CN100441036C - Method for validating security of mobile terminal in CDMA network - Google Patents

Method for validating security of mobile terminal in CDMA network Download PDF

Info

Publication number
CN100441036C
CN100441036C CNB2004101034707A CN200410103470A CN100441036C CN 100441036 C CN100441036 C CN 100441036C CN B2004101034707 A CNB2004101034707 A CN B2004101034707A CN 200410103470 A CN200410103470 A CN 200410103470A CN 100441036 C CN100441036 C CN 100441036C
Authority
CN
China
Prior art keywords
portable terminal
skey
configuration information
random number
hlr
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Fee Related
Application number
CNB2004101034707A
Other languages
Chinese (zh)
Other versions
CN1798437A (en
Inventor
董昆阳
王正伟
黄天振
周春艳
孔杰
朱志明
郭平
王备
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Huawei Technologies Co Ltd
Original Assignee
Huawei Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Huawei Technologies Co Ltd filed Critical Huawei Technologies Co Ltd
Priority to CNB2004101034707A priority Critical patent/CN100441036C/en
Priority to PCT/CN2005/002340 priority patent/WO2006069536A1/en
Publication of CN1798437A publication Critical patent/CN1798437A/en
Application granted granted Critical
Publication of CN100441036C publication Critical patent/CN100441036C/en
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/12Detection or prevention of fraud
    • H04W12/126Anti-theft arrangements, e.g. protection against subscriber identity module [SIM] cloning
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W8/00Network data management
    • H04W8/22Processing or transfer of terminal data, e.g. status or physical capabilities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W88/00Devices specially adapted for wireless communication networks, e.g. terminals, base stations or access point devices
    • H04W88/02Terminal devices

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Mobile Radio Communication Systems (AREA)
  • Telephonic Communication Services (AREA)

Abstract

The present invention discloses a method for proofing the security of a mobile terminal in a code division multiple access (CDMA) network, which at least comprises the following procedures: a consistent safe key (SKEY) corresponding to the mobile terminal is set and saved in the mobile terminal and a network device of a CDMA network; when the mobile terminal needs to be safely verified, the network device generates verification information according to the SKEY corresponding to the mobile terminal, and the verification information is sent to the mobile terminal; the mobile terminal judges whether the SKEY saved by the mobile terminal is matched with the SKEY which is saved by the network device and corresponds to the mobile terminal; if the SKEY saved by the mobile terminal is matched with the SKEY which is stored by the network device and correspond to the mobile terminal, the mobile terminal is legal by the judgment of the mobile terminal; otherwise, the mobile terminal is illegal by the judgment of the mobile terminal. After the mobile terminal is illegal by the judgment of the mobile terminal, the mobile terminal can directly shut down, and consequently, a current user is not allowed to use the mobile terminal. The present invention can prevent the mobile terminal of the CDMA from being stolen or rushed, and consequently, the present invention greatly improves the safety of the mobile terminal of the CDMA network.

