WO2013007139A1 - Authentication method and home location register - Google Patents

Authentication method and home location register Download PDF

Info

Publication number
WO2013007139A1
WO2013007139A1 PCT/CN2012/076466 CN2012076466W WO2013007139A1 WO 2013007139 A1 WO2013007139 A1 WO 2013007139A1 CN 2012076466 W CN2012076466 W CN 2012076466W WO 2013007139 A1 WO2013007139 A1 WO 2013007139A1
Authority
WO
WIPO (PCT)
Prior art keywords
count
count value
authentication
location register
home location
Prior art date
Application number
PCT/CN2012/076466
Other languages
French (fr)
Chinese (zh)
Inventor
张志华
王振
曹小飞
张强
Original Assignee
中兴通讯股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 中兴通讯股份有限公司 filed Critical 中兴通讯股份有限公司
Publication of WO2013007139A1 publication Critical patent/WO2013007139A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication

Definitions

  • the present invention relates to mobile communications, and more particularly to an authentication method and a home location register.
  • the CDMA2000 system also has the ability to authenticate users.
  • three checksums need to be performed: one is the Authentication Confirmation Parameter (RANDC), and the other is the authentication response parameter ( The Authentication Response Parameter (AUTHR for short), and the third is the Call History Count (COUNT). Only when all three checks pass, the mobile station is allowed to access.
  • RANDC's test In order to verify whether the random number used by the mobile station authentication is generated by the switch (that is, the system that the mobile station is ready to access), the AUTHR check is based on the shared secret data (SSD) of the network side. The result calculated by the CAVE algorithm with the Authentication Challenge Parameter (RANDU) is consistent with that reported by the mobile station.
  • SSD shared secret data
  • COUNT check is an effective means of identifying whether there is a copy or fake mobile station in the network (that is, a "clone” mobile station made by illegal means), so the COUNT check is also called “clone”. Detection.
  • COUNT is a 0-63 number, the complete clone terminal is no different
  • the legal terminal has the correct COUNT value and is accumulating with each call service, so that when the COUNT of the terminal is found to be inconsistent with the system, it can be judged as an illegal terminal and rejected, preventing the "clone” machine from accessing the network. Calling the service to achieve the effect of identifying legitimate users.
  • the COUNT authentication process is performed when the PAL authentication is successful when the mobile station initiates the call access, and the network side triggers the COUNT update to achieve the effect of adding the COUNT value saved by the mobile station and the HLR device, so that it is "clone". Machine user, COUNT authentication at this time Failure will not trigger a COUNT update.
  • FIG. 1 depicts the COUNT authentication and COUNT update process, including:
  • the mobile station initiates a call, and the BSC sends a call request message to the MSC/VLR, where the message carries RANDC, AUTHR and COU T for authentication.
  • the MSC/VLR sends an authentication request message to the HLR, requesting the HLR to perform authentication processing, where the message carries RAND, AUTHR, and COU T for authentication.
  • the HLR After receiving the authentication request message, the HLR performs an authentication process, including COUNT authentication and triggers a COUNT update.
  • the HLR returns an authentication response message to the MSC/VLR, carrying a flag requiring a COUNT update.
  • the MSC/VLR saves the flag that needs to perform the COUNT update, and first sends the assignment request message to the BSC, instructing the BSC to establish a traffic channel.
  • the BSC completes establishing a traffic channel, and returns an assignment completion message to the MSC/VLR.
  • the MSC/VLR determines that the service channel is established, and performs a COUNT update flag according to the previously saved needs, and sends a COUNT parameter update request message to the BSC.
  • the BSC informs the mobile station to perform COUNT update, and the mobile station COUNT value is heavy. After 1 returns the response to the BSC.
  • the BSC receives the response from the mobile station and sends a parameter update confirmation message to the MSC/VLR.
  • the MSC/VLR sends an authentication status report request message to the HLR, carrying the COUNT update result.
  • the HLR After receiving the authentication status report request message, the HLR saves the COUNT value of the HLR in the HLR according to the COUNT update result carried in the HLR.
  • FIG. 2 depicts the flow chart of the MSC/VLR downtime in the COUNT update process, including:
  • the mobile station initiates a call, and the BSC sends a call request message to the MSC/VLR, where the message carries RANDC, AUTHR and COU T for authentication.
  • the MSC/VLR sends an authentication request to the HLR, requesting the HLR to perform an authentication process, where the message carries RAND, AUTHR, and COU T for authentication.
  • the HLR After receiving the authentication request message, the HLR performs an authentication process, including COUNT authentication and triggering a COUNT update.
  • the HLR returns an authentication response message to the MSC/VLR, carrying a flag that needs to perform a COUNT update.
  • the MSC/VLR saves the flag that needs to perform COUNT update, and first sends an assignment request message to the BSC, instructing the BSC to establish a traffic channel.
  • the BSC completes establishing a traffic channel, and returns an assignment completion message to the MSC/VLR.
  • the MSC/VLR determines that the service channel is established, and performs a COUNT update flag according to the previously saved needs, and sends a COUNT parameter update request message to the BSC.
  • the BSC notifies the mobile station to perform COUNT update, and the mobile station COUNT value is heavy. After 1 returns the response to the BSC.
  • the BSC receives the response from the mobile station and sends a parameter update confirmation message to the MSC/VLR.
  • the parameter update confirmation message cannot be passed to the HLR due to a MSC/VLR downtime or a broken link with the HLR.
  • the MSC/VLR recovers, but at this time, the COUNT saved by the terminal is inconsistent with the record in the HLR, and the terminal will not be able to perform call service because the COUNT authentication fails.
  • Summary of the invention The technical problem to be solved by the present invention is to provide an authentication method and a home location register, which solves the problem that the existing MSC/VLR is down, and the COUNT value of the network side and the terminal side are inconsistent, resulting in the terminal being unable to access.
  • an authentication method including:
  • the above method may further have the following feature: determining, according to the following formula, whether the number of calls indicated by the COUNT value in the authentication request is greater than the number of calls indicated by the COUNT value in the home location register:
  • the COUNT value in the authentication request (COUNT value + X in the home location register) mod ( N+1 ); wherein, X is an accumulated value of the call history call count every time a call occurs, the N is The maximum value of the call history counter.
  • the above method may further have the following features, the method further comprising: when the COUNT value in the authentication request indicates that the number of calls is more than the number of calls indicated by the COUNT value in the home location register, The home location register also updates the local COUNT value to the COUNT value in the authentication request.
  • the above method may further have the following feature, the method further comprising: when the COUNT value in the authentication request is equal to the COUNT value in the home location register, determining that the COUNT authentication passes.
  • the invention also provides a home location register, comprising an authentication unit, wherein:
  • the authentication unit is configured to: when receiving an authentication request carrying a historical call count (COUNT) value, when the number of calls indicated by the COUNT value in the authentication request is greater than the COUNT value in the home location register When the number of calls is more than one, the COUNT authentication is judged to pass.
