TWI598762B - A network system, method and mobile device based on remote user authentication - Google Patents

A network system, method and mobile device based on remote user authentication Download PDF

Info

Publication number
TWI598762B
TWI598762B TW104127064A TW104127064A TWI598762B TW I598762 B TWI598762 B TW I598762B TW 104127064 A TW104127064 A TW 104127064A TW 104127064 A TW104127064 A TW 104127064A TW I598762 B TWI598762 B TW I598762B
Authority
TW
Taiwan
Prior art keywords
account
mobile device
authentication
information
virtual sim
Prior art date
Application number
TW104127064A
Other languages
Chinese (zh)
Other versions
TW201706893A (en
Inventor
楊羚
Original Assignee
群邁通訊股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 群邁通訊股份有限公司 filed Critical 群邁通訊股份有限公司
Publication of TW201706893A publication Critical patent/TW201706893A/en
Application granted granted Critical
Publication of TWI598762B publication Critical patent/TWI598762B/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0853Network architectures or network communication protocols for network security for authentication of entities using an additional device, e.g. smartcard, SIM or a different communication terminal

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Telephonic Communication Services (AREA)
  • Telephone Function (AREA)
  • Mobile Radio Communication Systems (AREA)

Description

實現雲端身份認證的網路系統、方法及移動設備 Network system, method and mobile device for implementing cloud identity authentication

本發明涉及一種實現雲端身份認證的網路系統、方法以及移動設備。 The invention relates to a network system, a method and a mobile device for implementing cloud identity authentication.

習知的移動網路的身份認證都是基於移動設備中包含的SIM卡資訊進行驗證。當用戶使用複數SIM卡時,用戶需要手動換卡或者使用多卡移動設備,這會降低用戶的使用體驗或者增加移動設備的成本。 The authentication of the conventional mobile network is based on the SIM card information contained in the mobile device for verification. When a user uses a plurality of SIM cards, the user needs to manually change cards or use a multi-card mobile device, which may reduce the user experience or increase the cost of the mobile device.

鑒於以上內容,有必要提供一種實現雲端身份認證的網路系統、方法以及移動設備。 In view of the above, it is necessary to provide a network system, method and mobile device for implementing cloud identity authentication.

一種實現雲端身份認證的網路系統,該網路系統包括移動網路,該網路系統還包括:帳號資料庫,用於儲存用戶申請的帳號的資訊以及各帳號所綁定的至少一個虛擬SIM卡的各種資訊;帳號認證模組,用於透過移動網路接收移動設備發送的帳號認證資訊,並根據接收的帳號認證資訊以及帳號資料庫判斷所述移動設備是否通過帳號認證;所述帳號認證模組,還用於當所述移動設備通過帳號認證時,將所述移動設備發送的帳號認證資訊中的帳號所綁定的虛擬SIM卡的認證資訊發送到所述移動網路;所述移動網路,用於根據接收到的 虛擬SIM卡的認證資訊判斷所述移動設備是否通過身份認證;及所述移動網路,還用於當所述移動設備通過身份認證時,將認證成功的虛擬SIM卡的資訊回饋給所述移動設備。 A network system for implementing cloud identity authentication, the network system includes a mobile network, the network system further includes: an account database for storing information of an account applied by the user and at least one virtual SIM bound to each account The card authentication information is used to receive the account authentication information sent by the mobile device through the mobile network, and determine whether the mobile device passes the account authentication according to the received account authentication information and the account database; the account authentication The module is further configured to: when the mobile device passes the account authentication, send, to the mobile network, authentication information of the virtual SIM card bound by the account in the account authentication information sent by the mobile device; Network, based on received The authentication information of the virtual SIM card determines whether the mobile device passes the identity authentication; and the mobile network is further configured to: when the mobile device passes the identity authentication, feed back information of the successfully authenticated virtual SIM card to the mobile device.

一種實現雲端身份認證的方法,該方法包括:移動網路接收到移動設備發送的帳號認證資訊,並將所述帳號認證資訊傳輸到帳號認證模組;所述帳號認證模組根據所述帳號認證資訊以及帳號資料庫判斷所述移動設備是否通過帳號認證,所述帳號資料庫中儲存著用戶申請的帳號的資訊以及各帳號所綁定的至少一個虛擬SIM卡的各種資訊;當所述移動設備通過帳號認證時,所述帳號認證模組將所述移動設備發送的帳號認證資訊中的帳號所綁定的虛擬SIM卡的認證資訊發送到所述移動網路做身份認證;所述移動網路根據接收到的虛擬SIM卡的認證資訊判斷所述移動設備是否通過身份認證;及當所述移動設備通過身份認證時,所述移動網路將認證成功的虛擬SIM卡的資訊回饋給所述移動設備。 A method for implementing cloud identity authentication, the method comprising: receiving, by a mobile network, account authentication information sent by a mobile device, and transmitting the account authentication information to an account authentication module; the account authentication module is authenticated according to the account The information and the account database determine whether the mobile device is authenticated by the account, and the account database stores information about the account applied by the user and various information of at least one virtual SIM card bound to each account; when the mobile device When the account authentication is performed, the account authentication module sends the authentication information of the virtual SIM card bound to the account in the account authentication information sent by the mobile device to the mobile network for identity authentication; the mobile network Determining, by the authentication information of the received virtual SIM card, whether the mobile device passes the identity authentication; and when the mobile device passes the identity authentication, the mobile network feeds back information of the successfully authenticated virtual SIM card to the mobile device.

一種實現雲端身份認證的移動設備,該移動設備包括:用於進行通訊的通訊裝置;用於儲存虛擬SIM卡的配置資訊的儲存裝置;用於實現雲端身份認證的處理器,所述處理器執行下述步驟:當透過通訊裝置接收到身份認證請求時,根據用戶輸入的帳號及密碼生成帳號認證資訊,所述帳號綁定至少一個虛擬SIM卡;發送該帳號認證資訊以進行帳號認證及進行根據該帳號綁定的至少一個虛擬SIM卡的身份認證;及當通過身份認證時,接收通過身份認證的虛擬SIM卡的資訊。 A mobile device for implementing cloud identity authentication, the mobile device comprising: a communication device for performing communication; a storage device for storing configuration information of the virtual SIM card; a processor for implementing cloud identity authentication, the processor executing The following steps are: when receiving the identity authentication request through the communication device, generating account authentication information according to the account and password input by the user, the account is bound to at least one virtual SIM card; sending the account authentication information for account authentication and performing the The identity authentication of the at least one virtual SIM card bound to the account; and, when the identity authentication is performed, receiving the information of the virtual SIM card authenticated by the identity.

相較於習知技術,本發明中的移動設備不包含SIM卡模組,移動設備只需能夠連接到所述實現雲端身份認證的網路,並輸入正確的帳號及密碼即可通過身份認證。透過本發明,節省了移動設備的成本,同時提高了用戶的體驗。 Compared with the prior art, the mobile device in the present invention does not include a SIM card module, and the mobile device only needs to be able to connect to the network for implementing cloud identity authentication, and enter the correct account number and password to pass the identity authentication. Through the invention, the cost of the mobile device is saved, and the user experience is improved.

1‧‧‧實現雲端身份認證的網路系統 1‧‧‧Network system for cloud identity authentication

10‧‧‧移動網路 10‧‧‧Mobile network

101‧‧‧基站 101‧‧‧ base station

102‧‧‧控制模組 102‧‧‧Control Module

103‧‧‧傳輸模組 103‧‧‧Transmission module

104‧‧‧移動用戶管理模組 104‧‧‧Mobile User Management Module

11‧‧‧帳號資料庫 11‧‧‧ Account Database

12‧‧‧帳號認證模組 12‧‧‧Account Authentication Module

13‧‧‧功能模組 13‧‧‧ functional modules

2‧‧‧移動設備 2‧‧‧Mobile devices

21‧‧‧通訊裝置 21‧‧‧Communication device

22‧‧‧處理器 22‧‧‧ Processor

23‧‧‧儲存裝置 23‧‧‧Storage device

24‧‧‧輸入裝置 24‧‧‧ Input device

3‧‧‧Internet 3‧‧‧Internet

圖1是LTE網路的網路架構圖。 Figure 1 is a network architecture diagram of an LTE network.

圖2是本發明實現雲端身份認證的網路系統的架構圖。 2 is a structural diagram of a network system for implementing cloud identity authentication according to the present invention.

圖3是帳號資料庫的示意圖。 Figure 3 is a schematic diagram of an account database.

圖4是本發明實現雲端身份認證的方法的較佳實施例的流程圖。 4 is a flow chart of a preferred embodiment of a method for implementing cloud identity authentication in accordance with the present invention.

圖5是本發明實現雲端身份認證的方法的較佳實施例的用戶資料的處理過程的流程圖。 FIG. 5 is a flowchart of a process of processing user data according to a preferred embodiment of the method for implementing cloud identity authentication according to the present invention.

為便於說明,以下以LTE制式的網路為例介紹一下習知網路的網路架構。所述LTE(Long Term Evolution,長期演進)是由3GPP(The 3rd Generation Partnership Project,第三代合作夥伴計畫)組織制定的UMTS(Universal Mobile Telecommunications System,通用移動通訊系統)技術標準。 For the sake of explanation, the following uses the LTE network as an example to introduce the network architecture of the conventional network. The LTE (Long Term Evolution) is a UMTS (Universal Mobile Telecommunications System) technical standard developed by the 3GPP (The 3rd Generation Partnership Project).

