CN100459799C - Control system and control method for terminal to use network - Google Patents
Control system and control method for terminal to use network Download PDFInfo
- Publication number
- CN100459799C CN100459799C CNB2005101009131A CN200510100913A CN100459799C CN 100459799 C CN100459799 C CN 100459799C CN B2005101009131 A CNB2005101009131 A CN B2005101009131A CN 200510100913 A CN200510100913 A CN 200510100913A CN 100459799 C CN100459799 C CN 100459799C
- Authority
- CN
- China
- Prior art keywords
- terminal
- network
- terminal equipment
- authentication information
- user
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/06—Authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/08—Access security
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/60—Context-dependent security
- H04W12/69—Identity-dependent
- H04W12/72—Subscriber identity
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Telephonic Communication Services (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
The system at least comprises: a network switch center that can receive the logon from the terminals and a terminal device identification center intercommunicating with said network switch center. The authentication information of network subscription user is pre-stored in the terminal device identification center; the network switch center receives the logon information from terminal device, and sends the request message for requesting the authentication information about the user to the terminal device identification center, and according to the returned message decides if its access is permitted.
Description
Technical field
The present invention relates to the security fields in the mobile communication, specifically, relate to control system and control method thereof that a kind of terminal is used network.
Background technology
In mobile communication, adopt device identification number to come portable terminal is managed.For example, (Public land Mobile Network is provided with a functional unit in PLMN), is called equipment identity register (Equipment Identity Register at the public land mobile radio communication, EIR), mainly be in charge of the device identification of portable terminal in the network.This device identification is meant International Mobile Station Equipment Identification (IMEI) in the GSM network, and this device identification is meant Electronic Serial Number (ESN) in cdma network.Following is that example is narrated with the GSM network.
IMEI sign indicating number in the GSM network is the unique identification of a portable terminal, and can not changes, its main purpose be prevent unauthorized (as, stolen or have fault to authenticate without model) mobile device in network, use.
In equipment identity register, store the tablet menu of three kinds of Terminal Equipment Identifiers: white list, blacklist and gray list.What store in the white list is the terminal iidentification that allow to use network, and what store in the blacklist is the terminal iidentification that does not allow to use network, and whether what store in the gray list is that network may need to follow the tracks of or the terminal iidentification of other processing, allow to use to be determined by operator.
Network can (comprise in access or the calling procedure) when needing arbitrarily, the inspection of IMEI is carried out in requirement to portable terminal, if it is illegal number (as in blacklist or not in white list) that equipment identity register returns this terminal IMEI, then refuses this portable terminal and use network.Fig. 1 has shown in a kind of mobile network commonly used (as the GSM network) reference model, the position at this equipment identity register place.In this GSM network reference model, mainly comprise the structure of three parts: subsystem (OSS) is supported in base station sub-system (BSS), networking subsystem (NSS) and operation.Wherein, comprise a plurality of base transceiver stations (BTS) and base station controller (BSC) in the base station sub-system again; Comprise mobile services switching centre (MSC), Visitor Location Register (VLR), homing user position register (HLR), AUC (AUC), operation maintenance center (OMC) and mobile device identification register (EIR) in the subsystem of networking; Operation supports subsystem to comprise network management center (NMC), Data Post Processing System (DPPS), security management center (SEMC) and the Subscriber Identity Module center (PCS) that individualizes.Wherein, portable terminal can carry out alternately with base transceiver station as travelling carriage (MS); Mobile services switching centre can connect public data network (PDN), public telephone network (PSTN), Integrated Service Digital Network.
At present, have the situation of some unauthorized users use networks, as after portable terminal is stolen, appropriator generally can be reused this portable terminal (because Virtual network operator is not carried out checking to the IMEI sign indicating number of portable terminal when the user-network access) by the method for changing card.