  • COUNT historical call count
  • the home location register may further have the following feature
  • the authentication unit is configured to: determine, according to the following formula, whether the number of calls indicated by the COUNT value in the authentication request is greater than a COUNT value in the home location register More calls per call:
  • the COUNT value in the authentication request (COUNT value + X in the home location register) mod ( N+1 ); wherein X is the accumulated value of the call history count for each call history, and the N is the call history.
  • the maximum value of the counter is configured to: determine, according to the following formula, whether the number of calls indicated by the COUNT value in the authentication request is greater than a COUNT value in the home location register More calls per call:
  • the COUNT value in the authentication request (COUNT value + X in the home location register) mod ( N+1 ); wherein X is the accumulated value of the call history count for each call history, and the N is the call history.
  • the maximum value of the counter is configured to: determine, according to the following formula, whether the number of calls indicated by the CO
  • the home location register may further have the following feature, the home location register further includes an updating unit, configured to: when the COUNT value in the authentication request indicates the number of calls is greater than the COUNT value in the home location register When the number of indicated calls is more than one, the local COUNT value is updated to the COUNT value in the authentication request.
  • the home location register further includes an updating unit, configured to: when the COUNT value in the authentication request indicates the number of calls is greater than the COUNT value in the home location register When the number of indicated calls is more than one, the local COUNT value is updated to the COUNT value in the authentication request.
  • the home location register may further have the following feature
  • the authentication unit is further configured to: when the COUNT value in the authentication request is equal to the COUNT value in the home location register, determine that the COUNT authentication is passed .
  • Figure 1 is a flow chart of COUNT authentication and COUNT update
  • Figure 2 is a flow chart of the MSC/VLR downtime in the COUNT update process
  • FIG. 3 is an improved COUNT authentication flow chart
  • Figure 4 is a simplified COUNT authentication flow chart after MSC/VLR downtime recovery
  • FIG. 5 is a block diagram of a home location register in accordance with an embodiment of the present invention. Preferred embodiment of the invention
  • COUNT value of the terminal COUNT value in HLR
  • the COUNT value of the terminal ( COUNT value + X in HLR) mod (N+1)
  • X is the accumulated value of the call history call count every time a call occurs
  • An embodiment of the present invention provides an authentication method, including:
  • the COUNT value in the authentication request ( COUNT value + X in the home location register) mod ( N+1 ) ;
  • the X is an accumulated value of a call history call count every time a call occurs
  • the N is a maximum value of a call history counter.
  • the method further includes: when the number of calls indicated by the COUNT value in the authentication request is greater than the number of calls indicated by the COUNT value in the home location register, the home location register further updates the local COUNT The value is the COUNT value in the authentication request.
  • FIG. 3 is a flow chart of an improved COUNT authentication proposed by the present invention.
  • the mobile station initiates a call, and the BSC sends a call request message to the MSC/VLR, where the message carries RANDC, AUTHR and COU T for authentication.
  • the MSC/VLR sends an authentication request message to the HLR, requesting the HLR to perform authentication processing, where the message carries RAND, AUTHR, and COU T for authentication.
  • the HLR returns an authentication response message to the MSC/VLR, carrying a flag requiring a COUNT update.
  • the MSC/VLR saves the flag that needs to perform the COUNT update, and first sends the assignment request message to the BSC, instructing the BSC to establish a traffic channel.
  • the BSC completes establishing a traffic channel, and returns an assignment completion message to the MSC/VLR.
  • FIG. 4 is a flow chart of the authentication of the improved COUNT authentication proposed by the present invention after the MSC/VLR is recovered.
  • the mobile station initiates a call, and the BSC sends a call request message to the MSC/VLR, where the message carries RANDC, AUTHR and COU T for authentication.
  • the MSC/VLR sends an authentication request message to the HLR, requesting the HLR to perform authentication processing, where the message carries RAND, AUTHR, and COU T for authentication.
  • the HLR returns an authentication response message to the MSC/VLR, carrying a flag that needs to perform a COUNT update.
  • the MSC/VLR saves the flag that needs to perform the COUNT update, and first sends the assignment request to cancel.
  • the information is given to the BSC, instructing the BSC to establish a traffic channel.
  • the BSC completes establishing a traffic channel, and returns an assignment completion message to the MSC/VLR.
  • the MSC/VLR determines that the service channel is established, and performs a COUNT update flag according to the previously saved needs, and sends a COUNT update parameter update request message to the BSC.
  • the BSC informs the mobile station to perform COUNT update, and the mobile station COUNT value is heavy. After 1 returns the response to the BSC.
  • the BSC receives the response from the mobile station and sends a parameter update confirmation message to the MSC/VLR.
  • the parameter update confirmation message cannot be forwarded to the HLR due to a link between the MSC/VLR and the link between the HLR and the HLR.
  • the mobile station initiates the call again, and the BSC sends a call request message to the MSC/VLR, where the message carries RANDC, AUTHR and COU T for authentication.
  • the MSC/VLR sends an authentication request message to the HLR, requesting the HLR to perform authentication processing, where the message carries RAND, AUTHR, and COU T for authentication.
  • the HLR returns an authentication response message to the MSC/VLR, carrying a flag that needs to perform a COUNT update.
  • the MSC/VLR saves the flag that needs to perform the COUNT update, and first sends the assignment request message to the BSC, instructing the BSC to establish a traffic channel.
  • the BSC completes establishing the traffic channel and returns an assignment completion message to the MSC/VLR.
  • the present invention further provides a home location register, as shown in FIG. 5, including an authentication unit, where: the authentication unit is configured to: when receiving an authentication request carrying a historical call count (COUNT) value, when When the number of calls indicated by the COUNT value in the authentication request is more than the number of calls indicated by the COUNT value in the home location register, the COUNT authentication is judged to pass.
  • the home location register may further include an updating unit, configured to update the local time when the number of calls indicated by the COUNT value in the authentication request is greater than the number of calls indicated by the COUNT value in the home location register
  • the COUNT value is the COUNT value in the authentication request.
  • the X is an accumulated value of a call history count every time a call is generated
  • the N is a maximum value of a call history counter.
  • the authentication unit is further configured to: when the COUNT value in the authentication request is equal to the COUNT value in the home location register, determine that the COUNT authentication passes.
  • the embodiment of the present invention introduces a method for solving the COUNT inconsistency between the terminal and the HLR in the CDMA2000 system, and is also applicable to systems such as WCDMA and TD-SCDMA.
  • the improvement of the COUNT authentication method solves the problem that a large number of legitimate terminals cannot perform call service after the MSC/VLR is recovered.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