參閱圖1所示,是LTE網路的網路架構圖。所述LTE網路包括,但不限於,基站,服務閘道(Serving GateWay,SGW),PDN閘道(PDN GateWay,PGW),移動管理實體(Mobility Management Entity,MME)以及歸屬簽約用戶伺服器(Home Subscriber Server,HSS)。所述移動設備包含至少一個SIM卡,並可與基站通訊連接。所述SIM卡包含移動用戶識別碼,位置區域識別碼,電話簿等資訊。所述PGW與Internet通訊連接。所述基站主要用於將移動設備的信令轉發給MME,將移動設備的用戶資料轉發給SGW,並將回饋的資料轉發給移動設備。所述SGW主要用於轉發移動設備的用戶資料。所述PGW主要用於轉發移動設備的用戶資料到Internet,並將Internet回饋的資料轉發給SGW。所述MME 用於處理移動設備的信令,例如為移動設備分配IP、SGW以及PGW,將身份認證資訊轉給HSS等。所述HSS主要用於管理該LTE網路的所有SIM卡的資訊,例如某個SIM卡的認證資訊、資費以及當前位置等資訊。所述HSS可根據移動設備發送的其包含的SIM卡的認證資訊,對該移動設備進行身份認證。 Referring to FIG. 1, it is a network architecture diagram of an LTE network. The LTE network includes, but is not limited to, a base station, a Serving GateWay (SGW), a PDN GateWay (PGW), a Mobility Management Entity (MME), and a Home Subscriber Server ( Home Subscriber Server, HSS). The mobile device includes at least one SIM card and is communicably coupled to the base station. The SIM card includes information such as a mobile subscriber identity code, a location area identifier, and a phone book. The PGW is connected to the Internet. The base station is configured to forward the signaling of the mobile device to the MME, forward the user data of the mobile device to the SGW, and forward the returned data to the mobile device. The SGW is mainly used to forward user data of the mobile device. The PGW is mainly used to forward the user data of the mobile device to the Internet, and forward the data fed back by the Internet to the SGW. The MME Signaling for processing mobile devices, for example, assigning IP, SGW, and PGW to mobile devices, transferring identity authentication information to HSS, and the like. The HSS is mainly used to manage information of all SIM cards of the LTE network, such as information such as authentication information, tariffs, and current location of a SIM card. The HSS may perform identity authentication on the mobile device according to the authentication information of the SIM card that the mobile device sends.

習知的移動設備進行身份認證的流程為: The process of identity authentication for a conventional mobile device is:

步驟1,當移動設備與基站通訊連接時,移動設備根據其包含的SIM卡確定身份認證資訊,並將該身份認證資訊透過基站發送到MME。 Step 1: When the mobile device is in communication connection with the base station, the mobile device determines identity authentication information according to the SIM card it contains, and sends the identity authentication information to the MME through the base station.

步驟2,MME將收到的身份認證資訊發送到HSS上進行身份認證,也即認證該移動設備包含的SIM卡的身份。若該移動設備包含的SIM卡通過認證(例如有效,未欠費等),則判斷該移動設備通過身份認證。 Step 2: The MME sends the received identity authentication information to the HSS for identity authentication, that is, authenticates the identity of the SIM card included in the mobile device. If the SIM card included in the mobile device passes the authentication (eg, valid, no fee, etc.), it is determined that the mobile device passes the identity authentication.

步驟3,當移動設備的身份認證通過時,HSS將結果回饋給MME,MME將認證成功的資訊透過基站回饋給移動設備,同時為該移動設備分配IP、SGW以及PGW。若移動設備的身份認證未通過時(例如SIM卡無效),則MME將認證失敗的資訊也透過基站回饋給移動設備。 Step 3: When the identity authentication of the mobile device passes, the HSS feeds the result back to the MME, and the MME feeds back the successfully authenticated information to the mobile device through the base station, and allocates the IP, the SGW, and the PGW to the mobile device. If the identity authentication of the mobile device fails (for example, the SIM card is invalid), the MME returns the information of the authentication failure to the mobile device through the base station.

需要說明的是,當移動設備的身份認證成功時,移動設備在本次連接被斷開之前都無需再次認證即可使用該LTE網路。所述連接被斷開可以由移動設備主動斷開,或者因為費用等問題由HSS斷開,再或者因為長時間未使用而由MME斷開。 It should be noted that when the identity authentication of the mobile device is successful, the mobile device can use the LTE network without re-authentication before the current connection is disconnected. The disconnection of the connection may be actively disconnected by the mobile device, or disconnected by the HSS due to cost or the like, or disconnected by the MME because it has not been used for a long time.

習知的用戶資料的處理過程為: The processing of the conventional user data is:

步驟a,當移動設備能夠正常使用該LTE網路後,所述移動設備根據用戶的操作發送用戶資料。所述用戶資料可以是短信,電話,上網請求等。 Step a, after the mobile device can normally use the LTE network, the mobile device sends the user profile according to the operation of the user. The user profile may be a text message, a phone call, an internet request, or the like.

步驟b,所述基站將用戶資料透過SGW以及PGW傳輸到Internet,並在收到回饋資料時,透過SGW、PGW從Internet接收回饋資料,並將回饋資料 發送到移動設備。需要說明的是,當用戶資料被傳輸到Internet上時,Internet上的相應伺服器會處理用戶的資料,並將結果透過Internet回饋回來。 Step b, the base station transmits the user data to the Internet through the SGW and the PGW, and receives the feedback data from the Internet through the SGW and the PGW when receiving the feedback data, and the feedback data is sent back Send to mobile device. It should be noted that when the user data is transmitted to the Internet, the corresponding server on the Internet processes the user's data and returns the result back through the Internet.

在步驟a和步驟b中,所述基站和SGW會將該移動設備的一些資訊傳輸給MME,例如該移動設備的位置資訊,流量資訊等。所述MME將接收的資訊發送到HSS以更新該移動設備使用的SIM卡的資訊。 In step a and step b, the base station and the SGW transmit some information of the mobile device to the MME, for example, location information, traffic information, and the like of the mobile device. The MME sends the received information to the HSS to update the information of the SIM card used by the mobile device.

在其他制式的網路中,上述的節點會有所變化,但是移動設備的身份認證處理都是在管理著該網路所有SIM卡資訊的伺服器上。在LTE網路中,該伺服器是歸屬簽約用戶伺服器(Home Subscriber Server,HSS),在其他制式的網路中可以是其他伺服器,例如歸屬位置暫存器(Home Location Register,HLR)。 In other networks, the above nodes will change, but the identity authentication process of the mobile device is on the server that manages all the SIM card information of the network. In the LTE network, the server is a Home Subscriber Server (HSS), and in other networks, other servers, such as a Home Location Register (HLR).

一些移動設備使用的SIM卡中還可包含一些預設的程式,所述預設的程式的程式設計語言為用戶識別應用發展工具(SIM tool kit,STK),所以這些預設的程式的功能被稱為STK功能。移動設備透過這些預設的程式可以生成相應的與STK功能相關的用戶資料,例如請求獲取STK功能列表。這類用戶資料的處理流程跟正常的用戶資料的處理流程一樣,都是將用戶資料發送到Internet上的某個伺服器進行處理,並透過Internet接收回饋的資料。因為STK功能是儲存於SIM卡內的程式,由於SIM卡容量的限制,STK功能不多而且比較簡單。 The SIM card used by some mobile devices may also include some preset programs, and the programming language of the preset program is a SIM tool kit (STK), so the functions of these preset programs are Called STK function. The mobile device can generate corresponding user data related to the STK function through these preset programs, for example, requesting to obtain a list of STK functions. The processing flow of this kind of user data is the same as the processing process of the normal user data, and the user data is sent to a server on the Internet for processing, and the feedback data is received through the Internet. Because the STK function is a program stored in the SIM card, the STK function is not much and simple because of the limitation of the SIM card capacity.

參閱圖2所示,是本發明實現雲端身份認證的網路系統的架構圖。所述實現雲端身份認證的網路系統1包括,但不限於,移動網路10,帳號資料庫11,帳號認證模組12以及功能模組13。所述實現雲端身份認證的網路系統1與移動設備2以及Internet 3通訊連接。 Referring to FIG. 2, it is an architectural diagram of a network system for implementing cloud identity authentication according to the present invention. The network system 1 for implementing cloud identity authentication includes, but is not limited to, a mobile network 10, an account database 11, an account authentication module 12, and a function module 13. The network system 1 that implements cloud identity authentication is in communication with the mobile device 2 and the Internet 3.

所述移動設備2包括,但不限於,通訊裝置21,處理器22,儲存裝置23以及輸入裝置24。所述移動設備2不包含SIM卡,該移動設備2可以是不包含SIM卡的手機、平板電腦等設備。所述通訊裝置21用於與移動網路10通訊連 接,可以是射頻裝置等。所述儲存裝置23用於儲存虛擬SIM卡的配置資訊(例如通話記錄、電話簿等)以及安裝於移動設備2的程式(例如加密程式等)及資料。所述儲存裝置23可以是移動設備2的記憶體,可以是智慧媒體卡(Smart Media Card)、快閃記憶體卡(Flash Card)等外部儲存設備。所述輸入裝置24用於供用戶輸入資料。所述輸入裝置24可以是鍵盤、觸控式螢幕、麥克風等輸入裝置。 The mobile device 2 includes, but is not limited to, a communication device 21, a processor 22, a storage device 23, and an input device 24. The mobile device 2 does not include a SIM card, and the mobile device 2 may be a mobile phone, a tablet computer or the like that does not include a SIM card. The communication device 21 is used to communicate with the mobile network 10 Connected, it can be a radio frequency device or the like. The storage device 23 is configured to store configuration information (such as a call record, a phone book, etc.) of the virtual SIM card, and programs (such as encryption programs, etc.) and materials installed on the mobile device 2. The storage device 23 may be a memory of the mobile device 2, and may be an external storage device such as a smart media card (Flash Media Card) or a flash memory card (Flash Card). The input device 24 is for inputting data by a user. The input device 24 can be an input device such as a keyboard, a touch screen, or a microphone.