Description

The verification method of security of mobile terminal in the CDMA network
Technical field
The present invention relates to the mobile communication safe practice, be specifically related to the verification method of the security of mobile terminal in a kind of code division multiple access (CDMA) communication network.
Background technology
Portable terminal great majority in the cdma communication network adopt the mode of separation between machine and card at present, just portable terminal itself is two independent parts with Subscriber Identity Module (UIM) card that is used for checking wireless network user profile, bonds them together in use to get final product.This mode has a lot of outstanding advantages, for example the user wants to change the words of a portable terminal, only need to buy a new portable terminal and original UIM card is inserted into new portable terminal to get final product, like this, because user's information does not need to change, so the user does not need to handle to common carrier the formality of any replacing portable terminal yet.
But when adopting the separation between machine and card mode to bring great convenience, also cause portable terminal stolen and robbed phenomenon and happen occasionally, to such an extent as to portable terminal dare not be hung between waist some local people to the user.Because under the separation between machine and card mode, change a new UIM card on the portable terminal of robbing and just can have no obstacle ground use as long as steal in institute.Thereby the robber can sail again the steal portable terminal of robbing and sell profit like this.Like this, user not only economic interests is subjected to very big influence, but also need go to the common carrier place to handle a series of formalities, for example changes subscription data, has brought very big inconvenience to the user.
In order to solve portable terminal stolen problem of robbing easily, a kind of method relatively more commonly used is that cryptoguard is set on portable terminal.Startup password for example is set on portable terminal, all needs to import correct startup password at every turn when starting shooting, portable terminal could be carried out to subsequent operations such as network registries.If the startup password input is incorrect, this portable terminal just can not normally use.Even the robber has obtained user's portable terminal like this, also can not use and sell because not inputing correct password.Therefore, this method has solved portable terminal stolen problem of robbing easily to a certain extent.But for this a kind of method, validated user also needs to input password when each start, will bring very large trouble to the daily use of validated user.Therefore, at present a lot of users are not provided with such startup password because feeling so each input startup password hell to pay, make this solution be difficult to be accepted and obtain the application of reality, thereby can not fundamentally solve portable terminal stolen problem of robbing easily by the user.
Also having a kind of solution is to build a large amount of equipment identity register (EIR) equipment, and the International Mobile Station Equipment Identification (IMEI) of those stolen mobile terminals is put into the blacklist of corresponding EIR.Like this, when portable terminal connects network in each start, need all in EIR equipment, to check whether the pairing IMEI of this portable terminal is added in the blacklist, if in blacklist, found the IMEI of this portable terminal, network thinks that this mobile terminal user is the disabled user, thereby refuses its service request.The robber can not therefrom make a profit because resulting portable terminal can not reuse equally like this, thereby can fundamentally solve portable terminal stolen problem of robbing easily.But this method need be built a large amount of EIR equipment, needs to increase the construction of the network equipment, has increased the networking cost of common carrier.Simultaneously, this method also needs unified simultaneously this antitheft business of carrying out of different common carriers, use to avoid being taken the another one common carrier network from the portable terminal of a common carrier network loss, like this, service interworking work loaded down with trivial details between the common carrier will be increased greatly, therefore increased the operation cost of common carrier, also carrying out to the business of common carrier makes troubles.
In addition, the UIM card is also happened occasionally by the situation of bootlegging at present.For example, the user is when the maintenance portable terminal, and the maintenance personal can duplicate the UIM card in the portable terminal easily, the UIM card that duplicates is inserted in other terminal use.Like this, obtain to duplicate the people of UIM card can be under the unwitting situation of validated user free call on somebody else's expense through illegal means or use other mobile communication service, and these expenses are calculated on the account of validated user, thereby make validated user suffer economic loss.For example, the people that the UIM card is duplicated in acquisition calls at dead of night, and at this moment validated user has generally been had a rest, and has but lost huge communication cost unconsciously.Perhaps, the portable terminal that duplicates the UIM card has been installed after connecting network, network will refuse to have installed the connection request of the portable terminal of original UIM card, make validated user can't use one's own mobile communication service, thereby might cause bigger economic loss and other loss to validated user.
Therefore, the security of mobile terminal in present cdma network is in urgent need to be improved, and the phenomenon that the UIM card is cloned easily also needs effective method to be eliminated.
Summary of the invention
In view of this, main purpose of the present invention provides the verification method of the security of mobile terminal in a kind of cdma network, robs to prevent that effectively portable terminal is stolen, improves the fail safe of portable terminal.
Above-mentioned purpose of the present invention is achieved by the following technical solutions:
Security of mobile terminal verification method in a kind of cdma network comprises at least:
A. in the network equipment of portable terminal and cdma network, be provided with and preserve corresponding to safe key (SKEY) that should portable terminal and deploy switch is set and mark is represented the deploy switch value of safeguard protection type;
When needing that b. portable terminal carried out security verification, after portable terminal was confirmed the deploy switch value, the network equipment was according to generating authorization information to SKEY that should portable terminal, and this authorization information is sent to portable terminal;
C. whether the portable terminal SKEY to should portable terminal that judges according to the authorization information that is received from the network equipment that the own SKEY that preserves and the network equipment preserve mates, if judge that oneself is legal; Otherwise judge own illegal.
In the portable terminal and the network equipment SKEY being set among the step a comprises:
A1. portable terminal sends the request message that SKEY is set to the network equipment;
A2. the network equipment produces a random number, generates configuration information according to this random number, and this random number is sent to portable terminal;
A3. portable terminal uses this random number to generate configuration information, obtain SKEY and preserve according to this configuration information, and the configuration information of using this random number to generate portable terminal sends to the network equipment;
A4. the network equipment obtains SKEY according to the configuration information that oneself generates and preserves when two configuration informations are consistent.
The network equipment can be attaching position register/AUC (HLR/AC), and this moment, step a1 comprised:
The mobile switching center MSC/VLR of portable terminal in cdma network sends the specific transactions command code that a conduct is provided with the request message of SKEY;
MSC/VLR analyzes this business operation sign indicating number, sends a business request information to HLR/AC then;
The network equipment comprises according to this random number generation configuration information among the step a2: the network equipment uses this random number and original Shared Secret Data SSD to generate first configuration information and second configuration information by the CAVE algorithm;
The network equipment sends to portable terminal with random number and comprises among the step a2: HLR/AC sends an authentication Indication message to MSC/VLR, comprises the described random number and first configuration information in this message; MSC/VLR preserves first configuration information that receives, and sends a unique challenge request message that comprises this random number to portable terminal then;
Portable terminal comprises according to this random number generation configuration information among the step a3: portable terminal uses this random number and original Shared Secret Data SSD to generate the 3rd configuration information and the 4th configuration information by the CAVE algorithm;
Obtain SKEY and preserve comprising according to this configuration information among the step a3: portable terminal obtains SKEY and preserves this SKEY according to the 4th configuration information;
Among the step a3 configuration information being sent to the network equipment comprises: portable terminal sends to MSC/VLR by the unique challenge response message with the 3rd configuration information, MSC/VLR compares first configuration information and whether the 3rd configuration information mates, and comparative result is sent to HLR/AC by the authentication status report;
The network equipment obtains SKEY and preserve comprising according to the configuration information that oneself generates when two configuration informations are consistent among the step a4: HLR/AC judges whether the authentication status report shows the comparative result coupling, if second configuration information that generates according to oneself obtains SKEY and preserves; Otherwise do not preserve SKEY.
Portable terminal may further include a safety chip and a UIM card, and portable terminal uses this random number and original Shared Secret Data SSD generates the 3rd configuration information by the CAVE algorithm and the 4th configuration information comprises among the step a3:
The portable terminal program sends to the UIM card with the random number that receives, and requires to carry out unique challenge and return configuration information; The UIM card uses the CAVE algorithm that random number and the original SSD that receives calculated the 3rd configuration information and the 4th configuration information, then the 3rd configuration information and the 4th configuration information is sent to the portable terminal program;