An authentication method, including: when receiving an authentication request carrying a call history count (COUNT) value and if the number of calls indicated by the COUNT value in the authentication request is one more call than the number of calls indicated by the COUNT value in a home location register, the home location register judging that the COUNT authentication is passed.Also provided is a home location register.The problem that, when the MSC/VLR has failed, the terminal cannot gain access due to the inconsistency of the COUNT values of the network side and the terminal side can be solved.

Description

一种鉴权方法和归属位置寄存器  An authentication method and home location register
技术领域 Technical field
本发明涉及移动通信, 尤其涉及一种鉴权方法和归属位置寄存器。  The present invention relates to mobile communications, and more particularly to an authentication method and a home location register.
背景技术 Background technique
为检测和防止移动通信中的盗打、 盗用等各种非法使用移动通信资源和 业务的现象, 保证网络安全和保障电信运营者及用户的正当权益, 移动用户 鉴权是一种行之有效的方法, 它的引入和使用是数字移动通信优越于模拟移 动通信的一个重要方面。  In order to detect and prevent all kinds of illegal use of mobile communication resources and services such as theft and theft in mobile communication, to ensure network security and protect the legitimate rights and interests of telecom operators and users, mobile user authentication is effective. The method, its introduction and use is an important aspect of digital mobile communication superior to analog mobile communication.
目前 CDMA2000系统中也具有对用户进行鉴权的能力,在网络中需要执 行三项校验: 一是校验鉴权确认参数 (Authentication Confirmation Parameter , 简称 RANDC),二是校验鉴权响应参数( Authentication Response Parameter, 简 称 AUTHR ) , 三是校验呼叫历史计数 (Call History Count, 简称 COUNT ) , 只有三项校验均通过, 才允许移动台接入。 RANDC 的检验为了验证移动台 鉴权所用的随机数是否为本交换机(即移动台准备接入的系统)所产生的, AUTHR校验则是网络侧根据共享加密数据 (Shared Secret Data, 简称 SSD )与 鉴权随机数 (Authentication Challenge Parameter, 简称 RANDU)使用 CAVE算 法计算得到的结果与移动台上报的是否一致。这里要特别介绍 COUNT校验, 它是识别网络中是否有仿制或伪冒移动台(即釆用非法手段制作的"克隆"移 动台)的一种有效手段, 所以 COUNT校验也称"克隆"检测。 假如一部手机被 "克隆,,, 那么只要真手机和"克隆"机都在网上使用, 两机所提供的 COUNT 值 (COUNT是一个 0-63的数字,完全克隆终端无其他不同)总归会有不同,合 法终端具有正确 COUNT值并且随着每次呼叫业务而在不断累加, 这样当发 现终端的 COUNT与系统不一致即可判断出为非法终端而拒绝, 防止了 "克 隆" 机接入网络进行呼叫业务, 达到识别合法用户的效果。  At present, the CDMA2000 system also has the ability to authenticate users. In the network, three checksums need to be performed: one is the Authentication Confirmation Parameter (RANDC), and the other is the authentication response parameter ( The Authentication Response Parameter (AUTHR for short), and the third is the Call History Count (COUNT). Only when all three checks pass, the mobile station is allowed to access. RANDC's test In order to verify whether the random number used by the mobile station authentication is generated by the switch (that is, the system that the mobile station is ready to access), the AUTHR check is based on the shared secret data (SSD) of the network side. The result calculated by the CAVE algorithm with the Authentication Challenge Parameter (RANDU) is consistent with that reported by the mobile station. Here we must introduce the COUNT check, which is an effective means of identifying whether there is a copy or fake mobile station in the network (that is, a "clone" mobile station made by illegal means), so the COUNT check is also called "clone". Detection. If a mobile phone is "cloned, then, as long as the real mobile phone and the "clone" machine are used online, the COUNT value provided by the two machines (COUNT is a 0-63 number, the complete clone terminal is no different) Differently, the legal terminal has the correct COUNT value and is accumulating with each call service, so that when the COUNT of the terminal is found to be inconsistent with the system, it can be judged as an illegal terminal and rejected, preventing the "clone" machine from accessing the network. Calling the service to achieve the effect of identifying legitimate users.
CDMA2000 系统中 COUNT鉴权的过程为移动台发起呼叫接入时进行 COUNT鉴权成功后, 网络侧触发 COUNT更新以达到移动台与 HLR设备保 存的 COUNT值都加一效果, 如此时为 "克隆" 机用户, 此时 COUNT鉴权 失败则不会触发 COUNT更新。 In the CDMA2000 system, the COUNT authentication process is performed when the PAL authentication is successful when the mobile station initiates the call access, and the network side triggers the COUNT update to achieve the effect of adding the COUNT value saved by the mobile station and the HLR device, so that it is "clone". Machine user, COUNT authentication at this time Failure will not trigger a COUNT update.
图 1描述了 COUNT鉴权与 COUNT更新流程, 包括:  Figure 1 depicts the COUNT authentication and COUNT update process, including:
101 : 移动台发起呼叫, BSC发送起呼请求消息给 MSC/VLR, 消息中携 带用于鉴权的 RANDC、 AUTHR和 COU T。  101: The mobile station initiates a call, and the BSC sends a call request message to the MSC/VLR, where the message carries RANDC, AUTHR and COU T for authentication.
102: MSC/VLR发送鉴权请求消息给 HLR, 请求 HLR进行鉴权处理, 消息中携带用于鉴权的 RAND、 AUTHR和 COU T。  102: The MSC/VLR sends an authentication request message to the HLR, requesting the HLR to perform authentication processing, where the message carries RAND, AUTHR, and COU T for authentication.
103: HLR接收到鉴权请求消息后, 进行鉴权处理, 包括 COUNT鉴权并 触发 COUNT更新。  103: After receiving the authentication request message, the HLR performs an authentication process, including COUNT authentication and triggers a COUNT update.
104: HLR返回鉴权响应消息给 MSC/VLR, 携带需要进行 COUNT更新 的标志。  104: The HLR returns an authentication response message to the MSC/VLR, carrying a flag requiring a COUNT update.
105: MSC/VLR保存需要进行 COUNT更新的标志, 先下发指配请求消 息给 BSC, 指示 BSC建立业务信道。  105: The MSC/VLR saves the flag that needs to perform the COUNT update, and first sends the assignment request message to the BSC, instructing the BSC to establish a traffic channel.
106: BSC完成建立业务信道, 返回指配完成消息给 MSC/VLR。  106: The BSC completes establishing a traffic channel, and returns an assignment completion message to the MSC/VLR.
107 : MSC/VLR 判断业务信道建立完成, 根据之前保存的需要进行 COUNT更新的标志, 下发 COUNT参数更新请求消息给 BSC。  107: The MSC/VLR determines that the service channel is established, and performs a COUNT update flag according to the previously saved needs, and sends a COUNT parameter update request message to the BSC.
108: BSC通知移动台进行 COUNT更新, 移动台 COUNT值累力。 1后返 回响应给 BSC。  108: The BSC informs the mobile station to perform COUNT update, and the mobile station COUNT value is heavy. After 1 returns the response to the BSC.