The use network that has also occurred certain methods undelegated to prevent (following is that example describes with stolen terminal) portable terminal now: for example, in existing a kind of method, need administrative staff to be provided with to the white list in the equipment identity register, blacklist and gray list.The user registers its stolen terminal to the administrative center of equipment identity register, with the IMEI sign indicating number adding blacklist of stolen terminal, thereby reaches the purpose that stops this stolen terminal to reuse network.When the user registers with this stolen terminal or makes a call, mobile switching centre (MSC) and Visitor Location Register (VLR) can be to mobile station terminal (as mobile phone) request IMEI, and the IMEI sign indicating number that this is asked sent to equipment identity register, equipment identity register is with the IMEI sign indicating number and white inventory received, number in black inventory and the grey inventory compares, comparative result is sent to Mobility Center (MSC)/Visitor Location Register (VLR), whether MSC/VLR allows this mobile station equipment access network according to result's decision relatively, perhaps can follow the trail of the relevant information (such as positional information) of this terminal.
In this kind method, the original user who needs terminal after terminal is stolen is to the registration of equipment identity register administrative center, stolen terminal is artificially added blacklist after, network could stop stolen terminal to reuse network.If the user does not go or temporarily can't go the registration of equipment identity register administrative center after losing terminal, appropriator still can use stolen terminal (user of stolen terminal generally can just use this terminal after changing card) after changing card, uses network so existing this method still can not prevent unauthorized terminal (as change behind the card stolen terminal) fully, in time.
Summary of the invention
Technical problem to be solved by this invention is, can not stop the unauthorized terminal to use the deficiency of network in the existing network completely effectively for solving, and provide a kind of terminal to use the control system and the method for network, when network is used in the attempt of unauthorized terminal, network can detect this unauthorized terminal automatically, and can stop it to use network.
The technical scheme that the present invention is adopted for its technical problem of solution is: provide a kind of terminal to use the control system of network, but in this network, include the network switch of receiving terminal registration at least, further include and the mutual terminal equipment of this network switch identification center, this terminal equipment identification center is used for storing in advance the contracting terminal user's of network authentication information; Described network switch is used for the receiving terminal user's registration information, according to the Terminal Equipment Identifier in the log-on message of this terminal, this terminal use's authentication information to terminal equipment identification center requests, and, determine whether this terminal can be allowed to access this network according to described terminal equipment identification center return results.
Use in the control system of network in terminal of the present invention, the user authentication information of described contracting terminal comprises: Terminal Equipment Identifier, subscription network are distributed to user's network identity and terminal verification authentication information, and described terminal verification authentication information is the verification password or has the information of biological characteristic.
Use in the control system of network in terminal of the present invention, be provided with the blacklist of the Terminal Equipment Identifier that is used to deposit all terminals that does not allow access network in the identification of described terminal equipment in the heart, then described terminal equipment identification center is used for also judging that whether described Terminal Equipment Identifier is at described blacklist, if this Terminal Equipment Identifier is in the blacklist at terminal equipment identification center, then terminal equipment identification center return messages are given network switch, network switch stops this accessing terminal to network according to this message, if this Terminal Equipment Identifier returns the user authentication information of described terminal to described network switch not in the blacklist at terminal equipment identification center.
Use in the control system of network in terminal of the present invention, described Terminal Equipment Identifier is IMEI sign indicating number or ESN sign indicating number.
Use in the control system of network in terminal of the present invention, the interface protocol between described network switch and the terminal equipment identification center is Map agreement, Diameter or Radius agreement.
Use in the control system of network in terminal of the present invention, described terminal is for supporting plug-in card and have the terminal of unique terminal iidentification that described plug-in card comprises SIM, USIM, ISIM card.
Use in the control system of network in terminal of the present invention, described network is PLMN network, NGN network, WCDMA network or CDMA2000 network.
The present invention also provides a kind of terminal to use the control method of network, comprising: (a) log-on message that sends of network switch receiving terminal includes the Terminal Equipment Identifier of this terminal at least in the described log-on message; (b) network switch is according to the described Terminal Equipment Identifier in this log-on message, it is carried out authentication, be stored in wherein the authentication information about this terminal in advance to terminal equipment identification center inquiry, described authentication information comprises that Terminal Equipment Identifier, subscription network distribute to user's network identity and terminal verification authentication information; (c) authentication information that returns according to terminal equipment identification center of network switch determines whether this terminal can be allowed to access this network.