Portable terminal obtains SKEY according to the 4th configuration information and preserve this SKEY comprising among the step a3: the portable terminal program sends to safety chip with the 4th configuration information, and safety chip generates SKEY according to the 4th configuration information and preserves.
First configuration information and the 3rd configuration information can be the authenticating result of unique challenge, and second configuration information and the 4th configuration information can be the voice encryption masks; HLR/AC according to second configuration information obtain SKEY for 64 bits of the same position of voice encryption mask as SKEY; It is that 64 bits with the same position of voice encryption mask are as SKEY that described portable terminal generates SKEY according to the 4th configuration information.
The network equipment comprises according to SKEY that should portable terminal is generated authorization information among the step b: the network equipment generates a random number, and use to preserve corresponding to the SKEY of this portable terminal and the random number that generated by calculating a result of calculation, be verified information according to result of calculation then; The network equipment further sends described random number among the step b when portable terminal sends authorization information;
Portable terminal is judged whether two SKEY mate and comprised among the step c: portable terminal is resolved the authorization information that receives and is obtained a result of calculation, use SKEY that oneself preserves and the random number that is received from the network equipment to obtain a result of calculation by corresponding calculated then, relatively whether two result of calculations mate.
The network equipment can be HLR/AC, and the network equipment comprises to portable terminal transmission authorization information and random number among the step b: the point-to-point short message that HLR/AC will comprise random number and authorization information sends to MSC/VLR; MSC/VLR should send to portable terminal by point-to-point short message.
Portable terminal may further include a safety chip, described SKEY is provided with and is kept on this safety chip, described portable terminal uses the SKEY that oneself preserves to carry out CAVE with the random number that is received from the network equipment and calculates an authenticating result, extract authenticating result from authorization information, whether two authenticating result of comparison mate comprises: random number and authorization information that the portable terminal program will be received from MSC/VLR send to safety chip; Safety chip extracts authenticating result from the authorization information that receives;
The SKEY that the safety chip use oneself is preserved and the random number of reception are carried out CAVE and are calculated an authenticating result;
Whether two authenticating result of safety chip comparison mate.
From technical scheme of the present invention as can be seen, owing to being provided with respectively at portable terminal and network side and having preserved identical SKEY, in the time need verifying to the fail safe of portable terminal, network side generates a random number, and use SKEY and this random number to generate authorization information, then this random number and authorization information are sent to portable terminal.Portable terminal judges according to the authorization information that receives whether the SKEY that the own SKEY that preserves and the network equipment are preserved mates, if it is own legal to determine, otherwise determines illegally own.After determining that oneself illegally, can portable terminal can not normally be used by modes such as outages.The people of unauthorized theft portable terminal is after obtaining portable terminal like this, if insert the UIM card of oneself, can cause final checking not passed through because the SKEY that the SKEY of this UIM card correspondence and this portable terminal are preserved is inconsistent, thereby the portable terminal of unauthorized theft can not normally be used.In this way, can improve the fail safe of portable terminal effectively.
In addition, the present invention can further be provided with " the machine card is bound mutually ", like this by above-mentioned portable terminal and a new KI (AKEY) and the Shared Secret Data (SSD) of network side preservation, if portable terminal uses clone's card like this, to can not pass through with the different authentications of DCRP card that make of AKEY of network side preservation with SSD owing to the AKEY on clone's card, Ke Long UIM card can not normally use like this, reach to prevent to clone the purpose that the UIM card uses.
The present invention can further be provided with password, when SKEY or cancellation being provided with of SKEY are set, require the user to input just executable operations of correct password, thereby having prevented further that the disabled user is provided with by cancellation SKEY reach normal use and steal the purpose of robbing portable terminal.In addition, if judge that by verification operation portable terminal of the present invention oneself is illegal, can require the user to input password, if the password of user's input is correct, can think that the user is a validated user, thereby provide more convenience, make that the present invention is easier to be able to practical application to validated user.
Description of drawings
Fig. 1 is an overview flow chart of the present invention;
Fig. 2 is the message flow chart that SKEY is set according to first embodiment of the invention;
Fig. 3 is provided with the message flow chart that the machine card is bound back cancellation binding mutually the user;
Fig. 4 is the flow chart that use SKEY according to the present invention authenticates network.
Embodiment
The present invention is described in detail below in conjunction with the drawings and specific embodiments.
Be provided with respectively and preserve consistent safe key SKEY in portable terminal and cdma network side in advance in the present invention.When the fail safe of needs checking portable terminal, for example behind mobile terminal-opening, portable terminal uses authorization information and the own authorization information that produces according to this SKEY of the corresponding SKEY of network side transmission to determine whether the state of oneself is legal, and verifying that mode such as take under the illegal situation for example to shut down stops the use of oneself, thereby make the people who illegally obtains portable terminal can not normally use portable terminal, therefore the motivation of illegally obtaining portable terminal, the fail safe that has improved portable terminal have effectively been eliminated.
Fig. 1 shows overview flow chart of the present invention, as shown in Figure 1, the present invention includes following steps:
Step 101 is provided with in the HLR/AC of portable terminal and cdma network side in advance and preserves SKEY that should portable terminal.Here, because HLR and AC often are integrated in the network equipment the therefore unified HLR/AC that is expressed as here.One skilled in the art will appreciate that HLR and AC come down to two different equipment, and can use in the present invention individually.
Step 102, in the time need verifying the fail safe of portable terminal, HLR/AC is according to generating authorization information to SKEY that should portable terminal, and this authorization information is sent to portable terminal.
Whether step 103, portable terminal mate according to the SKEY of this authorization information judgement oneself preservation and the SKEY that the network equipment is preserved, if determine that in step 104 state of oneself is legal after receiving authorization information; Otherwise the state of determining oneself in step 105 is illegal.
Here, determine that oneself state is legal and just show oneself that the active user of oneself is a validated user in other words by legal use.Oneself illegally used and determine that own state illegally just shows, the active user of oneself is a disabled user in other words, for example is that the robber robs the people of this portable terminal or obtains the people of this portable terminal from illegal channels.
In preferred embodiment of the present invention, a safety chip can be set in portable terminal, above-mentioned portable terminal setting and preserve SKEY and in this safety chip, be provided with and preserve SKEY, and the decision operation of step 103 also is to be compared and judged by this safety chip.
Below by the processing procedure of a specific embodiment description of step 101, just how in portable terminal and HLR/AC, to be provided with and to preserve SKEY.
As shown in Figure 2, in step 201, portable terminal sends a specific business operation sign indicating number (FEATURE CODE) to mobile switching center (MSC/VLR).This specific business operation sign indicating number is different from existing business operation sign indicating number, is used to represent to be provided with the business operation request of SKEY.Here because MSC and VLR often integrate the therefore unified herein MSC/VLR that is expressed as.
The specific transactions command code here can be * 7877, expression " terminal limits the use of this card ".Simultaneously portable terminal is recorded as switch value the value of representative " terminal limits the use of this card " in the deploy switch that sets in advance, and the deploy switch value is saved in the safety chip in the portable terminal.
In step 202, MSC/VLR analyzes this business operation sign indicating number, sends a business request information (FEATURE REQUEST) to HLR/AC.
In step 203, HLR/AC judges the business operation that SKEY will be set according to this business operation sign indicating number, produce the unique challenge random number (RANDU) of one 24 bit, use this RANDU and original Shared Secret Data (SSD) then, generate configuration information by a CAVE algorithm.The configuration information here comprises the authenticating result of unique challenge of 18 bits and the voice encryption mask of 520 bits, they is designated as AUTHU-1 and VPM-1 respectively here.After this, HLR/AC sends an authentication Indication message to MSC/VLR, comprises the authenticating result AUTHU-1 of unique challenge random number RA NDU and unique challenge in this message.
In step 204, MSC/VLR preserves the AUTHU-1 that receives, and sends a unique challenge request message to portable terminal then, comprises random number RA NDU in this request message.
In step 205, the portable terminal program of portable terminal sends to UIM with this RANDU and sticks into capable unique challenge and require to return the voice encryption mask behind the RANDU that receives from MSC/VLR.