109: BSC接收到移动台的响应, 向 MSC/VLR发送参数更新确认消息。 109: The BSC receives the response from the mobile station and sends a parameter update confirmation message to the MSC/VLR.
110: MSC/VLR发送鉴权状态报告请求消息给 HLR, 携带 COUNT更新 结果。 110: The MSC/VLR sends an authentication status report request message to the HLR, carrying the COUNT update result.
111 : HLR收到鉴权状态报告请求消息后,根据其中携带的 COUNT更新 结果, 如更新成功, 则将移动台保存在 HLR的 COUNT值累加 1。  111: After receiving the authentication status report request message, the HLR saves the COUNT value of the HLR in the HLR according to the COUNT update result carried in the HLR.
112 : HLR 完成 COUNT 值累加后, 返回鉴权状态报告响应消息给 MSC/VLR。  112: After the HLR completes the COUNT value accumulation, it returns an authentication status report response message to the MSC/VLR.
在进行 COUNT更新的过程中, 如出现 MSC/VLR发生宕机、 与 HLR之 间链路中断等原因,会出现终端中 COUNT值已经累加一而 HLR设备中保存 的用户 COUNT未累加, 两者不一致, 在 MSC/VLR恢复后这些终端将一直 因为 COUNT鉴权失败而无法进行呼叫业务。 由于终端每次进行呼叫业务均 进行 COUNT更新, 所以因以上问题导致无法使用的终端将是一个很大的数 量, 故此必须要解决这个问题才能真正的使用 COUNT来识别合法或克隆用 户。 In the process of performing COUNT update, if there is a MSC/VLR downtime, a link interruption with the HLR, etc., the COUNT value in the terminal has been accumulated and the user COUNT saved in the HLR device is not accumulated, and the two are inconsistent. These terminals will always be after MSC/VLR recovery Call service cannot be performed because COUNT authentication failed. Since the terminal performs COUNT update every time the call service is performed, the terminal that cannot be used due to the above problem will be a large number, so this problem must be solved in order to truly use COUNT to identify a legitimate or cloned user.
图 2描述了 COUNT更新流程中发生 MSC/VLR宕机流程图, 包括: Figure 2 depicts the flow chart of the MSC/VLR downtime in the COUNT update process, including:
201 : 移动台发起呼叫, BSC发送起呼请求消息给 MSC/VLR, 消息中携 带用于鉴权的 RANDC、 AUTHR和 COU T。 201: The mobile station initiates a call, and the BSC sends a call request message to the MSC/VLR, where the message carries RANDC, AUTHR and COU T for authentication.
202: MSC/VLR发送鉴权请求给 HLR, 请求 HLR进行鉴权处理, 消息 中携带用于鉴权的 RAND、 AUTHR和 COU T。  202: The MSC/VLR sends an authentication request to the HLR, requesting the HLR to perform an authentication process, where the message carries RAND, AUTHR, and COU T for authentication.
203: HLR接收到鉴权请求消息后, 进行鉴权处理, 包括 COUNT鉴权并 触发 COUNT更新。  203: After receiving the authentication request message, the HLR performs an authentication process, including COUNT authentication and triggering a COUNT update.
204: HLR返回鉴权响应消息给 MSC/VLR, 携带需要进行 COUNT更新 的标志。  204: The HLR returns an authentication response message to the MSC/VLR, carrying a flag that needs to perform a COUNT update.
205: MSC/VLR保存需要进行 COUNT更新的标志, 先下发指配请求消 息给 BSC, 指示 BSC建立业务信道。  205: The MSC/VLR saves the flag that needs to perform COUNT update, and first sends an assignment request message to the BSC, instructing the BSC to establish a traffic channel.
206: BSC完成建立业务信道, 返回指配完成消息给 MSC/VLR。  206: The BSC completes establishing a traffic channel, and returns an assignment completion message to the MSC/VLR.
207 : MSC/VLR 判断业务信道建立完成, 根据之前保存的需要进行 COUNT更新的标志, 下发 COUNT参数更新请求消息给 BSC。  207: The MSC/VLR determines that the service channel is established, and performs a COUNT update flag according to the previously saved needs, and sends a COUNT parameter update request message to the BSC.
208: BSC通知移动台进行 COUNT更新, 移动台 COUNT值累力。 1后返 回响应给 BSC。  208: The BSC notifies the mobile station to perform COUNT update, and the mobile station COUNT value is heavy. After 1 returns the response to the BSC.
209: BSC接收到移动台的响应, 向 MSC/VLR发送参数更新确认消息。 209: The BSC receives the response from the mobile station and sends a parameter update confirmation message to the MSC/VLR.
210: 由于 MSC/VLR发生宕机、 或与 HLR之间链路中断, 无法将参数 更新确认信息传递到 HLR。 210: The parameter update confirmation message cannot be passed to the HLR due to a MSC/VLR downtime or a broken link with the HLR.
211 : MSC/VLR恢复, 但此时终端保存的 COUNT与 HLR中记录的不一 致, 终端将一直因为 COUNT鉴权失败而无法进行呼叫业务。 发明内容 本发明要解决的技术问题是提供一种鉴权方法和归属位置寄存器, 解决 现有 MSC/VLR发生宕机, 网络侧与终端侧的 COUNT值不一致导致终端无 法接入的问题。 211: The MSC/VLR recovers, but at this time, the COUNT saved by the terminal is inconsistent with the record in the HLR, and the terminal will not be able to perform call service because the COUNT authentication fails. Summary of the invention The technical problem to be solved by the present invention is to provide an authentication method and a home location register, which solves the problem that the existing MSC/VLR is down, and the COUNT value of the network side and the terminal side are inconsistent, resulting in the terminal being unable to access.
为了解决上述问题, 本发明提供了一种鉴权方法, 包括:  In order to solve the above problems, the present invention provides an authentication method, including:
归属位置寄存器接收到携带历史呼叫计数 ( COUNT )值的鉴权请求时, 当所述鉴权请求中的 COUNT值指示的呼叫数比所述归属位置寄存器中的 COUNT值指示的呼叫数多一次时, 判断 COUNT鉴权通过。  When the home location register receives the authentication request carrying the historical call count (COUNT) value, when the number of calls indicated by the COUNT value in the authentication request is more than the number of calls indicated by the COUNT value in the home location register , judge COUNT authentication passed.
优选地, 上述方法还可具有以下特点, 根据下式判断所述鉴权请求中的 COUNT值指示的呼叫数是否比所述归属位置寄存器中的 COUNT值指示的 呼叫数多一次:  Preferably, the above method may further have the following feature: determining, according to the following formula, whether the number of calls indicated by the COUNT value in the authentication request is greater than the number of calls indicated by the COUNT value in the home location register:
所述鉴权请求中的 COUNT值 = (归属位置寄存器中 COUNT值 + X ) mod ( N+1 ) ; 其中, 所述 X是每发生一次呼叫时呼叫历史呼叫计数的累加 值, 所述 N为呼叫历史计数器的最大值。  The COUNT value in the authentication request = (COUNT value + X in the home location register) mod ( N+1 ); wherein, X is an accumulated value of the call history call count every time a call occurs, the N is The maximum value of the call history counter.
优选地, 上述方法还可具有以下特点, 所述 X=l。  Preferably, the above method may also have the following characteristics, wherein X=l.