Use in the control method of network in terminal of the present invention, described user authentication information comprises that Terminal Equipment Identifier, subscription network distribute to user's network identity and terminal verification authentication information.
Use in the control method of network in terminal of the present invention, described step (c) further comprises before: if this Terminal Equipment Identifier is in the blacklist at terminal equipment identification center, then terminal equipment identification center is returned a message and is given network switch, network switch stops this accessing terminal to network according to this message, the register flow path failure of described terminal; If this Terminal Equipment Identifier is not discerned in the blacklist at center at terminal equipment, execution in step (c).
Use in the control method of network in terminal of the present invention, described step (c) specifically comprises: (c1) described terminal equipment identification center user network sign and terminal verification authentication information corresponding with this terminal that will be stored in it sends network switch to; (c2) whether the user network that carries in the user network sign that transmits of network switch comparison terminal Equipment Identity Register and the endpoint registration information identifies consistent; If consistent, then this time terminal authentication passes through, and allows described accessing terminal to network; If inconsistent, change next step over to; (c3) network switch requires user's input terminal verification authentication information, and the terminal verification authentication information that itself and terminal equipment identification center are returned is compared; (c4) if the terminal verification authentication information that the terminal verification authentication information of user input and terminal equipment identification center are returned in the step (c3) is identical, then this time terminal authentication passes through; (c5) if the terminal verification authentication information that terminal verification authentication information that the user imports in the step (c3) and terminal equipment identification center are returned is inequality, then network switch stops this accessing terminal to network.
Use in the control method of network in terminal of the present invention, if in the step (c1), the user network that transmits at terminal equipment identification center is designated encryption, then further comprises the step that network switch is decrypted the user network sign of this encryption.
Use in the control method of network in terminal of the present invention, further comprise in step (c5): whether the number of times of judging the terminal verification authentication information of user's input reaches preset value; If do not reach preset value, change step (c3) over to; If reach preset value, then network switch stops this accessing terminal to network, and can select this Terminal Equipment Identifier is added in the blacklist at terminal equipment identification center.
Use in the control method of network in terminal of the present invention, further comprise in step (c5): described network switch adds this Terminal Equipment Identifier in the blacklist at described terminal equipment identification center.
Use in the control method of network in terminal of the present invention, described terminal verification authentication information is the verification password or has the information of biological characteristic.
Implement terminal of the present invention and use the control system and the control method thereof of network, has following beneficial effect: by in terminal equipment identification central store relevant information (Terminal Equipment Identifier into network termination being arranged in advance, network identity and terminal verification authentication information), when this terminal is carried out network registration, Terminal Equipment Identifier to this terminal, network identity and terminal verification authentication information compare with the relevant information that is stored in terminal equipment identification center, can detect the unauthorized terminal timely and effectively, prevent unauthorized terminal (as change behind the card stolen terminal) access network.
Description of drawings
Fig. 1 is the reference model schematic diagram of prior art mobile communications network;
Fig. 2 is the schematic diagram of the first embodiment of the present invention;
Fig. 3 is the schematic diagram of the second embodiment of the present invention;
Fig. 4 is the flow chart that terminal of the present invention is used the control method of network.
Embodiment
The invention provides a kind of terminal and use the control system and the control method thereof of network, when terminal attempt access network, whether network can detect this terminal automatically is the unauthorized terminal, if be the unauthorized terminal, then can stop it to use this network.