當移動設備2透過通訊裝置21與所述實現雲端身份認證的網路系統1通訊連接時,所述實現雲端身份認證的網路系統1向移動設備2發送身份認證請求。移動設備2透過輸入裝置24接收用戶輸入的帳號及密碼,根據用戶輸入的帳號及密碼生成帳號認證資訊,並透過通訊裝置21發送到所述實現雲端身份認證的網路系統1。所述實現雲端身份認證的網路系統1先對帳號認證資訊中的帳號進行帳號認證,並在通過帳號認證後,對該帳號所綁定的虛擬SIM卡進行身份認證,並將通過身份認證的虛擬SIM卡的資訊回饋給移動設備。所述用戶輸入的帳號以及該帳號所綁定的虛擬SIM卡都需要用戶向運營商申請,由運營商進行分配。 When the mobile device 2 is communicatively connected to the network system 1 for implementing cloud identity authentication via the communication device 21, the network system 1 implementing cloud identity authentication sends an identity authentication request to the mobile device 2. The mobile device 2 receives the account number and password input by the user through the input device 24, generates account authentication information according to the account and password input by the user, and transmits the account authentication information to the network system 1 for implementing cloud identity authentication through the communication device 21. The network system 1 for implementing cloud identity authentication first performs account authentication on the account in the account authentication information, and after authenticating through the account, authenticates the virtual SIM card bound to the account, and passes the identity authentication. The information of the virtual SIM card is fed back to the mobile device. The account entered by the user and the virtual SIM card bound to the account require the user to apply to the operator and be assigned by the operator.

所述移動網路10包括,但不限於基站101,控制模組102,傳輸模組103,以及移動用戶管理模組104。所述移動網路10可以是LTE制式的網路,也可以是其他制式的網路。所述移動網路10用於傳輸所述移動設備2的資料到Internet 3和帳號認證模組12。所述資料可以是移動設備2的帳號認證資訊,也可以是移動設備2的用戶資料。所述用戶資料可以是打電話、發短信以及上網等請求,也可以是與帳號及SIM卡相關的請求。 The mobile network 10 includes, but is not limited to, a base station 101, a control module 102, a transmission module 103, and a mobile subscriber management module 104. The mobile network 10 may be a network of the LTE standard or a network of other standards. The mobile network 10 is configured to transmit the data of the mobile device 2 to the Internet 3 and the account authentication module 12. The data may be the account authentication information of the mobile device 2 or the user profile of the mobile device 2. The user profile may be a request for making a call, sending a text message, or accessing the Internet, or may be a request related to an account number and a SIM card.

所述基站101用於將移動設備2的信令轉發給控制模組102,將移動設備2的用戶資料轉發給傳輸模組103,並將回饋的資料轉發給移動移動設備2。所述控制模組102用於處理接收到的信令,例如為移動設備2分配IP、SGW以及PGW。所述控制模組102可以是LTE網路中的MME,可以是其他網路中的其 他控制模組。所述傳輸模組103用於將移動設備2的用戶資料轉發到Internet 3,並將從Internet 3接收到的回饋資料轉發給基站101。所述傳輸模組103在LTE網路中是SGW以及PGW,在其他網路中也可以是其他傳輸模組。所述移動用戶管理模組104用於管理該移動網路10所有的SIM卡(包括虛擬SIM卡)的資訊,例如某個SIM卡的認證資訊、資費以及當前位置資訊等。所述移動用戶管理模組104在LTE網路中是HSS,在其他網路中也可以是其他設備,例如HLR。 The base station 101 is configured to forward the signaling of the mobile device 2 to the control module 102, forward the user data of the mobile device 2 to the transmission module 103, and forward the returned data to the mobile mobile device 2. The control module 102 is configured to process received signaling, such as assigning IP, SGW, and PGW to the mobile device 2. The control module 102 can be an MME in an LTE network, which can be in other networks. He controls the module. The transmission module 103 is configured to forward the user data of the mobile device 2 to the Internet 3, and forward the feedback data received from the Internet 3 to the base station 101. The transmission module 103 is an SGW and a PGW in the LTE network, and may be other transmission modules in other networks. The mobile user management module 104 is configured to manage information about all SIM cards (including virtual SIM cards) of the mobile network 10, such as authentication information, tariffs, and current location information of a certain SIM card. The mobile subscriber management module 104 is an HSS in the LTE network, and may be other devices, such as an HLR, in other networks.

所述帳號資料庫11用於儲存所有用戶向運營商申請的各個帳號的資訊以及各帳號所綁定的虛擬SIM卡的各種信息,例如移動用戶識別碼、位置區域識別碼、電話簿、和專屬化應用資訊等資訊。當用戶向運營商申請帳號時,運營商會將該帳號與至少一個虛擬SIM卡進行綁定,並將用戶申請的帳號以及虛擬SIM卡資訊儲存到帳號資料庫11中。若用戶申請專屬化應用,則運營商會將用戶申請的專屬化應用綁定至該虛擬SIM卡。 The account database 11 is configured to store information of each account applied by the user to the operator and various information of the virtual SIM card bound to each account, such as a mobile subscriber identity, a location area identifier, a phone book, and an exclusive account. Information such as application information. When the user applies for an account to the operator, the operator binds the account with at least one virtual SIM card, and stores the account and the virtual SIM card information applied by the user into the account database 11. If the user applies for a dedicated application, the operator binds the user-applied application to the virtual SIM card.

參閱圖3所示,是帳號資料庫11的示意圖。圖3中的帳號及密碼為移動設備2的帳號認證資訊中的帳號及密碼。根據移動設備2的帳號認證資訊中的帳號及密碼可以確定該帳號所綁定的虛擬SIM卡資訊。圖中帳號bob245綁定著兩個虛擬SIM卡資訊,表示該用戶申請了兩張虛擬SIM卡。圖3中的ICCID是積體電路卡識別碼(integrated circuit card identity),ICCID是虛擬SIM卡的唯一識別號碼。IMSI是國際移動用戶識別碼(International Mobile Subscriber Identification Number),IMSI是區別移動用戶的標識。LOCI是位置資訊(location information),LOCI包含位置區資訊等內容。虛擬SIM卡資訊還可以包括此虛擬SIM卡所對應的電話號碼、電話簿、通話記錄和簡訊等資訊。 Referring to FIG. 3, it is a schematic diagram of the account database 11. The account number and password in FIG. 3 are the account number and password in the account authentication information of the mobile device 2. The virtual SIM card information bound to the account can be determined according to the account number and password in the account authentication information of the mobile device 2. In the figure, the account bob245 is bound with two virtual SIM card information, indicating that the user has applied for two virtual SIM cards. The ICCID in FIG. 3 is an integrated circuit card identity, and the ICCID is a unique identification number of the virtual SIM card. IMSI is an International Mobile Subscriber Identification Number (IMSI) is an identifier that distinguishes mobile users. LOCI is location information, LOCI contains location area information and so on. The virtual SIM card information may also include information such as a phone number, a phone book, a call log, and a newsletter corresponding to the virtual SIM card.

圖3中的專屬化應用資訊包括用戶申請的專屬化應用的列表,也包括用戶申請的各種專屬化應用的資訊與資料。所述專屬化應用可包括移動通訊的計費方案,也可包括來電答鈴、股票交易、電子商務與STK功能等服務。例 如股票交易的專屬化應用資訊可包括用戶持有的股票與其數量。電子商務的專屬化應用資訊可包括用戶的電話、位址與購買記錄。STK功能的專屬化應用資訊可包括STK功能在功能模組13其中的路徑。 The dedicated application information in Figure 3 includes a list of exclusive applications applied by the user, as well as information and materials of various customized applications applied by the user. The dedicated application may include a charging scheme for mobile communication, and may also include services such as call answering, stock trading, e-commerce, and STK functions. example For example, the exclusive application information of a stock transaction may include the number of shares held by the user and its quantity. The exclusive application information of e-commerce can include the user's phone number, address and purchase record. The dedicated application information of the STK function may include the path of the STK function in the function module 13.

所述帳號認證模組12與移動網路10、帳號資料庫11、功能模組13以及Internet 3通訊連接。所述帳號認證模組12透過與移動用戶管理模組104通訊連接實現與移動網路10的通訊連接。 The account authentication module 12 is communicatively coupled to the mobile network 10, the account database 11, the function module 13, and the Internet 3. The account authentication module 12 implements a communication connection with the mobile network 10 by communicating with the mobile user management module 104.

所述帳號認證模組12用於在接收到移動設備2的帳號認證資訊時,與帳號資料庫11通訊,判斷所述移動設備2是否通過帳號認證。並在所述移動設備2通過帳號認證時,將所述帳號認證資訊中的帳號所綁定的虛擬SIM卡的認證資訊傳輸到移動網路10做身份認證。具體的,所述帳號認證模組12將虛擬SIM卡的認證資訊傳輸到移動網路10的移動用戶管理模組104做身份認證。 The account authentication module 12 is configured to communicate with the account database 11 when receiving the account authentication information of the mobile device 2, and determine whether the mobile device 2 passes the account authentication. And when the mobile device 2 passes the account authentication, the authentication information of the virtual SIM card bound to the account in the account authentication information is transmitted to the mobile network 10 for identity authentication. Specifically, the account authentication module 12 transmits the authentication information of the virtual SIM card to the mobile user management module 104 of the mobile network 10 for identity authentication.

所述帳號認證模組12還用於在接收到移動設備2發送的與帳號或SIM卡相關的請求(例如修改帳號密碼、修改虛擬SIM卡資訊、修改專屬化應用資訊、或使用專屬化應用等)時,調用帳號資料庫11以及功能模組13處理所述請求,並回饋處理結果。 The account authentication module 12 is further configured to receive a request related to an account or a SIM card sent by the mobile device 2 (for example, modifying an account password, modifying a virtual SIM card information, modifying a dedicated application information, or using a dedicated application, etc.) When the account database 11 and the function module 13 are called, the request is processed and the processing result is fed back.

所述功能模組13用於儲存各個專屬化應用的程式碼及資料,並可被帳號認證模組12調用以處理與專屬化應用相關的用戶資料,並將處理結果回饋給所述帳號認證模組12。 The function module 13 is configured to store the code and data of each dedicated application, and can be called by the account authentication module 12 to process user data related to the dedicated application, and feed the processing result back to the account authentication mode. Group 12.

在本實施例中,所述帳號資料庫11、帳號認證模組12以及功能模組13位於同一伺服器上,該伺服器與移動網路10的移動用戶管理模組104通訊相連,同時也與Internet 3通訊連接。所述帳號資料庫11、帳號認證模組12以及功能模組13也可位於不同的伺服器上。 In this embodiment, the account database 11, the account authentication module 12, and the function module 13 are located on the same server, and the server is connected to the mobile user management module 104 of the mobile network 10, and also Internet 3 communication connection. The account database 11, the account authentication module 12, and the function module 13 can also be located on different servers.

參閱圖4所示,是本發明實現雲端身份認證的方法的較佳實施例的流程圖。本實施例中,根據不同的需求,圖4所示的流程圖中的步驟的執行順序可以改變,某些步驟可以省略。 Referring to FIG. 4, it is a flowchart of a preferred embodiment of a method for implementing cloud identity authentication according to the present invention. In this embodiment, the execution order of the steps in the flowchart shown in FIG. 4 may be changed according to different requirements, and some steps may be omitted.

當移動設備2與移動網路10通訊連接時,步驟S401,移動網路10向移動設備2發送身份認證的請求。具體的,當移動設備2透過通訊裝置21與移動網路10的基站101通訊連接時,移動網路10的控制模組102透過基站101向移動設備2發送身份認證的請求。 When the mobile device 2 is in communication with the mobile network 10, the mobile network 10 sends a request for identity authentication to the mobile device 2 in step S401. Specifically, when the mobile device 2 is in communication connection with the base station 101 of the mobile network 10 via the communication device 21, the control module 102 of the mobile network 10 transmits a request for identity authentication to the mobile device 2 through the base station 101.

步驟S402,移動設備2將帳號認證資訊發送到移動網路10。當收到移動網路10的身份認證請求時,所述移動設備2提示用戶輸入帳號及密碼,透過輸入裝置24接收用戶輸入的帳號及密碼,並透過處理器22生成帳號認證資訊。所述帳號認證資訊至少包含用戶輸入的帳戶及密碼。所述帳號認證資訊還可以包含特定識別碼,例如在該類帳號認證資訊的頭部添加字元“UserIdentify”的字元作為識別碼。 In step S402, the mobile device 2 sends the account authentication information to the mobile network 10. When receiving the identity authentication request of the mobile network 10, the mobile device 2 prompts the user to input an account number and a password, receives the account and password input by the user through the input device 24, and generates account authentication information through the processor 22. The account authentication information includes at least an account and a password input by the user. The account authentication information may further include a specific identification code, for example, a character of the character “UserIdentify” is added as an identifier in the header of the account authentication information.

本實施例中,所述帳號認證資訊中的帳號及密碼是經過加密處理的。每個帳號的加密方式可以相同也可以不同。若所有帳號都以一種固定的加密方式(例如MD5)進行加密。則在所述移動設備2上登錄不同帳號時,所述移動設備2發送的帳號認證資訊中的帳號及密碼都以該固定的加密方式(例如MD5)進行加密。若每個帳號都有獨有的加密方式。則在所述移動設備2上登錄不同帳號時,所述移動設備2發送的帳號認證資訊中的帳號及密碼都以各帳號獨有的加密方式進行加密。例如,在移動設備2上登錄帳號A時,移動設備2發送的帳號認證資訊中的帳號及密碼以第一加密方式加密。在移動設備2上登錄帳號B時,移動設備2發送的帳號認證資訊中的帳號及密碼以第二加密方式加密。在其他實施例中,所述帳號認證資訊中的帳號及密碼也可以是未加密的帳號及密碼。 In this embodiment, the account and password in the account authentication information are encrypted. The encryption method for each account can be the same or different. If all accounts are encrypted with a fixed encryption method (such as MD5). When the mobile device 2 logs in to different accounts, the account and password in the account authentication information sent by the mobile device 2 are encrypted in the fixed encryption mode (for example, MD5). If each account has a unique encryption method. When the mobile device 2 logs in to different accounts, the account and password in the account authentication information sent by the mobile device 2 are encrypted in an encryption manner unique to each account. For example, when the account A is logged in on the mobile device 2, the account and password in the account authentication information sent by the mobile device 2 are encrypted in the first encryption mode. When the account B is logged in on the mobile device 2, the account and password in the account authentication information sent by the mobile device 2 are encrypted in the second encryption mode. In other embodiments, the account and password in the account authentication information may also be an unencrypted account and password.

需要說明的是,若所述帳號認證資訊中的帳號及密碼是經過加密處理的,則在移動設備2上登錄帳號時,用戶需要確保所述移動設備2能夠以預設的加密方式進行加密。若每個帳號的加密方式都是一固定的加密方式(例如MD5),則儲存裝置23中需要儲存著能實現該加密方式的程式。若每個帳號都有獨有的加密方式,則儲存裝置23中需要儲存著能夠實現即將登錄的帳號所獨有的加密方式的程式。 It should be noted that, if the account and the password in the account authentication information are encrypted, when the mobile device 2 logs in the account, the user needs to ensure that the mobile device 2 can perform encryption in a preset encryption manner. If the encryption method of each account is a fixed encryption method (for example, MD5), the storage device 23 needs to store a program that can implement the encryption method. If each account has a unique encryption method, the storage device 23 needs to store a program that can implement an encryption method unique to the account to be logged in.

步驟S403,當移動網路10接收到移動設備2發送的帳號認證資訊時,移動網路10將接收到的帳號認證資訊傳輸到帳號認證模組12。 Step S403, when the mobile network 10 receives the account authentication information sent by the mobile device 2, the mobile network 10 transmits the received account authentication information to the account authentication module 12.

在本實施例中,所述移動網路10將移動設備2的帳號認證資訊直接傳輸給帳號認證模組12。具體的,當基站101接收到移動設備2發送的帳號認證資訊時,移動網路10控制基站101將移動設備2的帳號認證資訊透過控制模組102以及移動用戶管理模組104傳輸到帳號認證模組12。在其他實施例中,所述移動網路10也可透過Internet 3將移動設備2的帳號認證資訊傳輸到帳號認證模組12。具體的,當基站101接收到移動設備2發送的帳號認證資訊時,移動網路10控制基站101將移動設備2的帳號認證資訊透過傳輸模組103以及Internet 3傳輸到帳號認證模組12。 In this embodiment, the mobile network 10 directly transmits the account authentication information of the mobile device 2 to the account authentication module 12. Specifically, when the base station 101 receives the account authentication information sent by the mobile device 2, the mobile network 10 controls the base station 101 to transmit the account authentication information of the mobile device 2 to the account authentication mode through the control module 102 and the mobile user management module 104. Group 12. In other embodiments, the mobile network 10 can also transmit the account authentication information of the mobile device 2 to the account authentication module 12 via the Internet 3. Specifically, when the base station 101 receives the account authentication information sent by the mobile device 2, the mobile network 10 controls the base station 101 to transmit the account authentication information of the mobile device 2 to the account authentication module 12 through the transmission module 103 and the Internet 3.

步驟S404,當帳號認證模組12接收到移動設備2發送的帳號認證資訊後,所述帳號認證模組12判斷該移動設備2是否通過帳號認證。若移動設備2未通過帳號認證,則執行步驟S405;若移動設備2通過帳號認證,則執行步驟S406。 Step S404, after the account authentication module 12 receives the account authentication information sent by the mobile device 2, the account authentication module 12 determines whether the mobile device 2 passes the account authentication. If the mobile device 2 fails to pass the account authentication, step S405 is performed; if the mobile device 2 passes the account authentication, step S406 is performed.