优选地, 上述方法还可具有以下特点, 所述方法还包括, 当所述鉴权请 求中的 COUNT值指示的呼叫数比所述归属位置寄存器中的 COUNT值指示 的呼叫数多一次时, 所述归属位置寄存器还更新本地的 COUNT值为所述鉴 权请求中的 COUNT值。  Preferably, the above method may further have the following features, the method further comprising: when the COUNT value in the authentication request indicates that the number of calls is more than the number of calls indicated by the COUNT value in the home location register, The home location register also updates the local COUNT value to the COUNT value in the authentication request.
优选地, 上述方法还可具有以下特点, 所述方法还包括, 当所述鉴权请 求中的 COUNT 值与所述归属位置寄存器中的 COUNT 值相等时, 判断 COUNT鉴权通过。  Preferably, the above method may further have the following feature, the method further comprising: when the COUNT value in the authentication request is equal to the COUNT value in the home location register, determining that the COUNT authentication passes.
本发明还提供一种归属位置寄存器, 包括鉴权单元, 其中:  The invention also provides a home location register, comprising an authentication unit, wherein:
所述鉴权单元设置为: 接收到携带历史呼叫计数 ( COUNT )值的鉴权请 求时, 当所述鉴权请求中的 COUNT值指示的呼叫数比所述归属位置寄存器 中的 COUNT值指示的呼叫数多一次时, 判断 COUNT鉴权通过。  The authentication unit is configured to: when receiving an authentication request carrying a historical call count (COUNT) value, when the number of calls indicated by the COUNT value in the authentication request is greater than the COUNT value in the home location register When the number of calls is more than one, the COUNT authentication is judged to pass.
优选地, 上述归属位置寄存器还可具有以下特点, 所述鉴权单元设置为: 根据下式判断所述鉴权请求中的 COUNT值指示的呼叫数是否比所述归属位 置寄存器中的 COUNT值指示的呼叫数多一次: 所述鉴权请求中的 COUNT值 = (归属位置寄存器中 COUNT值 + X ) mod ( N+1 ) ; 其中, 所述 X是每产生一次呼叫历史呼叫计数的累加值, 所 述 N为呼叫历史计数器的最大值。 Preferably, the home location register may further have the following feature, the authentication unit is configured to: determine, according to the following formula, whether the number of calls indicated by the COUNT value in the authentication request is greater than a COUNT value in the home location register More calls per call: The COUNT value in the authentication request = (COUNT value + X in the home location register) mod ( N+1 ); wherein X is the accumulated value of the call history count for each call history, and the N is the call history. The maximum value of the counter.
优选地, 上述归属位置寄存器还可具有以下特点, 所述 X=l。  Preferably, the home location register may further have the following characteristics, where X=l.
优选地, 上述归属位置寄存器还可具有以下特点, 所述归属位置寄存器 还包括更新单元, 设置为: 当所述鉴权请求中的 COUNT值指示的呼叫数比 所述归属位置寄存器中的 COUNT值指示的呼叫数多一次时, 更新本地的 COUNT值为所述鉴权请求中的 COUNT值。  Preferably, the home location register may further have the following feature, the home location register further includes an updating unit, configured to: when the COUNT value in the authentication request indicates the number of calls is greater than the COUNT value in the home location register When the number of indicated calls is more than one, the local COUNT value is updated to the COUNT value in the authentication request.
优选地, 上述归属位置寄存器还可具有以下特点, 所述鉴权单元还设置 为: 当所述鉴权请求中的 COUNT值与所述归属位置寄存器中的 COUNT值 相等时, 判断 COUNT鉴权通过。  Preferably, the home location register may further have the following feature, the authentication unit is further configured to: when the COUNT value in the authentication request is equal to the COUNT value in the home location register, determine that the COUNT authentication is passed .
本发明实施例提供的方法, 在鉴权请求中的 COUNT值指示的呼叫数比 HLR中的 COUNT值指示的呼叫数多一次时, COUNT鉴权通过, 从而解决 MSC/VLR宕机情况下 COUNT不一致而导致合法用户无法进行呼叫业务的问 题。 附图概述  In the method provided by the embodiment of the present invention, when the number of calls indicated by the COUNT value in the authentication request is more than the number of calls indicated by the COUNT value in the HLR, the COUNT authentication is passed, thereby solving the COUNT inconsistency in the case of the MSC/VLR downtime. The problem that legitimate users cannot make call services. BRIEF abstract
图 1是 COUNT鉴权与 COUNT更新流程图;  Figure 1 is a flow chart of COUNT authentication and COUNT update;
图 2是 COUNT更新流程中发生 MSC/VLR宕机流程图;  Figure 2 is a flow chart of the MSC/VLR downtime in the COUNT update process;
图 3是改进的 COUNT鉴权流程图;  Figure 3 is an improved COUNT authentication flow chart;
图 4是 MSC/VLR宕机恢复后改进的 COUNT鉴权流程图;  Figure 4 is a simplified COUNT authentication flow chart after MSC/VLR downtime recovery;
图 5是本发明实施例归属位置寄存器框图。 本发明的较佳实施方式  Figure 5 is a block diagram of a home location register in accordance with an embodiment of the present invention. Preferred embodiment of the invention
为使本发明的目的、 技术方案和优点更加清楚明白, 下文中将结合附图 对本发明的实施例进行详细说明。 需要说明的是, 在不冲突的情况下, 本申 请中的实施例及实施例中的特征可以相互任意组合。 在终端进行呼叫业务, 进行 COUNT更新过程中发生了 MSC/VLR宕机 或 HLR之间链路中断, 此时终端的 COUNT已经更新累加一, 而 HLR由于 未得到响应保存的 COUNT未变。 此时 MSC/VLR下所有的合法用户, 关于 COUNT值有两种情况: In order to make the objects, the technical solutions and the advantages of the present invention more clearly, the embodiments of the present invention will be described in detail below with reference to the accompanying drawings. It should be noted that, in the case of no conflict, the features in the embodiments and the embodiments in the present application may be arbitrarily combined with each other. When the terminal performs the call service, the link between the MSC/VLR downtime or the HLR occurs during the COUNT update process. At this time, the COUNT of the terminal has been updated and accumulated, and the COUNT that has not been saved by the HLR has not changed. At this time, all legitimate users under the MSC/VLR have two cases regarding the COUNT value:
终端的 COUNT值 = HLR中 COUNT值  COUNT value of the terminal = COUNT value in HLR
终端的 COUNT值 = ( HLR中 COUNT值 + X ) mod (N+1)  The COUNT value of the terminal = ( COUNT value + X in HLR) mod (N+1)
其中, X是每发生一次呼叫时呼叫历史呼叫计数的累加值, N为呼叫历 史计数器的最大值, 比如, X=l , N=63 , 也可根据需要取其他值。  Where X is the accumulated value of the call history call count every time a call occurs, and N is the maximum value of the call history counter, for example, X=l, N=63, and other values may be taken as needed.
本发明实施例在做 COUNT鉴权时, 判断终端的 COUNT值 = ( HLR中 COUNT值 + 1 ) mod 64时, 也认为 COUNT鉴权成功, 同时将 HLR保存的 COUNT值修改为终端上报 COUNT值, 从而解决 MSC/VLR宕机情况下 COUNT不一致而导致合法用户无法进行呼叫业务的问题。  In the embodiment of the present invention, when the COUNT authentication is performed, when the COUNT value of the terminal = (the COUNT value in the HLR + 1) mod 64 is determined, the COUNT authentication is also considered to be successful, and the COUNT value saved by the HLR is modified to be the COUNT value reported by the terminal. Solve the problem that the COUNT is inconsistent in the case of the MSC/VLR downtime and the legitimate user cannot make the call service.
本发明实施例提供一种鉴权方法, 包括:  An embodiment of the present invention provides an authentication method, including:
归属位置寄存器接收到携带历史呼叫计数(COUNT )值的鉴权请求时, 当所述鉴权请求中的 COUNT值指示的呼叫数比所述归属位置寄存器中的 COUNT值指示的呼叫数多一次时, 判断 COUNT鉴权通过;  When the home location register receives the authentication request carrying the historical call count (COUNT) value, when the number of calls indicated by the COUNT value in the authentication request is more than the number of calls indicated by the COUNT value in the home location register , judge COUNT authentication passed;
其中, 当所述鉴权请求中的 COUNT 值与所述归属位置寄存器中的 COUNT值相等时, 判断 COUNT鉴权通过。  Wherein, when the COUNT value in the authentication request is equal to the COUNT value in the home location register, it is determined that the COUNT authentication is passed.
其中, 根据下式判断所述鉴权请求中的 COUNT值指示的呼叫数是否比 所述归属位置寄存器中的 COUNT值指示的呼叫数多一次:  Wherein, it is determined according to the following formula whether the number of calls indicated by the COUNT value in the authentication request is greater than the number of calls indicated by the COUNT value in the home location register:
所述鉴权请求中的 COUNT值 = (归属位置寄存器中 COUNT值 + X ) mod ( N+1 ) ;  The COUNT value in the authentication request = ( COUNT value + X in the home location register) mod ( N+1 ) ;
其中, 所述 X是每发生一次呼叫时呼叫历史呼叫计数的累加值, 所述 N 为呼叫历史计数器的最大值。  Wherein, the X is an accumulated value of a call history call count every time a call occurs, and the N is a maximum value of a call history counter.
其中, 所述方法还包括, 当所述鉴权请求中的 COUNT值指示的呼叫数 比所述归属位置寄存器中的 COUNT值指示的呼叫数多一次时, 所述归属位 置寄存器还更新本地的 COUNT值为所述鉴权请求中的 COUNT值。  The method further includes: when the number of calls indicated by the COUNT value in the authentication request is greater than the number of calls indicated by the COUNT value in the home location register, the home location register further updates the local COUNT The value is the COUNT value in the authentication request.
下面以 X=l , N=63说明本发明, 其他取值情况类似。 图 3为本发明提出的改进的 COUNT鉴权流程图。 The present invention will be described below with X = l and N = 63, and other values are similar. Figure 3 is a flow chart of an improved COUNT authentication proposed by the present invention.
301 : 移动台发起呼叫, BSC发送起呼请求消息给 MSC/VLR, 消息中携 带用于鉴权的 RANDC、 AUTHR和 COU T。  301: The mobile station initiates a call, and the BSC sends a call request message to the MSC/VLR, where the message carries RANDC, AUTHR and COU T for authentication.
302: MSC/VLR发送鉴权请求消息给 HLR, 请求 HLR进行鉴权处理, 消息中携带用于鉴权的 RAND、 AUTHR和 COU T。  302: The MSC/VLR sends an authentication request message to the HLR, requesting the HLR to perform authentication processing, where the message carries RAND, AUTHR, and COU T for authentication.
303: HLR接收到鉴权请求消息后, 进行鉴权处理, 包括 COUNT鉴权并 触发 COUNT更新。 如果终端 COUNT值 = HLR中 COUNT值, 或者终端 COUNT值 =(HLR中 COUNT值 + l)mod 64认为 COUNT鉴权成功, 同时 将 HLR保存的 COUNT值修改为终端上 ^艮的 COUNT值, 终端 COUNT值即 鉴权请求中携带的 COUNT值。  303: After receiving the authentication request message, the HLR performs an authentication process, including COUNT authentication and triggers a COUNT update. If the terminal COUNT value = COUNT value in the HLR, or the terminal COUNT value = (the COUNT value in the HLR + l) mod 64 considers that the COUNT authentication is successful, and at the same time, the COUNT value saved by the HLR is modified to the COUNT value on the terminal, the terminal COUNT The value is the COUNT value carried in the authentication request.
304: HLR返回鉴权响应消息给 MSC/VLR, 携带需要进行 COUNT更新 的标志。  304: The HLR returns an authentication response message to the MSC/VLR, carrying a flag requiring a COUNT update.
305: MSC/VLR保存需要进行 COUNT更新的标志, 先下发指配请求消 息给 BSC, 指示 BSC建立业务信道。  305: The MSC/VLR saves the flag that needs to perform the COUNT update, and first sends the assignment request message to the BSC, instructing the BSC to establish a traffic channel.
306: BSC完成建立业务信道, 返回指配完成消息给 MSC/VLR。  306: The BSC completes establishing a traffic channel, and returns an assignment completion message to the MSC/VLR.
图 4为本发明提出的改进的 COUNT鉴权在 MSC/VLR宕机恢复后的鉴 权流程图。  FIG. 4 is a flow chart of the authentication of the improved COUNT authentication proposed by the present invention after the MSC/VLR is recovered.
401 : 移动台发起呼叫, BSC发送起呼请求消息给 MSC/VLR, 消息中携 带用于鉴权的 RANDC、 AUTHR和 COU T。  401: The mobile station initiates a call, and the BSC sends a call request message to the MSC/VLR, where the message carries RANDC, AUTHR and COU T for authentication.
402: MSC/VLR发送鉴权请求消息给 HLR, 请求 HLR进行鉴权处理, 消息中携带用于鉴权的 RAND、 AUTHR和 COU T。  402: The MSC/VLR sends an authentication request message to the HLR, requesting the HLR to perform authentication processing, where the message carries RAND, AUTHR, and COU T for authentication.
403: HLR接收到鉴权请求消息后, 进行鉴权处理, 包括 COUNT鉴权并 触发 COUNT更新。如终端 COUNT值 = HLR中 COUNT值 ,或者终端 COUNT 值 =(HLR中 COUNT值 + l)mod 64认为 COUNT鉴权成功,同时将 HLR保 存的 COUNT值修改为终端上报 COUNT值。  403: After receiving the authentication request message, the HLR performs an authentication process, including COUNT authentication and triggers a COUNT update. If the terminal COUNT value = COUNT value in the HLR, or the terminal COUNT value = (the COUNT value + l in the HLR) mod 64 considers that the COUNT authentication is successful, and the COUNT value saved by the HLR is modified to the terminal reporting the COUNT value.
404: HLR返回鉴权响应消息给 MSC/VLR, 携带需要进行 COUNT更新 的标志。  404: The HLR returns an authentication response message to the MSC/VLR, carrying a flag that needs to perform a COUNT update.
405: MSC/VLR保存需要进行 COUNT更新的标志, 先下发指配请求消 息给 BSC, 指示 BSC建立业务信道。 405: The MSC/VLR saves the flag that needs to perform the COUNT update, and first sends the assignment request to cancel. The information is given to the BSC, instructing the BSC to establish a traffic channel.
406: BSC完成建立业务信道, 返回指配完成消息给 MSC/VLR。  406: The BSC completes establishing a traffic channel, and returns an assignment completion message to the MSC/VLR.
407 : MSC/VLR 判断业务信道建立完成, 根据之前保存的需要进行 COUNT更新的标志, 下发 COUNT更新参数更新请求消息给 BSC。  407: The MSC/VLR determines that the service channel is established, and performs a COUNT update flag according to the previously saved needs, and sends a COUNT update parameter update request message to the BSC.
408: BSC通知移动台进行 COUNT更新, 移动台 COUNT值累力。 1后返 回响应给 BSC。  408: The BSC informs the mobile station to perform COUNT update, and the mobile station COUNT value is heavy. After 1 returns the response to the BSC.
409: BSC接收到移动台的响应, 向 MSC/VLR发送参数更新确认消息。 409: The BSC receives the response from the mobile station and sends a parameter update confirmation message to the MSC/VLR.
410: 由于 MSC/VLR发生宕机、 与 HLR之间链路中断, 无法将参数更 新确认信息传递到 HLR。 410: The parameter update confirmation message cannot be forwarded to the HLR due to a link between the MSC/VLR and the link between the HLR and the HLR.
411 : MSC/VLR恢复, 但此时终端保存的 COUNT与 HLR中记录的不一 致。  411: The MSC/VLR is restored, but the COUNT and the HLR stored in the terminal are not consistent.
412: 移动台再次发起呼叫, BSC发送起呼请求消息给 MSC/VLR, 消息 中携带用于鉴权的 RANDC、 AUTHR和 COU T。  412: The mobile station initiates the call again, and the BSC sends a call request message to the MSC/VLR, where the message carries RANDC, AUTHR and COU T for authentication.
413: MSC/VLR发送鉴权请求消息给 HLR, 请求 HLR进行鉴权处理, 消息中携带用于鉴权的 RAND、 AUTHR和 COU T。  413: The MSC/VLR sends an authentication request message to the HLR, requesting the HLR to perform authentication processing, where the message carries RAND, AUTHR, and COU T for authentication.
414: HLR接收到鉴权请求消息后,进行鉴权处理,由于 MSC/VLR宕机, 此时终端 COUNT值 = (HLR中 COUNT值 + 1) mod 64, 认为 COUNT鉴权 成功, 同时将 HLR保存的 COUNT值修改为终端上报的 COUNT值。  414: After receiving the authentication request message, the HLR performs authentication processing. Because the MSC/VLR is down, the terminal COUNT value = (COUNT value + 1 in HLR) mod 64, and the COUNT authentication is successful, and the HLR is saved. The COUNT value is modified to the COUNT value reported by the terminal.
415: HLR返回鉴权响应消息给 MSC/VLR, 携带需要进行 COUNT更新 的标志。  415: The HLR returns an authentication response message to the MSC/VLR, carrying a flag that needs to perform a COUNT update.
416: MSC/VLR保存需要进行 COUNT更新的标志, 先下发指配请求消 息给 BSC, 指示 BSC建立业务信道。  416: The MSC/VLR saves the flag that needs to perform the COUNT update, and first sends the assignment request message to the BSC, instructing the BSC to establish a traffic channel.
417: BSC完成建立业务信道, 返回指配完成消息给 MSC/VLR。  417: The BSC completes establishing the traffic channel and returns an assignment completion message to the MSC/VLR.
本发明还提供一种归属位置寄存器, 如图 5所示, 包括鉴权单元, 其中: 所述鉴权单元用于: 接收到携带历史呼叫计数 ( COUNT )值的鉴权请求 时, 当所述鉴权请求中的 COUNT值指示的呼叫数比所述归属位置寄存器中 的 COUNT值指示的呼叫数多一次时, 判断 COUNT鉴权通过。 其中, 所述归属位置寄存器还可包括更新单元, 用于当所述鉴权请求中 的 COUNT值指示的呼叫数比所述归属位置寄存器中的 COUNT值指示的呼 叫数多一次时, 更新本地的 COUNT值为所述鉴权请求中的 COUNT值。 The present invention further provides a home location register, as shown in FIG. 5, including an authentication unit, where: the authentication unit is configured to: when receiving an authentication request carrying a historical call count (COUNT) value, when When the number of calls indicated by the COUNT value in the authentication request is more than the number of calls indicated by the COUNT value in the home location register, the COUNT authentication is judged to pass. The home location register may further include an updating unit, configured to update the local time when the number of calls indicated by the COUNT value in the authentication request is greater than the number of calls indicated by the COUNT value in the home location register The COUNT value is the COUNT value in the authentication request.
其中, 所述鉴权单元用于根据下式判断所述鉴权请求中的 COUNT值指 示的呼叫数是否比所述归属位置寄存器中的 COUNT值指示的呼叫数多一次: 所述鉴权请求中的 COUNT值 = (归属位置寄存器中 COUNT值 + X ) mod ( N+1 ) ;  The authentication unit is configured to determine, according to the following formula, whether the number of calls indicated by the COUNT value in the authentication request is greater than the number of calls indicated by the COUNT value in the home location register: the authentication request COUNT value = (COUNT value + X in the home location register) mod ( N+1 );
其中, 所述 X是每产生一次呼叫历史呼叫计数的累加值, 所述 N为呼叫 历史计数器的最大值。  Wherein, the X is an accumulated value of a call history count every time a call is generated, and the N is a maximum value of a call history counter.
其中, 所述鉴权单元还用于: 当所述鉴权请求中的 COUNT值与所述归 属位置寄存器中的 COUNT值相等时, 判断 COUNT鉴权通过。  The authentication unit is further configured to: when the COUNT value in the authentication request is equal to the COUNT value in the home location register, determine that the COUNT authentication passes.
本发明实施例介绍了在 CDMA2000系统中解决终端与 HLR之间 COUNT 不一致的方法, 同样适用于 WCDMA和 TD-SCDMA等系统中。  The embodiment of the present invention introduces a method for solving the COUNT inconsistency between the terminal and the HLR in the CDMA2000 system, and is also applicable to systems such as WCDMA and TD-SCDMA.
通过釆用发明提出的方法, 对 COUNT 鉴权方式的改进, 解决由于 MSC/VLR宕机恢复后出现大量合法终端无法进行呼叫业务的问题。  By using the method proposed by the invention, the improvement of the COUNT authentication method solves the problem that a large number of legitimate terminals cannot perform call service after the MSC/VLR is recovered.
本领域普通技术人员可以理解上述方法中的全部或部分步骤可通过程序 来指令相关硬件完成, 所述程序可以存储于计算机可读存储介质中, 如只读 存储器、 磁盘或光盘等。 可选地, 上述实施例的全部或部分步骤也可以使用 一个或多个集成电路来实现。 相应地, 上述实施例中的各模块 /单元可以釆用 硬件的形式实现, 也可以釆用软件功能模块的形式实现。 本发明不限制于任 何特定形式的硬件和软件的结合。  One of ordinary skill in the art will appreciate that all or a portion of the above steps may be accomplished by a program instructing the associated hardware, such as a read-only memory, a magnetic disk, or an optical disk. Alternatively, all or part of the steps of the above embodiments may also be implemented using one or more integrated circuits. Correspondingly, each module/unit in the above embodiment may be implemented in the form of hardware or in the form of a software function module. The invention is not limited to any specific form of combination of hardware and software.
工业实用性 Industrial applicability
上述方法,在鉴权请求中的 COUNT值指示的呼叫数比 HLR中的 COUNT 值指示的呼叫数多一次时, COUNT鉴权通过,从而解决 MSC/VLR宕机情况 下 COUNT不一致而导致合法用户无法进行呼叫业务的问题。  In the above method, when the number of calls indicated by the COUNT value in the authentication request is more than the number of calls indicated by the COUNT value in the HLR, the COUNT authentication is passed, thereby solving the problem that the COUNT is inconsistent in the case of the MSC/VLR downtime, and the legitimate user cannot The problem of making a call service.