In step 206, the UIM card use and step 203 in identical CAVE algorithm the RANDU and the SSD of reception calculated configuration information.The configuration information here comprises two parts equally, just as the authenticating result of the unique challenge of 18 bits of first configuration information with as the voice encryption mask of 520 bits of second configuration information, in order to distinguish mutually, they are designated as AUTHU-2 and VPM-2 respectively here with the configuration information that HLR/AC generates.Then above-mentioned AUTHU-2 and VPM-2 are sent to portable terminal.
In step 207, portable terminal sends to safety chip with VPM-2, and safety chip saves as safe key SKEY with 64 bits among the VPM-2, for example last 64 bits is saved as SKEY.Simultaneously, the safety chip initialization is used to represent the counter COUNTSK of terminal authentication network number of times, and its bit number is 14, and its initial value can be set to 0.
In step 208, portable terminal sends to MSC/VLR by the unique challenge response message with AUTHU-2.
In step 209, MSC/VLR compares AUTHU-1 and whether AUTHU-2 mates.Under the situation of the HLR/AC CAVE algorithm identical with use in the UIM card, just relatively whether AUTHU-1 is identical with AUTHU-2.Then, MSC/VLR is comparative result, just mates or do not match, and sends to HLR/AC by the authentication status report.
In step 210, HLR/AC returns authentication status report response message to MSC/VLR after receiving the authentication status report.
In step 211, HLR/AC judges according to authentication status report whether authentication is successful, if success, just comparative result is coupling, and in step 212, HLR/AC is with corresponding 64 bits among the VPM-1, for example also be last 64 bits, save as and the SKEY of this portable terminal correspondence.Initialization simultaneously is used to represent the counter COUNTSK of terminal authentication network number of times, and its bit number is 14, and its initial value can be set to 0.HLR/AC sends the service request response message to MSC/VLR then, and indication MSC is to the success of portable terminal prompting operation in this message.Simultaneously, the deploy switch value to should portable terminal that HLR/AC will set in advance is labeled as the value of representative " terminal limits the use of this card ", and with in the record that this deploy switch value is saved in the database and user data is associated.If the judgement failed authentication, in step 213, HLR/AC sends the service request response message to MSC/VLR, and indication MSC fails to the portable terminal prompting operation in this message.
In step 214, MSC/VLR gives user's playback by portable terminal, informs user's business operation success this time or failure, discharges this calling then.Certainly, can not playback also here, but notify the user by other modes such as short messages.
So far, SKEY being set promptly finishes.For case of successful, the safety chip in the portable terminal and the HLR/AC of network side have all preserved SKEY.For the situation of failure, HLR/AC can not preserve new SKEY, can carry out unique challenge failure of the prior art on the contrary and handle.In general, portable terminal can not normally use behind the failed authentication, and validated user can be got in touch the service provider and be solved this problem.
Further, in order to prevent to clone the use of card on the basis of the fail safe that improves portable terminal, the present invention has carried out certain modification to SKEY method to set up shown in Figure 2, below these is revised part and describes, and identical processing will be omitted herein.
In step 201, portable terminal sends a specific business operation sign indicating number * 7878 to MSC/VLR, expression " the machine card is bound mutually ".Simultaneously portable terminal is recorded as switch value the value of expression " the machine card is bound mutually " in the deploy switch that sets in advance, and the deploy switch value is saved in the safety chip in the portable terminal.
In step 207, the safety chip of portable terminal is except being provided with SKEY and COUNTSK, further with other 64 bits of VPM-2, for example have 64 bits altogether and save as the KI (AKEY) that network is used subscription authentication, substitute the AKEY in the UIM card the 65th to the 128th reciprocal reciprocal.In addition, portable terminal is for convenience of calculation, also the IMSI information with the UIM card is saved in safety chip, and all follow-up like this authorizing procedures will carry out in safety chip, and safety chip is preserved the AKEY that SKEY that the terminal authentication network uses and network authentication terminal are used simultaneously.
In step 211, HLR/AC is after the authentication success is judged in report according to authentication status, except SKEY and COUNTSK are set, further with other 64 bits of VPM-2, for example with reciprocal the 65th to reciprocal the 128th altogether 64 bits save as the AKEY that network is used subscription authentication, the AKEY that preserves is originally saved as AKEY-0 and wouldn't use.The deploy switch value to should portable terminal that HLR/AC will set in advance is labeled as the value of representative " the machine card is bound mutually ", with the value of the representative in the alternate figures 2 " terminal limits the use of this card ", and with in the record that this deploy switch value is saved in the database and user data is associated.
After this, HLR/AC uses new AKEY to initiate the shared secret data (SSD) update flow process of a standard, and portable terminal carries out at safety chip current shared secret data (SSD) update, and the new SSD that produces also is kept at safety chip.That subsequent network is used the authentication of terminal is SSD on the safety chip.
Preserve a new AKEY and SSD by the safety chip of above-mentioned portable terminal and the HLR/AC of network side, if portable terminal uses clone's card like this, to can not pass through with the different authentications of DCRP card that make of AKEY of network side preservation with SSD owing to the AKEY on clone's card, Ke Long UIM card can not normally use like this, reach to prevent to clone the purpose that the UIM card uses.
It all is to realize by the menu that the portable terminal program of selecting portable terminal provides that above-mentioned user is provided with " terminal limits the use of this card " and " the machine card is bound mutually ".In general, portable terminal can provide following menu: " password is set " and " binding machine and card ", and under " binding machine and card ", comprise following submenu: and " terminal limits the use of this card ", " the machine card is bound mutually " and " cancellation binding ".
When the user selected " password is set ", the user can be provided with user cipher.In the present invention, password can have two kinds, and a kind of is super code, can not be changed by portable terminal factory settings and user, another kind is aforesaid user cipher, can the user can change by the portable terminal program by initial value of portable terminal factory settings.Here the user to select " password is set " promptly be that to revise the initial password that has set in advance be the required user cipher of user, or a user cipher is set newly.Two kinds of passwords can be kept in the portable terminal in advance, preferably are kept in the safety chip.The checking by and oneself be under the situation of validated user really, the user imports super code or user cipher can normally use portable terminal.
In the present invention, password serves many purposes, to improve the fail safe of portable terminal.For example, portable terminal has changed other UIM card, and after neocaine was inserted in portable terminal shutdown back, portable terminal can point out the user to import user cipher.After the network registry success, portable terminal can point out the user to bind again, if the user binds, and the user cipher of then later starting shooting, shut down, make a phone call not need to import, otherwise each start all requires the user to input password.In addition, for the fail safe that therefore can not carry out less than network in the portable terminal connection improving portable terminal under the situation of checking of the present invention, can be before portable terminal is not having the zone start of signal or portable terminal to enter the zone that does not have signal also to receive network signal once more after surpassing the scheduled time under the both of these case, require the user to import user cipher, and under the correct situation of the password of user's input, the user just can normally use this portable terminal.
In general, user cipher is the numeral of 6-8 position, with convenient memory and change.Super code is then long, is at least more than 16.In addition, when the user passes through the menu setting user cipher, can further require the user to import super code, the portable terminal program just allows user's modification or user cipher is set under the correct situation of the super code of judging user's input.
When the user selects " terminal limits the use of this card ", the SKEY that starts as shown in Figure 2 is provided with flow process.When the user selects " the machine card is bound mutually ", the SKEY that starts aforesaid similar Fig. 2 is provided with flow process.In addition, the present invention may further include: if the user has selected " terminal limits the use of this card " or " the machine card is bound mutually ", can further require the user to import user cipher, and judge the correct flow process that SKEY is set of just carrying out afterwards of password of user's input.Here the user can import user cipher, also can import super code.
If the user is being provided with " terminal limits the use of this card " or " the machine card is bound mutually " afterwards, select " cancellation binding " again, verification operation of the present invention is no longer carried out.If what set in advance is " terminal limits the use of this card ", the deploy switch value that so only needs to revise in the safety chip gets final product.Specifically, the portable terminal program is after the instruction that receives the user, the indication safety chip is revised as sky with the deploy switch value, and safety chip is made amendment according to the indication of portable terminal program, thereby makes the deploy switch value change into a null value from " terminal limits the use of this card ".
If what the user set in advance is " the machine card is bound mutually ", same portable terminal program can indicate safety chip that the deploy switch value is revised as sky, and safety chip can be made amendment according to the indication of portable terminal program.In addition, portable terminal also can be initiated following flow process as shown in Figure 3.
In step 301, the portable terminal program sends specific business operation sign indicating number * 7870 to MSC/VLR after the order of the cancellation binding that receives the user.
In step 302, MSC/VLR analyzes this business operation sign indicating number, sends a business request information (FEATURE REQUEST) to HLR/AC.
In step 303, HLR/AC judges the business operation that will cancel binding according to this business operation sign indicating number, uses original AKEY-0 to replace current AKEY, sends the service request response message to MSC/VLR then.
In step 304, MSC/VLR gives user's playback by portable terminal, informs user's business operation success this time, discharges this calling then.Certainly, can not playback also here, but notify the user by other modes such as short messages.
After this, HLR/AC initiatively initiates the shared secret data (SSD) update flow process one time, and by this flow process, the UIM card in HLR and the portable terminal will be preserved new SSD.Can stick into capable authentication to the UIM of portable terminal according to existing authentication process flow process so afterwards.
Certainly can understand, if the user has selected " cancelling binding ", the portable terminal program can further require the user to import user cipher, and judges the correct flow process of just carrying out the cancellation binding afterwards of password of user's input.Here the user can import user cipher, also can import super code.
Below again in conjunction with the operation of Fig. 4 description of step 102 to 105.
In step 401, in the time need verifying the fail safe of portable terminal, portable terminal at first sends a location update request message to MSC/VLR.Here needing the situation that the fail safe of portable terminal is verified is to reach a particular state at portable terminal, for example behind the mobile terminal-opening, perhaps when portable terminal enters signal regional after being positioned at the zone that does not have signal for a long time, perhaps long-time continue start after.Here the time that is positioned at the zone that does not have signal can be set at 10 minutes, and the time that continues start can be set at 20 hours.
In addition, portable terminal can judge whether the deploy switch value in the safety chip represents " terminal limits the use of this card " or " the machine card is bound mutually ", if will carry out special processing to location update request message of the prior art.If the deploy switch value is empty, then location update request message of the prior art is not carried out special processing, will handle according to existing authentication process flow process like this, and not carry out the verification operation of portable terminal of the present invention network.
Specifically, in the prior art, network side can be broadcasted the random number (RAND) of 32 bits to portable terminal, portable terminal carries RAND in the location update request message that network sends a part, for example 8 bits, and Authentication Response authentication parameters such as (AUTHR).And portable terminal needs to carry out special processing in the operation that sends the position renewal to network here, and the purpose of special processing is to make authentication not pass through smoothly, thereby carries out the authentication processing of terminal of the present invention to network.
Above-mentioned special operation can be to fill in the new RANDC different with the part of the random number RA ND that broadcasts, and network side will think that RANDC does not match when authentication like this, thereby judges failed authentication.In addition, special operation can also be to lack parameter, perhaps fills in wrong AUTHR or the like.
In step 402, MSC/VLR is after the process location update request message of special processing that receives from portable terminal, carry out authentication, and judgement failed authentication, send failed authentication report (Authentication Failure Report) to HLR/AC then, and be with Report Type, for example RANDC does not match.
In step 403, after HLR/AC receives the failed authentication report, the audit report type, for example determine that RANDC does not match, check then whether the deploy switch value that sets in advance that should the user is represented " terminal limits the use of this card " or " the machine card is bound mutually ", if HLR/AC determines that local authentication is had further operation, thereby return failed authentication report response message to MSC/VLR, instruct MS C/VLR allows this access; If not, according to existing failed authentication flow processing.
In step 404, MSC/VLR allows the access of portable terminal, and accepts message to portable terminal transmission position renewal.
To 410, HLR/AC initiates the unique challenge flow process of a standard, is used to remedy this access and the user is not carried out authentication in step 405.The unique challenge flow process of the standard here is the content of prior art, and in common knowledge for those skilled in the art, the present invention is here no longer to its detailed description.
In step 411, HLR/AC is after the unique challenge success, generate the random number (RANDSK) of one 32 bit, and use SKEY and this RANDSK of being preserved corresponding to this portable terminal, generate the authenticating result AUTH of 18 bits by the CAVE algorithm, the value of the counter COUNTSK of the terminal authentication network that write down is lumped together constitute authentication calculations AUTHSK as a result again.Because COUNTSK is 14 bits, thereby AUTHSK is 32 bits.HLR/AC sends a point-to-point short message to MSC/VLR then.This short message has a specific identifier, the 0xFEFE of two bytes for example, and the content of this short message comprises RANDSK and AUTHSK.
In step 412, MSC/VLR sends to portable terminal with this point-to-point short message.
In step 413, portable terminal returns the point-to-point short message to MSC/VLR and confirms.In step 414, MSC/VLR sends the response of point-to-point short message to HLR/AC after the point-to-point short message confirmation that receives from portable terminal.
In step 415, portable terminal carries out special processing to the point-to-point short message that receives.Specifically, check the special identifier of this short message, therefrom extract RANDSK and AUTHSK then.Portable terminal sends to safety chip with RANDSK and AUTHSK then.
In step 416, safety chip parses COUNTSK from AUTHSK, and relatively whether the COUNTSK of this COUNTSK and own preservation satisfies predetermined condition then, and for example whether two values are enough approaching, and the absolute value of difference that requires two values here is less than 2.If undesirable, then refuse the data that this is received.If safety chip receives RANDSK and AUTHSK in the given time once more, so safety chip will be once more execution in step 416, till meeting the requirements or reaching scheduled time portable terminal outage.If meet the requirements, then execution in step 417.
Here need to prove that safety chip receives after the RANDSK and AUTHSK from network side at every turn, will add 1 the COUNTSK that oneself preserves.In addition, the HLR/AC of network side after MSC/VLR sends RANDSK and AUTHSK, also can add 1 to the COUNTSK that oneself preserves at every turn.
In step 417, safety chip uses RANDSK that receives and the SKEY that oneself preserves to use identical CAVE algorithm to obtain the authenticating result AUTH of 18 bits, then the AUTH among AUTH that obtains and the AUTHSK that is received from portable terminal is compared, judge whether the two mates, if, decision verification passes through, and allows terminal normally to use.Use the COUNTSK that receives to upgrade the COUNTSK that oneself preserves simultaneously.If the two does not match, then decision verification does not pass through, the outage of safety chip control this moment portable terminal, thus portable terminal can not normally be used.
Above-mentioned is a processing procedure that concrete portable terminal utilizes SKEY that network is authenticated.Wherein after step 417 decision verification did not pass through, portable terminal can further point out the user to input password, and judged whether the password of user's input is correct, if correct, allowed the user to use this portable terminal, otherwise the outage of safety chip control portable terminal.The password here can be kept in the portable terminal in advance, preferably is kept in the safety chip.When pointing out the user to input password here, the user can import any one in super code and the user cipher.
Because concrete verification operation of the present invention carries out on safety chip, safety chip can be provided with a time period of finishing verification operation, and behind mobile terminal-opening, safety chip promptly picks up counting.If be proved to be successful in this time period, safety chip allows portable terminal normally to use.If through still not being proved to be successful after this time period, the power supply of safety chip turning-off mobile terminal makes the portable terminal shutdown and can't use.
Further, the present invention can be provided with encryption and decryption functions, for example the telephone number information preserved in the portable terminal or short message etc. can be encrypted, only after safety chip is proved to be successful, just allow deciphering, can further ensure the fail safe of the data information of portable terminal stored like this.
By Fig. 2 and processing shown in Figure 4, owing to being provided with respectively at portable terminal and network side and having preserved identical SKEY, in the time need verifying to the fail safe of portable terminal, network side generates a random number, and use SKEY and this random number to generate authorization information, then this random number and authorization information are sent to portable terminal.Portable terminal generates authorization information equally according to the SKEY of the random number that receives and oneself preservation, and relatively whether the two is consistent, if it is own legal to determine, otherwise definite own illegal.After determining that oneself illegally, can portable terminal can not normally be used by modes such as outages.The people of unauthorized theft portable terminal is after obtaining portable terminal like this, if insert the UIM card of oneself, can cause final checking not passed through because the SKEY that the SKEY of this UIM card correspondence and this portable terminal are preserved is inconsistent, thereby the portable terminal of unauthorized theft can not normally be used.In this way, can improve the fail safe of portable terminal effectively.
Be appreciated that above-mentioned specific embodiment only is the displaying to spirit of the present invention, rather than restriction.

Claims (26)

1. the security of mobile terminal verification method in the Code Division Multiple Access (CDMA) network comprises at least:
A. in the network equipment of portable terminal and cdma network, be provided with and preserve corresponding to safe key SKEY that should portable terminal and deploy switch is set and mark is represented the deploy switch value of safeguard protection type;
When needing that b. portable terminal carried out security verification, after portable terminal was confirmed the deploy switch value, the described network equipment was according to generating authorization information to SKEY that should portable terminal, and this authorization information is sent to portable terminal;
C. whether the portable terminal SKEY to should portable terminal that judges according to the authorization information that is received from the network equipment that the own SKEY that preserves and the network equipment preserve mates, if judge that oneself is legal; Otherwise judge own illegal.
2. method according to claim 1 is characterized in that, in the portable terminal and the network equipment SKEY is set among the step a and comprises:
A1. portable terminal sends the request message that SKEY is set to the network equipment;
A2. the network equipment produces a random number, generates configuration information according to this random number, and this random number is sent to portable terminal;
A3. portable terminal uses this random number to generate configuration information, obtain SKEY and preserve according to this configuration information, and the configuration information of using this random number to generate portable terminal sends to the network equipment;
A4. the network equipment obtains SKEY according to the configuration information that oneself generates and preserves when two configuration informations are consistent.
3. method according to claim 2 is characterized in that, the described network equipment is attaching position register/HLR/AC of AUC, and step a1 comprises:
The mobile switching center MSC/VLR of portable terminal in cdma network sends the specific transactions command code that a conduct is provided with the request message of SKEY;
MSC/VLR analyzes this business operation sign indicating number, sends a business request information to HLR/AC then;
The network equipment comprises according to this random number generation configuration information among the step a2: the network equipment uses this random number and original Shared Secret Data SSD to generate first configuration information and second configuration information by the CAVE algorithm;
The network equipment sends to portable terminal with random number and comprises among the step a2: HLR/AC sends an authentication Indication message to MSC/VLR, comprises the described random number and first configuration information in this message; MSC/VLR preserves first configuration information that receives, and sends a unique challenge request message that comprises this random number to portable terminal then;
Portable terminal comprises according to this random number generation configuration information among the step a3: portable terminal uses this random number and original Shared Secret Data SSD to generate the 3rd configuration information and the 4th configuration information by the CAVE algorithm;
Obtain SKEY and preserve comprising according to this configuration information among the step a3: portable terminal obtains SKEY and preserves this SKEY according to the 4th configuration information;
Among the step a3 configuration information being sent to the network equipment comprises: portable terminal sends to MSC/VLR by the unique challenge response message with the 3rd configuration information, MSC/VLR compares first configuration information and whether the 3rd configuration information mates, and comparative result is sent to HLR/AC by the authentication status report;
The network equipment obtains SKEY and preserve comprising according to the configuration information that oneself generates when two configuration informations are consistent among the step a4: HLR/AC judges whether the authentication status report shows the comparative result coupling, if second configuration information that generates according to oneself obtains SKEY and preserves; Otherwise do not preserve SKEY.
4. method according to claim 3, it is characterized in that, described portable terminal further comprises a safety chip and a Subscriber Identity Module UIM card, and portable terminal uses this random number and original Shared Secret Data SSD generates the 3rd configuration information by the CAVE algorithm and the 4th configuration information comprises among the step a3:
The portable terminal program sends to the UIM card with the random number that receives, and requires to carry out unique challenge and return configuration information;
The UIM card uses the CAVE algorithm that random number and the original SSD that receives calculated the 3rd configuration information and the 4th configuration information, then the 3rd configuration information and the 4th configuration information is sent to the portable terminal program;
Portable terminal obtains SKEY according to the 4th configuration information and preserve this SKEY comprising among the step a3: the portable terminal program sends to safety chip with the 4th configuration information, and safety chip generates SKEY according to the 4th configuration information and preserves.
5. according to claim 3 or 4 described methods, it is characterized in that described first configuration information and the 3rd configuration information are the authenticating result of unique challenge, described second configuration information and the 4th configuration information are the voice encryption masks; Described HLR/AC according to second configuration information obtain SKEY for 64 bits of the same position of voice encryption mask as SKEY; It is that 64 bits with the same position of voice encryption mask are as SKEY that described portable terminal generates SKEY according to the 4th configuration information.
6. method according to claim 5, it is characterized in that, the described deploy switch that is provided with in portable terminal is in step a1, a deploy switch is set in the safety chip of portable terminal, the described deploy switch that is provided with in the network equipment is in step a4, and a deploy switch is set in HLR/AC.
7. method according to claim 6 is characterized in that, described safeguard protection type is that terminal limits the use of this card; The specific transactions command code that described portable terminal sends to MSC/VLR is the business operation sign indicating number of expression " terminal limits the use of this card ".
8. method according to claim 7 is characterized in that, further comprises the operation of cancellation binding after step a4, and the operation of described cancellation binding comprises: the value of the deploy switch in the portable terminal safety chip is set to sky.
9. method according to claim 6 is characterized in that, described safeguard protection type is that the machine card is bound mutually; The specific transactions command code that described portable terminal sends to MSC/VLR is the business operation sign indicating number of expression " the machine card is bound mutually "; Step a3 further comprises: safety chip saves as KI AKEY with other 64 bits except 64 bits that save as SKEY of voice encryption mask, and further comprises the IMSI International Mobile Subscriber Identity IMSI information of preserving the UIM card;
Step a4 further comprises: HLR/AC saves as AKEY with 64 bits of voice encryption mask, position as 64 bits of the voice encryption mask of AKEY in the position of described 64 bits and the safety chip is identical, and original AKEY saved as AKEY-0, HLR/AC uses the new AKEY that preserves to initiate the shared secret data (SSD) update flow process of a standard, and portable terminal carries out shared secret data (SSD) update and preserves the SSD that upgrades at safety chip.
10. method according to claim 9 is characterized in that, further comprises after step a4: HLR/AC uses new AKEY to initiate the shared secret data (SSD) update flow process, and safety chip upgrades SSD.
11. method according to claim 9 is characterized in that, further comprises the operation of cancellation binding after step a4, the operation of described cancellation binding comprises:
The value of the safety chip deploy switch of portable terminal is set to sky, and sends the business operation sign indicating number of expression cancellation bindings to MSC/VLR;
MSC/VLR analyzes this business operation sign indicating number, sends a business request information to HLR/AC;
HLR/AC uses original AKEY-0 to replace current AKEY, initiates the shared secret data (SSD) update flow process then, and the UIM card is preserved new SSD.
