiments of the invention are shown in the drawings.But the present invention can be implemented and should not be construed as limited to exemplary embodiment set forth herein in many different forms.In addition, thus provide these embodiment disclosure thoroughly and fully scope of the present invention to be conveyed to those skilled in the art.In accompanying drawing, identical label refers to identical parts.Can omit the known function that is herein incorporated and the detailed description of structure, to avoid making theme of the present invention fuzzy.
Fig. 1 is the diagram illustrating according to the configuration of the terminal with SIM card of exemplary embodiment of the present invention.
Although described the relevant exemplary internal part of operation using to the unauthorized that prevents mobile terminal 200 in Fig. 1, mobile terminal 200 can comprise other parts (not shown) that miscellaneous function is required.
In Fig. 1, SIM card 100 comprises chip, the user's of the service that storage provides about the second generation (2G) communication network (such as global system for mobile communications (GSM)) for identification information and the information for authorization terminal, charging, safety etc.
In the exemplary embodiment, in the third generation (3G) communication system, SIM card can be as the Universal Integrated Circuit Card of the equivalent of SIM card (UICC) or USIM (USIM).Therefore, should be appreciated that, SIM card 100 is at least one devices that have in SIM, USIM and equivalent thereof.
With reference to Fig. 1, mobile terminal 200 is implemented as has SIM card 100, and described SIM card 100 can be attached on mobile terminal 200 or from mobile terminal 200 and remove.Mobile terminal 200 comprises radio frequency (RF) unit 210, data processing unit 220, control unit 240, memory cell 250, display unit 260 and input unit 270.
Fig. 2 is the diagram that the example arrangement of the IMSI in the SIM card 100 that is stored in Fig. 1 is shown.
With reference to Fig. 2, IMSI be distribute to each mobile subscriber (, SIM card 100) preferably for being less than or equaling 15 digital unique identifiers.As shown in Figure 2, IMSI comprises the mobile network code, MNC (MNC) of 3 digital mobile country codes (MCC), a 2-3 numeral and is less than or equals 10 digital moving station mark symbolic codes (MSIN).
MCC and MNC are used for identifying user's local network (for example, home public land mobile network network (HPLMN)), and are distributed to uniquely each Virtual network operator.
In the time that terminal roaming arrives another network, the network of roaming (, accessed network or accessed PLMN (VPLMN)) refer to the MCC and the MNC (combination of MCC and MNC mostly is 6 numerals most in this exemplary embodiment) that are stored in SIM card 100, for the HPLMN of identification terminal 200.
Compare with MNC with the MCC for Network Recognition, MSIN is used for identifying user.
In IMSI code, MCC and MNC network identifier are the most easily tampered.Be called as SIM lock or network lock information for the information of the use of limiting terminal to other Virtual network operator (Virtual network operator of roaming).Network lock information can comprise MCC and MNC, sometimes comprises a part of MSIN.For example, the private number of (for example, 2 numerals) network subset of MCC, MNC and 2-3 numeral can be used as network lock information.Preferably, network lock information comprises MCC and MNC.
As mentioned above, network lock information is for verifying the validity of the SIM card 100 being attached in terminal 200.That is to say, use network lock Information Authentication to be attached to SIM card 100 in specific dedicated operator terminal 200 whether effective for carrier network.
With reference to Fig. 1, the wireless link with network is set up in radio frequency (RF) unit 210.RF unit 210 comprises: RF transmitter, and for upper conversion transmitted signal frequency, and amplifying signal; RF receiver, the signal receiving for low noise amplification, and the signal frequency of lower conversion reception.RF unit 210 sends to network by service request signal with for other signal of user totem information, and receives the signal that network sends.Particularly, RF unit 210 is transmitted in network the message producing in registration process mutually.
Specifically, in the exemplary embodiment, in the time having the terminal 200 of SIM card attached to it 100 and start shooting, control unit 240 compares the TMSI storing in the TMSI of storage in memory cell 250 and SIM card 100.In the time that two TMSI differ from one another, the login request message that comprises TMSI mismatch information is sent to network by control unit 240.If receive the registration reply message in response to login request message, control unit 240 restrictions have the use of the terminal 200 of SIM card 100.
In the exemplary embodiment, in the time thering is the terminal 200 of SIM card 100 and start shooting, control unit 240 by the network identification information receiving from current service network (for example, PLMN (PLMN) code) compare with IMSI, specifically, the network identification information (for example, PLMN (PLMN) code) receiving from current service network is compared with MMC and MNC (PLMN code) that composition is stored in a part of the IMSI in SIM card 100.In the time that two PLMN codes differ from one another, control unit 240 restrictions are with function and the operation of the terminal 200 of SIM card 100.The system information sending from network cycle obtains network identification information (, PLMN code).
In the time that two PLMN codes are mutually the same, control unit 240 compares the LOCI of storage in the positional information (LOCI) of storage in memory cell 250 and SIM card 100.LOCI comprises TMSI and location area identifier (LAI).That is to say, the TMSI that control unit 240 provides the TMSI obtaining from the LOCI being stored in memory cell 250 and SIM card 100 compares.
In the time that two TMSI are mutually the same, control unit 240 verifies that the TMSI obtaining from LOCI is effective, and the login request message that comprises TMSI is sent to network.In the time that two TMSI differ from one another, the TMSI of checking LOCI is invalid, deletes TMSI, and the login request message that comprises IMSI is sent to network.The delete step of TMSI comprises: delete the LOCI of storage in memory cell 250 and delete the LOCI of storage in SIM card 100, and can obtain the IMSI being included in login request message from memory cell 250 or SIM card 100.
Accept message if receive registration in response to the login request message that comprises TMSI or IMSI from network, control unit 240 is enabled the function for respective service.Otherwise if receive registration reject message, control unit 240 forbiddings are for the function of respective service.That is to say, in the time attempting finding failure of effective TMSI, control unit 240 sends the login request message that comprises IMSI.If network determines SIM card 100 and be not registered to network, registration reject message is sent to terminal 200 by network.Therefore, restriction has terminal 200 access services of SIM card 100.
For this reason, control unit 240 comprises information comparator 242, for the PLMN code of storage in the PLMN code of memory cell 250 storages and SIM card 100 is compared, and the TMSI of storage in the TMSI of storage in memory cell 250 and SIM card 100 is compared.Control unit 240 also comprises message generator 244, produces the login request message that comprises TMSI mismatch information in requesting terminal while sending IMSI information, and produces the identification response message in response to the identification request message receiving.