As shown in Figure 2, be the schematic diagram of the first embodiment of the present invention.Wherein, only be a kind of network of operator that schematically drawn.The terminal that arrives involved in the present invention, be meant the terminal that has unique Terminal Equipment Identifier and can obtain the network identity of operator's distribution, as have mobile phone, PDA, notebook computer and other terminal equipments of SIM (Subscriber Identity Module) card, USIM (universal subscriber identity module) card and ISIM (IMS Subscriber Identity Module) card etc., or even fixed terminal (as, the IMS terminal of next generation network).And described network is meant the mobile network, such as PLMN network (comprising GSM net and CDMA net), and be applicable to the next generation network (NGN) of TISPAN and International Telecommunication Association (ITU-T) definition and Wideband Code Division Multiple Access (WCDMA) (WCDMA) that 3GPP, 3GPP2 define, CDMA2000 network etc.Wherein, in the network of this operator, be provided with a network switch (only drawing among the figure one) at least, and be provided with a terminal equipment identification center.And network switch is meant calling that can process user and the entity that carries out authentication process (in the present invention, this network switch also can be other the functional entity that can carry out the session processing), wherein, terminal equipment identification center is a data bank in essence, it stores this Virtual network operator contracted user's authentication information in advance, it to the management of Terminal Equipment Identifier and EIR to the administrative class of Terminal Equipment Identifier seemingly, it also is provided with a blacklist, stores the Terminal Equipment Identifier that does not allow to insert this network in the blacklist the inside.Between network switch and the terminal equipment identification center is to send Query Information by, network switch to terminal equipment identification center alternately, and Equipment Identity Register is realized to network switch feedback Query Result.Wherein, the interface protocol between network switch and the terminal equipment identification center can be such as MAP, Diameter and Radius agreement etc.In addition, this terminal equipment center can be come the data of its inside is safeguarded by input unit.
Virtual network operator contracted user's authentication information is to be stored in advance in the terminal equipment identification in the heart.For example, when each user buys terminal, subscription network operator, and select by own or by the operator of this network its authentication information is delivered to terminal equipment identification center and register.The authentication information of registering at this moment, mainly includes: Terminal Equipment Identifier, subscription network are distributed to user's network identity and this terminal verification authentication information.Wherein Terminal Equipment Identifier can be stored in terminal equipment identification center (for example, when terminal is dispatched from the factory, to the registration of terminal equipment identification center) in advance.This terminal verification authentication information can be verification password or some other information that has a biological characteristic (user's a finger print information for example, idiograph's information, retinal information etc.), wherein commonly used with the verification password, if adopt the form of verification password, inform the user after can setting by operator earlier, also can set by user oneself, and the user can change this terminal verification password, this change can be that manual type or automated manner carry out, and manual type can adopt such as the business hall registration change to Virtual network operator or terminal equipment identification center; Automated manner can be, for example provides voice service to carry out voice by operator or terminal equipment identification center and dials in, and perhaps its WEB that provides service is carried out the register interface and changed.The user network that terminal equipment identification center is sent here operator identifies transparent storage, and this user network sign can be to encrypt through operator.
Among the above-mentioned embodiment shown in Figure 2, this terminal equipment identification center can be used for the terminal equipment in this carrier network is carried out authentication.As shown in Figure 3, be the schematic diagram of the second embodiment of the present invention, it is applicable to unifies authentication to all terminal equipments in the different carrier networks.This terminal equipment identification center is located at independently third party supervision department, for example can discern the center for the terminal equipment of setting up a unified management with a kind of network terminal in national or the whole world.Two carrier networks that only drawn among the figure the invention is not restricted to this.Similar with first embodiment, this terminal equipment identification center stores the authentication information of the terminal of all carrier networks in advance.
Principle of the present invention is summarized as follows: be provided with one and can discern the center with the terminal equipment of network switch in the carrier network, and store the contracting terminal user's of network authentication information in the heart in advance in this terminal equipment identification.When terminal when this network is initiated registration, network switch carries out authentication to this terminal, relevant information in the log-on message of this terminal and the authentication information that is stored in terminal equipment identification center are compared, to determine whether this terminal can be allowed to access this network.The registration that wherein said terminal is initiated to network comprises: when this terminal is used for the first time to the registration of network; When this terminal is started shooting at every turn to the registration of network; The perhaps in use regular registration to network (as initiating once registration to network) of this terminal every a few hours.
Below in conjunction with Fig. 4, flow chart of the present invention is elaborated.
In the present invention, at first need terminal use's authentication information is registered (can referring to top narration) to terminal equipment identification center.
In step S30, when a terminal is initiated when registration in network, network switch can obtain the Terminal Equipment Identifier (also carrying the network identity of this terminal in this log-on message) in the log-on message that terminal sends.