12. according to Claim 8 or 11 described methods, it is characterized in that, further comprised before carrying out the cancellation bindings: portable terminal prompting user inputs password, and judges whether the password of user's input is correct, if carry out and cancel bindings; Otherwise do not carry out the cancellation bindings.
13. according to claim 3 or 11 described methods, it is characterized in that, after step a4, further comprise:
HLR/AC sends the service request response message to MSC/VLR, and MSC/VLR informs the user result of business operation this time by portable terminal after receiving described service request response message, discharges this calling then.
14. method according to claim 2 is characterized in that, further comprises before step a1: portable terminal prompting user inputs password, and judges whether the password of user's input is correct, if, execution in step a1; Otherwise execution in step a1 not.
15. method according to claim 1, it is characterized in that, the network equipment comprises according to SKEY that should portable terminal is generated authorization information among the step b: the network equipment generates a random number, and use to preserve corresponding to the SKEY of this portable terminal and the random number that generated by calculating a result of calculation, be verified information according to result of calculation then; The network equipment further sends described random number among the step b when portable terminal sends authorization information;
Portable terminal is judged whether two SKEY mate and comprised among the step c: portable terminal is resolved the authorization information that receives and is obtained a result of calculation, use SKEY that oneself preserves and the random number that is received from the network equipment to obtain a result of calculation by corresponding calculated then, relatively whether two result of calculations mate.
16. method according to claim 15 is characterized in that, the described network equipment is attaching position register/HLR/AC of AUC, and the network equipment comprises to portable terminal transmission authorization information and random number among the step b:
The point-to-point short message that HLR/AC will comprise random number and authorization information sends to MSC/VLR; MSC/VLR should send to portable terminal by point-to-point short message.
17. method according to claim 16 is characterized in that, the described point-to-point short message that comprises random number and authorization information has a specific identifier.
18. method according to claim 16, it is characterized in that, this method further is included in a counter that is used to represent mobile terminal authentication network number of times is set among the HLR/AC, and HLR/AC adds 1 to Counter Value after this portable terminal is produced one-time authentication information;
Describedly calculate result of calculation according to SKEY and random number and comprise: SKEY and random number are carried out CAVE calculate an authenticating result; Describedly be verified information according to result of calculation and comprise: with the authenticating result that obtains be used to represent that the Counter Value of the number of times of mobile terminal authentication network combines the formation authorization information; Described portable terminal is resolved the authorization information that receives and obtained a result of calculation and comprise: portable terminal extracts authenticating result from authorization information; Described portable terminal uses the own SKEY that preserves to obtain a result of calculation with the random number that is received from the network equipment by corresponding calculated to comprise: SKEY and random number are carried out CAVE calculate an authenticating result.
19. method according to claim 18, it is characterized in that, described portable terminal further comprises a safety chip, described SKEY is provided with and is kept on this safety chip, described portable terminal uses the SKEY that oneself preserves to carry out CAVE with the random number that is received from the network equipment and calculates an authenticating result, extract authenticating result from authorization information, whether two authenticating result of comparison mate comprises:
Random number and authorization information that the portable terminal program will be received from MSC/VLR send to safety chip;
Safety chip extracts authenticating result from the authorization information that receives;
The SKEY that the safety chip use oneself is preserved and the random number of reception are carried out CAVE and are calculated an authenticating result;
Whether two authenticating result of safety chip comparison mate.
20. method according to claim 19 is characterized in that, this method further is included in a counter that is used to represent mobile terminal authentication network number of times is set on the safety chip, and safety chip whenever carries out an authentication operation Counter Value is added 1;
Extract authenticating result and calculate between the authenticating result at safety chip and further comprise: safety chip parses Counter Value from authorization information, and relatively whether this Counter Value meets pre-provisioning request with the Counter Value of oneself preserving, if carry out the SKEY of use oneself preservation and the random number of reception and carry out the step that CAVE calculates an authenticating result; Otherwise the data of rejecting.
21., it is characterized in that the described network equipment is attaching position register/HLR/AC of AUC according to claim 1 or 15 described methods, portable terminal described in the step b confirms that the deploy switch value comprises:
Portable terminal confirms that the deploy switch value is not empty;
After portable terminal is confirmed the deploy switch value among the step b, carry out the network equipment according to the step that SKEY that should portable terminal is generated authorization information before this method further comprise: portable terminal carries out mistake processing to the parameter of position updating request, then to position updating request that comprises wrong parameter of mobile switching center MSC/VLR transmission;
MSC/VLR sends the failed authentication report and attaches Report Type to HLR/AC after receiving the position updating request that comprises wrong parameter;
HLR/AC audit report type determines that the deploy switch value representation terminal that sets in advance limits the use of Ben Ka or the machine card is bound mutually, returns failed authentication report response message to MSC/VLR, and instruct MS C/VLR allows this access; MSC/VLR sends the position renewal to portable terminal and accepts message;
HLR/AC initiates the unique challenge handling process of standard.
22. method according to claim 21, it is characterized in that, described parameter to position updating request is carried out mistakeization and is treated to: fill in the different new random number of a part of the random number of broadcasting with network side, perhaps fill in wrong Authentication Response parameter, perhaps remove one or more parameters.
23. method according to claim 1 is characterized in that, this method comprises that further portable terminal is provided with a time period that is used to verify network, if through the checking still not success of this time period to network, portable terminal is directly judged own illegal.
24., it is characterized in that judge that at portable terminal oneself further comprises after illegal: portable terminal directly shuts down according to claim 1 or 23 described methods.
25. method according to claim 24 is characterized in that, further comprises before the portable terminal shutdown: portable terminal prompting user inputs password, and judges whether the password of user's input is correct, if portable terminal allows own operate as normal; Otherwise carry out the operation of shutdown.
26. method according to claim 25, it is characterized in that, at the encryption and decryption switch that further is provided with the fail safe that is used to ensure the data information of storing on the portable terminal on the portable terminal, judge own legal or portable terminal allows further to comprise own operate as normal after at portable terminal: open described encryption and decryption switch, permission is encrypted or decryption oprerations the data information of storing on the mobile data.
CNB2004101034707A 2004-12-28 2004-12-28 Method for validating security of mobile terminal in CDMA network Expired - Fee Related CN100441036C (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CNB2004101034707A CN100441036C (en) 2004-12-28 2004-12-28 Method for validating security of mobile terminal in CDMA network
PCT/CN2005/002340 WO2006069536A1 (en) 2004-12-28 2005-12-28 A validating method of mobile terminal security in cdma network

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CNB2004101034707A CN100441036C (en) 2004-12-28 2004-12-28 Method for validating security of mobile terminal in CDMA network

Publications (2)

Publication Number Publication Date
CN1798437A CN1798437A (en) 2006-07-05
CN100441036C true CN100441036C (en) 2008-12-03

Family

ID=36614502

Family Applications (1)

Application Number Title Priority Date Filing Date
CNB2004101034707A Expired - Fee Related CN100441036C (en) 2004-12-28 2004-12-28 Method for validating security of mobile terminal in CDMA network

Country Status (2)

Country Link
CN (1) CN100441036C (en)
WO (1) WO2006069536A1 (en)

Families Citing this family (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101577907B (en) * 2009-06-02 2011-12-07 中兴通讯股份有限公司 Method and device for managing mobile terminal
CN101635920B (en) * 2009-08-19 2012-07-04 中兴通讯股份有限公司 Service providing client terminal, wireless terminal and binding realizing method
AR084155A1 (en) 2011-12-05 2013-04-24 Inst Tecnologico De Buenos Aires DEVICE AND METHOD FOR THE SECURE TRANSMISSION OF DATA ON CHANNELS Z BY CDMA
CN104243152B (en) * 2013-06-06 2018-01-12 中国银联股份有限公司 Security information interaction system, apparatus and method
US20240167491A1 (en) * 2022-11-21 2024-05-23 Angelo Seminara Novel internal pressure monitoring system for pipes

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JPH05327693A (en) * 1990-12-17 1993-12-10 Nippon Telegr & Teleph Corp <Ntt> Authentication method in digital mobile communication
US5933773A (en) * 1996-05-13 1999-08-03 Telefonaktiebolaget Lm Ericsson Method and a device for mobile telephone supervision
JP2000276247A (en) * 1999-03-26 2000-10-06 Mitsubishi Electric Corp Portable terminal security system and portable terminal
JP2001186565A (en) * 1999-12-24 2001-07-06 Nec Saitama Ltd Mobile terminal authentication system
WO2001076134A1 (en) * 2000-03-31 2001-10-11 Nokia Corporation Authentication in a packet data network
JP2003258794A (en) * 2002-03-04 2003-09-12 Nec System Technologies Ltd Security system for mobile

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1395407A (en) * 2001-07-05 2003-02-05 致福股份有限公司 Mobile telephone burglary-resisting design and its operation method
CN1204773C (en) * 2001-12-28 2005-06-01 光宝科技股份有限公司 Method for locking user's identification card and mobile telephone by using short message
CN1455609A (en) * 2003-05-19 2003-11-12 海信集团有限公司 Automatic assistant-searching and closing method for mobile phone

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JPH05327693A (en) * 1990-12-17 1993-12-10 Nippon Telegr & Teleph Corp <Ntt> Authentication method in digital mobile communication
US5933773A (en) * 1996-05-13 1999-08-03 Telefonaktiebolaget Lm Ericsson Method and a device for mobile telephone supervision
JP2000276247A (en) * 1999-03-26 2000-10-06 Mitsubishi Electric Corp Portable terminal security system and portable terminal
JP2001186565A (en) * 1999-12-24 2001-07-06 Nec Saitama Ltd Mobile terminal authentication system
WO2001076134A1 (en) * 2000-03-31 2001-10-11 Nokia Corporation Authentication in a packet data network
JP2003258794A (en) * 2002-03-04 2003-09-12 Nec System Technologies Ltd Security system for mobile

Also Published As

Publication number Publication date
CN1798437A (en) 2006-07-05
WO2006069536A1 (en) 2006-07-06

Similar Documents

Publication Publication Date Title
US8909193B2 (en) Authentication method
US7236598B2 (en) Systems and methods for communication protection
US7024226B2 (en) Method for enabling PKI functions in a smart card
US20040005912A1 (en) Method of locking a mobile telecommunications terminal
US20080003980A1 (en) Subsidy-controlled handset device via a sim card using asymmetric verification and method thereof
CN102930188A (en) Screen unlocking method and device as well as terminal
CN100385983C (en) Key setting method
US20120149331A1 (en) Method and system for remote control of smart card
CN101960738A (en) Method and system of providing personal information control service for mobile communication terminal
JP2007519308A (en) Application authentication method
JPH09187081A (en) Method for security for use of terminal equipment in cellular radio communication system
CN103793960A (en) Method for mobile key service
CN101521886A (en) Method and device for authenticating terminal and telecommunication smart card
CN101841814B (en) Terminal authentication method and system
WO2013182103A2 (en) Encryption and decryption terminal and encryption and decryption method applied to same
CN100466806C (en) Right discriminating method between mobile terminal and network equipment
CN1705263B (en) Validity verification method of mobile terminal user and mobile terminal thereof
CN100441036C (en) Method for validating security of mobile terminal in CDMA network
US8121580B2 (en) Method of securing a mobile telephone identifier and corresponding mobile telephone
CA2343180C (en) Method for improving the security of authentication procedures in digital mobile radio telephone systems
CN107750470A (en) Replace the method for at least one parameters for authentication for certification safety element and corresponding safety element
CN100388835C (en) Method of identifying legalness of mobile terminal user
CN103379478A (en) Control method, control system, client terminal and server
CN100518056C (en) Method for producing user card authentication random number of network apparatus and authentication method
WO2011144129A2 (en) Machine-card interlocking method, user identity model card and terminal

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant
C17 Cessation of patent right
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20081203

Termination date: 20121228