In the time that the TMSI storing in the TMSI storing in memory cell 250 and SIM card 100 is mutually the same, message generator 244 also produces the login request message that comprises TMSI.Under the control of control unit 240, in the time that two Temporary Mobile Subscriber Identity (TMSI) differ from one another, message generator 244 also produces the login request message that comprises IMSI.Available position update request message replaces login request message.In this case, message generator 244 is according to two whether mutually the same location update request message that comprise TMSI or IMSI that produce of TMSI.
The viewdata that display unit 260 produces while being presented at terminal 200 working procedure and the data of inputting by key operation.Display unit 260 can be implemented as liquid crystal display (LCD).In the time that LCD supports touch screen function, display unit 260 can be used as a part for input unit 270.Display unit 260 also shows the alert message for informing users from networks receipt message, such as registration reject message.
The unauthorized that the terminal 200 with SIM card 100 that uses said structure is described in further detail below uses the exemplary embodiment of method for limiting.
Fig. 3 is the flow chart that the guard method using according to the unauthorized that prevents mobile terminal of exemplary embodiment of the present invention is shown.In the following description, terminal is called as " mobile radio station (MS) " and " subscriber equipment (UE) " convertibly.
With reference to Fig. 3, once there is the terminal 200 of SIM card 100 start shooting (S305), (control unit 240 reads the inside TMSI that is stored in memory cell 250 so, TMSI or P-TMSI) and be stored in card TMSI in SIM card (, TMSI or P-TMSI) (S310), and determine inner TMSI and card TMSI whether mutually the same (S315).If two TMSI are mutually the same, process and proceed to step S350, otherwise, process and proceed to step S320.
In the time that two TMSI differ from one another, for example, in the time that terminal 200 is never used SIM card 100, control unit 240 detects TMSI mismatch.Control unit 240 also can, before inner TMSI and card TMSI are compared, compare the ICCID of storage in the integrated circuit card ID (ICCID) of SIM card 100 and memory cell 250.
Conventionally,, in the time that terminal 200 is successfully registered to network, the ICCID of SIM card 100 is read out and is stored in memory cell 250.Therefore, control unit 240 can relatively process to check whether the SIM card 100 being attached in terminal 200 changes by ICCID.Even determine that when relatively processing by ICCID SIM card 100 is while having changed, control unit 240 is also considered as TMSI mismatch by ICCID mismatch.
At step S320, control unit 240 produces the login request message that comprises TMSI mismatch information.Here, can be location update request message or attach request message by the login request message being sent out, this depends on network.
That is to say, at both networks of packet switching (PS) of supporting to serve and serve as packet data call as the circuit switching (CS) of voice call service (for example, universal mobile telecommunications system (UMTS) network) in, terminal 200 will send to the CS territory of serving for CS and the PS territory of serving for PS for the attach request message of registering.
Simultaneously, at the network of only supporting CS service (for example, global system for mobile communications (GSM) network) in, terminal 200 will send to CS territory for the location update request message of registering, and will send to PS territory for the attach request message of registering.
Table 1 and table 2 illustrate respectively the information element being included in exemplary position update request message and the exemplary attach request message that comprises TMSI mismatch information.
Table 1
| IEI | Information element | Type | Exist | Form | Length |
| Mobility management protocol is differentiated | Protocol discriminator | M | V | 1/2 | |
| Skip indicator | Skip indicator | M | V | 1/2 | |
| Location update message type | Type of message | M | V | 1 | |
| Position updating type | Position updating type | M | V | 1/2 | |
| Encryption key sequence number | Encryption key sequence number | M | V | 1/2 |
| Band of position identification | Band of position identification | M | V | 5 | |
| Mobile radio station grade | Mobile radio station grade 1 | M | V | 1 | |
| Mobile logo | Mobile logo | M | LV | 2-9 | |
| 33 | The mobile radio station grade of UMTS | Mobile radio station grade 2 | O | TLV | 5 |
| XX | RPLMN | RPLMN | O | LV | 4 |
| XX | TMSI state | TMSI state | O | TV | 1 |
As shown in table 1, location update request message comprises information element (IE), the TMSI state using such as the PLMN (RPLMN) of registration with for the unauthorized of limiting terminal 200.
In more detail, location update request message comprises: the mobility management protocol discriminator IE of 1/2 byte (4 bit), as the pressure for criterion of identification layer 3 protocol message (M) IE; The skip indicator IE of 1/2 byte, as being used to indicate message by uncared-for pressure IE; The location update request message type i E of 1 byte, as the pressure IE that is used to indicate location update request message; The position updating type IE of 1/2 byte is the pressure IE that the common registration of request, periodic registration or IMSI connect as being used to indicate location update request message; The encryption key sequence IE of 1/2 byte, as the pressure IE that is used to indicate encryption key; The band of position identification IE of 5 bytes, as the pressure IE for identified region; Mobile radio station grade (classmark) IE of 1 byte, as the pressure IE that high priority message is provided; The mobile logo IE of 2-9 byte, as the pressure IE that is used to indicate identification information (such as IMSI or TMSI); The mobile radio station grade IE for universal mobile telecommunications system (UMTS) of 5 bytes, as being used to UMTS that optional (O) IE of high priority and low priority is provided; The RPLMN IE of 4 bytes, as the optional IE of the network information that is used to indicate registration; And the TMSI state I E of 1 byte, as the optional IE that is used to indicate TMSI mismatch.
Table 2
| IEI | Information element | Type | Exist | Form | Length |
| Protocol discriminator | Protocol discriminator | M | V | 1/2 | |
| Skip indicator | Skip indicator | M | V | 1/2 | |
| Attach request message mark | Type of message | M | V | 1 | |
| MS network capacity | MS network capacity | M | LV | 3-9 | |
| Addition type | Addition type | M | V | 1/2 | |
| GPRS encryption key sequence number | Encryption key sequence number | M | V | 1/2 | |
| DRX parameter | DRX parameter | M | V | 2 |
| P-TMSI or IMSI | Mobile logo | M | LV | 6-9 | |
| Old Routing Area identification | Routing Area identification | M | V | 6 | |
| MS accessing wirelessly capacity | MS accessing wirelessly | M | LV | 6-52 | |
| 19 | Old P-TMSI signature | P-TMSI signature | O | TV | 4 |
| 17 | The READY timer value of request | GPRS timer | O | TV | 2 |
| XX | TMSI state | TMSI state | O | TV | 1 |
As shown in table 2, attach request message is the message that sends to PS territory when to CS territory and PS territory request registration.For simultaneously, to CS territory and the registration of PS territory, attach request message also comprises the RPLM IE shown in table 1.
In more detail, attach request message comprises: the protocol discriminator IE of 1/2 byte (4 bit), as the pressure IE for criterion of identification layer 3 protocol message; The skip indicator IE of 1/2 byte, as being used to indicate message by uncared-for pressure IE; The attach request message mark IE of 1 byte, as the pressure IE that is used to indicate attach request message; Mobile radio station (MS) the network capacity IE of 3-9 byte, as the pressure IE that is used to indicate the MS network capacity relevant to GPRS (GPRS); The addition type IE of 1/2 byte, as the pressure IE that is used to indicate addition type (GPRS that, MS request GPRS still combines); The GPRS encryption key sequence IE of 1/2 byte, as the pressure IE that comprises GPRS encryption key sequence number; Discontinuous reception (DRX) the parameter I E of 2 bytes, as will connecting while changing to UMTS network from GSM network or the pressure IE comprising in the time that new DRX parameter is offered network by MS as MS; The P-TMSI of 6-9 byte or IMSI IE, as the pressure IE that is used to indicate mobile logo (such as P-TMSI or IMSI); The old Routing Area identification IE of 6 bytes, as the pressure IE for identifying Routing Area; The MS accessing wirelessly capacity IE of 6-52 byte, as the pressure IE of wireless capacity that is used to indicate MS; The old P-TMSI signature of 4 bytes, as receiving the additional optional IE that adds when message or routing region updating are accepted message of accepting in terminal from network; The READY timer value IE of the request of 2 bytes, as the optional IE that is used to indicate the preferred value to READY timer; And the TMSI state I E of 1 byte, as the optional IE that is used to indicate TMSI mismatch.
As mentioned above, when login request message is during simultaneously to CS territory and PS territory request registration, add the RPLMN shown in table 1 to table 2.
Particularly, in the exemplary embodiment, login request message comprises specific IE, for asking network to carry out identifying processing in the time TMSI mismatch being detected.That is to say, the login request message with RPLMN IE and TMSI state I E shown in table 1 and table 2 is sent to network by terminal 200, thereby network is carried out identifying processing.Table 3 and table 4 illustrate respectively the detailed structure of RPLMN IE and TMSI state.
Table 3
As shown in table 3, RPLMN IE is 4 eight bit bytes long (4 bytes).RPLMN IE comprises: RPLMN information element identifier (IEI) (first eight bit byte), MCC information (front 4 bits of second eight bit byte and the 3rd eight bit byte) and MNC information (rear 4 bits of the 3rd eight bit byte and the 4th eight bit byte).Current service network can use MCC information and the MNC information acquisition information about previous service network, that is, and and based on being included in MCC information in RPLMN IE and MNC information acquisition terminal 200 to its registration and be assigned with the information of the network of TMSI.
Table 4
As shown in table 4, TMSI state I E is that 1 eight bit byte is long, and the idle bit (the second to the 4th bit) and the TMSI state I EI (the 5th to the 8th bit) that comprise TMSI mark (the first bit), fill with " 0 ".If TMSI is marked in location update request message or attach request message and is set to 1, TMSI mark instruction TMSI mismatch, that is, do not have effective TMSI to use.Therefore the network that, receives this location update request message or this attach request message is carried out the user's identifying processing to terminal 200.
Return to Fig. 3, after step S320 produces the login request message that comprises TMSI mismatch information, login request message is sent to network (S325) by control unit 240.Next, control unit 240 receives the identification request message sending in response to the network of login request message, and carries out identifying processing (S330).
If terminal is identified as effective terminal 200 in identifying processing, control unit 240 is carried out authorisation process to network.Otherwise, for example, if terminal 200 is identified as inactive terminals (, with the terminal of the SIM card of distorting), refuse registration request.With reference to Fig. 4 and Fig. 5, registration process is described in further detail after a while.
After completing identifying processing, control unit 240 determines by checking the registration reply message that network sends whether mobile terminal 200 is successfully registered to network (S335).Registration reply message can be that message (comprise position is upgraded accept message or the additional message of accepting) or registration reject message (comprise position upgrade refuse information and additional refuse information) are accepted in registration.
Accept message or the additional message of accepting if receive to upgrade, control unit 240 determines that terminal 200 is successfully registered to network, proceeds to step S360 thereby process.Otherwise, upgrade refuse information or additional refuse information if receive position, control unit 240 determines that terminal 200 is registered to network failure, proceeds to step S340 thereby process.
At step S340, control unit 240 shows for the unauthorized of mobile terminal 200 is used to the alert message of informing user on the display unit 250 of mobile terminal 200, and the preset function of limiting terminal.Can arrange unauthorized is used to the function limiting in the fabrication stage of terminal, to prevent the utilizing SIM card that another Virtual network operator user has to use terminal in undelegated situation.
If mutually the same at the inner TMSI of step S315 and card TMSI, control unit 240 is carried out the common location registration process of network, and the TMSI of network allocation or P-TMSI are stored in memory cell 250 and SIM card 100 (S350).Meanwhile, control unit 240 also stores the ICCID obtaining from SIM card 100 memory cell 250 into.Use copies to the ICCID in memory cell 250, and in the time having the terminal 200 of SIM card and start shooting, terminal checks whether SIM card changes.In the situation that redistributing TMSI or P-TMSI, message is accepted in the position renewal sending by network or TMSI or the P-TMSI that message sink is new accepted in access.Once mobile terminal 200 is successfully registered to network, control unit 240 is waited for service request event (S365) so.
In addition, if be successfully registered to network at step S335 mobile terminal 200, control unit 240 is stored in the TMSI of network allocation or P-TMSI in memory cell 250 and SIM card 100 (S360).Now, control unit 240 can be stored in the ICCID obtaining from SIM card memory cell 250.Next, control unit 240 is waited for service request event (S365).
Although do not describe in Fig. 3, the guard method that unauthorized is used can comprise the PLMN code comparison procedure with reference to Fig. 7, Fig. 8 and Fig. 9 description after a while.That is to say, in the time that terminal 200 is started shooting, control unit 240 can compare the PLMN code of the IMSI of storage in the network identification information receiving from network (, PLMN code) and SIM card 100, and can be according to the use of comparative result limiting terminal 200 or execution step S310.With reference to Fig. 7, Fig. 8 and Fig. 9, PLMN code comparison procedure is described in further detail.
The registration process of the terminal recognition processing comprising between terminal and network is now described in further detail with reference to Fig. 4 and Fig. 5.
Fig. 4 illustrates the registration process in the time that invalid SIM card is attached in terminal, and Fig. 5 illustrates the registration process in the time that effective SIM card is attached in terminal.
Fig. 4 be illustrate when be attached to SIM card in terminal when invalid the unauthorized of Fig. 3 use the message flow diagram of the step of the registration process of prevention method (preventing the guard method that unauthorized uses).
With reference to Fig. 4, once determine that the inside TMSI in the memory cell 250 that is stored in terminal 200 differs from one another with the card TMSI being stored in the SIM card 100 being attached in terminal 200, terminal 200 produces the location update request message and the attach request message that comprise by the TMSI mismatch information of RPLMN IE (in table 3) and TMSI state I E (in table 4) instruction so.
Next, location update request message (S401) and attach request message (S403) are sent to network 500 by terminal 200.Location update request message is used for to CS territory request registration, and attach request message is used for to PS territory request registration.
Fig. 4 is illustrated in hypothesis network 500 need to be to the message flow between terminal 200 in the situation of CS territory and the registration of PS territory and network 500.If network 500 is supported to register to CS territory and PS territory simultaneously, skip the transmission of location update request message.
After receiving the message that comprises TMSI mismatch information, network 500 is by identification request message transmitting terminal 200, with identification terminal 200 (S405).Build identification request message with the message format defining in international standard, therefore in the disclosure, omit describing in further detail of identification request message.
After receiving identification request message, the identification response message that comprises its identification information is sent to network 500 (S407) by terminal 200.The identification information being included in identification response message is the IMSI that the SIM card 100 from being attached to terminal 200 reads.
After receiving identification response message, whether effectively network 500 compares the IMSI extracting from identification response message and the IMSI (being stored in network 500) registering to home location register device (HLR), and definite terminal 200 (S409).Thereby Fig. 4 has described two IMSI and has differed from one another and terminal 200 is defined as to the situation (S409) of inactive terminals.
If network 500 is supported to register to CS territory and PS territory simultaneously, can skip the transmission of position renewal refuse information.
Build identification response message, position renewal refuse information and additional refuse information with the message format defining in international standard, therefore in current description, omit describing in further detail of these message.
Fig. 5 illustrates that the unauthorized of Fig. 3 in the time that terminal is identified as effective terminal uses the message flow diagram of the step of the registration process of prevention method.
With reference to Fig. 5, once the card TMSI of the inside TMSI in definite memory cell 250 that is stored in terminal 200 in being stored in the SIM card 100 being attached in terminal 200 differs from one another, terminal 200 produces the location update request message and the attach request message that comprise by the TMSI mismatch information of RPLMN IE (in table 3) and TMSI state I E (in table 4) instruction so.
Next, location update request message (S501) and attach request message (S503) are sent to network 500 by terminal 200.Location update request message is used for to CS territory request registration, and attach request message is used for to PS territory request registration.
Fig. 5 is illustrated in hypothesis network 500 need to be to the message flow between terminal 200 in the situation of CS territory and the registration of PS territory and network 500.If network 500 is supported to register to CS territory and PS territory simultaneously, skip the transmission of location update request message.
After receiving the message that comprises TMSI mismatch information, network 500 is by identification request message transmitting terminal 200, with identification terminal 200 (S505).
After receiving identification request message, the identification response message that comprises its identification information is sent to network 500 (S507) by terminal 200.The identification information being included in identification response message is the IMSI that the SIM card 100 from being attached to terminal 200 reads.
After receiving identification response message, whether effectively network 500 compares the IMSI extracting from identification response message and the IMSI (being stored in network 500) registering to home location register device (HLR), and definite terminal 200 (S509).Thereby Fig. 5 has described two mutually the same situations (S509) that terminal 200 are defined as to effective terminal of IMSI.
Once determine that at step S509 terminal 200 is for effective terminal, mandate and encryption request message are sent to terminal 200 by network 500 so, the position of asking for terminal 200 is upgraded and is processed (S511).After receiving mandate and encryption request message, terminal 200 will send to network (S513) in response to mandate and the encrypted response message of mandate and encryption request message.
By the exchange of mandate and encryption request message and mandate and encrypted response message, network 500 is carried out and is authorized and encryption configuration, for providing service to terminal.Once terminal 200 is successfully registered to network 500 by mandate and encryption, network 500 sends to terminal 200 (S515) in response to location update request message by indicating the successfully position renewal to the registration of CS territory to accept message so.If network 500 has distributed new TMSI, accept message to the position renewal of terminal 200 and comprise new TMSI.
In addition, network 500 sends to terminal 200 (S517) by indicating successfully to the additional message of accepting of PS territory registration in response to attach request message.
If network 500 is supported to register to CS territory and PS territory simultaneously, omit position and upgrade the transmission of accepting message.
Build identification request message, identification response message, mandate and encryption request message, mandate and encrypted response message, position with the message format defining in international standard and upgrade and accept message and additionally accept message, therefore omit describing in further detail of these message here.
Fig. 6 illustrates that the unauthorized of Fig. 3 uses the message flow diagram of the step of the common registration process of prevention method.
With reference to Fig. 6, once determine the inside TMSI that is stored in the memory cell 250 of terminal 200 and to be stored in card TMSI in the SIM card 100 being attached in terminal 200 mutually the same, terminal 200 produces location update request message and attach request message so.In this case, because two TMSI are mutually the same, therefore location update request message and attach request message do not carry TMSI mismatch information.
Next, location update request message (S601) and attach request message (S603) are sent to network 500 by terminal 200.Location update request message is used for to CS territory request registration, and attach request message is used for to PS territory request registration.
Fig. 6 is illustrated in hypothesis network 500 need to be to the message flow between terminal 200 in the situation of CS territory and the registration of PS territory and network 500.If network 500 is supported to register to CS territory and PS territory simultaneously, skip the transmission of location update request message.
After receiving the message without TMSI mismatch information, mandate and encryption request message are sent to terminal 200 by network 500, and the position of asking for terminal 200 is upgraded and processed (S605).After receiving mandate and encryption request message, terminal 200 will send to network 500 (S607) in response to mandate and the encrypted response message of mandate and encryption request message.
Once terminal 200 is successfully registered to network 500 by mandate and encryption, network 500 sends to terminal 200 (S609) in response to location update request message by indicating the successfully position renewal to the registration of CS territory to accept message so.At step S609, if network 500 has distributed new TMSI, position is upgraded and is accepted message and comprise new TMSI.
As mentioned above, can protect the terminal of having the SIM card of distorting in undelegated situation, not used according to the guard method that the unauthorized of mobile terminal is used that prevents of exemplary embodiment of the present invention.For this reason, according to the terminal of exemplary embodiment of the present invention, the card TMSI storing in the inside TMSI storing in memory cell and SIM card is compared, and in the time that two TMSI differ from one another, the login request message that comprises TMSI mismatch information (location update request message and/or attach request message) is sent to network, to carry out triggering terminal identifying processing with anti-tamper identification information.
Now, in the time that location area identifier (LAI) or Tracking Area Identifier symbol (RAI) changes because the movement of terminal or predetermined timer expire, and when there is the starting up of terminal of SIM card, transmission login request message.
The information in the system information block (SIB) of system information of network cycle broadcast of being stored in by inspection detects the change of LAI or RAI.Using timer in the situation that, in the time receiving registration and accept message (position is upgraded and accepted message and/or the additional message of accepting), terminal starts timer.In the time that timer expires, terminal resends login request message (location update request message and/or attach request message).
Login request message can be for the location update request message to CS territory registration with at least one in the routing update request message (, attach request message) to the registration of PS territory.Build location update request message with the example format in table 1, build routing update request message with the example format in table 2.
In LAI or RAI change or overdue situation of time, terminal compares inner TMSI and card TMSI, as shown in the step S310 of Fig. 3 and step S315.If two TMSI differ from one another, the login request message that comprises the TMSI mismatch information of being indicated by the TMSI state I E shown in the PLMN IE shown in table 3 and table 4 is sent to network by terminal.Otherwise when two TMSI are mutually the same, the login request message without TMSI mismatch information is sent to network by terminal, and the network registration process shown in execution graph 3 (S350).
In above-described mode, can prevent that the mobile terminal with the SIM card that comprises the IMSI distorting from being used the in the situation that of with no authorized.
As mentioned above, terminal compares inner TMSI and card TMSI.In the time that two TMSI differ from one another, the login request message that comprises TMSI mismatch information (such as location update request message and attach request message) is sent to network by terminal.The network that receives login request message is distributed to the IMSI of terminal uniquely according to TMSI mismatch information from terminal request, thereby uses unique IMSI to carry out endpoint registration processing.
The simplification guard method using according to the unauthorized that prevents mobile terminal of exemplary embodiment of the present invention is below described.In the exemplary embodiment, terminal is by being stored in TMSI in memory cell and the validity that is stored in TMSI in SIM card and compares to verify TMSI, and according to comparative result, the login request message that comprises TMSI or IMSI is sent to network, TMSI or the IMSI of network based on receiving from terminal determines whether registration terminal.
Preferably, guard method prevents that terminal (such as TMSI of lock by attacking network/SIM lock and the distribution of another Virtual network operator) in undelegated situation from being used.For this reason, allow network to identify user by the IMSI that checks terminal according to the guard method that unauthorized is used that prevents of exemplary embodiment of the present invention.
In the time being successfully completed location registration process, TMSI is stored as inner TMSI by terminal, and when card TMSI is (if in TMSI checking is processed, card TMSI is verified as effective card TMSI) when different from inner TMSI, by login request message, IMSI is sent to network.Below description is prevented to another exemplary embodiment of the guard method of the unauthorized use of the terminal of having SIM card.
Fig. 7 is the flow chart that prevents the guard method that the unauthorized of mobile terminal is used illustrating according to another exemplary embodiment of the present invention.
With reference to Fig. 7, once there is the terminal 200 of subscriber identification module (SIM) card 100 start shooting (S701), the control unit 240 (Fig. 1) of terminal 200 reads IMSI International Mobile Subscriber Identity (IMSI) (Fig. 2) from SIM card 100 so, and the network identification information whether identical (S705) of definite IMSI and user's local network.That is to say, the network identification information that control unit 240 receives the current network after terminal 200 has just been started shooting compares with the network identification information reading from SIM card 100.Network identification information can be to comprise the mobile country code (MCC) obtained from IMSI and PLMN (PLMN) code of mobile network code, MNC (MNC).
If the embodiment of two network identification informations (particularly, PLMN code) differs from one another, process and proceed to step S709, otherwise, process and proceed to step S707.
At step S707, the use of the mismatch limiting terminal 200 of control unit 240 based on two PLMN codes.Now, the alert notification that control unit 240 uses the unauthorized of terminal is presented on display unit 260, and restriction predetermined function (such as communication function).Can arrange unauthorized is used to the function limiting in the fabrication stage of terminal, to prevent using terminal such as the SIM card unauthorized that utilizes another Virtual network operator user to have.
If determine that two PLMN codes are mutually the same, control unit 240 reads positional information (LOCI) (comprising Temporary Mobile Subscriber Identity (TMSI) and location area identifier (LAI)) (S709) from SIM card 100, and determines the LOCI whether identical with the LOCI reading from memory cell 250 (S711) reading from SIM card.That is to say, control unit 240 checkings are stored in the validity of the TMSI in SIM card 100.If two LOCI are mutually the same, process and proceed to step S721; Otherwise, process and proceed to step S731.
As mentioned above, preferably, LOCI comprises TMSI and LAI, and control unit 240 from LOCI extract TMSI, and checking extract TMSI (S709 and S711).In the time that terminal 200 is successfully registered to network 500, control unit 240 stores LOCI in memory cell 250 (Fig. 8).
If determine that at step S711 two LOCI are mutually the same, control unit 240 determines that the LOCI that is stored in SIM card 100 (particularly, the TMSI receiving from LOCI) effectively, and the login request message of the TMSI that comprises checking is sent to network 500 (S723).As mentioned above, login request message can be location update request message and/or attach request message.Once terminal 200 is successfully registered to network 500 by above-mentioned registration process, control unit 240 is waited for the service request that receives user so.
According to exemplary embodiment, the TMSI that control unit 240 distributes network 500 is stored in memory cell 250 and SIM card 100.Be stored in TMSI in SIM card and be stored in TMSI in memory cell 250 when different when determining in location registration process subsequently, control unit 240 sends the login request message that comprises IMSI.
If determine that at step S711 two LOCI differ from one another, control unit 240 is thought and is stored in the LOCI (TMSI obtaining from LOCI particularly) invalid (S731) in SIM card 100.In this case, control unit 240 is deleted invalid TMSI.Next, the login request message that comprises IMSI is sent to network (S733) by control unit 240.Now, control unit 240 can read IMSI from SIM card 100 or memory cell 250.As mentioned above, login request message can be location update request message and/or attach request message.
In response to login request message after network 500 receives registration reject message, control unit 240 restriction is connected to the use (S735) of the terminal 200 of SIM card 100.Now, control unit 240 control message generators 244, so that invalid SIM card is notified to user's alert message and to be presented on display unit 260, and control unit 240 limits predetermined function (such as the communication function of terminal 200).As mentioned above, registration reject message can be that refuse information and/or additional refuse information are upgraded in position.