In step S31, this network switch sends this Terminal Equipment Identifier to terminal equipment identification center, and terminal equipment identification center judges that this Terminal Equipment Identifier is whether in its blacklist.
If step S31 judges that this Terminal Equipment Identifier is in its blacklist, then returning a message gives to network switch, network switch knows that according to this message this terminal equipment is in the row of blacklist, then carries out the registration failure flow process of step 35, stops this equipment to insert this network.
Need illustrate, for not having the terminal of registration not support this anti-theft feature in the heart in the terminal equipment identification, inquiry is carried out less than the processing of its Terminal Equipment Identifier strategy by operator, if only with regard to anti-theft feature, should successfully handle by terminal authentication, continue the normal registration flow process in the legacy network.
If step S31 judges that this Terminal Equipment Identifier is not in the blacklist at terminal equipment identification center, then in step S33, terminal equipment identification center is returned user network sign and the terminal verification authentication information corresponding with this terminal that are stored in it and is given network switch.
In step S34, whether the user network sign that the user network sign and the endpoint registration information of storing in the network switch comparison terminal Equipment Identity Register is reported up is consistent.If the user network sign of storage in the heart in the terminal equipment identification is that operator encrypted, then in network switch, also need to carry out corresponding decryption oprerations.
If it is consistent judging both among the step S34, then step goes to step S390, and this terminal authentication passes through.
If judge among the step S34 that both are inconsistent, then in step S36, require user's input terminal verification authentication information (as a verification password), in other embodiment, can require the user import other such as the information that comprises biological characteristic, as fingerprint, this needs described terminal to have the function of finger scan.
And in step S37, relatively whether the terminal verification authentication information that returns of terminal verification authentication information and the terminal equipment identification center of this user input is identical for this network switch.
If two terminal verification authentication informations are identical among the step S37, then go to step 390, renewal of registration flow process.
If two terminal verification authentication information differences among the step S37 judge whether in step S38 that then the user has imported the terminal verification authentication information of pre-determined number,, then go to the step that step S36 repeats comparison terminal verification authentication information if do not have.
If reached pre-determined number, then network switch can think that this terminal is illegal terminal, then can registration failure, then can select this Terminal Equipment Identifier is added in the blacklist at terminal equipment identification center (step S39).
The present invention is, utilize the blacklist at contrast terminal equipment identification center earlier, judge again whether consistent the user network sign from terminal equipment identification center identifies with the user network that endpoint registration is reported up, if it is inconsistent, then network switch requires terminal user input terminal verification authentication information, input is then terminal authentication success correctly, after the authentication success, continues follow-up normal register flow path; Otherwise failure.Allow the user to import several times terminal verification authentication information (for example three times), if all fail then this terminal is put into the blacklist (optional according to carrier policy) that terminal equipment is discerned the center.
The authentication information of setting terminal verification has herein been considered interim SIM, USIM, the ISIM card that has the user network sign of changing of user, or change for a long time but the situation of information in the heart in the terminal equipment identification that also do not upgrade in time, the user network sign of storage in the heart in the terminal equipment identification at this moment and the user network that endpoint registration is reported up identify inconsistent, but allow it to succeed in registration by terminal verification authentication information.
Above process can be after original endpoint registration flow process or before carry out, also can be merged in original register flow path.This terminal authentication process is only carried out when endpoint registration, does not influence continuing of user's normal call.
The present invention proposes one and general detect unauthorized terminal (as change behind the card stolen terminal) automatically and stop it to use the scheme of network, can prevent timely and effectively that the unauthorized terminal is connected into network by network.
Claims (14)
1, a kind of terminal is used the control system of network, includes the network switch of receiving terminal registration, it is characterized in that, described system further includes the terminal equipment identification center mutual with this network switch;
Described terminal equipment identification center is used for the user authentication information of the contracting terminal of storage networking;
Described network switch is used for the receiving terminal user's registration information, according to the Terminal Equipment Identifier in the described log-on message, to the user authentication information of the described terminal of described terminal equipment identification center requests, network identity or terminal verification authentication information that the subscription network in the user authentication information of returning according to described terminal equipment identification center is distributed to the user determine whether to allow described accessing terminal to network.