所述帳號認證模組12與帳號資料庫11通訊連接。若移動設備2發送的帳號認證資訊中的帳號及密碼與帳號資料庫11中的帳號及密碼一致,則帳號認證模組12判斷該移動設備2通過帳號認證。 The account authentication module 12 is communicatively coupled to the account database 11. If the account and password in the account authentication information sent by the mobile device 2 are the same as the account and password in the account database 11, the account authentication module 12 determines that the mobile device 2 passes the account authentication.

需要說明的是,若帳號認證資訊中的帳號及密碼是以一固定的加密方式或者以各帳戶獨有的加密方式加密後的帳號及密碼,則對應的帳號資料庫11中儲存的帳號及密碼也是以該固定的加密方式或者各帳號獨有的加密方式加密後的帳號及密碼。若帳號認證資訊中的帳號及密碼是未加密的帳號及密碼,則帳號資料庫11中儲存的也是未加密的帳號及密碼。 It should be noted that, if the account and password in the account authentication information are a fixed encryption method or an account and password encrypted by the encryption method unique to each account, the account and password stored in the corresponding account database 11 It is also an account and password encrypted by the fixed encryption method or the encryption method unique to each account. If the account and password in the account authentication information are unencrypted accounts and passwords, the account database 11 stores the unencrypted account and password.

若移動設備2未通過帳號認證,步驟S405,帳號認證模組12將帳號認證失敗的消息透過移動網路10發送給移動設備2,返回步驟S402,重新輸入帳號。當移動設備2未通過帳號認證時,所述帳號認證模組12還記錄帳號認證資訊中的帳號連續認證失敗的次數,並在所述帳號連續認證失敗超過預設的次數(例如五次)時,鎖定該帳號。所述帳號認證模組12透過修改帳號資料庫11中的資料鎖定該帳號。用戶不能使用已經鎖定的帳號。用戶需要向運營商申請才可解鎖該帳號。 If the mobile device 2 fails to pass the account authentication, in step S405, the account authentication module 12 transmits the message of the account authentication failure to the mobile device 2 via the mobile network 10, and returns to step S402 to re-enter the account. When the mobile device 2 fails to pass the account authentication, the account authentication module 12 also records the number of consecutive authentication failures of the account in the account authentication information, and when the continuous authentication failure of the account exceeds a preset number of times (for example, five times) , lock the account. The account authentication module 12 locks the account by modifying the data in the account database 11. Users cannot use an account that is already locked. Users need to apply to the operator to unlock the account.

若移動設備2通過帳號認證,步驟S406,帳號認證模組12將所述帳號認證資訊中的帳號所綁定的虛擬SIM卡的認證資訊發送到移動網路10以做身份認證,執行步驟S407。具體的,所述帳號認證模組12將帳號認證資訊中的帳號所綁定的虛擬SIM卡的認證資訊發送到移動網路10的移動用戶管理模組104,以驗證虛擬SIM卡的身份。需要說明的是,當所述帳號認證資訊中的帳號綁定著不止一個虛擬SIM卡時,所述帳號認證模組12發送的認證資訊可以是該帳號所綁定的所有虛擬SIM卡的認證資訊,也可以是該帳號所綁定的一個或複數虛擬SIM卡的認證資訊。 If the mobile device 2 is authenticated by the account, in step S406, the account authentication module 12 sends the authentication information of the virtual SIM card bound to the account in the account authentication information to the mobile network 10 for identity authentication, and step S407 is performed. Specifically, the account authentication module 12 sends the authentication information of the virtual SIM card bound to the account in the account authentication information to the mobile user management module 104 of the mobile network 10 to verify the identity of the virtual SIM card. It should be noted that, when the account in the account authentication information is bound to more than one virtual SIM card, the authentication information sent by the account authentication module 12 may be the authentication information of all virtual SIM cards bound to the account. It can also be the authentication information of one or multiple virtual SIM cards bound to the account.

在本實施例中,若移動設備2所發送的帳號認證資訊中的帳號綁定著不止一個虛擬SIM卡,所述帳號認證模組12會將該帳戶所綁定的所有虛擬SIM卡的認證資訊都發送到移動網路10的移動用戶管理模組104,以進行身份認證。 In this embodiment, if the account in the account authentication information sent by the mobile device 2 is bound with more than one virtual SIM card, the account authentication module 12 will authenticate the authentication information of all the virtual SIM cards bound to the account. Both are sent to the mobile subscriber management module 104 of the mobile network 10 for identity authentication.

在另一個實施例中,若移動設備2所發送的帳號認證資訊中的帳號綁定著不止一個虛擬SIM卡,所述帳號認證模組12會將該帳號綁定的虛擬SIM卡的清單透過移動網路10發送到移動設備2,以供移動設備2的用戶進行選擇。當用戶選擇一個或複數虛擬SIM卡時,移動設備2將用戶選擇的結果透過移動網路10傳輸給帳號認證模組12。帳號認證模組12在接收到用戶選擇的一個或複數虛擬SIM卡時,將用戶選擇的一個或複數虛擬SIM卡的認證資訊發送到移動網路10的移動用戶管理模組104以進行身份認證。 In another embodiment, if the account in the account authentication information sent by the mobile device 2 is bound to more than one virtual SIM card, the account authentication module 12 moves the list of virtual SIM cards bound to the account through the mobile device. The network 10 is sent to the mobile device 2 for selection by the user of the mobile device 2. When the user selects one or more virtual SIM cards, the mobile device 2 transmits the result of the user selection to the account authentication module 12 via the mobile network 10. When receiving one or multiple virtual SIM cards selected by the user, the account authentication module 12 transmits the authentication information of one or more virtual SIM cards selected by the user to the mobile user management module 104 of the mobile network 10 for identity authentication.

例如帳號資料庫11中帳號A綁定著兩個虛擬SIM卡:SIM卡1和SIM卡2,當移動設備2發送的帳號及密碼與帳號A的帳號及密碼相同時,帳號認證模組12將SIM卡1與SIM卡2的資訊(例如電話號碼)透過移動網路10發送到移動設備2,供移動設備2的用戶選擇。用戶可以選擇SIM卡1或SIM卡2。用戶也可以同時選擇SIM卡1和SIM卡2。 For example, the account A in the account database 11 is bound to two virtual SIM cards: SIM card 1 and SIM card 2. When the account and password sent by the mobile device 2 are the same as the account and password of the account A, the account authentication module 12 will The information of the SIM card 1 and the SIM card 2 (for example, a telephone number) is transmitted to the mobile device 2 via the mobile network 10 for selection by the user of the mobile device 2. The user can select SIM card 1 or SIM card 2. The user can also select SIM card 1 and SIM card 2 at the same time.

若用戶選擇的是SIM卡2,移動設備2將用戶選擇的結果透過移動網路10傳輸到帳號認證模組12。帳號認證模組12將SIM卡2的認證資訊發送到移動網路10的移動用戶管理模組104以進行身份認證。 If the user selects the SIM card 2, the mobile device 2 transmits the result of the user selection to the account authentication module 12 via the mobile network 10. The account authentication module 12 transmits the authentication information of the SIM card 2 to the mobile user management module 104 of the mobile network 10 for identity authentication.

步驟S407,移動網路10根據接收的虛擬SIM卡的認證資訊判斷移動設備2是否通過身份認證。若移動設備2未通過身份認證,則執行步驟S408;若移動設備2通過身份認證,則執行步驟S409。具體的,所述移動網路10的移動用戶管理模組104判斷接收到的虛擬SIM卡是否通過身份認證。 Step S407, the mobile network 10 determines, according to the authentication information of the received virtual SIM card, whether the mobile device 2 passes the identity authentication. If the mobile device 2 does not pass the identity authentication, step S408 is performed; if the mobile device 2 passes the identity authentication, step S409 is performed. Specifically, the mobile user management module 104 of the mobile network 10 determines whether the received virtual SIM card passes the identity authentication.

本實施例中,當移動設備2所發送的帳號認證資訊中的帳號綁定著不止一個虛擬SIM卡時,所述帳號認證模組12會將該帳號所綁定的所有虛擬SIM卡的認證資訊都發送到移動網路10做身份認證。若其中有至少一個虛擬SIM卡通過身份認證,則移動網路10判斷移動設備2通過身份認證,執行步驟S409。 若該帳號所綁定的所有虛擬SIM卡都未通過身份認證,則移動網路10判斷移動設備2未通過身份認證,執行步驟S408。 In this embodiment, when the account in the account authentication information sent by the mobile device 2 is bound with more than one virtual SIM card, the account authentication module 12 will authenticate the authentication information of all the virtual SIM cards bound to the account. Both are sent to the mobile network 10 for identity authentication. If at least one of the virtual SIM cards passes the identity authentication, the mobile network 10 determines that the mobile device 2 passes the identity authentication, and performs step S409. If all the virtual SIM cards bound to the account are not authenticated, the mobile network 10 determines that the mobile device 2 has not passed the identity authentication, and performs step S408.

在另一個實施例中,當移動設備2所發送的帳號認證資訊中的帳號綁定著不止一個虛擬SIM卡時,且所述帳號認證模組12提醒用戶選擇一個或複數虛擬SIM卡做身份認證時,若該一個或複數虛擬SIM卡其中至少有一個通過身份認證,則移動網路10判斷移動設備2通過身份認證,執行步驟S409。若該一個或複數虛擬SIM卡均未通過身份認證,則移動網路10會提示用戶選擇其他虛擬SIM卡重新做身份認證。若該帳號綁定的所有虛擬SIM卡都未通過身份認證時,移動網路10判斷移動設備2未通過身份認證,執行步驟S408。 In another embodiment, when the account in the account authentication information sent by the mobile device 2 is bound with more than one virtual SIM card, the account authentication module 12 prompts the user to select one or multiple virtual SIM cards for identity authentication. If at least one of the one or more virtual SIM cards passes the identity authentication, the mobile network 10 determines that the mobile device 2 passes the identity authentication, and performs step S409. If the one or more virtual SIM cards are not authenticated, the mobile network 10 prompts the user to select another virtual SIM card to re-authenticate. If all the virtual SIM cards bound to the account are not authenticated, the mobile network 10 determines that the mobile device 2 has not passed the identity authentication, and performs step S408.