With reference to Fig. 8 and Fig. 9, the registration process between terminal 200 and network 500 is described in further detail.Fig. 8 illustrates the registration process in the time that effective SIM card 100 is attached in terminal 200, and Fig. 9 illustrates the registration process in the time that invalid SIM card 100 is attached in terminal 200.
Fig. 8 is the message flow diagram illustrating when being attached to SIM card in terminal 200 100 step of the registration process that prevents the guard method that unauthorized uses of Fig. 7 effectively time.
With reference to Fig. 8, terminal 200 checks the network identification information being stored in SIM card 100 and the network identification information mutually the same (S801) receiving from network 500.Terminal 200 also checks the positional information (, TMSI) being stored in SIM card 100 and is stored in the positional information (TMSI) mutually the same (S803) in memory cell 250.In this case, terminal 200 produces the login request message (, location update request message and attach request message) that comprises TMSI.
Next, the location update request message that comprises TMSI is sent to network 500 (S805) by terminal 200, subsequently the attach request message that comprises TMSI sent to network 500 (S807).Here, location update request message is for the message to the registration of CS territory, and attach request message is for the message to the registration of PS territory.In the embodiment show in figure 8, network 500 is supported CS territory and the PS territory that need to register respectively.But the order of registration message is concrete restriction not, but can first register to PS territory again to the registration of CS territory as shown in Figure 8, or in the time that network is only supported a territory, can omit in location update request message and attach request message.Therefore, can send any one or two in location update request message and attach request message, this depends on the capacity of network.
After receiving login request message, whether effectively network 500 uses the TMSI verification terminal 200 being included in login request message for network 500 (S809).That is to say, network 500 determines that whether the TMSI being included in login request message is identical with the TMSI of network allocation.Fig. 8 describes under thereby two mutually the same terminals of TMSI are verified as the condition of effective terminal.The coupling verification terminal 200 effective (S811) of network 500 based on TMSI.
Therefore, network 500 is carried out the location registration process that terminal 200 is asked, and accept message and send to terminal 200 (S813) indicating the position that is successfully registered to CS territory to upgrade in response to location update request message, will indicate the additional message of accepting that is successfully registered to PS territory to send to terminal 200 (S815) in response to attach request message subsequently.Here,, if new TMSI distributes to terminal 200, newly assigned TMSI is included in to position renewal and accepts message and/or additional acceptance in message.In addition, the order of registration message is concrete restriction not, but can be first that successful CS territory registration message is then successful PS territory registration message as shown in Figure 8, or in the time that network is only supported a territory, can omit position renewal and accept message and additional of accepting in message.According to the type of network 500, can send position and upgrade and accept message and additional accept one or two in message.
Fig. 9 is the message flow diagram illustrating when being attached to SIM card in the terminal step of the registration process that prevents the guard method that unauthorized uses of Fig. 7 when invalid.
With reference to Fig. 9, terminal 200 finds to be stored in the network identification information and the network identification information mutually the same (S901) receiving from network 500 in SIM card 100, terminal 200 is also found to be stored in positional information (, TMSI) in SIM card 100 and is stored in positional information (TMSI) in memory cell 250 differ from one another (S903).In this case, terminal 200 produces the login request message (, location update request message and attach request message) that comprises IMSI.
Next, terminal 200 sends the location update request message (S905) that comprises IMSI, sends subsequently the attach request message (S907) that comprises IMSI.According to the type of network 500, can send one or two in location update request message and attach request message.
After receiving login request message, whether effectively network 500 uses the IMSI verification terminal 200 being included in login request message for network 500 (S909).That is to say, network 500 determines that whether the IMSI being included in login request message is identical with the IMSI of storage in network 500.Thereby Fig. 9 is verified as under the condition of inactive terminals and describes in two IMSI terminal 200 that differs from one another.
The mismatch verification terminal 200 of network 500 based on IMSI invalid (S911).That is to say, if two IMSI differ from one another, for the use in network, network 500 thinks that terminal 200 is for inactive terminals, and for example, the SIM card of distorting is attached in terminal.
Therefore, the position renewal refuse information that network 500 is registered to the failure of CS territory in response to location update request message by instruction sends to terminal 200 (S913), and the additional refuse information that in response to attach request message, instruction is registered to the failure of PS territory subsequently sends to terminal 200 (S915).According to the type of network 500, can send position and upgrade one or two in refuse information and additional refuse information.
The terminal 200 that has received position renewal refuse information and/or additional refuse information can not then receive normal service from network 500, prevent that like this unauthorized of terminal 200 from using.
In the time that LAI or RAI change due to the movement of terminal, in the time that predetermined timer expires, and in the time of starting up of terminal, can send login request message.As described in this, the relevant location registration process with reference to Fig. 8 and Fig. 9 detailed description of guard method that unauthorized uses that prevents of describing to Fig. 3 also can be applicable to these exemplary cases.
As mentioned above, prevent according to an embodiment of the invention terminal unauthorized use guard method advantage be: the terminal that prevents from having the SIM card that comprises the IMSI distorting is used.In the exemplary embodiment, prevent from utilizing the SIM card that is exclusively used in another Virtual network operator to use the terminal that is exclusively used in particular network operator.
In addition; because network is refused as Terminal Service in registration process (location registration procedure and/or additional registration process); even therefore by using the IMSI release SIM lock/network lock from copying for the effective SIM card of particular network operator to carry out activated terminals, the guard method that unauthorized uses that prevents of terminal also can prevent that the unauthorized of terminal from using according to an embodiment of the invention.
In addition; owing to carrying out terminal recognition with IMSI and network cooperation; therefore in the time that composition is included in any authentication code of IMSI in SIM card and is tampered, the guard method that unauthorized uses that prevents of terminal can prevent that the unauthorized of terminal from using according to an embodiment of the invention.Prevent from using according to the guard method that terminal unauthorized uses that prevents of exemplary embodiment of the present invention the terminal that is exclusively used in particular network operator in the case of the license that there is no Virtual network operator.
Those skilled in the art are apparent that: without departing from the spirit and scope of the present invention, can modifications and variations of the present invention are.Therefore, the meaning is: the modifications and variations of the present invention that provide in the scope of claim and equivalent thereof are provided in the present invention.
Claims (14)
1. prevent a guard method for the unauthorized use of the terminal of utilizing the operation of subscriber identification module SIM card, described method comprises:
The temporary mark information being stored in memory cell is compared with the temporary mark information being stored in SIM card;
In the time that the temporary mark information in the memory cell that is stored in terminal differs from one another with the temporary mark information in SIM card of being stored in, the message that comprises unique identification information is sent to network;
In the time that the message in response to comprising unique identification information receives registration reject message from network, the operation of the function of limiting terminal,
Wherein, unique identification information is IMSI International Mobile Subscriber Identity IMSI, temporary mark information be for to provide voice call service circuit switching (CS) territory registration Temporary Mobile Subscriber Identity TMSI and at least one of grouping-TMSI of packet switching PS territory registration to packet call service is provided.
2. the method for claim 1, the step that wherein sends message comprises:
In the time that the temporary mark information in the memory cell that is stored in terminal differs from one another with the temporary mark information in SIM card of being stored in, the login request message that comprises temporary mark information mismatch information is sent to network;
In the time receiving identification request message from network, the identification response message that comprises unique identification information is sent to network.
3. the method for claim 1, also comprises:
In the time that the temporary mark information in the memory cell that is stored in terminal and the temporary mark information in SIM card of being stored in are mutually the same, the login request message of that comprises the temporary mark information in the memory cell that is stored in terminal and be stored in the temporary mark information in SIM card is sent to network;
In the time that the temporary mark information in the memory cell that is stored in terminal differs from one another with the temporary mark information in SIM card of being stored in, send the login request message that comprises the unique identification information reading from SIM card.
4. the method for claim 1, wherein login request message is for the location update request message to CS territory registration with for of the attach request message to the registration of PS territory.
5. method as claimed in claim 4, also comprise: when receiving from network while accepting message in response to the registration of login request message, registration is accepted to the temporary mark information that message carries and store in SIM card and memory cell, described registration is accepted the position that instruction that message is in response to location update request message is successfully registered to CS territory and is upgraded additional at least one that accept in message of accepting message and being successfully registered to PS territory in response to the instruction of attach request message.
6. the method for claim 1, wherein, in the time of starting up of terminal, in the time of location area identifier LAI or Tracking Area Identifier symbol RAI change, or in the time receiving timer that registration starts after accepting message and expire, the temporary mark information being stored in the memory cell of terminal is compared with the temporary mark information being stored in SIM card.
7. a terminal with subscriber identification module SIM card, comprising:
Radio frequency unit, foundation is connected with network, to provide service to terminal;
Memory cell, the temporary mark information that storage networking distributes;
Control unit, the temporary mark information being stored in the memory cell of terminal is compared with the temporary mark information being stored in SIM card, in the time that the temporary mark information in the memory cell that is stored in terminal differs from one another with the temporary mark information in SIM card of being stored in, the message that comprises unique identification information is sent to network, the operation of the function of limiting terminal in the time that the message in response to comprising unique identification information receives registration reject message from network
Wherein, unique identification information is IMSI International Mobile Subscriber Identity IMSI, temporary mark information be for to provide voice call service circuit switching (CS) territory registration Temporary Mobile Subscriber Identity TMSI and at least one of grouping-TMSI of packet switching PS territory registration to packet call service is provided.
8. terminal as claimed in claim 7, wherein, in the time that the temporary mark information in the memory cell that is stored in terminal differs from one another with the temporary mark information in SIM card of being stored in, operation control unit is to send to network by the login request message that comprises temporary mark information mismatch information, wherein, in the time receiving identification request message from network, operation control unit is to send to network by the identification response message that comprises unique identification information.
9. terminal as claimed in claim 7, wherein, in the time that the temporary mark information in the memory cell that is stored in terminal and the temporary mark information in SIM card of being stored in are mutually the same, operation control unit is to send to network by the login request message of that comprises the temporary mark information in the memory cell that is stored in terminal and be stored in the temporary mark information in SIM card, wherein, in the time that the temporary mark information in the memory cell that is stored in terminal differs from one another with the temporary mark information in SIM card of being stored in, operation control unit is to send to network by comprising the login request message that is stored in the unique identification information in SIM card.
10. terminal as claimed in claim 8, wherein, in the time that the temporary mark information in the memory cell that is stored in terminal differs from one another with the temporary mark information in SIM card of being stored in, operation control unit is to send login request message, the information of the PLMN (RPLMN) of the registration that described login request message comprises Temporary Mobile Subscriber Identity TMSI state and distribution T MSI, described TMSI state is indicated the temporary mark information in the memory cell that is stored in terminal and is stored in the temporary mark information mismatch in SIM card, wherein, when receiving from network while accepting message in response to the registration of login request message, operation control unit stores in SIM card and memory cell with the temporary mark information of registration being accepted to message and being carried.
11. 1 kinds prevent the protection system of the unauthorized use of the terminal of utilizing the operation of subscriber identification module SIM card, comprising:
Terminal, the temporary mark information being stored in the memory cell of terminal is compared with the temporary mark information being stored in SIM card, in the time that the temporary mark information in the memory cell that is stored in terminal differs from one another with the temporary mark information in SIM card of being stored in, the message that comprises unique identification information is sent to network, in the time that the message in response to comprising unique identification information receives registration reject message from network, the operation of the function of limiting terminal;
Network, checks the unique identification information comprising the message receiving from terminal, and in the time that unique identification information is invalid, registration reject message is sent to terminal,
Wherein, unique identification information is IMSI International Mobile Subscriber Identity IMSI, temporary mark information be for to provide voice call service circuit switching (CS) territory registration Temporary Mobile Subscriber Identity TMSI and at least one of grouping-TMSI of packet switching PS territory registration to packet call service is provided.
12. systems as claimed in claim 11, wherein, in the time that the temporary mark information in the memory cell that is stored in terminal differs from one another with the temporary mark information in SIM card of being stored in, operating terminal is to send to network by the login request message that comprises temporary mark information mismatch information, wherein, operational network is to send to terminal in response to the login request message that comprises temporary mark information mismatch information by identification request message.
13. systems as claimed in claim 12, in the time receiving identification request message from network, operating terminal is to send to network by the identification response message that comprises the unique identification information reading from SIM card, wherein, operational network is carried out the validity of verification terminal with the unique identification information based on being included in the identification response message receiving from terminal.
14. systems as claimed in claim 11, wherein, in the time that the temporary mark information in the memory cell that is stored in terminal and the temporary mark information in SIM card of being stored in are mutually the same, operating terminal is to send to network by the login request message of that comprises the temporary mark information in the memory cell that is stored in terminal and be stored in the temporary mark information in SIM card, wherein, in the time that the temporary mark information in the memory cell that is stored in terminal differs from one another with the temporary mark information in SIM card of being stored in, operating terminal is to send to network by comprising the login request message that is stored in the unique identification information in SIM card, wherein, in the time receiving login request message, operational network is with one the temporary mark information based on extracting from login request message and the unique identification information validity of carrying out verification terminal.