2, terminal as claimed in claim 1 is used the control system of network, it is characterized in that, the user authentication information of described contracting terminal comprises: Terminal Equipment Identifier, subscription network are distributed to user's network identity and terminal verification authentication information, and described terminal verification authentication information is the verification password or has the information of biological characteristic.
3, terminal as claimed in claim 1 is used the control system of network, it is characterized in that, also be provided with the blacklist of the Terminal Equipment Identifier that is used to store the terminal that does not allow access network in the described terminal equipment identification in the heart, then described terminal equipment identification center is used for also judging that whether described Terminal Equipment Identifier is at described blacklist, if this Terminal Equipment Identifier is in the blacklist at terminal equipment identification center, then terminal equipment identification center return messages are given network switch, network switch stops this accessing terminal to network according to this message, if this Terminal Equipment Identifier returns the user authentication information of described terminal to described network switch not in the blacklist at terminal equipment identification center.
4, use the control system of network as each described terminal of claim 1 to 3, it is characterized in that described Terminal Equipment Identifier is IMEI sign indicating number or ESN sign indicating number.
5, terminal as claimed in claim 4 is used the control system of network, it is characterized in that the interface protocol between described network switch and the terminal equipment identification center is Map agreement, Diameter or Radius agreement.
6, terminal as claimed in claim 5 is used the control system of network, it is characterized in that described network is PLMN network, NGN network, WCDMA network or CDMA2000 network.
7, a kind of terminal is used the control method of network, it is characterized in that, comprising:
(a) log-on message that sends of network switch receiving terminal includes the Terminal Equipment Identifier of described terminal in the described log-on message;
(b) described network switch to the user authentication information of the described terminal of terminal equipment identification center requests, carries out authentication to this terminal according to the described Terminal Equipment Identifier in this log-on message;
(c) subscription network in the user authentication information returned according to described terminal equipment identification center of described network switch is distributed to user's network identity or terminal verification authentication information, determines whether to allow described accessing terminal to network.
8, terminal as claimed in claim 7 is used the control method of network, it is characterized in that, described user authentication information comprises that Terminal Equipment Identifier, subscription network distribute to user's network identity and terminal verification authentication information.
9, terminal as claimed in claim 8 is used the control method of network, it is characterized in that, also be provided with the blacklist of the Terminal Equipment Identifier that is used to store the terminal that does not allow access network in the described terminal equipment identification in the heart, then step (c) further comprises before: described terminal equipment identification center judges that described Terminal Equipment Identifier is whether in described blacklist, if this Terminal Equipment Identifier is in the blacklist at terminal equipment identification center, then terminal equipment identification center is returned a message and is given network switch, network switch stops this accessing terminal to network according to this message, the register flow path failure of described terminal; If this Terminal Equipment Identifier is not discerned in the blacklist at center at terminal equipment, execution in step (c).
10, terminal as claimed in claim 8 is used the control method of network, it is characterized in that described step (c) specifically comprises:
(c1) described terminal equipment identification center user network sign and terminal verification authentication information corresponding with this terminal that will be stored in it sends network switch to;
(c2) whether the user network sign of carrying in described network switch comparison terminal Equipment Identity Register user network sign that transmits and the endpoint registration information that receives is consistent; If consistent, then this time terminal authentication passes through, and allows described accessing terminal to network; If inconsistent, change next step over to;
(c3) network switch requires user's input terminal verification authentication information, and the terminal verification authentication information that itself and terminal equipment identification center are returned is compared;
(c4) if the terminal verification authentication information that the terminal verification authentication information of user input and terminal equipment identification center are returned in the step (c3) is identical, then this time terminal authentication passes through;
(c5) if the terminal verification authentication information that terminal verification authentication information that the user imports in the step (c3) and terminal equipment identification center are returned is inequality, then network switch stops this accessing terminal to network.
