CN111030964A - Method and equipment for responding to Detach instruction - Google Patents

Method and equipment for responding to Detach instruction Download PDF

Info

Publication number
CN111030964A
CN111030964A CN201811173162.XA CN201811173162A CN111030964A CN 111030964 A CN111030964 A CN 111030964A CN 201811173162 A CN201811173162 A CN 201811173162A CN 111030964 A CN111030964 A CN 111030964A
Authority
CN
China
Prior art keywords
network element
terminal
detach
sent
instruction
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201811173162.XA
Other languages
Chinese (zh)
Inventor
王峰生
李妤
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China Mobile Communications Group Co Ltd
China Mobile Communications Ltd Research Institute
Original Assignee
China Mobile Communications Group Co Ltd
China Mobile Communications Ltd Research Institute
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China Mobile Communications Group Co Ltd, China Mobile Communications Ltd Research Institute filed Critical China Mobile Communications Group Co Ltd
Priority to CN201811173162.XA priority Critical patent/CN111030964A/en
Publication of CN111030964A publication Critical patent/CN111030964A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic

Abstract

The embodiment of the invention discloses a method and equipment for responding a Detach instruction, which are used for solving the problem that a core network cannot effectively defend Detach attack. The embodiment of the invention firstly sends a terminal identifier in a received Detach instruction sent by a terminal to a second network element for storing information by a first network element for providing a call service; then the first network element sends the received authentication parameters sent by the second network element to the terminal; the first network element sends an authentication request response message sent by the terminal to the second network element for verification; and finally, the first network element determines whether to send a Detach instruction to the second network element according to the check result sent by the second network element. According to the method, after the terminal sends the Detach command, the Detach attack is effectively prevented and the safety is improved by adding the authentication step.

Description

Method and equipment for responding to Detach instruction
Technical Field
The invention relates to the technical field of circuit domain core network security, in particular to a method and equipment for responding to a Detach instruction.
Background
In recent years, as the technologies of the conventional GSM (Global System for mobile communication) mobile communication System are becoming mature, there are increasing reports and events of attacks against the GSM System, and one of the threats commonly mentioned in these large number of relevant reports is the Detach attack.
The Detach attack mainly refers to that a hacker imitating the identity of a user sends a Detach instruction to a network side, so that the service state of a specified user is changed into an unavailable state, and when the Detach attack occurs, monitoring equipment or defense equipment may not find any abnormality, and the service state of the specified user is already changed into the unavailable state. Once a designated user receives the Detach attack, it is possible to fraudulently carry out the close relatives around the designated user, causing great economic loss and risk, so that it is increasingly important to prevent the Detach attack.
The implementation principle of the Detach attack is as follows: the terminal establishes a wireless channel with the network side through the SIM, the terminal sends a Detach instruction on the channel, and because a GSM mechanism cannot prevent Detach attack at present, after the terminal sends the Detach instruction on the channel, the network side does not identify the terminal sending the Detach instruction, but directly modifies an Attach state of a specified user in the Detach instruction into a Detach state after the network side receives the Detach instruction sent by the terminal, so that the service state of the specified user is changed into an unavailable state.
At present, aiming at the problem of the Detach attack, a scheme is provided: the Detach attack is prevented by signing a TMSI (Temporary Mobile Subscriber Identity) allocated to a terminal when the terminal accesses a network, and transmitting the signature to the terminal together with the TMSI allocated to the terminal when the terminal accesses the network. However, the method has the disadvantages of difficult network modification, multiple terminal manufacturers and models and difficult realization, and as mentioned above, no method for effectively defending the Detach attack exists in the current core network.
Disclosure of Invention
The embodiment of the invention provides a method and equipment for responding a Detach instruction, which are used for solving the problem that a core network cannot effectively defend Detach attack.
In a first aspect, a method for responding to a Detach instruction provided by an embodiment of the present invention includes:
firstly, a first network element for providing a call service sends a terminal identifier in a Detach instruction sent by a received terminal to a second network element for storing information; then the first network element sends the received authentication parameters sent by the second network element to the terminal; the first network element sends an authentication request response message sent by the terminal to the second network element for verification; and finally, the first network element determines whether to send a Detach instruction to the second network element according to the check result sent by the second network element.
In the method, the first network element sends the terminal identification carried in the received Detach instruction sent by the terminal to the second network element, sends the authentication parameter sent by the second network element to the terminal for authentication, sends the authentication request response message sent by the terminal to the second network element for verification, and the first network element determines whether to execute the Detach instruction according to the verification result. After the first network element receives the Detach instruction sent by the terminal, whether the Detach instruction received by the first network element is an instruction reported by a real user is determined by adding an authentication step, and if the user sending the Detach instruction cannot pass the authentication, the first network element determines that the received Detach instruction is not sent by the real user.
In a possible implementation manner, if the check result is that the result passes, the first network element sends a Detach instruction to the second network element; or if the verification result is that the instruction does not pass, the first network element does not send a Detach instruction to the second network element.
According to the method, the first network element determines whether to send the instruction for executing the Detach to the second network element according to whether the check result sent by the second network element passes or not, and the Detach attack is effectively prevented.
In a possible implementation manner, the first network element determines that an authentication request response message sent by the terminal is received within a set time duration.
In the method, the first network element sets a fixed time length for receiving the authentication request response message, so as to judge whether the time length for receiving the authentication request response message sent by the terminal by the first network element is within the fixed time length, thereby determining the subsequent operation steps.
In a possible implementation manner, if an authentication request response message sent by the terminal is not received within a set time length, the first network element terminates the Detach operation for the terminal.
In the method, if the first network element does not receive the authentication request response message sent by the terminal within the set time length, the first network element terminates the Detach operation, thereby reducing excessive waiting time in receiving the authentication request response message and reducing system overhead.
In a second aspect, a method for responding to a Detach instruction provided by an embodiment of the present invention includes:
firstly, after receiving a terminal identifier sent by a first network element for providing a call service, a second network element for storing information sends an authentication parameter bound with the terminal identifier to a terminal through the first network element, wherein the terminal identifier is the terminal identifier in a Detach instruction from the terminal received by the first network element; then the second network element checks the authentication request response message sent by the terminal through the first network element, and sends the check result to the first network element; and finally, after receiving the Detach instruction sent by the first network element, the second network element executes Detach operation on the terminal.
According to the method, after the terminal sends the Detach command, an authentication step is added, the first network element sends the terminal identification carried in the received Detach command to the second network element, the authentication parameter sent by the second network element is sent to the terminal for authentication, then the authentication request response message sent by the terminal is sent to the second network element for verification, and whether the Detach command is executed or not is determined according to the verification result, so that the problem of Detach attack is effectively solved by adding the authentication step.
In a third aspect, a method for responding to a Detach instruction provided by an embodiment of the present invention includes:
firstly, a terminal sends a Detach instruction containing a terminal identifier to a first network element for providing a call service, so that the first network element sends the terminal identifier to a second network element for storing information; then the terminal determines an authentication request response message according to the received authentication parameters which are sent by the second network element through the first network element and bound with the terminal identification; and finally, the terminal sends the authentication request response message to the second network element for verification through the first network element, so that the first network element determines whether to send a Detach instruction for executing the Detach operation of the terminal to the second network element according to a verification result.
According to the method, after the terminal sends the Detach command, an authentication step is added, the first network element sends the terminal identification carried in the received Detach command to the second network element, the authentication parameter sent by the second network element is sent to the terminal for authentication, then the authentication request response message sent by the terminal is sent to the second network element for verification, and whether the Detach command is executed or not is determined according to the verification result, so that the problem of Detach attack is effectively solved by adding the authentication step.
In a fourth aspect, an embodiment of the present invention provides an apparatus for responding to a Detach instruction, including: a processor and a transceiver:
the processor is used for sending the received terminal identification in the Detach instruction sent by the terminal to the second network element for storing information through the transceiver; sending the received authentication parameters sent by the second network element to the terminal through a transceiver; sending an authentication request response message sent by the terminal to the second network element for verification through a transceiver; and determining whether to send a Detach instruction to the second network element according to a check result sent by the second network element.
In a fifth aspect, an embodiment of the present invention provides an apparatus for responding to a Detach instruction, including: a processor and a transceiver:
the processor is configured to send, to a terminal through a first network element after receiving, through a transceiver, a terminal identifier sent by the first network element for providing a call service, an authentication parameter bound to the terminal identifier, where the terminal identifier is a terminal identifier in a Detach instruction from the terminal received by the first network element; verifying the authentication request response message sent by the terminal to the first network element through the transceiver, and sending a verification result to the first network element; and after receiving a Detach instruction sent by the first network element through the transceiver, executing Detach operation on the terminal.
In a sixth aspect, an embodiment of the present invention provides an apparatus for responding to a Detach instruction, including: a processor and a transceiver:
the processor is configured to send a Detach instruction including a terminal identifier to a first network element for providing a call service through a transceiver, so that the first network element sends the terminal identifier to a second network element for storing information; determining an authentication request response message according to the authentication parameters which are received by the transceiver and are bound with the terminal identification and sent by the second network element through the first network element; and sending the authentication request response message to the second network element for verification through the transceiver, so that the first network element determines whether to send a Detach instruction for executing the Detach operation of the terminal to the second network element according to a verification result.
In a seventh aspect, an embodiment of the present invention further provides an apparatus for responding to a Detach instruction, where the apparatus includes:
at least one processing network element and at least one storage network element, wherein the storage network element stores program code that, when executed by the processing network element, causes the processing network element to perform the functions of the embodiments of the first aspect described above.
In an eighth aspect, an embodiment of the present invention further provides an apparatus for responding to a Detach instruction, where the apparatus includes:
at least one processing network element and at least one storage network element, wherein the storage network element stores program code that, when executed by the processing network element, causes the processing network element to perform the functions of the embodiments of the second aspect described above.
In a ninth aspect, an embodiment of the present invention further provides an apparatus for responding to a Detach instruction, where the apparatus includes:
at least one processing network element and at least one storage network element, wherein the storage network element stores program code that, when executed by the processing network element, causes the processing network element to perform the functions of the embodiments of the third aspect described above.
In a tenth aspect, a computer-storable medium has stored thereon a computer program which, when being executed by a processor, realizes the steps of the above-mentioned method.
In an eleventh aspect, the present application further provides a computer storage medium having a computer program stored thereon, which when executed by a processor, performs the steps of the method of any one of the first to third aspects.
In addition, for technical effects brought by any one implementation manner of the fourth aspect to the ninth aspect, reference may be made to technical effects brought by different implementation manners of the first aspect to the third aspect, and details are not described here again.
Drawings
In order to more clearly illustrate the technical solutions in the embodiments of the present invention, the drawings needed to be used in the description of the embodiments will be briefly introduced below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and it is obvious for those skilled in the art that other drawings can be obtained according to these drawings without inventive exercise.
FIG. 1 is a block diagram of a system for responding to a Detach command according to an embodiment of the present invention;
FIG. 2 is a schematic diagram illustrating interaction of a device responding to a Detach command according to an embodiment of the present invention;
FIG. 3 is a diagram illustrating a first apparatus for responding to a Detach command according to a first embodiment of the present invention;
FIG. 4 is a diagram illustrating a second apparatus for responding to a Detach command according to a second embodiment of the present invention;
FIG. 5 is a block diagram illustrating a third exemplary apparatus for responding to a Detach command according to the present invention;
FIG. 6 is a diagram illustrating a fourth apparatus for responding to a Detach instruction according to the embodiment of the present invention;
FIG. 7 is a diagram illustrating a fifth apparatus for responding to a Detach command according to an embodiment of the present invention;
FIG. 8 is a diagram illustrating a sixth apparatus for responding to a Detach command according to an embodiment of the present invention;
FIG. 9 is a diagram illustrating a first method for responding to a Detach instruction according to the embodiment of the present invention;
FIG. 10 is a diagram illustrating a second method for responding to a Detach instruction according to the second embodiment of the present invention;
FIG. 11 is a diagram illustrating a third method for responding to a Detach instruction according to the embodiment of the present invention;
FIG. 12 is a flowchart illustrating a method for responding to a Detach instruction according to an embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present invention clearer, the embodiments of the present invention will be described in further detail with reference to the accompanying drawings, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments obtained by persons of ordinary skill in the art based on the embodiments of the present invention without any creative efforts shall fall within the protection scope of the embodiments of the present invention.
Some of the words that appear in the text are explained below:
(1) in the embodiments of the present application, the term "plurality" means two or more, and other terms are similar thereto.
(2) "and/or" describes the association relationship of the associated objects, meaning that there may be three relationships, e.g., a and/or B, which may mean: a exists alone, A and B exist simultaneously, and B exists alone. The character "/" generally indicates that the former and latter associated objects are in an "or" relationship.
(3) The terminal referred in the embodiment of the invention refers to a terminal capable of supporting the authentication method.
(4) The "IMSI (International Mobile subscriber identity Number, International Mobile subscriber identity)" referred in the embodiment of the present invention is a mark for distinguishing a Mobile subscriber, and is stored in the SIM card, and can be used for distinguishing effective information of the Mobile subscriber.
(5) The 'TMSI' referred by the embodiment of the invention aims to enhance the security of the system and prevent illegal individuals or groups from stealing IMSI or tracking the position of a user by monitoring the signaling on a wireless path by adopting the TMSI to temporarily replace the IMSI.
As shown in fig. 1, an embodiment of the present invention provides a system for responding to a Detach instruction, where the system includes:
a first network element 100 providing a call service, configured to send a terminal identifier in a Detach instruction sent by a received terminal to a second network element for storing information; sending the received authentication parameters sent by the second network element to the terminal; sending an authentication request response message sent by the terminal to the second network element for verification; determining whether to send a Detach instruction to the second network element according to a check result sent by the second network element;
the second network element 101 is used for receiving a terminal identifier sent by a first network element for providing a call service, and then sending an authentication parameter bound with the terminal identifier to a terminal through the first network element; verifying the authentication request response message sent by the terminal through the first network element, and sending a verification result to the first network element; after receiving a Detach instruction sent by the first network element, executing Detach operation on the terminal;
a terminal 102, configured to send a Detach instruction including a terminal identifier by a first network element providing a call service, so that the first network element sends the terminal identifier to a second network element for storing information; determining an authentication request response message according to the received authentication parameters which are sent by the second network element through the first network element and bound with the terminal identification; and sending the authentication request response message to the second network element for verification through the first network element.
In the embodiment of the invention, after a first network element receives a Detach instruction sent by a terminal and a terminal identifier carried in the instruction, the Detach instruction is sent to a second network element, the second network element sends a determined authentication parameter to the first network element, the first network element sends the authentication parameter to the terminal for authentication, and sends an authentication request response sent by the terminal to the second network element, the second network element verifies the received authentication request response message and sends a verification result to the first network element, and the first network element determines whether to execute the Detach instruction according to the verification result. In the embodiment of the invention, after receiving the Detach instruction sent by the terminal, the first network element determines whether the Detach instruction received by the first network element is an instruction reported by a real user by adding an authentication step, and if the user sending the Detach instruction cannot pass the authentication, the first network element determines that the received Detach instruction is not sent by the real user, so that the first network element does not execute the Detach operation on the received Detach instruction sent by the user which cannot pass the authentication, thereby effectively preventing the user imitating the identity from attacking the Detach appointed user by sending the Detach instruction to the first network element, and improving the security.
In the embodiment of the invention, when the terminal sends the Detach instruction to the first network element and the first network element receives the Detach instruction, the step of authenticating the terminal is added to check whether the Detach instruction is a real user reporting instruction or not so as to prevent malicious attack behaviors to the terminal.
Specifically, the terminal sends a Detach instruction to the first network element, and the Detach instruction carries a terminal identifier.
The terminal identifier may be represented by different information, and the terminal identifier may be one piece of information or a combination of multiple pieces of information, for example:
presentation information 1: a telephone number.
The telephone number refers to a telephone number bound by an SIM card in the terminal sending the Detach instruction, namely when the terminal sends the Detach instruction, the carried terminal identification is the telephone number.
Presentation information 2: a mobile subscriber identity.
The mobile subscriber identity includes two types, one is IMSI, and the other is TMSI, that is, when the terminal sends the Detach command, the carried terminal identifier is the mobile subscriber identity, and the mobile subscriber identity may be IMSI or TMSI.
Presentation information 3: phone number + mobile subscriber identity.
That is, when the terminal sends the Detach command, the carried terminal identification is the information combination of the telephone number and the mobile subscriber identification code.
And after receiving a Detach instruction sent by a terminal, the first network element acquires a terminal identifier carried in the Detach instruction.
The first network element determines the obtained terminal identifier, and according to the determination result, the subsequent execution steps are different, which are listed below.
And (3) judging result 1: and if the terminal identifier acquired by the first network element contains the IMSI, the first network element directly sends a Detach instruction to the second network element after determining that the terminal identifier contains the IMSI.
Because the terminal identifier obtained by the first network element has the IMSI, the first network element may determine that the Detach instruction is a real user reporting instruction, and thus, after determining that the received Detach instruction is a real user reporting instruction, the first network element directly sends a Detach execution instruction to the second network element.
And after receiving the instruction of the first network element, the second network element executes the Detach operation on the terminal corresponding to the terminal identifier in the Detach instruction.
And (3) judging a result 2: and if the terminal identifier obtained by the first network element does not have the IMSI, the first network element determines that the terminal identifier does not have the IMSI, and then sends the obtained terminal identifier to the second network element.
After receiving the instruction of the first network element as the instruction to acquire the authentication parameter, the second network element determines, as shown in table 1, the authentication parameter corresponding to the terminal identifier carried in the instruction to acquire the authentication parameter sent by the first network element according to the binding relationship between the terminal identifier and the authentication parameter, and sends the determined authentication parameter to the first network element.
The binding relationship between the terminal identifier and the authentication parameter in the second network element may be shown in the following table:
Figure BDA0001823047660000101
TABLE 1 binding relationship between terminal identification and authentication parameters
And the first network element receives the authentication parameters sent by the second network element and sends the authentication parameters to the terminal.
And the terminal determines an authentication request response message after receiving the authentication information sent by the first network element.
In the embodiment of the present invention, the terminal may determine the authentication request response message according to the following manner.
After receiving the authentication information sent by the first network element, the terminal calculates an authentication request response message by combining a key ki for encrypted data transmission between the terminal SIM card and the operator and passing through an authentication algorithm A3 in the authentication system.
And after determining the authentication request response message, the terminal sends the authentication request response message to the first network element.
And if the first network element receives the authentication request response message sent by the terminal within the determined set time length, the first network element sends the received authentication request response message to the second network element.
For example, the set duration determined by the first network element is 2S, and after the first network element sends the authentication message to the terminal, the first network element receives the authentication request response message sent by the terminal in 2S, and sends the authentication request response message to the second network element.
After receiving the authentication request response message 1 sent by the first network element, the second network element determines an authentication request response message 2 corresponding to the terminal identifier in the second network element according to the binding relationship between the terminal identifier in the second network element and the authentication request response message as shown in table 2.
Terminal identification Authentication request response message
460-00-4777770001 a6:f8:d7:d2
460-00-4256670001 af:97:d9:a1
460-00-2537000701 e2:cb:f8:17
Table 2 binding relationship between terminal identification and authentication request response message
And the second network element verifies the received authentication request response message 1 sent by the first network element and the authentication request response message 2 determined by the second network element according to the terminal identification, and judges whether the authentication request response message 1 is consistent with the authentication request response message 2.
The second network element sends the verification result to the first network element, the first network element judges whether the received verification result sent by the second network element is consistent, if the verification result is inconsistent, the first network element terminates the Detach instruction; and if the verification result is consistent, the first network element sends a Detach instruction to the second network element.
And if the first network element does not receive the authentication request response message sent by the terminal within the determined set duration, terminating the Detach operation aiming at the terminal.
For example, the set duration determined by the first network element is 2S, and after the first network element sends the authentication message to the terminal, the first network element does not receive the authentication request response message sent by the terminal in 2S, and then the first network element terminates the Detach operation for the terminal.
By the method, the first network element sets a fixed time length for receiving the authentication request response message, so that whether the first network element receives the authentication request response message sent by the terminal within the determined time length is judged, and if the first network element does not receive the authentication request response message sent by the terminal within the set time length, the first network element terminates the Detach operation, thereby reducing the time for the first network element to wait for the terminal to send the authentication request response message.
A method for responding to a Detach command in this embodiment is described in further detail with reference to the accompanying drawings, where the first network element in this embodiment may be an MSC (mobile switching center), the second network element may be a VLR (Visitor Location Register) network element, the authentication parameter may be a Random Number parameter, and the authentication request response message may be a SRES (sign response) message.
The schematic diagram of the process of performing authentication is shown in fig. 2, and the selected terminal identifier does not contain IMSI, and the explanation of each step is performed under the condition that the authentication is passed:
step 1: and the terminal sends a Detach instruction to the MSC network element, wherein the instruction carries the terminal identification.
Step 2: and the MSC network element receives the Detach instruction and acquires the terminal identification carried in the instruction.
And step 3: and the MSC network element sends the terminal identification to the VLR network element.
And 4, step 4: and the VLR network element determines the received RAND parameter corresponding to the terminal identifier according to the binding relationship between the terminal identifier and the RAND parameter.
And 5: and the VLR network element sends the determined RAND parameter to the MSC network element.
Step 6: and the MSC network element sends the received RAND parameter to the terminal.
And 7: the terminal determines an SRES message according to the received RAND parameter.
And 8: the terminal sends an SRES message to the MSC network element.
And step 9: the MSC network element sends the received SRES message to the VLR network element.
Step 10: the VLR network element checks the received SRES message.
Step 11: and the VLR network element sends the verification result to the MSC network element.
Step 12: and the MSC network element determines the received verification result as a verification passing result.
Step 13: and the MSC network element sends a Detach instruction to the VLR network element.
Step 14: and after the VLR network element receives the Detach instruction sent by the MSC network element, executing the Detach instruction.
In some possible implementations, aspects of a method for responding to a Detach instruction provided by the embodiments of the present invention may also be implemented in the form of a program product including program code for causing a computer device to perform the steps of the method for authenticating according to various exemplary embodiments of the present invention described in this specification when the program code runs on the computer device.
The program product may employ any combination of one or more readable media. The readable medium may be a readable signal medium or a readable storage medium. A readable storage medium may be, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any combination of the foregoing. More specific examples (a non-exhaustive list) of the readable storage medium include: an electrical connection having one or more wires, a portable disk, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing.
A program product for data forwarding control according to an embodiment of the present invention may employ a portable compact disc read only memory (CD-ROM) and include program code, and may be run on a server device. However, the program product of the present invention is not limited thereto, and in this document, the readable storage medium may be any tangible medium containing or storing the program, which can be used by or in connection with an information transmission, apparatus, or device.
A readable signal medium may include a propagated data signal with readable program code embodied therein, for example, in baseband or as part of a carrier wave. Such a propagated data signal may take any of a variety of forms, including, but not limited to, electro-magnetic, optical, or any suitable combination thereof. A readable signal medium may also be any readable medium other than a readable storage medium that can transmit, propagate, or transport the program for use by or in connection with the periodic network action system, apparatus, or device.
Program code embodied on a readable medium may be transmitted using any appropriate medium, including but not limited to wireless, wireline, optical fiber cable, RF, etc., or any suitable combination of the foregoing.
Program code for carrying out operations for aspects of the present invention may be written in any combination of one or more programming languages, including an object oriented programming language such as Java, C + + or the like and conventional procedural programming languages, such as the "C" programming language or similar programming languages. The program code may execute entirely on the user's computing device, partly on the user's device, as a stand-alone software package, partly on the user's computing device and partly on a remote computing device, or entirely on the remote computing device or server. In the case of a remote computing device, the remote computing device may be connected to the user computing device through any kind of network, including a Local Area Network (LAN) or a Wide Area Network (WAN), or may be connected to an external computing device.
As shown in fig. 3, an embodiment of the present invention provides an apparatus for responding to a Detach instruction, including: processor 300 and transceiver 301:
the processor 300 is configured to send, through the transceiver, the terminal identifier in the Detach instruction sent by the received terminal to the second network element for storing information; sending the received authentication parameters sent by the second network element to the terminal through a transceiver; sending an authentication request response message sent by the terminal to the second network element for verification through a transceiver; and determining whether to send a Detach instruction to the second network element according to a check result sent by the second network element.
Optionally, the processor 300 is specifically configured to:
if the verification result is that the network element passes, sending a Detach instruction to the second network element through the transceiver; or the like, or, alternatively,
and if the verification result is that the instruction is not passed, not sending a Detach instruction to the second network element.
Optionally, the processor 300 is specifically configured to:
and determining that the authentication request response message sent by the terminal is received in a set time length.
Optionally, after the first network element sends the received authentication parameter sent by the second network element to the terminal, the processor 300 is specifically configured to:
and if the authentication request response message sent by the terminal is not received within the set duration, terminating the Detach operation aiming at the terminal.
As shown in fig. 4, the present invention provides an apparatus for responding to a Detach instruction, the apparatus comprising:
at least one processing network element 400 and at least one memory unit 401, wherein said memory network element stores program code which, when executed by said processing network element, causes said processing network element to perform the following process:
sending the terminal identification in the received Detach command sent by the terminal to a second network element for storing information; sending the received authentication parameters sent by the second network element to the terminal; sending an authentication request response message sent by the terminal to the second network element for verification; and determining whether to send a Detach instruction to the second network element according to a check result sent by the second network element.
Optionally, the processing network element 400 is specifically configured to:
if the verification result is that the network element passes, sending a Detach instruction to the second network element; or the like, or, alternatively,
and if the verification result is that the instruction is not passed, not sending a Detach instruction to the second network element.
Optionally, the processing network element 400 is further configured to:
and determining that the authentication request response message sent by the terminal is received in a set time length.
Optionally, the processing network element 400 is further configured to:
and if the authentication request response message sent by the terminal is not received within the set duration, terminating the Detach operation aiming at the terminal.
As shown in fig. 5, an embodiment of the present invention provides an apparatus for responding to a Detach instruction, including: processor 500 and transceiver 501:
the processor: the terminal identification sending method comprises the steps that after a terminal identification sent by a first network element for providing a calling service is received through a transceiver, authentication parameters bound with the terminal identification are sent to a terminal through the first network element, wherein the terminal identification is the terminal identification in a Detach instruction from the terminal received by the first network element; verifying the authentication request response message sent by the terminal to the first network element through the transceiver, and sending a verification result to the first network element; and after receiving a Detach instruction sent by the first network element through the transceiver, executing Detach operation on the terminal.
As shown in fig. 6, the present invention provides an apparatus for responding to a Detach instruction, the apparatus comprising:
at least one processing network element 600 and at least one memory unit 601, wherein said memory unit stores program code which, when executed by said processing network element, causes said processing network element to perform the following process:
after receiving a terminal identifier sent by a first network element for providing a call service, sending an authentication parameter bound with the terminal identifier to a terminal through the first network element, wherein the terminal identifier is the terminal identifier in a Detach instruction from the terminal received by the first network element; verifying the authentication request response message sent by the terminal through the first network element, and sending a verification result to the first network element; and after receiving a Detach instruction sent by the first network element, executing Detach operation on the terminal.
As shown in fig. 7, an embodiment of the present invention provides an apparatus for responding to a Detach instruction, including: processor 700 and transceiver 701:
the processor: the terminal equipment comprises a transceiver, a first network element and a second network element, wherein the transceiver is used for sending a Detach instruction containing a terminal identification to the first network element for providing a call service so as to enable the first network element to send the terminal identification to the second network element for storing information; determining an authentication request response message according to the authentication parameters which are received by the transceiver and are bound with the terminal identification and sent by the second network element through the first network element; and sending the authentication request response message to the second network element for verification through the transceiver, so that the first network element determines whether to send a Detach instruction for executing the Detach operation of the terminal to the second network element according to a verification result.
As shown in fig. 8, the present invention provides an apparatus for responding to a Detach instruction, the apparatus comprising:
at least one processing network element 800 and at least one memory unit 801, wherein the memory unit stores program code which, when executed by the processing network element, causes the processing network element to perform the following:
sending a Detach instruction containing a terminal identifier to a first network element for providing a call service, so that the first network element sends the terminal identifier to a second network element for storing information; determining an authentication request response message according to the received authentication parameters which are sent by the second network element through the first network element and bound with the terminal identification; and sending the authentication request response message to the second network element for verification through the first network element, so that the first network element determines whether to send a Detach instruction for executing the terminal Detach operation to the second network element according to a verification result.
An embodiment of the present invention further provides a non-volatile readable storage medium, which includes program code for causing a computing device to perform the steps of the method of authentication when the program code runs on the computing device.
Based on the same inventive concept, the embodiment of the present invention further provides a method for responding to a Detach instruction, and since the device corresponding to the method is the device for responding to the Detach instruction in the embodiment of the present invention, and the principle of the method for solving the problem is similar to that of the device, the implementation of the method can refer to the implementation of the system, and repeated details are not repeated.
As shown in fig. 9, a method for responding to a Detach instruction according to an embodiment of the present invention includes the following steps:
step 900, the first network element for providing the call service sends the received terminal identifier in the Detach instruction sent by the terminal to the second network element for storing the information;
step 901, the first network element sends the received authentication parameter sent by the second network element to the terminal;
step 902, the first network element sends an authentication request response message sent by the terminal to the second network element for verification;
step 903, the first network element determines whether to send a Detach instruction to the second network element according to the check result sent by the second network element.
Optionally, the determining, by the first network element, whether to send a Detach instruction to the second network element according to the check result sent by the second network element includes:
if the verification result is that the network element passes, the first network element sends a Detach instruction to the second network element; or the like, or, alternatively,
and if the verification result is that the instruction does not pass, the first network element does not send a Detach instruction to the second network element.
Optionally, after the first network element sends the received authentication parameter sent by the second network element to the terminal, before sending the authentication request response message sent by the terminal to the second network element for verification, the method further includes:
and the first network element determines that an authentication request response message sent by the terminal is received within a set time length.
Optionally, after the first network element sends the received authentication parameter sent by the second network element to the terminal, the method further includes:
and if the authentication request response message sent by the terminal is not received within the set duration, the first network element terminates the Detach operation aiming at the terminal.
Based on the same inventive concept, the embodiment of the present invention further provides a method for responding to a Detach instruction, and since the device corresponding to the method is the device for responding to the Detach instruction in the embodiment of the present invention, and the principle of the method for solving the problem is similar to that of the device, the implementation of the method can refer to the implementation of the system, and repeated details are not repeated.
As shown in fig. 10, an embodiment of the present invention further provides a method for responding to a Detach instruction, where the method includes:
step 1000, after receiving a terminal identifier sent by a first network element for providing a call service, a second network element for storing information sends an authentication parameter bound with the terminal identifier to a terminal through the first network element, wherein the terminal identifier is the terminal identifier in a Detach instruction from the terminal received by the first network element;
1001, the second network element checks the authentication request response message sent by the terminal through the first network element, and sends the check result to the first network element;
step 1002, after receiving the Detach instruction sent by the first network element, the second network element executes Detach operation on the terminal.
Based on the same inventive concept, the embodiment of the present invention further provides a method for responding to a Detach instruction, and since the device corresponding to the method is the device for responding to the Detach instruction in the embodiment of the present invention, and the principle of the method for solving the problem is similar to that of the device, the implementation of the method can refer to the implementation of the system, and repeated details are not repeated.
As shown in fig. 11, an embodiment of the present invention further provides a method for responding to a Detach instruction, where the method includes:
step 1100, a terminal sends a Detach instruction containing a terminal identifier to a first network element for providing a call service, so that the first network element sends the terminal identifier to a second network element for storing information;
step 1101, the terminal determines an authentication request response message according to the received authentication parameters bound with the terminal identifier and sent by the second network element through the first network element;
step 1102, the terminal sends the authentication request response message to the second network element for verification through the first network element, so that the first network element determines whether to send a Detach instruction for executing a Detach operation for the terminal to the second network element according to a verification result.
In the embodiments provided in the present application, the method provided in the embodiments of the present application is introduced from the perspective of the terminal and the base station as the execution subject. In order to implement the functions in the method provided by the embodiments of the present application, the terminal and the base station may include a hardware structure and/or a software module, and implement the functions in the form of a hardware structure, a software module, or a hardware structure and a software module. Whether any of the above-described functions is implemented as a hardware structure, a software module, or a hardware structure plus a software module depends upon the particular application and design constraints imposed on the technical solution.
As shown in fig. 12, a method for responding to a Detach instruction according to an embodiment of the present invention includes the following steps:
step 1200, the terminal sends a Detach instruction containing a terminal identifier to a first network element for providing a call service;
step 1201, the first network element receives a Detach instruction sent by the terminal;
step 1202, the first network element sends a terminal identifier in a Detach instruction sent by a received terminal to the second network element;
step 1203, after receiving the terminal identifier sent by the first network element, the second network element sends the authentication parameter bound with the terminal identifier to the first network element;
step 1204, the first network element sends the authentication parameter received and sent by the second network element to the terminal;
step 1205, the terminal determines an authentication request response message according to the received authentication parameter which is sent by the first network element and bound with the terminal identifier;
step 1206, the terminal sends the authentication request response message to a first network element;
step 1207, the first network element determines whether an authentication request response message sent by the terminal is received within a set time length, if so, step 1208 is executed, and if not, step 1209 is executed;
step 1208, the first network element sends the authentication request response message sent by the terminal to the second network element for verification;
step 1209, if the authentication request response message sent by the terminal is not received within the set duration, the first network element terminates the Detach operation for the terminal.
Step 1210, the second network element checks the authentication request response message sent by the first network element, and sends the check result to the first network element.
Step 1211, the first network element receives the check result sent by the second network element, and determines whether the check result is passed, if yes, step 1212 is executed, and if not, step 1213 is executed.
Step 1212, the first network element sends a Detach instruction to the second network element.
Step 1213, the first network element terminates the Detach operation for the terminal.
Step 1214, after receiving the Detach instruction sent by the first network element, the second network element executes Detach operation on the terminal.
The present application is described above with reference to block diagrams and/or flowchart illustrations of methods, apparatus (systems) and/or computer program products according to embodiments of the application. It will be understood that one block of the block diagrams and/or flowchart illustrations, and combinations of blocks in the block diagrams and/or flowchart illustrations, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, and/or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer and/or other programmable data processing apparatus, create means for implementing the functions/acts specified in the block diagrams and/or flowchart block or blocks.
Accordingly, the subject application may also be embodied in hardware and/or in software (including firmware, resident software, micro-code, etc.). Furthermore, the present application may take the form of a computer program product on a computer-usable or computer-readable storage medium having computer-usable or computer-readable program code embodied in the medium for use by or in connection with an instruction execution system. In the context of this application, a computer-usable or computer-readable medium may be any medium that can contain, store, communicate, propagate, or transport the program for use by or in connection with the instruction execution system, apparatus, or device.
It will be apparent to those skilled in the art that various changes and modifications may be made in the present invention without departing from the spirit and scope of the invention. Thus, if such modifications and variations of the present invention fall within the scope of the claims of the present invention and their equivalents, the present invention is also intended to include such modifications and variations.

Claims (14)

1. A method of responding to a Detach instruction, the method comprising:
a first network element used for providing a call service sends a terminal identifier in a received Detach instruction sent by a terminal to a second network element used for storing information;
the first network element sends the received authentication parameters sent by the second network element to the terminal;
the first network element sends an authentication request response message sent by the terminal to the second network element for verification;
and the first network element determines whether to send a Detach instruction to the second network element according to the check result sent by the second network element.
2. The method of claim 1, wherein the determining, by the first network element, whether to send a Detach instruction to the second network element according to the check result sent by the second network element comprises:
if the verification result is that the network element passes, the first network element sends a Detach instruction to the second network element; or
And if the verification result is that the instruction does not pass, the first network element does not send a Detach instruction to the second network element.
3. The method of claim 1, wherein after the first network element sends the received authentication parameters sent by the second network element to the terminal, before sending an authentication request response message sent by the terminal to the second network element for checking, further comprising:
and the first network element determines that an authentication request response message sent by the terminal is received within a set time length.
4. The method of claim 3, wherein after the first network element sends the received authentication parameters sent by the second network element to the terminal, the method further comprises:
and if the authentication request response message sent by the terminal is not received within the set duration, the first network element terminates the Detach operation aiming at the terminal.
5. A method of responding to a Detach instruction, the method comprising:
after receiving a terminal identifier sent by a first network element for providing a call service, a second network element for storing information sends an authentication parameter bound with the terminal identifier to a terminal through the first network element, wherein the terminal identifier is the terminal identifier in a Detach instruction from the terminal received by the first network element;
the second network element checks the authentication request response message sent by the terminal through the first network element and sends a check result to the first network element;
and after receiving the Detach instruction sent by the first network element, the second network element executes Detach operation on the terminal.
6. A method of responding to a Detach instruction, the method comprising:
a terminal sends a Detach instruction containing a terminal identifier to a first network element for providing a call service, so that the first network element sends the terminal identifier to a second network element for storing information;
the terminal determines an authentication request response message according to the received authentication parameters which are sent by the second network element through the first network element and bound with the terminal identifier;
and the terminal sends the authentication request response message to the second network element for verification through the first network element, so that the first network element determines whether to send a Detach instruction for executing the Detach operation of the terminal to the second network element according to a verification result.
7. An apparatus responsive to a Detach instruction, comprising: a processor and a transceiver:
the processor is used for sending the received terminal identification in the Detach instruction sent by the terminal to the second network element for storing information through the transceiver; sending the received authentication parameters sent by the second network element to the terminal through a transceiver; sending an authentication request response message sent by the terminal to the second network element for verification through a transceiver; and determining whether to send a Detach instruction to the second network element according to a check result sent by the second network element.
8. The device of claim 7, wherein the processor is specifically configured to:
if the verification result is that the network element passes, sending a Detach instruction to the second network element through the transceiver; or
And if the verification result is that the instruction is not passed, not sending a Detach instruction to the second network element.
9. The device of claim 7, wherein the processor is further configured to:
and determining that the authentication request response message sent by the terminal is received in a set time length.
10. The device of claim 9, wherein the processor is further configured to:
and if the authentication request response message sent by the terminal is not received within the set duration, terminating the Detach operation aiming at the terminal.
11. An apparatus responsive to a Detach instruction, comprising: a processor and a transceiver:
the processor is configured to send, to a terminal through a first network element after receiving, through a transceiver, a terminal identifier sent by the first network element for providing a call service, an authentication parameter bound to the terminal identifier, where the terminal identifier is a terminal identifier in a Detach instruction from the terminal received by the first network element; verifying the authentication request response message sent by the terminal to the first network element through the transceiver, and sending a verification result to the first network element; and after receiving a Detach instruction sent by the first network element through the transceiver, executing Detach operation on the terminal.
12. An apparatus responsive to a Detach instruction, comprising: a processor and a transceiver:
the processor is configured to send a Detach instruction including a terminal identifier to a first network element for providing a call service through a transceiver, so that the first network element sends the terminal identifier to a second network element for storing information; determining an authentication request response message according to the authentication parameters which are received by the transceiver and are bound with the terminal identification and sent by the second network element through the first network element; and sending the authentication request response message to the second network element for verification through the transceiver, so that the first network element determines whether to send a Detach instruction for executing the Detach operation of the terminal to the second network element according to a verification result.
13. An apparatus responsive to a Detach instruction, the apparatus comprising: at least one processing network element and at least one storage network element, wherein the storage network element stores program code that, when executed by the processing network element, causes the processing network element to perform the steps of the method of any one of claims 1 to 4 or the steps of the method of claim 5 or claim 6.
14. A computer-readable medium, on which a computer program is stored, which, when being executed by a processor, carries out the steps of the method according to any one of claims 1 to 4 or the steps of the method according to claim 5 or the steps of the method according to claim 6.
CN201811173162.XA 2018-10-09 2018-10-09 Method and equipment for responding to Detach instruction Pending CN111030964A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201811173162.XA CN111030964A (en) 2018-10-09 2018-10-09 Method and equipment for responding to Detach instruction

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201811173162.XA CN111030964A (en) 2018-10-09 2018-10-09 Method and equipment for responding to Detach instruction

Publications (1)

Publication Number Publication Date
CN111030964A true CN111030964A (en) 2020-04-17

Family

ID=70190556

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201811173162.XA Pending CN111030964A (en) 2018-10-09 2018-10-09 Method and equipment for responding to Detach instruction

Country Status (1)

Country Link
CN (1) CN111030964A (en)

Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20060073811A1 (en) * 1998-07-07 2006-04-06 Nokia Networks Oy System and method for authentication in a mobile communications system
CN101400054A (en) * 2007-09-28 2009-04-01 华为技术有限公司 Method, system and device for protecting privacy of customer terminal
CN101873567A (en) * 2009-04-27 2010-10-27 华为终端有限公司 De-adherence method, system and device for mobile terminal
EP2403283A1 (en) * 2004-04-26 2012-01-04 Nokia Corporation Improved subscriber authentication for unlicensed mobile access signaling
CN104822146A (en) * 2009-04-27 2015-08-05 皇家Kpn公司 Managing undesired service requests in a network
CN107509197A (en) * 2017-08-24 2017-12-22 青岛海信移动通信技术股份有限公司 Illegal cell recognition method and terminal
CN108076461A (en) * 2016-11-18 2018-05-25 华为技术有限公司 A kind of method for authenticating, base station, user equipment and core network element
CN108123917A (en) * 2016-11-29 2018-06-05 中国移动通信有限公司研究院 A kind of newer method and apparatus of the Service Ticket of internet-of-things terminal

Patent Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20060073811A1 (en) * 1998-07-07 2006-04-06 Nokia Networks Oy System and method for authentication in a mobile communications system
EP2403283A1 (en) * 2004-04-26 2012-01-04 Nokia Corporation Improved subscriber authentication for unlicensed mobile access signaling
CN101400054A (en) * 2007-09-28 2009-04-01 华为技术有限公司 Method, system and device for protecting privacy of customer terminal
CN101873567A (en) * 2009-04-27 2010-10-27 华为终端有限公司 De-adherence method, system and device for mobile terminal
CN104822146A (en) * 2009-04-27 2015-08-05 皇家Kpn公司 Managing undesired service requests in a network
CN108076461A (en) * 2016-11-18 2018-05-25 华为技术有限公司 A kind of method for authenticating, base station, user equipment and core network element
CN108123917A (en) * 2016-11-29 2018-06-05 中国移动通信有限公司研究院 A kind of newer method and apparatus of the Service Ticket of internet-of-things terminal
CN107509197A (en) * 2017-08-24 2017-12-22 青岛海信移动通信技术股份有限公司 Illegal cell recognition method and terminal

Non-Patent Citations (3)

* Cited by examiner, † Cited by third party
Title
A JAJSZCZYK: "《A Guide to the wireless engineering body of knowledge》", 31 December 2012 *
啜钢,王文博,常永宁,全庆一: "《移动通信原理与系统》", 28 February 2015 *
罗海军: "基于位置更新信令数据的伪基站侦测研究", 《中国优秀硕士学位论文全文数据库信息科技辑》 *

Similar Documents

Publication Publication Date Title
CN110113167B (en) Information protection method and system of intelligent terminal and readable storage medium
US11963004B2 (en) Detection of a rerouting of a communication channel of a telecommunication device connected to an NFC circuit
US10231124B2 (en) Anti-theft method and client for a mobile terminal
CN109345245B (en) Short message verification method, device, network and storage medium based on block chain
CN106850209A (en) A kind of identity identifying method and device
US9185561B2 (en) Protection against rerouting in an NFC circuit communication channel
WO2013135898A1 (en) Mobile phone takeover protection system and method
CN104199654A (en) Open platform calling method and device
EP3384629A1 (en) System and method for tamper-resistant device usage metering
JP2019510316A (en) Method and device for providing account linking and service processing
CN104767713A (en) Account binding method, server and account binding system
CN107623907B (en) eSIM card network locking method, terminal and network locking authentication server
CN206993151U (en) Network signal security authentication systems
CN105873045B (en) Method for security protection, device, system and the terminal of soft SIM card
CN103441989B (en) A kind of authentication, information processing method and device
CN109699030B (en) Unmanned aerial vehicle authentication method, device, equipment and computer readable storage medium
CN109743306B (en) Account security evaluation method, system, device and medium
CN104918244A (en) Terminal and terminal communication method
CN111030964A (en) Method and equipment for responding to Detach instruction
CN106899482A (en) The processing method and processing device for preventing number
CN111328073B (en) Method and device for defending risk of No. seven signaling
CN106156650A (en) Data protection system and method
CN110830465B (en) Security protection method for accessing UKey, server and client
CN107809758B (en) SIM card information protection method and device
CN110234106B (en) Method and device for detecting whether VLR verifies identification response of called terminal

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20200417