Applications Claiming Priority (6)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| KR20080054291 | 2008-06-10 | ||
| KR10-2008-0054291 | 2008-06-10 | ||
| KR1020080054291 | 2008-06-10 | ||
| KR1020090008131A KR101059794B1 (en) | 2008-06-10 | 2009-02-02 | Method for restricting illegal use of terminal and system for same |
| KR10-2009-0008131 | 2009-02-02 | ||
| KR1020090008131 | 2009-02-02 |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN101605333A CN101605333A (en) | 2009-12-16 |
| CN101605333B true CN101605333B (en) | 2014-06-25 |
Family
ID=41470835
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN200910147406.1A Expired - Fee Related CN101605333B (en) | 2008-06-10 | 2009-06-10 | Method and system for protection against the unauthorised use of a terminal |
Country Status (2)
| Country | Link |
|---|---|
| KR (1) | KR101059794B1 (en) |
| CN (1) | CN101605333B (en) |
Families Citing this family (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| KR100985397B1 (en) * | 2008-06-30 | 2010-10-05 | 삼성전자주식회사 | Apparatus and method for discriminating of valid mobile subscriber identity in mobile communication terminal |
| CN101807236B (en) * | 2010-02-08 | 2012-11-28 | 深圳市同洲电子股份有限公司 | Authentication method, authentication system and corresponding terminal and headend equipment |
| CN102281529A (en) * | 2010-06-13 | 2011-12-14 | 厦门敏讯信息技术股份有限公司 | Method for entering production maintenance state of hand-held device |
| CN102170623B (en) * | 2011-05-24 | 2014-04-02 | 惠州Tcl移动通信有限公司 | Mobile communication terminal and incoming call management method thereof |
| FR2985625A1 (en) * | 2012-01-05 | 2013-07-12 | France Telecom | METHOD OF ACTIVATION ON A SECOND NETWORK OF A TERMINAL COMPRISING A MEMORY MODULE ASSOCIATED WITH A FIRST NETWORK |
| CN102711089B (en) * | 2012-06-13 | 2015-08-26 | 中兴通讯股份有限公司 | Mobile terminal is carried out to method and the device of locking network and card |
| CN103781053B (en) * | 2012-10-26 | 2016-12-21 | 中兴通讯股份有限公司 | Multi-card mobile terminal locking network and card method, device and associated terminal |
| KR101969829B1 (en) * | 2013-02-20 | 2019-04-17 | 주식회사 엘지유플러스 | System and method for providing an application to a mobile terminal |
| KR102055711B1 (en) * | 2013-09-27 | 2019-12-13 | 에스케이텔레콤 주식회사 | A method for locking a terminal, and a server and a terminal for performing the method |
| DE112015003902B4 (en) * | 2014-08-25 | 2023-08-24 | Apple Inc. | Enforce service policies in embedded UICC cards |
| KR20210120635A (en) * | 2020-03-27 | 2021-10-07 | 삼성전자주식회사 | Electronic device and method for using cached data based on subscriber identity information in the electronic device |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1183202A (en) * | 1995-05-04 | 1998-05-27 | 诺基亚电信公司 | Checking the access right of a subscriber equipment |
| EP1261170A1 (en) * | 2001-05-24 | 2002-11-27 | BRITISH TELECOMMUNICATIONS public limited company | Method for providing network access to a mobile terminal and corresponding network |
| CN1757195A (en) * | 2003-03-06 | 2006-04-05 | Tim意大利股份公司 | Methods and software program product for mutual authentication in a communications network |
-
2009
- 2009-02-02 KR KR1020090008131A patent/KR101059794B1/en active IP Right Grant
- 2009-06-10 CN CN200910147406.1A patent/CN101605333B/en not_active Expired - Fee Related
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1183202A (en) * | 1995-05-04 | 1998-05-27 | 诺基亚电信公司 | Checking the access right of a subscriber equipment |
| EP1261170A1 (en) * | 2001-05-24 | 2002-11-27 | BRITISH TELECOMMUNICATIONS public limited company | Method for providing network access to a mobile terminal and corresponding network |
| CN1757195A (en) * | 2003-03-06 | 2006-04-05 | Tim意大利股份公司 | Methods and software program product for mutual authentication in a communications network |
Also Published As
| Publication number | Publication date |
|---|---|
| KR20090128316A (en) | 2009-12-15 |
| KR101059794B1 (en) | 2011-08-26 |
| CN101605333A (en) | 2009-12-16 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101605333B (en) | Method and system for protection against the unauthorised use of a terminal | |
| EP2134061B1 (en) | Method and system for protection against the unauthorised use of a terminal | |
| EP1562394B1 (en) | Apparatus and method for setting use restriction of mobile communication terminal | |
| EP2457394B1 (en) | Terminal identifiers in a communications network | |
| FI101031B (en) | Checking the access rights of a subscriber device | |
| JP3935994B2 (en) | Mobile communication network and method for locking a selected remote mobile terminal device of the mobile communication network | |
| US8639290B2 (en) | UICC control over devices used to obtain service | |
| CN103518401A (en) | Network switching method and device | |
| EP1796421A1 (en) | A method for restricting the terminal to predetermined area or operator | |
| US20080090548A1 (en) | Method for tracking mobile communication terminal | |
| CN101494854B (en) | Method, system and equipment for preventing SIM LOCK from being unlocked illegally | |
| EP2656645A1 (en) | Sim locking | |
| GB2445778A (en) | Receiving the lock status of a device from a server database | |
| CN103493456A (en) | A method of and a support node for requesting registration of stationary user equipment in a cellular telecommunication system | |
| EP2680627B1 (en) | Methods and devices for locking secure element to a mobile terminal | |
| JP2007281861A (en) | Terminal authentication method and mobile terminal device | |
| US11533400B2 (en) | Method, device, and system for securing an access to at least one service | |
| EP2315464A1 (en) | Modification of a secured parameter in a user identification module | |
| CN113329403B (en) | One-number multi-terminal authentication network access method and system | |
| KR101236487B1 (en) | System and Method for Preventing use of Illegal Mobile Terminal | |
| CN100415032C (en) | Interaction method for mobile terminal and network side in mobile communication system | |
| EP2476271A1 (en) | Method for binding secure device to a wireless phone | |
| CN104640113A (en) | Security method for the verification of an information retrieval request | |
| KR100469894B1 (en) | Method for Furnishing User Information of Illegal Mobile Equipment | |
| CN114449510A (en) | Efficient utilization and management method for Beidou terminal number resources |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20140625 Termination date: 20200610 |
|
| CF01 | Termination of patent right due to non-payment of annual fee |