11, terminal as claimed in claim 10 is used the control method of network, it is characterized in that, if in the step (c1), the user network that transmit at terminal equipment identification center is designated encryption, then further comprises the step that network switch is decrypted the user network sign of this encryption.
12, terminal as claimed in claim 10 is used the control method of network, it is characterized in that, further comprises in step (c5):
Whether the number of times of judging the terminal verification authentication information of user's input reaches preset value;
If do not reach preset value, change step (c3) over to;
If reach preset value, network switch stops this accessing terminal to network, and can select this Terminal Equipment Identifier is added in the blacklist at terminal equipment identification center.
13, terminal as claimed in claim 10 is used the control method of network, it is characterized in that described step (c5) further comprises: described network switch adds this Terminal Equipment Identifier in the blacklist at described terminal equipment identification center.
14, use the control method of network as each described terminal of claim 7 to 13, it is characterized in that described terminal verification authentication information is the verification password or has the information of biological characteristic.
Priority Applications (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNB2005101009131A CN100459799C (en) | 2005-10-31 | 2005-10-31 | Control system and control method for terminal to use network |
| PCT/CN2006/002908 WO2007051406A1 (en) | 2005-10-31 | 2006-10-30 | A control system and method for terminal using network and device therefore |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNB2005101009131A CN100459799C (en) | 2005-10-31 | 2005-10-31 | Control system and control method for terminal to use network |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN1874595A CN1874595A (en) | 2006-12-06 |
| CN100459799C true CN100459799C (en) | 2009-02-04 |
Family
ID=37484801
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CNB2005101009131A Active CN100459799C (en) | 2005-10-31 | 2005-10-31 | Control system and control method for terminal to use network |
Country Status (2)
| Country | Link |
|---|---|
| CN (1) | CN100459799C (en) |
| WO (1) | WO2007051406A1 (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104320412A (en) * | 2014-11-11 | 2015-01-28 | 福建联迪商用设备有限公司 | Bluetooth POS and safe Bluetooth POS connecting method and device |
Families Citing this family (12)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101132403B (en) * | 2007-08-08 | 2012-09-05 | 华为技术有限公司 | Business authorization method and its server |
| US9055511B2 (en) * | 2007-10-08 | 2015-06-09 | Qualcomm Incorporated | Provisioning communication nodes |
| CN101552999A (en) * | 2009-04-03 | 2009-10-07 | 厦门敏讯信息技术股份有限公司 | Method for realizing anti-false machine |
| CN101990204B (en) * | 2009-08-07 | 2014-03-26 | 中国移动通信集团公司 | Method and device for accessing service by using card inserted terminal |
| CN102056169A (en) * | 2009-11-05 | 2011-05-11 | 中兴通讯股份有限公司 | Method and system for preventing illegal terminal from accessing as well as terminal |
| CN102271314B (en) * | 2010-06-07 | 2015-04-01 | 中兴通讯股份有限公司 | Method and system for realizing terminal communication and method for realizing terminal position update |
| CN102651786A (en) * | 2011-02-25 | 2012-08-29 | 鸿富锦精密工业(深圳)有限公司 | Network telephone set and network telephone registering method |
| CN102523213B (en) * | 2011-12-13 | 2014-09-17 | 华为终端有限公司 | Server and terminal authenticating method and server and terminal |
| CN102638797B (en) | 2012-04-24 | 2016-08-03 | 华为技术有限公司 | Access the method for wireless network, terminal, access network node and authentication server |
| CN102833815A (en) * | 2012-08-21 | 2012-12-19 | 南京智达康无线通信科技股份有限公司 | AP (access point) accessing control method for AC (access controller) |
| CN108550366B (en) * | 2018-04-24 | 2021-04-06 | 青岛海尔科技有限公司 | Household appliance control method and device, readable storage medium and equipment |
| CN110851891B (en) * | 2019-11-08 | 2020-10-09 | 北京金茂绿建科技有限公司 | Method, device, system, equipment and medium for guaranteeing safety after terminal loss |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO1998011750A2 (en) * | 1996-09-11 | 1998-03-19 | Yang Li | Method of using fingerprints to authenticate wireless communications |