Claims

1、 一种鉴权方法, 包括:  1. An authentication method, including:
归属位置寄存器接收到携带历史呼叫计数(COUNT )值的鉴权请求时, 当所述鉴权请求中的 COUNT值指示的呼叫数比所述归属位置寄存器中的 COUNT值指示的呼叫数多一次时, 判断 COUNT鉴权通过。  When the home location register receives the authentication request carrying the historical call count (COUNT) value, when the number of calls indicated by the COUNT value in the authentication request is more than the number of calls indicated by the COUNT value in the home location register , judge COUNT authentication passed.
2、 如权利要求 1 所述的方法, 其中, 根据下式判断所述鉴权请求中的 COUNT值指示的呼叫数是否比所述归属位置寄存器中的 COUNT值指示的 呼叫数多一次:  2. The method according to claim 1, wherein the number of calls indicated by the COUNT value in the authentication request is determined to be one more than the number of calls indicated by the COUNT value in the home location register according to the following formula:
所述鉴权请求中的 COUNT值 = (归属位置寄存器中 COUNT值 + X ) mod ( N+1 ) ;  The COUNT value in the authentication request = ( COUNT value + X in the home location register) mod ( N+1 ) ;
其中, 所述 X是每发生一次呼叫时呼叫历史呼叫计数的累加值, 所述 N 为呼叫历史计数器的最大值。  Wherein, the X is an accumulated value of a call history call count every time a call occurs, and the N is a maximum value of a call history counter.
3、 如权利要求 2所述的方法, 其中, 所述 X=l。  3. The method of claim 2, wherein said X = 1.
4、 如权利要求 1至 3任一所述的方法, 其中, 所述方法还包括, 当所述 鉴权请求中的 COUNT值指示的呼叫数比所述归属位置寄存器中的 COUNT 值指示的呼叫数多一次时, 所述归属位置寄存器还更新本地的 COUNT值为 所述鉴权请求中的 COUNT值。  The method according to any one of claims 1 to 3, wherein the method further comprises: when the COUNT value in the authentication request indicates the number of calls is greater than the number indicated by the COUNT value in the home location register When the number is more than one, the home location register also updates the local COUNT value to the COUNT value in the authentication request.
5、 如权利要求 1至 3任一所述的方法, 其中, 所述方法还包括, 当所述 鉴权请求中的 COUNT值与所述归属位置寄存器中的 COUNT值相等时, 判 断 COUNT鉴权通过。  The method according to any one of claims 1 to 3, wherein the method further comprises: determining COUNT authentication when a COUNT value in the authentication request is equal to a COUNT value in the home location register by.
6、 一种归属位置寄存器, 包括鉴权单元, 其中:  6. A home location register, comprising an authentication unit, wherein:
所述鉴权单元设置为: 接收到携带历史呼叫计数 ( COUNT )值的鉴权请 求时, 当所述鉴权请求中的 COUNT值指示的呼叫数比所述归属位置寄存器 中的 COUNT值指示的呼叫数多一次时, 判断 COUNT鉴权通过。  The authentication unit is configured to: when receiving an authentication request carrying a historical call count (COUNT) value, when the number of calls indicated by the COUNT value in the authentication request is greater than the COUNT value in the home location register When the number of calls is more than one, the COUNT authentication is judged to pass.
7、 如权利要求 6所述的归属位置寄存器, 其中, 所述鉴权单元设置为: 根据下式判断所述鉴权请求中的 COUNT值指示的呼叫数是否比所述归属位 置寄存器中的 COUNT值指示的呼叫数多一次: 所述鉴权请求中的 COUNT值 = (归属位置寄存器中 COUNT值 + X ) mod ( N+1 ) ; 7. The home location register according to claim 6, wherein the authentication unit is configured to: determine, according to the following formula, whether the number of calls indicated by the COUNT value in the authentication request is greater than COUNT in the home location register The number of calls indicated by the value is one more time: The COUNT value in the authentication request = (COUNT value + X in the home location register) mod ( N+1 );
其中, 所述 X是每产生一次呼叫历史呼叫计数的累加值, 所述 N为呼叫 历史计数器的最大值。  Wherein, the X is an accumulated value of a call history count every time a call is generated, and the N is a maximum value of a call history counter.
8、 如权利要求 7所述的归属位置寄存器, 其中, 所述 X=l。  8. The home location register of claim 7, wherein said X = 1.
9、 如权利要求 6至 8任一所述的归属位置寄存器, 其中, 所述归属位置 寄存器还包括更新单元, 设置为: 当所述鉴权请求中的 COUNT值指示的呼 叫数比所述归属位置寄存器中的 COUNT值指示的呼叫数多一次时, 更新本 地的 COUNT值为所述鉴权请求中的 COUNT值。  The home location register according to any one of claims 6 to 8, wherein the home location register further comprises an updating unit, configured to: when the number of calls indicated by the COUNT value in the authentication request is greater than the attribution When the number of calls indicated by the COUNT value in the location register is more than one, the local COUNT value is updated to the COUNT value in the authentication request.
10、 如权利要求 6至 8任一所述的归属位置寄存器, 其中, 所述鉴权单 元还设置为: 当所述鉴权请求中的 COUNT值与所述归属位置寄存器中的 COUNT值相等时, 判断 COUNT鉴权通过。  The home location register according to any one of claims 6 to 8, wherein the authentication unit is further configured to: when a COUNT value in the authentication request is equal to a COUNT value in the home location register , judge COUNT authentication passed.
PCT/CN2012/076466 2011-07-13 2012-06-05 Authentication method and home location register WO2013007139A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN2011101959996A CN102238546A (en) 2011-07-13 2011-07-13 Authentication method and home location register
CN201110195999.6 2011-07-13

Publications (1)

Publication Number Publication Date
WO2013007139A1 true WO2013007139A1 (en) 2013-01-17

Family

ID=44888648

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2012/076466 WO2013007139A1 (en) 2011-07-13 2012-06-05 Authentication method and home location register

Country Status (2)

Country Link
CN (1) CN102238546A (en)
WO (1) WO2013007139A1 (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102238546A (en) * 2011-07-13 2011-11-09 中兴通讯股份有限公司 Authentication method and home location register

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1953615A (en) * 2006-09-22 2007-04-25 华为技术有限公司 A method and device to perfect the terminal authentication
KR20080086570A (en) * 2007-03-23 2008-09-26 (주) 엘지텔레콤 1x ev-do authentification method to keep reproduced handsets from connecting to 1x ev-do network
US20090100262A1 (en) * 2006-03-15 2009-04-16 Posdata Co., Ltd. Apparatus and method for detecting duplication of portable subscriber station in portable internet system
CN102036246A (en) * 2010-12-17 2011-04-27 中兴通讯股份有限公司 Call historical count (abbreviated as count) updating method and device
CN102238546A (en) * 2011-07-13 2011-11-09 中兴通讯股份有限公司 Authentication method and home location register

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20090100262A1 (en) * 2006-03-15 2009-04-16 Posdata Co., Ltd. Apparatus and method for detecting duplication of portable subscriber station in portable internet system
CN1953615A (en) * 2006-09-22 2007-04-25 华为技术有限公司 A method and device to perfect the terminal authentication
KR20080086570A (en) * 2007-03-23 2008-09-26 (주) 엘지텔레콤 1x ev-do authentification method to keep reproduced handsets from connecting to 1x ev-do network
CN102036246A (en) * 2010-12-17 2011-04-27 中兴通讯股份有限公司 Call historical count (abbreviated as count) updating method and device
CN102238546A (en) * 2011-07-13 2011-11-09 中兴通讯股份有限公司 Authentication method and home location register

Also Published As

Publication number Publication date
CN102238546A (en) 2011-11-09

Similar Documents

Publication Publication Date Title
JP4004275B2 (en) Unauthorized use detection method in mobile communication network
US7574599B1 (en) Robust authentication and key agreement protocol for next-generation wireless networks
JP4272920B2 (en) Method and apparatus for checking the validity of a first communication participant in a communication network
US6236852B1 (en) Authentication failure trigger method and apparatus
JP3964677B2 (en) Security procedures for universal mobile phone services
US7773973B2 (en) Method for authentication between a mobile station and a network
CN100583767C (en) Key updating method and device
JP2016054500A (en) Network assisted fraud detection apparatus and methods
US11159940B2 (en) Method for mutual authentication between user equipment and a communication network
EP2377337A1 (en) Service-based authentication to a network
KR20130031829A (en) Method and apparatus for network personalization of subscriber devices
EP2384038A1 (en) Method, system and terminal device for realizing locking network by terminal device
WO2013185709A1 (en) Call authentication method, device, and system
KR20130010522A (en) An authentication method for preventing damages from lost and stolen smart phones
KR20180021838A (en) A method for replacing at least one authentication parameter for authenticating a secure element,
CN110944300B (en) Short message service system, forwarding interface device and defense server
JP6101088B2 (en) Status change notification method, subscriber authentication device, status change detection device, and mobile communication system
CN110267219B (en) Call forwarding reporting method, register, user terminal and block chain network
WO2013007139A1 (en) Authentication method and home location register
CN102905267B (en) ME identifies authentication, security mode control method and device
US8380165B1 (en) Identifying a cloned mobile device in a communications network
KR19990025925A (en) Detection and Management Method of Mobile Service Terminal Duplication
KR100545512B1 (en) System and method for preventing replay attacks in wireless communication
JP4759621B2 (en) Mobile communication system, subscriber authentication method, subscriber authentication module, mobile device system, authentication error detection method, authentication vector generation device, and authentication vector generation method
Brawerman et al. An anti-cloning framework for software defined radio mobile devices

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 12810904

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 12810904

Country of ref document: EP

Kind code of ref document: A1