當移動設備2未通過身份認證時,步驟S408,移動網路10將身份認證失敗的資訊發送給移動設備2,返回步驟S402,重新輸入帳號。 When the mobile device 2 fails the identity authentication, in step S408, the mobile network 10 transmits the information of the identity authentication failure to the mobile device 2, and returns to step S402 to re-enter the account.

當移動設備2通過身份認證時,步驟S409,移動網路10將通過身份認證的虛擬SIM卡的資訊發送給移動設備2,執行步驟S410。例如SIM卡3通過身份認證或者SIM卡1和SIM卡3都通過身份認證。 When the mobile device 2 passes the identity authentication, in step S409, the mobile network 10 transmits the information of the virtual SIM card authenticated by the identity to the mobile device 2, and step S410 is performed. For example, the SIM card 3 passes the identity authentication or both the SIM card 1 and the SIM card 3 pass the identity authentication.

步驟S410,移動設備2透過通訊裝置21獲取通過身份認證的虛擬SIM卡的配置資訊,並根據獲取的配置資訊更新移動設備2的儲存裝置23中的配置資訊,流程結束。 In step S410, the mobile device 2 acquires the configuration information of the virtual SIM card that has passed the identity authentication through the communication device 21, and updates the configuration information in the storage device 23 of the mobile device 2 according to the acquired configuration information, and the process ends.

具體的,當所述移動設備2通過身份認證後,所述移動網路10還將通過認證的虛擬SIM卡的資訊發送到帳號認證模組12,所述帳號認證模組12自動從帳號資料庫11中獲取通過身份認證的虛擬SIM卡的配置資訊,並將所述配置資訊透過移動網路10回饋給移動設備2,或將所述配置資訊透過Internet 3以及移動網路10回饋給移動設備2。所述移動設備2透過通訊裝置21獲取通過身份認證的虛擬SIM卡的配置資訊,並根據獲取的配置資訊更新移動設備2的儲存裝置23中的配置資訊。所述配置資訊可來自圖3的虛擬SIM卡資訊與專屬化應用資 訊。也就是說,所述配置資訊可以是所述的虛擬SIM卡資訊與專屬化應用信息的一個子集(subset)。 Specifically, after the mobile device 2 passes the identity authentication, the mobile network 10 sends the information of the authenticated virtual SIM card to the account authentication module 12, and the account authentication module 12 automatically obtains the account database. Obtaining the configuration information of the authenticated virtual SIM card in 11 and feeding back the configuration information to the mobile device 2 through the mobile network 10, or feeding the configuration information to the mobile device 2 through the Internet 3 and the mobile network 10 . The mobile device 2 acquires the configuration information of the virtual SIM card that is authenticated by the communication device 21, and updates the configuration information in the storage device 23 of the mobile device 2 according to the acquired configuration information. The configuration information may be obtained from the virtual SIM card information and the dedicated application resource of FIG. News. That is, the configuration information may be a subset of the virtual SIM card information and the dedicated application information.

例如用戶在移動設備m上登錄了帳號A,並刪除了其綁定的虛擬SIM卡1的連絡人S。當用戶在移動設備n上登錄帳號A且通過身份認證時,移動設備n自動獲取通過身份驗證的虛擬SIM卡的配置資訊,其中包括虛擬SIM卡1的電話簿(不包含連絡人S)。移動設備n更新其儲存裝置中的配置資訊,例如更新電話簿。 For example, the user logs in the account A on the mobile device m and deletes the contact person S of the virtual SIM card 1 to which it is bound. When the user logs in to the account A on the mobile device n and passes the identity authentication, the mobile device n automatically acquires the configuration information of the authenticated virtual SIM card, including the phone book of the virtual SIM card 1 (excluding the contact person S). The mobile device n updates the configuration information in its storage device, such as updating the phone book.

參閱圖5所示,是本發明實現雲端身份認證的方法的較佳實施例的用戶資料的處理過程的流程圖。本實施例中,根據不同的需求,圖5所示的流程圖中的步驟的執行順序可以改變,某些步驟可以省略。 Referring to FIG. 5, it is a flowchart of a process of processing user data of a preferred embodiment of the method for implementing cloud identity authentication according to the present invention. In this embodiment, the execution order of the steps in the flowchart shown in FIG. 5 may be changed according to different requirements, and some steps may be omitted.

當移動設備2通過身份認證後,步驟S501,移動設備2根據用戶的操作生成用戶資料,並將所述用戶資料發送到移動網路10。所述移動設備2透過輸入裝置24接收用戶的操作,透過處理器22生成用戶資料。所述用戶資料可以是打電話、發短信以及上網等請求,也可以是與帳號及SIM卡相關的請求,例如修改帳號密碼、修改虛擬SIM卡資訊、修改專屬化應用資訊、或使用專屬化應用等請求。 After the mobile device 2 passes the identity authentication, in step S501, the mobile device 2 generates a user profile according to the user's operation, and transmits the user profile to the mobile network 10. The mobile device 2 receives the user's operation through the input device 24, and generates the user profile through the processor 22. The user profile may be a request for making a call, sending a text message, or accessing the Internet, or may be a request related to an account number and a SIM card, such as modifying an account password, modifying a virtual SIM card information, modifying a dedicated application information, or using an exclusiveization. Application and other requests.

當收到移動設備2發送的用戶資料後,步驟S502,移動網路10判斷該用戶資料是不是與帳號及SIM卡相關的請求。若所述用戶資料不是與帳號及SIM卡相關的請求,則執行步驟S503;若所述用戶資料是與帳號及SIM卡相關的請求,則執行步驟S505。 After receiving the user profile sent by the mobile device 2, in step S502, the mobile network 10 determines whether the user profile is a request related to the account number and the SIM card. If the user profile is not a request related to the account and the SIM card, step S503 is performed; if the user profile is a request related to the account and the SIM card, step S505 is performed.

當所述用戶資料不是與帳號及SIM卡相關的請求時,步驟S503,移動網路10將用戶資料發送到Internet 3,執行步驟S504。具體的,移動網路10將用戶資料發送到Internet 3上的相關伺服器進行處理。 When the user profile is not a request related to the account and the SIM card, in step S503, the mobile network 10 transmits the user profile to the Internet 3, and step S504 is performed. Specifically, the mobile network 10 sends the user profile to the relevant server on the Internet 3 for processing.

步驟S504,Internet 3將處理結果回饋給移動網路10,執行步驟S507。具體的,Internet 3上的相關伺服器根據用戶資料進行處理,並將處理結果透過Internet 3回饋給移動網路10。 In step S504, the Internet 3 returns the processing result to the mobile network 10, and performs step S507. Specifically, the related server on the Internet 3 processes the data according to the user data, and feeds the processing result to the mobile network 10 through the Internet 3.

當所述用戶資料是與帳號及SIM卡相關的請求時,步驟S505,移動網路10將所述用戶資料發送到帳號認證模組12,執行步驟S506。 When the user profile is a request related to the account and the SIM card, in step S505, the mobile network 10 sends the user profile to the account authentication module 12, and step S506 is performed.

步驟S506,帳號認證模組12調用帳號資料庫11以及功能模組13處理所述用戶資料,並將處理結果回饋給移動網路10。 In step S506, the account authentication module 12 calls the account database 11 and the function module 13 to process the user data, and returns the processing result to the mobile network 10.

具體的,所述帳號認證模組12判斷所述用戶資料是不是與專屬化應用相關的請求。若所述用戶資料不是與專屬化應用相關的請求(例如修改帳號密碼或修改虛擬SIM卡資訊等),則所述帳號認證模組12調用帳號資料庫11處理所述用戶資料。若所述用戶資料是與專屬化應用相關的請求,則所述帳號認證模組12透過所述帳號資料庫11獲取該專屬化應用的資訊,調用功能模組13依據所述用戶資料和所述專屬化應用資訊進行處理,然後帳號認證模組12從所述功能模組13獲取處理結果。 Specifically, the account authentication module 12 determines whether the user profile is a request related to a dedicated application. If the user profile is not a request related to the dedicated application (for example, modifying the account password or modifying the virtual SIM card information, etc.), the account authentication module 12 calls the account database 11 to process the user profile. If the user profile is a request related to the dedicated application, the account authentication module 12 obtains the information of the dedicated application through the account database 11, and the calling function module 13 according to the user profile and the The application information is processed and the account authentication module 12 obtains the processing result from the function module 13.

步驟S507,移動網路10將處理結果回饋給移動設備2。 In step S507, the mobile network 10 feeds back the processing result to the mobile device 2.

最後所應說明的是,以上實施例僅用以說明本發明的技術方案而非限制,本領域的普通技術人員應當理解,可以對本發明的技術方案進行修改或等同替換,而不脫離本發明技術方案的精神和範圍。 It should be noted that the above embodiments are only used to illustrate the technical solutions of the present invention and are not intended to be limiting, and those skilled in the art should understand that the technical solutions of the present invention may be modified or equivalently substituted without departing from the techniques of the present invention. The spirit and scope of the programme.

1‧‧‧實現雲端身份認證的網路系統 1‧‧‧Network system for cloud identity authentication

10‧‧‧移動網路 10‧‧‧Mobile network

101‧‧‧基站 101‧‧‧ base station

102‧‧‧控制模組 102‧‧‧Control Module

103‧‧‧傳輸模組 103‧‧‧Transmission module

104‧‧‧移動用戶管理模組 104‧‧‧Mobile User Management Module

11‧‧‧帳號資料庫 11‧‧‧ Account Database

12‧‧‧帳號認證模組 12‧‧‧Account Authentication Module

13‧‧‧功能模組 13‧‧‧ functional modules

2‧‧‧移動設備 2‧‧‧Mobile devices

21‧‧‧通訊裝置 21‧‧‧Communication device

22‧‧‧處理器 22‧‧‧ Processor

23‧‧‧儲存裝置 23‧‧‧Storage device

24‧‧‧輸入裝置 24‧‧‧ Input device

3‧‧‧Internet 3‧‧‧Internet

Claims (15)

一種實現雲端身份認證的網路系統,該網路系統包括移動網路,該網路系統還包括:帳號資料庫,用於儲存用戶申請的帳號的資訊以及各帳號所綁定的至少一個虛擬SIM卡的各種資訊;帳號認證模組,用於透過移動網路接收移動設備發送的帳號認證資訊,並根據接收的帳號認證資訊以及帳號資料庫判斷所述移動設備是否通過帳號認證;所述帳號認證模組,還用於當所述移動設備通過帳號認證時,將所述移動設備發送的帳號認證資訊中的帳號所綁定的虛擬SIM卡的認證資訊發送到所述移動網路;所述移動網路,用於根據接收到的虛擬SIM卡的認證資訊判斷所述移動設備是否通過身份認證,其中,當所述帳號認證模組將該帳號所綁定的所有虛擬SIM卡的認證資訊發送給所述移動網路,當所述帳號綁定的所有虛擬SIM卡中有至少一個通過身份認證時,則移動網路判斷所述移動設備通過身份認證;所述移動網路,還用於當所述移動設備通過身份認證時,將認證成功的虛擬SIM卡的資訊回饋給所述移動設備;及所述帳號認證模組,還用於在所述移動設備通過身份認證後,從所述帳號資料庫中獲取通過身份認證的虛擬SIM卡的配置資訊,並將所述配置資訊回饋給移動設備,所述移動設備根據獲取的配置資訊更新儲存的配置資訊。 A network system for implementing cloud identity authentication, the network system includes a mobile network, the network system further includes: an account database for storing information of an account applied by the user and at least one virtual SIM bound to each account The card authentication information is used to receive the account authentication information sent by the mobile device through the mobile network, and determine whether the mobile device passes the account authentication according to the received account authentication information and the account database; the account authentication The module is further configured to: when the mobile device passes the account authentication, send, to the mobile network, authentication information of the virtual SIM card bound by the account in the account authentication information sent by the mobile device; a network, configured to determine, according to the authentication information of the received virtual SIM card, whether the mobile device passes the identity authentication, where the account authentication module sends the authentication information of all the virtual SIM cards bound to the account to the The mobile network, when at least one of all virtual SIM cards bound to the account is authenticated by the identity, the mobile network judges The mobile device is authenticated by the identity; the mobile network is further configured to: when the mobile device passes the identity authentication, feed back information of the successfully authenticated virtual SIM card to the mobile device; and the account authentication module And obtaining, after the mobile device is authenticated by the identity, the configuration information of the virtual SIM card that is authenticated by the identity is obtained from the account database, and the configuration information is fed back to the mobile device, where the mobile device obtains The configuration information updates the stored configuration information. 如申請專利範圍第1項所述的實現雲端身份認證的網路系統,所述實現雲端身份認證的網路系統還包括: 功能模組,用於儲存各個專屬化應用的程式碼及資料,並在所述移動設備發送的用戶資料是與專屬化應用相關的請求時,從所述帳號認證模組接收該用戶資料,並將處理結果回饋給所述帳號認證模組。 The network system for implementing cloud identity authentication, as described in claim 1, wherein the network system for implementing cloud identity authentication further includes: a function module, configured to store code and data of each dedicated application, and receive the user data from the account authentication module when the user data sent by the mobile device is a request related to the dedicated application, and The processing result is fed back to the account authentication module. 如申請專利範圍第1項所述的實現雲端身份認證的網路系統,當所述帳號認證信息中的帳號綁定不止一個虛擬SIM卡時,所述帳號認證模組將該帳號所綁定的虛擬SIM卡的清單發送到移動設備,以供移動設備的用戶進行選擇,所述帳號認證模組在收到移動設備的用戶選擇的一個或複數虛擬SIM卡時,將所述一個或複數虛擬SIM卡的認證資訊發送到所述移動網路,當所述一個或複數虛擬SIM卡中有至少一個通過身份認證時,則移動網路判斷所述移動設備通過身份認證。 The network system for implementing cloud identity authentication according to claim 1, wherein when the account in the account authentication information is bound to more than one virtual SIM card, the account authentication module is bound to the account. The list of virtual SIM cards is sent to the mobile device for selection by the user of the mobile device, and the account authentication module receives the one or more virtual SIMs upon receiving one or multiple virtual SIM cards selected by the user of the mobile device The authentication information of the card is sent to the mobile network. When at least one of the one or more virtual SIM cards is authenticated by the identity, the mobile network determines that the mobile device passes the identity authentication. 如申請專利範圍第1項所述的實現雲端身份認證的網路系統,所述帳號認證資訊包含帳號及密碼,所述帳號及密碼以固定的加密方式進行加密或者以該帳號獨有的加密方式進行加密。 The network system for implementing cloud identity authentication according to claim 1, wherein the account authentication information includes an account number and a password, and the account and password are encrypted in a fixed encryption manner or are encrypted by the account. Encrypt. 如申請專利範圍第1項所述的實現雲端身份認證的網路系統,所述帳號認證模組還用於在所述移動設備未通過帳號認證時,將帳號認證失敗的消息透過所述移動網路傳輸給移動設備。 The network authentication system for implementing cloud identity authentication according to claim 1, wherein the account authentication module is further configured to: when the mobile device fails to pass the account authentication, send a message that the account authentication fails to the mobile network. The road is transmitted to the mobile device. 如申請專利範圍第1至5任一項所述的實現雲端身份認證的網路系統,所述移動設備不包含SIM卡。 The network system for implementing cloud identity authentication according to any one of claims 1 to 5, wherein the mobile device does not include a SIM card. 一種實現雲端身份認證的方法,該方法包括:移動網路接收到移動設備發送的帳號認證資訊,並將所述帳號認證資訊傳輸到帳號認證模組;所述帳號認證模組根據所述帳號認證資訊以及帳號資料庫判斷所述移動設備是否通過帳號認證,所述帳號資料庫中儲存著用戶申請的帳號的資訊以及各帳號所綁定的至少一個虛擬SIM卡的各種資訊; 當所述移動設備通過帳號認證時,所述帳號認證模組將所述移動設備發送的帳號認證資訊中的帳號所綁定的虛擬SIM卡的認證資訊發送到所述移動網路做身份認證;所述移動網路根據接收到的虛擬SIM卡的認證資訊判斷所述移動設備是否通過身份認證,其中,當將該帳號所綁定的所有虛擬SIM卡的認證資訊發送給所述移動網路,當所述帳號綁定的所有虛擬SIM卡中有至少一個通過身份認證時,則移動網路判斷所述移動設備通過身份認證;當所述移動設備通過身份認證時,所述移動網路將認證成功的虛擬SIM卡的資訊回饋給所述移動設備;及在所述移動設備通過身份認證後,從所述帳號資料庫中獲取通過身份認證的虛擬SIM卡的配置資訊,並將所述配置資訊回饋給移動設備,所述移動設備根據獲取的配置資訊更新儲存的配置資訊。 A method for implementing cloud identity authentication, the method comprising: receiving, by a mobile network, account authentication information sent by a mobile device, and transmitting the account authentication information to an account authentication module; the account authentication module is authenticated according to the account The information and the account database determine whether the mobile device is authenticated by the account, and the account database stores information about the account applied by the user and various information of at least one virtual SIM card bound to each account; When the mobile device is authenticated by the account, the account authentication module sends the authentication information of the virtual SIM card bound to the account in the account authentication information sent by the mobile device to the mobile network for identity authentication; Determining, by the mobile network, whether the mobile device passes the identity authentication according to the authentication information of the received virtual SIM card, where the authentication information of all the virtual SIM cards bound to the account is sent to the mobile network, When at least one of all virtual SIM cards bound by the account is authenticated, the mobile network determines that the mobile device passes identity authentication; when the mobile device passes identity authentication, the mobile network authenticates The information of the successful virtual SIM card is fed back to the mobile device; and after the mobile device passes the identity authentication, the configuration information of the virtual SIM card authenticated by the identity is obtained from the account database, and the configuration information is obtained. The device is fed back to the mobile device, and the mobile device updates the stored configuration information according to the acquired configuration information. 如申請專利範圍第7項所述的實現雲端身份認證的方法,該方法還包括:當移動網路接收到所述移動設備發送的用戶資料時,所述移動網路判斷該用戶資料是不是與帳號及SIM卡相關的請求;當所述用戶資料是與帳號及SIM卡相關的請求時,將該用戶資料發送到帳號認證模組;所述帳號認證模組調用帳號資料庫處理所述用戶資料,並將處理結果回饋給移動網路;及所述移動網路將所述處理結果回饋給移動設備。 The method for implementing cloud identity authentication according to claim 7, wherein the method further comprises: when the mobile network receives the user profile sent by the mobile device, the mobile network determines whether the user profile is The account and the SIM card related request; when the user profile is a request related to the account and the SIM card, the user profile is sent to the account authentication module; the account authentication module calls the account database to process the user profile And feeding back the processing result to the mobile network; and the mobile network returns the processing result to the mobile device. 如申請專利範圍第7項所述的實現雲端身份認證的方法,該方法還包括:當所述帳號認證資訊中的帳號綁定不止一個虛擬SIM卡時,所述帳號 認證模組將該帳號所綁定的虛擬SIM卡的清單發送到移動設備,以供移動設備的用戶進行選擇,所述帳號認證模組在收到移動設備的用戶選擇的一個或複數虛擬SIM卡時,將所述一個或複數虛擬SIM卡的認證資訊發送到所述移動網路,當所述一個或複數虛擬SIM卡中有至少一個通過身份認證時,則移動網路判斷所述移動設備通過身份認證。 The method for implementing cloud identity authentication according to claim 7, wherein the method further includes: when the account in the account authentication information is bound to more than one virtual SIM card, the account is The authentication module sends the list of virtual SIM cards bound to the account to the mobile device for selection by the user of the mobile device, and the account authentication module receives one or multiple virtual SIM cards selected by the user of the mobile device. Sending, by the mobile network, the authentication information of the one or more virtual SIM cards to the mobile network, and when at least one of the one or more virtual SIM cards is authenticated by the identity, the mobile network determines that the mobile device passes the Authentication. 如申請專利範圍第7項所述的實現雲端身份認證的方法,所述帳號認證資訊包含帳號及密碼,所述帳號及密碼以固定的加密方式進行加密或者以該帳號獨有的加密方式進行加密。 The method for implementing cloud identity authentication according to claim 7, wherein the account authentication information includes an account number and a password, and the account and password are encrypted in a fixed encryption manner or encrypted by using an encryption method unique to the account. . 如申請專利範圍第7項所述的實現雲端身份認證的方法,該方法還包括:當所述移動設備未通過帳號認證時,將帳號認證失敗的消息透過所述移動網路傳輸給移動設備。 The method for implementing cloud identity authentication according to claim 7, wherein the method further comprises: when the mobile device fails to pass the account authentication, transmitting a message that the account authentication fails to the mobile device by using the mobile network. 如申請專利範圍第7至11任一項所述的實現雲端身份認證的方法,所述移動設備不包含SIM卡。 The method for implementing cloud identity authentication according to any one of claims 7 to 11, wherein the mobile device does not include a SIM card. 一種實現雲端身份認證的移動設備,該移動設備包括:用於進行通訊的通訊裝置;用於儲存虛擬SIM卡的配置資訊的儲存裝置;用於實現雲端身份認證的處理器,所述處理器執行下述步驟:當透過通訊裝置接收到身份認證請求時,根據用戶輸入的帳號及密碼生成帳號認證資訊,所述帳號綁定至少一個虛擬SIM卡;發送該帳號認證資訊以進行帳號認證及進行根據該帳號綁定的至少一個虛擬SIM卡的身份認證,其中,當所述帳號綁定的所有虛擬SIM卡中有至少一個通過身份認證時,則移動網路判斷所述移動設備通過身份認證; 當通過身份認證時,接收通過身份認證的虛擬SIM卡的資訊;及所述移動設備在通過身份認證後,還透過通訊裝置獲取通過身份認證的虛擬SIM卡的配置資訊,並根據獲取的配置資訊更新所述儲存裝置中的配置資訊。 A mobile device for implementing cloud identity authentication, the mobile device comprising: a communication device for performing communication; a storage device for storing configuration information of the virtual SIM card; a processor for implementing cloud identity authentication, the processor executing The following steps are: when receiving the identity authentication request through the communication device, generating account authentication information according to the account and password input by the user, the account is bound to at least one virtual SIM card; sending the account authentication information for account authentication and performing the An identity authentication of the at least one virtual SIM card to which the account is bound, wherein when at least one of all the virtual SIM cards bound to the account is authenticated by the identity, the mobile network determines that the mobile device passes the identity authentication; Receiving information of the virtual SIM card that passes the identity authentication when the identity is authenticated; and after the identity authentication, the mobile device obtains configuration information of the virtual SIM card that is authenticated by the communication device, and according to the obtained configuration information. Updating configuration information in the storage device. 如申請專利範圍第13項所述的實現雲端身份認證的移動設備,所述帳號認證資訊包括帳號及密碼,所述帳號及密碼可以以固定的加密方式進行加密也可以以該帳號獨有的加密方式進行加密。 The mobile device for implementing cloud identity authentication according to claim 13, wherein the account authentication information includes an account number and a password, and the account and password may be encrypted by a fixed encryption method or may be encrypted by the account uniquely. The way to encrypt. 如申請專利範圍第13至14任一項所述的實現雲端身份認證的移動設備,所述移動設備不包含SIM卡。 The mobile device implementing cloud identity authentication according to any one of claims 13 to 14, wherein the mobile device does not include a SIM card.
TW104127064A 2015-08-12 2015-08-19 A network system, method and mobile device based on remote user authentication TWI598762B (en)