| CN1476265A (en) * | 2002-07-04 | 2004-02-18 | Lg电子株式会社 | Method of providing non legal mobile equipment subscriber information |
| CN1516503A (en) * | 2003-01-03 | 2004-07-28 | ��Ϊ��������˾ | Method for limiting illegal mobile telephone |
Family Cites Families (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| ITTO20020100A1 (en) * | 2002-02-06 | 2003-08-06 | Telecom Italia Lab Spa | SYSTEM FOR THE IDENTITY MANAGEMENT OF MOBILE STATIONS IN ROAMINGFRA RADIOMOBILE NETWORKS. |
| CN1549482B (en) * | 2003-05-16 | 2010-04-07 | 华为技术有限公司 | Method for realizing high rate group data service identification |
| US7702364B2 (en) * | 2004-02-20 | 2010-04-20 | Telefonaktiebolaget Lm Ericsson (Publ) | Method and apparatus to reduce mobile switching center involvement in packet data call support |
-
2005
- 2005-10-31 CN CNB2005101009131A patent/CN100459799C/en active Active
-
2006
- 2006-10-30 WO PCT/CN2006/002908 patent/WO2007051406A1/en active Application Filing
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO1998011750A2 (en) * | 1996-09-11 | 1998-03-19 | Yang Li | Method of using fingerprints to authenticate wireless communications |
| CN1476265A (en) * | 2002-07-04 | 2004-02-18 | Lg电子株式会社 | Method of providing non legal mobile equipment subscriber information |
| CN1516503A (en) * | 2003-01-03 | 2004-07-28 | ��Ϊ��������˾ | Method for limiting illegal mobile telephone |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104320412A (en) * | 2014-11-11 | 2015-01-28 | 福建联迪商用设备有限公司 | Bluetooth POS and safe Bluetooth POS connecting method and device |
Also Published As
| Publication number | Publication date |
|---|---|
| CN1874595A (en) | 2006-12-06 |
| WO2007051406A1 (en) | 2007-05-10 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN100459799C (en) | Control system and control method for terminal to use network | |
| CN100596084C (en) | Method for accessing IMS network to mobile circuit domain user and its registering method | |
| CN1969580B (en) | Security in a mobile communications system | |
| US8554912B1 (en) | Access management for wireless communication devices failing authentication for a communication network | |
| US8626708B2 (en) | Management of user data | |
| US7950045B2 (en) | Techniques for managing security in next generation communication networks | |
| CN101322428B (en) | Method and apparatus for distributing keying information | |
| US8369823B2 (en) | Method for legitimately unlocking a SIM card lock, unlocking server, and unlocking system for a SIM card lock | |
| CN100502551C (en) | Network and method for registration of mobile devices and management of the mobile devices | |
| US7570941B2 (en) | Method enabling detection of stolen mobile communication devices and systems thereof | |
| US9028577B2 (en) | Network adapted to manage different mobile telephony services | |
| EP2215747B1 (en) | Method and devices for enhanced manageability in wireless data communication systems | |
| Lin et al. | One-pass GPRS and IMS authentication procedure for UMTS | |
| CN101904188B (en) | Method and system for preventing use of stolen terminal through forced location re-registration | |
| EP3253092A1 (en) | Self provisioning of wireless terminals in wireless networks | |
| US20060205387A1 (en) | User authentication in a communications system | |
| CN101563944A (en) | IMSI handling system | |
| WO2007006118A1 (en) | Method and system to enable mobile roaming over ip networks and local number portability | |
| Rao et al. | Unblocking stolen mobile devices using SS7-MAP vulnerabilities: Exploiting the relationship between IMEI and IMSI for EIR access | |
| CN102318386A (en) | Service-based authentication to a network | |
| CN107835204A (en) | The security control of configuration file policing rule | |
| RU2515701C2 (en) | Method and system for accessing network element user services realising access gateway control function | |
| CN101990204B (en) | Method and device for accessing service by using card inserted terminal | |
| CN110324819A (en) | The management method and management server of vice card terminal | |
| US8559920B2 (en) | Method of checking access rights in a mobile radio system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant |