CN101730087A - Usim service access method and usim card - Google Patents
Usim service access method and usim card Download PDFInfo
- Publication number
- CN101730087A CN101730087A CN200910242420A CN200910242420A CN101730087A CN 101730087 A CN101730087 A CN 101730087A CN 200910242420 A CN200910242420 A CN 200910242420A CN 200910242420 A CN200910242420 A CN 200910242420A CN 101730087 A CN101730087 A CN 101730087A
- Authority
- CN
- China
- Prior art keywords
- user
- authority
- information
- web server
- usim
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Landscapes
- Storage Device Security (AREA)
Abstract
The invention discloses a USIM service access method and a USIM card, wherein the method comprises the following steps of: receiving the account information of a user by a Web server in the USIM card and authenticating the account information; after the pass of account information authentication by the Web server, determining the account level and authority of the user according to prestored authority information; and sending service information corresponding to the account level and authority of the user to a user terminal by the Web server. The USIM service access method and the USIM card provided by the invention can improve the security when the user uses a USIM service, and avoid the occurrence of a faulty operation condition because the low-level user accesses the complicated high-level service. The invention is convenient for locally managing the services of different users by the USIM card.
Description
Technical field
The present invention relates to mobile communication technology, relate in particular to a kind of USIM business access method and usim card.
Background technology
Core in 3G (Third Generation) Moblie (3G) system, universal mobile telecommunications system (UniversalMobile Telecommunication System, abbreviation UMTS) the common user identification module in (Universal Subscriber Identity Module is called for short USIM) is the factor that realizes the communication service most critical.Usim card in the 3G system is the safety and the applied business carrier of mobile subscriber identifier.Operator can carry out miscellaneous service by usim card.
In the prior art, when the user inserts the USIM business, normally the user logs on the USIM business by the input username and password, the USIM portal interface that returns to all users is identical, the problem that this USIM service access mode exists is: all users are opened identical administration authority and return identical user interface, be not easy to be implemented in the local service management that Authority and Domain Based Management is provided at the user of different stage on the usim card, occur domestic consumer easily and carry out advanced configuration and the situation of the operation that leads to errors.Inserting the enterprise information book business with the user is example, in order to guarantee the uniformity of enterprise information book, domestic consumer should not change the enterprise information book content information, so returning in the prior art in all users' the USIM portal interface only provides some to set up the simple configuration such as configuration of frequent contact group, like this, some advanced configuration just can't be carried out in usim card this locality.Perhaps, returning in the prior art in all users' the USIM portal interface provides the change enterprise information book this advanced configuration, for some common users, is being unfamiliar with under the situation about how to dispose, and may cause the situation of misoperation to take place.
Summary of the invention
The objective of the invention is at problems of the prior art, a kind of USIM business access method and usim card are provided, can return different USIM business information to different user, improve and use the USIM service security, be convenient to business at usim card local management different user.
For achieving the above object, the invention provides a kind of USIM business access method, comprising:
Webpage in the usim card (Web) server receives user account information, and described accounts information is carried out authentication;
After described Web server passes through described accounts information authentication,, determine user's account level and authority according to the authority information of storing in advance;
Described Web server transmission and described user's account level and the corresponding business information of authority are to user terminal.
The present invention also provides a kind of usim card, comprises Web server, and described Web server comprises:
Authentication module is used to receive user account information, and accounts information is carried out authentication;
The authority determination module is used for after described authentication module is passed through described accounts information authentication, according to the authority information of storing in advance, determines user's account level and authority;
Sending module is used to send the user's who determines with described authority determination module account level and the corresponding business information of authority to user terminal.
USIM business access method provided by the invention and usim card, accounts information for browser transmission in the user terminal, need carry out authentication, and determine user class and authority according to accounts information, return corresponding business information according to user class and authority to the user, rather than all return the service portal interface that carries identical services information for all users, make the user of different stage can insert different USIM business, can improve the fail safe of user when using USIM professional like this, avoided low-level user to insert complicated high level business, the situation that causes faulty operation occurring takes place, and is convenient to be implemented in the business of usim card local management different user.
Below by drawings and Examples, technical scheme of the present invention is described in further detail.
Description of drawings
Figure 1 shows that usim card structural representation of the present invention;
Figure 2 shows that the mutual schematic diagram of usim card of the present invention and user terminal information;
Figure 3 shows that USIM business access method flow chart of the present invention;
Figure 4 shows that USIM business access method embodiment one flow chart of the present invention.
Embodiment
Be illustrated in figure 1 as usim card structural representation of the present invention, this usim card 1 comprises Web server 11, this Web server 11 specifically comprises authentication module 111, authority determination module 112 and sending module 113, and authority determination module 112 is connected with sending module 113 with authentication module 111 respectively.Wherein, authentication module 111 is used to receive user account information, and accounts information is carried out authentication; Authority determination module 112 is used for after 111 pairs of accounts information authentications of authentication module are passed through, and according to the authority information of storing in advance, determines user's account level and authority; Sending module 113 is used to send the user's who determines with authority determination module 112 account level and the corresponding business information of authority to user terminal.
Introduce the operation principle of usim card of the present invention below in detail.
Be illustrated in figure 2 as the mutual schematic diagram of usim card of the present invention and user terminal information, user terminal 2 comprises browser 21 and gateway 22, comprise Web server 11 in the usim card 1, gateway 22 comprises access control module 221 and protocol conversion module 222, and Web server comprises authentication module 111, authority determination module 112 and sending module 113; The interface of interacting message is WS-1 between browser 21 and the gateway 22, and the interface of interacting message is WS-2 between gateway 22 and the Web server 11.The WS-1 interface adopts TCP/IP (Transmission Control Protocol/Internet Protocol) agreement, and the WS-2 interface adopts carrying standalone protocol (Bearer Independent Protocol is called for short BIP).
In the present invention, Web server is set on usim card, provide Web service to user terminal, browser in the user terminal is as the Web client, Web server on the visit usim card, carry out interacting message by client/server (Client/Server) pattern between Web server and the browser, the user can use application on the usim card in the Web mode by browser.
Interacting message between user terminal and the usim card is followed the BIP agreement, and the interacting message between gateway and the browser is followed ICP/IP protocol, and the protocol conversion module in the gateway is used to realize the protocol conversion between browser and the Web server.Access control module in the gateway is used for browser is sent to the message of Web server and filters, particularly, can filter the message that browser sends according to the control strategy in the usim card, if the Web server port is closed this browser, then the message of browser transmission is ended, and can not be sent to Web server.If according to control strategy, the Web server port is opened this browser, and then access control module sends a message to carries out in the protocol conversion module sending to Web server after the protocol conversion.
The BIP agreement is a local data transfer agreement between usim card and the user terminal, the HTML (Hypertext Markup Language) that user terminal sends (Hypertext Transfer Protocol is called for short HTTP) request and response all need to convert the message of following the BIP agreement to by the protocol conversion module in the gateway.The BIP agreement is by (the European Telecommunications Standards Institute of ETSI, be called for short ETSI) the TS102.223 definition, realize usim card with based on communicating by letter between the standard agreement external entity of (comprising TCP/IP).According to TS102.223, usim card can open and terminal between the BIPTCP data channel, and carry out transfer of data with following two kinds of patterns:
(1) client mode: usim card is applied to connect based on the remote server of TCP, and destination server is with the IP address definition, and after BIP tcp data passage was opened, user terminal was finished protocol conversion between TCP/IP and the BIP as gateway;
(2) server mode: usim card is as server, allow the TCP on the user terminal to use by specific tcp port connection, after BIP tcp data passage was opened, user terminal was monitored the tcp port of local host IP address, and the data between realization and the usim card send and receive.
What adopt among the present invention is (2) kind pattern.The user terminal support is opened a plurality of BIP tcp data passages with server mode, usim card sends " Open Channel:UICC server mode " order and opens BIP tcp data passage, gateway in the user terminal can be monitored specific port by BIP TCP passage, when client (middle finger browser of the present invention) application is connected to this tcp port, Web server on the gateway notice usim card, and the data interaction between administrative client application and the Web server.Moment of a BIP TCP passage can only be used by one and use, and a plurality of if desired application are used simultaneously, then need to open simultaneously a plurality of BIP TCP passages.
Among Fig. 2, when the user need insert the USIM business, the user sends HTTP by browser and asks to the access control module in the gateway, the access control module is filtered this HTTP request according to the control strategy in the usim card, if the port of Web server is closed this browser, then the HTTP request is ended.If the port of Web server is opened this browser, then access control module sends to protocol conversion module in the gateway with HTTP request, protocol conversion module converts HTTP request to follow the BIP agreement request, and the request that will follow the BIP agreement sends to Web server.Web server returns and is used for the service portal interface that requirement provides accounts information.Service portal is meant the application system of leading to comprehensive USIM information resources and relevant information service being provided herein, offers the user with unified user interface, to set up the information channel that the user utilizes the USIM business.The service portal interface is meant the interface that is used for the information that the display business door returns of presenting to the user.
Gateway provides the service portal interface of accounts information to send to browser display to the user through after the protocol conversion requirement that is used for that Web server returns, after the user imports accounts information, browser sends to Web server with accounts information after the gateway protocol conversion, authentication module in the Web server is carried out authentication to accounts information, after authentication is passed through, according to the authority information of storing in advance in the Web server, determine user's account level and authority, sending module transmission and this user's account level and the corresponding business information of authority are to the browser in the user terminal then, and browser is given the user with the service portal interface display.Business information is meant the business that the user of different account level and authority can use.Business information can send to the browser in the user terminal separately, business information can be by the carrying of service portal interface, be that sending module can send the service portal interface to the browser in the user terminal, carry account level and the corresponding business information of authority in the service portal interface with this user.
Business information that sending module sends or service portal interface information also need to carry out sending to browser after the protocol conversion through gateway.
Authentication module can adopt this weak authentication mode of usemame/password that the user is carried out authentication in the Web server, and the accounts information that browser sends to Web server can comprise username and password.In Web server, can store authority information in advance, this authority information comprises the business that account level, authority and the user of different user can use, the content that can also comprise customization, for example the content of customization is the style that returns to user's service portal interface.For example, domestic consumer should have basic application permission, account level should be domestic consumer's rank, can use the lower business of some ranks, for the higher business of some ranks, for example carry out some advanced configuration, domestic consumer then can't carry out, so Web server return with domestic consumer's rank and authority corresponding service portal interface or business information in just can not comprise the advanced configuration content yet.The secured user should have basic application and Secure Application authority, and account level should be secured user's rank, can use some shielded business.The administrator should have all application permissions, comprises the advanced configuration authority, Web server return with administrator's rank and authority corresponding service portal interface or business information in can comprise and the professional relevant all contents of USIM.
For the high business of some safety requirements, as mobile banking, mobile security or digital copyright management (Digital Rights Management is called for short DRM) etc., needing user class is level of security, for some higher management configuration services, needing user class is the Administrator Level.
The user sees service portal interface or the business information that Web server returns, and after landing, can insert the USIM business.The user inserts the USIM business, uses in the process of USIM application, if relate to permission modification, for example user terminal downloads has been opened new application, and then the user's who stores in the Web server authority information needs corresponding renewal.
Be illustrated in figure 3 as USIM business access method flow chart of the present invention, comprise:
Web server in step 101, the usim card receives user account information, and accounts information is carried out authentication.
After step 102, Web server pass through the accounts information authentication,, determine user's account level and authority according to the authority information of storing in advance.
Be illustrated in figure 4 as USIM business access method embodiment one flow chart of the present invention, comprise:
Browser in step 201, the user terminal sends HTTP and asks to the access control module in the gateway, and this HTTP request is used for expression and requires to insert the USIM business.
Protocol conversion module in step 205, the gateway will be used for requirement provides the service portal interface of accounts information to carry out sending to browser after the protocol conversion, and browser display is given the user.
In step 207, the Web server to the account information carry out authentication, if authentication is passed through, then execution in step 208; Otherwise refusal inserts the USIM business.
Use in the process of USIM business the user, if relate to permission modification, for example, user terminal downloads has been opened new application, and then the user's who stores in the Web server authority information needs corresponding renewal.
USIM business access method provided by the invention and usim card, accounts information for the browser transmission, need carry out authentication, and determine user class and authority according to accounts information, return corresponding business information according to user class and authority to the user, rather than all return identical business information or service portal interface for all users, make the user of different stage can insert different USIM business, can improve the fail safe of user when using USIM professional like this, avoided low-level user to insert complicated high level business, the situation that causes faulty operation occurring takes place.Simultaneously, played protective effect for the higher business of level of security (mainly comprising the business relevant with payment transaction), for example, acquiescence inserts the USIM business with domestic consumer's account login, and then the security classes business can not be used.Like this, in case user's user terminal lose, if other people land with domestic consumer's account, just can't the higher business of rank safe in utilization.In addition, in the prior art, in order not allow the user puzzle for how using high-level business, insert complicated high level business for fear of low-level user simultaneously, the situation that causes faulty operation occurring takes place, usually limit all users and use high level business, be not easy to business like this at usim card local management different user.At present, the USIM business shows that by text menu type changes to the service portal type, local management should be one of main mode of USIM service management, increasingly sophisticated various USIM business has also proposed higher management expectancy, return different business information by user in the embodiment of the invention to different stage, make the user of different stage can use different business, be convenient to be implemented in the business of usim card local management different user.
It should be noted that at last: above embodiment is only in order to technical scheme of the present invention to be described but not limit it, although the present invention is had been described in detail with reference to preferred embodiment, those of ordinary skill in the art is to be understood that: it still can make amendment or be equal to replacement technical scheme of the present invention, and these modifications or be equal to replacement and also can not make amended technical scheme break away from the spirit and scope of technical solution of the present invention.
Claims (7)
1. a USIM business access method is characterized in that, comprising:
Web server in the usim card receives user account information, and described accounts information is carried out authentication;
After described Web server passes through described accounts information authentication,, determine user's account level and authority according to the authority information of storing in advance;
Described Web server transmission and described user's account level and the corresponding business information of authority are to user terminal.
2. method according to claim 1, it is characterized in that, described Web server sends and described user's account level and the corresponding business information of authority are specially to user terminal: described Web server transmission and described user's account level and the corresponding service portal of authority interface carry account level and the corresponding business information of authority with described user to described user terminal in the described service portal interface.
3. method according to claim 1 is characterized in that, also comprises: the Web server in the described usim card obtains and stores user's authority information.
4. method according to claim 1 and 2 is characterized in that, described authority information comprises the business that account level, authority and the user of different user's correspondences can use.
5. method according to claim 1 and 2 is characterized in that described accounts information comprises username and password.
6. a usim card is characterized in that, comprises Web server, and described Web server comprises:
Authentication module is used to receive user account information, and accounts information is carried out authentication;
The authority determination module is used for after described authentication module is passed through described accounts information authentication, according to the authority information of storing in advance, determines user's account level and authority;
Sending module is used to send the user's who determines with described authority determination module account level and the corresponding business information of authority to user terminal.
7. usim card according to claim 6 is characterized in that, described Web server also comprises:
Memory module is used to store described authority information.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN200910242420A CN101730087A (en) | 2009-12-11 | 2009-12-11 | Usim service access method and usim card |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN200910242420A CN101730087A (en) | 2009-12-11 | 2009-12-11 | Usim service access method and usim card |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN101730087A true CN101730087A (en) | 2010-06-09 |
Family
ID=42450114
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN200910242420A Pending CN101730087A (en) | 2009-12-11 | 2009-12-11 | Usim service access method and usim card |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101730087A (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103856943A (en) * | 2014-03-28 | 2014-06-11 | 中国联合网络通信集团有限公司 | Configuration data writing processing method and device |
| CN107852603A (en) * | 2015-09-25 | 2018-03-27 | 广东欧珀移动通信有限公司 | The method and apparatus of terminal authentication |
| CN115942323A (en) * | 2023-01-09 | 2023-04-07 | 中国电子科技集团公司第三十研究所 | USIM (Universal subscriber identity Module) device and USIM security enhancement method |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1582035A (en) * | 2004-05-17 | 2005-02-16 | 江苏移动通信有限责任公司 | User-identifying-module based trademark visualization realizing method and system |
| CN101188603A (en) * | 2006-11-16 | 2008-05-28 | 中兴通讯股份有限公司 | A method for access to the external network according to user's right |
-
2009
- 2009-12-11 CN CN200910242420A patent/CN101730087A/en active Pending
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1582035A (en) * | 2004-05-17 | 2005-02-16 | 江苏移动通信有限责任公司 | User-identifying-module based trademark visualization realizing method and system |
| CN101188603A (en) * | 2006-11-16 | 2008-05-28 | 中兴通讯股份有限公司 | A method for access to the external network according to user's right |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103856943A (en) * | 2014-03-28 | 2014-06-11 | 中国联合网络通信集团有限公司 | Configuration data writing processing method and device |
| CN103856943B (en) * | 2014-03-28 | 2017-04-05 | 中国联合网络通信集团有限公司 | Configuration data writes processing method and processing device |
| CN107852603A (en) * | 2015-09-25 | 2018-03-27 | 广东欧珀移动通信有限公司 | The method and apparatus of terminal authentication |
| CN107852603B (en) * | 2015-09-25 | 2021-07-23 | Oppo广东移动通信有限公司 | Terminal authentication method and device |
| CN115942323A (en) * | 2023-01-09 | 2023-04-07 | 中国电子科技集团公司第三十研究所 | USIM (Universal subscriber identity Module) device and USIM security enhancement method |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN108901022B (en) | Micro-service unified authentication method and gateway | |
| CN103856446B (en) | A kind of login method, device and open platform system | |
| CN104243461B (en) | A kind of method of mobile terminal network safety certification, SD blocks entirely and mobile terminal | |
| CN100574194C (en) | A kind of method of safety management maintenance equipment and device | |
| CN103619020B (en) | Mobile payment security system for wireless data private network physical isolation internet | |
| CN101635714B (en) | Method and system for improving network application safety | |
| WO2001091400A2 (en) | A system and user interface for managing users and services over a wireless communications network | |
| CN101448001B (en) | System for realizing WAP mobile banking transaction security control and method thereof | |
| CN102202306B (en) | Mobile security authentication terminal and method | |
| US7752322B2 (en) | System for ubiquitous network presence and access without cookies | |
| EP1204911A1 (en) | Single sign-on framework with trust-level mapping to authentication requirements | |
| CN101645775A (en) | Over-the-air download-based dynamic password identity authentication system | |
| CN102868670A (en) | Unified registration and logon system as well as registration and logon method for mobile user | |
| CN107770192A (en) | Identity authentication method and computer-readable recording medium in multisystem | |
| CN108173838A (en) | A kind of control auditing method accessed the network equipment | |
| CN103313238A (en) | Safety system and safety protection method for mobile terminal | |
| CN105391724A (en) | Authorization management method and authorization management device used for information system | |
| CN103023856A (en) | Single sign-on method, single sign-on system, information processing method and information processing system | |
| CN102546642A (en) | Remote login method and device | |
| CN101626405A (en) | Wireless internet access card and identity authentication method and system thereof | |
| CN101730087A (en) | Usim service access method and usim card | |
| WO2012107058A1 (en) | Method and system for supporting user authentication to a service | |
| CN101527646B (en) | System and method for WEB network management | |
| CN103107976A (en) | Content provider/service provider (CP/SP) user identification authentication method and system and authentication support device | |
| CN101969426B (en) | Distributed user authentication system and method |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20100609 |
|
| RJ01 | Rejection of invention patent application after publication |