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201510493323.3A CN106454820A (en) 2015-08-12 2015-08-12 Network system and method for realizing cloud-end identity authentication and mobile device

Publications (2)

Publication Number Publication Date
TW201706893A TW201706893A (en) 2017-02-16
TWI598762B true TWI598762B (en) 2017-09-11

Family

ID=58092594

Family Applications (1)

Application Number Title Priority Date Filing Date
TW104127064A TWI598762B (en) 2015-08-12 2015-08-19 A network system, method and mobile device based on remote user authentication

Country Status (2)

Country Link
CN (1) CN106454820A (en)
TW (1) TWI598762B (en)

Families Citing this family (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108769978A (en) * 2018-04-13 2018-11-06 深圳市优克联新技术有限公司 SIM card management server, binding device, management method, binding method and system
CN111510917B (en) * 2020-04-10 2023-03-14 中国联合网络通信集团有限公司 Network access method and device for virtual USIM
CN111918264B (en) * 2020-08-18 2023-08-18 中国银行股份有限公司 Service menu display method and device
CN112968866B (en) * 2021-01-28 2021-10-01 北京芯盾时代科技有限公司 Method, device and system for binding user account information and user identity information
CN113922989A (en) * 2021-09-16 2022-01-11 深圳市领科物联网科技有限公司 SOC (System on chip), network communication module and identity authentication method

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
FR2809907B1 (en) * 2000-05-30 2002-08-30 Cit Alcatel METHOD AND DEVICE FOR LOCKING AN OPERATION USING TWO IDENTIFIERS
CN103428696B (en) * 2012-05-22 2017-04-19 中兴通讯股份有限公司 Virtual SIM card achieving method and system and relevant device
CN104254069B (en) * 2013-06-25 2019-05-21 深圳富泰宏精密工业有限公司 Network registry system and method without SIM card mobile phone
CN104640244A (en) * 2015-02-10 2015-05-20 苏州海博智能系统有限公司 Wireless communication device and system

Also Published As

Publication number Publication date
CN106454820A (en) 2017-02-22
TW201706893A (en) 2017-02-16

Similar Documents

Publication Publication Date Title
CN110800331B (en) Network verification method, related equipment and system
US10348721B2 (en) User authentication
JP4880699B2 (en) Method, system, and apparatus for protecting a service account
TWI598762B (en) A network system, method and mobile device based on remote user authentication
US9331993B2 (en) Authentication server and communication device
EP3433994B1 (en) Methods and apparatus for sim-based authentication of non-sim devices
US9107072B2 (en) Seamless mobile subscriber identification
CN101473670A (en) Method and system for controlling access to networks
KR20100086013A (en) System and method for authenticating a context transfer
KR20150111687A (en) Apparatus and method for authentication in wireless communication system
US10390226B1 (en) Mobile identification method based on SIM card and device-related parameters
KR20130109322A (en) Apparatus and method to enable a user authentication in a communication system
US11165768B2 (en) Technique for connecting to a service
US11930557B2 (en) Subscriber identity profile design and generation request from outside of a secure wireless communication network and the profile provided to a partner wireless device for use thereby in obtaining wireless services via the wireless communication network
CN105681258A (en) Session method and session device based on third-party server
US10887754B2 (en) Method of registering a mobile terminal in a mobile communication network
US20160044487A1 (en) Network access method and apparatus, and network system
US20200107183A1 (en) Technique for administrating a subscription to an administrator
JP2019186922A (en) Automatic activation and on-board of connected device
CN106487776B (en) Method, network entity and system for protecting machine type communication equipment
JP2021158551A (en) Information processing device, information processing program, and information processing method
US20210120411A1 (en) Method for obtaining a profile for access to a telecommunications network
WO2022270228A1 (en) Device and method for providing communication service for accessing ip network, and program therefor
US11968531B2 (en) Token, particularly OTP, based authentication system and method
EP3651489A1 (en) Method for authenticating a secure element cooperating with a terminal, corresponding applet, system and server